CN114513361B - Power distribution Internet of things based on block chain - Google Patents

Power distribution Internet of things based on block chain Download PDF

Info

Publication number
CN114513361B
CN114513361B CN202210143071.1A CN202210143071A CN114513361B CN 114513361 B CN114513361 B CN 114513361B CN 202210143071 A CN202210143071 A CN 202210143071A CN 114513361 B CN114513361 B CN 114513361B
Authority
CN
China
Prior art keywords
edge gateway
information
power terminal
authentication
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210143071.1A
Other languages
Chinese (zh)
Other versions
CN114513361A (en
Inventor
杨会轩
张瑞照
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Huake Information Technology Co ltd
Original Assignee
Beijing Huaqing Zhihui Energy Technology Co ltd
Shandong Huake Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Huaqing Zhihui Energy Technology Co ltd, Shandong Huake Information Technology Co ltd filed Critical Beijing Huaqing Zhihui Energy Technology Co ltd
Priority to CN202210143071.1A priority Critical patent/CN114513361B/en
Publication of CN114513361A publication Critical patent/CN114513361A/en
Application granted granted Critical
Publication of CN114513361B publication Critical patent/CN114513361B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The utility model discloses a distribution thing networking based on block chain, it includes edge gateway and electric terminal equipment as block chain node in order to construct the block chain, each edge gateway is used for receiving the target information that each electric terminal equipment in same distribution district sent in order to accomplish the registration, and generate first encryption ciphertext and second encryption ciphertext, generate the combination of target ciphertext based on first encryption ciphertext and second encryption ciphertext, and then combine the target ciphertext in block chain cochain in order to add the target information into the block chain, each edge gateway still is used for obtaining authentication data and obtaining first authentication data digest based on authentication data based on the authentication information that sends from electric terminal equipment to edge gateway, and extract the second digital digest from the block chain, based on first authentication data digest and the second digital digest in order to realize the safe authentication of electric terminal equipment of edge gateway. Therefore, the identity authentication of the power terminal equipment can be completed more efficiently.

Description

Power distribution Internet of things based on block chain
The application is a divisional application of patent applications with the application date of 2021, 28/06/5363 and the application number of 2021107186336, and the name of the invention is a safety authentication method for a power distribution internet of things based on a block chain.
Technical Field
The utility model particularly relates to a distribution thing networking based on block chain.
Background
With the effective fusion of new-generation information technologies such as the internet of things and the internet with the smart grid, the traditional power grid is promoted to gradually transform to the smart grid, and the large-range and high-efficiency configuration of energy resources is realized by building the smart grid.
The traditional power distribution internet of things is based on the existing internet environment, the identity authentication of power terminal equipment is uniformly carried out through a central server so as to ensure the effective operation of a power distribution system,
however, the existing design often encounters the problem that the amount of computation required for the central server to reply is huge due to identity authentication application or data transmission brought by massive power terminal equipment, and such a problem usually causes that the power distribution terminal often cannot efficiently complete identity authentication when applying for identity authentication.
Disclosure of Invention
The present disclosure has been made in view of the above circumstances, and an object thereof is to provide a security authentication method for a block chain-based power distribution internet of things, which can more efficiently perform authentication of an identity of a power terminal device.
Therefore, the present disclosure provides a safety certification method for a block chain-based power distribution internet of things, where the power distribution internet of things includes one or more power distribution areas, and any power distribution area includes at least one edge gateway and multiple power terminal devices, where the intelligent management system includes: the method comprises the steps that each edge gateway is used as a block chain main node to construct a block chain, each electric terminal device respectively sends corresponding device information and a preset password to an edge gateway in the same power distribution area, the edge gateway generates an identity and a target password corresponding to the electric terminal device based on the received device information and the preset password and sends the identity and the target password to the electric terminal device, the electric terminal device sends the identity and the target password to the edge gateway to complete registration, a first digital digest is generated based on the identity and a first encryption algorithm, the edge gateway generates a second digital digest based on a second encryption algorithm, the identity and the device information, the edge gateway generates a first character string group based on the first digital digest and an edge gateway identity and generates a first encrypted ciphertext based on a third encryption algorithm, the edge gateway generates a second character string group based on the second digital digest and generates a second encrypted ciphertext group based on a fourth encryption algorithm, the edge gateway generates a target character string group based on the first encrypted digest and the second encrypted digest group based on the first encrypted digest, and further generates a second encrypted ciphertext authentication group based on the second authentication ciphertext group and sends the second authentication ciphertext authentication group to the edge gateway to obtain safety data of the second encrypted digest pair, and the electric terminal authentication ciphertext authentication group, and the safety data are obtained from the edge gateway. In this case, the identity authentication of the power terminal device can be performed by the edge gateway, and thus the identity authentication of the power terminal device can be completed more efficiently.
Further, in the detection system relating to the first aspect of the present disclosure, optionally, the device information includes an area number, a type number, and a number of the power terminal device. Thereby, the device information can be obtained.
In addition, in the detection system according to the first aspect of the present disclosure, it is preferable that the preset password is generated based on a pseudo random number generator built in the power terminal device. Thereby enabling the preset password to be obtained.
In addition, in the detection system according to the first aspect of the present disclosure, optionally, the edge gateway generates a random number by a random number generator, and the edge gateway generates the target password based on the random number and the preset password. Thereby, the target password can be obtained.
In addition, in the detection system according to the first aspect of the present disclosure, optionally, the edge gateway obtains the target password by performing an exclusive or operation on the random number and the preset password. Thereby, the target password can be obtained.
Further, in the detection system according to the first aspect of the present disclosure, optionally, the first encryption algorithm is a SHA-256 encryption algorithm or an SM3 algorithm, and the second encryption algorithm is a SHA-256 encryption algorithm or an SM3 algorithm. Thereby, the first digital digest and the second digital digest can be obtained easily.
In addition, in the detection system according to the first aspect of the present disclosure, optionally, the third encryption algorithm is an SM2 algorithm or an RSA algorithm, and the fourth encryption algorithm is an SM2 algorithm or an RSA algorithm. Thereby, the first encrypted ciphertext and the second encrypted ciphertext can be obtained conveniently.
In addition, in the detection system according to the first aspect of the present disclosure, optionally, the edge gateway implements block chain uplink by writing the target ciphertext combination into a padding field for block chain uplink, where the padding field is a field in which uplink information is recorded. Thus, the edge gateway can write the target ciphertext combination into the block chain.
In addition, in the detection system according to the first aspect of the present disclosure, optionally, before the electric terminal device sends authentication information to the edge gateway, the electric terminal device negotiates a session key with the edge gateway, and decrypts the identity characteristic information in a clear text or by using the session key. Therefore, the method and the device can be beneficial to the safe data interaction between the power terminal equipment and the edge gateway, and can be convenient for the identity authentication of the power terminal equipment by the subsequent edge gateway.
In addition, in the detection system according to the first aspect of the present disclosure, optionally, the power terminal device encrypts, by using a session key, the authentication data to obtain the authentication information, and sends the authentication information to the edge gateway, where the authentication data includes the identity and the device information. In this case, the edge gateway can be enabled to effectively identify and distinguish the power terminal devices.
According to the method, the safety authentication method of the power distribution internet of things based on the block chain can be used for completing identity authentication of the power terminal equipment more efficiently.
Drawings
Embodiments of the present disclosure will now be explained in further detail, by way of example only, with reference to the accompanying drawings, in which:
fig. 1 is a scene diagram illustrating a power distribution internet of things to which examples of the present disclosure relate.
Fig. 2 is a scene diagram illustrating one power distribution area to which an example of the present disclosure relates.
Fig. 3 is a flowchart illustrating a security authentication method for a power distribution internet of things based on a block chain according to an example of the present disclosure.
Fig. 4 is a flowchart illustrating writing target information of a power terminal device into a block chain according to an example of the present disclosure.
Fig. 5 is a flow chart illustrating authentication of an electrical terminal device by an edge gateway and a blockchain.
Fig. 6 is a flowchart illustrating data transmission between power terminal devices according to an example of the present disclosure.
Detailed Description
Hereinafter, preferred embodiments of the present disclosure will be described in detail with reference to the accompanying drawings. In the following description, the same components are denoted by the same reference numerals, and redundant description thereof is omitted. The drawings are schematic and the ratio of the dimensions of the components and the shapes of the components may be different from the actual ones.
It is noted that the terms "comprises," "comprising," and "having," and any variations thereof, in this disclosure, for example, a process, method, system, article, or apparatus that comprises or has a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include or have other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The disclosure provides a safety certification method (sometimes referred to as a safety certification method for short) of a power distribution internet of things based on a block chain. The security authentication method according to the embodiment of the present disclosure may be applied to a smart grid or a power distribution internet of things 1 (see fig. 1). According to the method, the safety authentication method of the power distribution internet of things 1 based on the block chain can be provided, and the identity authentication of the power terminal equipment can be completed more efficiently. The light-weight safety architecture of the power distribution internet of things 1 can be constructed in the embodiment related to the disclosure. In some examples, the power distribution internet of things 1 may distribute security authentication tasks (or identity authentication tasks) of power terminal devices in the power distribution physical Network 1 to edge devices (also referred to as "edge gateways") based on an edge control technology of a Software Defined Network (SDN). In this case, the identity authentication of the power terminal device can be realized by the edge device. Therefore, huge burden of a large amount of electric terminal equipment on the central server can be effectively relieved, and the identity authentication of the electric terminal equipment can be completed more efficiently.
Fig. 1 is a scene diagram illustrating a power distribution internet of things 1 to which an example of the present disclosure relates. In some examples, referring to fig. 1, a power distribution internet of things 1 may include one or more power distribution zones (e.g., power distribution zone 110, power distribution zone 120, and power distribution zone 130). In some examples, the power distribution zone may be divided according to the communication area (or communication coverage) of the edge gateway. In some examples, each power distribution zone may include an edge gateway. In some examples, the number of edge gateways may be one or more. For example, the power distribution area 110 may include an edge gateway 111, the power distribution area 120 may include an edge gateway 121, the power distribution area 130 may include an edge gateway 131, the power distribution area 140 may include an edge gateway 141, and so on. In some examples, each power distribution zone may include power terminal equipment. In some examples, the number of power terminal devices in each power distribution area may be one or more. For example, the number of power terminal apparatuses in the power distribution area 110 may be 3, which are the power terminal apparatus 112, the power terminal apparatus 113, the power terminal apparatus 114, and the like.
Fig. 2 is a scene diagram illustrating one power distribution area P to which the present disclosure example relates. Fig. 2 shows a scene diagram corresponding to a power distribution area P, where the power distribution area P includes an edge gateway S and a plurality of power terminal devices D, such as a first power terminal device D1 and a second power terminal device D2. Fig. 3 is a flowchart illustrating a security authentication method of the power distribution internet of things 1 based on the block chain according to an example of the present disclosure.
In the embodiment related to the present disclosure, a safety certification method for a block chain based power distribution internet of things 1 is provided (see fig. 3). In this embodiment, referring to fig. 3, the safety certification method for the power distribution internet of things 1 based on the block chain may include the following steps: block chain initialization is performed by the edge gateway S (step S10); registering the power terminal device D through the edge gateway S (step S20); the power terminal device D is authenticated by the edge gateway S (step S30). According to the safety authentication method disclosed by the invention, the identity authentication of the power terminal equipment D can be more efficiently completed.
In step S10, as described above, a block chain initialization may be performed by the edge gateway S.
In some examples, the edge gateways S corresponding to the respective power distribution areas P may be respectively used as the main node of the block chain to construct the block chain, and the power terminal devices D in the communication area of the edge gateways S are used as the sub-nodes of the block chain. In some examples, each edge gateway S may construct a blockchain trust domain (simply "trust domain"). In this case, if the power terminal device D performs identity authentication within the trust domain, all power terminal devices D trusting the authentication domain (i.e. trust domain) may accept the identity authentication. In some examples, the edge gateway S may serve as a master device of the blockchain trust domain, and the power terminal devices D in the same power distribution area may serve as slave devices of the blockchain trust domain.
In step S20, as described above, the power terminal device D can be registered by the edge gateway S.
In some examples, in step S20, the edge gateway S needs to register the power terminal devices D that join the same distribution area P (see fig. 2 and 3). In this case, the edge gateway S can perform identity identification and information registration on the electric terminal device D, so that the edge gateway S can better identify and distinguish the electric terminal device D, and the subsequent identity authentication of the electric terminal device D through the edge gateway S can be facilitated. In some examples, the power terminal device D may be registered by the edge gateway S within the same blockchain trust domain. Or the power terminal device D may be registered by the edge gateway S of the same distribution area P.
In some examples, each power terminal device D may transmit the destination information to the edge gateway S separately. In some examples, the target information may include device information and a preset password of the power terminal device D. In some examples, the device information may be information that can distinguish the individual power terminal devices D. In some examples, the device information may include information such as an area number, a type number, and a number of the power terminal device D. Thereby, the device information can be obtained. In some examples, the area number may be a number of a blockchain area. In some examples, the type number may be a number of a device type. In some examples, the number may be a number in the same type of device in the area. In some examples, the device information may be generated when the power terminal device D joins the blockchain trust domain.
In some examples, the preset password transmitted by the power terminal device D may be generated based on a pseudo random number generator built in the power terminal device D. Thereby enabling the preset password to be obtained. In some examples, the power terminal device D may store the generated preset password.
In some examples, the edge gateway S may receive the destination information transmitted by the power terminal device D. In some examples, the edge gateway S may generate registration information based on the received target information and may transmit the registration information to the corresponding power terminal device D.
Specifically, the edge gateway S may receive the device information and the preset password transmitted by the power terminal device D. In some examples, the edge gateway S may generate an identity corresponding to the power terminal device D based on the received device information. In some examples, the identity may be a unique device identity corresponding to the power terminal device D.
In some examples, the edge gateway S may generate a target password corresponding to the power terminal device D based on the received preset password. In some examples, the edge gateway S generates a target password based on the random number and a preset password. In some examples, the edge gateway S may generate a random number by a random number generator. In some examples, the edge gateway S may obtain the target password by xoring the random number and a preset password. Thereby, the target password can be obtained.
In some examples, the registration information may include an identification and a target password. In some examples, the edge gateway S may store the generated registration information. In some examples, the edge gateway S may store the device information in a database of the edge gateway S.
In some examples, the edge gateway S may send the registration information to the corresponding power terminal device D. For example, the edge gateway S may transmit registration information such as an identification and a target password to the corresponding power terminal device D. In other examples, the edge gateway S may send the registration information and the preset password to the corresponding power terminal device D after generating the registration information. In some examples, the power terminal device may be confirmed to correspond to the registration information by comparing the received preset password with a self-generated preset password. In some examples, the power terminal device D may store the received registration information.
In some examples, the edge gateway S may also generate a key pair for the power terminal device D.
In some examples, the identity may be a public key of the power terminal device D. In some examples, the target password may be a private key of the power terminal device D. Or the target password and the preset password may be used as a private key pair of the power terminal device D.
In some examples, the power terminal device D may send registration information to the edge gateway S to complete the registration. Specifically, in some examples, the power terminal device D may receive the identity and the target password sent by the edge gateway S and may send the identity and the target password to the edge gateway S over the secure channel. In some examples, if the edge gateway S obtains the registration information corresponding to the received registration information by querying the data stored in the edge gateway S, it indicates that the power terminal device D completes registration. In this case, the edge gateway S may transmit notification information that registration has been completed to the power terminal device D. In some examples, if the edge gateway S does not obtain the corresponding registration information by querying the data stored in itself after receiving the registration information, it indicates that the power terminal device D does not complete the registration. In this case, the edge gateway S may store the received registration information to complete the registration, and thereafter may transmit notification information that the registration has been completed to the power terminal device D.
In step S30, as described above, the power terminal device D may be authenticated by the edge gateway S.
In some examples, step S30 may include writing target information of the power terminal device D into the blockchain, and authenticating the power terminal device D based on the edge gateway S and the blockchain.
In step S30, as described above, the power terminal device D may be authenticated by the edge gateway S.
In some examples, step S30 may include writing target information of the power terminal device D into the blockchain, and authenticating the power terminal device D through the edge gateway S and the blockchain.
Fig. 4 is a flowchart illustrating writing of target information of the power terminal device D into the block chain according to an example of the present disclosure. Fig. 5 is a flowchart showing the authentication of the power terminal device D by the edge gateway S and the block chain.
In the embodiment according to the present disclosure, referring to fig. 4, writing the target information of the power terminal device D into the block chain may include: the edge gateway S generates a first digital digest based on the identification and the first encryption algorithm in the registration information of the electric power terminal device D, and the edge gateway S generates a second digital digest based on the identification and the device information of the electric power terminal device D and the second encryption algorithm (step S311); the edge gateway S generates a first character string combination based on the first digital digest and the edge gateway identifier and generates a first encrypted ciphertext based on the third encryption algorithm, the edge gateway S generates a second character string combination based on the second digital digest and the edge gateway identifier and generates a second encrypted ciphertext based on the fourth encryption algorithm (step S312), the edge gateway S generates a target ciphertext combination based on the first encrypted ciphertext and the second encrypted ciphertext (step S313), and the edge gateway S combines the target ciphertext in a block chain uplink (step S314).
In step S311, as described above, the edge gateway S generates a first digital digest based on the identity in the registration information of the power terminal device D and the first encryption algorithm, and the edge gateway S generates a second digital digest based on the identity and the stored device information and the second encryption algorithm.
In some examples, the edge gateway S may generate the first digital digest based on the identity and a first encryption algorithm. In some examples, the first encryption algorithm may be a SHA-256 encryption algorithm or an SM3 algorithm, among others. Thereby, the first digital digest can be obtained easily.
In some examples, the edge gateway S may generate a second digital digest based on the identity and the device information and a second encryption algorithm. In some examples, the edge gateway S may generate the identity digital digest based on the second encryption algorithm and the identity. In some examples, the edge gateway S may generate a device information digital digest based on the second encryption algorithm and the device information. In some examples, the edge gateway S may concatenate the identity digital digest and the device information digital digest combination into a string to generate the second digital digest. In some examples, the second encryption algorithm may be a SHA-256 encryption algorithm or an SM3 algorithm, among others. Thereby, the obtaining of the second digital digest can be facilitated.
In step S312, as described above, the edge gateway S may generate a first combination of strings based on the first digital digest and the edge gateway identification and a first encrypted ciphertext based on the third encryption algorithm, and the edge gateway S may generate a second combination of strings based on the second digital digest and the edge gateway identification and a second encrypted ciphertext based on the fourth encryption algorithm.
In some examples, the edge gateway identification may be an edge gateway number to which the edge gateway S corresponds. In this case, the edge gateway number may be used to distinguish the edge gateways of different distribution areas. In some examples, the edge gateway identification may be generated when the edge gateway S registers on the cloud gateway.
In some examples, the edge gateway S may generate a first string combination based on the first digital digest and the edge gateway identification, as described above. In some examples, the edge gateway S may concatenate the first digital digest with the edge gateway identification to generate a first string combination.
In some examples, the edge gateway S may generate a first encryption ciphertext based on the third encryption algorithm and the first string combination. In some examples, the third encryption algorithm may be an SM2 algorithm or an RSA algorithm. Thereby, the first encrypted ciphertext can be obtained conveniently. In some examples, the edge gateway S may use the public key of the power terminal device D and apply a third encryption algorithm to asymmetrically encrypt the first string combination to form a first encrypted ciphertext.
In some examples, the edge gateway S may generate a second string combination based on the second digital digest and the edge gateway identification. In some examples, the edge gateway S may concatenate the second digital digest with the edge gateway identification to generate a second string combination.
In some examples, the edge gateway S may generate a second encryption ciphertext based on a fourth encryption algorithm and the second string combination. In some examples, the fourth encryption algorithm may be an SM2 algorithm or an RSA algorithm. Thereby, the second encrypted ciphertext can be obtained conveniently. In some examples, edge gateway S may use the edge gateway S public key and apply a fourth encryption algorithm to asymmetrically encrypt the second combination of strings to form a second encrypted ciphertext.
In some examples, the edge gateway S public key may be generated when registered on the cloud gateway.
In step S313, the edge gateway S may receive the first encrypted ciphertext and generate a target ciphertext combination based on the second encrypted ciphertext.
In some examples, the edge gateway S may segment the first encrypted ciphertext and the second encrypted ciphertext according to a certain rule, and then join them together to form a complete ciphertext, that is, a target ciphertext combination. In some examples, the edge gateway S may combine the first encrypted ciphertext and the second encrypted ciphertext using a pound ("#") sign to obtain the target ciphertext combination.
In step S314, the edge gateway S may assemble the target cipher text on the blockchain as described above.
In some examples, the edge gateway S may write the target cipher text combination into a padding field for uplink on the blockchain to complete writing the target information into the blockchain. In some examples, the padding field may be a field that records uplink information. This enables the edge gateway S to write the target ciphertext combination into the blockchain. In some examples, the target information may include identification, device information, and the like.
In the embodiment related to the present disclosure, before data transmission between the power terminal devices D, the edge gateway S is required to perform identity authentication on the power terminal devices D. For example, before the first power terminal device D1 transmits data to the second power terminal device D2, the edge gateway S may authenticate whether the first power terminal device D1 is legitimate.
In the embodiment related to the present disclosure, referring to fig. 5, the identity authentication of the power terminal device D by the edge gateway S may include the following steps: the power terminal device D may transmit authentication information to the edge gateway S (step S321), and the edge gateway S implements authentication of the power terminal device D based on the authentication information and the encrypted device information obtained from the blockchain (step S322); after the authentication is successful, the electric power terminal device D transmits a request content to the edge gateway S to implement the security authentication of the electric power terminal device D by the edge gateway S (step S323).
In step S321, as described above, the power terminal device D may transmit the authentication information to the edge gateway S.
In some examples, the power terminal device D may send the authentication information to the edge gateway S by encrypting the authentication data or the like to obtain the authentication information. In some examples, the authentication data may include identification and device information, among others. In this case, the edge gateway S can be made to efficiently identify and distinguish the power terminal devices D.
In some examples, prior to step S321, the power terminal device D may negotiate a session key with the edge gateway S. In some examples, the power terminal device D and the edge gateway S may encrypt and decrypt through a session key when performing data interaction. In some examples, the power terminal device D may encrypt the authentication data by the session key to obtain authentication information to send to the edge gateway S. Therefore, safe data interaction between the power terminal device D and the edge gateway S can be facilitated, and identity authentication of the power terminal device D by the subsequent edge gateway S can be facilitated.
In step S322, as described above, the edge gateway S may implement authentication of the power terminal device D based on the authentication information and the encrypted device information obtained from the blockchain.
In some examples, the edge gateway S may receive the authentication information and obtain authentication data therefrom. In some examples, the edge gateway S may decrypt the authentication information to obtain authentication data therefrom and request content. In some examples, the edge gateway S may decrypt the authentication information with the session key. Therefore, the authentication data can be obtained, and the identity authentication of the power terminal device D by the edge gateway S can be facilitated.
In some examples, the edge gateway S may obtain the identity data from the authentication data. In some examples, the identity data may refer to device information, i.e., area number, type number, and the like.
In some examples, the edge gateway S may obtain the first authentication data digest based on the authentication data. In some examples, the edge gateway S may generate the first authentication data digest based on the identity and device information in the authentication data and a second encryption algorithm.
In some examples, the edge gateway S may extract the cryptographic device information from the blockchain based on the identity in the authentication data. In some examples, the encrypted device information may be a second digital digest, or the like.
In some examples, the edge gateway S may enable authentication of the power terminal device D by the edge gateway S by matching the first authentication data digest and the second digital digest.
In step S323, as described above, after the authentication is successful, the power terminal device D transmits request content to the edge gateway S to implement data transmission between the power terminal devices D. In some examples, the request content may include an identification of other power terminal devices to be transmitted by power terminal device D, and the like. In this case, the edge gateway S may identify the power terminal devices D to be transmitted based on the identity to implement data transmission between the power terminal devices D.
In some examples, the power terminal device D may send the request content to the edge gateway S encrypted with the session key. In some examples, the edge gateway S may decrypt the requested content with the session key and store it in its own database to enable data transfer between the power terminal devices D.
Fig. 6 is a flowchart illustrating data transmission between the power terminal devices D according to the example of the present disclosure.
In the embodiment related to the present disclosure, in the power distribution internet of things 1, data can be securely transmitted between the power terminal devices D. For example, data transmission may be performed between the first power terminal device D1 and the second power terminal device D2. In some examples, the first power terminal device D1 may transmit the transmitted data to the edge gateway S, and the edge gateway S may verify the data transmitted by the first power terminal device D1, and if the verification is passed, may transmit the data to the second power terminal device D2. The following describes in detail a process of data secure transmission between the power terminal devices D with reference to the drawings.
In the present embodiment, referring to fig. 6, the process of data transmission between the first power terminal device D1 and the second power terminal device D2 may include the following steps: the first power terminal device D1 may generate a target data packet from the target transmission data, encrypt the target data packet by using a fifth encryption algorithm to obtain a digital digest of the transmission data, and sign the digital digest of the transmission data by using a private key thereof to obtain a transmission data ciphertext (step S41); the first power terminal device D1 sends the target data packet, the signed transmission data cipher text, and the data generation timestamp to the edge gateway S, and performs signature authentication (step S42); if the verification is passed, the edge gateway S may transmit the encrypted transmission data to the second power terminal device D2, and the second power terminal device D2 may decrypt the encrypted transmission data to obtain the target transmission data (step S43).
In some examples, in step S41, the first power terminal device D1 may generate the target transmission data into a target data packet based on the network communication protocol. In some examples, the target transmission data may include data information that the first power terminal device D1 wants to transfer to the second power terminal device D2. In some examples, the destination data packet may include information such as an identity of the first power terminal device D1, device information, and the like. This can facilitate authentication by the subsequent edge gateway S. In some examples, the destination data packet may also contain relevant identity information (e.g., identification, device information, etc.) of the power terminal device D (second power terminal device D2) that the first power terminal device D1 wants to transmit data. For example, the destination data packet may further include information such as an identification and device information of the second power terminal device D2. Thereby, it can be facilitated for the subsequent edge gateway S to accurately transmit information to the second power terminal device D2.
In some examples, the first power terminal device D1 may encrypt the target data packet using a fifth encryption algorithm to obtain a digital digest of the transmission data. In some examples, the fifth encryption algorithm may be a SHA-2 encryption algorithm. In some examples, the first power terminal device D1 may sign a digital digest of the transmission data with its private key, resulting in a transmission data cipher text.
In some examples, in step S42, the first power terminal device D1 may send the target data packet, the signed transmission data cipher, and the data generation timestamp to the edge gateway S. In some examples, the data generation timestamp may be generated by the first power terminal device D1 according to the time of data transmission. In some examples, the first power terminal device D1 may send information such as a target data packet, a signed transmission data cipher, and a data generation timestamp to the edge gateway S of the same power distribution area.
In some examples, the edge gateway S may broadcast information such as the received target data packet, the signed transmission data cipher text, and the data generation timestamp to other edge gateways S in the power distribution internet of things 1. In this case, any edge gateway S in the distribution internet of things 1 may perform signature verification on information such as the target data packet, the transmission data cipher text after signature, and the data generation timestamp sent by the first power terminal device D1. This can effectively improve the efficiency of verification. In some examples, the signature verification may refer to that the edge gateway S decrypts the signed transmission data ciphertext based on the public key of the first power terminal device D1 to obtain a third digital digest of the transmission data, and compares the third digital digest with a fourth digital digest of the transmission data calculated by the edge gateway S using a fifth encryption algorithm on the target data packet, and if the third digital digest and the fourth digital digest are equal, it indicates that the data is not tampered (i.e., the data passes the verification). In some examples, if an edge gateway S obtains a verification result of signature verification, the edge gateway S may broadcast the obtained verification result to other edge gateways S in the power distribution internet of things 1. In this case, the other edge gateways S may obtain the authentication result.
In some examples, in step S43, the edge gateway S may confirm whether to transmit the encrypted transmission data to the second power terminal device D2 according to the verification result. In some examples, the edge gateway S may transmit the encrypted transmission data to the second power terminal device D2 if the authentication is passed. In some examples, the edge gateway S may obtain information such as an identity of the second power terminal device D2 from the destination data packet. In this case, the destination data packet may be encrypted by the edge gateway S located in the same distribution area as the second electric power terminal device D2 to obtain encrypted transmission data to the second electric power terminal device D2. In some examples, the second power terminal device D2 may decrypt the encrypted transmission data to obtain the target transmission data. In some examples, the encryption and decryption of the edge gateway S and the power terminal device D is based on a session key negotiated between them. Thereby, information transmission between the power terminal devices D can be realized.
While the present disclosure has been described in detail in connection with the drawings and examples, it should be understood that the above description is not intended to limit the disclosure in any way. Those skilled in the art can make modifications and variations to the present disclosure as needed without departing from the true spirit and scope of the disclosure, which fall within the scope of the disclosure.

Claims (10)

1. The power distribution Internet of things based on the block chain is characterized by comprising at least one power distribution area, wherein any power distribution area comprises at least one edge gateway and a plurality of power terminal devices, wherein the edge gateway is used as a block chain main node to construct the block chain; each edge gateway is used for receiving target information including equipment information sent by electric terminal equipment in the same power distribution area, writing the target information into a block chain, generating registration information including an identity identifier corresponding to the electric terminal equipment based on the target information by the edge gateway and sending the registration information to the electric terminal equipment, wherein the edge gateway generates a first digital abstract based on the identity identifier and a first encryption algorithm, generates a second digital abstract based on a second encryption algorithm, the identity identifier and the equipment information, generates a first character string combination based on the first digital abstract and the edge gateway identifier and generates a first encryption ciphertext based on a third encryption algorithm, generates a second character string combination based on the second digital abstract and the edge gateway identifier and generates a second encryption ciphertext based on a fourth encryption algorithm, and generates a target combination based on the first encryption and the second encryption ciphertext so as to combine the targets in the block chain; each edge gateway is further used for receiving authentication information of the power terminal equipment and acquiring authentication data comprising the identity identification and the equipment information from the authentication information, acquiring a first authentication data digest based on the identity identification and the equipment information in the authentication data and the second encryption algorithm, extracting a second digital digest from a block chain based on the authentication data, and realizing safety authentication of the power terminal equipment based on the first authentication data digest and the second digital digest; each power terminal device is used for sending the corresponding target information to the edge gateway in the same power distribution area, and after receiving the registration information, sending the registration information to complete registration; each power terminal device is also used for sending the authentication information.
2. The Internet of things for power distribution of claim 1,
the device information includes an area number, a type number, and a number of the electric power terminal device.
3. The Internet of things for power distribution of claim 1,
the target information further comprises a preset password, the edge gateway further generates a target password corresponding to the electric power terminal equipment based on the preset password, and the registration information further comprises the target password.
4. The power distribution Internet of things of claim 3,
and the edge gateway generates a random number through a random number generator and generates the target password based on the random number and the preset password.
5. The power distribution Internet of things of claim 3,
and the edge gateway obtains the target password by carrying out XOR operation on the random number and the preset password.
6. The power distribution Internet of things of claim 3,
the edge gateway is further used for sending the registration information and the preset password to the corresponding electric power terminal equipment, and the electric power terminal equipment confirms that the electric power terminal equipment corresponds to the registration information by comparing the received preset password with the preset password generated by the electric power terminal equipment.
7. The power distribution internet of things of claim 1, wherein sending the registration information to complete registration is:
and the electric power terminal equipment sends the registration information to the edge gateway, if the edge gateway receives the registration information and then obtains the corresponding registration information by inquiring in the data stored in the edge gateway, the electric power terminal equipment is indicated to finish the registration, otherwise, the electric power terminal equipment is indicated to finish the registration.
8. The power distribution Internet of things of claim 1,
the edge gateway realizes block chain uplink by writing the target ciphertext combination into a padding field for block chain uplink, wherein the padding field is a field recording uplink information.
9. The power distribution Internet of things of claim 1,
before the electric terminal equipment sends the authentication information to the edge gateway, the electric terminal equipment and the edge gateway negotiate a session key, and encrypt the authentication data through the session key to obtain the authentication information to send the authentication information to the edge gateway.
10. The power distribution Internet of things of claim 1,
each edge gateway is further used for constructing a block chain trust domain, and if the electric terminal equipment performs security authentication in the block chain trust domain, all the electric terminal equipment trusting the block chain trust domain receives the security authentication.
CN202210143071.1A 2021-06-28 2021-06-28 Power distribution Internet of things based on block chain Active CN114513361B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210143071.1A CN114513361B (en) 2021-06-28 2021-06-28 Power distribution Internet of things based on block chain

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210143071.1A CN114513361B (en) 2021-06-28 2021-06-28 Power distribution Internet of things based on block chain
CN202110718633.6A CN113364803B (en) 2021-06-28 2021-06-28 Block chain-based security authentication method for power distribution Internet of things

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN202110718633.6A Division CN113364803B (en) 2021-06-28 2021-06-28 Block chain-based security authentication method for power distribution Internet of things

Publications (2)

Publication Number Publication Date
CN114513361A CN114513361A (en) 2022-05-17
CN114513361B true CN114513361B (en) 2022-11-01

Family

ID=77536848

Family Applications (3)

Application Number Title Priority Date Filing Date
CN202210143071.1A Active CN114513361B (en) 2021-06-28 2021-06-28 Power distribution Internet of things based on block chain
CN202110718633.6A Active CN113364803B (en) 2021-06-28 2021-06-28 Block chain-based security authentication method for power distribution Internet of things
CN202210143481.6A Active CN114500081B (en) 2021-06-28 2021-06-28 Data transmission method of power distribution Internet of things based on block chain

Family Applications After (2)

Application Number Title Priority Date Filing Date
CN202110718633.6A Active CN113364803B (en) 2021-06-28 2021-06-28 Block chain-based security authentication method for power distribution Internet of things
CN202210143481.6A Active CN114500081B (en) 2021-06-28 2021-06-28 Data transmission method of power distribution Internet of things based on block chain

Country Status (1)

Country Link
CN (3) CN114513361B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114189858B (en) * 2021-12-09 2023-10-24 国网江苏省电力有限公司泰州供电分公司 Asymmetric encryption-based power 5G public network secure transmission method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109787987A (en) * 2019-01-29 2019-05-21 国网江苏省电力有限公司无锡供电分公司 Electric power internet-of-things terminal identity identifying method based on block chain
CN111478902A (en) * 2020-04-07 2020-07-31 江苏润和智融科技有限公司 Power edge gateway equipment and sensing data uplink storage method based on same
CN112291230A (en) * 2020-10-26 2021-01-29 公安部第一研究所 Data security authentication transmission method and device for terminal of Internet of things
CN112600892A (en) * 2020-12-07 2021-04-02 北京邮电大学 Block chain equipment and system for Internet of things and working method

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11251956B2 (en) * 2018-07-02 2022-02-15 Avaya Inc. Federated blockchain identity model and secure personally identifiable information data transmission model for RCS
US20200043000A1 (en) * 2018-08-03 2020-02-06 Panasonic Intellectual Property Corporation Of America Data distribution method, authentication server, and data structure
CN109495516A (en) * 2019-01-07 2019-03-19 国网江苏省电力有限公司无锡供电分公司 Electric power internet-of-things terminal cut-in method based on block chain
CN111447067A (en) * 2020-03-19 2020-07-24 江苏方天电力技术有限公司 Encryption authentication method for power sensing equipment
CN112383504A (en) * 2020-09-28 2021-02-19 国网山东省电力公司冠县供电公司 Electric power thing networking block chain data management system
CN112417424A (en) * 2020-12-02 2021-02-26 中国电力科学研究院有限公司 Authentication method and system for power terminal
CN112839041B (en) * 2021-01-05 2022-09-23 国网浙江省电力有限公司嘉兴供电公司 Block chain-based power grid identity authentication method, device, medium and equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109787987A (en) * 2019-01-29 2019-05-21 国网江苏省电力有限公司无锡供电分公司 Electric power internet-of-things terminal identity identifying method based on block chain
CN111478902A (en) * 2020-04-07 2020-07-31 江苏润和智融科技有限公司 Power edge gateway equipment and sensing data uplink storage method based on same
CN112291230A (en) * 2020-10-26 2021-01-29 公安部第一研究所 Data security authentication transmission method and device for terminal of Internet of things
CN112600892A (en) * 2020-12-07 2021-04-02 北京邮电大学 Block chain equipment and system for Internet of things and working method

Also Published As

Publication number Publication date
CN114500081B (en) 2022-09-27
CN114500081A (en) 2022-05-13
CN114513361A (en) 2022-05-17
CN113364803A (en) 2021-09-07
CN113364803B (en) 2022-03-11

Similar Documents

Publication Publication Date Title
CN111083131B (en) Lightweight identity authentication method for power Internet of things sensing terminal
WO2019137014A1 (en) Quantum key fusion-based secure communication method and apparatus for virtual power plant, and medium
CN108683501B (en) Multiple identity authentication system and method with timestamp as random number based on quantum communication network
CN111092717B (en) Group authentication-based safe and reliable communication method in smart home environment
US7907735B2 (en) System and method of creating and sending broadcast and multicast data
CN113553574A (en) Internet of things trusted data management method based on block chain technology
Tan et al. Comments on “dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks”
CN108650028B (en) Multiple identity authentication system and method based on quantum communication network and true random number
CN103763356A (en) Establishment method, device and system for connection of secure sockets layers
CN112311537B (en) Block chain-based equipment access authentication system and method
CN110087240B (en) Wireless network security data transmission method and system based on WPA2-PSK mode
CN108964896B (en) Kerberos identity authentication system and method based on group key pool
CN105610773A (en) Communication encryption method of electric energy meter remote meter reading
CN104243439A (en) File transfer processing method and system and terminals
CN108964895B (en) User-to-User identity authentication system and method based on group key pool and improved Kerberos
CN114513339A (en) Security authentication method, system and device
CN114531680B (en) Light-weight IBC bidirectional identity authentication system and method based on quantum key
CN116388995A (en) Lightweight smart grid authentication method based on PUF
CN114154181A (en) Privacy calculation method based on distributed storage
CN114513361B (en) Power distribution Internet of things based on block chain
TW201628370A (en) Network group authentication system and method
CN108965266B (en) User-to-User identity authentication system and method based on group key pool and Kerberos
CN116743372A (en) Quantum security protocol implementation method and system based on SSL protocol
WO2023116027A1 (en) Cross-domain identity verification method in secure multi-party computation, and server
CN116760530A (en) Lightweight authentication key negotiation method for electric power Internet of things terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20221208

Address after: A408, Floor 4, Building 1, Qilu Software Park, Shunhua Road, High tech Zone, Jinan, Shandong 250098

Patentee after: Shandong Huake Information Technology Co.,Ltd.

Patentee after: Beijing Huaqing Zhihui Energy Technology Co.,Ltd.

Patentee after: ELECTRIC POWER RESEARCH INSTITUTE OF STATE GRID SHANDONG ELECTRIC POWER Co.

Address before: 250101 rooms 1-3133, building 1, No.88, West Convention and Exhibition Road, high tech Zone, Jinan City, Shandong Province

Patentee before: Shandong Huake Information Technology Co.,Ltd.

Patentee before: Beijing Huaqing Zhihui Energy Technology Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230628

Address after: A408, Floor 4, Building 1, Qilu Software Park, Shunhua Road, High tech Zone, Jinan, Shandong 250098

Patentee after: Shandong Huake Information Technology Co.,Ltd.

Patentee after: Beijing Huaqing Zhihui Energy Technology Co.,Ltd.

Address before: A408, Floor 4, Building 1, Qilu Software Park, Shunhua Road, High tech Zone, Jinan, Shandong 250098

Patentee before: Shandong Huake Information Technology Co.,Ltd.

Patentee before: Beijing Huaqing Zhihui Energy Technology Co.,Ltd.

Patentee before: ELECTRIC POWER RESEARCH INSTITUTE OF STATE GRID SHANDONG ELECTRIC POWER Co.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230724

Address after: A408, Floor 4, Building 1, Qilu Software Park, Shunhua Road, High tech Zone, Jinan, Shandong 250098

Patentee after: Shandong Huake Information Technology Co.,Ltd.

Address before: A408, Floor 4, Building 1, Qilu Software Park, Shunhua Road, High tech Zone, Jinan, Shandong 250098

Patentee before: Shandong Huake Information Technology Co.,Ltd.

Patentee before: Beijing Huaqing Zhihui Energy Technology Co.,Ltd.