disclosure of Invention
In view of the above, it is desirable to provide a security authentication system for a power carrier that can improve the security of power carrier communication.
A system for secure authentication of a power carrier, the system comprising: the system comprises a main station, a concentrator authentication module and an ammeter authentication module; the ammeter authentication module and the master station are both connected with the concentrator authentication module; the concentrator authentication module comprises a concentrator, and the electric meter authentication module comprises an electric meter;
The concentrator authentication module also comprises a network module and a concentrator carrier module; one end of the network module is in network communication connection with the master station; the other end of the network module is connected with one end of the concentrator; the other end of the concentrator is connected with the concentrator carrier module; the concentrator carrier module consists of a first main control submodule and a concentrator authentication submodule; the first main control sub-module is connected with the concentrator authentication sub-module; the first main control sub-module is provided with a first data interface and a first power interface; the other end of the concentrator is connected with a first data interface of the concentrator carrier module;
The ammeter authentication module also comprises an ammeter carrier module; the ammeter carrier module consists of a second main control sub-module and an ammeter authentication sub-module; the second main control sub-module is connected with the ammeter authentication sub-module; the second main control sub-module is provided with a second data interface and a second power interface; the second power interface of the ammeter carrier module is connected with the first power interface of the concentrator carrier module; and a second data interface of the electric meter carrier module is connected with a data end of the electric meter.
In the working process of the safety authentication system of the power carrier, before sensitive data transmission is carried out, the master station and the concentrator authentication module carry out first-pass equipment identity authentication, and when the first-pass equipment identity authentication is passed, the concentrator authentication module and the ammeter authentication module carry out second-pass equipment identity authentication; realizing the step-by-step transmission of the trust chain; after the equipment identity authentication among the master station, the concentrator authentication module and the electric meter authentication module is passed, the concentrator authentication module and the electric meter authentication module perform key agreement to determine sensitive data for communicating the concentrator authentication module and the electric meter authentication module, such as user electricity consumption data, and an encrypted session key, so that the sensitive data is prevented from being tampered, hijacked or leaked in the power carrier communication process, and the safety degree of the power carrier communication process is improved.
In one embodiment, the concentrator authentication sub-module is a first security chip; the first main control sub-module comprises: the device comprises a first carrier acquisition element and a first main control chip; the first carrier acquisition element and the first security chip are both connected with the first main control chip.
In one embodiment, the electric meter authentication sub-module is a second security chip; the second main control sub-module comprises: the second carrier acquisition element and the second main control chip; the second carrier acquisition element and the second security chip are both connected with the second main control chip.
in one embodiment, the first security chip is CSGDX-SEC-201701 in model number.
In one embodiment, the network module comprises: at least one of a GPRS module, a 4G module, an Ethernet module and a fiber optic module.
In one embodiment, the second power interface of the electricity meter carrier module is connected with the first power interface of the concentrator carrier module through a power line.
In one embodiment, the first power interface: comprises a zero line interface and a live line interface.
In one embodiment, the concentrator and the concentrator carrier module adopt a communication mode of UART (universal asynchronous receiver/transistor) connection with TTL (transistor-transistor logic) or RS 485.
In one embodiment, the first secure chip is configured to store a storage device authentication key, a session key, a certificate file, and sensitive data.
In one embodiment, the electric meter authentication sub-module is used for performing asymmetric encryption transmission on the user electricity consumption data generated by the electric meter.
Detailed Description
In order to make the above objects, features and advantages of the present invention more comprehensible, embodiments of the present invention are described in detail below with reference to the accompanying drawings. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein, as those skilled in the art will be able to make similar modifications without departing from the spirit and scope of the present invention.
In the description of the present invention, it is to be understood that the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In the description of the present invention, it is to be understood that when an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present. In contrast, when an element is referred to as being "directly connected" to another element, there are no intervening elements present.
The power carrier security authentication system provided by the application can be applied to the application environment shown in fig. 1. The monitoring master station 110 is connected to the concentrator authentication module 120 through a network; the concentrator authentication module 120 and the electricity meter authentication module 130 are connected through a power line.
A system for secure authentication of a power carrier, as shown in fig. 2, the system comprising: a main station 110, a concentrator authentication module 120, and an electricity meter authentication module 130; the electric meter authentication module 130 and the main station 110 are both connected with the concentrator authentication module 120; the concentrator authentication module 120 includes a concentrator 220, and the electricity meter authentication module 130 includes an electricity meter 270;
the concentrator authentication module 120 further includes a network module 210 and a concentrator carrier module 230; one end of the network module 210 is in network communication connection with the master station 110; the other end of the network module 210 is connected to one end of the concentrator 220; the other end of the concentrator 220 is connected to a concentrator carrier module 230; the concentrator carrier module 230 is composed of a first main control sub-module 240 and a concentrator authentication sub-module 243; the first main control sub-module 240 is connected with the concentrator authentication sub-module 243; the first main control sub-module 240 is provided with a first data interface and a first power interface; the other end of the concentrator is connected with a first data interface of the concentrator carrier module;
The electric meter authentication module 130 further comprises an electric meter carrier module 250; the electric meter carrier module 250 consists of a second main control sub-module 260 and an electric meter authentication sub-module 253; the second main control sub-module 260 is connected with the electric meter authentication sub-module 253; the second main control sub-module 260 is provided with a second data interface and a second power interface; the second power interface of the electricity meter carrier module 250 is connected with the first power interface of the concentrator carrier module 230; the second data interface of the electric meter carrier module 250 is connected with the data end of the electric meter 270.
Further, the concentrator authentication module 120 further includes a network module 210 and a concentrator carrier module 230; one end of the network module 210 is in communication connection with the master station 110 through a network, for example, a cellular network, an ethernet network, etc.; the other end of the network module 210 is electrically connected to one end of the concentrator 220; the other end of the concentrator 220 is electrically connected to the concentrator carrier module 230; the concentrator carrier module 230 is composed of a first main control sub-module 240 and a concentrator authentication sub-module 243; the first main control sub-module 240 is electrically connected to the concentrator authentication sub-module 243; the first main control sub-module 240 is provided with a first data interface and a first power interface; the other end of the concentrator is electrically connected with a first data interface of the concentrator carrier module;
the electric meter authentication module 130 further comprises an electric meter carrier module 250; the electric meter carrier module 250 consists of a second main control sub-module 260 and an electric meter authentication sub-module 253; the second main control sub-module 260 is electrically connected with the electric meter authentication sub-module 253; the second main control sub-module 260 is provided with a second data interface and a second power interface; the second power interface of the electric meter carrier module 250 is electrically connected to the first power interface of the concentrator carrier module 230; the second data interface of the electric meter carrier module 250 is electrically connected with the data terminal of the electric meter 270.
In the working process of the safety authentication system of the power carrier, before sensitive data transmission is carried out, the master station and the concentrator authentication module carry out first-pass equipment identity authentication, and when the first-pass equipment identity authentication is passed, the concentrator authentication module and the ammeter authentication module carry out second-pass equipment identity authentication; realizing the step-by-step transmission of the trust chain; after the equipment identity authentication among the master station, the concentrator authentication module and the electric meter authentication module is passed, the concentrator authentication module and the electric meter authentication module perform key agreement to determine sensitive data for communicating the concentrator authentication module and the electric meter authentication module, such as user electricity consumption data, and an encrypted session key, so that the sensitive data is prevented from being tampered, hijacked or leaked in the power carrier communication process, and the safety degree of the power carrier communication process is improved.
in another embodiment, the concentrator authentication sub-module 243 is a first security chip; the first main control sub-module 240 includes: a first carrier collection element 241 and a first master control chip 242; the first carrier acquisition element 241 and the first security chip are both connected to the first main control chip 242.
Further, the concentrator authentication sub-module 243 is a first security chip; the first main control sub-module 240 includes: a first carrier collection element 241 and a first master control chip 242; the first carrier collection element 241 and the first security chip are electrically connected to the first main control chip 242. The first main control chip 242 may be an embedded chip or a single chip or other low-power-consumption high-performance processing chip, so that the concentrator authentication sub-module 243 has the advantages of high-speed data processing capability and low energy consumption.
In another embodiment, the electric meter authentication sub-module 253 is a second security chip; the second main control sub-module 260 includes: a second carrier collection element 251 and a second main control chip 251; the second carrier acquisition element 251 and the second security chip are both connected to the second main control chip 252.
Further, the electric meter authentication sub-module 253 is a second security chip; the second main control sub-module 260 includes: a second carrier collection element 251 and a second main control chip 251; the second carrier collection element 251 and the second security chip are electrically connected to the second main control chip 252. The second main control chip 251 may be an embedded chip or a single chip or other low-power-consumption high-performance processing chip, so that the electric meter authentication sub-module 253 has the advantages of high-speed data processing capability and low energy consumption.
in another embodiment, the first security chip is model number CSGDX-SEC-201701.
Furthermore, the CSGDX-SEC-201701 adopts a state cipher algorithm, so that the security function of encryption and decryption of the equipment identity authentication data is realized, the attack of known and unknown malicious codes can be resisted, and the security degree of the power carrier communication process can be further improved by using the CSGDX-SEC-201701 as a security chip.
In addition, the second security chip 252 has a model number of CSGDX-SEC-201701.
In another embodiment, the network module 210 includes: at least one of a GPRS module, a 4G module, an Ethernet module and a fiber optic module.
Further, the network module 210 may be at least one of a GPRS module, a 4G module, an ethernet module, and a fiber optic module. Realize the master station
In another embodiment, the second power interface of the electricity meter carrier module 250 is connected to the first power interface of the concentrator carrier module 230 via a power line.
Further, the second power interface of the electricity meter carrier module 250 is connected with the first power interface of the concentrator carrier module 230 through a power line. The technology of carrying out high-speed transmission on analog or digital signals in the ammeter carrier module 250 and the concentrator carrier module 230 in a carrier mode by using the existing power line. The method has the greatest characteristic that data transmission can be carried out only by wires without erecting a network again.
In another embodiment, the first power interface: comprises a zero line interface and a live line interface.
Further, the power line interface module 221 includes a neutral line interface and a live line interface. Therefore, the power carrier system can be directly connected with a zero line power line and a live line power line in a power supply network through the power line interface module 221, and power carrier communication is realized.
In another embodiment, the concentrator 220 and the concentrator carrier module 230 communicate via UART interface TTL or RS 485.
Further, the concentrator 220 and the concentrator carrier module 230 adopt a communication mode of UART connection to TTL level (an asynchronous transceiving mode) or RS485 (an intelligent instrument interface), so as to realize efficient signal transmission between the concentrator 220 and the concentrator carrier module 230.
In another embodiment, the first secure chip is configured to store a storage device authentication key, a session key, a certificate file, and sensitive data.
Furthermore, the first security chip is used for storing secret-related data of the storage device in the power carrier communication transmission process, such as an authentication key, a session key, a certificate file, sensitive data and the like, so that the security degree of the power carrier communication process is improved.
In another embodiment, the electric meter authentication sub-module 253 is used for performing asymmetric encryption transmission on the user electricity consumption data generated by the electric meter.
Further, after the user electricity consumption data generated by the electricity meter, the electricity meter authentication sub-module 253 asymmetrically encrypts the user electricity consumption data and transmits the user electricity consumption data to the concentrator authentication module through the power line, and finally the concentrator authentication module transmits the encrypted user electricity consumption data to the main station 110, so that the user electricity consumption data is prevented from being leaked or tampered, and the safety degree of the power carrier communication process is further improved.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only represent some embodiments of the present invention, and the description thereof is specific and detailed, but not to be construed as limiting the scope of the present invention. It should be noted that, for those skilled in the art, without departing from the spirit of the present invention, several variations and modifications can be made, which are within the scope of the present invention. Therefore, the protection scope of the present invention should be subject to the appended claims.