WO2016058259A1 - Encryption transmission and verification method for power communication network field operation and maintenance data - Google Patents

Encryption transmission and verification method for power communication network field operation and maintenance data Download PDF

Info

Publication number
WO2016058259A1
WO2016058259A1 PCT/CN2014/093881 CN2014093881W WO2016058259A1 WO 2016058259 A1 WO2016058259 A1 WO 2016058259A1 CN 2014093881 W CN2014093881 W CN 2014093881W WO 2016058259 A1 WO2016058259 A1 WO 2016058259A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
maintenance
international
transmission
verification
Prior art date
Application number
PCT/CN2014/093881
Other languages
French (fr)
Chinese (zh)
Inventor
高雪生
邵波
张际
汤震
张懿
周筠
Original Assignee
国家电网公司
江苏省电力公司
江苏省电力公司镇江供电公司
南京南瑞集团公司
南京南瑞信息通信科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国家电网公司, 江苏省电力公司, 江苏省电力公司镇江供电公司, 南京南瑞集团公司, 南京南瑞信息通信科技有限公司 filed Critical 国家电网公司
Publication of WO2016058259A1 publication Critical patent/WO2016058259A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the invention belongs to the technical field of power communication, and in particular relates to a method for encrypting transmission and verification of on-site operation and maintenance data of a power communication network.
  • China's electric power enterprise power communication network construction is about to usher in a new construction cycle.
  • the existing operation and maintenance equipment and operation mode of the power communication network will have problems such as low data transmission security, numerous data on on-site operation and maintenance indicators, and unclear hierarchical structure. Faced with increasing work pressure.
  • the existing power communication network field operation and maintenance data collection, transmission and field data verification generally adopt the wireless network VPN provided by the operator to directly transmit data after the method.
  • the data transmission method has the following technical problems: (1) The existing data transmission uses the network provided by the communication network operator, and the terminal equipment used in the operation and maintenance of the power industry lacks effective security guarantee, and the access security of the terminal equipment cannot be guaranteed. And the use of security, easy to cause data leakage, causing hidden dangers to the safety production of power companies; (2) the existing operation and maintenance system lacks real-time on-site operation and maintenance data verification function, can not achieve closed-loop management of on-site operation and maintenance data, so that it can not Determine whether the on-site personnel have completed the on-site operation and maintenance work accurately and effectively according to the specifications.
  • the above problems cause the on-site operation and maintenance personnel to perform standardized operations during operation and maintenance, which reduces the efficiency of operation and maintenance, causes hidden dangers to the stable operation of the power communication network, and restricts the safe operation of the power communication network.
  • Patent CN102655643A discloses a method of wireless data encryption and decryption.
  • the encryption and decryption method is used in the general data wireless transmission field, and the encrypted data is encrypted by the encryption algorithm 3DES, and the encrypted data and the mobile device identification code are again encrypted and decrypted by the MD5 algorithm for use in Verify the accuracy of data transfer.
  • This method of data encryption and decryption has the following Problems: (1) A variety of algorithms in the technology are used in turn, making the data encryption process inefficient and generating more redundant data. If the handheld terminal uses the algorithm, the power consumption is large; (2) verification in the technology The method only verifies the accuracy of the transmitted data, and lacks the verification of the legality of the data through IMSI and IMEI.
  • IMSI and IMEI can be freely changed and cloned. If there is no valid cross-validation process for data legality, Will lead to certain security risks. Therefore, this method only solves the general situation of data wireless transmission encryption, and cannot meet the practical use requirements such as security, aging, storage, and battery life of the data in the wireless communication mobile operation and maintenance process.
  • the object of the present invention is to overcome the deficiencies of the prior art and provide a method for verifying the on-site operation and maintenance data encryption transmission of a power communication network, and using the data transmission technology to introduce the data encryption transmission and the field data remote verification feedback technology to the site of the power communication network.
  • intelligent means are used to realize secure transmission and remote verification of on-site operation and maintenance data, ensure safe and stable operation of power enterprise communication network, standardize operation of on-site operation and maintenance, realize remote technical support function, and provide on-site data support for work decision.
  • a method for verifying encrypted transmission and transmission of on-site operation and maintenance data of a power communication network which comprises the following specific steps:
  • Step 1 Binding of the intelligent terminal: realizing the binding management of the remote system to the intelligent terminal in the wireless transmission public network by using the mobile device international identity code and the international mobile subscriber identity code;
  • Step 2 Data collection in the operation and maintenance field:
  • the intelligent terminal is configured with an infrared scanning function to collect the operation and maintenance field data;
  • Step 3 Data encryption processing: Combine 30 bits of the 128-bit key of the international data encryption algorithm as the verification information of the mobile device international identity code and the international mobile subscriber identity, and randomly select the secret in the process of encrypting the collected data. 32 consecutive data in the key, 16 bits are 1 group, 2 groups, 2 groups According to the mobile device international identity code and the international mobile subscriber identity code respectively, since the mobile device international identity code and the international mobile subscriber identity code are both 15 bits, 1 bit of each group of 16-bit data is randomly generated, thereby transmitting data. Perform encryption processing;
  • Step 4 Data transmission: using a wireless public network to implement data transmission between the bound intelligent terminal and the remote system;
  • Step 5 Data decryption: decrypting the received data by the remote system by using the secret key used by the data encryption processing method; the decrypted subkey block is composed of the addition inverse or multiplication inverse of the encrypted subkey; after decrypting the data, by moving The device international identity code and the international mobile subscriber identity code verify the legality of the decrypted data, and the data can be legally verified for the next data result, and the data that has not passed the verification will be directly discarded and alarmed;
  • Step 6 Data result verification: The data result verification is a process of verifying whether the transmission data meets the requirements of the operation and maintenance site by using the remote system, and the verification result is fed back regardless of whether the verification result is correct, and the data comparison service is responsible for collecting and transmitting the terminal. Verify the data to the remote system to determine if the site has completed the operation and maintenance as required;
  • Step 7 verifying the result data encryption: encrypting the result data after the remote verification by referring to the data encryption method in step 3;
  • Step 8 data backhaul: use the wireless public network to realize point-to-point transmission of the remote system and the intelligent terminal, and realize correct return of the verification result data;
  • Step 9 Decryption of the verification result: After verifying the legality of the decrypted data by using the mobile device international identity code and the international mobile subscriber identity, the intelligent terminal performs decryption of the verification result data to determine the on-site operation and maintenance. Whether the results meet the requirements.
  • the object of the present invention can also be further achieved by the following technical measures:
  • step 3 data encryption processing can also replace the separated two sets of consecutive 16-bit data with the mobile device international identity code and the international mobile subscriber identity code, in each group of 16-bit data.
  • the 1 bit is randomly generated.
  • the data transmission process in the foregoing step 4 is to transmit a 128-bit international data encryption algorithm key after the data transmission connection is established, and the secret key includes the international identity of the intelligent terminal.
  • IMEI International Mobile Subscriber Identity
  • IMSI International Mobile Subscriber Identity
  • the decryption data process in the foregoing step 5 is to verify whether the accepted 128-bit key is correct, and then decrypt the 128-bit key to obtain the international identity code (IMEI) of the intelligent terminal and the international Mobile Subscriber Identity (IMSI), which verifies the validity of the decrypted data and verifies the decrypted data by verifying the correctness and mutual association of the Mobile Equipment International Identity (IMEI) and International Mobile Subscriber Identity (IMSI) data.
  • IMEI international identity code
  • IMSI international Mobile Subscriber Identity
  • the encrypted operation and maintenance field data is accepted, and the encrypted operation and maintenance field data is decrypted.
  • step 2 The foregoing method for verifying the on-site operation and maintenance data encryption transmission of the power communication network, wherein the intelligent terminal of the operation and maintenance field data acquisition in step 2 is further configured with an RFID identification function.
  • step 2 for performing operation and maintenance field data collection further configures the GIS function.
  • step 2 The foregoing method for verifying the on-site operation and maintenance data encryption transmission of the power communication network, wherein the intelligent terminal of the operation and maintenance field data acquisition in step 2 is further configured with the air pressure measurement function.
  • the invention has the following significant advantages:
  • the mobile device international identity code (IMEI) and international mobile subscriber identity (IMSI) data are integrated into the encryption algorithm, and the verification function for the smart terminal is added in the process of encryption and decryption verification, thereby improving the security and specification of the data transmission.
  • IMEI mobile device international identity code
  • IMSI international mobile subscriber identity
  • the algorithm of the present invention only needs to add the mobile device international identity code (IMEI) and the international mobile subscriber identity (IMSI) data to the secret key of the international data encryption algorithm, so that the system can ensure the time-based data transmission of the power communication mobile operation and maintenance field. At the same time, it effectively guarantees the security of data transmission. Compared with the prior art requirements, it reduces data redundancy, is convenient to operate, and can be widely applied to wireless transmission of live data of power communication mobile operation and maintenance.
  • IMEI mobile device international identity code
  • IMSI international mobile subscriber identity
  • the power communication mobile operation and maintenance personnel can realize the timely transmission of the operation and maintenance data of the mobile communication operation and maintenance in a safe environment, and the remote management personnel can timely operate and operate the power communication.
  • the on-site operation and maintenance data is reviewed and timely reported to the power communication mobile operation and maintenance site operation and maintenance personnel to ensure the closed-loop management of the power communication mobile operation and maintenance field data, thus realizing the standardization and closed-loop of the whole process of power communication mobile operation and maintenance. Operation management, effectively supporting the development of mobile communication operations
  • FIG. 1 is a schematic structural diagram of an on-site operation and maintenance data encryption transmission system of a power communication network.
  • FIG. 2 is a schematic diagram of a verification process of data encryption and decryption transmission in an operation and maintenance field.
  • FIG. 3 is a schematic diagram of an encryption and decryption process of an operation and maintenance field data.
  • the on-site operation and maintenance data encryption transmission verification system of the power communication network of the present invention is composed of an intelligent terminal and a remote system, and the two communicate through a wireless public network.
  • Field operation and maintenance data of power communication network of the invention is as follows:
  • the system is based on a unified software framework platform across operating systems, and adopts a unified resource data model. Through intelligent terminal binding, data encryption processing transmission, data decryption verification and backhaul, it can ensure operation and maintenance under safe and standardized conditions. It mainly includes three major application management modules:
  • the binding management is mainly to realize the binding of the terminal equipment to the operation and maintenance personnel, and realize the authentication of the terminal equipment connected to the wireless public network through the mobile device international identity code (IMEI) and the international mobile subscriber identity (IMSI).
  • IMEI mobile device international identity code
  • IMSI international mobile subscriber identity
  • the wireless public network accesses the system and performs data exchange security and manageability.
  • Encryption management uses data encryption technology to encrypt the field data collected by the binding terminal.
  • the specific processes include: field data encryption, remote data decryption, remote verification data encryption, and terminal receiving data decryption. Thereby, the verification management of the complete closed-loop field operation and maintenance acquisition data in a safe and controllable environment is realized.
  • the data transmission mainly uses the wireless public network to realize the real-time transmission of the point-to-point data of the terminal equipment and the remote verification system, realizing the safe and efficient on-site and remote data real-time docking in the public network environment, and supporting the data encryption verification link.
  • the method of data transmission and encryption verification of the operation and maintenance field uses the process of “binding-acquisition-encryption-transmission-decryption-verification-encryption-return-decryption” to finally realize the guidance and result display of the on-site operation and maintenance.
  • Intelligent terminal binding the mobile device international identity code (IMEI) and the international mobile subscriber identity (IMSI) are used to implement binding management of the terminal device in the wireless transmission public network;
  • IMEI mobile device international identity code
  • IMSI international mobile subscriber identity
  • Operation and maintenance field data collection use handheld terminals to provide diversified data collection methods to achieve data collection for operation and maintenance sites;
  • Data encryption processing encrypts the operation and maintenance field data collected by the intelligent terminal based on the International Data Encryption Algorithm (IDEA) algorithm;
  • IDEA International Data Encryption Algorithm
  • Data transmission realizing data transmission between the binding terminal and the remote system by using the wireless public network
  • Data decryption Decryption of data is achieved by using the secret key of the data encryption method.
  • the decrypted subkey block is composed of the addition inverse or multiplication inverse of the encryption subkey.
  • 52 subkeys are extended from the 128-bit key input by the user, stored in the ULONG16Key[52] array, and then the 52 subkeys are transposed. After the subkey array is transposed, it needs to be Some subkeys are subjected to modulo 1 multiplication inverse or modulo additive inverse replacement.
  • Data verification is a process of verifying whether the transmitted data meets the requirements of the site by using a remote system, and the verification result will be fed back whether the verification result is correct or not;
  • Verification result data encryption In this step, the encrypted data is the verification data after remote verification, and the encryption method used is consistent with the foregoing data encryption processing method;
  • the verified data needs to use the wireless public network to realize the point-to-point transmission of the remote system and the terminal, and realize the correct return of the verification data;
  • the final decryption process is performed on the intelligent terminal, mainly to decrypt the verification data, thereby determining whether the on-site operation and maintenance result conforms to the specification requirements, and the decryption method adopted is consistent with the foregoing method of data decryption.
  • Power communication mobile operation and maintenance is an important component of power communication operation and maintenance.
  • the invention is based on the software framework platform of the power network communication operation and maintenance management system, uses the unified resource data model of the power network, and integrates four functions of terminal device binding, data acquisition, data encryption and decryption, and data bidirectional transmission. The specific functions are implemented as follows:
  • Power communication mobile operation and maintenance is a general term for the operation and maintenance of a type of communication network. Therefore, the terminal equipment selected in this operation and maintenance method is the same as the existing terminal equipment. Since the terminal equipment needs to have reliable wireless data transmission capability, the terminal equipment at the current stage mostly adopts a terminal based on a mobile phone and is equipped with software and hardware functions such as infrared scanning, RFID, GIS, and air pressure measurement.
  • the infrared scan is mainly used to scan the barcode on the device, thereby helping the user to read the device information and confirm whether the device is looking for the correct one.
  • RFID is similar to infrared scanning and is also used to read device information, but the reading method is different.
  • the GIS is used to locate device information to help the user determine if the device is in need of service.
  • the air pressure measurement is used to determine the ambient air pressure of the equipment, to help remote users understand the operating environment of the equipment, and to support the data support for the post-equipment inspection and maintenance planning.
  • Intelligent terminals can easily realize diversified collection of various types of data on site by using these methods, and can be directly stored on the handheld terminal. Since each terminal has a Mobile Equipment International Identity (IMEI) and an International Mobile Subscriber Identity (IMSI), and both are unique, the two sets of identification codes are used for terminal equipment and remote backend systems when the terminal is bound. Binding to ensure the manageability of remote backend devices through the wireless public network.
  • IMEI Mobile Equipment International Identity
  • IMSI International Mobile Subscriber Identity
  • the operation and maintenance field data collection is mainly to collect the operation and maintenance result data, which is an important prerequisite for data encryption transmission and data result verification.
  • the specific functions are located as follows:
  • the terminal's own GPS positioning and RFID, two-dimensional code recognition technology, iODF intelligent optical distribution frame, and image recognition function are used for diversified collection of mobile operation and maintenance result data, and are collected by intelligent terminals to ensure the aging of power communication. At the same time, improve the standardization and accuracy of power transmission and maintenance.
  • Data encryption, verification, and decryption include encryption processing, data decryption, data result verification, verification result data encryption, and verification result decryption, as shown in Figure 2.
  • Data encryption is mainly to improve the security of data transmission over the wireless public network on the basis of ensuring remote system and terminal point-to-point communication.
  • the invention is based on the international data encryption algorithm (IDEA) in data encryption, and integrates the mobile device international identity code (IMEI) and the international mobile subscriber identity (IMSI) data on the existing algorithm, so that the existing encryption and decryption can be performed.
  • the verification function for the terminal is added during the verification process, thereby improving the security and manageability of data transmission.
  • the specific implementation method is as follows:
  • Encrypt the operation and maintenance field data In the process of encrypting the collected data, the IMEI and IMSI data are introduced, and the IMEI and IMSI are calculated by the secret key generation algorithm of the international encryption algorithm, and 32 data conforming to the international encryption algorithm key rule are obtained (since the IMEI and the IMSI are each 15 bits, The other one is automatically generated by the system.
  • the 32-bit data is randomly selected from the original 128-bit key and replaced with the 32-bit data calculated by IMEI and IMSI. It is also possible to select two consecutive 16-bit data to be replaced.
  • the remote system decrypts the received encrypted operation and maintenance field data. Using the corresponding decryption algorithm Decryption operation, after decrypting the data, because the parameters of IMEI and IMSI are obtained, the system will first verify the legality of IMEI and IMSI, and the legal data can be used to verify the result of the remote system. The data that has not passed the verification will be directly discarded and alarmed. .
  • the verification result obtained by verifying the data result of the remote system is encrypted.
  • the verification result of the remote system is encrypted by the same method as the above-mentioned encrypted operation and maintenance field data.
  • the encrypted terminal decrypts the encrypted verification result, and the verification result data is decrypted by the same method as the decryption operation and maintenance field data.
  • the modules that need to participate in this part include data encryption, data decryption and data verification to implement data encryption processing, data decryption, data result verification, verification result data encryption and verification result decryption as shown in FIG. 2 .
  • the data encryption module implements the encryption service before the data transmission in both the terminal and the remote system, and the encryption method adopts the current mainstream international data encryption algorithm (IDEA).
  • the key of the International Data Encryption Algorithm (IDEA) has 128 bits.
  • IMEI Mobile Equipment International Identity
  • IMSI International Mobile Subscriber Identity
  • the IDEA algorithm uses both confusion and diffusion. Its design principle is a hybrid operation from different algebraic groups, and the operation of this algebraic group: the 64-bit data input by the algorithm is divided into four 16-bit sub-groups as the first round. The input has a total of 8 iterations. In each round, they operate with each other and also with six 16-bit subkeys (each round is different), and finally output conversion with four 16-bit subkeys to produce an output. 52 16-bit subkeys participate in the operation. Entire algorithm package Including 3 parts:
  • Subkey generation Input: 128b key; Output: 52 16b subkeys.
  • Encryption process input: 52 subkeys and 64b data; output: 64b data.
  • Decryption process The encryption process of the IDEA algorithm is different from the subkey of the decryption process, and the two are one-to-one correspondence.
  • IDEA requires a total of 52 subkeys, each with 16b, generated by a 128b key.
  • the self-key divides 128b into 8 groups, each group 16b, and obtains K1, K2, K3, K4, K5, K6, K7, K8; shifts 128b to the left by 25 bits and then performs 16b grouping to obtain sub-keys K9, K10, K11, K12, K13, K14, K15, K16; then shift the 128b left to 25 bits and do the same grouping to get the subkeys K17, K18, K19, K20, K21, K22, K23, K24; and so on. Until all subkeys are generated.
  • the key is 128b and the plaintext packet length is 64b.
  • 64b is divided into four 16b sub-blocks: X1, X2, X3, and X4 are input to the first round.
  • four input sub-blocks and six 16b sub-keys are respectively added as modulo 216.
  • Multiply and XOR operations of modulo 216+1 yield 4 outputs as inputs for the next round. In this way, 8 rounds are performed in total, and finally 4 subkeys are used for output conversion.
  • the decryption module is a decryption service for encrypted data after the terminal and the remote system receive the data.
  • the decryption module is a decryption service for encrypted data after the terminal and the remote system receive the data.
  • the decryption service since we have added the Mobile Device International Identity (IMEI) and International Mobile Subscriber Identity (IMSI) information in the encryption, the data will be decrypted and the reliability of the data will be verified.
  • the decrypted subkey block is composed of the inverse or multiplicative inverse of the encrypted subkey.
  • the data comparison service is responsible for verifying the data collected by the terminal and transmitted to the remote system to determine whether the site has completed the operation and maintenance as required.
  • Data transmission and data backhaul include collecting data transmission to the remote system and remote system verification information back to the terminal. After the terminal collects and encrypts the data, the terminal requests the remote system to establish a data transmission connection, and the data transmission connection may be a VPN transmission connection.
  • the remote system After the remote system performs legality verification on the mobile terminal international identity code (IMEI) and international mobile subscriber identity (IMSI) data of the smart terminal, the data transmission is performed by using 3G and 4G wireless transmission technologies. This data transfer is primarily the transfer of data to a remote system.
  • the above legality verification process and data transmission process can be implemented in the following order.
  • the intelligent terminal After the data transmission connection is established, the intelligent terminal first transmits a 128-bit international data encryption algorithm secret key to the remote system, and the secret key includes the mobile device international identity code (IMEI) and the international mobile subscriber identity (IMSI) of the smart terminal.
  • IMEI mobile device international identity code
  • IMSI international mobile subscriber identity
  • the remote system After receiving the 128-bit key, the remote system first verifies that the accepted 128-bit key is correct, and then decrypts the 128-bit key to obtain the IMEI and IMSI data of the mobile device, and verifies the correctness of the IMEI and IMSI data and the mutual Correlate the relationship to verify the legitimacy of the decrypted data. After the legality is confirmed, the data transmission channel is established, and the intelligent terminal transmits the encrypted operation and maintenance field data to the remote system. The remote system then decrypts the encrypted operation and maintenance field data.
  • the remote system When the verification result needs to be transmitted back to the smart terminal, the remote system requests to return data to the smart terminal.
  • the terminal will again send the data containing the Mobile Equipment International Identity (IMEI) and International Mobile Subscriber Identity (IMSI) information to the remote system, and the remote system confirms the data and then returns the data.
  • the remote system returns data to the intelligent terminal, and the smart terminal transmits the data to the remote system, and also includes the process of verifying the validity of the IMEI and IMSI data of the smart terminal before performing data transmission.
  • the past The process can be implemented in the following order.
  • the intelligent terminal After the data transmission connection is established, the intelligent terminal first transmits a 128-bit key to the remote system, and the key includes the IMSI and IMEI of the intelligent terminal.
  • the remote system After the remote system accepts the 128-bit key, it first verifies that the accepted 128-bit key is correct, then decrypts the 128-bit key and verifies the decrypted data by verifying the correctness and mutual relationship between the intelligent terminal IMEI and IMSI data. Legitimacy. After the legality is confirmed, a data transmission channel is established, and the remote system transmits the encrypted verification result to the intelligent terminal. The intelligent terminal then decrypts the encrypted verification result.
  • the present invention may have other embodiments, and any technical solutions formed by equivalent replacement or equivalent transformation fall within the protection scope of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed is an encryption transmission and verification method for power communication network field operation and maintenance data. By using a data transmission technology, a data encryption transmission and field data remote verification feedback technology is introduced into field operation and maintenance of a power communication network, and secure transmission and remote verification on field operation and maintenance data are conducted by an intelligent means. The data encryption transmission and verification method of the present invention comprises a process of binding, collection, encryption, transmission, decryption, verification, encryption, backhaul and decryption; it is ensured that a communication network of a power enterprise operates safely and stably, field operation and maintenance are standardized, a remote technical support function is achieved, and field data support is provided for a work decision.

Description

电力通信网现场运维数据加密传输验证方法Power communication network field operation and maintenance data encryption transmission verification method 技术领域Technical field
本发明属于电力通信技术领域,尤其涉及一种对电力通信网现场运行维护数据进行加密传输及验证的方法。The invention belongs to the technical field of power communication, and in particular relates to a method for encrypting transmission and verification of on-site operation and maintenance data of a power communication network.
背景技术Background technique
我国电力企业电力通信网建设即将迎来新的建设周期,电力通信网现有的运行维护设备及运行模式由于存在数据传输安全性低、现场运行维护指标数据繁多、层级结构不清晰等问题,将面临越来越重工作压力。China's electric power enterprise power communication network construction is about to usher in a new construction cycle. The existing operation and maintenance equipment and operation mode of the power communication network will have problems such as low data transmission security, numerous data on on-site operation and maintenance indicators, and unclear hierarchical structure. Faced with increasing work pressure.
现有的电力通信网现场运行维护数据的采集、传输以及现场数据的验证,一般采用运营商提供的无线网络VPN接入后直接进行数据传输的方法。该数据传输方法存在以下技术问题:(1)现有的数据传输采用通信网络运营商提供的网络,对于电力行业运维所使用的终端设备缺乏有效的安全保障,无法保证终端设备的接入安全和使用安全,容易造成数据的泄露,对电力企业安全生产造成了隐患;(2)现有运维系统缺少实时的现场运维数据验证功能,无法实现现场运维数据的闭环管理,以至于无法确定现场人员是否按照规范要求准确、有效的完成了现场运维工作。上述问题造成运维过程中无法保证现场运维人员进行规范化操作,降低了运维的工作效率,对电力通信网的稳定运行造成隐患,制约了电力通信网的安全运行。The existing power communication network field operation and maintenance data collection, transmission and field data verification, generally adopt the wireless network VPN provided by the operator to directly transmit data after the method. The data transmission method has the following technical problems: (1) The existing data transmission uses the network provided by the communication network operator, and the terminal equipment used in the operation and maintenance of the power industry lacks effective security guarantee, and the access security of the terminal equipment cannot be guaranteed. And the use of security, easy to cause data leakage, causing hidden dangers to the safety production of power companies; (2) the existing operation and maintenance system lacks real-time on-site operation and maintenance data verification function, can not achieve closed-loop management of on-site operation and maintenance data, so that it can not Determine whether the on-site personnel have completed the on-site operation and maintenance work accurately and effectively according to the specifications. The above problems cause the on-site operation and maintenance personnel to perform standardized operations during operation and maintenance, which reduces the efficiency of operation and maintenance, causes hidden dangers to the stable operation of the power communication network, and restricts the safe operation of the power communication network.
专利CN102655643A公开了一种无线数据加密和解密的方法。该加密和解密的方法用于一般性数据无线传输领域,其采用加密算法3DES对采集的数据进行加密处理,并通过MD5算法对加密数据和移动设备识别码再次进行加密和解密处理,以用于验证数据传输的准确率。这种数据加密和解密的方法存在以下的 问题:(1)该技术中多种算法轮流使用,使其数据加密过程效率低,产生的冗余数据较多,手持终端如果使用该算法则电力消耗较大;(2)该技术中的验证方法中只是验证传输数据的准确性,缺少通过IMSI和IMEI对数据合法性的验证,在现阶段技术环境下,IMSI和IMEI可以随意变更和克隆,如果缺少有效的数据合法性的交叉验证过程,将导致一定的安全隐患。因此这种方法只是解决了数据无线传输加密的一般情况,无法满足电力通信移动运维过程中的数据无线传输中安全、时效、存储以及设备使用续航时间等实际使用需求。Patent CN102655643A discloses a method of wireless data encryption and decryption. The encryption and decryption method is used in the general data wireless transmission field, and the encrypted data is encrypted by the encryption algorithm 3DES, and the encrypted data and the mobile device identification code are again encrypted and decrypted by the MD5 algorithm for use in Verify the accuracy of data transfer. This method of data encryption and decryption has the following Problems: (1) A variety of algorithms in the technology are used in turn, making the data encryption process inefficient and generating more redundant data. If the handheld terminal uses the algorithm, the power consumption is large; (2) verification in the technology The method only verifies the accuracy of the transmitted data, and lacks the verification of the legality of the data through IMSI and IMEI. In the current technical environment, IMSI and IMEI can be freely changed and cloned. If there is no valid cross-validation process for data legality, Will lead to certain security risks. Therefore, this method only solves the general situation of data wireless transmission encryption, and cannot meet the practical use requirements such as security, aging, storage, and battery life of the data in the wireless communication mobile operation and maintenance process.
发明内容Summary of the invention
本发明的目的在于克服现有技术的不足而提供一种电力通信网现场运维数据加密传输验证方法,利用数据传输技术,将数据加密传输和现场数据远程验证反馈技术引入到电力通信网的现场运维中,采用智能化手段实现对于现场运维数据的安全传输和远程验证,保证电力企业通信网安全稳定运行,现场运维规范化操作,实现远程技术支持功能,为工作决策提供现场数据支撑。The object of the present invention is to overcome the deficiencies of the prior art and provide a method for verifying the on-site operation and maintenance data encryption transmission of a power communication network, and using the data transmission technology to introduce the data encryption transmission and the field data remote verification feedback technology to the site of the power communication network. In operation and maintenance, intelligent means are used to realize secure transmission and remote verification of on-site operation and maintenance data, ensure safe and stable operation of power enterprise communication network, standardize operation of on-site operation and maintenance, realize remote technical support function, and provide on-site data support for work decision.
本发明的目的通过以下技术方案予以实现:The object of the invention is achieved by the following technical solutions:
一种电力通信网现场运维数据加密传输验证方法,它包括以下具体步骤:A method for verifying encrypted transmission and transmission of on-site operation and maintenance data of a power communication network, which comprises the following specific steps:
步骤1,智能终端绑定:用移动设备国际身份码和国际移动用户识别码实现在无线传输公网内远程系统对于智能终端的绑定管理;Step 1: Binding of the intelligent terminal: realizing the binding management of the remote system to the intelligent terminal in the wireless transmission public network by using the mobile device international identity code and the international mobile subscriber identity code;
步骤2,运维现场数据采集:所述智能终端配置有红外扫描功能,对运维现场数据进行采集;Step 2: Data collection in the operation and maintenance field: The intelligent terminal is configured with an infrared scanning function to collect the operation and maintenance field data;
步骤3,数据加密处理:将国际数据加密算法的128位秘钥中的30位作为移动设备国际身份码和国际移动用户识别码的验证信息进行组合,在加密采集数据的过程中,随机选择秘钥中连续的32位数据,16位为1组共2组,2组数 据分别替换为移动设备国际身份码和国际移动用户识别码,由于移动设备国际身份码和国际移动用户识别码均为15位,每组16位数据中的1位数据随机生成,从而对传输数据进行加密处理;Step 3: Data encryption processing: Combine 30 bits of the 128-bit key of the international data encryption algorithm as the verification information of the mobile device international identity code and the international mobile subscriber identity, and randomly select the secret in the process of encrypting the collected data. 32 consecutive data in the key, 16 bits are 1 group, 2 groups, 2 groups According to the mobile device international identity code and the international mobile subscriber identity code respectively, since the mobile device international identity code and the international mobile subscriber identity code are both 15 bits, 1 bit of each group of 16-bit data is randomly generated, thereby transmitting data. Perform encryption processing;
步骤4,数据传输:利用无线公网实现绑定的智能终端与远程系统之间的数据传输;Step 4: Data transmission: using a wireless public network to implement data transmission between the bound intelligent terminal and the remote system;
步骤5,数据解密:用数据加密处理方法使用的秘钥对远程系统接收数据进行解密;解密的子密钥块是由加密子密钥的加法逆或乘法逆构成的;解密数据后,通过移动设备国际身份码和国际移动用户识别码验证解密数据的合法性,数据合法才能进行下一步的数据结果验证,未通过验证的数据将直接丢弃,并进行报警;Step 5: Data decryption: decrypting the received data by the remote system by using the secret key used by the data encryption processing method; the decrypted subkey block is composed of the addition inverse or multiplication inverse of the encrypted subkey; after decrypting the data, by moving The device international identity code and the international mobile subscriber identity code verify the legality of the decrypted data, and the data can be legally verified for the next data result, and the data that has not passed the verification will be directly discarded and alarmed;
步骤6,数据结果验证:数据结果验证是利用远程系统验证传输数据是否符合运维现场要求的过程,不论验证结果是否正确都将会对验证结果进行反馈,数据比对服务负责将终端采集并传输至远程系统的数据进行验证,以确定现场是否按要求完成运维工作;Step 6. Data result verification: The data result verification is a process of verifying whether the transmission data meets the requirements of the operation and maintenance site by using the remote system, and the verification result is fed back regardless of whether the verification result is correct, and the data comparison service is responsible for collecting and transmitting the terminal. Verify the data to the remote system to determine if the site has completed the operation and maintenance as required;
步骤7,验证结果数据加密:参照步骤3中的数据加密方法对远程验证后的结果数据加密;Step 7, verifying the result data encryption: encrypting the result data after the remote verification by referring to the data encryption method in step 3;
步骤8,数据回传:用无线公网实现远程系统和智能终端的点对点传输,实现验证结果数据的正确回传;Step 8, data backhaul: use the wireless public network to realize point-to-point transmission of the remote system and the intelligent terminal, and realize correct return of the verification result data;
步骤9,验证结果解密:参照步骤5中的数据解密方法,通过移动设备国际身份码和国际移动用户识别码验证解密数据的合法性后,智能终端进行验证结果数据的解密,从而确定现场运维结果是否符合要求。 Step 9: Decryption of the verification result: After verifying the legality of the decrypted data by using the mobile device international identity code and the international mobile subscriber identity, the intelligent terminal performs decryption of the verification result data to determine the on-site operation and maintenance. Whether the results meet the requirements.
本发明的目的还可以通过以下技术措施进一步实现:The object of the present invention can also be further achieved by the following technical measures:
前述电力通信网现场运维数据加密传输验证方法,其中步骤3数据加密处理也可以将分隔的两组连续16位数据替换为移动设备国际身份码和国际移动用户识别码,每组16位数据中的1位随机生成。The foregoing method for verifying the on-site operation and maintenance data encryption transmission of the power communication network, wherein the step 3 data encryption processing can also replace the separated two sets of consecutive 16-bit data with the mobile device international identity code and the international mobile subscriber identity code, in each group of 16-bit data. The 1 bit is randomly generated.
前述电力通信网现场运维数据加密传输验证方法,前述步骤4中数据传输过程是在建立数据传输连接后,先传输128位国际数据加密算法秘钥,秘钥中包含所述智能终端的国际身份码(IMEI)和国际移动用户识别码(IMSI),待通过智能终端的IMSI和IMEI验证了解密数据的合法性后,再传输加密后的运维现场数据。In the foregoing method for verifying the transmission and maintenance data encryption operation of the power communication network, the data transmission process in the foregoing step 4 is to transmit a 128-bit international data encryption algorithm key after the data transmission connection is established, and the secret key includes the international identity of the intelligent terminal. The code (IMEI) and the International Mobile Subscriber Identity (IMSI), after verifying the legitimacy of the decrypted data through the IMSI and IMEI of the intelligent terminal, then transmitting the encrypted operation and maintenance field data.
前述电力通信网现场运维数据加密传输验证方法,前述步骤5中解密数据过程是先验证接受的128位秘钥是否正确,然后解密128位秘钥得到智能终端的国际身份码(IMEI)和国际移动用户识别码(IMSI),通过验证移动设备国际身份码(IMEI)和国际移动用户识别码(IMSI)数据的各自正确性以及相互之间关联关系,从而验证解密数据的合法性,确认解密数据合法之后,再接受加密后的运维现场数据,并对加密后的运维现场数据进行解密。In the foregoing method for verifying the transmission and maintenance data encryption operation of the power communication network, the decryption data process in the foregoing step 5 is to verify whether the accepted 128-bit key is correct, and then decrypt the 128-bit key to obtain the international identity code (IMEI) of the intelligent terminal and the international Mobile Subscriber Identity (IMSI), which verifies the validity of the decrypted data and verifies the decrypted data by verifying the correctness and mutual association of the Mobile Equipment International Identity (IMEI) and International Mobile Subscriber Identity (IMSI) data. After being legal, the encrypted operation and maintenance field data is accepted, and the encrypted operation and maintenance field data is decrypted.
前述电力通信网现场运维数据加密传输验证方法,其中步骤2进行运维现场数据采集的智能终端还配置RFID识别功能。The foregoing method for verifying the on-site operation and maintenance data encryption transmission of the power communication network, wherein the intelligent terminal of the operation and maintenance field data acquisition in step 2 is further configured with an RFID identification function.
前述电力通信网现场运维数据加密传输验证方法,其中步骤2进行运维现场数据采集的智能终端还配置GIS功能。The foregoing method for verifying the on-site operation and maintenance data encryption transmission of the power communication network, wherein the intelligent terminal in step 2 for performing operation and maintenance field data collection further configures the GIS function.
前述电力通信网现场运维数据加密传输验证方法,其中步骤2进行运维现场数据采集的智能终端还配置气压测量功能。The foregoing method for verifying the on-site operation and maintenance data encryption transmission of the power communication network, wherein the intelligent terminal of the operation and maintenance field data acquisition in step 2 is further configured with the air pressure measurement function.
本发明与现有技术相比,具有以下显著的有益效果: Compared with the prior art, the invention has the following significant advantages:
第一,在加密算法中融入移动设备国际身份码(IMEI)和国际移动用户识别码(IMSI)数据,在加密解密验证过程中增加针对智能终端的验证功能,从而提升数据传输的安全性、规范性和可管理识别的功能。First, the mobile device international identity code (IMEI) and international mobile subscriber identity (IMSI) data are integrated into the encryption algorithm, and the verification function for the smart terminal is added in the process of encryption and decryption verification, thereby improving the security and specification of the data transmission. Sexual and manageable identification features.
第二,本发明算法只需要在国际数据加密算法的秘钥中加入移动设备国际身份码(IMEI)和国际移动用户识别码(IMSI)数据,使得系统能够保证电力通信移动运维现场数据传输时效性的同时,有效的保证数据传输的安全性,与现有技术要求相比减少了数据的冗余,操作方便,能够广泛应用于电力通信移动运维现场数据的无线传输。Secondly, the algorithm of the present invention only needs to add the mobile device international identity code (IMEI) and the international mobile subscriber identity (IMSI) data to the secret key of the international data encryption algorithm, so that the system can ensure the time-based data transmission of the power communication mobile operation and maintenance field. At the same time, it effectively guarantees the security of data transmission. Compared with the prior art requirements, it reduces data redundancy, is convenient to operate, and can be widely applied to wireless transmission of live data of power communication mobile operation and maintenance.
第三,通过本发明的实施方式,电力通信移动运维人员能够在安全的环境下实现对于电力通信移动运维现场运维数据的及时传输,同时远程管理人员可以及时地对电力通信移动运维现场运维数据进行审核,并及时反馈至电力通信移动运维现场运维人员,保证了电力通信移动运维现场数据的闭环管理,从而实现了电力通信移动运维的全过程规范化化、闭环化的操作管理,有效的支撑了电力通信移动运维工作的开展Thirdly, through the embodiments of the present invention, the power communication mobile operation and maintenance personnel can realize the timely transmission of the operation and maintenance data of the mobile communication operation and maintenance in a safe environment, and the remote management personnel can timely operate and operate the power communication. The on-site operation and maintenance data is reviewed and timely reported to the power communication mobile operation and maintenance site operation and maintenance personnel to ensure the closed-loop management of the power communication mobile operation and maintenance field data, thus realizing the standardization and closed-loop of the whole process of power communication mobile operation and maintenance. Operation management, effectively supporting the development of mobile communication operations
附图说明DRAWINGS
图1是电力通信网现场运维数据加密传输系统结构示意图。FIG. 1 is a schematic structural diagram of an on-site operation and maintenance data encryption transmission system of a power communication network.
图2是运维现场数据加密、解密传输验证流程示意图。2 is a schematic diagram of a verification process of data encryption and decryption transmission in an operation and maintenance field.
图3是运维现场数据加密、解密流程示意图。FIG. 3 is a schematic diagram of an encryption and decryption process of an operation and maintenance field data.
具体实施方式detailed description
下面结合附图和具体实施例对本发明作进一步说明。The invention will be further described below in conjunction with the drawings and specific embodiments.
如图1所示,本发明电力通信网现场运维数据加密传输验证系统由智能终端、远程系统组成,两者通过无线公网通信。本发明电力通信网现场运维数据 加密传输验证方法具体如下所示:As shown in FIG. 1 , the on-site operation and maintenance data encryption transmission verification system of the power communication network of the present invention is composed of an intelligent terminal and a remote system, and the two communicate through a wireless public network. Field operation and maintenance data of power communication network of the invention The encrypted transmission verification method is as follows:
1.移动运维现场数据验证平台1. Mobile operation and maintenance field data verification platform
如图2所示,描述了本系统的运维现场数据加密、解密传输验证流程。系统基于跨操作系统的统一软件框架平台,采用了统一资源数据模型,通过智能终端绑定、数据加密处理传输、数据解密验证和回传,能够保证在安全、规范的情况下实现运维。主要包括三大应用管理模块:As shown in FIG. 2, the verification process of the data encryption and decryption transmission of the operation and maintenance field of the system is described. The system is based on a unified software framework platform across operating systems, and adopts a unified resource data model. Through intelligent terminal binding, data encryption processing transmission, data decryption verification and backhaul, it can ensure operation and maintenance under safe and standardized conditions. It mainly includes three major application management modules:
(1)终端绑定管理(1) Terminal binding management
绑定管理主要是实现对于运维人员使用终端设备的绑定,通过移动设备国际身份码(IMEI)和国际移动用户识别码(IMSI)实现对无线公网中连接的终端设备的认证,保证通过无线公网接入系统并进行数据交换的安全性和可管理性。The binding management is mainly to realize the binding of the terminal equipment to the operation and maintenance personnel, and realize the authentication of the terminal equipment connected to the wireless public network through the mobile device international identity code (IMEI) and the international mobile subscriber identity (IMSI). The wireless public network accesses the system and performs data exchange security and manageability.
(2)数据加密验证管理(2) Data encryption verification management
加密管理利用数据加密技术实现对绑定终端采集的现场数据的加密,具体的过程包括:现场数据加密、远程数据解密、远程验证数据加密和终端接收数据解密。从而实现在安全可控环境下完整的闭环化现场运维采集数据的验证管理。Encryption management uses data encryption technology to encrypt the field data collected by the binding terminal. The specific processes include: field data encryption, remote data decryption, remote verification data encryption, and terminal receiving data decryption. Thereby, the verification management of the complete closed-loop field operation and maintenance acquisition data in a safe and controllable environment is realized.
(3)数据传输管理(3) Data transmission management
数据传输主要是利用无线公网实现终端设备和远程验证系统的点对点数据实时传输,实现在公网环境下安全、高效的现场、远程数据实时对接,支撑数据加密验证环节。The data transmission mainly uses the wireless public network to realize the real-time transmission of the point-to-point data of the terminal equipment and the remote verification system, realizing the safe and efficient on-site and remote data real-time docking in the public network environment, and supporting the data encryption verification link.
2.运维现场数据加密传输验证方法 2. Operation and maintenance field data encryption transmission verification method
运维现场数据加密传输验证的方法使用“绑定-采集-加密-传输-解密-验证-加密-回传-解密”的过程,最终实现对现场运维作业指导和结果显示。The method of data transmission and encryption verification of the operation and maintenance field uses the process of “binding-acquisition-encryption-transmission-decryption-verification-encryption-return-decryption” to finally realize the guidance and result display of the on-site operation and maintenance.
智能终端绑定:利用移动设备国际身份码(IMEI)和国际移动用户识别码(IMSI)实现在无线传输公网内系统对于终端设备的绑定管理;Intelligent terminal binding: the mobile device international identity code (IMEI) and the international mobile subscriber identity (IMSI) are used to implement binding management of the terminal device in the wireless transmission public network;
运维现场数据采集:利用手持终端提供多样化数据采集方式,实现对于运维现场数据的采集;Operation and maintenance field data collection: use handheld terminals to provide diversified data collection methods to achieve data collection for operation and maintenance sites;
数据加密处理:以国际数据加密算法(IDEA)算法为基础对于智能终端所采集的运维现场数据进行加密;Data encryption processing: encrypts the operation and maintenance field data collected by the intelligent terminal based on the International Data Encryption Algorithm (IDEA) algorithm;
数据传输:利用无线公网实现绑定终端和远程系统之间数据传输;Data transmission: realizing data transmission between the binding terminal and the remote system by using the wireless public network;
数据解密:利用数据加密使用方法的秘钥实现对于数据的解密,解密的子密钥块是由加密子密钥的加法逆或乘法逆构成的。首先从用户输入的128位密钥扩展出52个子密钥,存放在ULONG16Key[52]数组中,然后对这个52个子密钥进行换位操作,对子密钥数组换位后,就需要对其中一些子密钥进行模1的乘法逆或模加法逆的替换,需要变化的子密钥总共18+18=36个,另外的52–36=16个子密钥不变化。Data decryption: Decryption of data is achieved by using the secret key of the data encryption method. The decrypted subkey block is composed of the addition inverse or multiplication inverse of the encryption subkey. First, 52 subkeys are extended from the 128-bit key input by the user, stored in the ULONG16Key[52] array, and then the 52 subkeys are transposed. After the subkey array is transposed, it needs to be Some subkeys are subjected to modulo 1 multiplication inverse or modulo additive inverse replacement. The required subkeys need to be 18+18=36 in total, and the other 52–36=16 subkeys do not change.
数据结果验证:数据验证是利用远程系统验证传输数据是否符合现场要求的过程,不论验证结果是否正确都将会对验证结果进行反馈;Data result verification: Data verification is a process of verifying whether the transmitted data meets the requirements of the site by using a remote system, and the verification result will be fed back whether the verification result is correct or not;
验证结果数据加密:此步骤中加密数据为远程验证后的验证数据,采用的加密方法与前述数据加密处理方法一致;Verification result data encryption: In this step, the encrypted data is the verification data after remote verification, and the encryption method used is consistent with the foregoing data encryption processing method;
数据回传:验证后的数据需要再次利用无线公网实现远程系统和终端的点对点传输,实现验证数据的正确回传; Data return: The verified data needs to use the wireless public network to realize the point-to-point transmission of the remote system and the terminal, and realize the correct return of the verification data;
验证结果解密:最后的解密过程在智能终端上进行,主要是进行验证数据的解密,从而确定现场运维结果是否符合规范要求,采用的解密方法与前述数据解密的方法一致。Decryption of the verification result: The final decryption process is performed on the intelligent terminal, mainly to decrypt the verification data, thereby determining whether the on-site operation and maintenance result conforms to the specification requirements, and the decryption method adopted is consistent with the foregoing method of data decryption.
3.基于终端绑定的移动运维现场数据加密传输验证的方法实现3. Implementation of method for mobile data transmission and encryption field data encryption transmission verification based on terminal binding
电力通信移动运维是电力通信运维的重要组成。本发明基于电力网通信运维管理系统软件框架平台,使用电力网统一资源数据模型,综合了终端设备绑定、数据采集、数据加密和解密和数据双向传输四个功能。具体的功能实现如下:Power communication mobile operation and maintenance is an important component of power communication operation and maintenance. The invention is based on the software framework platform of the power network communication operation and maintenance management system, uses the unified resource data model of the power network, and integrates four functions of terminal device binding, data acquisition, data encryption and decryption, and data bidirectional transmission. The specific functions are implemented as follows:
(1)智能终端绑定(1) Smart terminal binding
电力通信移动运维是一类通信网运维的总称,所以在本运维方法中选择的终端设备和现有终端设备一样。由于终端设备需要具有可靠的无线数据传输能力,所以现阶段的终端设备多采用以手机为基础,并加装红外扫描、RFID、GIS、气压测量等软硬件功能的终端。所述红外扫描主要是用来扫描设备上的条形码,从而帮助用户读取设备信息,确认设备寻找是否是正确。RFID和红外扫描类似,也是用于读取设备信息,只是读取方式不一样。GIS用来定位设备信息,从而帮助用户确定所处设备是否是需要检修设备。气压测量用来测定设备所处环境气压,帮助远程用户了解设备所处运行环境,用于后期设备巡检、维护计划制定的数据支撑。智能终端利用这些方式可以轻松实现对于现场各类型数据的多样化采集,并且可以直接存储在手持终端上。由于每台终端均具有移动设备国际身份码(IMEI)和国际移动用户识别码(IMSI),且均具有唯一性,所以在终端绑定时将利用这两组识别码进行终端设备和远程后台系统的绑定,从而保证通过无线公网接入远程后台设备的可管理性。 Power communication mobile operation and maintenance is a general term for the operation and maintenance of a type of communication network. Therefore, the terminal equipment selected in this operation and maintenance method is the same as the existing terminal equipment. Since the terminal equipment needs to have reliable wireless data transmission capability, the terminal equipment at the current stage mostly adopts a terminal based on a mobile phone and is equipped with software and hardware functions such as infrared scanning, RFID, GIS, and air pressure measurement. The infrared scan is mainly used to scan the barcode on the device, thereby helping the user to read the device information and confirm whether the device is looking for the correct one. RFID is similar to infrared scanning and is also used to read device information, but the reading method is different. The GIS is used to locate device information to help the user determine if the device is in need of service. The air pressure measurement is used to determine the ambient air pressure of the equipment, to help remote users understand the operating environment of the equipment, and to support the data support for the post-equipment inspection and maintenance planning. Intelligent terminals can easily realize diversified collection of various types of data on site by using these methods, and can be directly stored on the handheld terminal. Since each terminal has a Mobile Equipment International Identity (IMEI) and an International Mobile Subscriber Identity (IMSI), and both are unique, the two sets of identification codes are used for terminal equipment and remote backend systems when the terminal is bound. Binding to ensure the manageability of remote backend devices through the wireless public network.
(2)运维现场数据采集(2) Operation and maintenance site data collection
运维现场数据采集主要是进行运维结果数据的采集,是数据加密传输和数据结果验证的重要先决条件。具体功能定位如下:The operation and maintenance field data collection is mainly to collect the operation and maintenance result data, which is an important prerequisite for data encryption transmission and data result verification. The specific functions are located as follows:
采用终端自带的GPS定位和RFID、二维码识别技术、iODF智能光纤配线架、图像识别功能对于移动运维结果数据进行多样化采集,通过智能终端采集,在保障电力通信移动运维时效性的同时,提高电力通移动运维的规范性和准确性。The terminal's own GPS positioning and RFID, two-dimensional code recognition technology, iODF intelligent optical distribution frame, and image recognition function are used for diversified collection of mobile operation and maintenance result data, and are collected by intelligent terminals to ensure the aging of power communication. At the same time, improve the standardization and accuracy of power transmission and maintenance.
(3)数据加密、验证和解密(3) Data encryption, verification and decryption
数据加密、验证和解密包括加密处理、数据解密、数据结果验证、验证结果数据加密和验证结果解密,如图2所示。Data encryption, verification, and decryption include encryption processing, data decryption, data result verification, verification result data encryption, and verification result decryption, as shown in Figure 2.
数据加密主要是为了在保证远程系统和终端点对点通信的基础上,进一步完善对于通过无线公网传输数据的安全性。Data encryption is mainly to improve the security of data transmission over the wireless public network on the basis of ensuring remote system and terminal point-to-point communication.
本发明在数据加密中以国际数据加密算法(IDEA)为基础,在现有算法基础上融入移动设备国际身份码(IMEI)和国际移动用户识别码(IMSI)数据,就可以在现有加密解密验证过程中增加针对终端的验证功能,从而提升数据传输的安全性和可管理性。如图3所示,具体的实现方法如下:The invention is based on the international data encryption algorithm (IDEA) in data encryption, and integrates the mobile device international identity code (IMEI) and the international mobile subscriber identity (IMSI) data on the existing algorithm, so that the existing encryption and decryption can be performed. The verification function for the terminal is added during the verification process, thereby improving the security and manageability of data transmission. As shown in Figure 3, the specific implementation method is as follows:
对运维现场数据进行加密处理。在加密采集数据的过程中,引入IMEI和IMSI数据,以国际加密算法的秘钥产生算法来计算IMEI和IMSI,得到符合国际加密算法秘钥规则的32数据(由于IMEI和IMSI各为15位,另外一位由系统自动生成),在原128位秘钥中随机选择连续的32位数据与由IMEI和IMSI计算得到的32位数据进行替换,也可以选择分隔的两组连续16位数据进行替换。Encrypt the operation and maintenance field data. In the process of encrypting the collected data, the IMEI and IMSI data are introduced, and the IMEI and IMSI are calculated by the secret key generation algorithm of the international encryption algorithm, and 32 data conforming to the international encryption algorithm key rule are obtained (since the IMEI and the IMSI are each 15 bits, The other one is automatically generated by the system. The 32-bit data is randomly selected from the original 128-bit key and replaced with the 32-bit data calculated by IMEI and IMSI. It is also possible to select two consecutive 16-bit data to be replaced.
在远程系统对接受到的加密运维现场数据进行解密。利用对应解密算法进 行解密操作,解密数据后因为得到了IMEI和IMSI的参数,所以系统会首先验证IMEI和IMSI的合法性,合法数据才能进行远程系统的结果验证,未通过验证的数据将直接丢弃,并进行报警。The remote system decrypts the received encrypted operation and maintenance field data. Using the corresponding decryption algorithm Decryption operation, after decrypting the data, because the parameters of IMEI and IMSI are obtained, the system will first verify the legality of IMEI and IMSI, and the legal data can be used to verify the result of the remote system. The data that has not passed the verification will be directly discarded and alarmed. .
对远程系统进行数据结果验证得到的验证结果进行加密处理。采用与上述加密运维现场数据相同的方法,对远程系统的验证结果进行加密处理。The verification result obtained by verifying the data result of the remote system is encrypted. The verification result of the remote system is encrypted by the same method as the above-mentioned encrypted operation and maintenance field data.
在智能终端对加密后的验证结果进行解密,采用与上述解密运维现场数据相同的方法对验证结果数据进行解密处理。The encrypted terminal decrypts the encrypted verification result, and the verification result data is decrypted by the same method as the decryption operation and maintenance field data.
本部分需要参与的模块有数据加密、数据解密和数据验证3个模块,以实现如图2所示的数据加密处理、数据解密、数据结果验证、验证结果数据加密和验证结果解密。The modules that need to participate in this part include data encryption, data decryption and data verification to implement data encryption processing, data decryption, data result verification, verification result data encryption and verification result decryption as shown in FIG. 2 .
数据加密模块,服务名:pm_Encryptionmodel;Data encryption module, service name: pm_Encryptionmodel;
数据加密模块在终端和远程系统均实现数据传输之前的加密服务,加密方式采用现阶段主流的国际数据加密算法(IDEA)。国际数据加密算法(IDEA)的秘钥有128位,在本发明中我们将把其中30位作为移动设备国际身份码(IMEI)和国际移动用户识别码(IMSI)的验证信息进行组合,从而实现对于传输数据的加密。The data encryption module implements the encryption service before the data transmission in both the terminal and the remote system, and the encryption method adopts the current mainstream international data encryption algorithm (IDEA). The key of the International Data Encryption Algorithm (IDEA) has 128 bits. In the present invention, we will combine 30 of them as verification information of the Mobile Equipment International Identity (IMEI) and the International Mobile Subscriber Identity (IMSI). For the encryption of transmitted data.
IDEA算法既用混乱又用扩散,它的设计原则是一种来自于不同代数群的混合运算,且这个代数群进行的运算:算法输入的64位数据被分成4个16位子分组作为第一轮的输入,总共有8轮迭代。在每一轮中,相互间进行运算同时也与6个16位的子密钥进行运算(每轮均不同),最后还与4个16位的子密钥进行输出变换,产生输出,其中共52个16位的子密钥参与运算。整个算法包 括3部分:The IDEA algorithm uses both confusion and diffusion. Its design principle is a hybrid operation from different algebraic groups, and the operation of this algebraic group: the 64-bit data input by the algorithm is divided into four 16-bit sub-groups as the first round. The input has a total of 8 iterations. In each round, they operate with each other and also with six 16-bit subkeys (each round is different), and finally output conversion with four 16-bit subkeys to produce an output. 52 16-bit subkeys participate in the operation. Entire algorithm package Including 3 parts:
a.子密钥的产生:输入:128b密钥;输出:52个16b的子密钥。a. Subkey generation: Input: 128b key; Output: 52 16b subkeys.
b.加密过程:输入:52个子密钥和64b数据;输出:64b数据。b. Encryption process: input: 52 subkeys and 64b data; output: 64b data.
c.解密过程:IDEA算法的加密过程与解密过程的子密钥不相同,且二者是一一对应的。c. Decryption process: The encryption process of the IDEA algorithm is different from the subkey of the decryption process, and the two are one-to-one correspondence.
IDEA共需要52个子密钥,每一个有16b,由128b密钥生成。自密钥将128b分成8组,每组16b,得到K1、K2、K3、K4、K5、K6、K7、K8;将128b循环左移25位后做16b分组,得到子密钥K9、K10、K11、K12、K13、K14、K15、K16;再将这128b循环左移25位后做同样的分组得到子密钥K17、K18、K19、K20、K21、K22、K23、K24;以此类推,直到生成所有的子密钥。IDEA requires a total of 52 subkeys, each with 16b, generated by a 128b key. The self-key divides 128b into 8 groups, each group 16b, and obtains K1, K2, K3, K4, K5, K6, K7, K8; shifts 128b to the left by 25 bits and then performs 16b grouping to obtain sub-keys K9, K10, K11, K12, K13, K14, K15, K16; then shift the 128b left to 25 bits and do the same grouping to get the subkeys K17, K18, K19, K20, K21, K22, K23, K24; and so on. Until all subkeys are generated.
该算法中密钥为128b,明文分组长度是64b。64b被分为4个16b的子块:X1、X2、X3、X4作为第一轮的输入,每一轮中,将4个输入子块与6个16b子密钥分别做模216的加法、模216+1的乘法、异或操作,得到4个输出作为下一轮的输入。如此共进行8轮,最后用4个子密钥作输出变换。In this algorithm, the key is 128b and the plaintext packet length is 64b. 64b is divided into four 16b sub-blocks: X1, X2, X3, and X4 are input to the first round. In each round, four input sub-blocks and six 16b sub-keys are respectively added as modulo 216. Multiply and XOR operations of modulo 216+1 yield 4 outputs as inputs for the next round. In this way, 8 rounds are performed in total, and finally 4 subkeys are used for output conversion.
数据解密模块,服务名:pm_Decryptionmodel;Data decryption module, service name: pm_Decryptionmodel;
和加密模块类似,解密模块是在终端和远程系统接收数据之后的针对加密数据的解密服务。除了简单的解密服务之外,由于在加密中我们加入了移动设备国际身份码(IMEI)和国际移动用户识别码(IMSI)信息,所以数据解密的同时还将验证数据的可靠性。解密的子密钥块是由加密子密钥的加法逆或乘法逆构成的。Similar to the encryption module, the decryption module is a decryption service for encrypted data after the terminal and the remote system receive the data. In addition to the simple decryption service, since we have added the Mobile Device International Identity (IMEI) and International Mobile Subscriber Identity (IMSI) information in the encryption, the data will be decrypted and the reliability of the data will be verified. The decrypted subkey block is composed of the inverse or multiplicative inverse of the encrypted subkey.
数据验证模块,服务名:pm_Datavalidationmodel; Data verification module, service name: pm_Datavalidationmodel;
数据比对服务负责对终端采集并传输至远程系统的数据进行验证,以确定现场是否按要求完成运维工作。The data comparison service is responsible for verifying the data collected by the terminal and transmitted to the remote system to determine whether the site has completed the operation and maintenance as required.
(4)数据传输和数据回传(4) Data transmission and data backhaul
数据传输和数据回传包括采集数据传输至远程系统和远程系统验证信息回传至终端两个部分。当终端采集并加密数据后,终端会向远程系统申请建立数据传输连接,数据传输连接可以是VPN传输连接。Data transmission and data backhaul include collecting data transmission to the remote system and remote system verification information back to the terminal. After the terminal collects and encrypts the data, the terminal requests the remote system to establish a data transmission connection, and the data transmission connection may be a VPN transmission connection.
在远程系统对智能终端的移动设备国际身份码(IMEI)和国际移动用户识别码(IMSI)数据进行合法性验证之后,利用3G、4G无线传输技术进行数据传输。该数据传输主要是将数据传输至远程系统。上述合法性验证过程和数据传输过程可以以如下顺序实现。在数据传输连接建立之后,智能终端首先向远程系统传输128位国际数据加密算法秘钥,秘钥中包含所述智能终端的移动设备国际身份码(IMEI)和国际移动用户识别码(IMSI)。远程系统接受128位秘钥后,先验证接受的128位秘钥是否正确,然后解密128位秘钥得到移动设备的IMEI和IMSI数据,并通过验证IMEI和IMSI数据的各自正确性以及相互之间关联关系,从而验证解密数据的合法性。待合法性确认之后,建立数据传输通道,智能终端再向远程系统传输加密后的运维现场数据。远程系统随后对加密后的运维现场数据进行解密操作。After the remote system performs legality verification on the mobile terminal international identity code (IMEI) and international mobile subscriber identity (IMSI) data of the smart terminal, the data transmission is performed by using 3G and 4G wireless transmission technologies. This data transfer is primarily the transfer of data to a remote system. The above legality verification process and data transmission process can be implemented in the following order. After the data transmission connection is established, the intelligent terminal first transmits a 128-bit international data encryption algorithm secret key to the remote system, and the secret key includes the mobile device international identity code (IMEI) and the international mobile subscriber identity (IMSI) of the smart terminal. After receiving the 128-bit key, the remote system first verifies that the accepted 128-bit key is correct, and then decrypts the 128-bit key to obtain the IMEI and IMSI data of the mobile device, and verifies the correctness of the IMEI and IMSI data and the mutual Correlate the relationship to verify the legitimacy of the decrypted data. After the legality is confirmed, the data transmission channel is established, and the intelligent terminal transmits the encrypted operation and maintenance field data to the remote system. The remote system then decrypts the encrypted operation and maintenance field data.
当需要将验证结果回传至智能终端时,远程系统会请求向智能终端回传数据。终端会再次发送含有移动设备国际身份码(IMEI)和国际移动用户识别码(IMSI)信息的数据至远程系统,远程系统确认后再进行数据回传。远程系统向智能终端回传数据,与智能终端向远程系统传输数据一样,也包括先对智能终端的IMEI和IMSI数据进行合法性验证再进行数据传输的这样的过程。该过 程可以以如下顺序实现。在数据传输连接建立之后,智能终端首先向远程系统传输128位秘钥,秘钥中包含所述智能终端的IMSI和IMEI。远程系统接受128位秘钥后,先验证接受的128位秘钥是否正确,然后解密128位秘钥并通过验证智能终端IMEI和IMSI数据的各自正确性以及相互之间关联关系,从而验证解密数据的合法性。待合法性确认之后,建立数据传输通道,远程系统向智能终端传输加密后的验证结果。智能终端随后对加密的验证结果进行解密操作。When the verification result needs to be transmitted back to the smart terminal, the remote system requests to return data to the smart terminal. The terminal will again send the data containing the Mobile Equipment International Identity (IMEI) and International Mobile Subscriber Identity (IMSI) information to the remote system, and the remote system confirms the data and then returns the data. The remote system returns data to the intelligent terminal, and the smart terminal transmits the data to the remote system, and also includes the process of verifying the validity of the IMEI and IMSI data of the smart terminal before performing data transmission. The past The process can be implemented in the following order. After the data transmission connection is established, the intelligent terminal first transmits a 128-bit key to the remote system, and the key includes the IMSI and IMEI of the intelligent terminal. After the remote system accepts the 128-bit key, it first verifies that the accepted 128-bit key is correct, then decrypts the 128-bit key and verifies the decrypted data by verifying the correctness and mutual relationship between the intelligent terminal IMEI and IMSI data. Legitimacy. After the legality is confirmed, a data transmission channel is established, and the remote system transmits the encrypted verification result to the intelligent terminal. The intelligent terminal then decrypts the encrypted verification result.
除上述实施例外,本发明还可以有其他实施方式,凡采用等同替换或等效变换形成的技术方案,均落在本发明要求的保护范围内。 In addition to the above-described embodiments, the present invention may have other embodiments, and any technical solutions formed by equivalent replacement or equivalent transformation fall within the protection scope of the present invention.

Claims (7)

  1. 一种电力通信网现场运维数据加密传输验证方法,其特征在于,该方法包括下列步骤:A method for verifying encrypted transmission and transmission of on-site operation and maintenance data of a power communication network, characterized in that the method comprises the following steps:
    步骤1,智能终端绑定:用移动设备国际身份码和国际移动用户识别码实现在无线传输公网内远程系统对于智能终端的绑定管理;Step 1: Binding of the intelligent terminal: realizing the binding management of the remote system to the intelligent terminal in the wireless transmission public network by using the mobile device international identity code and the international mobile subscriber identity code;
    步骤2,运维现场数据采集:所述智能终端配置有红外扫描功能,对运维现场数据进行采集;Step 2: Data collection in the operation and maintenance field: The intelligent terminal is configured with an infrared scanning function to collect the operation and maintenance field data;
    步骤3,数据加密处理:将国际数据加密算法的128位秘钥中的30位作为移动设备国际身份码和国际移动用户识别码的验证信息进行组合,在加密采集数据的过程中,随机选择秘钥中连续的32位数据,16位为1组共2组,2组数据分别替换为移动设备国际身份码和国际移动用户识别码,由于移动设备国际身份码和国际移动用户识别码均为15位,每组16位数据中的1位数据随机生成,从而对传输数据进行加密处理;Step 3: Data encryption processing: Combine 30 bits of the 128-bit key of the international data encryption algorithm as the verification information of the mobile device international identity code and the international mobile subscriber identity, and randomly select the secret in the process of encrypting the collected data. 32 consecutive data in the key, 16 bits are 1 group, 2 groups, 2 sets of data are replaced with mobile device international identity code and international mobile subscriber identity, respectively, because the mobile device international identity code and international mobile subscriber identity are 15 Bit, one bit of each group of 16-bit data is randomly generated, thereby encrypting the transmitted data;
    步骤4,数据传输:利用无线公网实现绑定的智能终端与远程系统之间的数据传输;Step 4: Data transmission: using a wireless public network to implement data transmission between the bound intelligent terminal and the remote system;
    步骤5,数据解密:用数据加密处理方法使用的秘钥对远程系统接收数据进行解密;解密的子密钥块是由加密子密钥的加法逆或乘法逆构成的;解密数据后,通过移动设备国际身份码和国际移动用户识别码验证解密数据的合法性,数据合法才能进行下一步的数据结果验证,未通过验证的数据将直接丢弃,并进行报警;Step 5: Data decryption: decrypting the received data by the remote system by using the secret key used by the data encryption processing method; the decrypted subkey block is composed of the addition inverse or multiplication inverse of the encrypted subkey; after decrypting the data, by moving The device international identity code and the international mobile subscriber identity code verify the legality of the decrypted data, and the data can be legally verified for the next data result, and the data that has not passed the verification will be directly discarded and alarmed;
    步骤6,数据结果验证:数据结果验证是利用远程系统验证传输数据是否符合运维现场要求的过程,不论验证结果是否正确都将会对验证结果进行反馈, 数据比对服务负责将终端采集并传输至远程系统的数据进行验证,以确定现场是否按要求完成运维工作;Step 6. Data result verification: The data result verification is a process of verifying whether the transmission data meets the requirements of the operation and maintenance site by using the remote system, and the verification result will be fed back regardless of whether the verification result is correct or not. The data comparison service is responsible for verifying the data collected and transmitted by the terminal to the remote system to determine whether the site has completed the operation and maintenance as required;
    步骤7,验证结果数据加密:参照步骤3中的数据加密方法对远程验证后的验证结果数据进行加密;Step 7, the verification result data is encrypted: the data of the verification result after the remote verification is encrypted by referring to the data encryption method in step 3;
    步骤8,数据回传:用无线公网实现远程系统和智能终端的点对点传输,实现验证结果数据的正确回传;Step 8, data backhaul: use the wireless public network to realize point-to-point transmission of the remote system and the intelligent terminal, and realize correct return of the verification result data;
    步骤9,验证结果解密:参照步骤5中的数据解密方法,通过移动设备国际身份码和国际移动用户识别码验证解密数据的合法性后,智能终端对接受的验证结果数据进行解密,从而确定现场运维结果是否符合要求。Step 9: Decryption of the verification result: After verifying the legality of the decrypted data by using the mobile device international identity code and the international mobile subscriber identity, the smart terminal decrypts the accepted verification result data to determine the scene. Whether the operation and maintenance results meet the requirements.
  2. 如权利要求1所述的电力通信网现场运维数据加密传输验证方法,其特征在于所述步骤3中的数据加密处理是将分隔的两组连续16位数据替换为移动设备国际身份码和国际移动用户识别码,每组16位数据中的1位随机生成。The method for verifying the encrypted operation of the field operation and maintenance data of the power communication network according to claim 1, wherein the data encryption process in the step 3 is to replace the separated two sets of consecutive 16-bit data with the mobile device international identity code and the international The mobile subscriber identity code is randomly generated by one of each group of 16-bit data.
  3. 如权利要求1或2所述的电力通信网现场运维数据加密传输验证方法,其特征在于所述步骤4中数据传输是指先传输128位国际数据加密算法秘钥,秘钥中包含所述智能终端的国际身份码和国际移动用户识别码信息,待通过使用智能终端的国际身份码和国际移动用户识别码验证了数据的合法性后,再传输加密后的运维现场数据。The method for verifying the encrypted operation of the field operation and maintenance data of the power communication network according to claim 1 or 2, wherein the data transmission in the step 4 refers to transmitting a 128-bit international data encryption algorithm key, and the key includes the intelligence. The international identity code of the terminal and the international mobile subscriber identity information are to be verified by using the international identity code of the smart terminal and the international mobile subscriber identity code, and then the encrypted operation and maintenance field data is transmitted.
  4. 如权利要求3所述电力通信网现场运维数据加密传输验证方法,其特征在于所述步骤5中解密数据的过程包括,在远程系统端先验证接受的128位秘钥是否正确,然后解密128位秘钥获得智能终端的国际身份码IMEI和国际移动用户识别码IMSI,通过验证移动设备国际身份码IMEI和国际移动用户识别码 IMSI数据的各自正确性以及相互之间关联关系,从而验证解密数据的合法性,确认解密数据合法性之后,远程系统再从智能终端接受加密后的运维现场数据,并对加密后的运维现场数据进行解密。The method for verifying the encrypted operation of the field operation and maintenance data of the power communication network according to claim 3, wherein the process of decrypting the data in the step 5 comprises: verifying, at the remote system, whether the accepted 128-bit key is correct, and then decrypting 128. The bit key obtains the international identity code IMEI of the intelligent terminal and the international mobile subscriber identity IMSI, and verifies the mobile device international identity code IMEI and the international mobile subscriber identity code. The correctness of the IMSI data and the relationship between them are verified to verify the legality of the decrypted data. After confirming the legality of the decrypted data, the remote system accepts the encrypted operation and maintenance field data from the intelligent terminal and performs the encrypted operation and maintenance. The field data is decrypted.
  5. 如权利要求1或2或4所述的电力通信网现场运维数据加密传输验证方法,其特征在于,所述步骤2进行运维现场数据采集的智能终端还配置RFID识别功能。The method for verifying the on-site operation and maintenance data encryption transmission of the power communication network according to claim 1 or 2 or 4, wherein the intelligent terminal that performs the operation and maintenance field data collection in step 2 further configures an RFID identification function.
  6. 如权利要求1或2或4所述的电力通信网现场运维数据加密传输验证方法,其特征在于,所述步骤2进行运维现场数据采集的智能终端还配置GIS功能。The method for verifying the on-site operation and maintenance data encryption transmission of the power communication network according to claim 1 or 2 or 4, wherein the intelligent terminal of the operation and maintenance field data collection in the step 2 further configures the GIS function.
  7. 如权利要求1或2或4所述的电力通信网现场运维数据加密传输验证方法,其特征在于,所述步骤2进行运维现场数据采集的智能终端还配置气压测量功能。 The method for verifying the on-site operation and maintenance data encryption transmission of the power communication network according to claim 1 or 2 or 4, wherein the intelligent terminal that performs the operation and maintenance field data collection in the step 2 further configures the air pressure measurement function.
PCT/CN2014/093881 2014-10-13 2014-12-15 Encryption transmission and verification method for power communication network field operation and maintenance data WO2016058259A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410538004.5 2014-10-13
CN201410538004.5A CN104301317B (en) 2014-10-13 2014-10-13 Power telecom network scene operation/maintenance data encrypted transmission verification method

Publications (1)

Publication Number Publication Date
WO2016058259A1 true WO2016058259A1 (en) 2016-04-21

Family

ID=52320885

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/093881 WO2016058259A1 (en) 2014-10-13 2014-12-15 Encryption transmission and verification method for power communication network field operation and maintenance data

Country Status (2)

Country Link
CN (1) CN104301317B (en)
WO (1) WO2016058259A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109000711A (en) * 2018-05-18 2018-12-14 深圳供电局有限公司 A kind of electric power line pole tower cruising inspection system and its method for inspecting
CN111541709A (en) * 2020-05-06 2020-08-14 广东纬德信息科技股份有限公司 Encrypted transmission system and encrypted transmission method based on power distribution
CN111935273A (en) * 2020-08-05 2020-11-13 江苏大烨智能电气股份有限公司 Operation maintenance system of power distribution equipment
CN112118244A (en) * 2020-09-10 2020-12-22 安恒环境科技(北京)股份有限公司 Water quality online monitoring data verification method and verification system
CN113392414A (en) * 2021-05-27 2021-09-14 国网福建省电力有限公司营销服务中心 Closed-loop checking method for household variable relationship of power station area based on station area identifier
CN114025001A (en) * 2021-10-25 2022-02-08 安庆师范大学 Agent card information transmission control system based on cloud service
CN114286204A (en) * 2021-12-27 2022-04-05 深圳供电局有限公司 Remote communication method and system of intelligent air switch
CN114399009A (en) * 2021-12-31 2022-04-26 贵州电网有限责任公司 Data acquisition method for power equipment
CN114598492A (en) * 2021-12-22 2022-06-07 航天信息股份有限公司 System and method for co-acquiring and sharing data

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471894A (en) * 2015-12-28 2016-04-06 国家电网公司 Electric power communication mobile operation and maintenance site data encryption, verification and transmission method
CN109194614A (en) * 2018-07-31 2019-01-11 温州市图盛科技有限公司 A kind of electric power data processing method based on block chain
CN109885523A (en) * 2019-02-22 2019-06-14 山东欧德利电气设备有限公司 A kind of remote analog amount transmission technology

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102495983A (en) * 2011-12-08 2012-06-13 孙紫阳 Method for encrypting and decrypting data of intelligent mobile terminal in real time
CN102655643A (en) * 2011-03-04 2012-09-05 希姆通信息技术(上海)有限公司 Wireless data encryption method and wireless data decryption method
CN103209240A (en) * 2013-03-19 2013-07-17 东莞宇龙通信科技有限公司 Method and system for encrypting and deciphering data

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8181262B2 (en) * 2005-07-20 2012-05-15 Verimatrix, Inc. Network user authentication system and method
WO2012122994A1 (en) * 2011-03-11 2012-09-20 Kreft Heinz Off-line transfer of electronic tokens between peer-devices
CN103264717B (en) * 2013-05-21 2015-12-02 北京泰乐德信息技术有限公司 A kind of track traffic synthetic monitoring and scheduling is worked in coordination with and O&M information system
CN103888292A (en) * 2014-02-25 2014-06-25 北京科东电力控制系统有限责任公司 Tool and method for operation and maintenance of distribution terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102655643A (en) * 2011-03-04 2012-09-05 希姆通信息技术(上海)有限公司 Wireless data encryption method and wireless data decryption method
CN102495983A (en) * 2011-12-08 2012-06-13 孙紫阳 Method for encrypting and decrypting data of intelligent mobile terminal in real time
CN103209240A (en) * 2013-03-19 2013-07-17 东莞宇龙通信科技有限公司 Method and system for encrypting and deciphering data

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109000711A (en) * 2018-05-18 2018-12-14 深圳供电局有限公司 A kind of electric power line pole tower cruising inspection system and its method for inspecting
CN111541709A (en) * 2020-05-06 2020-08-14 广东纬德信息科技股份有限公司 Encrypted transmission system and encrypted transmission method based on power distribution
CN111935273A (en) * 2020-08-05 2020-11-13 江苏大烨智能电气股份有限公司 Operation maintenance system of power distribution equipment
CN112118244A (en) * 2020-09-10 2020-12-22 安恒环境科技(北京)股份有限公司 Water quality online monitoring data verification method and verification system
CN113392414A (en) * 2021-05-27 2021-09-14 国网福建省电力有限公司营销服务中心 Closed-loop checking method for household variable relationship of power station area based on station area identifier
CN114025001A (en) * 2021-10-25 2022-02-08 安庆师范大学 Agent card information transmission control system based on cloud service
CN114598492A (en) * 2021-12-22 2022-06-07 航天信息股份有限公司 System and method for co-acquiring and sharing data
CN114286204A (en) * 2021-12-27 2022-04-05 深圳供电局有限公司 Remote communication method and system of intelligent air switch
CN114286204B (en) * 2021-12-27 2024-01-05 深圳供电局有限公司 Remote communication method and system of intelligent air switch
CN114399009A (en) * 2021-12-31 2022-04-26 贵州电网有限责任公司 Data acquisition method for power equipment

Also Published As

Publication number Publication date
CN104301317B (en) 2019-03-08
CN104301317A (en) 2015-01-21

Similar Documents

Publication Publication Date Title
WO2016058259A1 (en) Encryption transmission and verification method for power communication network field operation and maintenance data
CN101917270B (en) Weak authentication and key agreement method based on symmetrical password
WO2018120883A1 (en) Low power consumption bluetooth device communication encryption method and system
CN101738516B (en) Electronic electric energy meter and data secure transmission method thereof
CN102035845B (en) Switching equipment for supporting link layer secrecy transmission and data processing method thereof
CN113595744B (en) Network access method, device, electronic equipment and storage medium
CN105814859B (en) A kind of network collocating method, relevant apparatus and system
CN101707767B (en) Data transmission method and devices
CN104319874A (en) On-line monitoring system and method for status of power transmission line of intelligent power grid
CN110401530A (en) A kind of safety communicating method of gas meter, flow meter, system, equipment and storage medium
CN104579679A (en) Wireless public network data forwarding method for rural power distribution network communication equipment
CN104902469A (en) Secure communication method facing wireless communication network of power transmission lines
WO2015003512A1 (en) Concentrator, ammeter, and message processing method therefor
CN102970676A (en) Method for processing original data, internet of thing system and terminal
KR102620082B1 (en) Smart grid terminal with security module applied and data transmission method for using the same
CN103441850A (en) Wireless security router, power distribution network data transmission system and operating method thereof
CN113810788A (en) Intelligent ammeter information transmission method and device and terminal equipment
WO2019085659A1 (en) Information interaction method and device
CN109922022A (en) Internet of Things communication means, platform, terminal and system
CN109067550B (en) Bidirectional authentication system and bidirectional authentication method based on CPK (Combined public Key) identification key
CN110312253A (en) A kind of method for network access, apparatus and system
CN109246581A (en) A kind of method and apparatus of communication
CN101895878A (en) Dynamic password configuration based mobile communication method and system
WO2018076299A1 (en) Data transmission method and device
CN111065091B (en) Wireless data acquisition system and data transmission method based on lora

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14904037

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14904037

Country of ref document: EP

Kind code of ref document: A1