Summary of the invention
For guaranteeing that acquisition terminal is in the safe and reliable use of power information acquisition system, the reliable execution that guarantees data security and instruct, except that guaranteeing authentication safety, need that also agreement, instruction and data are carried out encryption and decryption and handle, and the operational version of symmetric cryptographic technique and asymmetric cryptographic technique is also needed special design.
The mixed cipher algorithm that in acquisition terminal, has adopted symmetric cryptographic algorithm and asymmetric cryptographic algorithm to combine.
1) operational version of symmetric cryptographic algorithm is as follows:
The main symmetric cryptographic algorithm that adopts carries out issuing of order to the reset command in the terminal (AFN=01H), mode that parameter (AFN=04H), plaintext+MAC such as employing such as control command (AFN=05H) key order of etc.ing be set in terminal.
The clear data that MAC calculates in the message that terminal receives comprises AFN, SEQ, data cell sign, data cell, the MAC value of calculating is filled among the message authentication code field PW of additional information fields (AUX) (annotate: the message authentication scheme value is: 255, represent the specialized hardware certificate scheme).Terminal at first intercepts out clear data (comprising AFN, SEQ, data cell sign, data cell) according to message after receiving the order that has the MAC verification, and clear data sent and safety chip calculates MAC, MAC value that safety chip is calculated and the MAC value in the downlink message PW territory are compared then, if equate then carry out this order, does not wait and then return MAC verification mistake and requirement is obtained again according to stipulations random number and ESAM sequence number.
The key difference that different functions is used in symmetric cryptographic algorithm.The key updating of symmetric cryptographic algorithm is to carry out under the protection of asymmetric cryptographic algorithm.
2) the asymmetric cryptographic algorithm operational version is as follows:
The main asymmetric cryptographic algorithm that adopts carries out the negotiation and the renewal of key in terminal.Key updating comprises the key updating of symmetric cryptographic algorithm key updating and asymmetric cryptographic algorithm.
Be production and the test that makes things convenient for terminal producer, key is divided into test key and formal key.Test key is meant a cover key of inserting in advance for ease of the test of terminal manufacturer production; The key that formal key uses when being meant the terminal equipment commencement of commercial operation.Terminal equipment needs to carry out key updating before mounting, be about to test key and replace with formal key.
3) safety chip data interaction flow process
Terminal security chip data interaction flow mainly comprises: contents such as reading terminals random number, MAC verification, public key verifications, key updating.
(1) reading terminals random number
In symmetric cryptographic algorithm and asymmetric cryptographic algorithm, all used random number.The random number of terminal is produced and storage by the safety chip in the terminal, terminal should pick up counting read random number from safety chip after, guarantee the ageing of random number, time span can be provided with, if read the former random number of random number again with invalid, if be that main website did not obtain random number again within effective time, the terminal safety chip that resets.
(2) MAC verification
The MAC verification uses symmetric cryptographic algorithm to calculate, and is mainly used in and guarantees reset command (AFN=01H), data integrity in parameter (AFN=04H), the control command key order downlink messages such as (AFN=05H) is set.
Clear data in MAC check computational process comprises AFN, SEQ, data cell sign, data cell.This need intercept according to command type in downlink message.
The key difference that different command types uses will be noted the use of cipher key index when the MAC verification.
(3) public key verifications
Being mainly used in main website verifies the PKI in the terminal (master control PKI or main website PKI) correctness.Main website obtains random number from encryption equipment, with the PKI that will verify random number is signed, random number and signing messages are sent to acquisition terminal, and the acquisition terminal safety chip carries out signature verification with corresponding PKI to signed data, and terminal returns to the collection main website with the signature verification result.
(4) key updating
Terminal needs to carry out key updating and registration process before formally mounting.The test key that is about to terminal is updated to formal key, and the right PKI of terminal key of terminal generation is registered in the main website server, and this process need carries out according to local key updating mode under the environment of safety.
The employed key of symmetric cryptographic algorithm, local key updating mode is identical with the remote cipher key update mode, is all undertaken by following flow process.
Gather main website and initiate the key updating request command, acquisition terminal MCU sends and gets the random number order, and the random number of getting from safety chip and the sequence number of safety chip sent to the collection main website, main website sends to terminal with key information terminal random number and signing messages, safety chip in the terminal is tested label, as by then carrying out key updating, and will upgrade the result and return to the collection main website.
For the terminal unsymmetrical key, local key updating mode is slightly different with the remote cipher key update mode, what local key updating mode was mainly finished is the process that the terminal unsymmetrical key adds (or foundation) to the main website list of public keys, is called the registration of terminal unsymmetrical key; What the remote cipher key update mode was mainly finished is the process that the terminal unsymmetrical key upgrades to the main website list of public keys, is called the renewal of terminal unsymmetrical key.
(5) registration of terminal unsymmetrical key
The registration of terminal unsymmetrical key requires to adopt under security context local key updating mode to finish the terminal unsymmetrical key adds (or foundation) to the main website list of public keys process.
Gathering main website initiates to get the random number order from terminal, terminal will send to main website from random number and the safety chip sequence number that safety chip obtains, main website obtains random number from encryption equipment, and main website random number and terminal random number are signed with the main website private key, and with the main website random number, terminal random number and signing messages send to terminal, terminal is carried out signature verification by safety chip, again it is right to produce new key by the back generation, and the public key encryption information that new key is right sends to main website, main website is decrypted the PKI ciphertext of receiving, and the PKI that decrypts is added in the registration table.
(6) renewal of terminal unsymmetrical key
The renewal of terminal unsymmetrical key can adopt the remote cipher key update mode to finish the renewal process of terminal unsymmetrical key in the main website list of public keys under the public network condition.
Main website initiates the order of acquisition request random number to terminal, and terminal will send to main website from random number and the safety chip sequence number that safety chip obtains.Main website produces session key and with terminal public key session key is encrypted, and get random number from encryption equipment, with the main website private key to the session key ciphertext, the main website random number, terminal random number and signing messages are signed, and send to terminal, safety chip carries out signature verification in the terminal, obtain session key by the back deciphering, again it is right to produce new key then, with session key the right public key encryption of new key is produced the PKI ciphertext, with terminal secret key PKI ciphertext and main website random number are signed, return the right PKI ciphertext of new key, main website random number and signing messages thereof.Main website carries out signature verification, by the back PKI ciphertext is decrypted, and the PKI that decrypts is updated in the registration table.
The invention has the beneficial effects as follows:
1 makes full use of the advantage of symmetric cryptographic technique and asymmetric cryptographic technique;
2 are not having to have guaranteed the use of asymmetric cryptographic technique by process optimization under the situation of diploma system.
Embodiment
As shown in Figure 1, the encryption method of the safety chip of this electric power system acquisition terminal by acquisition system main website, acquisition terminal MCU and the acquisition terminal safety chip between interaction flow realize functions such as reading terminals random number, MAC verification, public key verifications, key updating, guarantee the safety of system.Safety chip adopts symmetry algorithm and asymmetric arithmetic, and symmetry algorithm is mainly finished encryption and decryption, and asymmetric arithmetic is mainly finished key updating.Flow process by safety realizes the registration of obtaining random number, MAC calculating, key updating, unsymmetrical key.
As shown in Figure 2, reading terminals random number data flow process is meant that main website initiates to read the random number order to terminal, after the MCU of terminal receives this order, MCU sends two subcommands respectively to safety chip in the terminal and comprises: obtain the safety chip sequence number and read random number, safety chip sends to MCU with sequence number and random number respectively according to the order of receiving, MCU sends to main website together with the sequence number and the random number of safety chip.
As shown in Figure 3, the MAC checking process is meant that main website is sending reset command to terminal, parameter is set, during key orders such as control command, can calculate the MAC check code of mentioned order data by the encryption device of main website side, order data is issued the MCU of terminal together with the MAC check code, after terminal MCU receives above-mentioned key order, order data is sent to safety chip, safety chip calculates the MAC check code according to order data and returns to MCU, the MAC that MAC that MCU sends main website and safety chip are sent compares, if it is consistent, then reply to the main website confirmation, deny information otherwise reply main website.
As shown in Figure 4, the public key verifications data flow is meant that main website sends to terminal MCU with random number and signing messages, MCU is transmitted to safety chip with random number and signing messages, safety chip receives after the data checking signing messages and will test and sign the result and return terminal MCU, terminal MCU according to test sign the result send confirm or the information of denying to main website.
As shown in Figure 5, the key updating flow process comprises two flow processs, and at first main website sends the key updating request command to terminal MCU, and terminal MCU transmission order is to safety chip or get random number, then safety chip sequence number and random number is returned to main website; Main website sends key information, random number and signing messages to terminal MCU then, MCU gives safety chip with these data forwarding, safety chip test sign and more will upgrade after the new key after the key result return to MCU, MCU sends affirmation or the information of denying to main website according to the key updating result.
As shown in Figure 6, the log-on data flow process of terminal unsymmetrical key comprises two flow processs, at first main website sends the key updating request command to terminal MCU, and terminal MCU transmission order is to safety chip or get random number, then safety chip sequence number and random number is returned to main website; Main website sends main website random number, terminal random number and signing messages to terminal MCU then, MCU gives safety chip with above-mentioned data forwarding, safety chip is certifying signature information at first, test sign pass through after, produce new key to and the public key encryption right to this key, the PKI ciphertext after encrypting is returned to MCU, MCU returns ciphertext to main website, sign failure if test, send and deny that information is to main website.
As shown in Figure 7, the renewal data flow of terminal unsymmetrical key comprises two flow processs, at first is or gets the random number flow process, with first flow process of accompanying drawing 5 and 6; Second flow process is that main website sends session key ciphertext, main website random number, terminal random number and signing messages to terminal MCU, MCU gives safety chip with data forwarding, safety chip test sign pass through after, to the public key encryption of new generation and to this ciphertext and main website random number signature, and cipher-text information and signing messages returned to MCU, MCU sends cipher-text information to main website, signs failure then replys the information of denying if test.
Invention has been described according to specific exemplary embodiment herein.It will be conspicuous carrying out suitable replacement to one skilled in the art or revise under not departing from the scope of the present invention.Exemplary embodiment only is illustrative, rather than to the restriction of scope of the present invention, scope of the present invention is by appended claim definition.