CN102355467A - Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission - Google Patents
Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission Download PDFInfo
- Publication number
- CN102355467A CN102355467A CN2011103166683A CN201110316668A CN102355467A CN 102355467 A CN102355467 A CN 102355467A CN 2011103166683 A CN2011103166683 A CN 2011103166683A CN 201110316668 A CN201110316668 A CN 201110316668A CN 102355467 A CN102355467 A CN 102355467A
- Authority
- CN
- China
- Prior art keywords
- trust chain
- tcac
- tcag
- credible
- monitoring terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention relates to a power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission, which carries out credible transformation to a power transmission and transformation equipment state monitoring system through identity authentication, platform authentication, integrity measurement, trust chain transmission and other methods. A credible authentication service, an access actuation server and a centralized regulation server are deployed in a main station, and a monitoring terminal, a state information access controller, a state information access gateway machine and a state monitoring proxy are transformed into a credible monitoring terminal, a credible state information access controller, a credible state information access gateway machine and a credible state monitoring proxy, so that the whole monitoring system is constructed into a credible system. The system can effectively prevent malicious program attack, malicious code injection attack, physical data theft, network tapping, sniffing attack and the like, and protect the security of the monitoring system and an internal power grid system; and the invention also provides a trust chain transmission model which is used for proving that under trust chain transmission, as long as each level of a trust chain is credible, the whole system is credible.
Description
Technical field
The present invention is a kind of power transmission and transformation equipment state monitoring system safety protection technique; The trust chain transmission method is applied in the power transmission and transformation equipment state monitoring system; Mainly solve the protection of the power transmission and transformation equipment state monitoring system network information security, prevent various rogue attacks, belong to filed of network information security.
Background technology
Power transmission and transformation equipment state monitoring system (being called for short " monitoring system ") is a kind of real-time perception of utilizing various sensor technologies, wide-area communication technology and information treatment technology to realize various power transmission and transforming equipment running statuses, the monitoring system of keeping watch on early warning, analyzing and diagnosing and evaluation prediction.
Current, power transmission and transformation equipment state monitoring system representative network structure adopts main website, wide-area communication network, three grades of deployment modes of monitoring terminal, if network model is shown in Figure 1.
Monitoring terminal is divided into the electrical substation monitoring terminal and the monitoring terminal of monitoring the transmission line running status on the transmission tower of equipment operation in the monitoring substation.These two kinds of terminals are connected with the application server of main website through wide-area communication network.Monitoring terminal is uploaded to Monitoring Data the application server of main website through wide-area communication network.Application server is responsible for handling Monitoring Data, shows and data are saved to background data base.
Because monitoring terminal inserts the electric power system Intranet, cross over Wide Area Networks such as cable network, wireless network, wireless public network, the complicated network structure, security risk is high.The assailant can select monitoring terminal is attacked, and implants rogue program at monitoring terminal, and then steals the identity information of monitoring terminal, steals Monitoring Data; Also can select to attack access network, distort transmitted data on network, disturb normal monitoring; More can attack net province main station system in the analog monitoring terminal, and then electrical power system network safety is threatened.Therefore, the power transmission and transformation equipment state monitoring system safeguard procedures that need tighten security ensure electrical power system network safety.
Summary of the invention
The object of the invention just provides a kind of new power transmission and transformation equipment state monitoring system safety protection technique, solves the security risk that the power transmission and transformation equipment state monitoring system faces.
The present invention proposes a kind of power transmission and transformation equipment state monitoring system safety protecting method that transmits based on trust chain; Begin from monitoring terminal hardware source, the transmission through secure hardware, trust chain and the method for platform authentication solve the information security issue of monitoring terminal network system.On the hardware mainboard of equipment, embed the module chip of supporting that trust chain transmits, develop credible and secure parts, the software protocol in conjunction with supporting that trust chain transmits sets up new Security Architecture.Utilize technology such as credible tolerance, trust chain transmission; Can realize the safe and reliable access electric power system Intranet of power transmission and transformation equipment state monitoring system, stop that rogue program is attacked, malicious code is implanted and attacked, physical data is stolen, multiple attack patterns such as network interception and Sniffing Attack.
One, architecture
Be illustrated in figure 2 as the network architecture of the power transmission and transformation equipment state monitoring system of transmitting based on trust chain.It mainly comprises following components: server, centralized supervisory server, trusted status information access controller (TCAC), trusted status information Access Network shutdown (TCAG), trusted status monitoring agency (TCMA), credible monitoring terminal (TMT) are carried out in authentic authentication server, access.
Provide concrete introduction below:
The authentic authentication server:The authentic authentication department server is deployed on main website, and the authentic authentication server is at first submitted in the access application of monitoring equipment.The authentic authentication server carries out authentication, platform authentication, integrity measurement to the monitoring equipment that proposes the access application, judges whether proposition inserts the equipment of applying for credible.If equipment is credible, then allow monitoring equipment to insert Intranet, otherwise refusal.
Insert and carry out server:Be deployed in the main website border, the access of control monitoring equipment, function class is similar to borde gateway.After the authentic authentication server allowed application equipment to insert, notice inserted the execution server and inserts monitoring equipment.Access execution server is carried out the encryption and decryption of communicating by letter with monitoring equipment.
The centralized supervisory server:The centralized supervisory department server is deployed on insert to be carried out after the server, bears being connected between the environment and application service under the trust chain transmission.
Trusted status information access controller (TCAC):It is a kind of network application access device that possesses the trust chain transmission capacity; Be deployed in the transformer station; Can receive the standardization state information that they send, and they are carried out the device of standardization control with all kinds of state monitoring apparatus or status monitoring agency in the standard mode docking station.
Trusted status information Access Network shutdown (TCAG):Be a kind of network application access device that possesses the trust chain transmission capacity, be deployed in net and economize side, can receive the standardization state information that they send, and they are carried out the computer of standardization control with all kinds of status monitoring agencies of the long-range connection of standard mode.
Trusted status monitoring agency (TCMA):It is a kind of network application access device that possesses the trust chain transmission capacity; Be installed on the circuit or in the transformer station; Can centralized collection all kinds of status monitoring information on the line or in the station, and substitute all kinds of state monitoring apparatus and carry out the unified agent device that standardized data is communicated by letter with TCAC or TCAG.
Credible monitoring terminal (TMT):Be a kind of power transmission and transformation equipment state monitoring equipment that possesses the trust chain transmission capacity, on installation and the circuit or in the transformer station, the device of all kinds of power transmission and transformation equipment state information in perhaps standing on the centralized collection line.
The main website incoming end is provided with the authentic authentication server, and the authentic authentication server judges whether the access request at terminal meets the demands, if meet the requirements, notice inserts the execution server and accesses terminal, otherwise the refusal terminal is inserted.Insert the execution server and be positioned at the main website border, function class is similar to IAD, is used to control the access of external equipment such as TCAC/TCAG/TCMA, monitoring terminal etc.Insert to carry out server and carry out the decision of authentic authentication server on the one hand, on the other hand, insert carry out that server is born and the terminal between the function of channel data encryption and decryption, external data gets into Intranet after inserting the deciphering of carrying out server.The centralized supervisory server is responsible for the connection of main website network and state monitoring and management system.
Two, method flow
The power transmission and transformation equipment state monitoring system safety protecting method based on the trust chain transmission that this method proposes comprises monitoring terminal authentication and platform authentication, the credible and secure storage of monitoring terminal and data are leakage-preventing, monitoring terminal integrity measurement, the transmission of monitoring terminal trust chain.
1 monitoring terminal authentication and platform authentication
1.1 monitoring terminal authentication
The monitoring terminal authentication is that the authentic authentication server carries out the first step that safety is judged to monitoring terminal, and authentication is kept in the memory space at terminal self, in the non-volatile storage space like the monitoring terminal system board.Monitoring terminal have only through the authentic authentication server to its authentication of carrying out after, be allowed for access next step.
1.2 monitoring terminal platform authentication
Trust chain trusted module chip stored on the monitoring terminal mainboard the relevant information of monitoring terminal manufacturer storage.Include monitoring terminal manufacturer information, platform information, integrality certificate etc.Through platform authentication to monitoring terminal, can carry out authentication to the key message of platform, further improved the fail safe of monitoring terminal.
Credible and secure storage of 2 monitoring terminals and data are leakage-preventing
Receive the restriction of power consumption, network insertion, some monitoring terminal can't the real-time Transmission Monitoring Data.Monitoring terminal temporarily is stored in this locality with Monitoring Data, to certain set time, and the communication between monitor terminal unlatching and the main website, with data upload, how safety is stored in local monitor data is the problem that needs solve.
Can realize the leakage-preventing function of data effectively based on local trust chain trusted module chip.Trust chain trusted module chip on the monitoring terminal is supported data encryption feature, can memory protection feature be provided for monitoring terminal.The encryption of the Monitoring Data at terminal can be bound with the integrality of monitoring terminal.The data that are stored on the monitoring terminal must be carried out encryption, and the key of encryption and decryption is associated with the completeness check result of monitoring terminal.Before outside need obtains the data of storage, must carry out completeness check to monitoring terminal earlier, have only when completeness check passes through, could obtain correct decruption key.Through storing data key integrality association, can effectively realize the anti-data-leakage function, the data security of protection terminal storage in the terminal.
Monitoring terminal and main website insert that carrying out communicate by letter between the server also adopts cipher mode, and encryption key inserts the generation of execution server negotiate by monitoring terminal with main website, and coded communication can prevent that data are stolen and distort in transmission channel.
3 monitoring terminal integrity measurements
Integrity measurement to monitoring terminal is the characteristic value of obtaining about monitoring terminal that influences confidence level, and the summary of these values is deposited in the PCR register of monitoring terminal trust chain trusted module chip.Calculate the summary of certain module, and itself and desired value are compared the integrality that just can safeguard this module.
Fig. 3 representes the attack method of rogue program to target program.The rogue program target program that disguises oneself as is made amendment to the code in the target program process space, embeds malicious code.Therefore; Rogue program is attacked for credible monitoring terminal, and the operational blocks which partition system when the terminal is infected by malice, just can detect infected module through the variation of comparing digest value; And then can handle accordingly, for example use the module of backup to repair infected module.
4 monitoring terminal trust chains transmit
Based on trust chain safety want basically set up a root of trust, the credibility of root is guaranteed by physical security and Administrative Security; Set up a trust chain again; Begin to hardware platform, to operating system, again to application from root of trust; Arrive network at last; One-level authentication one-level; One-level is trusted one-level; Thereby this trust is expanded to The whole calculations machine network, to reach the purpose that strengthens fail safe and reliability, Here it is trust chain pass through mechanism.
According to the trust chain transmission method, trust chain trusted module chip is implanted in the built-in terminal system, call defencive function, integrity measurement function and the authentication function of trust chain trusted module chip, realize the secure and trusted of built-in terminal system.The startup of monitoring terminal system is begun by trust chain trusted module chip trusted root as shown in Figure 4, trust chain trusted module chip checking booting operating system process integrity, checking through after the boot that starts the operating system; The booting operating system program continues to call the power function verification operation system integrity of trust chain trusted module chip, and checking brings into operation through back operation system.Afterwards between operating system and the application program, between application program and the application program, can call the corresponding safety function of trust chain trusted module chip according to safety regulation between terminal and the main website, realize various trusted application.System's whole service flow process has guaranteed credible startup and the credible operation of bottom hardware, operating system, upper level applications.
5 monitoring terminal trust chains transmit Mathematical Modeling
The present invention proposes the Mathematical Modeling that a monitoring terminal trust chain transmits, and utilizes this model that the credibility of trust chain transmission is proved.Show that through this model then whole trust chain is credible as long as guarantee that the tolerance of each layer that trust chain is middle all is believable, integral body is credible until the terminal.
? integrity measurement trusted root
The model formulation that trust chain transmits is following:
System loads depth amount is the result be expressed as:
Booting operating system program metric function is:
Derive according to this, the tolerance result of i-1 layer does
=
(3)
The tolerance result of i layer does
Formula (4) is carried out conversion
=
…
…
=
(5)
According to the formula (5) analysis, as a trusted root
is considered to be fully trusted,
the final measurement result depends on the previous
measure results so
chain of trust is also dependent on the credibility
chain of trust credibility.The reliability rating of whole trust chain depends on the integrality of each trust layer on the trust chain.As long as guarantee that each layer all is credible fully in the trust chain transmittance process, can prove that then whole trust chain is believable.
6 monitoring terminal access process
The monitoring terminal access process is:
(1) TCAC/TCAG is to inserting the server application access request of carrying out.
(2) insert the execution server authentic authentication server is given in application, the authentic authentication server at first carries out authentication to the letter of identity of TCAC/TCAG.
(3) after authentication is passed through; The authentic authentication server forwards application to TNC service end layer; Through the IF-TNCCS agreement TNC client tier of TCAC/TCAG is carried out platform authentication by the TNC service end, the certificate in the trust chain trusted module chip on the checking TCAC/TCAG mainboard.
(4) after platform authentication passed through, the authentic authentication server forwarded application to the integrity verification layer again, requires TCAC/TCAG that the integrity information of self is collected, and the authentic authentication server carries out integrity verification to the data after collecting.
(5) after checking was passed through, TCAC/TCAG was authorized in the decision of authentic authentication server corresponding confidence levels, and notice access execution server, allowed TCAC/TCAG to insert.Insert and carry out server and TCAC/TCAG negotiate encryption key, set up the encrypted transmission passage, accomplish the credible access of TCAC/TCAG.
(6) if having TCMA between TCAC/TCAG and the monitoring terminal, then TCMA also inserts main website with reference to the access way of TCAC/TCAG.
(7) after the communication port between TCAC/TCAG/TCMA and the main website was set up and accomplished, monitoring terminal (TMT) initiated to insert application through this passage to inserting the execution server.Employing is similar to the verification mode of TCAC/TCAG, and monitoring terminal is carried out authentication, platform authentication and integrity verification.After checking was accomplished, the authentic authentication server was included monitoring terminal in own trust domain, and the negotiation with monitoring terminal completion Traffic encryption key(TEK) is issued to TCAC/TCAG/TCMA with encryption key.
The inventive method has proposed a kind of power transmission and transformation equipment state monitoring system safety protecting method that transmits based on trust chain; Be mainly used in the monitoring terminal that solves the power transmission and transformation equipment state monitoring system and insert the electric power system Intranet, bring security risk for the electric power system Intranet through modes such as wireless, public networks.Through the trust chain transmission method is introduced the power transmission and transformation equipment state monitoring system, promote the ability of the preventing malice code intrusion of power transmission and transformation equipment state monitoring system.
1 monitoring terminal authentication and platform authentication
1.1 monitoring terminal authentication
The monitoring terminal authentication is that the authentic authentication server carries out the first step that safety is judged to monitoring terminal, and authentication is kept in the memory space at terminal self, in the non-volatile storage space like the monitoring terminal system board.Monitoring terminal have only through the authentic authentication server to its authentication of carrying out after, be allowed for access next step.
1.2 monitoring terminal platform authentication
Platform authentication is a kind of hardware system authentication mode.Trust chain trusted module chip stored on the monitoring terminal mainboard the relevant information of monitoring terminal manufacturer storage.Include manufacturer's information, platform information, integrality certificate etc.Through platform authentication to monitoring terminal, can carry out authentication to the key message of platform, further improved the fail safe of monitoring terminal.
Credible and secure storage of 2 monitoring terminals and data are leakage-preventing
Receive the restriction of power consumption, network insertion, some monitoring terminal can't the real-time Transmission Monitoring Data.Monitoring terminal temporarily is stored in this locality with Monitoring Data, to certain set time, and the communication between monitor terminal unlatching and the main website, with data upload, how safety is stored in local monitor data is the problem that needs solve.
Can realize the leakage-preventing function of data effectively based on local trust chain trusted module chip.Trust chain trusted module chip on the monitoring terminal is supported data encryption feature, can memory protection feature be provided for monitoring terminal.The encryption of the Monitoring Data at terminal can be bound with the integrality of monitoring terminal.The data that are stored on the monitoring terminal must be carried out encryption, and the key of encryption and decryption is associated with the completeness check result of monitoring terminal.Before outside need obtains the data of storage, must carry out completeness check to monitoring terminal earlier, have only when completeness check passes through, could obtain correct decruption key.Through storing data key integrality association, can effectively realize the anti-data-leakage function, the data security of protection terminal storage in the terminal.
Monitoring terminal and main website insert that carrying out communicate by letter between the server also adopts cipher mode, and encryption key inserts the generation of execution server negotiate by monitoring terminal with main website, and coded communication can prevent that data are stolen and distort in transmission channel.
3 monitoring terminal integrity measurements
Integrity measurement to monitoring terminal is the characteristic value of obtaining about monitoring terminal that influences confidence level, and the summary of these values is deposited in the PCR register of monitoring terminal trust chain trusted module chip.Calculate the summary of certain module, and itself and desired value are compared the integrality that just can safeguard this module.
Fig. 3 representes the attack method of rogue program to target program.The rogue program target program that disguises oneself as is made amendment to the code in the target program process space, embeds malicious code.Therefore; Rogue program is attacked for the monitoring terminal with credible anti-attack ability; Operational blocks which partition system when the terminal is infected by malice; Variation through comparing digest value just can detect infected module; And then can handle accordingly, for example use the module of backup to repair infected module.
4 monitoring terminal trust chains transmit
The method of trust chain transmission is to set up a root of trust, and the credibility of root is guaranteed by physical security and Administrative Security; Set up a trust chain again; Begin to hardware platform, to operating system, again to application from root of trust; Arrive network at last; One-level authentication one-level; One-level is trusted one-level; Thereby this trust is expanded to The whole calculations machine network, to reach the purpose that strengthens fail safe and reliability, Here it is trust chain pass through mechanism.
According to the trust chain transmission method, trust chain trusted module chip is implanted in the built-in terminal system, call defencive function, integrity measurement function and the authentication function of trust chain trusted module chip, realize the secure and trusted of built-in terminal system.The startup of monitoring terminal system is begun by trust chain trusted module chip trusted root as shown in Figure 4, trust chain trusted module chip checking booting operating system process integrity, checking through after the boot that starts the operating system; The booting operating system program continues to call the power function verification operation system integrity of trust chain trusted module chip, and checking brings into operation through back operation system.Afterwards between operating system and the application program, between application program and the application program, can call the corresponding safety function of trust chain trusted module chip according to safety regulation between terminal and the main website, realize various trusted application.System's whole service flow process has guaranteed credible startup and the credible operation of bottom hardware, operating system, upper level applications.
5 monitoring terminal trust chains transmit Mathematical Modeling
The present invention proposes the Mathematical Modeling that a monitoring terminal trust chain transmits, and utilizes this model that the credibility of trust chain transmission is proved.Show that through this model then whole trust chain is credible as long as guarantee that the tolerance of each layer that trust chain is middle all is believable, integral body is credible until the terminal.
The model formulation that trust chain transmits is following:
System loads depth amount is the result be expressed as:
Booting operating system program metric function is:
Derive according to this, the tolerance result of i-1 layer does
The tolerance result of i layer does
=
(4)
Formula (4) is carried out conversion
=
…
…
=
(5)
According to the formula (5) analysis, as a trusted root
is considered to be fully trusted,
The final measurement result depends on the previous
measure results so
chain of trust is also dependent on the credibility
chain of trust credibility.The reliability rating of whole trust chain depends on the integrality of each trust layer on the trust chain.As long as guarantee that each layer all is credible fully in the trust chain transmittance process, can prove that then whole trust chain is believable.
Description of drawings
Fig. 1 is a power transmission and transformation equipment state monitoring system network structure.Mainly comprise: monitoring terminal, wide-area communication network, application server.Be the power transmission and transformation equipment state monitoring system figure before not transforming;
Fig. 2 is the improved power transmission and transformation equipment state monitoring system network structure that transmits based on trust chain;
Fig. 3 is a rogue program target of attack program code sketch map;
Fig. 4 is that the terminal trust chain transmits sketch map.
Embodiment
Describe for ease, we have following application example at hypothesis:
The power transmission and transformation equipment state monitoring system is set up in certain electric power enterprise plan, and this condition monitoring system comprises power transmission and transformation equipment state monitoring terminal and application system server.The status monitoring terminal part is deployed in power transmission and transforming equipment one side; Near power transmission and transforming equipment; Monitoring equipment both can be the equipment in the transformer station; Like transformer etc.; Equipment on also can shaft tower; Like transmission line etc., monitoring equipment inserts the application server of main websites, the application server processes Monitoring Data of main website through Wide Area Networks such as cable network, wireless network, wireless public networks.
Its concrete embodiment is:
(1), monitoring terminal is transformed into supports credible tolerance, supports the credible monitoring terminal that trust chain transmits at the monitoring terminal hardware chain trusted module chip of enhancing trust.
(2) if between monitoring equipment and state information access controller or monitoring equipment and the shutdown of state information Access Network, the status monitoring agent equipment is arranged; At the status monitoring proxy hardware chain trusted module chip of enhancing trust, the status monitoring agency transform as support credible tolerance, support the trusted status monitoring agency (TCMA) that trust chain transmits.
(3) similar, the chain trusted module chip of on state information access controller and state information Access Network shutdown hardware, enhancing trust transform it as trusted status information access controller (TCAC) and trusted status information Access Network shutdown (TCAG)
(4) insert the border in main website and dispose access execution server, authentic authentication server and meta data server.Insert the execution server and be responsible for communicating, accept the access application of TCAC, TCAG, TCMA, these equipment propositions of TMT, and the authentic authentication server is given in application with TCAC, TCAG, TCMA, TMT.The authentic authentication server is responsible for application equipment is carried out authentication, platform authentication, integrity measurement, judges the credibility of application equipment.If application equipment satisfies credible requirement, the authentic authentication server notification inserts the server access application equipment of carrying out.Insert execution server and application equipment and set up communication port.Meta data server is responsible for being connected with application server the service that provides.
Claims (2)
1. the power transmission and transformation equipment state monitoring system safety protecting method that transmits based on trust chain is characterized in that, comprises following:
1) TCAC/TCAG is to inserting the server application access request of carrying out;
2) insert the execution server authentic authentication server is given in application, the authentic authentication server at first carries out authentication to the letter of identity of TCAC/TCAG;
3) after authentication is passed through; The authentic authentication server forwards application to TNC service end layer; Through the IF-TNCCS agreement TNC client tier of TCAC/TCAG is carried out platform authentication by the TNC service end, the certificate in the trust chain trusted module chip on the checking TCAC/TCAG mainboard;
4) after platform authentication passed through, the authentic authentication server forwarded application to the integrity verification layer again, requires TCAC/TCAG that the integrity information of self is collected, and the authentic authentication server carries out integrity verification to the data after collecting;
5) after checking was passed through, TCAC/TCAG was authorized in the decision of authentic authentication server corresponding confidence levels, and notice access execution server, allowed TCAC/TCAG to insert; Insert and carry out server and TCAC/TCAG negotiate encryption key, set up the encrypted transmission passage, accomplish the credible access of TCAC/TCAG;
6) if having TCMA between TCAC/TCAG and the monitoring terminal, then TCMA also inserts main website with reference to the access way of TCAC/TCAG;
7) after the communication port between TCAC/TCAG/TCMA and the main website was set up and accomplished, monitoring terminal (TMT) initiated to insert application through this passage to inserting the execution server; Employing is similar to the verification mode of TCAC/TCAG, and monitoring terminal is carried out authentication, platform authentication and integrity verification; After checking was accomplished, the authentic authentication server was included monitoring terminal in own trust domain, and the negotiation with monitoring terminal completion Traffic encryption key(TEK) is issued to TCAC/TCAG/TCMA with encryption key.
2. based on the power transmission and transformation equipment state monitoring system safety protecting method of trust chain transmission, it is characterized in that the credibility of the trust chain transmission of safety protecting method is provided by following proof:
? integrity measurement trusted root
The model formulation that trust chain transmits is following:
System loads depth amount is the result be expressed as:
Booting operating system program metric function is:
…
Derive according to this, the tolerance result of i-1 layer does
The tolerance result of i layer does
Formula (4) is carried out conversion
=
…
…
=
(5)
According to the formula (5) analysis, as a trusted root
is considered to be entirely credible.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110316668.3A CN102355467B (en) | 2011-10-18 | 2011-10-18 | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110316668.3A CN102355467B (en) | 2011-10-18 | 2011-10-18 | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102355467A true CN102355467A (en) | 2012-02-15 |
| CN102355467B CN102355467B (en) | 2015-07-08 |
Family
ID=45578961
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110316668.3A Active CN102355467B (en) | 2011-10-18 | 2011-10-18 | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102355467B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103067368A (en) * | 2012-12-24 | 2013-04-24 | 江西省电力公司 | Protocol and implementation method of direct transmission of electrical power system warning message |
| CN103491054A (en) * | 2012-06-12 | 2014-01-01 | 珠海市鸿瑞信息技术有限公司 | SAM access system |
| CN103646214A (en) * | 2013-12-18 | 2014-03-19 | 国家电网公司 | Method for establishing trusted environment in power distribution terminal |
| CN103795541A (en) * | 2013-12-13 | 2014-05-14 | 国网上海市电力公司 | Secure communication method of electricity information acquisition system of 230M wireless private network channel |
| CN106125627A (en) * | 2016-08-25 | 2016-11-16 | 浪潮电子信息产业股份有限公司 | A kind of credible Internet of Things implementation method based on TPM chip |
| CN103684793B (en) * | 2013-12-25 | 2017-12-05 | 国家电网公司 | A kind of method based on trust computing enhancing communication security of power distribution network |
| CN111683136A (en) * | 2020-06-05 | 2020-09-18 | 国网冀北电力有限公司电力科学研究院 | Node safety monitoring method and device of power distribution Internet of things and power distribution Internet of things system |
| CN112104653A (en) * | 2020-09-15 | 2020-12-18 | 全球能源互联网研究院有限公司 | Charging system trusted computing management method and device and storage medium |
| CN112347472A (en) * | 2020-10-27 | 2021-02-09 | 中国南方电网有限责任公司 | Behavior measurement method and device of power system |
| CN112511618A (en) * | 2020-11-25 | 2021-03-16 | 全球能源互联网研究院有限公司 | Edge Internet of things agent protection method and power Internet of things dynamic security trusted system |
| CN114845298A (en) * | 2022-03-29 | 2022-08-02 | 国网山东省电力公司经济技术研究院 | Aerial optical cable monitoring and transmitting system based on trusted WLAN |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1545243A (en) * | 2003-11-24 | 2004-11-10 | 华中科技大学 | Method and system for certification |
| CN1848722A (en) * | 2005-04-14 | 2006-10-18 | 联想(北京)有限公司 | Method and system for establishing credible virtual special network connection |
| CN101039186A (en) * | 2007-05-08 | 2007-09-19 | 中国科学院软件研究所 | Method for auditing safely system log |
| CN101038556A (en) * | 2007-04-30 | 2007-09-19 | 中国科学院软件研究所 | Trusted bootstrap method and system thereof |
| CN101122936A (en) * | 2007-09-21 | 2008-02-13 | 武汉大学 | Embed type platform guiding of credible mechanism |
| CN101136928A (en) * | 2007-10-19 | 2008-03-05 | 北京工业大学 | Reliable network access framework |
| CN101145906A (en) * | 2006-09-13 | 2008-03-19 | 北京邦天科技有限公司 | Method and system for authenticating legality of receiving terminal in unidirectional network |
| CN101159640A (en) * | 2007-11-16 | 2008-04-09 | 西安西电捷通无线网络通信有限公司 | Ternary equal identification based reliable network access control system |
| CN101458743A (en) * | 2007-12-12 | 2009-06-17 | 中国长城计算机深圳股份有限公司 | Method for protecting computer system |
| CN101859373A (en) * | 2010-04-28 | 2010-10-13 | 国网电力科学研究院 | Method for safely accessing mobile credible terminal |
| CN201699728U (en) * | 2010-06-17 | 2011-01-05 | 宁波电业局 | Trusted network management system for electric power real-time system |
| US20110145593A1 (en) * | 2009-12-15 | 2011-06-16 | Microsoft Corporation | Verifiable trust for data through wrapper composition |
-
2011
- 2011-10-18 CN CN201110316668.3A patent/CN102355467B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1545243A (en) * | 2003-11-24 | 2004-11-10 | 华中科技大学 | Method and system for certification |
| CN1848722A (en) * | 2005-04-14 | 2006-10-18 | 联想(北京)有限公司 | Method and system for establishing credible virtual special network connection |
| CN101145906A (en) * | 2006-09-13 | 2008-03-19 | 北京邦天科技有限公司 | Method and system for authenticating legality of receiving terminal in unidirectional network |
| CN101038556A (en) * | 2007-04-30 | 2007-09-19 | 中国科学院软件研究所 | Trusted bootstrap method and system thereof |
| CN101039186A (en) * | 2007-05-08 | 2007-09-19 | 中国科学院软件研究所 | Method for auditing safely system log |
| CN101122936A (en) * | 2007-09-21 | 2008-02-13 | 武汉大学 | Embed type platform guiding of credible mechanism |
| CN101136928A (en) * | 2007-10-19 | 2008-03-05 | 北京工业大学 | Reliable network access framework |
| CN101159640A (en) * | 2007-11-16 | 2008-04-09 | 西安西电捷通无线网络通信有限公司 | Ternary equal identification based reliable network access control system |
| CN101458743A (en) * | 2007-12-12 | 2009-06-17 | 中国长城计算机深圳股份有限公司 | Method for protecting computer system |
| US20110145593A1 (en) * | 2009-12-15 | 2011-06-16 | Microsoft Corporation | Verifiable trust for data through wrapper composition |
| CN101859373A (en) * | 2010-04-28 | 2010-10-13 | 国网电力科学研究院 | Method for safely accessing mobile credible terminal |
| CN201699728U (en) * | 2010-06-17 | 2011-01-05 | 宁波电业局 | Trusted network management system for electric power real-time system |
Non-Patent Citations (1)
| Title |
|---|
| TRUSTED COMPUTING GROUP, INCORPORATED: "《TCG Specification Architecture Overview》", 2 August 2007, article "TCG Specification Architecture Overview" * |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491054A (en) * | 2012-06-12 | 2014-01-01 | 珠海市鸿瑞信息技术有限公司 | SAM access system |
| CN103067368A (en) * | 2012-12-24 | 2013-04-24 | 江西省电力公司 | Protocol and implementation method of direct transmission of electrical power system warning message |
| CN103795541A (en) * | 2013-12-13 | 2014-05-14 | 国网上海市电力公司 | Secure communication method of electricity information acquisition system of 230M wireless private network channel |
| CN103795541B (en) * | 2013-12-13 | 2017-03-22 | 国网上海市电力公司 | Secure communication method of electricity information acquisition system of 230M wireless private network channel |
| CN103646214A (en) * | 2013-12-18 | 2014-03-19 | 国家电网公司 | Method for establishing trusted environment in power distribution terminal |
| CN103646214B (en) * | 2013-12-18 | 2016-08-31 | 国家电网公司 | A kind of method setting up trusted context in distribution terminal |
| CN103684793B (en) * | 2013-12-25 | 2017-12-05 | 国家电网公司 | A kind of method based on trust computing enhancing communication security of power distribution network |
| CN106125627A (en) * | 2016-08-25 | 2016-11-16 | 浪潮电子信息产业股份有限公司 | A kind of credible Internet of Things implementation method based on TPM chip |
| CN111683136A (en) * | 2020-06-05 | 2020-09-18 | 国网冀北电力有限公司电力科学研究院 | Node safety monitoring method and device of power distribution Internet of things and power distribution Internet of things system |
| CN111683136B (en) * | 2020-06-05 | 2022-05-27 | 国网冀北电力有限公司电力科学研究院 | Node safety monitoring method and device of power distribution Internet of things and power distribution Internet of things system |
| CN112104653A (en) * | 2020-09-15 | 2020-12-18 | 全球能源互联网研究院有限公司 | Charging system trusted computing management method and device and storage medium |
| CN112104653B (en) * | 2020-09-15 | 2023-03-14 | 全球能源互联网研究院有限公司 | Trusted computing management method and device for charging system and storage medium |
| CN112347472A (en) * | 2020-10-27 | 2021-02-09 | 中国南方电网有限责任公司 | Behavior measurement method and device of power system |
| CN112511618A (en) * | 2020-11-25 | 2021-03-16 | 全球能源互联网研究院有限公司 | Edge Internet of things agent protection method and power Internet of things dynamic security trusted system |
| CN112511618B (en) * | 2020-11-25 | 2023-03-24 | 全球能源互联网研究院有限公司 | Edge Internet of things agent protection method and power Internet of things dynamic security trusted system |
| CN114845298A (en) * | 2022-03-29 | 2022-08-02 | 国网山东省电力公司经济技术研究院 | Aerial optical cable monitoring and transmitting system based on trusted WLAN |
| CN114845298B (en) * | 2022-03-29 | 2023-11-28 | 国网山东省电力公司经济技术研究院 | Overhead optical cable monitoring and transmitting system based on trusted WLAN |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102355467B (en) | 2015-07-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102355467B (en) | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission | |
| CN110691064B (en) | Safety access protection and detection system for field operation terminal | |
| KR101296483B1 (en) | Validation and/or authentication of a device for communication with a network | |
| US9246691B2 (en) | System, method and apparata for secure communications using an electrical grid network | |
| CN103595530B (en) | Software secret key updating method and device | |
| US20120137126A1 (en) | Smart meter and meter reading system | |
| CN101355459B (en) | Method for monitoring network based on credible protocol | |
| WO2008008123A3 (en) | Firewall+ storage apparatus, method and system | |
| CN105099705B (en) | A kind of safety communicating method and its system based on usb protocol | |
| Von Oheimb | IT security architecture approaches for smart metering and smart grid | |
| CN114584331A (en) | Power distribution internet of things edge internet of things agent network security protection method and system | |
| CN106295323A (en) | Senior measuring system malware detection method based on cloud security | |
| CN111711627B (en) | Industrial Internet data security monitoring method and system based on block chain | |
| CN217486505U (en) | Credible terminal device based on Internet of things + block chain | |
| Formby et al. | A physical overlay framework for insider threat mitigation of power system devices | |
| CN115879087A (en) | Safe and trusted starting method and system for power terminal | |
| CN111555857A (en) | Edge network and network transmission method | |
| Liu et al. | Security risks evaluation toolbox for smart grid devices | |
| Sharma et al. | Fortified-Grid 3.0: Security by Design for Smart Grid through Hardware Security Primitives | |
| Limbasiya et al. | Attacks on authentication and authorization models in smart grid | |
| CN113849796B (en) | Intelligent communication water affair Internet of things remote monitoring control method, system and block chain system | |
| Boyanapalli | Implementation of secure dnp3 architecture of scada system for smart grids | |
| Rowland et al. | APPLICATION OF SECURE ELEMENTS TO ENHANCE REAL-TIME CONTINUOUS MONITORING AND CONFIGURATION | |
| CN117527333A (en) | Identity authentication method, server and terminal equipment | |
| CN114079663A (en) | Environment monitoring method and device based on block chain and eSIM |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |