CN102355467B - Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission - Google Patents

Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission Download PDF

Info

Publication number
CN102355467B
CN102355467B CN201110316668.3A CN201110316668A CN102355467B CN 102355467 B CN102355467 B CN 102355467B CN 201110316668 A CN201110316668 A CN 201110316668A CN 102355467 B CN102355467 B CN 102355467B
Authority
CN
China
Prior art keywords
access
tcac
tcag
monitoring
credible
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201110316668.3A
Other languages
Chinese (zh)
Other versions
CN102355467A (en
Inventor
曾荣
张涛
林为民
陈亚东
邵志鹏
马卓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Electric Power Research Institute
Original Assignee
State Grid Electric Power Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Electric Power Research Institute filed Critical State Grid Electric Power Research Institute
Priority to CN201110316668.3A priority Critical patent/CN102355467B/en
Publication of CN102355467A publication Critical patent/CN102355467A/en
Application granted granted Critical
Publication of CN102355467B publication Critical patent/CN102355467B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Computer And Data Communications (AREA)

Abstract

The invention relates to a power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission, which carries out credible transformation to a power transmission and transformation equipment state monitoring system through identity authentication, platform authentication, integrity measurement, trust chain transmission and other methods. A credible authentication service, an access actuation server and a centralized regulation server are deployed in a main station, and a monitoring terminal, a state information access controller, a state information access gateway machine and a state monitoring proxy are transformed into a credible monitoring terminal, a credible state information access controller, a credible state information access gateway machine and a credible state monitoring proxy, so that the whole monitoring system is constructed into a credible system. The system can effectively prevent malicious program attack, malicious code injection attack, physical data theft, network tapping, sniffing attack and the like, and protect the security of the monitoring system and an internal power grid system; and the invention also provides a trust chain transmission model which is used for proving that under trust chain transmission, as long as each level of a trust chain is credible, the whole system is credible.

Description

Based on the power transmission and transformation equipment state monitoring system safety protecting method of transitive trust
Technical field
The present invention is a kind of power transmission and transformation equipment state monitoring system safety protection technique, transitive trust method is applied in power transmission and transformation equipment state monitoring system, mainly solve the protection of the power transmission and transformation equipment state monitoring system network information security, prevent various rogue attacks, belong to filed of network information security.
Background technology
Power transmission and transformation equipment state monitoring system (be called for short " monitoring system ") is a kind of real-time perception, monitoring system of monitoring early warning, analyzing and diagnosing and evaluation prediction of utilizing various sensor technology, wide-area communication and the information processing technology to realize various power transmission and transforming equipment running status.
Current, power transmission and transformation equipment state monitoring system typical network architecture adopts main website, wide-area communication network, monitoring terminal three grades of deployment modes, if shown in network model Fig. 1.
Monitoring terminal is divided into the monitoring terminal of the electrical substation monitoring terminal that in monitoring substation, equipment runs and the transmission line running status of monitoring on transmission tower.These two kinds of terminals are connected with the application server of main website by wide-area communication network.Monitoring Data is uploaded to the application server of main website by monitoring terminal by wide-area communication network.Application server is responsible for processing Monitoring Data, and data are also saved to background data base by display.
Due to monitoring terminal access electric power system Intranet, cross over the Wide Area Networks such as cable network, wireless network, wireless public network, the complicated network structure, security risk is high.Assailant can select to attack monitoring terminal, implants rogue program, and then steals the identity information of monitoring terminal, steal Monitoring Data at monitoring terminal; Also can select to attack access network, distort transmitted data on network, disturb normal monitoring; More analog monitoring terminal can attack net province main station system, and then electrical power system network safety is threatened.Therefore, power transmission and transformation equipment state monitoring system needs to strengthen safety prevention measure, ensures electrical power system network safety.
Summary of the invention
Object of the present invention is just to provide a kind of new power transmission and transformation equipment state monitoring system safety protection technique, solves the security risk that power transmission and transformation equipment state monitoring system faces.
The present invention proposes a kind of power transmission and transformation equipment state monitoring system safety protecting method based on transitive trust, from monitoring terminal hardware source, solved the information security issue of monitoring terminal network system by the transmission of secure hardware, trust chain and the method for platform authentication.The hardware mainboard of equipment embeds the module chip supporting transitive trust, develops credible and secure parts, in conjunction with the software protocol supporting transitive trust, set up new Security Architecture.Utilize the technology such as credible tolerance, transitive trust, the safe and reliable access electric power system Intranet of power transmission and transformation equipment state monitoring system can be realized, stop that rogue program is attacked, malicious code implant attack, the various attacks mode such as physical data steals, network interception and Sniffing Attack.
one, architecture
Be illustrated in figure 2 the network architecture of the power transmission and transformation equipment state monitoring system based on transitive trust.It mainly comprises following components: authentic authentication server, access perform server, centralized supervisory server, trusted status information access controller (TCAC), trusted status information access gateway machine (TCAG), trusted status monitor agent (TCMA), credible monitoring terminal (TMT).
Provide concrete introduction below:
authentic authentication server:authentic authentication server disposition is in main website, and first the access application of monitoring equipment is submitted to authentic authentication server.Authentic authentication server carries out authentication, platform authentication, integrity measurement to the monitoring equipment proposing access application, judges that whether the equipment proposing access application is credible.If equipment is credible, then allow monitoring equipment access Intranet, otherwise refusal.
access performs server:be deployed in main website border, control the access of monitoring equipment, function class is similar to borde gateway.After authentic authentication server allows application equipment access, notice access performs server access monitoring equipment.Access performs server and performs the communication encryption and decryption with monitoring equipment.
centralized supervisory server:centralized supervisory server disposition performs after server in access, bears being connected between environment with application service under transitive trust.
trusted status information access controller (TCAC):it is a kind of network application access device possessing transitive trust ability, be deployed in transformer station, can all kinds of state monitoring apparatus or status monitoring agency in docking station in the standard fashion, receive the standardization state information that they send, and they are carried out to the device of standardization control.
trusted status information access gateway machine (TCAG):be a kind of network application access device possessing transitive trust ability, be deployed in net side of provinceing, can act on behalf of by all kinds of status monitoring of long-range connection in the standard fashion, receive the standardization state information that they send, and they are carried out to the computer of standardization control.
trusted status monitor agent (TCMA):it is a kind of network application access device possessing transitive trust ability, be installed on circuit or in transformer station, can all kinds of status monitoring information on centralized collection line or in station, and substitute the unified agent device that all kinds of state monitoring apparatus and TCAC or TCAG carry out standardized data communication.
credible monitoring terminal (TMT):a kind of power transmission and transformation equipment state monitoring equipment possessing transitive trust ability, install with circuit on or in transformer station, the device of all kinds of power transmission and transformation equipment state information on centralized collection line or in station.
Master station access end arranges authentic authentication server, and authentic authentication server judges whether the access request of terminal meets the demands, if met the requirements, notice access performs server and accesses terminal, otherwise the access of refusal terminal.Access performs server and is positioned at main website border, and function class is similar to IAD, for controlling the access of external equipment as TCAC/TCAG/TCMA, monitoring terminal etc.Access performs the decision that server performs authentic authentication server on the one hand, and on the other hand, access performs the function of the channel data encryption and decryption between server assumes and terminal, and external data enters Intranet after the deciphering that access performs server.The connection of centralized supervisory network in charge main website network and state monitoring and management system.
two, method flow
The power transmission and transformation equipment state monitoring system safety protecting method based on transitive trust that this method proposes comprises monitoring terminal authentication and platform authentication, the credible and secure storage of monitoring terminal and data are leakage-preventing, monitoring terminal integrity measurement, monitoring terminal transitive trust.
1 monitoring terminal authentication and platform authentication
1.1 monitoring terminal authentications
Monitoring terminal authentication is that authentic authentication server carries out the first step of analysis to monitoring terminal, and authentication is kept in the memory space of terminal self, in the non-volatile storage space as monitoring terminal system board.Monitoring terminal to only have by authentic authentication server after its certification carried out, and is allowed for access next step.
1.2 monitoring terminal platform authentications
The relevant information that monitoring terminal manufacturer stores is store in trust chain trusted module chip on monitoring terminal mainboard.Include monitoring terminal manufacturer information, platform information, integrity certificate etc.By the platform authentication to monitoring terminal, certification can be carried out to the key message of platform, further increase the fail safe of monitoring terminal.
The credible and secure storage of 2 monitoring terminal and data leakage-preventing
Be subject to the restriction of power consumption, network insertion, some monitoring terminal cannot real-time Transmission Monitoring Data.Monitoring Data is temporarily stored in this locality by monitoring terminal, and to certain set time, monitor terminal opens the communication between main website, and by data upload, how safety is stored in local monitor data is a problem needing to solve.
The leakage-preventing function of data effectively can be realized based on local trust chain trusted module chip.Trust chain trusted module chip supported data encryption function on monitoring terminal, can provide memory protection feature for monitoring terminal.The encryption of the Monitoring Data of terminal can be bound with the integrality of monitoring terminal.The data be stored on monitoring terminal must be encrypted, and are associated by the key of encryption and decryption with the completeness check result of monitoring terminal.When outside need obtain store data before, first must carry out completeness check to monitoring terminal, only have when completeness check by time, correct decruption key could be obtained.By being associated in Endpoint integrity by storage data key, can effectively realize anti-data-leakage function, the data security of protection terminal storage.
Monitoring terminal and Master station access perform to communicate between server and also adopt cipher mode, and encryption key performs server negotiate by monitoring terminal and Master station access and produces, and coded communication can prevent data be stolen in transmission channel and distort.
3 monitoring terminal integrity measurements
Obtain about the characteristic value affecting confidence level of monitoring terminal on the integrity measurement of monitoring terminal, and by the PCR register of the summary of these values stored in monitoring terminal trust chain trusted module chip.Calculate the summary of certain module, and itself and desired value are compared the integrality just can safeguarding this module.
Fig. 3 represents the attack method of rogue program to target program.Rogue program disguises oneself as target program, modifies to the code in the target program process space, embeds malicious code.Therefore, rogue program is attacked for credible monitoring terminal, when the operational blocks which partition system of terminal is maliciously infected, just can detect infected module by the change of comparing digest value, and then can process accordingly, such as use the module of backup to repair infected module.
4 monitoring terminal transitive trusts
Based on trust chain safety substantially want set up a root of trust, the credibility of root is guaranteed by physical security and Administrative Security; Set up a trust chain again, from root of trust to hardware platform, to operating system, again to application, finally arrive network, one-level certification one-level, one-level trusts one-level, thus this trust extension to whole computer network, to reach the object strengthening safety and reliability, transitive trust mechanism that Here it is.
According to transitive trust method, in trust chain trusted module implanted chip built-in terminal system, call the defencive function of trust chain trusted module chip, integrity measurement function and authentication function, realize the secure and trusted of built-in terminal system.The startup of monitoring terminal system is by trust chain trusted module chip trusted root as shown in Figure 4, trust chain trusted module chip checking booting operating system process integrity, and start the operating system after being verified boot; Booting operating system program continues the power function verification operation system integrity calling trust chain trusted module chip, is verified back operation system and brings into operation.Back operation system and application program between, according to safety regulation, the corresponding safety function of trust chain trusted module chip can be called, realizes various trusted application between application program and application program, between terminal and main website.System whole service flow process ensure that the credible startup of bottom hardware, operating system, upper level applications and credible operation.
5 monitoring terminal transitive trust Mathematical Modelings
The present invention proposes the Mathematical Modeling of a monitoring terminal transitive trust, and utilizes the credibility of this model to transitive trust to prove.As long as the tolerance being shown the every one deck ensured in the middle of trust chain by this model is all believable, then whole trust chain is credible, until terminal entirety is credible.
the measurement results of trust chain
integrity measurement trusted root
the measurement results of i-th layer of trust chain
i-th depth flow function
the hash function of the i-th depth amount
i-th layer by the program of measuring
The model formulation of transitive trust is as follows:
System loads layer measurement results is expressed as:
= (1)
Booting operating system program metric function is:
= (2)
Derive according to this, the measurement results of the i-th-1 layer is
= (3)
The measurement results of i-th layer is
= (4)
Formula (4) is converted
=
= (5)
Analyze, due to trusted root according to formula (5) be considered to completely believable, final measurement results depend on previous measurement results, therefore the credibility of trust chain also depends on trust chain credible.The reliability rating of whole trust chain depends on the integrality of each trust layer on trust chain.As long as ensure that in transitive trust process, every one deck is all completely credible, then can prove that whole trust chain is believable.
6 monitoring terminal access process
Monitoring terminal access process is:
(1) TCAC/TCAG performs server application access request to access.
(2) access performs server and authentic authentication server is given in application, and first authentic authentication server carries out certification to the letter of identity of TCAC/TCAG.
(3) after authentication is passed through, application is forwarded to TNC and serves end layer by authentic authentication server, platform authentication is carried out by the TNC client tier of IF-TNCCS agreement to TCAC/TCAG, the certificate in the trust chain trusted module chip on checking TCAC/TCAG mainboard by TNC service end.
(4) after platform authentication passes through, authentic authentication server forwards application to integrity verification layer again, requires that the integrity information of TCAC/TCAG to self is collected, and authentic authentication server carries out integrity verification to the data after collection.
(5) after being verified, authentic authentication server determines to authorize the corresponding confidence levels of TCAC/TCAG, and notice access performs server, allows TCAC/TCAG access.Access performs server and TCAC/TCAG negotiate encryption key, sets up encrypted transmission passage, completes the credible access of TCAC/TCAG.
(6) if there is TCMA between TCAC/TCAG and monitoring terminal, then TCMA is also with reference to the access way access main website of TCAC/TCAG.
(7), after the communication port between TCAC/TCAG/TCMA and main website has been set up, monitoring terminal (TMT) performs server by this passage to access and initiates access application.Adopt the verification mode being similar to TCAC/TCAG, authentication, platform authentication and integrity verification are carried out to monitoring terminal.After having verified, monitoring terminal is included in oneself trust domain by authentic authentication server, completes the negotiation of Traffic encryption key(TEK), encryption key is issued to TCAC/TCAG/TCMA with monitoring terminal.
The inventive method proposes a kind of power transmission and transformation equipment state monitoring system safety protecting method based on transitive trust, the monitoring terminal being mainly used in solving power transmission and transformation equipment state monitoring system accesses electric power system Intranet by modes such as wireless, public networks, brings security risk to electric power system Intranet.By transitive trust method is introduced power transmission and transformation equipment state monitoring system, promote the ability of the preventing malice code intrusion of power transmission and transformation equipment state monitoring system.
1 monitoring terminal authentication and platform authentication
1.1 monitoring terminal authentications
Monitoring terminal authentication is that authentic authentication server carries out the first step of analysis to monitoring terminal, and authentication is kept in the memory space of terminal self, in the non-volatile storage space as monitoring terminal system board.Monitoring terminal to only have by authentic authentication server after its certification carried out, and is allowed for access next step.
1.2 monitoring terminal platform authentications
Platform authentication is a kind of hardware system authentication mode.The relevant information that monitoring terminal manufacturer stores is store in trust chain trusted module chip on monitoring terminal mainboard.Include manufacturer's information, platform information, integrity certificate etc.By the platform authentication to monitoring terminal, certification can be carried out to the key message of platform, further increase the fail safe of monitoring terminal.
The credible and secure storage of 2 monitoring terminal and data leakage-preventing
Be subject to the restriction of power consumption, network insertion, some monitoring terminal cannot real-time Transmission Monitoring Data.Monitoring Data is temporarily stored in this locality by monitoring terminal, and to certain set time, monitor terminal opens the communication between main website, and by data upload, how safety is stored in local monitor data is a problem needing to solve.
The leakage-preventing function of data effectively can be realized based on local trust chain trusted module chip.Trust chain trusted module chip supported data encryption function on monitoring terminal, can provide memory protection feature for monitoring terminal.The encryption of the Monitoring Data of terminal can be bound with the integrality of monitoring terminal.The data be stored on monitoring terminal must be encrypted, and are associated by the key of encryption and decryption with the completeness check result of monitoring terminal.When outside need obtain store data before, first must carry out completeness check to monitoring terminal, only have when completeness check by time, correct decruption key could be obtained.By being associated in Endpoint integrity by storage data key, can effectively realize anti-data-leakage function, the data security of protection terminal storage.
Monitoring terminal and Master station access perform to communicate between server and also adopt cipher mode, and encryption key performs server negotiate by monitoring terminal and Master station access and produces, and coded communication can prevent data be stolen in transmission channel and distort.
3 monitoring terminal integrity measurements
Obtain about the characteristic value affecting confidence level of monitoring terminal on the integrity measurement of monitoring terminal, and by the PCR register of the summary of these values stored in monitoring terminal trust chain trusted module chip.Calculate the summary of certain module, and itself and desired value are compared the integrality just can safeguarding this module.
Fig. 3 represents the attack method of rogue program to target program.Rogue program disguises oneself as target program, modifies to the code in the target program process space, embeds malicious code.Therefore, rogue program is attacked for the monitoring terminal with credible anti-attack ability, when the operational blocks which partition system of terminal is maliciously infected, just infected module can be detected by the change of comparing digest value, and then can process accordingly, such as use the module of backup to repair infected module.
4 monitoring terminal transitive trusts
The method of transitive trust sets up a root of trust, and the credibility of root is guaranteed by physical security and Administrative Security; Set up a trust chain again, from root of trust to hardware platform, to operating system, again to application, finally arrive network, one-level certification one-level, one-level trusts one-level, thus this trust extension to whole computer network, to reach the object strengthening safety and reliability, transitive trust mechanism that Here it is.
According to transitive trust method, in trust chain trusted module implanted chip built-in terminal system, call the defencive function of trust chain trusted module chip, integrity measurement function and authentication function, realize the secure and trusted of built-in terminal system.The startup of monitoring terminal system is by trust chain trusted module chip trusted root as shown in Figure 4, trust chain trusted module chip checking booting operating system process integrity, and start the operating system after being verified boot; Booting operating system program continues the power function verification operation system integrity calling trust chain trusted module chip, is verified back operation system and brings into operation.Back operation system and application program between, according to safety regulation, the corresponding safety function of trust chain trusted module chip can be called, realizes various trusted application between application program and application program, between terminal and main website.System whole service flow process ensure that the credible startup of bottom hardware, operating system, upper level applications and credible operation.
5 monitoring terminal transitive trust Mathematical Modelings
The present invention proposes the Mathematical Modeling of a monitoring terminal transitive trust, and utilizes the credibility of this model to transitive trust to prove.As long as the tolerance being shown the every one deck ensured in the middle of trust chain by this model is all believable, then whole trust chain is credible, until terminal entirety is credible.
the measurement results of trust chain
integrity measurement trusted root
the measurement results of i-th layer of trust chain
i-th depth flow function
the hash function of the i-th depth amount
i-th layer by the program of measuring
The model formulation of transitive trust is as follows:
System loads layer measurement results is expressed as:
= (1)
Booting operating system program metric function is:
= (2)
Derive according to this, the measurement results of the i-th-1 layer is
= (3)
The measurement results of i-th layer is
= (4)
Formula (4) is converted
=
= (5)
Analyze, due to trusted root according to formula (5) be considered to completely believable, final measurement results depend on previous measurement results, therefore the credibility of trust chain also depends on trust chain credible.The reliability rating of whole trust chain depends on the integrality of each trust layer on trust chain.As long as ensure that in transitive trust process, every one deck is all completely credible, then can prove that whole trust chain is believable.
Accompanying drawing explanation
Fig. 1 is power transmission and transformation equipment state monitoring system network structure.Mainly comprise: monitoring terminal, wide-area communication network, application server.For the power transmission and transformation equipment state monitoring system figure before not transforming;
Fig. 2 is the improved power transmission and transformation equipment state monitoring system network structure based on transitive trust;
Fig. 3 is rogue program target of attack program code schematic diagram;
Fig. 4 is terminal transitive trust schematic diagram.
Embodiment
For convenience of description, our hypothesis has following application example:
Power transmission and transformation equipment state monitoring system is set up in certain electric power enterprise plan, and this condition monitoring system comprises power transmission and transformation equipment state monitoring terminal and application system server.Status monitoring terminal disposition is in power transmission and transforming equipment side, near power transmission and transforming equipment, monitoring equipment both can be the equipment in transformer station, as transformer etc., also can equipment on shaft tower, as transmission line etc., monitoring equipment accesses the application server of main website by Wide Area Networks such as cable network, wireless network, wireless public networks, the application server processes Monitoring Data of main website.
Its specific embodiment is:
(1) to enhance trust chain trusted module chip at monitoring terminal hardware, credible monitoring terminal monitoring terminal is transformed into and supports credible tolerance, supported transitive trust.
(2) if having status monitoring agent equipment between monitoring equipment and state information access controller or monitoring equipment and state information Access Network shut down, to enhance trust chain trusted module chip in status monitoring proxy hardware, status monitoring agency is transform as the trusted status monitor agent (TCMA) supported credible tolerance, support transitive trust.
(3) similar, chain trusted module chip that state information access controller and state information Access Network shutdown hardware are enhanced trust, is transform as trusted status information access controller (TCAC) and trusted status information access gateway machine (TCAG)
(4) dispose access on Master station access border and perform server, authentic authentication server and meta data server.Access performs network in charge and communicates with TCAC, TCAG, TCMA, TMT, accepts the access application that these equipment of TCAC, TCAG, TCMA, TMT proposes, and authentic authentication server is given in application.Authentic authentication network in charge carries out authentication, platform authentication, integrity measurement to application equipment, judges the credibility of application equipment.If application equipment meets credible requirement, the access of authentic authentication server notice performs server access application equipment.Access performs server and application equipment sets up communication port.Meta data server is responsible for being connected with application server providing service.

Claims (1)

1., based on the power transmission and transformation equipment state monitoring system safety protecting method of transitive trust, it is characterized in that, comprise the step that next coming in order carry out:
1) TCAC/TCAG performs server application access request to access;
2) access performs server and authentic authentication server is given in application, and first authentic authentication server carries out certification to the letter of identity of TCAC/TCAG;
3) after authentication is passed through, application is forwarded to TNC and serves end layer by authentic authentication server, platform authentication is carried out by the TNC client tier of IF-TNCCS agreement to TCAC/TCAG, the certificate in the trust chain trusted module chip on checking TCAC/TCAG mainboard by TNC service end;
4) after platform authentication passes through, authentic authentication server forwards application to integrity verification layer again, requires that the integrity information of TCAC/TCAG to self is collected, and authentic authentication server carries out integrity verification to the data after collection;
5) after being verified, authentic authentication server determines to authorize the corresponding confidence levels of TCAC/TCAG, and notice access performs server, allows TCAC/TCAG access; Access performs server and TCAC/TCAG negotiate encryption key, sets up encrypted transmission passage, completes the credible access of TCAC/TCAG;
6) if there is TCMA between TCAC/TCAG and monitoring terminal, then TCMA is also with reference to the access way access main website of TCAC/TCAG;
7), after the communication port between TCAC/TCAG/TCMA and main website has been set up, monitoring terminal (TMT) performs server by this passage to access and initiates access application; Adopt the verification mode of TCAC/TCAG, authentication, platform authentication and integrity verification are carried out to monitoring terminal; After having verified, monitoring terminal is included in oneself trust domain by authentic authentication server, completes the negotiation of Traffic encryption key(TEK), encryption key is issued to TCAC/TCAG/TCMA with monitoring terminal;
Described TCAC refers to trusted status information access controller, it is a kind of network application access device possessing transitive trust ability, be deployed in transformer station, can all kinds of state monitoring apparatus or status monitoring agency in docking station in the standard fashion, receive the standardization state information that they send, and they are carried out to the device of standardization control;
Described TCAG refers to trusted status information access gateway machine, it is a kind of network application access device possessing transitive trust ability, be deployed in net province side, can act on behalf of by all kinds of status monitoring of long-range connection in the standard fashion, receive the standardization state information that they send, and they are carried out to the computer of standardization control;
Described TCMA refers to trusted status monitor agent, it is a kind of network application access device possessing transitive trust ability, be installed on circuit or in transformer station, can all kinds of status monitoring information on centralized collection line or in station, and substitute the unified agent device that all kinds of state monitoring apparatus and TCAC or TCAG carry out standardized data communication.
CN201110316668.3A 2011-10-18 2011-10-18 Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission Active CN102355467B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110316668.3A CN102355467B (en) 2011-10-18 2011-10-18 Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110316668.3A CN102355467B (en) 2011-10-18 2011-10-18 Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission

Publications (2)

Publication Number Publication Date
CN102355467A CN102355467A (en) 2012-02-15
CN102355467B true CN102355467B (en) 2015-07-08

Family

ID=45578961

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110316668.3A Active CN102355467B (en) 2011-10-18 2011-10-18 Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission

Country Status (1)

Country Link
CN (1) CN102355467B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103491054A (en) * 2012-06-12 2014-01-01 珠海市鸿瑞信息技术有限公司 SAM access system
CN103067368A (en) * 2012-12-24 2013-04-24 江西省电力公司 Protocol and implementation method of direct transmission of electrical power system warning message
CN103795541B (en) * 2013-12-13 2017-03-22 国网上海市电力公司 Secure communication method of electricity information acquisition system of 230M wireless private network channel
CN103646214B (en) * 2013-12-18 2016-08-31 国家电网公司 A kind of method setting up trusted context in distribution terminal
CN103684793B (en) * 2013-12-25 2017-12-05 国家电网公司 A kind of method based on trust computing enhancing communication security of power distribution network
CN106125627A (en) * 2016-08-25 2016-11-16 浪潮电子信息产业股份有限公司 A kind of credible Internet of Things implementation method based on TPM chip
CN111683136B (en) * 2020-06-05 2022-05-27 国网冀北电力有限公司电力科学研究院 Node safety monitoring method and device of power distribution Internet of things and power distribution Internet of things system
CN112104653B (en) * 2020-09-15 2023-03-14 全球能源互联网研究院有限公司 Trusted computing management method and device for charging system and storage medium
CN112347472B (en) * 2020-10-27 2022-05-06 中国南方电网有限责任公司 Behavior credibility measuring method and device based on power edge calculation
CN112511618B (en) * 2020-11-25 2023-03-24 全球能源互联网研究院有限公司 Edge Internet of things agent protection method and power Internet of things dynamic security trusted system
CN114845298B (en) * 2022-03-29 2023-11-28 国网山东省电力公司经济技术研究院 Overhead optical cable monitoring and transmitting system based on trusted WLAN

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1545243A (en) * 2003-11-24 2004-11-10 华中科技大学 Method and system for certification
CN1848722A (en) * 2005-04-14 2006-10-18 联想(北京)有限公司 Method and system for establishing credible virtual special network connection
CN101039186A (en) * 2007-05-08 2007-09-19 中国科学院软件研究所 Method for auditing safely system log
CN101038556A (en) * 2007-04-30 2007-09-19 中国科学院软件研究所 Trusted bootstrap method and system thereof
CN101122936A (en) * 2007-09-21 2008-02-13 武汉大学 Embed type platform guiding of credible mechanism
CN101136928A (en) * 2007-10-19 2008-03-05 北京工业大学 Reliable network access framework
CN101145906A (en) * 2006-09-13 2008-03-19 北京邦天科技有限公司 Method and system for authenticating legality of receiving terminal in unidirectional network
CN101159640A (en) * 2007-11-16 2008-04-09 西安西电捷通无线网络通信有限公司 Ternary equal identification based reliable network access control system
CN101458743A (en) * 2007-12-12 2009-06-17 中国长城计算机深圳股份有限公司 Method for protecting computer system
CN101859373A (en) * 2010-04-28 2010-10-13 国网电力科学研究院 Method for safely accessing mobile credible terminal
CN201699728U (en) * 2010-06-17 2011-01-05 宁波电业局 Trusted network management system for electric power real-time system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9537650B2 (en) * 2009-12-15 2017-01-03 Microsoft Technology Licensing, Llc Verifiable trust for data through wrapper composition

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1545243A (en) * 2003-11-24 2004-11-10 华中科技大学 Method and system for certification
CN1848722A (en) * 2005-04-14 2006-10-18 联想(北京)有限公司 Method and system for establishing credible virtual special network connection
CN101145906A (en) * 2006-09-13 2008-03-19 北京邦天科技有限公司 Method and system for authenticating legality of receiving terminal in unidirectional network
CN101038556A (en) * 2007-04-30 2007-09-19 中国科学院软件研究所 Trusted bootstrap method and system thereof
CN101039186A (en) * 2007-05-08 2007-09-19 中国科学院软件研究所 Method for auditing safely system log
CN101122936A (en) * 2007-09-21 2008-02-13 武汉大学 Embed type platform guiding of credible mechanism
CN101136928A (en) * 2007-10-19 2008-03-05 北京工业大学 Reliable network access framework
CN101159640A (en) * 2007-11-16 2008-04-09 西安西电捷通无线网络通信有限公司 Ternary equal identification based reliable network access control system
CN101458743A (en) * 2007-12-12 2009-06-17 中国长城计算机深圳股份有限公司 Method for protecting computer system
CN101859373A (en) * 2010-04-28 2010-10-13 国网电力科学研究院 Method for safely accessing mobile credible terminal
CN201699728U (en) * 2010-06-17 2011-01-05 宁波电业局 Trusted network management system for electric power real-time system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Trusted Computing Group, Incorporated.TCG Specification Architecture Overview.《TCG Specification Architecture Overview》.2007, *

Also Published As

Publication number Publication date
CN102355467A (en) 2012-02-15

Similar Documents

Publication Publication Date Title
CN102355467B (en) Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission
CN110691064B (en) Safety access protection and detection system for field operation terminal
US9246691B2 (en) System, method and apparata for secure communications using an electrical grid network
KR101548041B1 (en) Validation and/or authentication of a device for communication with a network
JP5782914B2 (en) Method and system for device integrity authentication
CN101355459B (en) Method for monitoring network based on credible protocol
CN105099705B (en) A kind of safety communicating method and its system based on usb protocol
CN107409128A (en) The technology of security server access is carried out using trusted licence broker
CN110011848B (en) Mobile operation and maintenance auditing system
CN102833745B (en) Method, communication equipment and communication system that a kind of software security is upgraded
KR101314751B1 (en) Apparatus for managing installation of DRM and method thereof
KR20200102213A (en) Method and System for Providing Security on in-Vehicle Network
Johnson et al. Cybersecurity for electric vehicle charging infrastructure
Von Oheimb IT security architecture approaches for smart metering and smart grid
CN110445782B (en) Multimedia safe broadcast control system and method
CN105933117A (en) Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage
CN111711627B (en) Industrial Internet data security monitoring method and system based on block chain
CN110460562A (en) A kind of long-range Activiation method of POS terminal and system
CN110830465B (en) Security protection method for accessing UKey, server and client
CN106961435A (en) A kind of access protection method and system
CN115879087A (en) Safe and trusted starting method and system for power terminal
CN111555857A (en) Edge network and network transmission method
CN112035844A (en) System and method for acquiring trust state of terminal and computer equipment
CN117235702A (en) Information issuing method, system, computer device and storage medium
CN110972141B (en) Information verification method and device, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant