CN102685114B - Metering data transmission system based on identity encryption and data transmission method - Google Patents

Abstract

The invention discloses a metering data transmission system based on identity encryption, which comprises a host station, a metering terminal and an intelligent electric energy meter, wherein the intelligent electric energy meter encrypts metering data by adopting a working key and sends the metering data to the metering terminal; the metering terminal performs decryption by adopting the working key of the intelligent electric energy meter, then encrypts the metering data to form a ciphertext by using a public key of the metering terminal, generates a signature for the ciphertext, and sends the metering data and ciphertext information to the host station together; the host station verifies the signature by using the public key of the metering terminal, a private key of the metering terminal is generated after the signature is authenticated, and decryption for ciphertext information is performed so as to obtain an information plaintext; the host station generates a control command according to data processing results and encrypts the control command by adopting system sharing parameters and the public key of the metering terminal so as to generate the ciphertext, the ciphertext is sent to the metering terminal after the signature is generated, the metering terminal verifies the signature and the signature is authenticated, and the control command aiming at the intelligent electric energy meter is generated after the private key is adopted to decode the ciphertext and the control command is read; and in addition, the control command aiming at the intelligent electric energy meter is encrypted through the working key of the intelligent electric energy meter and then is sent to the intelligent electric energy meter. The metering data transmission system improves the security for data transmission, and reduces the calculating load of the host station.

Description

A kind of continuous data transmission system of Identity-based encryption and data transmission method

Technical field

The present invention relates to electric power data transmission technique field, particularly relate to a kind of continuous data transmission system of Identity-based encryption, also relate to the method that this system carries out transfer of data.

Background technology

Existing remote metering data transmission system generally comprises intelligent electric energy meter, measuring terminal and main website, wherein, measuring terminal is primarily of measuring equipment compositions such as plant stand electric energy acquisition terminal, load management terminal, low pressure meter-copy collector and distribution transformer monitoring and metering terminals.

In resident's low pressure automatic meter reading system of practical application, expressly read multiple intelligent electric energy meter by low pressure meter-copy collector to collect and after the user data sent, user data is sent to main website and carries out background process, in data transmission procedure, the fail safe of transfer of data is lower, is easy under attack; In order to overcome above-mentioned defect, at present, occurred the data transmission system adopting encryption technology, this data transmission system is generally set up asymmetric encryption mechanisms in main website and intelligent electric energy meter two ends, and the implication of asymmetric encryption mechanisms refers to that encryption, the key deciphered are identical; Continuous data from intelligent electric energy meter is forwarded by the measuring terminal such as low pressure meter-copy collector after encryption, and main website is to the decrypt data forwarded and receive, then deals with it, thus completes the transmission of continuous data between intelligent electric energy meter and main website.

But, also there is following defect in above-mentioned encrypted data transmission system: the key of (1) intelligent electric energy meter is generated by the key of main website and some dominant parameter role of intelligent electric energy meter, therefore, the fail safe of whole data transmission system only depends on the fail safe of main website key, once main website key is attacked, the data transmission security of whole system cannot be ensured effectively; (2) after existing encrypted data transmission system comes into operation, if upgrade the key of a wherein intelligent electric energy meter, just must do the key of intelligent electric energy meters all in this system and upgrade, therefore workload is very large, for practical operation brings the difficulty being difficult to overcome; (3) measuring terminal in existing encrypted data transmission system only has the function forwarding continuous data, and the data that all intelligent electric energy meters are uploaded process by main website, cause the calculated load of main website very large; (4) measuring terminal in existing encrypted data transmission system cannot carry out certification to encrypt data, is vulnerable to Denial of Service attack, thus affects the normal transmission of continuous data.

Summary of the invention

First object of the present invention is to provide a kind of continuous data transmission system that can improve continuous data transmission security, reduce the Identity-based encryption of main website calculated load.

Second object of the present invention is to provide aforesaid continuous data transmission system to carry out the method for transfer of data.

First object of the present invention realizes by the following technical solutions: a kind of continuous data transmission system of Identity-based encryption, comprises main website, measuring terminal and intelligent electric energy meter, it is characterized in that:

Main website, for producing system common parameter by Identity-based cryptography, and according to the PKI of system common parameter with measuring terminal, the private key of generation measuring terminal, is sent to measuring terminal by safe lane;

Measuring terminal, after receiving private key, generates the working key of intelligent electric energy meter and is sent to intelligent electric energy meter by safe lane;

Intelligent electric energy meter, is sent to measuring terminal after continuous data is adopted working key encryption;

Described intelligent electric energy meter is sent to measuring terminal after continuous data is adopted working key encryption, measuring terminal adopts the working key of intelligent electric energy meter to be decrypted, the public key encryption re-using measuring terminal becomes ciphertext, and after signature is generated to ciphertext, continuous data and cipher-text information are together sent to main website, main website uses the public key verifications signature of measuring terminal by rear, generate the private key of measuring terminal, to cipher-text information deciphering obtaining information expressly; Main website produces control command according to data processed result, the PKI of employing system common parameter and measuring terminal encrypts generating ciphertext to control command, measuring terminal is sent to after signature, measuring terminal certifying signature passes through, adopt private key decrypting ciphertext and the control command produced after reading control command for intelligent electric energy meter, by being sent to intelligent electric energy meter after the working key encryption of intelligent electric energy meter.

The present invention adopts the asymmetry sampling of identity-based to encrypt to carry out transfer of data between main website and measuring terminal, by main website as key generation centre, for measuring terminal generates private key, improve the fail safe of transfer of data, and between measuring terminal and intelligent electric energy meter, adopt the encryption of the symmetric key cryptography system of identity-based to carry out transfer of data, the user data that measuring terminal periodic collection, process intelligent electric energy meter are uploaded, measuring terminal has encryption and decryption functions, preliminary treatment can be carried out to the data of intelligent electric energy meter, alleviate the calculated load of main website.

Symmetric key cryptography system refers to that encryption and decryption use same key and same algorithm, and transmit leg and recipient's shared key and algorithm, and the safety condition of symmetric key cryptography system is that key must be maintained secrecy, and its advantage is that amount of calculation is little, computing is fast and cost is low; Asymmetry sampling refers to that encryption and decryption use different keys, and disclosed in one of them key is, another key is secret, and its advantage is that fail safe is good.

It is with IBC (Identity Based Cryptography that continuous data between intelligent electric energy meter of the present invention and main website transmits, Identity-based cryptography) based on, Identity-based cryptography is proposed in 1984 by one of the inventor of Israel scientist, famous RSA system A.Shamir, the basic theories of this cryptographic system is: Identity based encryption mechanism and data signature mechanism not certificate of necessity mechanism, can using the PKI of arbitrary string as user.Identity-based cryptography is made to be widely used in various technical field because above-mentioned cryptographic system has this characteristic.

As a modification of the present invention, described main website sends key updating instruction, the PKI of employing system common parameter and measuring terminal encrypts generating ciphertext to control command, measuring terminal is sent to after signature, measuring terminal receives ciphertext and by after certifying signature, by decrypt ciphertext, then by being sent to intelligent electric energy meter after the working key encryption of intelligent electric energy meter, intelligent electric energy meter receives ciphertext, upgrades after adopting the deciphering of the working key of intelligent electric energy meter to working key.The present invention can reach the object of regular update intelligent electric energy meter working key, to improve the fail safe of transfer of data.

The present invention also can do following improvement, and when initialization main website and measuring terminal, the identity information of measuring terminal adopts installation addresses, coding, sequence number codominance information.Make main website or other measuring terminal can the PKI of other measuring terminal in acquisition system easily.

Measuring terminal of the present invention is according to data processed result, produce the control command sending to main website, generating ciphertext instruction after ciphering signature, if measuring terminal and master station communication failure, ciphertext instruction be sent to and communicate with normal measuring terminal, measuring terminal, by certifying signature, adds after receiving ciphertext instruction and signs and be sent to main website, by certifying signature after main website receives, the private key deciphering of measuring terminal is adopted to obtain control command.In system operation, as emergency case, when part measuring terminal cannot be got in touch with main website, still send data to main website by contiguous measuring terminal.

As embodiments of the present invention, when described safe lane refers to data transmission system initialization, the mode such as powerline network, optical fiber, dialing, GPRS, CDMA, GSM or SMS is adopted to carry out the channel of the safe transmission of data.

Second object of the present invention realizes by the following technical solutions: a kind of data transmission method of continuous data transmission system of above-mentioned Identity-based encryption, it is characterized in that specifically comprising the following steps:

(1) set up system common parameter: main website produces system common parameter by Identity-based cryptography, calculate the PKI of measuring terminal;

(2) key distribution: the PKI that main website obtains according to system common parameter and measuring terminal, generates the private key of measuring terminal, and sends to measuring terminal by safe lane; After measuring terminal receives private key, initialization main website and measuring terminal, generate the working key of intelligent electric energy meter and send to intelligent electric energy meter by safe lane;

(3) continuous data transmission: intelligent electric energy meter is sent to measuring terminal after continuous data is adopted working key encryption, measuring terminal adopts the working key of intelligent electric energy meter to be decrypted, the public key encryption re-using measuring terminal becomes ciphertext, and after signature is generated to ciphertext, cipher-text information and signature are together sent to main website, main website uses the public key verifications signature of measuring terminal by rear, generate the private key of measuring terminal, to cipher-text information deciphering obtaining information expressly; Main website produces control command according to data processed result, the PKI of employing system common parameter and measuring terminal encrypts generating ciphertext to control command, measuring terminal is sent to after signature, measuring terminal certifying signature passes through, adopt private key decrypting ciphertext and the control command produced after reading control command for intelligent electric energy meter, by being sent to intelligent electric energy meter after the working key encryption of intelligent electric energy meter.

The present invention adopts the encryption of the asymmetry sampling of identity-based to carry out transfer of data between main website and measuring terminal, by main website as key generation centre, for measuring terminal generates private key, improve the fail safe of transfer of data, and between measuring terminal and intelligent electric energy meter, adopt the encryption of the symmetric key cryptography system of identity-based to carry out transfer of data, take full advantage of that asymmetric encryption techniques fail safe is good and symmetric cryptosystem amount of calculation is little, the feature that computing is fast and cost is low, key is distributed to measuring terminal, and as the important step of transfer of data, measuring terminal is made to have encryption and decryption functions, preliminary treatment can be carried out to the data of intelligent electric energy meter, alleviate the calculated load of main website, the Identity based encryption decipherment algorithm that encryption mechanism adopts, is a kind of public key system encryption method of elliptic curve class, has higher security intensity.

As the preferred embodiment of the present invention, the step that main website sets up system common parameter is as follows:

[1] main website produces the GDH group (G on two prime number q rank ₁,+), (G ₂) and Bilinear map e:G ₁× G ₁→ G ₂, choose arbitrarily generator P ∈ G ₁;

[2] main website random choose master key calculate PKI P _pub=sP;

[3] a strong hash function H is selected ₁: { 0,1} ^*→ G ₁, be mapped to G in order to the effective identity information measuring terminal ₁in element;

[4] a strong hash function is selected in order to determine the byte length of clear-text message, n ₁represent the byte length of clear-text message;

[5] a strong hash function is selected in order to generate the key in asymmetric encryption mechanisms, n ₂represent the key length in asymmetric encryption mechanisms;

[6] a strong hash function is selected

[7] dispersion function Diff is selected _k(MetNum), k shows that length is n ₂master control key, MetNum represents that in intelligent electric energy meter, length is n ₃the sequence number of ESAM module;

If represent measuring terminal Con _ieffective identity information, main website calculate g=e (P, P), retain s as system private key; The open system parameters PARAMS=(G of main website ₁, G ₂, e, P, P _pub, g, H ₁, H ₂, H ₃, H ₄).

The step of key distribution of the present invention is:

[1] measuring terminal Con _ieffective identity information is submitted to main website after the authentication of main website, as measuring terminal Con _ipKI;

[2] main website system private key s calculates measuring terminal Con _iprivate key and return to measuring terminal Con by safe lane _i, account form is as follows:

$S_{{\mathrm{Con}}_i}=s{H}_1\left({\mathrm{ID}}_{{\mathrm{Con}}_i}\right);$

[3] measuring terminal the master control key in subordinate's asymmetric encryption mechanisms is calculated with the private key that higher level's asymmetric encryption mechanism is distributed:

$K_{{\mathrm{Con}}_i}=H_3({\mathrm{ID}}_{{\mathrm{Con}}_i},S_{{\mathrm{Con}}_i});$

[4] measuring terminal read intelligent electric energy meter Met _jeSAM module serial number MetNum _jand key updating factor S alt value (Salt initial value is set to complete zero), calculate the working key K of intelligent electric energy meter _j:

$K_j={\mathrm{Diff}}_{K_{\mathrm{Co}{n}_i}}\left({\mathrm{MetNum}}_j\right)\⊕\mathrm{Salt},$

And inserted in advance in the ESAM module of intelligent electric energy meter by safe lane.

Transfer of data route of the present invention comprises main website → measuring terminal → intelligent electric energy meter and intelligent electric energy meter → measuring terminal → main website two transmission direction, and wherein the connection table such as distribution transformer monitoring and metering terminal and load management terminal is haggled over few measuring terminal and directly completed data communication by asymmetry sampling and main website; Measuring terminal is not simple forwarding data, but reads the laggard row relax of data, generates new data message; In the control command that main website or measuring terminal produce except comprising data message, also comprise the information such as current time stamp, instruction effective time.

Described main website is as follows to the step of intelligent electric energy meter sending controling instruction:

[1] main website is according to the data processed result of background system, produces and sends to measuring terminal Con _icontrol command M ₁;

[2] main website is by system common parameter and measuring terminal Con _ipKI by control command M ₁encryption generating ciphertext G ₁:

$C_1=(U_1,V_1)=(r_{1}P,M_1\⊕H_2\left(e(H_1\left({\mathrm{ID}}_{{\mathrm{Con}}_i}\right),r_1{P}_{\mathrm{pub}})\right)),$

Wherein, r ₁for in random number;

[3] main website uses system private key to sign to ciphertext,

I.e. Sig _mas=sH ₁(C ₁);

[4] main website is by ' C ₁|| Sig _mas' send to measuring terminal Con _i, wherein character string connects together by ' || ' expression;

[5] measuring terminal Con _ireceive ' C ₁|| Sig _mas' after, first use the signature of system common parameter checking ciphertext, calculate:

E (Sig _mas, P) and=e (H ₁(C ₁), P _pub) whether set up,

Set up and then accept this signature, proceed to step (6), be false, refuse;

[6] after signature verification correctly, measuring terminal Con _iuse the private key of oneself to the deciphering of ciphertext operation part, obtain command M ₁:

$M_1=H_2\left(e(S_{{\mathrm{Con}}_i},U_1)\right)\⊕V_1;$

[7] measuring terminal reads control command M ₁, and produce corresponding for intelligent electric energy meter Met _jcontrol command M ₂, by master control key, the intelligent electric energy meter Met of measuring terminal _jthe sequence number MetNum of ESAM module _jand key updating factor S alt value generates intelligent electric energy meter Met _jworking key K _j:

$K_j={\mathrm{Diff}}_{k_{\mathrm{Co}{n}_i}}\left({\mathrm{MetNum}}_j\right)\⊕\mathrm{Salt},$

Adopt working key K _jintelligent electric energy meter Met is sent to after encryption _j;

[8] intelligent electric energy meter Met _jafter receiving ciphertext instruction, use work key K _jdeciphering is read and performs.

Intelligent electric energy meter transmission continuous data of the present invention is as follows to the step of main website:

[1] intelligent electric energy meter Met _jmake the information such as power consumption, electricity charge remaining sum according to user, produce data message M _1j, be sent to corresponding measuring terminal Con with working key encryption _i;

[2] measuring terminal Con _iafter receiving ciphertext, according to master control key, intelligent electric energy meter Met _jthe sequence number MetNum of ESAM module _jand key updating factor S alt value generates intelligent electric energy meter Met _jworking key K _j:

$K_j={\mathrm{Diff}}_{k_{\mathrm{Co}{n}_i}}\left({\mathrm{MetNum}}_j\right)\⊕\mathrm{Salt},$

Data message M is obtained after decrypting ciphertext _1j;

[3] measuring terminal Con _ireceive intelligent electric energy meter Met successively ₁, Met ₂, Met ₃... the data message M of transmission ₁₁, M ₁₂, M ₁₃..., produce the data message M sending to main website after reading data ₂₁, M ₂₂, M ₂₃..., then use public-key be encrypted:

$C_{2j}=(U_{2j},V_{2j})=(r_j^{\′}P,M_{2j}\⊕H_2\left(e(H_1\left({\mathrm{ID}}_{{\mathrm{Con}}_i}\right),r_j^{\′}{P}_{\mathrm{pub}})\right))$

Wherein, r ' _jfor in random number;

[4] measuring terminal generates signature to ciphertext, note C ₂=C ₂₁|| C ₂₂|| C ₂₃..., sign as follows:

${\mathrm{Sig}}_{{\mathrm{Con}}_i}=(U_3,V_3)=(H_4(C_2,g^{r_3})S_{{\mathrm{Con}}_i}+r_{3}P,H_4(C_2,g^{r_3}))$

Wherein, r ₃for in random number;

[5] measuring terminal is by cipher-text information be sent to main website;

[6], after main website receives cipher-text information, first measuring terminal Con is used _ipublic key verifications signature:

Namely verify $V_3=H_4(C_2,e(U_3,P)e{(H_1\left({\mathrm{ID}}_{C{\mathrm{on}}_i}\right),-P_{\mathrm{pub}})}^{V_3})$ Whether set up,

Set up and then accept this signature, proceed to step (7), be false, refuse;

[7] signature verification errorless after, main website generates the private key of measuring terminal and to decrypt ciphertext, obtain data message plaintext M _2j:

$M_{2j}=H_2\left(e(S_{{\mathrm{Con}}_i},U_{2j})\right)\⊕V_{2j}$

On above basis, in order to improve the fail safe of transfer of data further, as a modification of the present invention, key updating step is as follows:

[1] main website produces random number Salt _i, and generation comprises random number Salt _iand the key updating command M of the information such as current time stamp _new, by encrypting and sending to measuring terminal Con after process of signing _i, wherein

${\mathrm{Salt}}_i\∈{\left\{\mathrm{0,1}\right\}}^{n_2};$

[2] measuring terminal Con _ireceive ciphertext and certifying signature errorless after, deciphering obtain Salt _i, and by Salt _iintelligent electric energy meter { Met all under being sent to this measuring terminal after encryption ₁, Met ₂..., Met _j... };

[3] intelligent electric energy meter Met _jafter receiving ciphertext, deciphering obtains Salt _i, working key is upgraded as follows:

$K_j=K_j\⊕{\mathrm{Salt}}_i,$ Wherein for XOR;

[4] measuring terminal upgrades as follows to key updating factor S alt value:

$\mathrm{Salt}=\mathrm{Salt}\⊕{\mathrm{Salt}}_i$

Main website regularly produces key updating instruction, upgrades the working key of intelligent electric energy meter, effectively prevent the potential threat that the same key of Long-Time Service brings, improves the anti-attack ability of system.

As a further improvement on the present invention, the step of carrying out continuous data transmission between described measuring terminal is as follows:

[1] measuring terminal Con _iaccording to data processed result, produce the command information M sending to main website _tra, be encrypted and sign process, obtain ' $C_{\mathrm{Tra}}\left|\right|{\mathrm{ID}}_{{\mathrm{Con}}_i}\left|\right|{\mathrm{Sig}}_{{\mathrm{Con}}_i}$ ’；

[2] measuring terminal Con _iwith under master station communication failure scenarios, measuring terminal Con _iciphertext instruction is sent to measuring terminal Con _j;

[3] measuring terminal Con _jaccording to measuring terminal Con _ipKI and common parameter, check gauging terminal Con _jsigning messages, if correct, receive, proceed to step [4], if mistake, then refuse;

[4] measuring terminal Con _jright add signature send ' $C_{\mathrm{Tra}}\left|\right|{\mathrm{ID}}_{{\mathrm{Con}}_i}\left|\right|$ ${\mathrm{Sig}}_{{\mathrm{Con}}_i}\left|\right|{\mathrm{ID}}_{{\mathrm{Con}}_j}\left|\right|{\mathrm{Sig}}_{{\mathrm{Con}}_j}$ To main website;

[5] after main website receives information, certifying signature information respectively with if correct, receive, proceed to step [6], if mistake, then refuse;

[6] checking of main website signing messages errorless after, use the deciphering of work private key, obtain command information M _tra.

The identity information of measuring terminal adopts dominant information to make main website or other measuring terminal can the PKI of other measuring terminal in relatively easily acquisition system.In native system running, as emergency case, when namely part measuring terminal cannot be got in touch with main website, still send data to main website by contiguous measuring terminal, enhance the reliability of system.

Compared with prior art, the present invention has following significant effect:

(1) the present invention adopts the asymmetry sampling of identity-based to encrypt to carry out transfer of data between main website and measuring terminal, by main website as key generation centre, for measuring terminal generates private key, improve the fail safe of transfer of data, and between measuring terminal and intelligent electric energy meter, adopt the encryption of the symmetric key cryptography system of identity-based to carry out transfer of data, measuring terminal periodic collection, the user data that process intelligent electric energy meter is uploaded, measuring terminal has encryption and decryption functions, distribute double secret key, preliminary treatment is carried out to the data of sending of intelligent electric energy meter, alleviate main website calculated load.

(2) the Identity based encryption decipherment algorithm of encryption mechanism employing, is a kind of public key system encryption method of elliptic curve class, has higher security intensity.

(3) as emergency case, part measuring terminal when getting in touch with main website, still can by other measuring terminal by data upload to main website, effectively improve reliability and the fail safe of system.

(4) main website can carry out regular update to the working key of intelligent electric energy meter effectively, improves the fail safe of system.

(5) of the present invention practical, be particularly useful for the transmitting procedure of continuous data, and be applicable to the occasion that other has set of metadata of similar data transmission characteristic.

Accompanying drawing explanation

Below in conjunction with the drawings and specific embodiments, the present invention is described in further detail.

Fig. 1 is present system initialization schematic diagram;

Fig. 2 is present system composition schematic diagram.

Embodiment

As shown in Figure 1, 2, be the continuous data transmission system of a kind of Identity-based encryption of the present invention, comprise:

Main website, for producing system common parameter by Identity-based cryptography, and according to the PKI of system common parameter with measuring terminal, the private key of generation measuring terminal, is sent to measuring terminal by safe lane;

Measuring terminal, after receiving private key, generates the working key of intelligent electric energy meter and is sent to intelligent electric energy meter by safe lane;

Intelligent electric energy meter, is sent to measuring terminal after continuous data is adopted working key encryption;

Intelligent electric energy meter is sent to measuring terminal after continuous data is adopted working key encryption, measuring terminal adopts the working key of intelligent electric energy meter to be decrypted, the public key encryption re-using measuring terminal becomes ciphertext, and after signature is generated to ciphertext, continuous data and cipher-text information are together sent to main website, main website uses the public key verifications signature of measuring terminal by rear, generate the private key of measuring terminal, to cipher-text information deciphering obtaining information expressly; Main website produces control command according to data processed result, the PKI of employing system common parameter and measuring terminal encrypts generating ciphertext to control command, measuring terminal is sent to after signature, measuring terminal certifying signature passes through, adopt private key decrypting ciphertext and the control command produced after reading control command for intelligent electric energy meter, by being sent to intelligent electric energy meter after the working key encryption of intelligent electric energy meter.

Main website sends key updating instruction, the PKI of employing system common parameter and measuring terminal encrypts generating ciphertext to control command, measuring terminal is sent to after signature, measuring terminal receives ciphertext and by after certifying signature, by decrypt ciphertext, again by being sent to intelligent electric energy meter after the working key encryption of intelligent electric energy meter, intelligent electric energy meter receives ciphertext, upgrades after adopting the deciphering of the working key of intelligent electric energy meter to working key.

When initialization main website and measuring terminal, the identity information of measuring terminal adopts installation addresses, coding, sequence number codominance information.Make main website or other measuring terminal can the PKI of other measuring terminal in acquisition system easily.Measuring terminal is according to data processed result, produce the control command sending to main website, generating ciphertext instruction after ciphering signature, if measuring terminal and master station communication failure, ciphertext instruction be sent to and communicate with normal measuring terminal, measuring terminal, by certifying signature, adds after receiving ciphertext instruction and signs and be sent to main website, by certifying signature after main website receives, the private key deciphering of measuring terminal is adopted to obtain control command.In system operation, as emergency case, when part measuring terminal cannot be got in touch with main website, still send data to main website by contiguous measuring terminal.

When safe lane refers to data transmission system initialization, the mode such as powerline network, optical fiber, dialing, GPRS, CDMA, GSM or SMS is adopted to carry out the channel of the safe transmission of data.

A data transmission method for the continuous data transmission system of above-mentioned Identity-based encryption, specifically comprises the following steps:

(1) set up system common parameter: main website produces system common parameter by Identity-based cryptography, calculate the PKI of measuring terminal;

(2) key distribution: the PKI that main website obtains according to system common parameter and measuring terminal, generates the private key of measuring terminal, and sends to measuring terminal by safe lane; After measuring terminal receives private key, generate the working key of intelligent electric energy meter and send to intelligent electric energy meter by safe lane;

(3) continuous data transmission: intelligent electric energy meter is sent to measuring terminal after continuous data is adopted working key encryption, measuring terminal adopts the working key of intelligent electric energy meter to be decrypted, the public key encryption re-using measuring terminal becomes ciphertext, and after signature is generated to ciphertext, continuous data and cipher-text information are together sent to main website, main website uses the public key verifications signature of measuring terminal by rear, generate the private key of measuring terminal, to cipher-text information deciphering obtaining information expressly; Main website produces control command according to data processed result, the PKI of employing system common parameter and measuring terminal encrypts generating ciphertext to control command, measuring terminal is sent to after signature, measuring terminal certifying signature passes through, adopt private key decrypting ciphertext and the control command produced after reading control command for intelligent electric energy meter, by being sent to intelligent electric energy meter after the working key encryption of intelligent electric energy meter.

The step that main website sets up system common parameter is as follows:

[1] main website produces the GDH group (G on two prime number q rank ₁,+), (G ₂) and Bilinear map e:G ₁× G ₁→ G ₂, choose arbitrarily generator P ∈ G ₁;

[2] main website random choose master key calculate PKI P _pub=sP;

[3] a strong hash function H is selected ₁: { 0,1} ^*→ G ₁, be mapped to G in order to the effective identity information measuring terminal ₁in element;

[4] a strong hash function is selected in order to determine the byte length of clear-text message, n ₁represent the byte length of clear-text message;

[5] a strong hash function is selected in order to generate the key in asymmetric encryption mechanisms, n ₂represent the key length in asymmetric encryption mechanisms;

[6] a strong hash function is selected

[7] dispersion function Diff is selected _k(MetNum), k represents that length is n ₂master control key, MetNum represents that in intelligent electric energy meter, length is n ₃the sequence number of ESAM module.

If represent measuring terminal Con _ieffective identity information, main website calculate g=e (P, P), retain s as system private key; The open system parameters PARAMS=(G of main website ₁, G ₂, e, P, P _pub, g, H ₁, H ₂, H ₃, H ₄).The step of key distribution is:

[1] measuring terminal Con _ieffective identity information is submitted to main website after the authentication of main website, as measuring terminal Con _ipKI;

[2] main website system private key s calculates measuring terminal Con _iprivate key and return to measuring terminal Con by safe lane _i, account form is as follows:

$S_{{\mathrm{Con}}_i}=s{H}_1\left({\mathrm{ID}}_{{\mathrm{Con}}_i}\right);$

[3] measuring terminal the master control key in subordinate's asymmetric encryption mechanisms is calculated with the private key that higher level's asymmetric encryption mechanism is distributed:

$K_{{\mathrm{Con}}_i}=H_3({\mathrm{ID}}_{{\mathrm{Con}}_i},S_{{\mathrm{Con}}_i});$

[4] measuring terminal read intelligent electric energy meter Met _jeSAM module serial number MetNum _jand key updating factor S alt value (Salt initial value is set to complete zero), calculate the working key K of intelligent electric energy meter _j:

$K_j={\mathrm{Diff}}_{K_{\mathrm{Co}{n}_i}}\left({\mathrm{MetNum}}_j\right)\⊕\mathrm{Salt},$

And inserted in advance in the ESAM module of intelligent electric energy meter by safe lane.

Main website is as follows to the step of intelligent electric energy meter sending controling instruction:

[1] main website is according to the data processed result of background system, produces and sends to measuring terminal Con _icontrol command M ₁;

[2] main website is by system common parameter and measuring terminal Con _ipKI by control command M ₁encryption generating ciphertext G ₁:

$C_1=(U_1,V_1)=(r_{1}P,M_1\⊕H_2\left(e(H_1\left({\mathrm{ID}}_{{\mathrm{Con}}_i}\right),r_1{P}_{\mathrm{pub}})\right)),$

Wherein, r ₁for in random number;

[3] main website uses system private key to sign to ciphertext,

I.e. Sig _mas=sH ₁(C ₁);

[4] main website is by ' C ₁|| Sig _mas' send to measuring terminal Con _i, wherein character string connects together by ' || ' expression;

[5] measuring terminal Con _ireceive ' C ₁|| Sig _mas' after, first use the signature of system common parameter checking ciphertext, calculate:

E (Sig _mas, P) and=e (H ₁(C ₁), P _pub) whether set up,

Set up and then accept this signature, proceed to step (6), be false, refuse;

[6] after signature verification correctly, measuring terminal Con _iuse the private key of oneself to the deciphering of ciphertext operation part, obtain command M ₁:

$M_1=H_2\left(e(S_{{\mathrm{Con}}_i},U_1)\right)\⊕V_1;$

[7] measuring terminal reads control command M ₁, and produce corresponding for intelligent electric energy meter Met _jcontrol command M ₂, by master control key, the intelligent electric energy meter Met of measuring terminal _jthe sequence number MetNum of ESAM module _jand key updating factor S alt value generates intelligent electric energy meter Met _jworking key K _j:

$K_j={\mathrm{Diff}}_{k_{\mathrm{Co}{n}_i}}\left({\mathrm{MetNum}}_j\right)\⊕\mathrm{Salt},$

Adopt working key K _jintelligent electric energy meter Met is sent to after encryption _j;

[8] intelligent electric energy meter Met _jafter receiving ciphertext instruction, use work key K _jdeciphering is read and performs.Intelligent electric energy meter transmission continuous data is as follows to the step of main website:

[1] intelligent electric energy meter Met _jmake the information such as power consumption, electricity charge remaining sum according to user, produce data message M _1j, be sent to corresponding measuring terminal Con with working key encryption _i;

[2] measuring terminal Con _iafter receiving ciphertext, according to master control key, intelligent electric energy meter Met _jthe sequence number MetNum of ESAM module _jand key updating factor S alt value generates intelligent electric energy meter Met _jworking key K _j:

$K_j={\mathrm{Diff}}_{k_{\mathrm{Co}{n}_i}}\left({\mathrm{MetNum}}_j\right)\⊕\mathrm{Salt},$

Data message M is obtained after decrypting ciphertext _1j;

[3] measuring terminal Con _ireceive intelligent electric energy meter Met successively ₁, Met ₂, Met ₃... the data message M of transmission ₁₁, M ₁₂, M ₁₃..., produce the data message M sending to main website after reading data ₂₁, M ₂₂, M ₂₃..., then use public-key be encrypted:

$C_{2j}=(U_{2j},V_{2j})=(r_j^{\′}P,M_{2j}\⊕H_2\left(e(H_1\left({\mathrm{ID}}_{{\mathrm{Con}}_i}\right),r_j^{\′}{P}_{\mathrm{pub}})\right)),$

Wherein, r ' _jfor in random number;

[4] measuring terminal generates signature to ciphertext, note C ₂=C ₂₁|| C ₂₂|| C ₂₃..., sign as follows:

${\mathrm{Sig}}_{{\mathrm{Con}}_i}=(U_3,V_3)=(H_4(C_2,g^{r_3})S_{{\mathrm{Con}}_i}+r_{3}P,H_4(C_2,g^{r_3})),$

Wherein, r ₃for in random number;

[5] measuring terminal is by cipher-text information be sent to main website;

[6], after main website receives cipher-text information, first measuring terminal Con is used _ipublic key verifications signature: namely verify $V_3=H_4(C_2,e(U_3,P)e{(H_1\left({\mathrm{ID}}_{C{\mathrm{on}}_i}\right),-P_{\mathrm{pub}})}^{V_3})$ Whether set up, set up and then accept this signature, proceed to step (7), be false, refuse;

[7] signature verification errorless after, main website generates the private key of measuring terminal and to decrypt ciphertext, obtain data message plaintext M _2j:

$M_{2j}=H_2\left(e(S_{{\mathrm{Con}}_i},U_{2j})\right)\⊕V_{2j}.$

Key updating step is as follows:

[1] main website produces random number Salt _i, and generation comprises random number Salt _iand the key updating command M of the information such as current time stamp _new, by encrypting and sending to measuring terminal Con after process of signing _i, wherein

${\mathrm{Salt}}_i\∈{\left\{\mathrm{0,1}\right\}}^{n_2};$

[2] measuring terminal Con _ireceive ciphertext and certifying signature errorless after, deciphering obtain Salt _i, and by Salt _iintelligent electric energy meter { Met all under being sent to this measuring terminal after encryption ₁, Met ₂..., Met _j... };

[3] intelligent electric energy meter Met _jafter receiving ciphertext, deciphering obtains Salt _i, working key is upgraded as follows:

$K_j=K_j\⊕{\mathrm{Salt}}_i,$ Wherein for XOR;

[4] measuring terminal upgrades as follows to key updating factor S alt value:

$\mathrm{Salt}=\mathrm{Salt}\⊕{\mathrm{Salt}}_i$

The step of carrying out continuous data transmission (measuring terminal forwards the continuous data of other measuring terminal to main website) between measuring terminal is as follows:

[1] measuring terminal Con _iaccording to data processed result, produce the command information M sending to main website _tra, be encrypted and sign process, obtain ' $C_{\mathrm{Tra}}\left|\right|{\mathrm{ID}}_{{\mathrm{Con}}_i}\left|\right|{\mathrm{Sig}}_{{\mathrm{Con}}_i}$ ’；

[2] measuring terminal Con _iwith under master station communication failure scenarios, measuring terminal Con _iciphertext instruction is sent to measuring terminal Con _j;

[3] measuring terminal Con _jaccording to measuring terminal Con _ipKI and common parameter, check gauging terminal Con _jsigning messages, if correct, receive, proceed to step [4], if mistake, then refuse;

[4] measuring terminal Con _jright add signature , send ' $C_{\mathrm{Tra}}\left|\right|{\mathrm{ID}}_{{\mathrm{Con}}_i}\left|\right|$ ${\mathrm{Sig}}_{{\mathrm{Con}}_i}\left|\right|{\mathrm{ID}}_{{\mathrm{Con}}_j}\left|\right|{\mathrm{Sig}}_{{\mathrm{Con}}_j}$ ' to main website;

[5] after main website receives information, certifying signature information respectively with if correct, receive, proceed to step [6], if mistake, then refuse;

[6] checking of main website signing messages errorless after, use the deciphering of work private key, obtain command information M _tra.

Embodiments of the present invention are not limited thereto; according to foregoing of the present invention; according to ordinary technical knowledge and the customary means of this area; do not departing under the present invention's above-mentioned basic fundamental thought prerequisite; the present invention can also make the amendment of other various ways, replacement or change, all drops within rights protection scope of the present invention.

Claims (9)

1. a continuous data transmission system for Identity-based encryption, comprises main website, measuring terminal and intelligent electric energy meter, it is characterized in that:

Main website, for producing system common parameter by Identity-based cryptography, and according to the PKI of system common parameter with measuring terminal, the private key of generation measuring terminal, is sent to measuring terminal by safe lane; The step that main website sets up system common parameter is as follows:

[1] main website produces the GDH group (G on two prime number q rank ₁,+), (G ₂) and Bilinear map e:G ₁× G ₁→ G ₂, choose arbitrarily generator P ∈ G ₁;

[2] main website random choose master key calculate PKI P _pub=sP;

[3] a strong hash function H is selected ₁: { 0,1} ^*→ G ₁, be mapped to G in order to the effective identity information measuring terminal ₁in element;

[4] a strong hash function is selected in order to determine the byte length of clear-text message, n ₁represent the byte length of clear-text message;

[5] a strong hash function is selected in order to generate the key in asymmetric encryption mechanisms, n ₂represent the key length in asymmetric encryption mechanisms;

[6] a strong hash function is selected

[7] dispersion function Diff is selected _k(MetNum), k represents that length is n ₂master control key, MetNum represents that in intelligent electric energy meter, length is n ₃the sequence number of ESAM module;

If represent measuring terminal Con _ieffective identity information, main website calculate g=e (P, P), retain s as system private key; The open system parameters PARAMS=(G of main website ₁, G ₂, e, P, P _pub, g, H ₁, H ₂, H ₃, H ₄);

Measuring terminal, for receive measuring terminal private key after, generate the working key of intelligent electric energy meter and be sent to intelligent electric energy meter by safe lane;

Intelligent electric energy meter, is sent to measuring terminal after continuous data is adopted working key encryption;

Described intelligent electric energy meter is sent to measuring terminal after continuous data is adopted working key encryption, measuring terminal adopts the working key of intelligent electric energy meter to be decrypted, the public key encryption re-using measuring terminal becomes ciphertext, and after signature is generated to ciphertext, continuous data and cipher-text information are together sent to main website, main website uses the public key verifications signature of measuring terminal by rear, generate the private key of measuring terminal, to cipher-text information deciphering obtaining information expressly; Main website produces control command according to data processed result, the PKI of employing system common parameter and measuring terminal encrypts generating ciphertext to control command, measuring terminal is sent to after signature, measuring terminal certifying signature passes through, adopt the private key decrypting ciphertext of measuring terminal and produce the control command for intelligent electric energy meter after reading, by being sent to intelligent electric energy meter after the working key encryption of intelligent electric energy meter.

2. the continuous data transmission system of Identity-based encryption according to claim 1, it is characterized in that: described main website sends key updating instruction, the PKI of employing system common parameter and measuring terminal encrypts generating ciphertext to control command, measuring terminal is sent to after signature, measuring terminal receives ciphertext and by after certifying signature, by decrypt ciphertext, again by being sent to intelligent electric energy meter after the working key encryption of intelligent electric energy meter, intelligent electric energy meter receives ciphertext, upgrades after adopting the deciphering of the working key of intelligent electric energy meter to working key.

3. the continuous data transmission system of Identity-based encryption according to claim 2, is characterized in that: when initialization main website and measuring terminal, and the identity information of measuring terminal adopts installation addresses, coding or serial number information; Described measuring terminal is according to data processed result, produce the control command sending to main website, generating ciphertext instruction after ciphering signature, if measuring terminal and master station communication failure, ciphertext instruction be sent to and communicate with normal measuring terminal, measuring terminal, by certifying signature, adds after receiving ciphertext instruction and signs and be sent to main website, by certifying signature after main website receives, the private key deciphering of measuring terminal is adopted to obtain control command.

4. the continuous data transmission system of Identity-based encryption according to claim 3, it is characterized in that: when described safe lane refers to data transmission system initialization, adopt powerline network, optical fiber, channel that dialing, GPRS, CDMA, GSM or SMS mode carry out the safe transmission of data.

5. a data transmission method for the continuous data transmission system of Identity-based encryption according to claim 1, is characterized in that specifically comprising the following steps:

(1) set up system common parameter: main website produces system common parameter by Identity-based cryptography, calculate the PKI of measuring terminal; The step that main website sets up system common parameter is as follows:

[1] main website produces the GDH group (G on two prime number q rank ₁,+), (G ₂) and Bilinear map e:G ₁× G ₁→ G ₂, choose arbitrarily generator P ∈ G ₁;

[2] main website random choose master key calculate PKI P _pub=sP;

[3] a strong hash function H is selected ₁: { 0,1} ^*→ G ₁, be mapped to G in order to the effective identity information measuring terminal ₁in element;

[4] a strong hash function is selected in order to determine the byte length of clear-text message, n ₁represent the byte length of clear-text message;

[5] a strong hash function is selected in order to generate the key in asymmetric encryption mechanisms, n ₂represent the key length in asymmetric encryption mechanisms;

[6] a strong hash function is selected

[7] dispersion function Diff is selected _k(MetNum), k represents that length is n ₂master control key, MetNum represents that in intelligent electric energy meter, length is n ₃the sequence number of ESAM module;

If represent measuring terminal Con _ieffective identity information, main website calculate g=e (P, P), retain s as system private key; The open system parameters PARAMS=(G of main website ₁, G ₂, e, P, P _pub, g, H ₁, H ₂, H ₃, H ₄);

(2) key distribution: the PKI that main website obtains according to system common parameter and measuring terminal, generates the private key of measuring terminal, and sends to measuring terminal by safe lane; After measuring terminal receives the private key of measuring terminal, initialization main website and measuring terminal, generate the working key of intelligent electric energy meter and send to intelligent electric energy meter by safe lane;

(3) continuous data transmission: intelligent electric energy meter is sent to measuring terminal after continuous data is adopted working key encryption, measuring terminal adopts the working key of intelligent electric energy meter to be decrypted, the public key encryption re-using measuring terminal becomes ciphertext, and after signature is generated to ciphertext, continuous data and cipher-text information are together sent to main website, main website uses the public key verifications signature of measuring terminal by rear, generate the private key of measuring terminal, to cipher-text information deciphering obtaining information expressly; Main website produces control command according to data processed result, the PKI of employing system common parameter and measuring terminal encrypts generating ciphertext to control command, measuring terminal is sent to after signature, measuring terminal certifying signature passes through, adopt the private key decrypting ciphertext of measuring terminal and produce the control command for intelligent electric energy meter after reading, by being sent to intelligent electric energy meter after the working key encryption of intelligent electric energy meter.

6. data transmission method according to claim 5, is characterized in that the step of described key distribution is:

[1] measuring terminal Con _ieffective identity information is submitted to main website after the authentication of main website, as measuring terminal Con _ipKI;

[2] main website system private key s calculates measuring terminal Con _iprivate key and return to measuring terminal Con by safe lane _i, account form is as follows:

$S_{{\mathrm{Con}}_i}=s{H}_1\left({\mathrm{ID}}_{{\mathrm{Con}}_i}\right);$

[3] measuring terminal the master control key in subordinate's asymmetric encryption mechanisms is calculated with the private key that higher level's asymmetric encryption mechanism is distributed:

${K_{\mathrm{Con}}}_i=H_3({\mathrm{ID}}_{{\mathrm{Con}}_i},S_{{\mathrm{Con}}_i});$

[4] measuring terminal read intelligent electric energy meter Met _jeSAM module serial number MetNum _jand key updating factor S alt value (Salt initial value is set to complete zero), calculate the working key K of intelligent electric energy meter _j:

$K_j={\mathrm{Diff}}_{K_{{\mathrm{Con}}_i}}\left({\mathrm{MetNum}}_j\right)\⊕\mathrm{Salt},$

And inserted in advance in the ESAM module of intelligent electric energy meter by safe lane.

7. data transmission method according to claim 6, is characterized in that described intelligent electric energy meter transmission continuous data is as follows to the step of main website:

[1] intelligent electric energy meter Met _jmake the information such as power consumption, electricity charge remaining sum according to user, produce data message M _1j, be sent to corresponding measuring terminal Con with working key encryption _i;

[2] measuring terminal Con _iafter receiving ciphertext, according to master control key, intelligent electric energy meter Met _jthe sequence number MetNum of ESAM module _jand key updating factor S alt value generates intelligent electric energy meter Met _jworking key K _j:

$K_j={\mathrm{Diff}}_{K_{{\mathrm{Con}}_i}}\left({\mathrm{MetNum}}_j\right)\⊕\mathrm{Salt}$

Data message M is obtained after decrypting ciphertext _1j;

[3] measuring terminal Con _ireceive intelligent electric energy meter Met successively ₁, Met ₂, Met ₃the data message M sent ₁₁, M ₁₂, M ₁₃, after reading data, produce the data message M sending to main website ₂₁, M ₂₂, M ₂₃, then use public-key be encrypted:

$C_{2j}=(U_{2j},V_{2j})=(r_j^{\′}P,M_{2j}\⊕H_2\left(e(H_1\left({\mathrm{ID}}_{{\mathrm{Con}}_i}\right),r_j^{\′}{P}_{\mathrm{pub}})\right))$

Wherein, for in random number;

[4] measuring terminal generates signature to ciphertext, note C ₂=C ₂₁|| C ₂₂|| C ₂₃, sign as follows:

${\mathrm{Sig}}_{{\mathrm{Con}}_i}=(U_3,V_3)=(H_4(C_2,g^{r_3})S_{{\mathrm{Con}}_i}+r_{3}P,H_4(C_2,g^{r_3}))$

Wherein, r ₃for in random number;

[5] measuring terminal is by cipher-text information be sent to main website;

[6], after main website receives cipher-text information, first measuring terminal Con is used _ipublic key verifications signature:

Namely verify $V_3=H_4(C_2,e(U_3,P)e{(H_1\left({\mathrm{ID}}_{{\mathrm{Con}}_i}\right),-P_{\mathrm{pub}})}^{V_3})$ Whether set up,

Set up and then accept this signature, proceed to step (7), be false, refuse;

[7] signature verification errorless after, main website generates the private key of measuring terminal and to decrypt ciphertext, obtain data message plaintext M _2j:

$M_{2j}=H_2\left(e(S_{{\mathrm{Con}}_i},U_{2j})\right)\⊕V_{2j}$

Described main website is as follows to the step of intelligent electric energy meter sending controling instruction:

[1] main website is according to the data processed result of background system, produces and sends to measuring terminal Con _icontrol command M ₁;

[2] main website is by system common parameter and measuring terminal Con _ipKI by control command M ₁encryption generating ciphertext C ₁:

$C_1=(U_1,V_1)=(r_{1}P,M_1\⊕H_2\left(e(H_1\left({\mathrm{ID}}_{{\mathrm{Con}}_i}\right),r_1{P}_{\mathrm{pub}})\right)),$

Wherein, r ₁for in random number;

[3] main website uses system private key to sign to ciphertext,

I.e. Sig _mas=sH ₁(C ₁);

[4] main website is by ' C ₁|| Sig _mas' send to measuring terminal Con _i, wherein character string connects together by ' || ' expression;

[5] measuring terminal Con _ireceive ' C ₁|| Sig _mas' after, first use the signature of system common parameter checking ciphertext, calculate:

E (Sig _mas, P) and=e (H ₁(C ₁), P _pub) whether set up,

Set up and then accept this signature, proceed to step (6), be false, refuse;

[6] after signature verification correctly, measuring terminal Con _iuse the private key of oneself to the deciphering of ciphertext operation part, obtain command M ₁:

$M_1=H_2\left(e(S_{{\mathrm{Con}}_i},U_1)\right)\⊕V_1;$

[7] measuring terminal reads control command M ₁, and produce corresponding for intelligent electric energy meter Met _jcontrol command M ₂, by master control key, the intelligent electric energy meter Met of measuring terminal _jthe sequence number MetNum of ESAM module _jand key updating factor S alt value generates intelligent electric energy meter Met _jworking key K _j:

$K_j={\mathrm{Diff}}_{k_{{\mathrm{Con}}_i}}\left({\mathrm{MetNum}}_j\right)\⊕\mathrm{Salt},$

Adopt working key K _jintelligent electric energy meter Met is sent to after encryption _j;

[8] intelligent electric energy meter Met _jafter receiving ciphertext instruction, use work key K _jdeciphering is read and performs.

8. data transmission method according to claim 7, characterized by further comprising key updating step as follows:

[1] main website produces random number Salt _i, and generation comprises random number Salt _iand the key updating command M of the information such as current time stamp _new, by encrypting and sending to measuring terminal Con after process of signing _i, wherein ${\mathrm{Salt}}_i\∈{\left\{\mathrm{0,1}\right\}}^{n_2};$

[2] measuring terminal Con _ireceive ciphertext and certifying signature errorless after, deciphering obtain Salt _i, and by Salt _iintelligent electric energy meter { Met all under being sent to this measuring terminal after encryption ₁, Met ₂..., Met _j...;

[3] intelligent electric energy meter Met _jafter receiving ciphertext, deciphering obtains Salt _i, working key is upgraded as follows:

K _j=K _j⊕ Salt _i, wherein ⊕ is XOR;

[4] measuring terminal upgrades as follows to key updating factor S alt value:

Salt＝Salt⊕Salt _i。

9. data transmission method according to claim 8, the data retransmission step that characterized by further comprising between measuring terminal is as follows:

[1] measuring terminal Con _iaccording to data processed result, produce the command information M sending to main website _tra, be encrypted and sign process, obtains

[2] measuring terminal Con _iwith under master station communication failure scenarios, measuring terminal Con _iciphertext instruction is sent to measuring terminal Con _j;

[3] measuring terminal Con _jaccording to measuring terminal Con _ipKI and common parameter, check gauging terminal Con _jsigning messages, if correct, receive, proceed to step [4], if mistake, then refuse;

[4] measuring terminal Con _jright add signature send to main website;

[5] after main website receives information, certifying signature information respectively with if correct, receive, proceed to step [6], if mistake, then refuse;

[6] checking of main website signing messages errorless after, use the deciphering of work private key, obtain command information M _tra.