CN103368742A - Intelligent distribution terminal security protection method based on asymmetric digital signature authentication - Google Patents
Intelligent distribution terminal security protection method based on asymmetric digital signature authentication Download PDFInfo
- Publication number
- CN103368742A CN103368742A CN2013102739973A CN201310273997A CN103368742A CN 103368742 A CN103368742 A CN 103368742A CN 2013102739973 A CN2013102739973 A CN 2013102739973A CN 201310273997 A CN201310273997 A CN 201310273997A CN 103368742 A CN103368742 A CN 103368742A
- Authority
- CN
- China
- Prior art keywords
- digital signature
- distribution terminal
- power distribution
- control command
- intelligent power
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Remote Monitoring And Control Of Power-Distribution Networks (AREA)
Abstract
The invention discloses an intelligent distribution terminal security protection method based on asymmetric digital signature authentication. According to the actual characteristics of an intelligent distribution terminal, asymmetric digital signature authentication is realized on the distribution terminal; and the authentication of a digital signature technology can be realized by making small changes on the conventional communication protocols of the conventional distribution automation system without redefining a new communication protocol, namely the authentication of the digital signature technology can be realized by adding a digital signature section and a timestamp security information section of a sending party on the basis of the original standard protocol communication message section. The compatibility with the protocol before renovation is guaranteed, the renovation cost is low, and the method is easy to implement in engineering project construction, so that the risk of the distribution automation system from public network attack is reduced, and the operation security of the distribution automation system is guaranteed; and therefore the method has a good application prospect.
Description
Technical field
The present invention relates to a kind of Intelligent power distribution terminal safety protecting method based on asymmetric digital signature identification, belong to the Power System and its Automation technical field.
Background technology
Quickening along with the strong intelligent grid paces of nation-building, the construction of mesolow electrical power distribution automatization system has obtained fast development, but, because electrical power distribution automatization system has multi-point and wide-ranging characteristics, not that points all in the electrical power distribution automatization system can both use optical fiber to carry out communication, some mesolow electrical power distribution automatization system that does not possess the optical fiber communication condition adopts public network communication mode transmission control command, and all messages all adopt the mode of plaintext transmission, cause Intelligent power distribution terminal to face the risk of attacking from public network, impact is to user's safe and reliable power supply, there is simultaneously the risk by substation terminal invasion main website, causes causing wider security threat.
Therefore, the secondary safety protection of research Intelligent power distribution terminal becomes particularly important, because asymmetric Digital Signature Algorithm is safe, asymmetric digital signature mode is ripe application in present ecommerce, and the safety certification scheme of asymmetric Digital Signature Algorithm, be adapted at the communication protocol that existing electrical power distribution automatization system generally uses and transplant, in the realization of Intelligent power distribution terminal important engineering significance is arranged thereby study asymmetric Digital Signature Algorithm.
Summary of the invention
The Intelligent power distribution terminal that the objective of the invention is to overcome prior art faces the risk of attacking from public network, impact is to user's safe and reliable power supply, there is simultaneously the risk by substation terminal invasion main website, cause causing wider security threat, Intelligent power distribution terminal safety protecting method based on asymmetric digital signature identification of the present invention, actual features according to Intelligent power distribution terminal, realize the authentication of asymmetric digital signature at distribution terminal, the risk that minimizing is attacked from public network, ensure the handling safety of electrical power distribution automatization system, have a good application prospect.
In order to solve the problems of the technologies described above, the technical solution adopted in the present invention is:
A kind of Intelligent power distribution terminal safety protecting method based on asymmetric digital signature identification is characterized in that: may further comprise the steps,
Step (A) is loaded the signer PKI in the stipulations processing module of Intelligent power distribution terminal, add the asymmetric digital signature identification of control command message;
Step (B), Intelligent power distribution terminal judges whether communication message is the control command message, if not control command message, then execution in step (C) by a frame traffic message in a conventional stipulations interface reception distant place; If control command message, then execution in step (D);
Step (C), Intelligent power distribution terminal is normally carried out corresponding communication message, and returns step (B), processes frame traffic message;
Step (D), the stipulations processing module of Intelligent power distribution terminal according to the authentication that the signature of control command message is signed, if signature authentication passes through, is then returned step (C); If signature authentication failure, then execution in step (E);
Step (E), the Intelligent power distribution terminal refusal is carried out the control command message, and abandons this control command message, ensures the safety of control operation, and returns step (B), processes frame traffic message.
Aforesaid Intelligent power distribution terminal safety protecting method based on asymmetric digital signature identification is characterized in that: the asymmetric digital signature identification that described step (A) is added the control command message is SM2 or the asymmetric Digital Signature Algorithm of ECC.
Aforesaid Intelligent power distribution terminal safety protecting method based on asymmetric digital signature identification is characterized in that: described step (D) is as follows according to the method for the authentication that the signature of control command message is signed,
Step (D1), the timestamp security information that the stipulations processing module of Intelligent power distribution terminal is carried signature, the plaintext of participating in signature and signer in the control command message extracts;
Step (D2) is carried out ageing checking in ageing official hour window, if then further checking of execution in step (D3) is passed through in ageing inspection; Otherwise stop to resolve, return the signature authentication failure;
The stipulations processing module of step (D3) Intelligent power distribution terminal uses the signer PKI that loads that the digital signature of control command message is verified, if signature returns signature authentication and passes through by the digital signature authentication module; Otherwise, if signature can not by the digital signature authentication module, return the signature authentication failure.
Aforesaid Intelligent power distribution terminal safety protecting method based on asymmetric digital signature identification is characterized in that: described control command message is made of Standards Code communication message section, timestamp security information section and three data segments of digital signature section.
The invention has the beneficial effects as follows: the Intelligent power distribution terminal safety protecting method based on asymmetric digital signature identification of the present invention, actual features according to Intelligent power distribution terminal, realize the authentication of asymmetric digital signature at distribution terminal, existing electrical power distribution automatization system carries out less change at existing communication protocol just can realize the authentication to digital signature technology, and need not to redefine new communication protocol, the risk that minimizing is attacked from public network, ensure the handling safety of electrical power distribution automatization system, have a good application prospect.
Description of drawings
Fig. 1 is the flow chart of the Intelligent power distribution terminal safety protecting method based on asymmetric digital signature identification of the present invention.
Fig. 2 is the structural representation of control command message of the present invention.
Embodiment
Below in conjunction with Figure of description, the present invention is further illustrated.
Intelligent power distribution terminal safety protecting method based on asymmetric digital signature identification of the present invention, actual features according to Intelligent power distribution terminal, realize the authentication of asymmetric digital signature at distribution terminal, existing electrical power distribution automatization system carries out less change at existing communication protocol just can realize the authentication to digital signature technology, and need not to redefine new communication protocol, the risk that minimizing is attacked from public network, ensure the handling safety of electrical power distribution automatization system, Intelligent power distribution terminal safety protecting method of the present invention, wherein the CPU hardware using of Intelligent power distribution terminal is based on linux, the dsp processor of the embedded OSs such as vxworks or realize without the dsp processor of operating system design, disposal ability to CPU hardware requires low, can adopt low cost, the CPU hardware platform of reduction process ability is realized, all can use based on operating system or without the platform of operating system, as shown in Figure 1, may further comprise the steps
Step (A), in the stipulations processing module of Intelligent power distribution terminal, load the signer PKI, add the asymmetric digital signature identification of control command message, the asymmetric digital signature identification that adds the control command message is SM2 or the asymmetric Digital Signature Algorithm of ECC, for ensureing the safety of public key data, when loading first, the data of signer PKI must be cured in the hardware store chip of Intelligent power distribution terminal;
Step (B), Intelligent power distribution terminal judges whether communication message is the control command message, if not control command message, then execution in step (C) by a frame traffic message in a conventional stipulations interface reception distant place; If control command message, then execution in step (D);
Step (C), Intelligent power distribution terminal is normally carried out corresponding communication message, and returns step (B), processes frame traffic message;
Step (D), the stipulations processing module of Intelligent power distribution terminal according to the authentication that the signature of control command message is signed, if signature authentication passes through, is then returned step (C); If signature authentication failure, execution in step (E) then, the process of the authentication of signing according to the signature of control command message is as follows:
(D1), the stipulations processing module of Intelligent power distribution terminal extracts the plaintext of signature, participation signature in the control command message and the timestamp security information that signer is carried;
(D2), in ageing official hour window, carry out ageing checking, if then further checking of execution in step (D3) is passed through in ageing inspection; Otherwise stop to resolve, return the signature authentication failure;
(D3) the stipulations processing module of Intelligent power distribution terminal uses the signer PKI that loads that the digital signature of control command message is verified, if signature returns signature authentication and passes through by the digital signature authentication module; Otherwise, if signature can not by the digital signature authentication module, return the signature authentication failure.
Step (E), the Intelligent power distribution terminal refusal is carried out the control command message, and abandons this control command message, ensures the safety of control operation, and returns step (B), processes frame traffic message.
As shown in Figure 2, above-mentioned control command message is by Standards Code communication message section, three data segments of timestamp security information section and digital signature section consist of, namely on the basis of original Standards Code communication message section, digital signature section and the timestamp security information section of additional transmit leg, can realize, only need on the basis of existing communication stipulations, change a little the security protection that can realize the Intelligent power distribution terminal control operation, assurance is to the compatibility of stipulations before transforming, improvement cost is low, in Engineering Project Implementation, realize easily, thereby reduce the risk that electrical power distribution automatization system is attacked from public network, ensure the handling safety of electrical power distribution automatization system, have a good application prospect.
More than show and described basic principle of the present invention, principal character and advantage.The technical staff of the industry should understand; the present invention is not restricted to the described embodiments; that describes in above-described embodiment and the specification just illustrates principle of the present invention; without departing from the spirit and scope of the present invention; the present invention also has various changes and modifications, and these changes and improvements all fall in the claimed scope of the invention.The claimed scope of the present invention is defined by appending claims and equivalent thereof.
Claims (4)
1. based on the Intelligent power distribution terminal safety protecting method of asymmetric digital signature identification, it is characterized in that: may further comprise the steps,
Step (A) is loaded the signer PKI in the stipulations processing module of Intelligent power distribution terminal, add the asymmetric digital signature identification of control command message;
Step (B), Intelligent power distribution terminal judges whether communication message is the control command message, if not control command message, then execution in step (C) by a frame traffic message in a conventional stipulations interface reception distant place; If control command message, then execution in step (D);
Step (C), Intelligent power distribution terminal is normally carried out corresponding communication message, and returns step (B), processes frame traffic message;
Step (D), the stipulations processing module of Intelligent power distribution terminal according to the authentication that the signature of control command message is signed, if signature authentication passes through, is then returned step (C); If signature authentication failure, then execution in step (E);
Step (E), the Intelligent power distribution terminal refusal is carried out the control command message, and abandons this control command message, ensures the safety of control operation, and returns step (B), processes frame traffic message.
2. the Intelligent power distribution terminal safety protecting method based on asymmetric digital signature identification according to claim 1 is characterized in that: the asymmetric digital signature identification that described step (A) is added the control command message is SM2 or the asymmetric Digital Signature Algorithm of ECC.
3. the Intelligent power distribution terminal safety protecting method based on asymmetric digital signature identification according to claim 1, it is characterized in that: described step (D) is as follows according to the method for the authentication that the signature of control command message is signed,
Step (D1), timestamp and security information that the stipulations processing module of Intelligent power distribution terminal is carried signature, the plaintext of participating in signature and signer in the control command message extract;
Step (D2) is carried out ageing checking in ageing official hour window, if then further checking of execution in step (D3) is passed through in ageing inspection; Otherwise stop to resolve, return the signature authentication failure;
The stipulations processing module of step (D3) Intelligent power distribution terminal uses the signer PKI that loads that the digital signature of control command message is verified, if signature returns signature authentication and passes through by the digital signature authentication module; Otherwise, if signature can not by the digital signature authentication module, return the signature authentication failure.
4. according to claim 1 or 3 described Intelligent power distribution terminal safety protecting methods based on asymmetric digital signature identification, it is characterized in that: described control command message is made of Standards Code communication message section, timestamp security information section and three data segments of digital signature section.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102739973A CN103368742A (en) | 2013-07-02 | 2013-07-02 | Intelligent distribution terminal security protection method based on asymmetric digital signature authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102739973A CN103368742A (en) | 2013-07-02 | 2013-07-02 | Intelligent distribution terminal security protection method based on asymmetric digital signature authentication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103368742A true CN103368742A (en) | 2013-10-23 |
Family
ID=49369340
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013102739973A Pending CN103368742A (en) | 2013-07-02 | 2013-07-02 | Intelligent distribution terminal security protection method based on asymmetric digital signature authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103368742A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104135358A (en) * | 2014-06-11 | 2014-11-05 | 国家电网公司 | A method for executing an SNTP clock calibration on a power distribution terminal based on an asymmetric digital signature |
| CN104579684A (en) * | 2015-01-04 | 2015-04-29 | 成都卫士通信息产业股份有限公司 | SM2 checking algorithm suitable for data of power distribution network |
| CN105094082A (en) * | 2014-05-12 | 2015-11-25 | 罗伯特·博世有限公司 | Method for implementing a communication between control units |
| CN110995729A (en) * | 2019-12-12 | 2020-04-10 | 广东电网有限责任公司电力调度控制中心 | Control system communication method and device based on asymmetric encryption and computer equipment |
| CN111556046A (en) * | 2020-04-24 | 2020-08-18 | 广东纬德信息科技股份有限公司 | Message issuing and uploading method and processing system based on electric power distribution data |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN202856452U (en) * | 2012-04-28 | 2013-04-03 | 成都智达电力自动控制有限公司 | Power distribution network system |
| CN103178956A (en) * | 2011-12-24 | 2013-06-26 | 湖南省电力勘测设计院 | Method for realizing encrypted authentication of distribution automation remote control command |
-
2013
- 2013-07-02 CN CN2013102739973A patent/CN103368742A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103178956A (en) * | 2011-12-24 | 2013-06-26 | 湖南省电力勘测设计院 | Method for realizing encrypted authentication of distribution automation remote control command |
| CN202856452U (en) * | 2012-04-28 | 2013-04-03 | 成都智达电力自动控制有限公司 | Power distribution network system |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105094082A (en) * | 2014-05-12 | 2015-11-25 | 罗伯特·博世有限公司 | Method for implementing a communication between control units |
| CN104135358A (en) * | 2014-06-11 | 2014-11-05 | 国家电网公司 | A method for executing an SNTP clock calibration on a power distribution terminal based on an asymmetric digital signature |
| CN104135358B (en) * | 2014-06-11 | 2017-04-12 | 国家电网公司 | A method for executing an SNTP clock calibration on a power distribution terminal based on an asymmetric digital signature |
| CN104579684A (en) * | 2015-01-04 | 2015-04-29 | 成都卫士通信息产业股份有限公司 | SM2 checking algorithm suitable for data of power distribution network |
| CN104579684B (en) * | 2015-01-04 | 2018-03-02 | 成都卫士通信息产业股份有限公司 | A kind of SM2 checking algorithms suitable for distribution network data |
| CN110995729A (en) * | 2019-12-12 | 2020-04-10 | 广东电网有限责任公司电力调度控制中心 | Control system communication method and device based on asymmetric encryption and computer equipment |
| CN110995729B (en) * | 2019-12-12 | 2022-09-16 | 广东电网有限责任公司电力调度控制中心 | Control system communication method and device based on asymmetric encryption and computer equipment |
| CN111556046A (en) * | 2020-04-24 | 2020-08-18 | 广东纬德信息科技股份有限公司 | Message issuing and uploading method and processing system based on electric power distribution data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103368742A (en) | Intelligent distribution terminal security protection method based on asymmetric digital signature authentication | |
| CN106789015B (en) | Intelligent power distribution network communication safety system | |
| CN202856452U (en) | Power distribution network system | |
| CN110267270B (en) | Identity authentication method for sensor terminal access edge gateway in transformer substation | |
| CN101753312A (en) | Security certification method and security certification device for power grid equipment and negative control terminal | |
| CN103888444A (en) | Distribution safety authentication device and method | |
| CN104506500A (en) | GOOSE message authentication method based on transformer substation | |
| CN104765629A (en) | System application installation method and device | |
| CN104661171A (en) | Small data secure-transmission method and system for MTC device group | |
| CN102724211A (en) | Key agreement method | |
| CN104516334A (en) | Closed-loop control system and method for positive and reverse isolators | |
| CN108075895B (en) | Node permission method and system based on block chain | |
| CN102891850A (en) | Method for preventing parameter resetting in IPSec (IP Security) channel updating | |
| CN104639328A (en) | GOOSE message authentication method and GOOSE (Generic Object Oriented Substation Event) message authentication system | |
| CN104376440A (en) | Automatic power grid dispatching electronic token confirming method based on network token issuing | |
| CN104135358B (en) | A method for executing an SNTP clock calibration on a power distribution terminal based on an asymmetric digital signature | |
| CN104410153B (en) | IEC62351 intelligent substation process layer intelligent electronic device communication method and communication system | |
| CN104639723A (en) | User data terminal and smart system | |
| CN115694931A (en) | Relay protection remote operation and maintenance intrusion prevention and detection method and system | |
| CN114463129A (en) | Global identification generation method and device based on user identification | |
| GB2513764A (en) | Communication protocol for secure communications systems | |
| CN109039381A (en) | A kind of encryption method of the low-voltage power line bandwidth carrier communication for DL/T645 communications protocol | |
| Zhou et al. | Information security defense method of electric power control system based on digital watermark | |
| CN101814987A (en) | Method and system for establishing key between nodes | |
| CN102804724B (en) | The transfer of data of anti-manipulation between automation equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20151008 Address after: Nan Shui Road Gulou District of Nanjing city of Jiangsu Province, No. 8 210003 Applicant after: Nanjing Nari Co., Ltd. Applicant after: NARI Technology Development Co., Ltd. Address before: High road high tech Development Zone Nanjing city Jiangsu province 210061 No. 20 Applicant before: NARI Technology Development Co., Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20131023 |