CN103501293A - Authentication method of terminal credible access in smart power grid - Google Patents
Authentication method of terminal credible access in smart power grid Download PDFInfo
- Publication number
- CN103501293A CN103501293A CN201310441553.6A CN201310441553A CN103501293A CN 103501293 A CN103501293 A CN 103501293A CN 201310441553 A CN201310441553 A CN 201310441553A CN 103501293 A CN103501293 A CN 103501293A
- Authority
- CN
- China
- Prior art keywords
- information
- terminal
- msg
- authentication
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides an authentication method of terminal credible access in a smart power grid. The method comprises the step of deploying a terminal authentication system in the smart power grid according to a hierarchical structure, wherein the topmost layer is an information collecting layer, the middle layer is an information processing layer, the bottom layer is an information authentication layer, the information collecting layer collects the information of a terminal having access to the smart power grid and sends the information to the information processing layer, the information is processed comprehensively through the processing layer and is finally sent to the information authentication layer, and the information authentication layer completely authenticates the information. Structural layering is adopted in the method, the simplicity and expandability of the system deployment are improved, and a flexible communication mechanism and an interactive mechanism of loose coupling characters between systems are achieved. According to the method, the safety of the information of the terminal can be guaranteed, the context privacy of the information of the terminal can be ensured, and the information is prevented form being decoded in the process of communication. In addition, no special requirement for a terminal user exists.
Description
Technical field
The invention belongs to the secure authentication technology field, relate to the safety certification of the trusted end-user access in intelligent grid, be specifically related to the authentication method of trusted end-user access in a kind of intelligent grid.
Background technology
As a branch of Internet of Things, intelligent grid is important public's application network.In recent years, the extensive grid-connected problem of energy shortage, ambient pressure and intermittent regenerative resource, be faced with formidable challenges existing safe operation of electric network and electric power system operation mode, and thus, intelligent grid arises at the historic moment.Intelligent grid is to take the physics electrical network of various generating equipments, transmission and distribution networks, power consumption equipment and energy storage device to be basis, in conjunction with a kind of new network of modern advanced structures such as sensing measurement technology, network technology, mechanics of communication, computing technique, automation and intelligent control technology.Intelligent grid trusted end-user access authentication system is the first protecting wall that intelligent grid connects external network, by it, controls the mode of intelligent grid user access, and ensures that connector's identity is credible, the process safety of access.Intelligent grid is not only a novel solution in the difficult problem of generating, transmission of electricity, distribution and electricity consumption four large key links for solution, is also the important application of Internet of Things.
In order to solve the imbalance of energy resource supply and energy consumption structure, realize the electrical network sustainable development, the research of intelligent grid and practice, be intended to realize large-scale developing and utilizing of the regenerative resources such as wind energy, solar energy, promotes the clean and effective utilance of traditional energy.The intelligent grid technology has informationization, automation, interactive application characteristic, can effectively solve the difficult points such as fail safe in the existing some shortcomings of traditional electrical network, particularly traditional electrical network, reliability, system operation and maintenance cost.Be directed to the historical problem of traditional electrical network, intelligent grid is intended to realize the target of reliable, the safety, economy of electrical network, efficient, environmental friendliness and use safety, realizes the intelligent interaction with the electrical network user, the intelligence of generating, transmission of electricity, electricity consumption and distribution.
Along with operation of power networks and service mode will be carried out great change, the information data interactivity rolls up, the intelligent terminal access way is on the increase, these variations will be introduced a large amount of security risks and new challenge, how to solve intelligent grid trusted end-user access authentication problem and have become the intelligent grid development to be badly in need of the major issue solved.If can't realize the credible access of intelligent grid terminal, the effective development of the intelligent grid that can affect, even may cause the development of intelligent grid to stop.Because traditional credible access authentication method only is aimed at small-sized simple network system, be applied directly in intelligent grid and may cause following some problem: the open nature of (1) wireless channel makes Intelligent electric Netease monitored, cause information in the data transmission in network process easily to be stolen, malicious attacker can be according to the information of stealing, and then counterfeit accessing terminal realizes pretending to be the access electrical network.(2) increasing along with customer volume, take traditional authentication mode, may cause the collapse of Verification System, the process that also likely makes the user authenticate is slow, thereby causes the excessive user of making of system user accumulation to be linked in intelligent grid by authentication normally simultaneously.(3) the conventional authentication mode may directly take end message to carry out authenticating users, may cause so just being tampered before certificate server at communication, causes user profile to be revealed, thereby affects credible, reliable, the fail safe of whole system.
At present, there is a kind of credible access technology can realize the authentic authentication to the access of intelligent grid terminal, but because its system component is too much, the system level complexity, and system lacks reliable autgmentability, cause whole access authentication procedure to become complicated, slowly, can't meet the requirement of the rapid authentication access of intelligent grid large user amount, its huge system configuration of this credible access technology simultaneously, cause the deployment of system can't realize the requirement of intelligent precision, thereby make the Arrested Development of intelligent grid, therefore be necessary to propose a kind of small-sized, reliably, the novel authentication connecting system of safety meets the demand of intelligent grid future development, improve the convenience that the intelligent grid user uses simultaneously, fail safe.
Summary of the invention
In order to overcome the defect existed in above-mentioned prior art, the authentication method that the purpose of this invention is to provide trusted end-user access in a kind of intelligent grid, the method is after the information that receives terminal use's input, through information processing system, a kind of little and efficient embedded computing system, user's input information is carried out to integrated treatment, encrypt, then just communication is given and finally carried out the server of credible access authentication, what the information that realizes was transmitted in network maintains secrecy, reliability, ensure the easy of system in the credible access procedure of intelligent grid simultaneously, the characteristics such as portability, allow intelligent grid trusted end-user access authentication procedure safety, fast, easy.
The present invention adopts following technical scheme to achieve these goals: in a kind of intelligent grid, the authentication method of trusted end-user access comprises the steps:
S1: dispose the hierarchical structure in intelligent grid, wherein the superiors are information gathering layer ICL, are secondly information processing layer IPL, are finally authentification of message layer IAL; Described information gathering layer is connected with the information processing layer, and described information processing layer is connected with the authentification of message layer.
S2: described information gathering layer by information acquisition device to end message T
msggathered and sent to the information processing layer;
S3: the end message T of described information processing layer to receiving
msgand sealed off, processing, encryption, the enciphered message PD that then will process
msgsend to the authentification of message layer;
S4: described authentification of message layer is by the enciphered message PD received
msgbe decrypted, reduce, verify processing, complete the trusted end-user access.
When the present invention utilizes the data synchronized transmission, listener is difficult to the feature that the data content is stolen, the enciphered authentication data scheme that provides a kind of safety easily to dispose.At first, the method is carried out layering by the Verification System of trusted end-user access in intelligent grid, when the simplicity that has improved network design and extensibility, network life cycle and energy control also is improved.Secondly, the method, except ensureing user's data-privacy, can also be guaranteed network user's context privacy, prevents that the corresponding relation of communicating pair from being cracked.This is also very important for the intelligent grid user with sensitive information transmission.Finally, with respect to additive method, to terminal user, without specific (special) requirements, the validated user of each intelligent grid can both guarantee by the present invention the safety of information in the communication interaction process, meets the actual demand that intelligent grid is used.
The present invention is directed to the process of the credible access security authentication of intelligent grid terminal use, to information of terminal user processed, encryption, then by communication to the access authentication server, can realize information integrity, fail safe in data transmission procedure, simple and be easy to realize.
Further, the concrete steps of above-mentioned steps S2 comprise in the present invention:
S21: terminal receives user's input information, and user's input information is carried out to the terminal type judgement.
S22: according to the terminal type judged result, to each terminal, gather the information corresponding with this terminal; Terminal type comprises platform terminal and user terminal; Whether, if the platform terminal access, the security information of acquisition platform, comprise whether opening fire compartment wall, install and specify antivirus software etc., if the user terminal access gathers user identity ID, user password etc.
S23: the information that step S22 is gathered is carried out integrity verification, if, by checking, be end message T by the Information encapsulation of collection
msg, and send to the information processing layer; Otherwise refuse this terminal access electrical network, and judge this terminal login times, if login times surpasses pre-determined number, just this terminal is added blacklist to lock this terminal ending message gatherer process, if do not surpass directly finish the information gathering process this time.End message T
msgcomprise user terminal information U
cmsgwith platform terminal information P
cmsg.
Further, in above-mentioned steps S21, the method for terminal type judgement is: user's input information and the effective form of user's input information that terminal is received carry out the canonical checking, if user's input information is invalid, the timestamp of current user's input information is preserved, the error flag MF of this terminal is increased certainly simultaneously, and check in continuous two timestamps the increment of error flag MF, when increment is greater than a preset value, by this terminal locking; Otherwise, by checking, the timestamp of preservation being emptied, error flag MF makes zero, and judges that according to the terminal class field in user's input information this terminal is platform terminal or user terminal.
Further again, the method of stating terminal locking is: when terminal in Preset Time after the continuous several times authentification failure, this terminal authentication information is added in the blacklist file, when each terminal authentication starts, inquire about this blacklist file, authenticated if this terminal authentication information in the blacklist file, is directly refused this terminal, and regularly arranged once this blacklist file.
And then, the method of above-mentioned arrangement blacklist file is: when terminal authentication information adds the blacklist file, the joining day stamp, simultaneously, information acquisition device, every 1 hour or when new terminal wish access electrical network is arranged, is contrasted the timestamp of preserving in the blacklist file, when the time spacing at 24 hours or when above, this terminal authentication information is deleted from the blacklist file, remove this user's locking.
The present invention tentatively gathers information of terminal user by the information gathering layer, and the validity of information format is carried out to preliminary authentication simultaneously, realize the first protecting wall of Verification System, the workload of one deck under the minimizing system, and improved the extensibility of system.
Further, the concrete steps of above-mentioned steps S3 are in the present invention:
S31: the message recipient receiving terminal information T in the information processing layer
msg, according to the end message T received
msgproduce the notifications instruction, when sending instruction, judge whether this instruction is the notifications instructions, if it is this instruction is sent to the Information generation device, making the Information generation device understand has new terminal to be accessed, otherwise instruction is sent to the information integrator.
S32: after the Information generation device is received the instruction of message recipient, concurrent working produces random length random number Vlrn, then sends to respectively information integrator and Information Authentication layer.
S33: the information integrator receives end message T
msgafter, it is split as to two sections, the random length random number Vlrn that then the outstanding message maker produces, the Information generation device produces the most at last random length random number Vlrn and end message T
msgbe combined into, by encryption, send to the Information Authentication layer.
Further, the method that above-mentioned Information generation device produces random length random number Vlrn is: the Information generation device is after receiving new terminal access notice, the concurrent working simultaneously of Information generation device, generate 1-128 position random length random string, then random string be packaged into to reducible random length random number Vlrn and send to respectively the Information Authentication layer and the information integrator.
Further again, the method that above-mentioned Information generation device generates 1-128 position random length random string is: the random digit that produces a 1-128 position size by timestamp, by this random digit, the character of the described random digit number of times of random selection from random character, form respectively the upper and lower case letter by all random selections, the character string Vlrn1 that numbers and symbols forms, character string Vlrn2 and character string Vlrn3, then by character string Vlrn1, character string Vlrn2 and character string Vlrn3 are spliced into a complete random string, so just, produce 1-128 position random length random string.
Further, in above-mentioned steps S33, the method for the synthetic final information of information integrator is: by end message T
msgsplit into F
msgand L
msgtwo parts, 3 different random length random string Vlrn1 that the Information generation device is generated, character string Vlrn2, character string Vlrn3 are respectively by the order and the F that encapsulate
msgand L
msgafter being merged into new final information, by public key encryption K
p?<PD
msg}=K
p?<Vlrn1, F
msg, Vlrn2, L
msg, Vlrn3}, obtain enciphered message PD
msg, finally send to the Information Authentication layer.
The present invention is for further processing to information of terminal user by the information processing layer, encryption, allowing user profile obtain processing just is sent in network and goes later, make user profile to be stolen in network, increased fail safe, the reliability of user profile in network transmission process.
Further, step S4 specifically comprises the steps: in the present invention
S41: authentication server receives the random length random number Vlrn of Information generation device generation in the information processing layer and the enciphered message PD that the information integrator produces
msg;
S42: by enciphered message PD
msgbe decrypted, simultaneously according to random length random number Vlrn by enciphered message PD
msgsplit, restored end message T
msg;
S43: by end message T
msgwith canned data in authentication server, contrasted, if this end message T
msgcredible, allow this terminal access electrical network, otherwise refuse this terminal access electrical network.
Further, the above-mentioned former end message T that goes out
msgstep be: at first utilize PKI to the former end message T of going out
msgbe decrypted, the random length random number Vlrn then received according to the Information Authentication layer, be split into 5 parts by the information obtained after deciphering, comprises Vlrn1, F
msg, Vlrn2, L
msg, Vlrn3, then by F
msgand L
msgbe reduced to end message T
msg.
By the time after the end message of reduction, the information of the lane database in end message and authentication server is carried out to contrast verification, if there is this end message, authentication success, otherwise unsuccessfully.
The present invention carries out decompiling by the information processing layer to the information of processing, and restores real user profile, takes senior authentication mode simultaneously, improves efficiency and the safety of the credible access authentication of user.
The present invention is sent to authentication server by information of terminal user processes, after encryption again and is verified, has improved the fail safe of user profile in network transmission process, has improved the efficiency of user profile proof procedure simultaneously.
The present invention is based on intelligent grid user characteristic and data characteristic, with succinct, efficient processing, cipher mode, user profile is processed, then just user profile is transferred in network, ensure the fail safe of user profile in network transmission process, realized the credible of intelligent grid terminal access authentication process.The structure of hierarchy type makes system easily set up and dispose, and makes the system division of labor clear and definite simultaneously, has improved the computational efficiency of system.
Additional aspect of the present invention and advantage will part provide in the description of specific embodiment, and part will become obviously from the description of specific embodiment, or recognize by practice of the present invention.
The accompanying drawing explanation
Above-mentioned and/or additional aspect of the present invention and advantage are from obviously and easily understanding becoming the description of embodiment in conjunction with following accompanying drawing.
Fig. 1 is the structural representation that in intelligent grid of the present invention, trusted end-user enters Verification System;
Fig. 2 is information gathering layer Information Monitoring flow chart of the present invention;
Fig. 3 is information processing layer process information flow process figure of the present invention;
Fig. 4 is Information Authentication layer authorization information flow chart of the present invention.
Embodiment
Below describe embodiments of the invention in detail, the example of described embodiment is shown in the drawings, and wherein same or similar label means same or similar flow process or has same or similar method from start to finish.Be exemplary below by the embodiment be described with reference to the drawings, only for explaining the present invention, and can not be interpreted as limitation of the present invention.
In description of the invention, unless otherwise prescribed and limit, it should be noted that, term " installation ", " being connected ", " connection " should be done broad understanding, for example, connection between system level, can be also the connection of two level inside, can be directly to be connected, and also can indirectly be connected by intermediary, for the ordinary skill in the art, can understand as the case may be the concrete meaning of above-mentioned term.
The invention provides the authentication method of trusted end-user access in a kind of intelligent grid, it comprises the steps:
The first step: dispose the body area network system according to hierarchical structure, the superiors are information gathering layer (ICL); Next is information processing layer (IPL); Finally authentification of message layer (IAL); The information gathering layer gathers the end message of wish access, information is sent to the information processing layer, after processing layer, information obtains integrated treatment, and finally sends to the authentification of message layer, in authentication layers, will carry out complete authentication to information, as shown in Figure 1, concrete steps are:
S1: according to hierarchical structure, dispose terminal authentication system in intelligent grid, described Verification System comprises information gathering layer (ICL), information processing layer (IPL) and authentification of message layer (IAL) respectively, described information gathering layer is connected with the information processing layer, and described information processing layer is connected with the authentification of message layer;
S2: described information gathering layer is to end message T
msggathered and sent to the information processing layer;
S3: the end message T of described information processing layer to receiving
msgsealed off, processing, encryption, the enciphered message PD processed the most at last
msgsend to the authentification of message layer;
S4: described authentification of message layer is by received enciphered message PD
msgbe decrypted, reduce, verify, complete the authentication of trusted end-user access.
Information acquisition device comprises acquisition terminal information, end message validity is verified etc. to function, the information processing layer comprises message recipient, Information generation device and information integrator, complete respectively reception, transmission, processing, the encryption of information, the function of integration, the Information Authentication layer is comprised of authentication server, and the information that can cross processing is carried out decompiling, restore original information, complete the authentication of credible access simultaneously.
Second step: the information gathering layer is gathered end message, and its idiographic flow is as shown in 2, and the information gathering layer is to end message T
msggathered and send to the step of information processing layer to be:
S21: terminal receives user's input information, and user's input information is carried out to the terminal type judgement;
S22: according to the terminal type judged result, to different terminals, gather different information.Whether, if the platform terminal access, the security information of acquisition platform, comprise whether opening fire compartment wall, install and specify antivirus software etc., if the user terminal access gathers user identity ID, user password etc.;
S23: the information gathered is carried out to integrity verification, if, by checking, the information of collection is encapsulated, be packaged into respectively user terminal U
cmsgperhaps platform terminal information P
cmsgand send to the information processing layer, otherwise refuse this terminal connecting system, and judge whether repeatedly repeat logon of this terminal, if just this terminal is added blacklist to lock this terminal use ending message gatherer process, if not directly finishing the information gathering process this time.
In a kind of preferred implementation of the present invention, described information acquisition device carries out terminal type judgement method to receiving user's input information is: with the effective form of user profile, carry out the canonical checking, if user's input information not in valid format, current user is stabbed and preserved input time, this user's error flag (MF) is increased certainly simultaneously, and check in continuous two timestamps the increment of error flag (MF), when increment is greater than certain value, by this Subscriber Locked.Otherwise, by checking, the timestamp of preservation being emptied, error flag makes zero (MF), and judges that according to terminal class field in information this user is platform terminal or user terminal.
In a kind of preferred implementation of the present invention, described locking user's method is: as the user continuously at short notice repeatedly after authentification failure, this user's authentication information is added in the blacklist file, each user authenticates while starting, inquire about this blacklist file, authenticated if this user's authentication information in the middle of the blacklist file, is directly refused this user, and regularly, arrange once this blacklist file.
In a kind of preferred implementation of the present invention, the method of described arrangement and blacklist file is: when user authentication information adds blacklist, the joining day stamp, simultaneously, information acquisition device, every 1 hour or when having new terminal to want connecting system, is contrasted the timestamp of preserving in the blacklist file, when the time spacing at 24 hours or when above, this user profile is deleted from blacklist, remove this user's locking.
The information gathering layer, groundwork is gathered end message, yet in order to strengthen the robustness of system safety, added simple information integrity check, by invalid, the direct removal system access procedure of the information of malicious attack, and the terminal access procedure is monitored, prevent the continuity of terminal, high-intensity repeat attack.
The 3rd step: the information processing layer is after receiving the collection of information gathering layer packaged information, end message is further processed, is then sending to the Information Authentication layer to carry out the checking of information, its flow chart is as Fig. 3, shown in the present embodiment, the information U of information processing layer to receiving
cmsgor P
cmsgsealed off, processing, encryption, the information PD processed the most at last
msgsend to the step of authentification of message layer to be:
S31: the message recipient in the information processing layer is responsible for receiving terminal information, according to the information creating system notification instruction received, when the information of transmission, judge whether this information is the notifications instructions, if it is this information is sent to the Information generation device, making the Information generation device understand has new terminal to be accessed, otherwise information is sent to the information integrator;
S32: after information production device is received the notice of message recipient, concurrent working produces the random number Vlrn of random length, then comprehensively sends to information integrator and Information Authentication layer;
S33: after the information integrator receives end message, it is split as to two sections, the Vlrn that then the outstanding message maker is produced, the Information generation device produces the most at last Vlrn and end message are combined into, and by encryption, send to the Information Authentication layer.
In a kind of preferred implementation of the present invention, the method that described Information generation device produces random length random number Vlrn is: the Information generation device is after receiving new terminal access notice, three computing element concurrent workings simultaneously, produce the random string of 1-128 position random length, comprise character string Vlrn1, Vlrn2 and Vlrn3 that all upper and lower case letters, numbers and symbols form, then the character of parameter be packaged into to reducible complete character string Vlrn and send to respectively the Information Authentication layer and the information integrator.
In a kind of preferred implementation of the present invention, the method for the synthetic final information of described information integrator is: after end message is divided into to two parts, be respectively F
msgand L
msg, 3 different random length random string Vlrn1 that the Information generation device is generated, Vlrn2, Vlrn3 are merged into PD by the order of encapsulation with the end message of fractionation respectively
msg, after forming new final information, by public key encryption information K
p?<PD
msg}=K
p?<Vlrn1, F
msg, Vlrn2, L
msg, Vlrn3}, finally send to the Information Authentication layer.
In another kind of preferred implementation of the present invention, the method that described Information generation device generates 1-128 position random length random string is: the random digit that produces a 1-128 position size by timestamp, by this random digit, character from a pile random character the inside this digital number of times of random selection, and be spliced into a complete random string, so just can produce the random string of comprising of one group of random length of all upper and lower case letters, numbers and symbols.
The 4th step: the Information Authentication layer carries out a series of decompiling after receiving the information of processing, the information of processing is reduced, finally verified, its flow chart as shown in Figure 4, the authentification of message layer is decrypted received data, reduce, verify, the step that completes the authentication of trusted end-user access is:
S41: authentication server receives the information of the processing of Vlrn that Information generation device in the information processing layer produces and the production of information integrator;
S42: the information that will process is decrypted, and according to Vlrn, information is split, and restores end message simultaneously;
S43: canned data in end message and authentication server is contrasted, if this end message is credible, allow this terminal access electrical network, otherwise refuse this user, access electrical network.
The present invention carries out decompiling by the information processing layer to the information of processing, and restores real user profile, takes senior authentication mode simultaneously, improves efficiency and the safety of the credible access authentication of user.
In a kind of preferred implementation of the present invention, the method for described authentication server reduction end message is: after receiving the final information of processing, at first utilize PKI to be decrypted information, obtain composite signal PD
msg, then, according to receiving packaged Vlrn, composite signal is split into to 5 part Vlrn1, F
msg, Vlrn2, L
msg, Vlrn3, comprising three parts and end message two parts of Vlrn, and be reduced to end message T by end message two parts
msg.
By the time after the end message of reduction, the information of the lane database in end message and authentication server is carried out to contrast verification, if there is this end message, authentication success, otherwise unsuccessfully.
The present invention is based on intelligent grid user characteristic and data characteristic, with succinct, efficient processing, cipher mode, user profile is processed, then just user profile is transferred in network, ensure the fail safe of user profile in network transmission process, realized the credible of intelligent grid terminal access authentication process.The structure of hierarchy type makes system easily set up and dispose, and makes the system division of labor clear and definite simultaneously, has improved the computational efficiency of system.
Although illustrated and described embodiments of the invention; those having ordinary skill in the art will appreciate that: in the situation that do not break away from principle of the present invention and aim can be carried out multiple variation, modification, replacement and modification to these embodiment, these variations, modification, replacement and modification do not exceed protection scope of the present invention.
Claims (11)
1. the authentication method of trusted end-user access in an intelligent grid, is characterized in that, comprises the steps:
S1: dispose the hierarchical structure in intelligent grid, wherein the superiors are information gathering layers, are secondly the information processing layers, are finally the authentification of message layers;
S2: described information gathering layer by information acquisition device to end message T
msggathered and sent to the information processing layer;
S3: the end message T of described information processing layer to receiving
msgand sealed off, processing, encryption, the enciphered message PD that then will process
msgsend to the authentification of message layer;
S4: described authentification of message layer is by the enciphered message PD received
msgbe decrypted, reduce, verify processing, complete the trusted end-user access.
2. the authentication method of trusted end-user access in a kind of intelligent grid according to claim 1, is characterized in that, described step S2 comprises the steps:
S21: terminal receives user's input information, and user's input information is carried out to the terminal type judgement;
S22: according to the terminal type judged result, to each terminal, gather the information corresponding with this terminal; Terminal type comprises platform terminal and user terminal;
S23: the information that step S22 is gathered is carried out integrity verification, if, by checking, be end message T by the Information encapsulation of collection
msg, and send to the information processing layer; Otherwise refuse this terminal access electrical network, and judge this terminal login times, if login times surpasses pre-determined number, just this terminal is added blacklist to lock this terminal ending message gatherer process, if do not surpass directly finish the information gathering process this time.
3. the authentication method of trusted end-user access in a kind of intelligent grid according to claim 2, it is characterized in that, in described step S21, the method for terminal type judgement is: user's input information and the effective form of user's input information that terminal is received carry out the canonical checking, if user's input information is invalid, the timestamp of current user's input information is preserved, the error flag MF of this terminal is increased certainly simultaneously, and check in continuous two timestamps, the increment of error flag MF, when increment is greater than a preset value, by this terminal locking; Otherwise, by checking, the timestamp of preservation being emptied, error flag MF makes zero, and judges that according to the terminal class field in user's input information this terminal is platform terminal or user terminal.
4. the authentication method of trusted end-user access in a kind of intelligent grid according to claim 3, it is characterized in that, the method of described terminal locking is: when terminal in Preset Time after the continuous several times authentification failure, this terminal authentication information is added in the blacklist file, when each terminal authentication starts, inquire about this blacklist file, if this terminal authentication information is in the blacklist file, directly refuse this terminal and authenticated, and regularly arrange once this blacklist file.
5. the authentication method of trusted end-user access in a kind of intelligent grid according to claim 4, it is characterized in that, the method of described arrangement blacklist file is: when terminal authentication information adds the blacklist file, the joining day stamp, simultaneously, information acquisition device is every 1 hour or when new terminal wish access electrical network is arranged, the timestamp of preserving in the blacklist file is contrasted, when the time spacing at 24 hours or when above, this terminal authentication information is deleted from the blacklist file, remove this user's locking.
6. the authentication method of trusted end-user access in a kind of intelligent grid according to claim 1, is characterized in that, described step S3 is specially:
S31: the message recipient receiving terminal information T in the information processing layer
msg, according to the end message T received
msgproduce the notifications instruction, when sending instruction, judge that whether this instruction is the notifications instructions, if it is sends to the Information generation device by this instruction, otherwise instruction is sent to the information integrator;
S32: after the Information generation device is received the instruction of message recipient, produce random length random number Vlrn, then send to respectively information integrator and Information Authentication layer;
S33: the information integrator receives end message T
msgafter, it is split as to two sections, the random length random number Vlrn that then the outstanding message maker produces, the Information generation device produces the most at last random length random number Vlrn and end message T
msgbe combined into, by encryption, send to the Information Authentication layer.
7. the authentication method of trusted end-user access in a kind of intelligent grid according to claim 6, it is characterized in that, the method that described Information generation device produces random length random number Vlrn is: the Information generation device is after receiving new terminal access notice, concurrent working simultaneously, generate 1-128 position random length random string, then random string be packaged into to reducible random length random number Vlrn and send to respectively the Information Authentication layer and the information integrator.
8. the authentication method of trusted end-user access in a kind of intelligent grid according to claim 7, it is characterized in that, the method that described Information generation device generates 1-128 position random length random string is: the random digit that produces a 1-128 position size by timestamp, by this random digit, the character of the described random digit number of times of random selection from random character, form respectively the upper and lower case letter by all random selections, the character string Vlrn1 that numbers and symbols forms, character string Vlrn2 and character string Vlrn3, then by character string Vlrn1, character string Vlrn2 and character string Vlrn3 are spliced into a complete random string, so just, produce 1-128 position random length random string.
9. the authentication method of trusted end-user access in a kind of intelligent grid according to claim 6, is characterized in that, in described step S33, the method for the synthetic final information of information integrator is: by end message T
msgsplit into F
msgand L
msgtwo parts, 3 different random length random string Vlrn1 that the Information generation device is generated, character string Vlrn2, character string Vlrn3 are respectively by the order and the F that encapsulate
msgand L
msgafter being merged into new final information, by public key encryption K
p?<PD
msg}=K
p?<Vlrn1, F
msg, Vlrn2, L
msg, Vlrn3}, obtain enciphered message PD
msg, finally send to the Information Authentication layer.
10. the authentication method of trusted end-user access in a kind of intelligent grid according to claim 1, is characterized in that, step S4 specifically comprises the steps:
S41: authentication server receives the random length random number Vlrn of Information generation device generation in the information processing layer and the enciphered message PD that the information integrator produces
msg;
S42: by enciphered message PD
msgbe decrypted, simultaneously according to random length random number Vlrn by enciphered message PD
msgsplit, restored end message T
msg;
S43: by end message T
msgwith canned data in authentication server, contrasted, if this end message T
msgcredible, allow this terminal access electrical network, otherwise refuse this terminal access electrical network.
11. the authentication method of trusted end-user access in a kind of intelligent grid, is characterized in that according to claim 10, the described former end message T that goes out
msgstep be: at first utilize PKI to the former end message T of going out
msgbe decrypted, the random length random number Vlrn then received according to the Information Authentication layer, be split into 5 parts by the information obtained after deciphering, comprises Vlrn1, F
msg, Vlrn2, L
msg, Vlrn3, then by F
msgand L
msgbe reduced to end message T
msg.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310441553.6A CN103501293B (en) | 2013-09-25 | 2013-09-25 | The authentication method that trusted end-user is accessed in a kind of intelligent grid |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310441553.6A CN103501293B (en) | 2013-09-25 | 2013-09-25 | The authentication method that trusted end-user is accessed in a kind of intelligent grid |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103501293A true CN103501293A (en) | 2014-01-08 |
| CN103501293B CN103501293B (en) | 2017-06-13 |
Family
ID=49866465
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310441553.6A Expired - Fee Related CN103501293B (en) | 2013-09-25 | 2013-09-25 | The authentication method that trusted end-user is accessed in a kind of intelligent grid |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103501293B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104580260A (en) * | 2015-02-10 | 2015-04-29 | 成都英力拓信息技术有限公司 | Safety method applicable to intelligent terminal of internet of things |
| CN105578463A (en) * | 2015-07-22 | 2016-05-11 | 宇龙计算机通信科技(深圳)有限公司 | Double connection secure communication method and device |
| CN107819631A (en) * | 2017-11-23 | 2018-03-20 | 东软集团股份有限公司 | A kind of unit exception detection method, device and equipment |
| CN109066981A (en) * | 2018-08-22 | 2018-12-21 | 国网江西省电力有限公司经济技术研究院 | Information safety monitoring method for medium voltage distribution network |
| CN110138780A (en) * | 2019-05-15 | 2019-08-16 | 四川长虹电器股份有限公司 | A method of internet-of-things terminal threat detection is realized based on probe technique |
| CN111682935A (en) * | 2020-05-20 | 2020-09-18 | 广东志远科技有限公司 | Method and system for addressing random encryption |
| CN112199644A (en) * | 2020-10-09 | 2021-01-08 | 平安科技(深圳)有限公司 | Mobile terminal application program safety detection method, system, terminal and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102045340A (en) * | 2010-10-15 | 2011-05-04 | 国家电网公司 | Secure data exchange method and system for electric vehicle and charging and exchanging power station |
| CN102905255A (en) * | 2012-09-13 | 2013-01-30 | 中国电力科学研究院 | Embedded-system-based charging facility data acquisition terminal |
| CN102916809A (en) * | 2012-10-29 | 2013-02-06 | 西安交通大学 | Dynamic authentication method for intelligent power network control command based on state estimation |
-
2013
- 2013-09-25 CN CN201310441553.6A patent/CN103501293B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102045340A (en) * | 2010-10-15 | 2011-05-04 | 国家电网公司 | Secure data exchange method and system for electric vehicle and charging and exchanging power station |
| CN102905255A (en) * | 2012-09-13 | 2013-01-30 | 中国电力科学研究院 | Embedded-system-based charging facility data acquisition terminal |
| CN102916809A (en) * | 2012-10-29 | 2013-02-06 | 西安交通大学 | Dynamic authentication method for intelligent power network control command based on state estimation |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104580260A (en) * | 2015-02-10 | 2015-04-29 | 成都英力拓信息技术有限公司 | Safety method applicable to intelligent terminal of internet of things |
| CN104580260B (en) * | 2015-02-10 | 2017-08-11 | 成都英力拓信息技术有限公司 | A kind of safety method suitable for Intelligent terminal for Internet of things |
| CN105578463A (en) * | 2015-07-22 | 2016-05-11 | 宇龙计算机通信科技(深圳)有限公司 | Double connection secure communication method and device |
| CN107819631A (en) * | 2017-11-23 | 2018-03-20 | 东软集团股份有限公司 | A kind of unit exception detection method, device and equipment |
| CN107819631B (en) * | 2017-11-23 | 2021-03-02 | 东软集团股份有限公司 | Equipment anomaly detection method, device and equipment |
| CN109066981A (en) * | 2018-08-22 | 2018-12-21 | 国网江西省电力有限公司经济技术研究院 | Information safety monitoring method for medium voltage distribution network |
| CN109066981B (en) * | 2018-08-22 | 2021-08-17 | 国网江西省电力有限公司经济技术研究院 | Information safety monitoring method for medium-voltage distribution network |
| CN110138780A (en) * | 2019-05-15 | 2019-08-16 | 四川长虹电器股份有限公司 | A method of internet-of-things terminal threat detection is realized based on probe technique |
| CN110138780B (en) * | 2019-05-15 | 2021-04-06 | 四川长虹电器股份有限公司 | Method for realizing Internet of things terminal threat detection based on probe technology |
| CN111682935A (en) * | 2020-05-20 | 2020-09-18 | 广东志远科技有限公司 | Method and system for addressing random encryption |
| CN112199644A (en) * | 2020-10-09 | 2021-01-08 | 平安科技(深圳)有限公司 | Mobile terminal application program safety detection method, system, terminal and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103501293B (en) | 2017-06-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103501293A (en) | Authentication method of terminal credible access in smart power grid | |
| CN106789015B (en) | Intelligent power distribution network communication safety system | |
| US8918639B2 (en) | Smarter leveraging of the power grid to substantially improve security of distributed systems via a control plane data communication network over the smart power grid | |
| CN110267270B (en) | Identity authentication method for sensor terminal access edge gateway in transformer substation | |
| CN112118106B (en) | Lightweight end-to-end secure communication authentication method based on identification password | |
| CN111711686A (en) | Safety protection method based on power distribution terminal | |
| CN103491093A (en) | Smart power grid user access authorization method | |
| WO2024027070A1 (en) | Terminal device authentication method and system based on identification public key, and computer-readable storage medium | |
| CN104506500A (en) | GOOSE message authentication method based on transformer substation | |
| CN111447067A (en) | Encryption authentication method for power sensing equipment | |
| CN115065469B (en) | Data interaction method and device for power internet of things and storage medium | |
| CN212486798U (en) | Electric power sensing equipment based on block chain technology | |
| CN111435390A (en) | Safety protection method for operation and maintenance tool of power distribution terminal | |
| CN105471901A (en) | Industrial information security authentication system | |
| CN109743174A (en) | The monitoring and managing method that electric power monitoring security management and control system program updates | |
| CN103647788A (en) | Node safety authentication method in smart grid | |
| CN105099699A (en) | Safe and high-efficiency communication method based on equipment of Internet of things and system | |
| CN111435389A (en) | Power distribution terminal operation and maintenance tool safety protection system | |
| CN112039654A (en) | Electric meter data security acquisition method for resisting man-in-the-middle attack | |
| CN111045704A (en) | Method and equipment for safely upgrading high-end AMI (advanced metering infrastructure) acquisition and analysis equipment of smart grid | |
| CN114859810A (en) | System and method for safely downloading configuration engineering | |
| CN114139123A (en) | Intelligent electric meter safety access method and system based on ECC accumulator | |
| CN112202549A (en) | Charging management method, charging terminal data processing method and charging management platform data processing method | |
| Salpekar | Protecting smart grid and advanced metering infrastructure | |
| Zhang et al. | Design and Implementation of IEC61850 Communication Security Protection Scheme for Smart Substation based on Bilinear Function |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170613 Termination date: 20210925 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |