CN104038931A - LTE (Long Term Evolution) network based power distribution and utilization communication system and communication method thereof - Google Patents
LTE (Long Term Evolution) network based power distribution and utilization communication system and communication method thereof Download PDFInfo
- Publication number
- CN104038931A CN104038931A CN201410220554.2A CN201410220554A CN104038931A CN 104038931 A CN104038931 A CN 104038931A CN 201410220554 A CN201410220554 A CN 201410220554A CN 104038931 A CN104038931 A CN 104038931A
- Authority
- CN
- China
- Prior art keywords
- tunnel
- point device
- l2tp
- insertion point
- configuration parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a LTE (Long Term Evolution) network based power distribution and utilization communication system and a communication method thereof. The communication method of the LTE network based power distribution and utilization communication system comprises that a power distribution and utilization terminal sends communication data after session key encryption to network access point equipment; the network access point equipment decodes the communication data through a session key, performs L2TP (Layer 2 Tunnel Protocol) packaging on the decoded communication data according to an L2TP tunnel configuration negotiation result and sends an L2TP data packet generated by packaging to a master station server; the master station server analyzes the communication data from the received L2TP data packet according to the L2TP tunnel configuration negotiation result. The session key is formed by the network access point equipment according to a public key, a private key and a key negotiation parameter; the L2TP tunnel configuration negotiation result is formed by the network access point equipment according to a first tunnel configuration parameter and a third tunnel configuration parameter which are sent from the power distribution terminal and the master station server. The communication method of the LTE network based power distribution and utilization communication system can improve the safe reliability of the power distribution and utilization communication system.
Description
Technical field
The present invention relates to intelligent grid technical field, relate in particular to a kind of adapted electrical communication system and communication means thereof based on LTE network.
Background technology
Intelligent grid is as the direction of following power network development, and it is the target that is based upon reliable, the safety that realizes electrical network on the basis of integrated, high-speed bidirectional communication network, economy, efficient, environmental friendliness and use safety.In practical application, in intelligent grid, mainly comprise distribution business and intelligent power service system, can be referred to as the adapted electric industry business of intelligent grid.Wherein, the main website that distribution business relates generally in electric power system carries out Real-Time Monitoring and control to distribution terminals such as the transformer station in electric power system, on-pole switch, distribution transformers; And the main business of intelligent power service system is main website in electric power system, the electric terminal that is positioned at user's side in electric power system is carried out to service data acquisition, monitoring and issue; Distribution terminal and electric terminal can be referred to as adapted electric terminals, and the two-way communication between adapted electric terminals and main website has very high requirement to real-time and the reliable and secure property of communication.
Existingly can form adapted electrical communication system by dispose the own cable network of electric power system between adapted electric terminals and main website, realize the two-way communication between adapted electric terminals and main website.But, because electric terminal is distributed in whole distribution network with low pressure electricity consumption line alignment, number of nodes is much larger than distribution terminal nodes, but also there is the situation that node disperses, part of nodes is difficult to be deployed with spider lines, cause above-mentioned adapted electrical communication system to have the deficiency that network construction cost is high, networking complexity is high.
In order to reduce network construction cost and complexity, existingly also propose a kind ofly by introducing the adapted electrical communication system of the own network of non-electricity system, it mainly comprises: adapted electric terminals, wireless access network base station and main website; Wherein, wireless access network base station mainly refers to 2G (the second-generation wireless telephone technology, second generation mobile communication technology), 3G (the3rd generation elecommunication, the 3rd third-generation mobile communication technology), the base station of the wireless access network such as LTE (long term evolution, Long Term Evolution).In practical application, the communication process of above-mentioned adapted electrical communication system mainly comprises: after adapted electric terminals and wireless access network base station connect, access wireless access network by base station, and connect with main website, and then, can pass through base station, wireless access network and realize the data communication between main website.But, in above-mentioned communication process, there is the safety problem of wireless access network, for example, the key algorithm of 2G network is easily cracked, and causes communication to be ravesdropping; 3G network is due to the certification lacking base station, and cheat the base station that may be forged; And though LTE has double-deck encryption system, can carry out bilayer to the host-host protocol between base station, base station and main website encrypts, but, the encryption of its base station to Non-Access Stratum is optional, in reality, may not enable, cause adapted electric terminals to be easily subject to invasion and the common pressure conversion attack threat of wireless access network.That is to say, existing low by introducing risk, reliability that the security facing of adapted electrical communication system of the own network of non-electricity system is a lot of.
In sum, existing adapted electrical communication system exists that network construction cost is high, complexity is high and the deficiency such as fail safe is low, therefore, be necessary the adapted electrical communication system of the security reliability that the two-way communication between a kind of adapted electric terminals and main website that can improve in electric power system is provided.
Summary of the invention
The embodiment of the present invention provides a kind of adapted electrical communication system and communication means thereof based on LTE network, in order to improve the security reliability of adapted electrical communication system.
According to an aspect of the present invention, provide a kind of communication means of the adapted electrical communication system based on LTE network, having comprised:
Adapted electric terminals sends the session request that carries key agreement parameter to network insertion point device;
Network insertion point device receives after described session request, and according to PKI, pre-stored private key and described key agreement parameter, session key generation returns to described adapted electric terminals;
Adapted electric terminals receives after described session key, sends the layer 2 tunneling protocol L2TP Tunnel foundation request carrying through the first tunnel configuration parameter of described session key to described network insertion point device;
Network insertion point device receives described L2TP Tunnel and sets up request, therefrom resolves, decrypts the first tunnel configuration parameter, and obtain the second tunnel configuration parameter from main website server; According to the first tunnel configuration parameter and the second tunnel configuration parameter, generate L2TP Tunnel configuring negotiation result and send to described main website server, and return to described adapted electric terminals the response message that tunnel is successfully established;
Adapted electric terminals receives after the response message that described tunnel is successfully established, and will be sent to network insertion point device through the communication data of session key;
Described in Network Access Point equipment utilization, session key decrypts communication data, and according to described L2TP Tunnel configuring negotiation result, the communication data decrypting is carried out being sent to described main website server after L2TP encapsulation;
Main website server, according to described L2TP Tunnel configuring negotiation result, parses described communication data from the L2TP packet receiving.
Preferably, described adapted electric terminals sends the session request that carries key agreement parameter to network insertion point device, specifically comprise:
The session request carrying through the key agreement parameter of public key encryption is sent to network insertion point device by adapted electric terminals; And
Described network insertion point device receives after described session request, and according to PKI, pre-stored private key and described key agreement parameter, session key generation, specifically comprises:
Network insertion point device parses the key agreement parameter through public key encryption from described session request, and utilizes pre-stored private key to be decrypted the described key agreement parameter through public key encryption, obtains key agreement parameter; According to described PKI, described private key and described key agreement parameter, according to default Long Term Evolution LTE cryptographic algorithm, session key generation.
Preferably, described PKI is specially the identification information of described network insertion point device; And
,, before session key generation, also comprise according to PKI, pre-stored private key and described key agreement parameter described:
Network insertion point device receives after described session request, and the identification information of himself is sent to private key maker;
Private key maker receives the identification information that network insertion point device sends, and from storing the private key storehouse of identification information of the each access point of LTE network, find out the private key corresponding with the identification information receiving, and the private key finding out is sent to network insertion point device.
Preferably, described network insertion point device receives described L2TP Tunnel and sets up request, therefrom resolves, decrypts the first tunnel configuration parameter, and obtain the second tunnel configuration parameter from main website server, specifically comprises:
Network insertion point device is set up request and is parsed after the first tunnel configuration parameter of described session key from described L2TP Tunnel, utilize described session key to decrypt the first tunnel configuration parameter, and be sent to main website server after the first tunnel configuration parameter decrypting is packaged in L2TP Tunnel connection request;
Main website server parses the first tunnel configuration parameter from described L2TP Tunnel connection request, and sends to network insertion point device the L2TP Tunnel connection response information that carries the second tunnel configuration parameter corresponding with described the first tunnel configuration parameter;
Network insertion point device parses the second tunnel configuration parameter from described L2TP Tunnel connection response information.
Preferably, described adapted electric terminals receives after described session key, described return to the response message that tunnel is successfully established to described adapted electric terminals before, also comprise:
Adapted electric terminals sends the internet security agreement ipsec tunnel foundation request carrying through the 3rd tunnel configuration parameter of described session key to described network insertion point device;
Network insertion point device receives described ipsec tunnel and sets up request, therefrom resolves, decrypts the 3rd tunnel configuration parameter, and obtain the 4th tunnel configuration parameter from main website server; According to the 3rd tunnel configuration parameter and the 4th tunnel configuration parameter, generate ipsec tunnel configuring negotiation result and send to described main website server; And
Described L2TP Tunnel configuring negotiation result, described ipsec tunnel configuring negotiation result are sent to after described main website server, return to described adapted electric terminals the response message that tunnel is successfully established; And
Described according to described L2TP Tunnel configuring negotiation result, the communication data decrypting is carried out being sent to described main website server after L2TP encapsulation, specifically comprise:
Network insertion point device is according to described L2TP Tunnel configuring negotiation result, described ipsec tunnel configuring negotiation result, the communication data decrypting is carried out to L2TP encapsulation and IPSec encapsulation, and the L2TP/IPSec Packet Generation that encapsulation is generated is to main website server; And
Described main website server, according to described L2TP Tunnel configuring negotiation result, parses described communication data from the L2TP packet receiving, and specifically comprises:
Main website server, according to described L2TP Tunnel configuring negotiation result and described ipsec tunnel configuring negotiation result, parses described communication data from the L2TP/IPSec packet receiving.
Preferably, described network insertion point device receives described ipsec tunnel and sets up request, therefrom resolves, decrypts the 3rd tunnel configuration parameter, and obtain the 4th tunnel configuration parameter from main website server, specifically comprises:
Network insertion point device is set up request and is parsed after the 3rd tunnel configuration parameter of described session key from described ipsec tunnel, utilize described session key to decrypt the 3rd tunnel configuration parameter, and be sent to main website server after the 3rd tunnel configuration parameter decrypting is packaged in ipsec tunnel connection request;
Main website server parses the 3rd tunnel configuration parameter from described ipsec tunnel connection request, and sends to network insertion point device the ipsec tunnel connection response information that carries the four tunnel configuration parameter corresponding with described the 3rd tunnel configuration parameter;
Network insertion point device parses the 4th tunnel configuration parameter from described ipsec tunnel connection response information.
According to another aspect of the present invention, also provide a kind of adapted electrical communication system based on LTE network, having comprised: adapted electric terminals, network insertion point device, main website server; Wherein,
Described adapted electric terminals is for sending the session request that carries key agreement parameter to described network insertion point device; Receive session key from described network insertion point device, send the L2TP Tunnel foundation request carrying through the first tunnel configuration parameter of described session key to described network insertion point device; From described network insertion point device receives the response message that tunnel is successfully established, described network insertion point device will be sent to through the communication data of session key;
Network insertion point device is for from described adapted electric terminals receives described session request, and according to PKI, pre-stored private key and described key agreement parameter, session key generation also returns to described adapted electric terminals; Receive described L2TP Tunnel from described adapted electric terminals and set up request, therefrom resolve, decrypt the first tunnel configuration parameter, and obtain the second tunnel configuration parameter from described main website server; According to the first tunnel configuration parameter and the second tunnel configuration parameter, generate L2TP Tunnel configuring negotiation result and send to described main website server, and return to described adapted electric terminals the response message that tunnel is successfully established; Receive that described adapted electric terminals sends after the communication data of session key, utilize described session key to decrypt communication data, and according to described L2TP Tunnel configuring negotiation result, the communication data decrypting is carried out being sent to described main website server after L2TP encapsulation;
Main website server, for according to described L2TP Tunnel configuring negotiation result, parses described communication data from the L2TP packet receiving.
Preferably, described system also comprises: private key maker; And
Described PKI is specially the identification information of described network insertion point device; And
Described adapted electric terminals is specifically for being sent to network insertion point device by the session request carrying through the key agreement parameter of public key encryption; And
Described network insertion point device, specifically for from described adapted electric terminals receives described session request, is sent to described private key maker by the identification information of himself, and receives the private key corresponding with described identification information from described private key maker; From described session request, parse the key agreement parameter through public key encryption, and utilize and receive the private key corresponding with described identification information from described private key maker the described key agreement parameter through public key encryption is decrypted, obtain key agreement parameter; According to described PKI, described private key and described key agreement parameter, according to default Long Term Evolution LTE cryptographic algorithm, session key generation; And
Described private key maker is for receiving after the identification information of described network insertion point device transmission, from storing the private key storehouse of identification information of the each access point of LTE network, find out the private key corresponding with the identification information receiving, and the private key finding out is sent to described network insertion point device.
Preferably, described network insertion point device is set up request specifically for receive L2TP Tunnel from described adapted electric terminals, set up request and parse the first tunnel configuration parameter through described session key from described L2TP Tunnel, utilize described session key to decrypt the first tunnel configuration parameter, and be sent to main website server after the first tunnel configuration parameter decrypting is packaged in L2TP Tunnel connection request; From described main website server receives L2TP Tunnel connection response information, from described L2TP Tunnel connection response information, parse the second tunnel configuration parameter; And
Described main website server is specifically for receiving L2TP Tunnel connection request from described network insertion point device, from described L2TP Tunnel connection request, parse the first tunnel configuration parameter, and send to network insertion point device the L2TP Tunnel connection response information that carries the second tunnel configuration parameter corresponding with described the first tunnel configuration parameter.
Preferably, described adapted electric terminals is also for sending the ipsec tunnel foundation request carrying through the 3rd tunnel configuration parameter of described session key to described network insertion point device; And
Described network insertion point device is also set up after request for the described ipsec tunnel that receives described adapted electric terminals transmission, therefrom resolves, decrypts the 3rd tunnel configuration parameter, and obtain the 4th tunnel configuration parameter from main website server; According to the 3rd tunnel configuration parameter and the 4th tunnel configuration parameter, generate ipsec tunnel configuring negotiation result and send to described main website server; And described L2TP Tunnel configuring negotiation result, described ipsec tunnel configuring negotiation result are sent to after described main website server, return to described adapted electric terminals the response message that tunnel is successfully established; Utilize described session key to be decrypted the communication data through session key receiving from described adapted electric terminals; According to described L2TP Tunnel configuring negotiation result, described ipsec tunnel configuring negotiation result, the communication data decrypting is carried out to L2TP encapsulation and IPSec encapsulation, and the L2TP/IPSec Packet Generation that encapsulation is generated is to main website server; And
Main website server also, for according to described L2TP Tunnel configuring negotiation result and described ipsec tunnel configuring negotiation result, parses described communication data from the L2TP/IPSec packet receiving.
In the technical scheme of the embodiment of the present invention, between adapted electric terminals and network insertion point device, shared session key is set in advance, ensures the communication security between adapted electric terminals and network insertion point device; Simultaneously; between network insertion point device and main website server, L2TP Tunnel and ipsec tunnel are set; the communication data transmitting between network insertion point device and main website server is carried out to the double-encryption protection in transmission means and content, ensured the communication security between network insertion point device and main website server.Compare existing adapted electrical communication system, provided by the invention by the adapted electric terminals system communicating through session key, through the communication data transmission channel of L2TP Tunnel and ipsec tunnel protection, there is higher security reliability.
Brief description of the drawings
Fig. 1 is the structural representation of the adapted electrical communication system of the embodiment of the present invention;
Fig. 2 is the method flow schematic diagram of the shared session key of the embodiment of the present invention;
Fig. 3 is the method flow schematic diagram of setting up data transmission tunnel of the embodiment of the present invention;
Fig. 4 is the communication means schematic flow sheet of the adapted electrical communication system of the embodiment of the present invention.
Embodiment
For making object of the present invention, technical scheme and advantage clearer, referring to accompanying drawing and enumerate preferred embodiment, the present invention is described in more detail.But, it should be noted that, many details of listing in specification are only used to make reader to have a thorough understanding to one or more aspects of the present invention, even if do not have these specific details also can realize these aspects of the present invention.
The terms such as " module " used in this application, " system " are intended to comprise the entity relevant to computer, such as but not limited to hardware, firmware, combination thereof, software or executory software.For example, module can be, but be not limited in: thread, program and/or the computer of the process moved on processor, processor, object, executable program, execution.For instance, the application program of moving on computing equipment and this computing equipment can be modules.One or more modules can be positioned at an executory process and/or thread.
The present inventor finds, causes low being mainly of security reliability of existing adapted electrical communication system to lack certification and the encryption of the air interface to base station, wireless access network.Therefore, the present inventor considers, can between adapted electric terminals and main website, set up the access point base station of LTE network, by the certification to access point base station, to the certification transmission between adapted electric terminals and this access point base station, and pass through L2TP (Layer2Tunneling Protocol between access point base station and main website server, layer 2 tunneling protocol) tunnel configuration and IPSec (Internet Protocol Security, internet security agreement) tunnel configuration carries out double-deck encrypted transmission to transmission means and the content of communication data of transmission, improve the communication security reliability between adapted electric terminals and main website in adapted electrical communication system with this.
Describe technical scheme of the present invention in detail below in conjunction with accompanying drawing.
The embodiment of the present invention provides a kind of adapted electrical communication system based on LTE network, as shown in Figure 1, specifically can comprise: adapted electric terminals 101, network insertion point device 102, main website server 103.
Wherein, adapted electric terminals 101 can send the session request that carries key agreement parameter to network insertion point device 102; Network insertion point device 102 receives after session request, can be according to PKI, pre-stored private key and key agreement parameter, and session key generation, and the session key of generation is returned to adapted electric terminals 101.Particularly, adapted electric terminals 101 can be sent to network insertion point device 102 by the session request carrying through the key agreement parameter of public key encryption.Then, network insertion point device 102 can parse the key agreement parameter through public key encryption from session request, and utilize pre-stored private key to be decrypted the key agreement parameter through public key encryption receiving from adapted electric terminals 101, obtain key agreement parameter; And according to PKI, private key and key agreement parameter, according to default LTE cryptographic algorithm, session key generation is also sent to adapted electric terminals 101.Wherein, PKI is specially the identification information of network insertion point device 102; Private key in network insertion point device 102 is pre-stored, corresponding with the identification information of himself information.Like this, between adapted electric terminals 101 and network insertion point device 102, just complete key agreement, follow-up adapted electric terminals 101 can be encrypted the communication data of uploading in advance by shared session key, has ensured the fail safe of the transfer of data between adapted electric terminals 101 and network insertion point device 102.And, when completing key agreement between adapted electric terminals 101 and network insertion point device 102, also the certification just having completed between adapted electric terminals 101 and network insertion point device 102 is connected, and makes adapted electric terminals 101 to access LTE network by network insertion point device 102; Then by LTE network, communication data to be uploaded is sent to main website server 103.Wherein, LTE cryptographic algorithm specifically can be selected voluntarily from the polyalgorithm that LTE network system allows.
More preferably, in the adapted electrical communication system of the embodiment of the present invention, also comprise: private key maker 104.
Wherein, private key maker 104 is for storing the identification information of the each access point of LTE network and the private key corresponding with each identification information respectively.Particularly, network insertion point device 102, receiving after the session request that adapted electric terminals 101 sends, is sent to private key maker 104 by the identification information of himself.Like this, private key maker 104 can receive after the identification information that network insertion point device 102 sends, from storing the private key storehouse of identification information of the each access point of LTE network, find out the private key corresponding with the identification information receiving, and the private key finding out is sent to network insertion point device 102.
Further, adapted electric terminals 101, from network insertion point device 102 receives its session key returning, sends the L2TP Tunnel foundation request carrying through the first tunnel configuration parameter of session key to network insertion point device 102.Then, network insertion point device 102 can, receiving after L2TP Tunnel foundation request, therefrom resolve, decrypt the first tunnel configuration parameter, and obtain the second tunnel configuration parameter from main website server 103; According to the first tunnel configuration parameter and the second tunnel configuration parameter, generate L2TP Tunnel configuring negotiation result and send to main website server 103, and return to adapted electric terminals 101 response message that tunnel is successfully established.Particularly, network insertion point device 102 is set up after request receiving the L2TP Tunnel that adapted electric terminals 101 sends, and can set up request and parse the first tunnel configuration parameter through described session key from L2TP Tunnel; Utilize session key to decrypt the first tunnel configuration parameter, and be sent to main website server 103 after the first tunnel configuration parameter decrypting is packaged in L2TP Tunnel connection request.Main website server 103 receives after the L2TP Tunnel connection request that network insertion point device 102 sends, therefrom parse the first tunnel configuration parameter, and according to the first tunnel configuration parameter receiving, send to network insertion point device 102 the L2TP Tunnel connection response information that carries the second tunnel configuration parameter corresponding with the first tunnel configuration parameter.Network insertion point device 102 receives after the L2TP Tunnel connection response information that main website server 103 sends, and can therefrom parse the second tunnel configuration parameter; According to the first tunnel configuration parameter, the second tunnel configuration parameter, generate L2TP Tunnel configuring negotiation result; The L2TP Tunnel configuring negotiation result of generation is sent to after main website server 103, and returns to described adapted electric terminals the response message that tunnel is successfully established.Like this, just completing the L2TP Tunnel of setting up in LTE network between network insertion point device 102 and main website server 103 is connected.Wherein, the first and second tunnel configuration parameters, specifically for the parameter such as transmission bandwidth, transmission rate is limited, can control to the data transfer mode between adapted electric terminals 101 and network insertion point device 102 the L2TP Tunnel configuring negotiation result generating according to the first and second tunnel configuration parameters.For example, L2TP Tunnel configuring negotiation result can be set as to minimum value or maximum or the mean value for same parameters limit value in the first tunnel configuration parameter and the second tunnel configuration parameter.
Like this, follow-uply can the communication data receiving from adapted electric terminals 101 be uploaded to main website server 103 according to L2TP Tunnel configuring negotiation result by the L2TP Tunnel in LTE network.Particularly, the adapted electric terminals 101 in adapted electrical communication system, from network insertion point device 102 receives the response message that its tunnel returning is successfully established, can will be sent to network insertion point device 102 through the communication data of session key.Network insertion point device 102 can receive that adapted electric terminals 101 send after the communication data of session key, utilize session key to be decrypted the communication data through session key receiving from adapted electric terminals 101, decrypt communication data; According to L2TP Tunnel configuring negotiation result, the communication data decrypting is carried out to L2TP encapsulation, and the L2TP Packet Generation that encapsulation is generated is to main website server 103.Like this, main website server 103 can, according to L2TP Tunnel configuring negotiation result, be resolved the L2TP packet receiving, and therefrom parses the communication data that adapted electric terminals 101 is uploaded in advance.
Based on above-mentioned adapted electrical communication system, can find out, the adapted electrical communication system based on LTE network in the embodiment of the present invention is before communicating, need to realize in advance shared session key between adapted electric terminals and network insertion point device, its idiographic flow, as shown in Figure 2, can comprise the steps:
S201: adapted electric terminals sends the session request that carries key agreement parameter to network insertion point device.
Particularly, adapted electric terminals 101 in adapted electrical communication system is before accessing LTE network by network insertion point device 102, can be using the identification information of network insertion point device 102 as PKI, utilize public key encryption key agreement parameter, and the session request carrying through the key agreement parameter of public key encryption is sent to network insertion point device 102.Wherein, network insertion point device 102 is specially the access point of LTE network; PKI is specially the identification information of network insertion point device 102.
S202: network insertion point device receives after session request, and the identification information of himself is sent to private key maker.
Particularly, network insertion point device 102 in adapted electrical communication system is receiving carrying of being sent by the adapted electric terminals 101 in this system after the session request of the key agreement parameter of public key encryption, in order to decrypt the key agreement parameter in session request, the identification information of self can be sent to private key maker 104 to obtain private key.
S203: private key maker receives the identification information that network insertion point device sends, and from storing the private key storehouse of identification information of the each access point of LTE network, find out the private key corresponding with the identification information of network insertion point device and be sent to Network Access Point equipment.
Then, private key maker 104 in adapted electrical communication system can receive the identification information that network insertion point device sends, and from storing the private key storehouse of identification information of the each access point of LTE network, find out the private key corresponding with the identification information receiving from network insertion point device 102, and the private key finding out is sent to network insertion point device 102.Particularly, private key maker 104 compares the identification information of the each access point of LTE network in the identification information of reception and private key storehouse to search, from private key storehouse, find out the identification information identical with the identification information receiving, and the private key corresponding with this identification information is sent to network insertion point device 102.Wherein, private key maker 104, in advance for the each access point in LTE network, using the identification information of this access point as PKI, and is the corresponding private key of this public key setting.And private key maker 104 arranges the concrete methods of realizing of a pair of corresponding PKI and private key, can adopt technological means known in those skilled in the art, do not repeat them here.
In fact, if find the identification information identical with the identification information receiving from private key storehouse, show that the network insertion point device corresponding with this identification information is the access point of LTE network, that is to say, adapted electric terminals 101 can access LTE network by this network insertion point device 102.Correspondingly, if search from private key storehouse less than the identification information identical with the identification information receiving, show that network insertion point device is not the access point of LTE network, so, the network insertion point device of adapted electric terminals 101 access point that can select other, that belong to LTE network is realized the access of LTE network.
S204: network insertion point device parses the key agreement parameter through public key encryption from session request, and utilize private key to be decrypted the key agreement parameter through public key encryption, obtain key agreement parameter; According to PKI, private key and key agreement parameter, after session key generation, be sent to adapted electric terminals.
Particularly, the network insertion point device 102 in adapted electrical communication system can utilize the private key receiving from private key maker 104, and the key agreement parameter through public key encryption receiving from adapted electric terminals 101 is decrypted, and obtains key agreement parameter; And according to PKI (being the identification information of network insertion point device 102), private key and key agreement parameter, according to default LTE cryptographic algorithm, session key generation, and the session key of generation is sent to from adapted electric terminals 101.For example, the session key that network insertion point device 102 can utilize encrypted private key to produce, and the session key of encryption is sent to adapted electric terminals 101; Then, adapted electric terminals 101 can utilize PKI (being the identification information of network insertion point device 102) deciphering to obtain session key, realizes shared session key between adapted electric terminals 101 and network insertion point device 102.Like this, the data of the transmission between follow-up adapted electric terminals 101 and network insertion point device 102 can utilize this session key to be encrypted deciphering, ensure the communication security between adapted electric terminals 101 and network insertion point device 102.Wherein, LTE cryptographic algorithm specifically can be selected voluntarily from the algorithm that LTE network system allows.
Based on above-mentioned adapted electrical communication system, it can also be seen that, the adapted electrical communication system based on LTE network in the embodiment of the present invention is before communicating, also need to set up in advance the data transmission tunnel between network insertion point device and main website server, its idiographic flow, as shown in Figure 3, can comprise the steps:
S301: adapted electric terminals receives after session key, sends the L2TP Tunnel foundation request carrying through the first tunnel configuration parameter of session key to network insertion point device.
Particularly, in order, by network insertion point device 102, to set up the secured communication channel between main website server 103, adapted electric terminals 101 can carry out parameter restriction to data transmission tunnel to be set up between network insertion point device and main website server.Particularly, determining after session key shared between network insertion point device 102, the first tunnel configuration parameter that adapted electric terminals 101 can utilize session key to carry out parameter restriction to the data transmission tunnel for treating foundation is encrypted, and the L2TP Tunnel request of setting up carrying through the first tunnel configuration parameter of session key is sent to network insertion point device 102.
S302: network insertion point device is set up request and parsed after the first tunnel configuration parameter of session key from L2TP Tunnel, utilize session key to decrypt the first tunnel configuration parameter, and be sent to main website server after the first tunnel configuration parameter decrypting is packaged in L2TP Tunnel connection request.
Particularly, network insertion point device 102 receives the L2TP Tunnel that adapted electric terminals 101 sends and sets up after request, therefrom parse the first tunnel configuration parameter through session key, and utilize shared session key to decrypt the first tunnel configuration parameter, the the first tunnel configuration parameter decrypting is packaged in L2TP Tunnel connection request, and is sent to main website server 103.
S303: main website server parses the first tunnel configuration parameter from L2TP Tunnel connection request, and send the L2TP Tunnel connection response information that carries the second tunnel configuration parameter corresponding with described the first tunnel configuration parameter to network insertion point device.
Particularly, main website server 103 receives the L2TP Tunnel connection request that network insertion point device 102 sends, and therefrom parses the first tunnel configuration parameter; According to the first tunnel configuration parameter, determine the second tunnel configuration parameter corresponding with the first tunnel configuration parameter, and be sent to network insertion point device 102 after the second tunnel configuration parameter of determining is packaged in L2TP Tunnel connection response information.
S304: network insertion point device parses the second tunnel configuration parameter from L2TP Tunnel connection response information, and according to the first tunnel configuration parameter, the second tunnel configuration parameter, after generating L2TP Tunnel configuring negotiation result, be sent to main website server, and return to adapted electric terminals the response message that tunnel is successfully established.
Particularly, network insertion point device 102 receives after the L2TP Tunnel connection response information that main website server 103 sends, according to the first tunnel configuration parameter decrypting and the second tunnel configuration parameter of parsing from L2TP Tunnel connection response information, generate L2TP Tunnel configuring negotiation result, and the L2TP Tunnel configuring negotiation result of generation is sent to main website server 103.Like this, just having completed the L2TP Tunnel of setting up in LTE network between network insertion point device 102 and main website server 103 is connected, then, adapted electric terminals 101 can sequentially be accessed the Intranet of electric power system by network insertion point device 102, LTE network, main website server 103.Wherein, set up the concrete methods of realizing of L2TP Tunnel according to the first and second tunnel configuration parameters, L2TP Tunnel configuring negotiation result can be set as to minimum value or maximum or the mean value for same parameters limit value in the first tunnel configuration parameter and the second tunnel configuration parameter, also can adopt technological means known in those skilled in the art, be not described in detail in this.Like this, can, according to L2TP Tunnel configuring negotiation result to being encrypted transmission through the communication data of L2TP Tunnel transmission, ensure the security reliability of transmitting procedure.
In practical application, adapted electric terminals 101 in adapted electrical communication system will carry before the L2TP Tunnel request of setting up of the first tunnel configuration parameter of session key is sent to network insertion point device 102, can also, by network insertion point device 102, LTE network, will comprise that the user name of adapted electric terminals and the user authentication information of authentication password are sent to the certificate server that is arranged at electric power system main website.Then, certificate server authenticates the user authentication information receiving, if by certification, the server address of main website server 103 is passed through to LTE network, is back to network insertion point device 102.Like this, network insertion point device 102 can, according to the address receiving, be sent to the main website server 103 in adapted electrical communication system by the L2TP Tunnel connection request that carries the first tunnel configuration parameter.Then, main website server 103 responds the L2TP Tunnel connection request receiving.
The present inventor finds; L2TP Tunnel configuring negotiation result is a kind of tunnel transmission agreement in essence; transmission of messages mode between network insertion point device 102 and main website server 103 is defined to control, but the data of transmission are not encrypted to protection.
Therefore,, as a kind of more excellent execution mode, the present inventor considers to realize by other security protocols of collocation the encryption of transmission data.For example, network insertion point device 102 can be according to the 3rd tunnel configuration parameter being sent by adapted electric terminals 101 and the 4th tunnel configuration parameter being sent by main website server 103, generate ipsec tunnel configuring negotiation result, and the ipsec tunnel configuring negotiation result of generation is sent to main website server 103.Wherein, the 3rd tunnel configuration parameter specifically can comprise shared session key between username and password, adapted electric terminals 101 and the network insertion point device 102 of adapted electric terminals 101; The 4th tunnel configuration parameter specifically can comprise that the server address of main website server 103 and main website server 103 are internal address of distributing of adapted electric terminals 101 etc. according to the username and password of adapted electric terminals 101.Like this, by the ipsec tunnel configuring negotiation result generating according to the third and fourth tunnel configuration parameter, when can carrying out authentication to the adapted electric terminals 101 at ipsec tunnel two ends and main website server 103, can also be encrypted the data of transmission between the two, ensure the private ownership of transmission data, greatly improved the fail safe of transmission data.
Particularly, adapted electric terminals 101 receives after the session key that network insertion point device 102 returns, set up request except send the L2TP Tunnel carrying through the first tunnel configuration parameter of session key to network insertion point device 102, can also send the ipsec tunnel that carry through the 3rd tunnel configuration parameter of session key to network insertion point device 102 and set up request; Network insertion point device 102 receives the ipsec tunnel that adapted electric terminals 101 sends and sets up after request, therefrom resolve the 3rd tunnel configuration parameter through session key, and utilize session key to decrypt the 3rd tunnel configuration parameter, the 3rd tunnel configuration parameter decrypting is packaged in ipsec tunnel connection request, and ipsec tunnel connection request is sent to main website server 103.Then, main website server 103 receives after the ipsec tunnel connection request that network insertion point device 102 sends, can from ipsec tunnel connection request, parse the 3rd tunnel configuration parameter, determine the four tunnel configuration parameter corresponding with the 3rd tunnel configuration parameter; And send to network insertion point device 102 the ipsec tunnel connection response information that carries the 4th tunnel configuration parameter.Like this, network insertion point device 102 can receive the ipsec tunnel connection response information that main website server 103 sends, and from ipsec tunnel connection response information, parses the 4th tunnel configuration parameter; Then, can be according to the 3rd tunnel configuration parameter and the 4th tunnel configuration parameter, generate ipsec tunnel configuring negotiation result and send to main website server 103.
Like this, the L2TP Tunnel configuring negotiation result of generation and ipsec tunnel configuring negotiation result are all being sent to after main website server 103, network insertion point device 102 can return to the response message that tunnel is successfully established to adapted electric terminals 101.Then, adapted electric terminals 101 receives after the response message that tunnel is successfully established, and will be sent to network insertion point device 102 through the communication data of session key.Network insertion point device 102 utilizes session key to be decrypted the communication data through session key receiving from adapted electric terminals 101, decrypts communication data; And according to L2TP Tunnel configuring negotiation result, ipsec tunnel configuring negotiation result, the communication data decrypting is carried out to L2TP encapsulation and IPSec encapsulation, and the L2TP/IPSec Packet Generation that encapsulation is generated is to main website server 103.Like this, main website server 103 can, according to L2TP Tunnel configuring negotiation result and ipsec tunnel configuring negotiation result, parse described communication data from the L2TP/IPSec packet receiving.Like this, by L2TP Tunnel configuring negotiation result and ipsec tunnel configuring negotiation result, can realize the transmission means of also having controlled communication data when this communication data is encrypted, greatly strengthen the communication security between network insertion point device 102 and main website server 103.
Based on above-mentioned adapted electrical communication system, the session key pre-determining out, L2TP Tunnel configuring negotiation result and ipsec tunnel configuring negotiation result, the embodiment of the present invention also provides a kind of communication means of the adapted electrical communication system based on LTE network, its idiographic flow, as shown in Figure 4, can comprise the steps:
S401: adapted electric terminals sends the session request that carries key agreement parameter to network insertion point device.
Particularly, adapted electric terminals 101 can be sent to network insertion point device 102 by the session request carrying through the key agreement parameter of public key encryption.
S402: network insertion point device receives after session request, according to PKI, pre-stored private key and described key agreement parameter, session key generation returns to adapted electric terminals.
Particularly, network insertion point device 102 parses the key agreement parameter through public key encryption from session request, and utilizes pre-stored private key to be decrypted the key agreement parameter through public key encryption, obtains key agreement parameter; According to PKI, private key and key agreement parameter, according to default Long Term Evolution LTE cryptographic algorithm, after session key generation, be sent to adapted electric terminals 101.About the concrete methods of realizing of network insertion point device 102 session key generations, can be with reference to above-mentioned steps S201-S204.
S403: adapted electric terminals receives after session key, sends the L2TP Tunnel foundation request carrying through the first tunnel configuration parameter of session key to network insertion point device.
Particularly, adapted electric terminals 101 receives after the session key that network insertion point device 102 returns, and sends the L2TP Tunnel carrying through the first tunnel configuration parameter of session key set up request to network insertion point device 102.
More preferably, adapted electric terminals 101 can also send the ipsec tunnel foundation request carrying through the 3rd tunnel configuration parameter of session key to network insertion point device 102.
S404: network insertion point device receives L2TP Tunnel and sets up request, therefrom resolves, decrypts the first tunnel configuration parameter, and obtain the second tunnel configuration parameter from main website server; According to the first tunnel configuration parameter and the second tunnel configuration parameter, generate L2TP Tunnel configuring negotiation result and send to main website server, and return to adapted electric terminals the response message that tunnel is successfully established.
Particularly, network insertion point device 102 generates the concrete methods of realizing of L2TP Tunnel configuring negotiation result, can be with reference to above-mentioned steps S301-S304.
More preferably, network insertion point device 102 receives the ipsec tunnel foundation request that adapted electric terminals 101 sends, and therefrom resolves, decrypts the 3rd tunnel configuration parameter, and obtain the 4th tunnel configuration parameter from main website server; According to the 3rd tunnel configuration parameter and the 4th tunnel configuration parameter, generate ipsec tunnel configuring negotiation result and send to main website server; And L2TP Tunnel configuring negotiation result, ipsec tunnel configuring negotiation result are sent to after main website server 103, return to adapted electric terminals 101 response message that tunnel is successfully established.Generate the concrete methods of realizing of ipsec tunnel configuring negotiation result about network insertion point device, can be with reference to above-mentioned steps S301-S304.
S405: adapted electric terminals receives after the response message that tunnel is successfully established, and will be sent to network insertion point device through the communication data of session key.
Particularly, adapted electric terminals 101 in adapted electrical communication system, receiving after the response message that tunnel that network insertion point device 102 returns is successfully established, can will be sent to the network insertion point device 102 in adapted electrical communication system through the communication data of session key.Wherein, session key is session key shared between adapted electric terminals 101 and network insertion point device 102.
S406: Network Access Point equipment utilization session key decrypts communication data, and according to L2TP Tunnel configuring negotiation result, the communication data decrypting is carried out after L2TP encapsulation, the L2TP Packet Generation that encapsulation is generated is to main website server.
Particularly, network insertion point device 102 in adapted electrical communication system receive sent by adapted electric terminals 101 after the communication data of session key, utilize session key to decrypt communication data, and according to L2TP Tunnel configuring negotiation result, the communication data decrypting is carried out to L2TP encapsulation, generate L2TP packet, and by LTE network by the L2TP Packet Generation generating to main website server 103.
More preferably, between network insertion point device 102 and main website server except sharing L2TP Tunnel configuring negotiation result, all right share I PSec tunnel configuration negotiation result, therefore, network insertion point device 102 can also be according to L2TP Tunnel configuring negotiation result and ipsec tunnel configuring negotiation result, to utilizing the communication data that described session key decrypts to carry out L2TP encapsulation and IPSec encapsulation, generate L2TP/IPSec packet, and the L2TP/IPSec Packet Generation that encapsulation is generated is to main website server 103.
S407: main website server, according to L2TP Tunnel configuring negotiation result, parses communication data from the L2TP packet receiving.
Particularly, main website server 103 receives after the L2TP packet that network insertion point device 102 sends by LTE network, can be according to the L2TP Tunnel configuring negotiation result receiving from network insertion point device 102 in advance, the L2TP packet receiving is resolved, obtain the communication data that adapted electric terminals 101 is uploaded in advance.
More preferably, main website server 103 can also receive the L2TP/IPSec packet that network insertion point device 102 sends, according to L2TP Tunnel configuring negotiation result and ipsec tunnel configuring negotiation result, the L2TP/IPSec packet receiving is resolved, therefrom parse the communication data that adapted electric terminals 101 is uploaded
In technical scheme of the present invention, can between adapted electric terminals and network insertion point device, shared session key be set in advance, ensure the communication security between adapted electric terminals and network insertion point device; Then; between network insertion point device and main website server, L2TP Tunnel and ipsec tunnel are set; the communication data transmitting between network insertion point device and main website server is carried out to the double-encryption protection in transmission means and content, ensured the communication security between network insertion point device and main website server.Like this, provided by the inventionly compare existing adapted electrical communication system by the adapted electric terminals system communicating through session key, through the communication data transmission channel of L2TP Tunnel and ipsec tunnel protection, there is higher security reliability.
One of ordinary skill in the art will appreciate that all or part of step realizing in above-described embodiment method is can carry out the hardware that instruction is relevant by program to complete, this program can be stored in a computer read/write memory medium, as: ROM/RAM, magnetic disc, CD etc.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (10)
1. a communication means for the adapted electrical communication system based on LTE network, is characterized in that, comprising:
Adapted electric terminals sends the session request that carries key agreement parameter to network insertion point device;
Network insertion point device receives after described session request, and according to PKI, pre-stored private key and described key agreement parameter, session key generation returns to described adapted electric terminals;
Adapted electric terminals receives after described session key, sends the layer 2 tunneling protocol L2TP Tunnel foundation request carrying through the first tunnel configuration parameter of described session key to described network insertion point device;
Network insertion point device receives described L2TP Tunnel and sets up request, therefrom resolves, decrypts the first tunnel configuration parameter, and obtain the second tunnel configuration parameter from main website server; According to the first tunnel configuration parameter and the second tunnel configuration parameter, generate L2TP Tunnel configuring negotiation result and send to described main website server, and return to described adapted electric terminals the response message that tunnel is successfully established;
Adapted electric terminals receives after the response message that described tunnel is successfully established, and will be sent to network insertion point device through the communication data of session key;
Described in Network Access Point equipment utilization, session key decrypts communication data, and according to described L2TP Tunnel configuring negotiation result, the communication data decrypting is carried out being sent to described main website server after L2TP encapsulation;
Main website server, according to described L2TP Tunnel configuring negotiation result, parses described communication data from the L2TP packet receiving.
2. the method for claim 1, is characterized in that, described adapted electric terminals sends the session request that carries key agreement parameter to network insertion point device, specifically comprise:
The session request carrying through the key agreement parameter of public key encryption is sent to network insertion point device by adapted electric terminals; And
Described network insertion point device receives after described session request, and according to PKI, pre-stored private key and described key agreement parameter, session key generation, specifically comprises:
Network insertion point device parses the key agreement parameter through public key encryption from described session request, and utilizes pre-stored private key to be decrypted the described key agreement parameter through public key encryption, obtains key agreement parameter; According to described PKI, described private key and described key agreement parameter, according to default Long Term Evolution LTE cryptographic algorithm, session key generation.
3. the method for claim 1, is characterized in that, described PKI is specially the identification information of described network insertion point device; And
,, before session key generation, also comprise according to PKI, pre-stored private key and described key agreement parameter described:
Network insertion point device receives after described session request, and the identification information of himself is sent to private key maker;
Private key maker receives the identification information that network insertion point device sends, and from storing the private key storehouse of identification information of the each access point of LTE network, find out the private key corresponding with the identification information receiving, and the private key finding out is sent to network insertion point device.
4. the method for claim 1, is characterized in that, described network insertion point device receives described L2TP Tunnel and sets up request, therefrom resolves, decrypts the first tunnel configuration parameter, and obtain the second tunnel configuration parameter from main website server, specifically comprises:
Network insertion point device is set up request and is parsed after the first tunnel configuration parameter of described session key from described L2TP Tunnel, utilize described session key to decrypt the first tunnel configuration parameter, and be sent to main website server after the first tunnel configuration parameter decrypting is packaged in L2TP Tunnel connection request;
Main website server parses the first tunnel configuration parameter from described L2TP Tunnel connection request, and sends to network insertion point device the L2TP Tunnel connection response information that carries the second tunnel configuration parameter corresponding with described the first tunnel configuration parameter;
Network insertion point device parses the second tunnel configuration parameter from described L2TP Tunnel connection response information.
5. the method for claim 1, is characterized in that, described adapted electric terminals receives after described session key, described return to the response message that tunnel is successfully established to described adapted electric terminals before, also comprise:
Adapted electric terminals sends the internet security agreement ipsec tunnel foundation request carrying through the 3rd tunnel configuration parameter of described session key to described network insertion point device;
Network insertion point device receives described ipsec tunnel and sets up request, therefrom resolves, decrypts the 3rd tunnel configuration parameter, and obtain the 4th tunnel configuration parameter from main website server; According to the 3rd tunnel configuration parameter and the 4th tunnel configuration parameter, generate ipsec tunnel configuring negotiation result and send to described main website server; And
Described L2TP Tunnel configuring negotiation result, described ipsec tunnel configuring negotiation result are sent to after described main website server, return to described adapted electric terminals the response message that tunnel is successfully established; And
Described according to described L2TP Tunnel configuring negotiation result, the communication data decrypting is carried out being sent to described main website server after L2TP encapsulation, specifically comprise:
Network insertion point device is according to described L2TP Tunnel configuring negotiation result, described ipsec tunnel configuring negotiation result, the communication data decrypting is carried out to L2TP encapsulation and IPSec encapsulation, and the L2TP/IPSec Packet Generation that encapsulation is generated is to main website server; And
Described main website server, according to described L2TP Tunnel configuring negotiation result, parses described communication data from the L2TP packet receiving, and specifically comprises:
Main website server, according to described L2TP Tunnel configuring negotiation result and described ipsec tunnel configuring negotiation result, parses described communication data from the L2TP/IPSec packet receiving.
6. method as claimed in claim 5, is characterized in that, described network insertion point device receives described ipsec tunnel and sets up request, therefrom resolves, decrypts the 3rd tunnel configuration parameter, and obtain the 4th tunnel configuration parameter from main website server, specifically comprises:
Network insertion point device is set up request and is parsed after the 3rd tunnel configuration parameter of described session key from described ipsec tunnel, utilize described session key to decrypt the 3rd tunnel configuration parameter, and be sent to main website server after the 3rd tunnel configuration parameter decrypting is packaged in ipsec tunnel connection request;
Main website server parses the 3rd tunnel configuration parameter from described ipsec tunnel connection request, and sends to network insertion point device the ipsec tunnel connection response information that carries the four tunnel configuration parameter corresponding with described the 3rd tunnel configuration parameter;
Network insertion point device parses the 4th tunnel configuration parameter from described ipsec tunnel connection response information.
7. the adapted electrical communication system based on LTE network, is characterized in that, comprising: adapted electric terminals, network insertion point device, main website server; Wherein,
Described adapted electric terminals is for sending the session request that carries key agreement parameter to described network insertion point device; Receive session key from described network insertion point device, send the L2TP Tunnel foundation request carrying through the first tunnel configuration parameter of described session key to described network insertion point device; From described network insertion point device receives the response message that tunnel is successfully established, described network insertion point device will be sent to through the communication data of session key;
Network insertion point device is for from described adapted electric terminals receives described session request, and according to PKI, pre-stored private key and described key agreement parameter, session key generation also returns to described adapted electric terminals; Receive described L2TP Tunnel from described adapted electric terminals and set up request, therefrom resolve, decrypt the first tunnel configuration parameter, and obtain the second tunnel configuration parameter from described main website server; According to the first tunnel configuration parameter and the second tunnel configuration parameter, generate L2TP Tunnel configuring negotiation result and send to described main website server, and return to described adapted electric terminals the response message that tunnel is successfully established; Receive that described adapted electric terminals sends after the communication data of session key, utilize described session key to decrypt communication data, and according to described L2TP Tunnel configuring negotiation result, the communication data decrypting is carried out being sent to described main website server after L2TP encapsulation;
Main website server, for according to described L2TP Tunnel configuring negotiation result, parses described communication data from the L2TP packet receiving.
8. system as claimed in claim 7, is characterized in that, described system also comprises: private key maker; And
Described PKI is specially the identification information of described network insertion point device; And
Described adapted electric terminals is specifically for being sent to network insertion point device by the session request carrying through the key agreement parameter of public key encryption; And
Described network insertion point device, specifically for from described adapted electric terminals receives described session request, is sent to described private key maker by the identification information of himself, and receives the private key corresponding with described identification information from described private key maker; From described session request, parse the key agreement parameter through public key encryption, and utilize and receive the private key corresponding with described identification information from described private key maker the described key agreement parameter through public key encryption is decrypted, obtain key agreement parameter; According to described PKI, described private key and described key agreement parameter, according to default Long Term Evolution LTE cryptographic algorithm, session key generation; And
Described private key maker is for receiving after the identification information of described network insertion point device transmission, from storing the private key storehouse of identification information of the each access point of LTE network, find out the private key corresponding with the identification information receiving, and the private key finding out is sent to described network insertion point device.
9. system as claimed in claim 7, it is characterized in that, described network insertion point device is set up request specifically for receive L2TP Tunnel from described adapted electric terminals, set up request and parse the first tunnel configuration parameter through described session key from described L2TP Tunnel, utilize described session key to decrypt the first tunnel configuration parameter, and be sent to main website server after the first tunnel configuration parameter decrypting is packaged in L2TP Tunnel connection request; From described main website server receives L2TP Tunnel connection response information, from described L2TP Tunnel connection response information, parse the second tunnel configuration parameter; And
Described main website server is specifically for receiving L2TP Tunnel connection request from described network insertion point device, from described L2TP Tunnel connection request, parse the first tunnel configuration parameter, and send to network insertion point device the L2TP Tunnel connection response information that carries the second tunnel configuration parameter corresponding with described the first tunnel configuration parameter.
10. system as claimed in claim 7, is characterized in that, described adapted electric terminals is also for sending the ipsec tunnel foundation request carrying through the 3rd tunnel configuration parameter of described session key to described network insertion point device; And
Described network insertion point device is also set up after request for the described ipsec tunnel that receives described adapted electric terminals transmission, therefrom resolves, decrypts the 3rd tunnel configuration parameter, and obtain the 4th tunnel configuration parameter from main website server; According to the 3rd tunnel configuration parameter and the 4th tunnel configuration parameter, generate ipsec tunnel configuring negotiation result and send to described main website server; And described L2TP Tunnel configuring negotiation result, described ipsec tunnel configuring negotiation result are sent to after described main website server, return to described adapted electric terminals the response message that tunnel is successfully established; Utilize described session key to be decrypted the communication data through session key receiving from described adapted electric terminals; According to described L2TP Tunnel configuring negotiation result, described ipsec tunnel configuring negotiation result, the communication data decrypting is carried out to L2TP encapsulation and IPSec encapsulation, and the L2TP/IPSec Packet Generation that encapsulation is generated is to main website server; And
Main website server also, for according to described L2TP Tunnel configuring negotiation result and described ipsec tunnel configuring negotiation result, parses described communication data from the L2TP/IPSec packet receiving.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410220554.2A CN104038931B (en) | 2014-05-23 | 2014-05-23 | Adapted electrical communication system and its communication means based on LTE network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410220554.2A CN104038931B (en) | 2014-05-23 | 2014-05-23 | Adapted electrical communication system and its communication means based on LTE network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104038931A true CN104038931A (en) | 2014-09-10 |
| CN104038931B CN104038931B (en) | 2017-09-12 |
Family
ID=51469489
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410220554.2A Active CN104038931B (en) | 2014-05-23 | 2014-05-23 | Adapted electrical communication system and its communication means based on LTE network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104038931B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106385676A (en) * | 2016-08-31 | 2017-02-08 | 国网河南省电力公司开封供电公司 | Safety encryption electric power wireless communication system |
| CN108810023A (en) * | 2018-07-19 | 2018-11-13 | 北京智芯微电子科技有限公司 | Safe encryption method, key sharing method and safety encryption isolation gateway |
| CN108900540A (en) * | 2018-08-10 | 2018-11-27 | 南方电网科学研究院有限责任公司 | A kind of business data processing method of the distribution terminal based on double-encryption |
| CN114531225A (en) * | 2020-11-02 | 2022-05-24 | 深圳Tcl新技术有限公司 | End-to-end communication encryption method, device, storage medium and terminal equipment |
| CN115052050A (en) * | 2022-04-26 | 2022-09-13 | 深圳市云伽智能技术有限公司 | Session negotiation method, device and controller based on ICAP |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101983517A (en) * | 2008-04-02 | 2011-03-02 | 诺基亚西门子通信公司 | Security for a non-3gpp access to an evolved packet system |
| US20120102315A1 (en) * | 2010-10-25 | 2012-04-26 | Nokia Corporation | Verification of peer-to-peer multimedia content |
| CN103269326A (en) * | 2012-12-22 | 2013-08-28 | 潘铁军 | Safety equipment, multi-application system and safety method for ubiquitous networks |
-
2014
- 2014-05-23 CN CN201410220554.2A patent/CN104038931B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101983517A (en) * | 2008-04-02 | 2011-03-02 | 诺基亚西门子通信公司 | Security for a non-3gpp access to an evolved packet system |
| US20120102315A1 (en) * | 2010-10-25 | 2012-04-26 | Nokia Corporation | Verification of peer-to-peer multimedia content |
| CN103269326A (en) * | 2012-12-22 | 2013-08-28 | 潘铁军 | Safety equipment, multi-application system and safety method for ubiquitous networks |
Non-Patent Citations (1)
| Title |
|---|
| 徐显秋: "配电网信息采集系统数据通路复用及安全加密的研究", 《重庆科技学院学报》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106385676A (en) * | 2016-08-31 | 2017-02-08 | 国网河南省电力公司开封供电公司 | Safety encryption electric power wireless communication system |
| CN108810023A (en) * | 2018-07-19 | 2018-11-13 | 北京智芯微电子科技有限公司 | Safe encryption method, key sharing method and safety encryption isolation gateway |
| CN108900540A (en) * | 2018-08-10 | 2018-11-27 | 南方电网科学研究院有限责任公司 | A kind of business data processing method of the distribution terminal based on double-encryption |
| CN108900540B (en) * | 2018-08-10 | 2021-09-03 | 南方电网科学研究院有限责任公司 | Service data processing method of power distribution terminal based on double encryption |
| CN114531225A (en) * | 2020-11-02 | 2022-05-24 | 深圳Tcl新技术有限公司 | End-to-end communication encryption method, device, storage medium and terminal equipment |
| CN115052050A (en) * | 2022-04-26 | 2022-09-13 | 深圳市云伽智能技术有限公司 | Session negotiation method, device and controller based on ICAP |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104038931B (en) | 2017-09-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105723648B (en) | A kind of cipher key configuration mthods, systems and devices | |
| US8639929B2 (en) | Method, device and system for authenticating gateway, node and server | |
| US11864263B2 (en) | Wireless connection establishing methods and wireless connection establishing apparatuses | |
| CN105684344B (en) | A kind of cipher key configuration method and apparatus | |
| CN109923830A (en) | System and method for configuring wireless network access device | |
| US11736304B2 (en) | Secure authentication of remote equipment | |
| CN105635062B (en) | The verification method and device of network access equipment | |
| WO2016114842A1 (en) | End-to-end service layer authentication | |
| CN103685323A (en) | Method for realizing intelligent home security networking based on intelligent cloud television gateway | |
| CN102547701A (en) | Authentication method and wireless access point as well as authentication server | |
| WO2012125758A1 (en) | Hybrid networking master passphrase | |
| CN107005927A (en) | Cut-in method, equipment and the system of user equipment (UE) | |
| CN104619040A (en) | Method and system for quickly connecting WIFI equipment | |
| CN104038931A (en) | LTE (Long Term Evolution) network based power distribution and utilization communication system and communication method thereof | |
| CN102685749A (en) | Wireless safety authentication method orienting to mobile terminal | |
| CN103780609A (en) | Cloud data processing method and device and cloud data security gateway | |
| CN105577365A (en) | Key consultation method and device for user' access to WLAN | |
| CN101789068A (en) | Card reader safety certification device and method | |
| CN104168565A (en) | Method for controlling safe communication of intelligent terminal under undependable wireless network environment | |
| US9356931B2 (en) | Methods and apparatuses for secure end to end communication | |
| CN104735037A (en) | Network authentication method, device and system | |
| CN101827106A (en) | DHCP safety communication method, device and system | |
| CN103973543A (en) | Method and device for instant messaging | |
| CN110866999A (en) | Control method and device for intelligent door lock and storage medium | |
| CN103763697A (en) | Wireless access point multi-secret key support system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |