CN104038931B - Adapted electrical communication system and its communication means based on LTE network - Google Patents

Adapted electrical communication system and its communication means based on LTE network Download PDF

Info

Publication number
CN104038931B
CN104038931B CN201410220554.2A CN201410220554A CN104038931B CN 104038931 B CN104038931 B CN 104038931B CN 201410220554 A CN201410220554 A CN 201410220554A CN 104038931 B CN104038931 B CN 104038931B
Authority
CN
China
Prior art keywords
tunnel
access point
network access
l2tp
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410220554.2A
Other languages
Chinese (zh)
Other versions
CN104038931A (en
Inventor
李信
李慕峰
毛先
毛一先
李朝峰
于然
邢宁哲
马跃
化存卿
吴新玲
吴越
聂正璞
芦博
田宇
纪雨彤
赵阳
吴文昭
韩子铮
江然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Jiaotong University
State Grid Corp of China SGCC
Beijing Guodiantong Network Technology Co Ltd
Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd
Original Assignee
Shanghai Jiaotong University
State Grid Corp of China SGCC
Beijing Guodiantong Network Technology Co Ltd
Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Jiaotong University, State Grid Corp of China SGCC, Beijing Guodiantong Network Technology Co Ltd, Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd filed Critical Shanghai Jiaotong University
Priority to CN201410220554.2A priority Critical patent/CN104038931B/en
Publication of CN104038931A publication Critical patent/CN104038931A/en
Application granted granted Critical
Publication of CN104038931B publication Critical patent/CN104038931B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a kind of adapted electrical communication system based on LTE network and its communication means, this method includes:The communication data through session key is sent to network access point device with electric terminal;Network access point device decrypts communication data using session key, and according to L2TP Tunnel configuring negotiation result, carries out L2TP encapsulation to the communication data decrypted, and the L2TP packets for encapsulating generation are sent to main website server;Main website server parses communication data according to L2TP Tunnel configuring negotiation result from the L2TP packets of reception.Wherein, session key is to be generated by network access point device according to public key, private key and key agreement parameter;L2TP Tunnel configuring negotiation result be by network access point device according to respectively by sent respectively with electric terminal and main website server first and the 3rd tunnel configuration parameter generate.Using the present invention, the security reliability of adapted electrical communication system can be improved.

Description

Adapted electrical communication system and its communication means based on LTE network
Technical field
The present invention relates to intelligent power grid technology field, more particularly to a kind of adapted electrical communication system based on LTE network and Its communication means.
Background technology
Intelligent grid is as the direction of following power network development, and it is built upon the base of integrated high-speed bidirectional communication network The reliable of power network, safety, economy, target efficient, environment-friendly and using safety are realized on plinth.In practical application, intelligence electricity Mainly include distribution business and intelligent power service system in net, may be collectively referred to as the adapted electric industry business of intelligent grid.Wherein, match somebody with somebody Electric industry business relates generally to main website in power system to distribution such as the transformer station in power system, on-pole switch, distribution transformers Terminal is monitored and controlled in real time;And the main business of intelligent power service system is main website in power system to power train The electric terminal positioned at user side in system carries out service data acquisition, monitoring and issued;Distribution terminal can unite with electric terminal Referred to as match somebody with somebody electric terminal, with the two-way communication between electric terminal and main website, real-time and secure safety to communication have Very high requirement.
It is existing can be by the cable network formation adapted own with power system is disposed between electric terminal and main website Electrical communication system, to realize with the two-way communication between electric terminal and main website.However, because electric terminal is with low pressure electric wire Road trend is distributed in whole distribution network, and number of nodes is much larger than distribution terminal nodes, but also has that node is scattered, portion Partial node is difficult to the situation for disposing cable network, causes above-mentioned adapted electrical communication system to there is network construction cost height, network and builds If the high deficiency of complexity.
In order to reduce network construction cost and complexity, the existing one kind that also proposed is by introducing the own net of non-electrical Force system The adapted electrical communication system of network, it mainly includes:With electric terminal, wireless access network base station and main website;Wherein, wirelessly connect Networking base station is primarily referred to as 2G (the second-generation wireless telephone technology, the second generation Mobile communication technology), 3G (the3rd generation elecommunication, third generation mobile communications technology), LTE The base station of wireless access networks such as (long term evolution, Long Term Evolution).In practical application, above-mentioned adapted telecommunication system The communication process of system mainly includes:Set up after being connected, wirelessly connect by base station access with electric terminal and wireless access network base station Network, and with main website set up be connected, and then, can by base station, wireless access network realization and main website between data communication.So And, there is the safety problem of wireless access network in above-mentioned communication process, for example, the key algorithm of 2G networks is easily cracked, cause Communication may be ravesdropping;3G network is due to lacking the certification to base station, the base station deception that may be forged;And though LTE has bilayer Encryption system, you can to carry out double layer encryption to the host-host protocol between base station, base station and main website, still, it is to Non-Access Stratum Base station encryption it is optional, may not enable in practice, cause easily to be invaded with electric terminal and wireless access network is common Same unsteady state operation attack is threatened.That is, the existing adapted electrical communication system for having network by oneself by introducing non-electrical Force system The many risk of security facing, reliability it is low.
In summary, existing adapted electrical communication system has that network construction cost is high, complexity is high and security is low Deng deficiency, therefore, it is necessary to provide a kind of two-way communication matched somebody with somebody between electric terminal and main website that can be improved in power system Security reliability adapted electrical communication system.
The content of the invention
The embodiments of the invention provide a kind of adapted electrical communication system based on LTE network and its communication means, to carry The security reliability of high adapted electrical communication system.
According to an aspect of the invention, there is provided a kind of communication means of the adapted electrical communication system based on LTE network, Including:
The session request for carrying key agreement parameter is sent to network access point device with electric terminal;
Network access point device is received after the session request, according to public key, the private key prestored and described close Key consults parameter, and generation session key is returned to described with electric terminal;
Received with electric terminal after the session key, send and carried through the meeting to the network access point device The layer 2 tunneling protocol L2TP Tunnel for talking about the first tunnel configuration parameter of key encryption sets up request;
Network access point device receives the L2TP Tunnel and sets up request, therefrom parses, decrypts the first tunnel configuration Parameter, and obtain the second tunnel configuration parameter from main website server;According to the first tunnel configuration parameter and the second tunnel configuration Parameter, generation L2TP Tunnel configuring negotiation result is sent to the main website server, and to described with electric terminal return tunnel The response message being successfully established;
Received with electric terminal after the successful response message of the tunnel building, by the communication number through session key According to transmission to network access point device;
Network access point device decrypts communication data using the session key, and configures association according to the L2TP Tunnel Business's result, sends to the main website server after carrying out L2TP encapsulation to the communication data decrypted;
Main website server is parsed described according to the L2TP Tunnel configuring negotiation result from the L2TP packets of reception Communication data.
It is preferred that the session for carrying key agreement parameter to network access point device transmission with electric terminal please Ask, specifically include:
The session request for carrying the key agreement parameter through public key encryption is sent to Network Access Point with electric terminal Equipment;And
The network access point device is received after the session request, according to public key, the private key prestored and institute Key agreement parameter is stated, session key is generated, specifically includes:
Network access point device parses the key agreement parameter through public key encryption from the session request, and using in advance The key agreement parameter through public key encryption is decrypted the private key first stored, obtains key agreement parameter;According to described Public key, the private key and the key agreement parameter, according to default Long Term Evolution LTE AESs, generate session key.
It is preferred that the public key is specially the identification information of the network access point device;And
Described according to public key, the private key prestored and the key agreement parameter, generate before session key, go back Including:
Network access point device is received after the session request, and the identification information of its own is sent to private key and generated Device;
Private key generator receives the identification information that network access point device is sent, and from each access point of the LTE network that is stored with Identification information private key storehouse in, find out the corresponding private key of identification information with receiving, and the private key found out is sent To network access point device.
It is preferred that the network access point device, which receives the L2TP Tunnel, sets up request, therefrom parse, decrypt the One tunnel configuration parameter, and the second tunnel configuration parameter is obtained from main website server, specifically include:
Network access point device sets up in request first parsed through the session key from the L2TP Tunnel After tunnel configuration parameter, the first tunnel configuration parameter is decrypted using the session key, and the first tunnel decrypted is matched somebody with somebody Put and sent after parameter is packaged in L2TP Tunnel connection request to main website server;
Main website server parses the first tunnel configuration parameter from the L2TP Tunnel connection request, and to network insertion Point device sends the L2TP Tunnel connection for carrying the second tunnel configuration parameter corresponding with the first tunnel configuration parameter Response message;
Network access point device parses the second tunnel configuration parameter from the L2TP Tunnel connection response information.
It is preferred that described receive after the session key with electric terminal, returned described to described with electric terminal Before the successful response message of tunnel building, in addition to:
Sent with electric terminal to the network access point device and carry the 3rd tunnel through the session key The internet security protocol IP Sec tunnel buildings request of configuration parameter;
Network access point device receives the ipsec tunnel and sets up request, therefrom parses, decrypts the 3rd tunnel configuration Parameter, and obtain the 4th tunnel configuration parameter from main website server;According to the 3rd tunnel configuration parameter and the 4th tunnel configuration Parameter, generation ipsec tunnel configuring negotiation result is sent to the main website server;And
Sent by the L2TP Tunnel configuring negotiation result, the ipsec tunnel configuring negotiation result to the main website After server, to described with the electric terminal return successful response message of tunnel building;And
It is described according to the L2TP Tunnel configuring negotiation result, the communication data decrypted is carried out to send after L2TP encapsulation To the main website server, specifically include:
Network access point device according to the L2TP Tunnel configuring negotiation result, the ipsec tunnel configuring negotiation result, L2TP encapsulation and IPSec encapsulation are carried out to the communication data decrypted, and the L2TP/IPSec packets for encapsulating generation are sent out Deliver to main website server;And
The main website server is parsed according to the L2TP Tunnel configuring negotiation result from the L2TP packets of reception The communication data, is specifically included:
Main website server according to the L2TP Tunnel configuring negotiation result and the ipsec tunnel configuring negotiation result, from The communication data is parsed in the L2TP/IPSec packets of reception.
It is preferred that the network access point device, which receives the ipsec tunnel, sets up request, therefrom parse, decrypt 3rd tunnel configuration parameter, and the 4th tunnel configuration parameter is obtained from main website server, specifically include:
Network access point device sets up in request the 3rd parsed through the session key from the ipsec tunnel After tunnel configuration parameter, the 3rd tunnel configuration parameter is decrypted using the session key, and the 3rd tunnel decrypted is matched somebody with somebody Put and sent after parameter is packaged in ipsec tunnel connection request to main website server;
Main website server parses the 3rd tunnel configuration parameter from the ipsec tunnel connection request, and is connect to network Enter point device and send the ipsec tunnel company for carrying the fourth tunnel configuration parameter corresponding with the 3rd tunnel configuration parameter Connect response message;
Network access point device parses the 4th tunnel configuration parameter from the ipsec tunnel connection response information.
According to another aspect of the present invention, a kind of adapted electrical communication system based on LTE network is additionally provided, including: With electric terminal, network access point device, main website server;Wherein,
It is described to be used to ask to the session that network access point device transmission carries key agreement parameter with electric terminal Ask;Received from the network access point device after session key, send and carried through described to the network access point device The L2TP Tunnel of first tunnel configuration parameter of session key sets up request;Tunnel is received from the network access point device After the response message that road is successfully established, the communication data through session key is sent to the network access point device;
Network access point device is used to receive after the session request with electric terminal from described, according to public key, in advance The private key of storage and the key agreement parameter, generate session key and are returned to described with electric terminal;From the adapted Electric terminals receive the L2TP Tunnel and set up request, therefrom parse, decrypt the first tunnel configuration parameter, and from the main website Server obtains the second tunnel configuration parameter;According to the first tunnel configuration parameter and the second tunnel configuration parameter, L2TP is generated Tunnel configuration negotiation result is sent to the main website server, and is successfully responded with electric terminal return tunnel building to described Information;After receiving the communication data through session key sent with electric terminal, the session key solution is utilized It is close go out communication data, and according to the L2TP Tunnel configuring negotiation result, the communication data decrypted is carried out after L2TP encapsulation Send to the main website server;
Main website server is used for according to the L2TP Tunnel configuring negotiation result, is parsed from the L2TP packets of reception The communication data.
It is preferred that the system also includes:Private key generator;And
The public key is specially the identification information of the network access point device;And
The electric terminal of matching somebody with somebody is specifically for the session request for carrying the key agreement parameter through public key encryption is sent To network access point device;And
The network access point device specifically for from it is described receive the session request with electric terminal after, by it The identification information of itself is sent to the private key generator, and receives corresponding with the identification information from the private key generator Private key;The key agreement parameter through public key encryption is parsed from the session request, and is utilized from the private key generator Receive the private key corresponding with the identification information key agreement parameter through public key encryption is decrypted, obtain key Consult parameter;According to the public key, the private key and the key agreement parameter, encrypted according to default Long Term Evolution LTE Algorithm, generates session key;And
The private key generator is used for after the identification information that the network access point device is sent is received, from being stored with In the private key storehouse of the identification information of each access point of LTE network, the private key corresponding with the identification information received is found out, and will look into The private key found out is sent to the network access point device.
It is preferred that the network access point device specifically for from it is described with electric terminal receive L2TP Tunnel set up please After asking, set up from the L2TP Tunnel in request and parse the first tunnel configuration parameter through the session key, utilized The session key decrypts the first tunnel configuration parameter, and the first tunnel configuration parameter decrypted is packaged in into L2TP Tunnel Sent after in connection request to main website server;Received from the main website server after L2TP Tunnel connection response information, from The second tunnel configuration parameter is parsed in the L2TP Tunnel connection response information;And
The main website server specifically for being received from the network access point device after L2TP Tunnel connection request, from The first tunnel configuration parameter is parsed in the L2TP Tunnel connection request, and is carried and institute to network access point device transmission State the L2TP Tunnel connection response information of the second corresponding tunnel configuration parameter of the first tunnel configuration parameter.
It is preferred that it is described with electric terminal be additionally operable to the network access point device send carry it is close through the session The ipsec tunnel of 3rd tunnel configuration parameter of key encryption sets up request;And
The network access point device is additionally operable to receive described set up with the ipsec tunnel that electric terminal is sent please After asking, therefrom parse, decrypt the 3rd tunnel configuration parameter, and the 4th tunnel configuration parameter is obtained from main website server;According to 3rd tunnel configuration parameter and the 4th tunnel configuration parameter, generate ipsec tunnel configuring negotiation result to the main website service Device is sent;And sent by the L2TP Tunnel configuring negotiation result, the ipsec tunnel configuring negotiation result to the main website After server, to described with the electric terminal return successful response message of tunnel building;Using the session key to from described The communication data through session key received with electric terminal is decrypted;According to the L2TP Tunnel configuring negotiation knot Really, the ipsec tunnel configuring negotiation result, carries out L2TP encapsulation to the communication data decrypted and IPSec is encapsulated, and will The L2TP/IPSec packets of encapsulation generation are sent to main website server;And
Main website server is additionally operable to according to the L2TP Tunnel configuring negotiation result and the ipsec tunnel configuring negotiation knot Really, the communication data is parsed from the L2TP/IPSec packets of reception.
In the technical scheme of the embodiment of the present invention, in advance shared with setting between electric terminal and network access point device Session key, it is ensured that with the communication security between electric terminal and network access point device;Meanwhile, in network access point device L2TP Tunnel and ipsec tunnel are set between main website server, to being transmitted between network access point device and main website server Communication data be transmitted in mode and content double-encryption protection, it is ensured that network access point device and main website server Between communication security.Compared to existing adapted electrical communication system, the present invention provide by through session key, through L2TP What tunnel and the communication data transfer passage of ipsec tunnel protection were communicated matches somebody with somebody electric terminal system, with higher safety Reliability.
Brief description of the drawings
Fig. 1 is the structural representation of the adapted electrical communication system of the embodiment of the present invention;
Fig. 2 is the method flow schematic diagram of the shared session key of the embodiment of the present invention;
Fig. 3 is the method flow schematic diagram for setting up data transmission tunnel of the embodiment of the present invention;
Fig. 4 is the communication means schematic flow sheet of the adapted electrical communication system of the embodiment of the present invention.
Embodiment
For the objects, technical solutions and advantages of the present invention are more clearly understood, referring to the drawings and preferred reality is enumerated Example is applied, the present invention is described in more detail.However, it is necessary to which many details listed in explanation, specification are only to be Reader is set to have a thorough explanation to the one or more aspects of the present invention, even without these specific details can also Realize the aspects of the invention.
The term such as " module " used in this application, " system " is intended to include the entity related to computer, for example but does not limit In hardware, firmware, combination thereof, software or executory software.For example, module can be, it is not limited to:Processing The process run on device, processor, object, executable program, thread, program and/or the computer performed.For example, count It can be module to calculate the application program run in equipment and this computing device.One or more modules can be located at executory In one process and/or thread.
It was found by the inventors of the present invention that causing low the essentially consisting in of security reliability of existing adapted electrical communication system to lack To base station, the certification and encryption of the air interface of wireless access network.Therefore, the present inventor considers, can be with electricity consumption The access point base station of LTE network is set up between terminal and main website, by the certification to access point base station, to electric terminal and this Certification between access point base station is transmitted and passes through L2TP between access point base station and main website server (Layer2Tunneling Protocol, layer 2 tunneling protocol) tunnel configuration and IPSec (Internet Protocol Security, internet security agreement) tunnel configuration carries out double layer encryption to the transmission means and content of the communication data of transmission Transmission, is improved in adapted electrical communication system with the communication security reliability between electric terminal and main website with this.
The technical scheme that the invention will now be described in detail with reference to the accompanying drawings.
The embodiments of the invention provide a kind of adapted electrical communication system based on LTE network, as shown in figure 1, specifically can be with Including:With electric terminal 101, network access point device 102, main website server 103.
Wherein, the session for carrying key agreement parameter can be sent to network access point device 102 with electric terminal 101 Request;Network access point device 102 is received after session request, can be assisted according to public key, the private key prestored and key Business's parameter, generates session key, and the session key of generation is returned to electric terminal 101.Specifically, with electric terminal 101 can send the session request for carrying the key agreement parameter through public key encryption to network access point device 102.After And, network access point device 102 can parse the key agreement parameter through public key encryption from session request, and using in advance The private key of storage obtains key association to being decrypted from the key agreement parameter through public key encryption that electric terminal 101 is received Business's parameter;And according to public key, private key and key agreement parameter, according to default LTE AESs, generation session key is concurrent Deliver to electric terminal 101.Wherein, public key is specially the identification information of network access point device 102;Network access point device Private key in 102 is information prestore, corresponding with the identification information of its own.So, with electric terminal 101 and net Key agreement is just completed between network access point apparatus 102, it is follow-up to pass through shared session key pair with electric terminal 101 The communication data uploaded in advance is encrypted, it is ensured that with the data transfer between electric terminal 101 and network access point device 102 Security.Moreover, while matching somebody with somebody completion key agreement between electric terminal 101 and network access point device 102, also just completing With the certification connection between electric terminal 101 and network access point device 102 so that with electric terminal 101 can pass through net Network access point apparatus 102 accesses LTE network;Then communication data to be uploaded is sent to by main website server by LTE network 103.Wherein, LTE AESs specifically can voluntarily be selected from the polyalgorithm that LTE network system is allowed.
More preferably, also include in the adapted electrical communication system of the embodiment of the present invention:Private key generator 104.
Wherein, private key generator 104 be used for store each access point of LTE network identification information and respectively with each mark The corresponding private key of information.Specifically, network access point device 102 is receiving the session request with the transmission of electric terminal 101 Afterwards, the identification information of its own is sent to private key generator 104.So, private key generator 104 can connect receiving network After the identification information for entering the transmission of point device 102, from the private key storehouse of the identification information of each access point of the LTE network that is stored with, search Go out the private key corresponding with the identification information received, and the private key found out is sent to network access point device 102.
Further, after the session key for receiving its return from network access point device 102 with electric terminal 101, to The L2TP Tunnel foundation that the transmission of network access point device 102 carries the first tunnel configuration parameter through session key please Ask.Then, after network access point device 102 can set up request receiving L2TP Tunnel, therefrom parse, decrypt the first tunnel Road configuration parameter, and obtain the second tunnel configuration parameter from main website server 103;According to the first tunnel configuration parameter, Yi Ji Two tunnel configuration parameters, generation L2TP Tunnel configuring negotiation result is sent to main website server 103, and to electric terminal 101 Return to the successful response message of tunnel building.Specifically, network access point device 102 is sent with electric terminal 101 receiving L2TP Tunnel set up request after, can from L2TP Tunnel set up request in parse the first tunnel through the session key Road configuration parameter;The first tunnel configuration parameter is decrypted using session key, and the first tunnel configuration parameter decrypted is sealed Sent loaded on rear in L2TP Tunnel connection request to main website server 103.Main website server 103 receives network access point device After the 102 L2TP Tunnel connection requests sent, the first tunnel configuration parameter is therefrom parsed, and match somebody with somebody according to the first tunnel of reception Parameter is put, is sent to network access point device 102 and carries the second tunnel configuration ginseng corresponding with the first tunnel configuration parameter Several L2TP Tunnel connection response information.The L2TP Tunnel that network access point device 102 receives the transmission of main website server 103 connects Connect after response message, can therefrom parse the second tunnel configuration parameter;According to the first tunnel configuration parameter, the second tunnel configuration Parameter, generates L2TP Tunnel configuring negotiation result;The L2TP Tunnel configuring negotiation result of generation is sent to main website server 103 Afterwards, and to described with the electric terminal return successful response message of tunnel building.So, just complete to set up net in the lte networks L2TP Tunnel connection between network access point apparatus 102 and main website server 103.Wherein, the first and second tunnel configuration parameter Specifically for being defined to parameters such as transmission bandwidth, transmission rates so that generated according to the first and second tunnel configuration parameters L2TP Tunnel configuring negotiation result can be to the transmission side data between electric terminal 101 and network access point device 102 Formula is controlled.For example, L2TP Tunnel configuring negotiation result being set as to, the first tunnel configuration parameter and the second tunnel are matched somebody with somebody Put minimum value or maximum or average value for same parameters limit value in parameter.
So, it will can subsequently be pressed by the L2TP Tunnel in LTE network from the communication data received with electric terminal 101 Main website server 103 is uploaded to according to L2TP Tunnel configuring negotiation result.Specifically, electric terminal is matched somebody with somebody in adapted electrical communication system , can be by through session key after the 101 successful response messages of tunnel building for receiving its return from network access point device 102 The communication data of encryption is sent to network access point device 102.Network access point device 102 can match somebody with somebody electric terminal receiving 101 send the communication datas through session key after, using session key to from electric terminal 101 receive through session The communication data of key encryption is decrypted, and decrypts communication data;According to L2TP Tunnel configuring negotiation result, to what is decrypted Communication data carries out L2TP encapsulation, and the L2TP packets for encapsulating generation are sent to main website server 103.So, main website takes Business device 103 can parse according to L2TP Tunnel configuring negotiation result, therefrom parse adapted to the L2TP packets of reception The communication data that electric terminals 101 are uploaded in advance.
Based on above-mentioned adapted electrical communication system, it can be seen that logical with electricity consumption based on LTE network in the embodiment of the present invention Letter system shares session key before being communicated, it is necessary to realize to match somebody with somebody in advance between electric terminal and network access point device, Its idiographic flow, as shown in Fig. 2 may include steps of:
S201:The session request for carrying key agreement parameter is sent to network access point device with electric terminal.
Specifically, LTE is being accessed by network access point device 102 with electric terminal 101 in adapted electrical communication system Before network, parameter can be consulted using public key encryption key using the identification information of network access point device 102 as public key, And send the session request for carrying the key agreement parameter through public key encryption to network access point device 102.Wherein, network Access point apparatus 102 is specially the access point of LTE network;Public key is specially the identification information of network access point device 102.
S202:Network access point device is received after session request, and the identification information of its own is sent to private key and generated Device.
Specifically, the network access point device 102 in adapted electrical communication system receive in the system match somebody with somebody electricity consumption After the session request for carrying the key agreement parameter through public key encryption that terminal 101 is sent, in order to decrypt session request In key agreement parameter, the identification information of itself can be sent to private key generator 104 to obtain private key.
S203:Private key generator receives the identification information that network access point device is sent, and is respectively connect from the LTE network that is stored with In the private key storehouse of the identification information of access point, find out the private key corresponding with the identification information of network access point device and send extremely Network access point device.
Then, the private key generator 104 in adapted electrical communication system can receive the mark of network access point device transmission In information, and the private key storehouse of identification information from each access point of the LTE network that is stored with, find out with from network access point device The corresponding private key of 102 identification informations received, and the private key found out is sent to network access point device 102.Specifically, The identification information of each access point of LTE network in the identification information of reception and private key storehouse is compared lookup by private key generator 104, The identification information identical identification information with receiving is found out from private key storehouse, and the private key corresponding with the identification information is sent out Deliver to network access point device 102.Wherein, private key generator 104 is directed to each access point in LTE network in advance, and this is connect The identification information of access point is the corresponding private key of the public key setting as public key.And private key generator 104 set a pair it is corresponding Public key and private key concrete methods of realizing, can use technological means known in those skilled in the art, herein no longer go to live in the household of one's in-laws on getting married State.
If in fact, finding the identification information identical identification information with receiving from private key storehouse, showing and the mark Know the access point that the corresponding network access point device of information is LTE network, that is to say, that can be by this with electric terminal 101 Network access point device 102 accesses LTE network.Correspondingly, if being searched from private key storehouse identical less than with the identification information of reception Identification information, then it is not the access point of LTE network to show network access point device, then, can be selected with electric terminal 101 The network access point device of other, to belong to LTE network access points realizes the access of LTE network.
S204:Network access point device parses the key agreement parameter through public key encryption from session request, and utilizes Key agreement parameter through public key encryption is decrypted private key, obtains key agreement parameter;According to public key, private key and key Sent after consulting parameter, generation session key to electric terminal.
Specifically, the network access point device 102 in adapted electrical communication system can be utilized receives from private key generator 104 Private key, to being decrypted from the key agreement parameter through public key encryption that electric terminal 101 is received, obtain key agreement ginseng Number;And according to public key (i.e. the identification information of network access point device 102), private key and key agreement parameter, according to default LTE AESs, generate session key, and the session key of generation is sent to from electric terminal 101.For example, network connects Enter the session key that point device 102 can be produced using private key encryption, and the session key of encryption is sent to electric terminal 101;Then, session can be obtained using public key (i.e. the identification information of network access point device 102) decryption with electric terminal 101 Key, realizes to match somebody with somebody and session key is shared between electric terminal 101 and network access point device 102.So, subsequently with electric terminal Decryption can be encrypted using the session key in the data of transmission between 101 and network access point device 102, it is ensured that adapted Communication security between electric terminals 101 and network access point device 102.Wherein, LTE AESs specifically can be from LTE network Voluntarily selected in the algorithm that system is allowed.
Based on above-mentioned adapted electrical communication system, still further it can be seen that, electricity consumption is matched somebody with somebody based on LTE network in the embodiment of the present invention Communication system is before being communicated, in addition it is also necessary to pre-establish the data transfer between network access point device and main website server Tunnel, its idiographic flow, as shown in figure 3, may include steps of:
S301:Received with electric terminal after session key, send and carried through session key to network access point device The L2TP Tunnel of first tunnel configuration parameter of encryption sets up request.
Specifically, in order to which by network access point device 102, the safety set up between main website server 103 is led to Believe passage, can be to data transmission tunnel to be set up between network access point device and main website server with electric terminal 101 Carry out parameter restriction.Specifically, it is whole with electricity consumption after the session key shared between network access point device 102 is determined End 101 can utilize session key to join the first tunnel configuration for carrying out parameter restriction for treating the data transmission tunnel of foundation Number is encrypted, and the L2TP Tunnel for carrying the first tunnel configuration parameter through session key is set up into request transmission extremely Network access point device 102.
S302:Network access point device is set up in request from L2TP Tunnel and parses the first tunnel through session key After configuration parameter, the first tunnel configuration parameter is decrypted using session key, and the first tunnel configuration parameter decrypted is sealed Sent loaded on rear in L2TP Tunnel connection request to main website server.
Specifically, network access point device 102 receives the L2TP Tunnel sent with electric terminal 101 and set up after request, The first tunnel configuration parameter through session key is therefrom parsed, and the first tunnel is decrypted using shared session key Configuration parameter, the first tunnel configuration parameter decrypted is packaged in L2TP Tunnel connection request, and is sent to main website service Device 103.
S303:Main website server parses the first tunnel configuration parameter from L2TP Tunnel connection request, and is connect to network Enter point device and send the L2TP Tunnel company for carrying the second tunnel configuration parameter corresponding with the first tunnel configuration parameter Connect response message.
Specifically, main website server 103 receives the L2TP Tunnel connection request that network access point device 102 is sent, therefrom Parse the first tunnel configuration parameter;According to the first tunnel configuration parameter, determine corresponding with the first tunnel configuration parameter Second tunnel configuration parameter, and the second tunnel configuration parameter determined is packaged in L2TP Tunnel connection response information rear hair Deliver to network access point device 102.
S304:Network access point device parses the second tunnel configuration parameter from L2TP Tunnel connection response information, and According to the first tunnel configuration parameter, the second tunnel configuration parameter, sent after generation L2TP Tunnel configuring negotiation result to main website clothes Business device, and return to the successful response message of tunnel building to electric terminal.
Specifically, network access point device 102 receives the L2TP Tunnel connection response information of the transmission of main website server 103 Afterwards, according to the first tunnel configuration parameter decrypted and the second tunnel parsed from L2TP Tunnel connection response information Configuration parameter, generates L2TP Tunnel configuring negotiation result, and the L2TP Tunnel configuring negotiation result of generation is sent into main website clothes Business device 103.So, just complete and set up in the lte networks between network access point device 102 and main website server 103 L2TP Tunnel is connected, and then, network access point device 102, LTE network, main website service can be sequentially passed through with electric terminal 101 Device 103 accesses the Intranet of power system.Wherein, implementing for L2TP Tunnel is set up according to the first and second tunnel configuration parameters Method, L2TP Tunnel configuring negotiation result can be set as in the first tunnel configuration parameter and the second tunnel configuration parameter for The minimum value or maximum or average value of same parameters limit value, it would however also be possible to employ technology known in those skilled in the art Means, will not be described in detail herein.So, can be according to L2TP Tunnel configuring negotiation result to the communication number by L2TP Tunnel transmission According to transmission is encrypted, it is ensured that the security reliability of transmitting procedure.
In practical application, will be carried with electric terminal 101 through session key in adapted electrical communication system The L2TP Tunnel of first tunnel configuration parameter is set up request and sent to before network access point device 102, can also pass through network Access point apparatus 102, LTE network, by including user name and the user authentication information of authentication password with electric terminal send to It is arranged at the certificate server of power system main website.Then, certificate server is authenticated to the user authentication information of reception, if By certification, then by the server address of main website server 103 by LTE network, network access point device 102 is back to.This Sample, network access point device 102 according to the address of reception, can will carry the L2TP Tunnel connection of the first tunnel configuration parameter Request sends the main website server 103 into adapted electrical communication system.Then, the L2TP Tunnel of 103 pairs of receptions of main website server Connection request is responded.
It was found by the inventors of the present invention that L2TP Tunnel configuring negotiation result is substantially a kind of tunneling protocol, i.e., pair Message transmission means is defined control between network access point device 102 and main website server 103, but not to transmission Protection is encrypted in data.
Therefore, as a kind of more excellent embodiment, the present inventor considers can be by other associations safely of arranging in pairs or groups View realizes the encryption of transmission data.For example, network access point device 102 can be according to the 3rd by being sent with electric terminal 101 Tunnel configuration parameter and the 4th tunnel configuration parameter sent by main website server 103, generate ipsec tunnel configuring negotiation As a result, and by the ipsec tunnel configuring negotiation result of generation send to main website server 103.Wherein, the 3rd tunnel configuration parameter The username and password with electric terminal 101 can specifically be included, between electric terminal 101 and network access point device 102 Shared session key;4th tunnel configuration parameter can specifically include the server address and main website of main website server 103 Server 103 is internal address with the distribution of electric terminal 101 etc. according to the username and password with electric terminal 101.So, , can be to ipsec tunnel two by the ipsec tunnel configuring negotiation result generated according to the third and fourth tunnel configuration parameter While carrying out authentication with electric terminal 101 and main website server 103 of end, can also be to the data transmitted between the two It is encrypted, it is ensured that the private ownership of transmission data, substantially increases the security of transmission data.
Specifically, after the session key that the return of network access point device 102 is received with electric terminal 101, except to net Network access point apparatus 102 sends the L2TP Tunnel foundation request for carrying the first tunnel configuration parameter through session key Outside, the IPSec for carrying the 3rd tunnel configuration parameter through session key can also be sent to network access point device 102 Tunnel building is asked;Network access point device 102 receives the ipsec tunnel sent with electric terminal 101 and set up after request, from Middle threeth tunnel configuration parameter of the parsing through session key, and the 3rd tunnel configuration parameter is decrypted using session key, The 3rd tunnel configuration parameter decrypted is packaged in ipsec tunnel connection request, and ipsec tunnel connection request is sent To main website server 103.Then, main website server 103 receives the ipsec tunnel connection of the transmission of network access point device 102 After request, the 3rd tunnel configuration parameter can be parsed from ipsec tunnel connection request, determines and joins with the 3rd tunnel configuration The 4th corresponding tunnel configuration parameter of number;And carry the 4th tunnel configuration parameter to the transmission of network access point device 102 Ipsec tunnel connection response information.So, network access point device 102 can receive the IPSec of the transmission of main website server 103 Tunnel connection response information, and parse the 4th tunnel configuration parameter from ipsec tunnel connection response information;Then, can be with According to the 3rd tunnel configuration parameter and the 4th tunnel configuration parameter, ipsec tunnel configuring negotiation result is generated to main website service Device 103 is sent.
So, all sent to master by the L2TP Tunnel configuring negotiation result of generation and ipsec tunnel configuring negotiation result After site server 103, network access point device 102 can return to the successful response message of tunnel building to electric terminal 101. Then, received with electric terminal 101 after the successful response message of tunnel building, the communication data through session key is sent out Deliver to network access point device 102.Network access point device 102 is using session key to from the warp received with electric terminal 101 The communication data of session key is decrypted, and decrypts communication data;And according to L2TP Tunnel configuring negotiation result, Ipsec tunnel configuring negotiation result, carries out L2TP encapsulation to the communication data decrypted and IPSec is encapsulated, and encapsulation is given birth to Into L2TP/IPSec packets send to main website server 103.So, main website server 103 can match somebody with somebody according to L2TP Tunnel Negotiation result and ipsec tunnel configuring negotiation result are put, the communication number is parsed from the L2TP/IPSec packets of reception According to.So, by L2TP Tunnel configuring negotiation result and ipsec tunnel configuring negotiation as a result, it is possible to achieve to the communication data The transmission means of communication data is also controlled while being encrypted, network access point device 102 is greatly strengthen and is taken with main website Communication security between business device 103.
Based on above-mentioned adapted electrical communication system, the session key predefined out, L2TP Tunnel configuring negotiation result and Ipsec tunnel configuring negotiation result, the embodiment of the present invention additionally provides a kind of the logical of adapted electrical communication system based on LTE network Letter method, its idiographic flow, as shown in figure 4, may include steps of:
S401:The session request for carrying key agreement parameter is sent to network access point device with electric terminal.
Specifically, the session request for carrying the key agreement parameter through public key encryption can be sent out with electric terminal 101 Deliver to network access point device 102.
S402:Network access point device is received after session request, according to public key, the private key prestored and described close Key consults parameter, and generation session key is returned to electric terminal.
Specifically, network access point device 102 parses the key agreement parameter through public key encryption from session request, and The key agreement parameter through public key encryption is decrypted using the private key prestored, key agreement parameter is obtained;According to public affairs Key, private key and key agreement parameter, according to default Long Term Evolution LTE AESs, send to matching somebody with somebody after generation session key Electric terminal 101.The concrete methods of realizing of session key is generated on network access point device 102, above-mentioned steps are referred to S201-S204。
S403:Received with electric terminal after session key, send and carried through session key to network access point device The L2TP Tunnel of first tunnel configuration parameter of encryption sets up request.
Specifically, after the session key that the return of network access point device 102 is received with electric terminal 101, connect to network Enter point device 102 and send the L2TP Tunnel foundation request for carrying the first tunnel configuration parameter through session key.
More preferably, it can also send and carry through session key to network access point device 102 with electric terminal 101 The 3rd tunnel configuration parameter ipsec tunnel set up request.
S404:Network access point device receives L2TP Tunnel and sets up request, therefrom parses, decrypts the first tunnel configuration Parameter, and obtain the second tunnel configuration parameter from main website server;According to the first tunnel configuration parameter and the second tunnel configuration Parameter, generation L2TP Tunnel configuring negotiation result is sent to main website server, and returns to tunnel building success to electric terminal Response message.
Specifically, network access point device 102 generates the concrete methods of realizing of L2TP Tunnel configuring negotiation result, Ke Yican According to above-mentioned steps S301-S304.
More preferably, network access point device 102 receives the ipsec tunnel sent with electric terminal 101 and sets up request, from It is middle to parse, decrypt the 3rd tunnel configuration parameter, and obtain the 4th tunnel configuration parameter from main website server;According to the 3rd tunnel Configuration parameter and the 4th tunnel configuration parameter, generation ipsec tunnel configuring negotiation result are sent to main website server;And L2TP Tunnel configuring negotiation result, ipsec tunnel configuring negotiation result are sent to main website server 103, to electricity consumption end End 101 returns to the successful response message of tunnel building.Ipsec tunnel configuring negotiation result is generated on network access point device Concrete methods of realizing, is referred to above-mentioned steps S301-S304.
S405:Received with electric terminal after the successful response message of tunnel building, by the communication through session key Data are sent to network access point device.
Specifically, the return of network access point device 102 is being received with electric terminal 101 in adapted electrical communication system After the successful response message of tunnel building, the communication data through session key can be sent into adapted electrical communication system Network access point device 102.Wherein, session key is with shared between electric terminal 101 and network access point device 102 Session key.
S406:Network access point device decrypts communication data using session key, and according to L2TP Tunnel configuring negotiation As a result, the communication data decrypted is carried out after L2TP encapsulation, the L2TP packets for encapsulating generation is sent to main website server.
Specifically, the network access point device 102 in adapted electrical communication system receives the warp by being sent with electric terminal 101 After the communication data of session key, communication data is decrypted using session key, and according to L2TP Tunnel configuring negotiation knot Really, L2TP encapsulation is carried out to the communication data that decrypts, generates L2TP packets, and by LTE network by the L2TP numbers of generation Sent according to bag to main website server 103.
More preferably, except sharing L2TP Tunnel configuring negotiation result between network access point device 102 and main website server Outside, ipsec tunnel configuring negotiation result can also be shared, therefore, network access point device 102 can also match somebody with somebody according to L2TP Tunnel Negotiation result and ipsec tunnel configuring negotiation result are put, L2TP is carried out to the communication data decrypted using the session key Encapsulation and IPSec encapsulation, generate L2TP/IPSec packets, and the L2TP/IPSec packets for encapsulating generation are sent to master Site server 103.
S407:Main website server is parsed logical according to L2TP Tunnel configuring negotiation result from the L2TP packets of reception Letter data.
Specifically, main website server 103 receives the L2TP data that network access point device 102 is sent by LTE network Bao Hou, can be according to the L2TP Tunnel configuring negotiation result received in advance from network access point device 102, to the L2TP numbers of reception Parsed according to bag, obtain the communication data uploaded in advance with electric terminal 101.
More preferably, main website server 103 can also receive the L2TP/IPSec data of the transmission of network access point device 102 Bag, according to L2TP Tunnel configuring negotiation result and ipsec tunnel configuring negotiation result, enters to the L2TP/IPSec packets of reception Row parsing, therefrom parses the communication data uploaded with electric terminal 101
, can be in advance shared with being set between electric terminal and network access point device in technical scheme Session key, it is ensured that with the communication security between electric terminal and network access point device;Then, network access point device with L2TP Tunnel and ipsec tunnel are set between main website server, to what is transmitted between network access point device and main website server Communication data is transmitted the double-encryption protection in mode and content, it is ensured that network access point device and main website server it Between communication security.So, the present invention provide by protecting through session key, through L2TP Tunnel and ipsec tunnel What communication data transfer passage was communicated matches somebody with somebody electric terminal system, compared to existing adapted electrical communication system, with higher Security reliability.
Can be with one of ordinary skill in the art will appreciate that realizing that all or part of step in above-described embodiment method is The hardware of correlation is instructed to complete by program, the program can be stored in a computer read/write memory medium, such as: ROM/RAM, magnetic disc, CD etc..
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should It is considered as protection scope of the present invention.

Claims (10)

1. a kind of communication means of the adapted electrical communication system based on LTE network, it is characterised in that including:
The session request for carrying key agreement parameter is sent to network access point device with electric terminal;
Network access point device is received after the session request, is assisted according to public key, the private key prestored and the key Business's parameter, generation session key is returned to described with electric terminal;
Receive after the session key, carried to network access point device transmission close through the session with electric terminal The layer 2 tunneling protocol L2TP Tunnel of first tunnel configuration parameter of key encryption sets up request;
Network access point device receives the L2TP Tunnel and sets up request, therefrom parses, decrypts the first tunnel configuration parameter, And obtain the second tunnel configuration parameter from main website server;According to the first tunnel configuration parameter and the second tunnel configuration parameter, Generation L2TP Tunnel configuring negotiation result is sent to the main website server, and to it is described with electric terminal return tunnel building into The response message of work(;
Received with electric terminal after the successful response message of the tunnel building, the communication data through session key is sent out Deliver to network access point device;
Network access point device decrypts communication data using the session key, and according to the L2TP Tunnel configuring negotiation knot Really, sent after carrying out L2TP encapsulation to the communication data decrypted to the main website server;
Main website server parses the communication according to the L2TP Tunnel configuring negotiation result from the L2TP packets of reception Data.
2. the method as described in claim 1, it is characterised in that described sent with electric terminal to network access point device carries There is the session request of key agreement parameter, specifically include:
The session request for carrying the key agreement parameter through public key encryption is sent to network access point device with electric terminal; And
The network access point device is received after the session request, according to public key, the private key prestored and described close Key consults parameter, generates session key, specifically includes:
Network access point device parses the key agreement parameter through public key encryption from the session request, and utilization is deposited in advance The key agreement parameter through public key encryption is decrypted the private key of storage, obtains key agreement parameter;According to the public key, The private key and the key agreement parameter, according to default Long Term Evolution LTE AESs, generate session key.
3. the method as described in claim 1, it is characterised in that the public key is specially the mark of the network access point device Information;And
Described according to public key, the private key prestored and the key agreement parameter, generate before session key, also wrap Include:
Network access point device is received after the session request, and the identification information of its own is sent to private key generator;
Private key generator receives the identification information that network access point device is sent, and from the mark of each access point of the LTE network that is stored with In the private key storehouse for knowing information, the private key corresponding with the identification information received is found out, and the private key found out is sent to net Network access point apparatus.
4. the method as described in claim 1, it is characterised in that the network access point device receives the L2TP Tunnel and built Vertical request, therefrom parses, decrypts the first tunnel configuration parameter, and obtain the second tunnel configuration parameter, tool from main website server Body includes:
Network access point device is set up in request from the L2TP Tunnel and parses the first tunnel through the session key After configuration parameter, the first tunnel configuration parameter is decrypted using the session key, and the first tunnel configuration decrypted is joined Number is sent to main website server after being packaged in L2TP Tunnel connection request;
Main website server parses the first tunnel configuration parameter from the L2TP Tunnel connection request, and is set to Network Access Point Preparation send the L2TP Tunnel connection response for carrying the second tunnel configuration parameter corresponding with the first tunnel configuration parameter Information;
Network access point device parses the second tunnel configuration parameter from the L2TP Tunnel connection response information.
5. the method as described in claim 1, it is characterised in that described to be received with electric terminal after the session key, It is described to it is described with electric terminal return the successful response message of tunnel building before, in addition to:
Sent with electric terminal to the network access point device and carry the 3rd tunnel configuration through the session key The internet security protocol IP Sec tunnel buildings request of parameter;
Network access point device receives the ipsec tunnel and sets up request, therefrom parses, decrypts the 3rd tunnel configuration ginseng Number, and obtain the 4th tunnel configuration parameter from main website server;Joined according to the 3rd tunnel configuration parameter and the 4th tunnel configuration Number, generation ipsec tunnel configuring negotiation result is sent to the main website server;And
Sent by the L2TP Tunnel configuring negotiation result, the ipsec tunnel configuring negotiation result to the main website service After device, to described with the electric terminal return successful response message of tunnel building;And
It is described according to the L2TP Tunnel configuring negotiation result, sent after carrying out L2TP encapsulation to the communication data decrypted to institute Main website server is stated, is specifically included:
Network access point device is according to the L2TP Tunnel configuring negotiation result, the ipsec tunnel configuring negotiation result, to solution It is close go out communication data carry out L2TP encapsulation and IPSec encapsulation, and by encapsulate generation L2TP/IPSec packets send to Main website server;And
The main website server is parsed described according to the L2TP Tunnel configuring negotiation result from the L2TP packets of reception Communication data, is specifically included:
Main website server is according to the L2TP Tunnel configuring negotiation result and the ipsec tunnel configuring negotiation result, from reception L2TP/IPSec packets in parse the communication data.
6. method as claimed in claim 5, it is characterised in that the network access point device receives the ipsec tunnel Request is set up, therefrom parses, decrypt the 3rd tunnel configuration parameter, and the 4th tunnel configuration parameter is obtained from main website server, Specifically include:
Network access point device is set up in request from the ipsec tunnel and parses the 3rd tunnel through the session key After configuration parameter, the 3rd tunnel configuration parameter is decrypted using the session key, and the 3rd tunnel configuration decrypted is joined Number is sent to main website server after being packaged in ipsec tunnel connection request;
Main website server parses the 3rd tunnel configuration parameter from the ipsec tunnel connection request, and to Network Access Point Equipment sends the ipsec tunnel connection sound for carrying the fourth tunnel configuration parameter corresponding with the 3rd tunnel configuration parameter Answer information;
Network access point device parses the 4th tunnel configuration parameter from the ipsec tunnel connection response information.
7. a kind of adapted electrical communication system based on LTE network, it is characterised in that including:Set with electric terminal, Network Access Point Standby, main website server;Wherein,
It is described to be used to send the session request for carrying key agreement parameter to the network access point device with electric terminal;From The network access point device is received after session key, is carried to network access point device transmission close through the session The L2TP Tunnel of first tunnel configuration parameter of key encryption sets up request;Tunnel building is received from the network access point device After successful response message, the communication data through session key is sent to the network access point device;
Network access point device is used to receive after the session request with electric terminal from described, according to public key, prestores Private key and the key agreement parameter, generation session key simultaneously to it is described with electric terminal return;From described with electricity consumption end Termination receives the L2TP Tunnel and sets up request, therefrom parses, decrypts the first tunnel configuration parameter, and from the main website service Device obtains the second tunnel configuration parameter;According to the first tunnel configuration parameter and the second tunnel configuration parameter, L2TP Tunnel is generated Configuring negotiation result is sent to the main website server, and successfully responds letter to the electric terminal return tunnel building of matching somebody with somebody Breath;After receiving the communication data through session key sent with electric terminal, decrypted using the session key Go out communication data, and according to the L2TP Tunnel configuring negotiation result, the communication data decrypted is carried out to send out after L2TP encapsulation Deliver to the main website server;
Main website server is used for according to the L2TP Tunnel configuring negotiation result, is parsed from the L2TP packets of reception described Communication data.
8. system as claimed in claim 7, it is characterised in that the system also includes:Private key generator;And
The public key is specially the identification information of the network access point device;And
The electric terminal of matching somebody with somebody is specifically for the session request for carrying the key agreement parameter through public key encryption is sent to net Network access point apparatus;And
The network access point device specifically for from it is described receive the session request with electric terminal after, by its own Identification information send to the private key generator, and receive the private corresponding with the identification information from the private key generator Key;The key agreement parameter through public key encryption is parsed from the session request, and is received using from the private key generator The key agreement parameter through public key encryption is decrypted the private key corresponding with the identification information, obtains key agreement Parameter;According to the public key, the private key and the key agreement parameter, according to default Long Term Evolution LTE AESs, Generate session key;And
The private key generator is used for after the identification information that the network access point device is sent is received, from the LTE that is stored with In the private key storehouse of the identification information of each access point of network, the private key corresponding with the identification information received is found out, and will search The private key gone out is sent to the network access point device.
9. system as claimed in claim 7, it is characterised in that the network access point device from described specifically for matching somebody with somebody electricity consumption Terminal receives L2TP Tunnel and set up after request, sets up in request and is parsed through the session key from the L2TP Tunnel The first tunnel configuration parameter, decrypt the first tunnel configuration parameter using the session key, and by the first tunnel decrypted Road configuration parameter is sent to main website server after being packaged in L2TP Tunnel connection request;Received from the main website server After L2TP Tunnel connection response information, the second tunnel configuration parameter is parsed from the L2TP Tunnel connection response information;With And
The main website server from the network access point device specifically for receiving after L2TP Tunnel connection request, from described Parse the first tunnel configuration parameter in L2TP Tunnel connection request, and send to network access point device and to carry and described the The L2TP Tunnel connection response information of the second corresponding tunnel configuration parameter of one tunnel configuration parameter.
10. system as claimed in claim 7, it is characterised in that described to be additionally operable to electric terminal to the Network Access Point Equipment sends the ipsec tunnel foundation request for carrying the 3rd tunnel configuration parameter through the session key;And
The network access point device is additionally operable to receive the ipsec tunnel foundation request sent with electric terminal Afterwards, therefrom parse, decrypt the 3rd tunnel configuration parameter, and the 4th tunnel configuration parameter is obtained from main website server;According to Three tunnel configuration parameters and the 4th tunnel configuration parameter, generate ipsec tunnel configuring negotiation result to the main website server Send;And taken the L2TP Tunnel configuring negotiation result, the ipsec tunnel configuring negotiation result are sent to the main website It is engaged in after device, to described with the electric terminal return successful response message of tunnel building;Using the session key to matching somebody with somebody from described The communication data through session key that electric terminal is received is decrypted;According to the L2TP Tunnel configuring negotiation result, The ipsec tunnel configuring negotiation result, carries out L2TP encapsulation to the communication data decrypted and IPSec is encapsulated, and will envelope The L2TP/IPSec packets of dress generation are sent to main website server;And
Main website server is additionally operable to according to the L2TP Tunnel configuring negotiation result and the ipsec tunnel configuring negotiation result, The communication data is parsed from the L2TP/IPSec packets of reception.
CN201410220554.2A 2014-05-23 2014-05-23 Adapted electrical communication system and its communication means based on LTE network Active CN104038931B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410220554.2A CN104038931B (en) 2014-05-23 2014-05-23 Adapted electrical communication system and its communication means based on LTE network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410220554.2A CN104038931B (en) 2014-05-23 2014-05-23 Adapted electrical communication system and its communication means based on LTE network

Publications (2)

Publication Number Publication Date
CN104038931A CN104038931A (en) 2014-09-10
CN104038931B true CN104038931B (en) 2017-09-12

Family

ID=51469489

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410220554.2A Active CN104038931B (en) 2014-05-23 2014-05-23 Adapted electrical communication system and its communication means based on LTE network

Country Status (1)

Country Link
CN (1) CN104038931B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106385676A (en) * 2016-08-31 2017-02-08 国网河南省电力公司开封供电公司 Safety encryption electric power wireless communication system
CN108810023A (en) * 2018-07-19 2018-11-13 北京智芯微电子科技有限公司 Safe encryption method, key sharing method and safety encryption isolation gateway
CN108900540B (en) * 2018-08-10 2021-09-03 南方电网科学研究院有限责任公司 Service data processing method of power distribution terminal based on double encryption
CN115052050A (en) * 2022-04-26 2022-09-13 深圳市云伽智能技术有限公司 Session negotiation method, device and controller based on ICAP

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101983517A (en) * 2008-04-02 2011-03-02 诺基亚西门子通信公司 Security for a non-3gpp access to an evolved packet system
CN103269326A (en) * 2012-12-22 2013-08-28 潘铁军 Safety equipment, multi-application system and safety method for ubiquitous networks

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9578041B2 (en) * 2010-10-25 2017-02-21 Nokia Technologies Oy Verification of peer-to-peer multimedia content

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101983517A (en) * 2008-04-02 2011-03-02 诺基亚西门子通信公司 Security for a non-3gpp access to an evolved packet system
CN103269326A (en) * 2012-12-22 2013-08-28 潘铁军 Safety equipment, multi-application system and safety method for ubiquitous networks

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
配电网信息采集系统数据通路复用及安全加密的研究;徐显秋;《重庆科技学院学报》;20131031;全文 *

Also Published As

Publication number Publication date
CN104038931A (en) 2014-09-10

Similar Documents

Publication Publication Date Title
CN104660603B (en) Method and system for extended use of quantum keys in IPSec VPN (internet protocol security-virtual private network)
CN105723648B (en) A kind of cipher key configuration mthods, systems and devices
CN106376003B (en) Detect WLAN connection and WLAN data transmission method for uplink and its device
EP3057351B1 (en) Access method, system, and device of terminal, and computer storage medium
CN104168173B (en) The method, apparatus and network system of terminal crosses private network and server communication in IMS core net
CN102724175B (en) The telecommunication safety management framework of ubiquitous green community net control and method
CN108391238A (en) Wireless MESH network matches network method
CN107852600A (en) The network architecture and safety with simplified mobile process
CN109462850A (en) A kind of network collocating method and smart machine of smart machine
CN110636052B (en) Power consumption data transmission system
CN107005534A (en) Secure connection is set up
CN104038931B (en) Adapted electrical communication system and its communication means based on LTE network
CN104661171B (en) Small data secure transmission method and system for MTC (machine type communication) equipment group
CN107426339A (en) A kind of cut-in method, the apparatus and system of data interface channel
CN104618204A (en) Intelligent home system for guaranteeing safe and remote control based on security modules and realization method thereof
CN104619040A (en) Method and system for quickly connecting WIFI equipment
CN108092969A (en) The system and method for Intelligent Mobile Robot acquisition image access electric power Intranet
CN106789476A (en) A kind of gateway communication method and system
KR20180130203A (en) APPARATUS FOR AUTHENTICATING IoT DEVICE AND METHOD FOR USING THE SAME
CN106375123B (en) A kind of configuration method and device of 802.1X certification
CN104618899A (en) ZigBee router with built-in safety module
CN110022374A (en) Method for connecting network, device, communication equipment and storage medium based on Internet of Things
CN106534050A (en) Method and device for realizing key agreement of virtual private network (VPN)
CN111541776A (en) Safe communication device and system based on Internet of things equipment
CN109120405A (en) A kind of terminal security cut-in method, apparatus and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant