CN105262653A - Safety access platform - Google Patents
Safety access platform Download PDFInfo
- Publication number
- CN105262653A CN105262653A CN201510590981.4A CN201510590981A CN105262653A CN 105262653 A CN105262653 A CN 105262653A CN 201510590981 A CN201510590981 A CN 201510590981A CN 105262653 A CN105262653 A CN 105262653A
- Authority
- CN
- China
- Prior art keywords
- safety
- cma
- access
- cma device
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02B—CLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO BUILDINGS, e.g. HOUSING, HOUSE APPLIANCES OR RELATED END-USER APPLICATIONS
- Y02B70/00—Technologies for an efficient end-user side electric power management and consumption
- Y02B70/30—Systems integrating technologies related to power network operation and communication or information technologies for improving the carbon footprint of the management of residential or tertiary loads, i.e. smart grids as climate change mitigation technology in the buildings sector, including also the last stages of power distribution and the control, monitoring or operating management systems at local level
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S20/00—Management or operation of end-user stationary applications or the last stages of power distribution; Controlling, monitoring or operating thereof
- Y04S20/20—End-user application control systems
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a safety access platform. The safety access platform comprises an identity authentication system, a centralized supervisory system, a safety data exchange system and a collection access gateway. A CMA device is provided with a safety module. The CMA device establishes a network connection with the collection access gateway of the safety access platform through a safety network. The CMA device initiates an access request to the collection access gateway of the safety access platform, the safety module of the CMA device and the identity authentication system of the safety access platform carry out mutual authentication identification, then the identity authentication system carries out safety state assessment on the access request initiated by the CMA device, and then whether access authorization and permission are given; and if yes, safety data interaction is carried out between the CMA device and a power transmission and transformation equipment state monitoring system through the safety data exchange system, and the centralized supervisory system carries out real-time supervisory on data in the identity authentication system and the safety data exchange system. According to the invention, the safety of the electric power transmission line state monitoring system is improved.
Description
Technical field
The present invention relates to power domain, particularly, relate to a kind of secure accessing platform.
Background technology
Electric power transmission line condition monitoring system is made up of main station system and various on-line monitoring subsystem, and subsystem monitoring microclimate comprises conductor temperature, icing, sag, windage yaw, temperature etc., and shaft tower video surveillance.
The various monitoring information of on-line monitoring equipment use sensor collection, is uploaded to front-end system by state information access controller, front-end system again by tidal data recovering to main station system.
Collect in the data in Condition Monitoring Data storehouse, secondary operations is carried out by business event logical process middleware, realize the business function demand (as tabulate statistics, abnormal information acquisition, state evaluation acquisition of information, typical data analysis etc.) of power transmission state monitoring, and/near-realtime data service can be provided in real time via enterprise-level ESB bus for other application system by the Condition Monitoring Data service of specification, meet the online process needs of all kinds of service application to status monitoring information.
The data mode of electric power transmission line condition monitoring system is mainly Condition Monitoring Data and video surveillance data.Current acquisition terminal is mainly harvester and video-unit is accessed by wireless aps N mode.
Existing electric power transmission line condition monitoring system as shown in Figure 1.There is following security risk in this technology:
1, system terminal does not adopt the safety prevention measure such as Network Isolation, secure accessing protection by wireless aps N private network access information Intranet;
2, illegal terminal invades company information Intranet by transformer station;
3, illegal terminal invades company information Intranet by wireless aps N private network;
4, illegal terminal accesses company information Intranet by CMA.
Summary of the invention
The object of the invention is to, for the problems referred to above, propose a kind of secure accessing platform, to realize the advantage improving the fail safe of electric power transmission line condition monitoring system.
For achieving the above object, the technical solution used in the present invention is:
A kind of secure accessing platform, be connected to the front end of power transmission and transformation equipment state monitoring system, for receiving the information from CMA device, secure accessing platform comprises, identity authorization system, centralized supervisory system, security data exchange system and collection IAD, described CMA device arranges security module;
CMA device is set up network by secure network with the collection IAD of secure accessing platform and is connected;
CMA device initiates access request to the collection IAD of secure accessing platform, after the security module of CMA device and the identity authorization system of secure accessing platform realize two-way authentication discriminating, after identity authorization system carries out security state evaluation to the access request that CMA device is initiated, judge whether to give access authorization and license, as given access authorization and license, it is mutual that CMA device carries out secure data by security data exchange system and power transmission and transformation equipment state monitoring system, centralized supervisory system carries out real-time monitoring to the data in identity authorization system and security data exchange system.
Preferably, SM1 symmetric cryptographic algorithm and SM2 asymmetric cryptographic algorithm is integrated with in the security module of described CMA device.
Technical scheme of the present invention has following beneficial effect:
Technical scheme of the present invention, by arranging secure accessing platform in electric power transmission line condition monitoring system, carries out two-way safety certification to front end CMA device, thus improves the fail safe of electric power transmission line condition monitoring system.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Accompanying drawing explanation
Fig. 1 is the theory diagram of existing electric power transmission line condition monitoring system;
The theory diagram of the electric power transmission line condition monitoring system of the access security access platform described in Fig. 2 embodiment of the present invention;
Fig. 3 is the CMA secure accessing flow chart described in the embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein is only for instruction and explanation of the present invention, is not intended to limit the present invention.
As shown in Figure 2, a kind of secure accessing platform, be connected to the front end of power transmission and transformation equipment state monitoring system, for receiving the information from CMA device, secure accessing platform comprises, identity authorization system, centralized supervisory system, security data exchange system and collection IAD, CMA device arranges security module;
CMA device is set up network by secure network with the collection IAD of secure accessing platform and is connected;
CMA device initiates access request to the collection IAD of secure accessing platform, after the security module of CMA device and the identity authorization system of secure accessing platform realize two-way authentication discriminating, after identity authorization system carries out security state evaluation to the access request that CMA device is initiated, judge whether to give access authorization and license, as given access authorization and license, it is mutual that CMA device carries out secure data by security data exchange system and power transmission and transformation equipment state monitoring system, centralized supervisory system carries out real-time monitoring to the data in identity authorization system and security data exchange system.
Wherein, SM1 symmetric cryptographic algorithm and SM2 asymmetric cryptographic algorithm is integrated with in the security module of CMA device.
CMA is as transmission line status on-line monitoring agency, and it communicates with power transmission and transformation equipment state monitoring system and adopts wireless public network and optical fiber special line two kinds of modes communicated, and associated network communication mode should carry out safety and Protection, and specific requirement is as follows:
GPRS, CDMA, 3G access security protects, be in public network environment based on the CMA of wireless public network (GSM/GPRS, WCDMA, TD-SCDMA, CDMA2000) and the transfer of data of master station communication, be faced with the problems such as Monitoring Data is ravesdropping, is tampered, error of transmission.Network channel should adopt sets up special APN passage and the IP address of specifying CMA on the basis of wireless public network.Answer use safety access platform in main website, the measures such as escape way, authentication, secure accessing, access control, exchanges data, centralized supervisory are comprised to CMA employing and carries out security protection.
Optical fiber special line protects, employing optical fiber special line is met to the CMA of people's information Intranet by transformer station, its IP address should be specified, and in the collection IAD of transformer station's boundary deployment secure access platform and data exchange system, the measures such as escape way, authentication, secure accessing, access control, exchanges data, centralized supervisory should be comprised to CMA employing and carry out security protection.
CMA and acquisition terminal communication security protection, CMA acts on behalf of as power transmission state monitoring, the mode of multiple short-distance wireless communication is adopted with the communication mode of acquisition terminal, the data tackling all acquisition terminals carry out general analyzes in a standard format, associated network communication mode will carry out safety and Protection, and specific requirement is as follows:
WIFI access security protects, and to adopting the wireless access of WiFi technology, should ensure access security, meet following security protection demand from audit, certification and the aspect such as to maintain secrecy:
Forbid using the brand name of router or model, name, address, Business Name or project team etc. as its name, name should completely by random letters and numeral or can not reveal that other any character strings of router model or identity form;
The telemanagement option that disable configuration software provides, forbidding SNMP service, guarantees that nobody can be arranged by internet-based control router;
The service area of constraint route device, guarantees the signal that can not receive router at non-zone of control; Should forbid that SSID(service unit identifies) broadcast; Carry out mac address filter, use Access Control List (ACL); Forbidding DHCP; Implement close network access control, only know that the WIFI equipment of network name or SSID or user just can connect;
Reply WIFI terminal is audited, and restriction has the WIFI equipment Stochastic accessing WIFI wireless access of spurious access behavior;
802.1x certification and key management mode should be used; Use WPA1 or WPA2 agreement encryption mechanism, the data flow of WIFI wireless access is encrypted.
WiMax access security protects, and to the wireless access adopting WiMax technology, from audit, certification and privacy guarantee access security, should meet following security protection demand:
Reply WiMax acquisition terminal is audited;
PKM agreement should be supported, adopt public key cryptography technology to realize authentication, the granting of insertion authority and session key and renewal;
Data encryption, signaling protection and key management are provided.
WAPI access security protects, and to the wireless access adopting WAPI national standard, from audit, certification and privacy guarantee access security, should meet following security protection demand:
Reply WAPI acquisition terminal is audited;
The WAI of WAPI should be used to carry out discriminating certification to user identity, and adopt public-key encryptosystem, certificate of utility carries out two-way authentication to the WAPI acquisition terminal in power transmission and transformation line condition monitoring system, carries out centralized authentication management;
The data of the WPI of WAPI to transmission should be used to be encrypted.
CMA needs to carry out two-way certification, encryption, isolated communication with main website secure accessing platform, and whole process can be divided into following several stage: as shown in Figure 3,
1, CMA is linked into the APN of company information Intranet or mobile operator setting by wired or wireless aps N private network mode;
2, the collection IAD of CMA and secure accessing platform realizes two-way authentication discriminating;
3, secure accessing platform carries out security evaluation and discriminating to CMA, according to assessment and identification result, carries out access differentiation, realizes access or refusal control;
4, secure accessing platform is according to tactical management requirement, to conduct interviews mandate according to the certification of CMA and the result of credible evaluation;
5, to realize carrying out secure data with main website power transmission and transformation equipment state monitoring system by data exchange system mutual for CMA.
In order to meet the requirement of security protection, CMA answers the hardware security module of deployment secure access platform, and CMA terminal hardware should meet following requirement:
Communication interface: CMA terminal should provide one group of ISO7816 interface or one group of SPI communication interface, realizes the communication with hardware security module.CMA terminal can reserve USB interface, facilitates later expansion;
Electrical characteristic: CMA terminal should provide the requirement of the electrical characteristic shown in following table 1, the hardware security module meeting secure accessing platform is disposed.
Last it is noted that the foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, although with reference to previous embodiment to invention has been detailed description, for a person skilled in the art, it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (2)
1. a secure accessing platform, be connected to the front end of power transmission and transformation equipment state monitoring system, for receiving the information from CMA device, it is characterized in that, secure accessing platform comprises, identity authorization system, centralized supervisory system, security data exchange system and collection IAD, described CMA device arranges security module;
CMA device is set up network by secure network with the collection IAD of secure accessing platform and is connected;
CMA device initiates access request to the collection IAD of secure accessing platform, after the security module of CMA device and the identity authorization system of secure accessing platform realize two-way authentication discriminating, after identity authorization system carries out security state evaluation to the access request that CMA device is initiated, judge whether to give access authorization and license, as given access authorization and license, it is mutual that CMA device carries out secure data by security data exchange system and power transmission and transformation equipment state monitoring system, centralized supervisory system carries out real-time monitoring to the data in identity authorization system and security data exchange system.
2. secure accessing platform according to claim 1, is characterized in that, is integrated with SM1 symmetric cryptographic algorithm and SM2 asymmetric cryptographic algorithm in the security module of described CMA device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510590981.4A CN105262653A (en) | 2015-09-16 | 2015-09-16 | Safety access platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510590981.4A CN105262653A (en) | 2015-09-16 | 2015-09-16 | Safety access platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105262653A true CN105262653A (en) | 2016-01-20 |
Family
ID=55102168
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510590981.4A Pending CN105262653A (en) | 2015-09-16 | 2015-09-16 | Safety access platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105262653A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107040495A (en) * | 2016-02-03 | 2017-08-11 | 重庆小目科技有限责任公司 | It is a kind of to be applied to industrial communication and the multi-stage combination identity identifying method of business |
| CN108198267A (en) * | 2018-01-02 | 2018-06-22 | 国网浙江省电力有限公司电力科学研究院 | Line inspection method and system based on intelligent terminal |
| CN109818903A (en) * | 2017-11-21 | 2019-05-28 | 中国电信股份有限公司 | Data transmission method, system, device and computer readable storage medium |
| CN111131330A (en) * | 2020-01-10 | 2020-05-08 | 国网宁夏电力有限公司电力科学研究院 | Transmission line network security and method based on optical fiber ring network communication |
| CN113709211A (en) * | 2021-07-30 | 2021-11-26 | 国网湖南省电力有限公司 | Network terminal admission control method based on bypass control technology |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5406495A (en) * | 1993-02-01 | 1995-04-11 | Systems Analysis And Integration, Inc. | Substation load distribution monitor system |
| CN102710639A (en) * | 2012-05-31 | 2012-10-03 | 国网电力科学研究院 | Power safety area crossed real-time data exchange method based on Active MQ data bus |
| CN103618385A (en) * | 2013-12-03 | 2014-03-05 | 国家电网公司 | State estimation data correction system and method for improving accuracy |
| CN104135729A (en) * | 2014-07-30 | 2014-11-05 | 国家电网公司 | System and method of security access of wireless terminal in information intranet |
-
2015
- 2015-09-16 CN CN201510590981.4A patent/CN105262653A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5406495A (en) * | 1993-02-01 | 1995-04-11 | Systems Analysis And Integration, Inc. | Substation load distribution monitor system |
| CN102710639A (en) * | 2012-05-31 | 2012-10-03 | 国网电力科学研究院 | Power safety area crossed real-time data exchange method based on Active MQ data bus |
| CN103618385A (en) * | 2013-12-03 | 2014-03-05 | 国家电网公司 | State estimation data correction system and method for improving accuracy |
| CN104135729A (en) * | 2014-07-30 | 2014-11-05 | 国家电网公司 | System and method of security access of wireless terminal in information intranet |
Non-Patent Citations (1)
| Title |
|---|
| 曹飞: "面向安全接入平台的输电线路视频监控系统研究与实现", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107040495A (en) * | 2016-02-03 | 2017-08-11 | 重庆小目科技有限责任公司 | It is a kind of to be applied to industrial communication and the multi-stage combination identity identifying method of business |
| CN107040495B (en) * | 2016-02-03 | 2021-07-13 | 重庆小目科技有限责任公司 | Multi-level combined identity authentication method applied to industrial communication and service |
| CN109818903A (en) * | 2017-11-21 | 2019-05-28 | 中国电信股份有限公司 | Data transmission method, system, device and computer readable storage medium |
| CN109818903B (en) * | 2017-11-21 | 2021-07-23 | 中国电信股份有限公司 | Data transmission method, system, device and computer readable storage medium |
| CN108198267A (en) * | 2018-01-02 | 2018-06-22 | 国网浙江省电力有限公司电力科学研究院 | Line inspection method and system based on intelligent terminal |
| CN111131330A (en) * | 2020-01-10 | 2020-05-08 | 国网宁夏电力有限公司电力科学研究院 | Transmission line network security and method based on optical fiber ring network communication |
| CN111131330B (en) * | 2020-01-10 | 2022-04-15 | 国网宁夏电力有限公司电力科学研究院 | Transmission line network security and method based on optical fiber ring network communication |
| CN113709211A (en) * | 2021-07-30 | 2021-11-26 | 国网湖南省电力有限公司 | Network terminal admission control method based on bypass control technology |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102710623B (en) | Intelligent grid electricity information privacy protection method based on multi-party interaction | |
| CN105262653A (en) | Safety access platform | |
| CN103685323B (en) | A kind of Smart Home safe network implementation method based on intelligent cloud television gateway | |
| CN103269332B (en) | Safeguard system for power secondary system | |
| CN106789015B (en) | Intelligent power distribution network communication safety system | |
| CN106992984A (en) | A kind of method of the mobile terminal safety access information Intranet based on electric power acquisition net | |
| CN205847326U (en) | The electric power monitoring system safety access device that layering is disposed | |
| CN104184735A (en) | Electric marketing mobile application safe protection system | |
| CN106878269B (en) | Network authentication platform | |
| CN107005534A (en) | Secure connection is set up | |
| CN109756579B (en) | Block chain-based Internet of things information secure transmission system and transmission method | |
| CN108966216B (en) | Mobile communication method and system applied to power distribution network | |
| CN109905869A (en) | Data transmission method between a kind of charging equipment and smart machine | |
| CN105516977B (en) | Exempt from password WiFi authentication method based on two-channel wireless router or AP | |
| CN101895882A (en) | Data transmission method, system and device in WiMAX system | |
| CN104702599A (en) | Safety exchange method for MMS specification application layer | |
| CN109150899B (en) | Mobile communication method and system for Internet of things | |
| CN106027473A (en) | Identity card reading terminal and cloud authentication platform data transmission method and system | |
| CN110493222A (en) | A kind of power automation terminal remote management method and system | |
| WO2022166775A1 (en) | Elevator accessory authentication method and system, and server and storage medium | |
| WO2023108396A1 (en) | Intelligent measurement method for power grid | |
| CN101540985B (en) | Method for implementing terminal zero intervention charging of WAPI system | |
| KR100858975B1 (en) | Method and system for protection of lawful interception | |
| CN107046525A (en) | One kind recognizes matching security system nearby based on intelligent hardware devices | |
| CN105959950A (en) | Wireless access system and connection method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160120 |