CN106209869A - A kind of intelligent power equipment data handling system based on classification safety - Google Patents

Abstract

A kind of intelligent power equipment data handling system based on classification safety, including power equipment data acquisition unit, for being acquired the state parameter of power equipment, described state parameter includes transformator high and low side on off state, transformator oneself state parameter, chopper and isolation switch state parameter；Data, for receiving the status of electric power parameter collected by described power equipment data acquisition unit, are carried out consolidation form conversion, and the information format after conversion are defined as Unified Communication form, provide human-computer exchange port simultaneously by remote scheduling center；Cloud Internet, for calculating the state parameter of power equipment and store, it is assumed that its total m network node and n bar link；Firewall box, is connected between remote scheduling center and cloud Internet, and the data at remote scheduling center could enter cloud Internet after firewall box.

Description

A kind of intelligent power equipment data handling system based on classification safety

Technical field

The present invention relates to electric apparatus monitoring platform field, be specifically related to a kind of intelligent power equipment based on classification safety Data handling system.

Background technology

Along with popularizing of cloud computing, increasing power system uses cloud network to carry out the process of power equipment data And storage.But using while cloud network, how to ensure the security performance of power equipment data, be one highly important Problem, if malicious third parties obtains the relevant parameter of key equipment by cloud network, consequence is hardly imaginable.

Summary of the invention

For the problems referred to above, the present invention provides a kind of intelligent power equipment data handling system based on classification safety.

The purpose of the present invention realizes by the following technical solutions:

A kind of intelligent power equipment data handling system based on classification safety, is characterized in that, including power equipment data Collecting unit, for being acquired the state parameter of power equipment, described state parameter includes that transformator high and low side switchs shape State, transformator oneself state parameter, chopper and isolation switch state parameter；

Remote scheduling center, for receiving the status of electric power ginseng collected by described power equipment data acquisition unit Data are carried out consolidation form conversion, and the information format after conversion are defined as Unified Communication form, provide man-machine simultaneously by number Switching port；

Device identification module, provides a special mark for each equipment, will be stored by the parameter in same mark source In the corresponding storage area of cloud Internet；

Cloud Internet, for calculating the state parameter of power equipment and store, it is assumed that its total m network node With n bar link；

Report to the police and interlocking modules, for judging the latching relation between each power equipment, Yi Jigen according to proofing rules Determine whether parameter transfinites according to default parameters threshold values, if latching relation does not meets proofing rules or parameter-beyond-limit Time send alarm signal to operations staff；

Security protection system, for providing protection for network node and link, it includes cloud network node safety classification System, security protection configuration subsystem, network security monitoring subsystem and cloud service subsystem.

Preferably, also including firewall box, it is connected between remote scheduling center and cloud Internet, in remote scheduling The data of the heart could enter cloud Internet after firewall box；

Preferably, also including authentication module and mobile information acquisition end, the user through authentication can pass through Mobile information acquisition end remotely obtains the state parameter of relevant device in cloud network；Described mobile information acquisition end include mobile phone, Flat board IPAD and laptop computer.

This power equipment data handling system have the beneficial effect that the calculating being reduced remote scheduling center by cloud network And storage capacity, ensure the transmission safety between this locality and cloud network by fire wall, ensure cloud by security protection system The safety of network itself, and it is provided with identity verifier thereof and mobile information acquisition end makes the user having permission to obtain safely Obtain equipment real time information.

Accompanying drawing explanation

The invention will be further described to utilize accompanying drawing, but the embodiment in accompanying drawing does not constitute any limit to the present invention System, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain according to the following drawings Other accompanying drawing.

Fig. 1 is the structured flowchart of a kind of intelligent power equipment data handling system based on classification safety；

Fig. 2 is the structured flowchart of security protection system.

Reference: power equipment data acquisition unit-1；Remote scheduling center-2；Firewall box-3；Cloud Internet- 4；Security protection system-5；Device identification module-6；Report to the police and interlocking modules-7；Authentication module-8；Mobile information acquisition End-9；Cloud network node safety classification subsystem-10；Security protection configuration subsystem-20；Network security monitoring subsystem-30； Cloud service subsystem-40；Incidence matrix generation module-11；Minimum spanning tree module-12；Diversity module-13；Replacement module- 14。

Detailed description of the invention

The invention will be further described with the following Examples.

Application scenarios 1:

A kind of based on classification safety intelligent power equipment data handling system as shown in Figure 1, including power equipment number According to collecting unit 1, for being acquired the state parameter of power equipment, described state parameter includes that transformator high and low side switchs State, transformator oneself state parameter, chopper and isolation switch state parameter；

Remote scheduling center 2, for receiving the status of electric power collected by described power equipment data acquisition unit 1 Data are carried out consolidation form conversion, and the information format after conversion are defined as Unified Communication form, provide people simultaneously by parameter Machine switching port；

Cloud Internet 4, for calculating the state parameter of power equipment and store, it is assumed that its total m network joint Point and n bar link；

Report to the police and interlocking modules 7, for judging the latching relation between each power equipment, Yi Jigen according to proofing rules Determine whether parameter transfinites according to default parameters threshold values, if latching relation does not meets proofing rules or parameter-beyond-limit Time send alarm signal to operations staff；

Device identification module 6, provides a special mark for each equipment, will be stored by the parameter in same mark source In the corresponding storage area of cloud Internet 4；

Security protection system 5, for providing protection for network node and link, it includes cloud network node safety classification System 10, security protection configuration subsystem 20, network security monitoring subsystem 30 and cloud service subsystem 40.

The present invention reduces calculating and the storage capacity at remote scheduling center by cloud network, ensures this locality by fire wall And the transmission safety between cloud network, ensured the safety of cloud network itself by security protection system, and be provided with identity Validator and mobile information acquisition end make the user having permission can obtain equipment real time information safely.

Preferably, firewall box 3, it is connected between remote scheduling center 2 and cloud Internet 4, remote scheduling center 2 Data could enter cloud Internet 4 after firewall box 3；

Preferably, also including authentication module 8 and mobile information acquisition end 9, the user through authentication can be led to Cross mobile information acquisition end 9 and remotely obtain the state parameter of relevant device in cloud Internet 4；Described mobile information acquisition end 9 wraps Include mobile phone, flat board IPAD and laptop computer.

Preferably, as in figure 2 it is shown, described network node security classification system 10 is by calculating the importance values of network node Network node is divided into 4 different safe classes, described security protection configuration subsystem 20 divide safely according to cloud network node The classification results of level subsystem 10, provides different safety for the link between network node and the node of different safety class Cryptographic services；Described network security monitoring subsystem 30 is used for monitoring network node state, and described cloud service subsystem 40 is whole Individual security protection cloud system provides cloud to support.

(1) cloud network node safety classification subsystem 10 include incidence matrix generation module 11, minimum spanning tree module 12, Diversity module 13 and replacement module 14:

The importance values of cloud network node safety classification subsystem 10 obtains and is based primarily upon following theory: to be measured by removing Node assesses this node status in the network, specifically, if after node to be measured is removed, raw in the new figure obtained The number of Cheng Shu is the fewest, then the importance values of this node is the biggest.

A, incidence matrix generation module 11:

A non-directed graph with m network node V and n bar link E, wherein V={V is represented with G₁, V₂... V_m, E= {E₁, E₂... E_n, the annexation of network structure interior joint and link, the one of matrix R is represented with the incidence matrix R of a m × n A network node in row map network, the string of R represents the value of network node and the relating attribute of corresponding sides, each in R The value of element is 0 or 1, wherein 0 represents link and does not associates with network node, and 1 represents link associates with network node；Such as, If the element of m row the n-th row is 1 in R, then represent m-th network node and nth bar link association；

B. minimum spanning tree module 12:

With (i j) represents connection network node V in non-directed graph G_iWith network node V_jLink, ω (V_i, V_j) represent this chain The weight on road, if there is subset that T is E and for without circulation figure so that ω (T) minimum, is just referred to as the minimum spanning tree of G, then by T Minimum spanning tree sum τ (G)=det (RR in G^T), wherein det (.) represents determinant generating function,；

C. diversity module 13:

Node V is obtained by following formula_iImportance values r_i:Wherein τ (G) is for be generated by minimum The minimum spanning tree sum that tree computing module obtains；K is the quantity of the i-th row nonzero element in incidence matrix R, and Z is remove R The new matrix obtained after the nonzero element column of i row and the i-th row, det (Z_i) represent the determinant of Z；r_iValue the biggest, I.e. node demonstrates the highest importance, works as r_iValue when take 1, then it represents that V_iIt is most important network node in this network, Once this network node is destroyed the connectedness of figure and will be destroyed dramatically, thus causes network service to interrupt；By with Upper method calculates the importance values of all-network node respectively, concurrently sets classification thresholds T1, T2, T3, and T1 ＞ T2 ＞ T3, as Really r_i＞ T1, then be labeled as important node by this network node, if T1 is ＞ r_i＞ T2, then be labeled as time weight by this network node Want node, if T2 is ＞ r_i＞ T3, then be labeled as intermediate node by this network node, if r_iLess than T3, then by this network node It is labeled as fringe node, and the safe class of important node, secondary important node, intermediate node and fringe node is designated as respectively Grade 1, grade 2, grade 3 and class 4；T3=0.25, fringe node number is not over the 30% of overall network nodes；

D. replacement module 14:

When network node quantity or node location change, automatically recalculate the important of each network node Property value, and re-start safety classification and labelling；

(2) security protection configuration subsystem 20: between the network node that safe class is identical, uses based on Internet It is mutual that Secure Internet Protocol IPSec carries out information, it is provided that the protecting information safety of channel level, and ipsec protocol should by cryptographic technique For Internet, it is provided that what point-to-point data were transmitted includes the peace that safety certification, data encryption, access control, integrity differentiate Full service；Use between the network node of different safety class and be operated in the application layer protocol on network layer protocol and carry out information Alternately, the safety of application layer, based on PKI system, guarantees information file transfer, the safety shared and use by cryptographic technique, Following cipher mode is used to be encrypted specifically:

A. for network node A that safe class is n1 and network node B that safe class is n2, when A to transmit letter to B During breath MES, first being sent request by A to B, B returns Shu random number R D1 of Shu n1-n2, and B retains RD1；

Each RD1 is digitally signed by b.A by pre-assigned secret key, and produces random number corresponding to Shu n1-n2 Shu RD2；By the matrix on one Shu n1-n2 Shu × Shu n1-n2 Shu rank of RD1 and RD2 composition, utilize matrix encryption technology that information MES is carried out Encryption, is sent to B by encrypted result；Owing to the span of n1 and n2 is 1-4, easily know the net for different safety class For network node, this matrix is 3 × 3 rank matrixes to the maximum, minimum 1 × 1 matrix, and for the identical network node of safe class For, n1-n2=0, do not carry out the operation of matrix encryption；When safe class bypass the immediate leadership transmission progression the highest, Shu n1-n2 Shu get over Greatly, then the exponent number of scrambled matrix is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, AES Amount of calculation reduces accordingly, has stronger adaptivity.

C.B calls decryption function and is decrypted the information after encryption, obtains RD1 ' and information MES, is entered by RD1 and RD1 ' Row comparison match, if the match is successful, receives and retains MES, if inconsistent, MES return A or is abandoned；

(3) network security monitoring subsystem 30, is used for monitoring number of network node and network node location, and it includes perception mould Block and transport module:

Described sensing module realizes by disposing a large amount of wireless senser around network node, due to network node not Knowing self-position, described wireless senser is by accepting network node wireless signal, in conjunction with self and other sensing stations Relation, positions network node location；

(4) cloud service subsystem 40, including cloud storage module and cloud computing module:

Described cloud storage module includes publicly-owned cloud storage submodule and private cloud storage submodule, described publicly-owned storage cloud Module mainly stores network node ranked data, and its storage content external world can carry out free access, described private cloud storage submodule Block mainly stores secret key and decryption function, only can be conducted interviews by the personnel of authentication；

Described cloud computing module realizes by disposing SOA server, including publicly-owned cloud computing submodule and privately owned cloud computing Submodule, described publicly-owned cloud computing submodule provides for cloud network node safety classification subsystem and network security monitoring subsystem Calculating and support, described privately owned cloud computing submodule provides to calculate for security protection configuration subsystem and supports, and all types of user is by eventually End program obtains high in the clouds data.

In this embodiment: reduced calculating and the storage capacity at remote scheduling center by cloud network, come by fire wall Ensure the transmission safety between this locality and cloud network, ensured the safety of cloud network itself by security protection system, and set Put identity verifier thereof and mobile information acquisition end has made the user having permission can obtain equipment real time information safely；Network system System node security hierarchy system 10 uses the node importance based on minimum spanning tree to calculate, can relatively accurately, amount of calculation less Ground calculates the importance of network node, and the node in network carries out safety classification on this basis, T3=0.25, and edge saves Count not over the 30% of overall network nodes；Security protection configuration subsystem 20 to the network node of different safety class it Between information transmission use different encryption policy, and bypass the immediate leadership when safe class and transmit the highest (when Shu n1-n2 Shu is the biggest), then add Close order of matrix number is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, the amount of calculation phase of AES Should reduce, have stronger adaptivity；Cloud service module is set, it is possible to save memory space, improves and calculate speed, save the time Cost.

Preferably, in described network security monitoring subsystem, the concrete positioning action of network node is as follows:

With network node as the center of circle, r is that radius draws circle, and the wireless senser quantity in circle that falls is n, biography that i-th is wireless Sensor receives the signal intensity of this network node and corresponds to q_i, i=1,2 ..., n；

The position of network node (x, y) as follows:

$x=\frac{{\Σ}_{i=1}^n{q}_i{x}_i}{{\Σ}_{i=1}^n{q}_i}$

$y=\frac{{\Σ}_{i=1}^n{q}_i{y}_i}{{\Σ}_{i=1}^n{q}_i}$

Described transport module is for being transferred to cloud service subsystem 40 by the monitoring result of sensing module.

Network security monitoring subsystem is set in this embodiment, it is possible to gather network node data, accurate positioning in time.

Application scenarios 2:

A kind of based on classification safety intelligent power equipment data handling system as shown in Figure 1, including power equipment number According to collecting unit 1, for being acquired the state parameter of power equipment, described state parameter includes that transformator high and low side switchs State, transformator oneself state parameter, chopper and isolation switch state parameter；

Remote scheduling center 2, for receiving the status of electric power collected by described power equipment data acquisition unit 1 Data are carried out consolidation form conversion, and the information format after conversion are defined as Unified Communication form, provide people simultaneously by parameter Machine switching port；

Cloud Internet 4, for calculating the state parameter of power equipment and store, it is assumed that its total m network joint Point and n bar link；

Report to the police and interlocking modules 7, for judging the latching relation between each power equipment, Yi Jigen according to proofing rules Determine whether parameter transfinites according to default parameters threshold values, if latching relation does not meets proofing rules or parameter-beyond-limit Time send alarm signal to operations staff；

Device identification module 6, provides a special mark for each equipment, will be stored by the parameter in same mark source In the corresponding storage area of cloud Internet 4；

Security protection system 5, for providing protection for network node and link, it includes cloud network node safety classification System 10, security protection configuration subsystem 20, network security monitoring subsystem 30 and cloud service subsystem 40.

The present invention reduces calculating and the storage capacity at remote scheduling center by cloud network, ensures this locality by fire wall And the transmission safety between cloud network, ensured the safety of cloud network itself by security protection system, and be provided with identity Validator and mobile information acquisition end make the user having permission can obtain equipment real time information safely.

Preferably, also include firewall box 3, be connected between remote scheduling center 2 and cloud Internet 4, remote scheduling The data at center 2 could enter cloud Internet 4 after firewall box 3；

Preferably, also including authentication module 8 and mobile information acquisition end 9, the user through authentication can be led to Cross mobile information acquisition end 9 and remotely obtain the state parameter of relevant device in cloud Internet 4；Described mobile information acquisition end 9 wraps Include mobile phone, flat board IPAD and laptop computer.

Preferably, as in figure 2 it is shown, described network node security classification system 10 is by calculating the importance values of network node Network node is divided into 4 different safe classes, described security protection configuration subsystem 20 divide safely according to cloud network node The classification results of level subsystem 10, provides different safety for the link between network node and the node of different safety class Cryptographic services；Described network security monitoring subsystem 30 is used for monitoring network node state, and described cloud service subsystem 40 is whole Individual security protection cloud system provides cloud to support.

(1) cloud network node safety classification subsystem 10 include incidence matrix generation module 11, minimum spanning tree module 12, Diversity module 13 and replacement module 14:

The importance values of cloud network node safety classification subsystem 10 obtains and is based primarily upon following theory: to be measured by removing Node assesses this node status in the network, specifically, if after node to be measured is removed, raw in the new figure obtained The number of Cheng Shu is the fewest, then the importance values of this node is the biggest.

A, incidence matrix generation module 11:

A non-directed graph with m network node V and n bar link E, wherein V={V is represented with G₁, V₂... V_m, E= {E₁, E₂... E_n, the annexation of network structure interior joint and link, the one of matrix R is represented with the incidence matrix R of a m × n A network node in row map network, the string of R represents the value of network node and the relating attribute of corresponding sides, each in R The value of element is 0 or 1, wherein 0 represents link and does not associates with network node, and 1 represents link associates with network node；Such as, If the element of m row the n-th row is 1 in R, then represent m-th network node and nth bar link association；

B. minimum spanning tree module 12:

With (i j) represents connection network node V in non-directed graph G_iWith network node V_jLink, ω (V_i, V_j) represent this chain The weight on road, if there is subset that T is E and for without circulation figure so that ω (T) minimum, is just referred to as the minimum spanning tree of G, then by T Minimum spanning tree sum τ (G)=det(RR in G^T), wherein det (.) represents determinant generating function,；

C. diversity module 13:

Node V is obtained by following formula_iImportance values r_i:Wherein τ (G) is for be generated by minimum The minimum spanning tree sum that tree computing module obtains；K is the quantity of the i-th row nonzero element in incidence matrix R, and Z is remove R The new matrix obtained after the nonzero element column of i row and the i-th row, det (Z_i) represent the determinant of Z；r_iValue the biggest, I.e. node demonstrates the highest importance, works as r_iValue when take 1, then it represents that V_iIt is most important network node in this network, Once this network node is destroyed the connectedness of figure and will be destroyed dramatically, thus causes network service to interrupt；By with Upper method calculates the importance values of all-network node respectively, concurrently sets classification thresholds T1, T2, T3, and T1 ＞ T2 ＞ T3, as Really r_i＞ T1, then be labeled as important node by this network node, if T1 is ＞ r_i＞ T2, then be labeled as time weight by this network node Want node, if T2 is ＞ r_i＞ T3, then be labeled as intermediate node by this network node, if r_iLess than T3, then by this network node It is labeled as fringe node, and the safe class of important node, secondary important node, intermediate node and fringe node is designated as respectively Grade 1, grade 2, grade 3 and class 4；T3=0.28, fringe node number is not over the 27% of overall network nodes；

D. replacement module 14:

When network node quantity or node location change, automatically recalculate the important of each network node Property value, and re-start safety classification and labelling；

(2) security protection configuration subsystem 20: between the network node that safe class is identical, uses based on Internet It is mutual that Secure Internet Protocol IPSec carries out information, it is provided that the protecting information safety of channel level, and ipsec protocol should by cryptographic technique For Internet, it is provided that what point-to-point data were transmitted includes the peace that safety certification, data encryption, access control, integrity differentiate Full service；Use between the network node of different safety class and be operated in the application layer protocol on network layer protocol and carry out information Alternately, the safety of application layer, based on PKI system, guarantees information file transfer, the safety shared and use by cryptographic technique, Following cipher mode is used to be encrypted specifically:

A. for network node A that safe class is n1 and network node B that safe class is n2, when A to transmit letter to B During breath MES, first being sent request by A to B, B returns Shu random number R D1 of Shu n1-n2, and B retains RD1；

Each RD1 is digitally signed by b.A by pre-assigned secret key, and produces random number corresponding to Shu n1-n2 Shu RD2；By the matrix on one Shu n1-n2 Shu × Shu n1-n2 Shu rank of RD1 and RD2 composition, utilize matrix encryption technology that information MES is carried out Encryption, is sent to B by encrypted result；Owing to the span of n1 and n2 is 1-4, easily know the net for different safety class For network node, this matrix is 3 × 3 rank matrixes to the maximum, minimum 1 × 1 matrix, and for the identical network node of safe class For, n1-n2=0, do not carry out the operation of matrix encryption；When safe class bypass the immediate leadership transmission progression the highest, Shu n1-n2 Shu get over Greatly, then the exponent number of scrambled matrix is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, AES Amount of calculation reduces accordingly, has stronger adaptivity.

C.B calls decryption function and is decrypted the information after encryption, obtains RD1 ' and information MES, is entered by RD1 and RD1 ' Row comparison match, if the match is successful, receives and retains MES, if inconsistent, MES return A or is abandoned；

(3) network security monitoring subsystem 30, is used for monitoring number of network node and network node location, and it includes perception mould Block and transport module:

Described sensing module realizes by disposing a large amount of wireless senser around network node, due to network node not Knowing self-position, described wireless senser is by accepting network node wireless signal, in conjunction with self and other sensing stations Relation, positions network node location；

(4) cloud service subsystem 40, including cloud storage module and cloud computing module:

Described cloud storage module includes publicly-owned cloud storage submodule and private cloud storage submodule, described publicly-owned storage cloud Module mainly stores network node ranked data, and its storage content external world can carry out free access, described private cloud storage submodule Block mainly stores secret key and decryption function, only can be conducted interviews by the personnel of authentication；

Described cloud computing module realizes by disposing SOA server, including publicly-owned cloud computing submodule and privately owned cloud computing Submodule, described publicly-owned cloud computing submodule provides for cloud network node safety classification subsystem and network security monitoring subsystem Calculating and support, described privately owned cloud computing submodule provides to calculate for security protection configuration subsystem and supports, and all types of user is by eventually End program obtains high in the clouds data.

In this embodiment: reduced calculating and the storage capacity at remote scheduling center by cloud network, come by fire wall Ensure the transmission safety between this locality and cloud network, ensured the safety of cloud network itself by security protection system, and set Put identity verifier thereof and mobile information acquisition end has made the user having permission can obtain equipment real time information safely；Network system System node security hierarchy system 10 uses the node importance based on minimum spanning tree to calculate, can relatively accurately, amount of calculation less Ground calculates the importance of network node, and the node in network carries out safety classification on this basis, T3=0.28, and edge saves Count not over the 27% of overall network nodes；Security protection configuration subsystem 20 to the network node of different safety class it Between information transmission use different encryption policy, and bypass the immediate leadership when safe class and transmit the highest (when Shu n1-n2 Shu is the biggest), then add Close order of matrix number is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, the amount of calculation phase of AES Should reduce, have stronger adaptivity；Cloud service module is set, it is possible to save memory space, improves and calculate speed, save the time Cost.

Preferably, in described network security monitoring subsystem, the concrete positioning action of network node is as follows:

With network node as the center of circle, r is that radius draws circle, and the wireless senser quantity in circle that falls is n, biography that i-th is wireless Sensor receives the signal intensity of this network node and corresponds to q_i, i=1,2 ..., n；

The position of network node (x, y) as follows:

$x=\frac{{\Σ}_{i=1}^n{q}_i{x}_i}{{\Σ}_{i=1}^n{q}_i}$

$y=\frac{{\Σ}_{i=1}^n{q}_i{y}_i}{{\Σ}_{i=1}^n{q}_i}$

Described transport module is for being transferred to cloud service subsystem 40 by the monitoring result of sensing module.

Network security monitoring subsystem is set in this embodiment, it is possible to gather network node data, accurate positioning in time.

Application scenarios 3:

A kind of based on classification safety intelligent power equipment data handling system as shown in Figure 1, including power equipment number According to collecting unit 1, for being acquired the state parameter of power equipment, described state parameter includes that transformator high and low side switchs State, transformator oneself state parameter, chopper and isolation switch state parameter；

Remote scheduling center 2, for receiving the status of electric power collected by described power equipment data acquisition unit 1 Data are carried out consolidation form conversion, and the information format after conversion are defined as Unified Communication form, provide people simultaneously by parameter Machine switching port；

Cloud Internet 4, for calculating the state parameter of power equipment and store, it is assumed that its total m network joint Point and n bar link；

Report to the police and interlocking modules 7, for judging the latching relation between each power equipment, Yi Jigen according to proofing rules Determine whether parameter transfinites according to default parameters threshold values, if latching relation does not meets proofing rules or parameter-beyond-limit Time send alarm signal to operations staff；

Device identification module 6, provides a special mark for each equipment, will be stored by the parameter in same mark source In the corresponding storage area of cloud Internet 4；

Security protection system 5, for providing protection for network node and link, it includes cloud network node safety classification System 10, security protection configuration subsystem 20, network security monitoring subsystem 30 and cloud service subsystem 40.

The present invention reduces calculating and the storage capacity at remote scheduling center by cloud network, ensures this locality by fire wall And the transmission safety between cloud network, ensured the safety of cloud network itself by security protection system, and be provided with identity Validator and mobile information acquisition end make the user having permission can obtain equipment real time information safely.

Preferably, also include firewall box 3, be connected between remote scheduling center 2 and cloud Internet 4, remote scheduling The data at center 2 could enter cloud Internet 4 after firewall box 3；

Preferably, also including authentication module 8 and mobile information acquisition end 9, the user through authentication can be led to Cross mobile information acquisition end 9 and remotely obtain the state parameter of relevant device in cloud Internet 4；Described mobile information acquisition end 9 wraps Include mobile phone, flat board IPAD and laptop computer.

Preferably, as in figure 2 it is shown, described network node security classification system 10 is by calculating the importance values of network node Network node is divided into 4 different safe classes, described security protection configuration subsystem 20 divide safely according to cloud network node The classification results of level subsystem 10, provides different safety for the link between network node and the node of different safety class Cryptographic services；Described network security monitoring subsystem 30 is used for monitoring network node state, and described cloud service subsystem 40 is whole Individual security protection cloud system provides cloud to support.

(1) cloud network node safety classification subsystem 10 include incidence matrix generation module 11, minimum spanning tree module 12, Diversity module 13 and replacement module 14:

The importance values of cloud network node safety classification subsystem 10 obtains and is based primarily upon following theory: to be measured by removing Node assesses this node status in the network, specifically, if after node to be measured is removed, raw in the new figure obtained The number of Cheng Shu is the fewest, then the importance values of this node is the biggest.

A, incidence matrix generation module 11:

A non-directed graph with m network node V and n bar link E, wherein V={V is represented with G₁, V₂... V_m, E= {E₁, E₂... E_n, the annexation of network structure interior joint and link, the one of matrix R is represented with the incidence matrix R of a m × n A network node in row map network, the string of R represents the value of network node and the relating attribute of corresponding sides, each in R The value of element is 0 or 1, wherein 0 represents link and does not associates with network node, and 1 represents link associates with network node；Such as, If the element of m row the n-th row is 1 in R, then represent m-th network node and nth bar link association；

B. minimum spanning tree module 12:

With (i j) represents connection network node V in non-directed graph G_iWith network node V_jLink, ω (V_i, V_j) represent this chain The weight on road, if there is subset that T is E and for without circulation figure so that ω (T) minimum, is just referred to as the minimum spanning tree of G, then by T Minimum spanning tree sum τ (G)=det (RR in G^T), wherein det (.) represents determinant generating function,；

C. diversity module 13:

Node V is obtained by following formula_iImportance values r_i:Wherein τ (G) is for be generated by minimum The minimum spanning tree sum that tree computing module obtains；K is the quantity of the i-th row nonzero element in incidence matrix R, and Z is remove R The new matrix obtained after the nonzero element column of i row and the i-th row, det (Z_i) represent the determinant of Z；r_iValue the biggest, I.e. node demonstrates the highest importance, works as r_iValue when take 1, then it represents that V_iIt is most important network node in this network, Once this network node is destroyed the connectedness of figure and will be destroyed dramatically, thus causes network service to interrupt；By with Upper method calculates the importance values of all-network node respectively, concurrently sets classification thresholds T1, T2, T3, and T1 ＞ T2 ＞ T3, as Really r_i＞ T1, then be labeled as important node by this network node, if T1 is ＞ r_i＞ T2, then be labeled as time weight by this network node Want node, if T2 is ＞ r_i＞ T3, then be labeled as intermediate node by this network node, if r_iLess than T3, then by this network node It is labeled as fringe node, and the safe class of important node, secondary important node, intermediate node and fringe node is designated as respectively Grade 1, grade 2, grade 3 and class 4；T3=0.30, fringe node number is not over the 32% of overall network nodes；

D. replacement module 14:

When network node quantity or node location change, automatically recalculate the important of each network node Property value, and re-start safety classification and labelling；

(2) security protection configuration subsystem 20: between the network node that safe class is identical, uses based on Internet It is mutual that Secure Internet Protocol IPSec carries out information, it is provided that the protecting information safety of channel level, and ipsec protocol should by cryptographic technique For Internet, it is provided that what point-to-point data were transmitted includes the peace that safety certification, data encryption, access control, integrity differentiate Full service；Use between the network node of different safety class and be operated in the application layer protocol on network layer protocol and carry out information Alternately, the safety of application layer, based on PKI system, guarantees information file transfer, the safety shared and use by cryptographic technique, Following cipher mode is used to be encrypted specifically:

A. for network node A that safe class is n1 and network node B that safe class is n2, when A to transmit letter to B During breath MES, first being sent request by A to B, B returns Shu random number R D1 of Shu n1-n2, and B retains RD1；

Each RD1 is digitally signed by b.A by pre-assigned secret key, and produces random number corresponding to Shu n1-n2 Shu RD2；By the matrix on one Shu n1-n2 Shu × Shu n1-n2 Shu rank of RD1 and RD2 composition, utilize matrix encryption technology that information MES is carried out Encryption, is sent to B by encrypted result；Owing to the span of n1 and n2 is 1-4, easily know the net for different safety class For network node, this matrix is 3 × 3 rank matrixes to the maximum, minimum 1 × 1 matrix, and for the identical network node of safe class For, n1-n2=0, do not carry out the operation of matrix encryption；When safe class bypass the immediate leadership transmission progression the highest, Shu n1-n2 Shu get over Greatly, then the exponent number of scrambled matrix is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, AES Amount of calculation reduces accordingly, has stronger adaptivity.

C.B calls decryption function and is decrypted the information after encryption, obtains RD1 ' and information MES, is entered by RD1 and RD1 ' Row comparison match, if the match is successful, receives and retains MES, if inconsistent, MES return A or is abandoned；

(3) network security monitoring subsystem 30, is used for monitoring number of network node and network node location, and it includes perception mould Block and transport module:

Described sensing module realizes by disposing a large amount of wireless senser around network node, due to network node not Knowing self-position, described wireless senser is by accepting network node wireless signal, in conjunction with self and other sensing stations Relation, positions network node location；

(4) cloud service subsystem 40, including cloud storage module and cloud computing module:

Described cloud storage module includes publicly-owned cloud storage submodule and private cloud storage submodule, described publicly-owned storage cloud Module mainly stores network node ranked data, and its storage content external world can carry out free access, described private cloud storage submodule Block mainly stores secret key and decryption function, only can be conducted interviews by the personnel of authentication；

Described cloud computing module realizes by disposing SOA server, including publicly-owned cloud computing submodule and privately owned cloud computing Submodule, described publicly-owned cloud computing submodule provides for cloud network node safety classification subsystem and network security monitoring subsystem Calculating and support, described privately owned cloud computing submodule provides to calculate for security protection configuration subsystem and supports, and all types of user is by eventually End program obtains high in the clouds data.

In this embodiment: reduced calculating and the storage capacity at remote scheduling center by cloud network, come by fire wall Ensure the transmission safety between this locality and cloud network, ensured the safety of cloud network itself by security protection system, and set Put identity verifier thereof and mobile information acquisition end has made the user having permission can obtain equipment real time information safely；Network system System node security hierarchy system 10 uses the node importance based on minimum spanning tree to calculate, can relatively accurately, amount of calculation less Ground calculates the importance of network node, and the node in network carries out safety classification on this basis, T3=0.30, and edge saves Count not over the 32% of overall network nodes；Security protection configuration subsystem 20 to the network node of different safety class it Between information transmission use different encryption policy, and bypass the immediate leadership when safe class and transmit the highest (when Shu n1-n2 Shu is the biggest), then add Close order of matrix number is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, the amount of calculation phase of AES Should reduce, have stronger adaptivity；Cloud service module is set, it is possible to save memory space, improves and calculate speed, save the time Cost.

Preferably, in described network security monitoring subsystem, the concrete positioning action of network node is as follows:

With network node as the center of circle, r is that radius draws circle, and the wireless senser quantity in circle that falls is n, biography that i-th is wireless Sensor receives the signal intensity of this network node and corresponds to q_i, i=1,2 ..., n；

The position of network node (x, y) as follows:

$x=\frac{{\Σ}_{i=1}^n{q}_i{x}_i}{{\Σ}_{i=1}^n{q}_i}$

$y=\frac{{\Σ}_{i=1}^n{q}_i{y}_i}{{\Σ}_{i=1}^n{q}_i}$

Described transport module is for being transferred to cloud service subsystem 40 by the monitoring result of sensing module.

Network security monitoring subsystem is set in this embodiment, it is possible to gather network node data, accurate positioning in time.

Application scenarios 4:

A kind of based on classification safety intelligent power equipment data handling system as shown in Figure 1, including power equipment number According to collecting unit 1, for being acquired the state parameter of power equipment, described state parameter includes that transformator high and low side switchs State, transformator oneself state parameter, chopper and isolation switch state parameter；

Remote scheduling center 2, for receiving the status of electric power collected by described power equipment data acquisition unit 1 Data are carried out consolidation form conversion, and the information format after conversion are defined as Unified Communication form, provide people simultaneously by parameter Machine switching port；

Cloud Internet 4, for calculating the state parameter of power equipment and store, it is assumed that its total m network joint Point and n bar link；

Report to the police and interlocking modules 7, for judging the latching relation between each power equipment, Yi Jigen according to proofing rules Determine whether parameter transfinites according to default parameters threshold values, if latching relation does not meets proofing rules or parameter-beyond-limit Time send alarm signal to operations staff；

Device identification module 6, provides a special mark for each equipment, will be stored by the parameter in same mark source In the corresponding storage area of cloud Internet 4；

Security protection system 5, for providing protection for network node and link, it includes cloud network node safety classification System 10, security protection configuration subsystem 20, network security monitoring subsystem 30 and cloud service subsystem 40.

The present invention reduces calculating and the storage capacity at remote scheduling center by cloud network, ensures this locality by fire wall And the transmission safety between cloud network, ensured the safety of cloud network itself by security protection system, and be provided with identity Validator and mobile information acquisition end make the user having permission can obtain equipment real time information safely.

Preferably, also include firewall box 3, be connected between remote scheduling center 2 and cloud Internet 4, remote scheduling The data at center 2 could enter cloud Internet 4 after firewall box 3；

Preferably, also including authentication module 8 and mobile information acquisition end 9, the user through authentication can be led to Cross mobile information acquisition end 9 and remotely obtain the state parameter of relevant device in cloud Internet 4；Described mobile information acquisition end 9 wraps Include mobile phone, flat board IPAD and laptop computer.

Preferably, as in figure 2 it is shown, described network node security classification system 10 is by calculating the importance values of network node Network node is divided into 4 different safe classes, described security protection configuration subsystem 20 divide safely according to cloud network node The classification results of level subsystem 10, provides different safety for the link between network node and the node of different safety class Cryptographic services；Described network security monitoring subsystem 30 is used for monitoring network node state, and described cloud service subsystem 40 is whole Individual security protection cloud system provides cloud to support.

(1) cloud network node safety classification subsystem 10 include incidence matrix generation module 11, minimum spanning tree module 12, Diversity module 13 and replacement module 14:

The importance values of cloud network node safety classification subsystem 10 obtains and is based primarily upon following theory: to be measured by removing Node assesses this node status in the network, specifically, if after node to be measured is removed, raw in the new figure obtained The number of Cheng Shu is the fewest, then the importance values of this node is the biggest.

A, incidence matrix generation module 11:

A non-directed graph with m network node V and n bar link E, wherein V={V is represented with G₁, V₂... V_m, E= {E₁, E₂... E_n, the annexation of network structure interior joint and link, the one of matrix R is represented with the incidence matrix R of a m × n A network node in row map network, the string of R represents the value of network node and the relating attribute of corresponding sides, each in R The value of element is 0 or 1, wherein 0 represents link and does not associates with network node, and 1 represents link associates with network node；Such as, If the element of m row the n-th row is 1 in R, then represent m-th network node and nth bar link association；

B. minimum spanning tree module 12:

With (i j) represents connection network node V in non-directed graph G_iWith network node V_jLink, ω (V_i, V_j) represent this chain The weight on road, if there is subset that T is E and for without circulation figure so that ω (T) minimum, is just referred to as the minimum spanning tree of G, then by T Minimum spanning tree sum τ (G)=det (RR in G^T), wherein det (.) represents determinant generating function,；

C. diversity module 13:

Node V is obtained by following formula_iImportance values r_i:Wherein τ (G) is for be generated by minimum The minimum spanning tree sum that tree computing module obtains；K is the quantity of the i-th row nonzero element in incidence matrix R, and Z is remove R The new matrix obtained after the nonzero element column of i row and the i-th row, det (Z_i) represent the determinant of Z；r_iValue the biggest, I.e. node demonstrates the highest importance, works as r_iValue when take 1, then it represents that V_iIt is most important network node in this network, Once this network node is destroyed the connectedness of figure and will be destroyed dramatically, thus causes network service to interrupt；By with Upper method calculates the importance values of all-network node respectively, concurrently sets classification thresholds T1, T2, T3, and T1 ＞ T2 ＞ T3, as Really r_i＞ T1, then be labeled as important node by this network node, if T1 is ＞ r_i＞ T2, then be labeled as time weight by this network node Want node, if T2 is ＞ r_i＞ T3, then be labeled as intermediate node by this network node, if r_iLess than T3, then by this network node It is labeled as fringe node, and the safe class of important node, secondary important node, intermediate node and fringe node is designated as respectively Grade 1, grade 2, grade 3 and class 4；T3=0.33, fringe node number is not over the 35% of overall network nodes；

D. replacement module 14:

When network node quantity or node location change, automatically recalculate the important of each network node Property value, and re-start safety classification and labelling；

(2) security protection configuration subsystem 20: between the network node that safe class is identical, uses based on Internet It is mutual that Secure Internet Protocol IPSec carries out information, it is provided that the protecting information safety of channel level, and ipsec protocol should by cryptographic technique For Internet, it is provided that what point-to-point data were transmitted includes the peace that safety certification, data encryption, access control, integrity differentiate Full service；Use between the network node of different safety class and be operated in the application layer protocol on network layer protocol and carry out information Alternately, the safety of application layer, based on PKI system, guarantees information file transfer, the safety shared and use by cryptographic technique, Following cipher mode is used to be encrypted specifically:

A. for network node A that safe class is n1 and network node B that safe class is n2, when A to transmit letter to B During breath MES, first being sent request by A to B, B returns Shu random number R D1 of Shu n1-n2, and B retains RD1；

Each RD1 is digitally signed by b.A by pre-assigned secret key, and produces random number corresponding to Shu n1-n2 Shu RD2；By the matrix on one Shu n1-n2 Shu × Shu n1-n2 Shu rank of RD1 and RD2 composition, utilize matrix encryption technology that information MES is carried out Encryption, is sent to B by encrypted result；Owing to the span of n1 and n2 is 1-4, easily know the net for different safety class For network node, this matrix is 3 × 3 rank matrixes to the maximum, minimum 1 × 1 matrix, and for the identical network node of safe class For, n1-n2=0, do not carry out the operation of matrix encryption；When safe class bypass the immediate leadership transmission progression the highest, Shu n1-n2 Shu get over Greatly, then the exponent number of scrambled matrix is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, AES Amount of calculation reduces accordingly, has stronger adaptivity.

C.B calls decryption function and is decrypted the information after encryption, obtains RD1 ' and information MES, is entered by RD1 and RD1 ' Row comparison match, if the match is successful, receives and retains MES, if inconsistent, MES return A or is abandoned；

(3) network security monitoring subsystem 30, is used for monitoring number of network node and network node location, and it includes perception mould Block and transport module:

Described sensing module realizes by disposing a large amount of wireless senser around network node, due to network node not Knowing self-position, described wireless senser is by accepting network node wireless signal, in conjunction with self and other sensing stations Relation, positions network node location；

(4) cloud service subsystem 40, including cloud storage module and cloud computing module:

Described cloud storage module includes publicly-owned cloud storage submodule and private cloud storage submodule, described publicly-owned storage cloud Module mainly stores network node ranked data, and its storage content external world can carry out free access, described private cloud storage submodule Block mainly stores secret key and decryption function, only can be conducted interviews by the personnel of authentication；

Described cloud computing module realizes by disposing SOA server, including publicly-owned cloud computing submodule and privately owned cloud computing Submodule, described publicly-owned cloud computing submodule provides for cloud network node safety classification subsystem and network security monitoring subsystem Calculating and support, described privately owned cloud computing submodule provides to calculate for security protection configuration subsystem and supports, and all types of user is by eventually End program obtains high in the clouds data.

In this embodiment: reduced calculating and the storage capacity at remote scheduling center by cloud network, come by fire wall Ensure the transmission safety between this locality and cloud network, ensured the safety of cloud network itself by security protection system, and set Put identity verifier thereof and mobile information acquisition end has made the user having permission can obtain equipment real time information safely；Network system System node security hierarchy system 10 uses the node importance based on minimum spanning tree to calculate, can relatively accurately, amount of calculation less Ground calculates the importance of network node, and the node in network carries out safety classification on this basis, T3=0.33, and edge saves Count not over the 35% of overall network nodes；Security protection configuration subsystem 20 to the network node of different safety class it Between information transmission use different encryption policy, and bypass the immediate leadership when safe class and transmit the highest (when Shu n1-n2 Shu is the biggest), then add Close order of matrix number is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, the amount of calculation phase of AES Should reduce, have stronger adaptivity；Cloud service module is set, it is possible to save memory space, improves and calculate speed, save the time Cost.

Preferably, in described network security monitoring subsystem, the concrete positioning action of network node is as follows:

With network node as the center of circle, r is that radius draws circle, and the wireless senser quantity in circle that falls is n, biography that i-th is wireless Sensor receives the signal intensity of this network node and corresponds to q_i, i=1,2 ..., n；

The position of network node (x, y) as follows:

$x=\frac{{\Σ}_{i=1}^n{q}_i{x}_i}{{\Σ}_{i=1}^n{q}_i}$

$y=\frac{{\Σ}_{i=1}^n{q}_i{y}_i}{{\Σ}_{i=1}^n{q}_i}$

Described transport module is for being transferred to cloud service subsystem 40 by the monitoring result of sensing module.

Network security monitoring subsystem is set in this embodiment, it is possible to gather network node data, accurate positioning in time.

Application scenarios 5:

A kind of based on classification safety intelligent power equipment data handling system as shown in Figure 1, including power equipment number According to collecting unit 1, for being acquired the state parameter of power equipment, described state parameter includes that transformator high and low side switchs State, transformator oneself state parameter, chopper and isolation switch state parameter；

Remote scheduling center 2, for receiving the status of electric power collected by described power equipment data acquisition unit 1 Data are carried out consolidation form conversion, and the information format after conversion are defined as Unified Communication form, provide people simultaneously by parameter Machine switching port；

Cloud Internet 4, for calculating the state parameter of power equipment and store, it is assumed that its total m network joint Point and n bar link；

Report to the police and interlocking modules 7, for judging the latching relation between each power equipment, Yi Jigen according to proofing rules Determine whether parameter transfinites according to default parameters threshold values, if latching relation does not meets proofing rules or parameter-beyond-limit Time send alarm signal to operations staff；

Device identification module 6, provides a special mark for each equipment, will be stored by the parameter in same mark source In the corresponding storage area of cloud Internet 4；

Security protection system 5, for providing protection for network node and link, it includes cloud network node safety classification System 10, security protection configuration subsystem 20, network security monitoring subsystem 30 and cloud service subsystem 40.

The present invention reduces calculating and the storage capacity at remote scheduling center by cloud network, ensures this locality by fire wall And the transmission safety between cloud network, ensured the safety of cloud network itself by security protection system, and be provided with identity Validator and mobile information acquisition end make the user having permission can obtain equipment real time information safely.

Preferably, also include firewall box 3, be connected between remote scheduling center 2 and cloud Internet 4, remote scheduling The data at center 2 could enter cloud Internet 4 after firewall box 3；

Preferably, also including authentication module 8 and mobile information acquisition end 9, the user through authentication can be led to Cross mobile information acquisition end 9 and remotely obtain the state parameter of relevant device in cloud Internet 4；Described mobile information acquisition end 9 wraps Include mobile phone, flat board IPAD and laptop computer.

Preferably, as in figure 2 it is shown, described network node security classification system 10 is by calculating the importance values of network node Network node is divided into 4 different safe classes, described security protection configuration subsystem 20 divide safely according to cloud network node The classification results of level subsystem 10, provides different safety for the link between network node and the node of different safety class Cryptographic services；Described network security monitoring subsystem 30 is used for monitoring network node state, and described cloud service subsystem 40 is whole Individual security protection cloud system provides cloud to support.

(1) cloud network node safety classification subsystem 10 include incidence matrix generation module 11, minimum spanning tree module 12, Diversity module 13 and replacement module 14:

The importance values of cloud network node safety classification subsystem 10 obtains and is based primarily upon following theory: to be measured by removing Node assesses this node status in the network, specifically, if after node to be measured is removed, raw in the new figure obtained The number of Cheng Shu is the fewest, then the importance values of this node is the biggest.

A, incidence matrix generation module 11:

A non-directed graph with m network node V and n bar link E, wherein V={V is represented with G₁, V₂... V_m, E= {E₁, E₂... E_n, the annexation of network structure interior joint and link, the one of matrix R is represented with the incidence matrix R of a m × n A network node in row map network, the string of R represents the value of network node and the relating attribute of corresponding sides, each in R The value of element is 0 or 1, wherein 0 represents link and does not associates with network node, and 1 represents link associates with network node；Such as, If the element of m row the n-th row is 1 in R, then represent m-th network node and nth bar link association；

B. minimum spanning tree module 12:

With (i j) represents connection network node V in non-directed graph G_iWith network node V_jLink, ω (V_i, V_j) represent this chain The weight on road, if there is subset that T is E and for without circulation figure so that ω (T) minimum, is just referred to as the minimum spanning tree of G, then by T Minimum spanning tree sum τ (G)=det (RR in G^T), wherein det (.) represents determinant generating function,；

C. diversity module 13:

Node V is obtained by following formula_iImportance values r_i:Wherein τ (G) is for be generated by minimum The minimum spanning tree sum that tree computing module obtains；K is the quantity of the i-th row nonzero element in incidence matrix R, and Z is remove R The new matrix obtained after the nonzero element column of i row and the i-th row, det (Z_i) represent the determinant of Z；r_iValue the biggest, I.e. node demonstrates the highest importance, works as r_iValue when take 1, then it represents that V_iIt is most important network node in this network, Once this network node is destroyed the connectedness of figure and will be destroyed dramatically, thus causes network service to interrupt；By with Upper method calculates the importance values of all-network node respectively, concurrently sets classification thresholds T1, T2, T3, and T1 ＞ T2 ＞ T3, as Really r_i＞ T1, then be labeled as important node by this network node, if T1 is ＞ r_i＞ T2, then be labeled as time weight by this network node Want node, if T2 is ＞ r_i＞ T3, then be labeled as intermediate node by this network node, if r_iLess than T3, then by this network node It is labeled as fringe node, and the safe class of important node, secondary important node, intermediate node and fringe node is designated as respectively Grade 1, grade 2, grade 3 and class 4；T3=0.35, fringe node number is not over the 37% of overall network nodes；

D. replacement module 14:

When network node quantity or node location change, automatically recalculate the important of each network node Property value, and re-start safety classification and labelling；

(2) security protection configuration subsystem 20: between the network node that safe class is identical, uses based on Internet It is mutual that Secure Internet Protocol IPSec carries out information, it is provided that the protecting information safety of channel level, and ipsec protocol should by cryptographic technique For Internet, it is provided that what point-to-point data were transmitted includes the peace that safety certification, data encryption, access control, integrity differentiate Full service；Use between the network node of different safety class and be operated in the application layer protocol on network layer protocol and carry out information Alternately, the safety of application layer, based on PKI system, guarantees information file transfer, the safety shared and use by cryptographic technique, Following cipher mode is used to be encrypted specifically:

A. for network node A that safe class is n1 and network node B that safe class is n2, when A to transmit letter to B During breath MES, first being sent request by A to B, B returns Shu random number R D1 of Shu n1-n2, and B retains RD1；

Each RD1 is digitally signed by b.A by pre-assigned secret key, and produces random number corresponding to Shu n1-n2 Shu RD2；By the matrix on one Shu n1-n2 Shu × Shu n1-n2 Shu rank of RD1 and RD2 composition, utilize matrix encryption technology that information MES is carried out Encryption, is sent to B by encrypted result；Owing to the span of n1 and n2 is 1-4, easily know the net for different safety class For network node, this matrix is 3 × 3 rank matrixes to the maximum, minimum 1 × 1 matrix, and for the identical network node of safe class For, n1-n2=0, do not carry out the operation of matrix encryption；When safe class bypass the immediate leadership transmission progression the highest, Shu n1-n2 Shu get over Greatly, then the exponent number of scrambled matrix is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, AES Amount of calculation reduces accordingly, has stronger adaptivity.

C.B calls decryption function and is decrypted the information after encryption, obtains RD1 ' and information MES, is entered by RD1 and RD1 ' Row comparison match, if the match is successful, receives and retains MES, if inconsistent, MES return A or is abandoned；

(3) network security monitoring subsystem 30, is used for monitoring number of network node and network node location, and it includes perception mould Block and transport module:

Described sensing module realizes by disposing a large amount of wireless senser around network node, due to network node not Knowing self-position, described wireless senser is by accepting network node wireless signal, in conjunction with self and other sensing stations Relation, positions network node location；

(4) cloud service subsystem 40, including cloud storage module and cloud computing module:

Described cloud storage module includes publicly-owned cloud storage submodule and private cloud storage submodule, described publicly-owned storage cloud Module mainly stores network node ranked data, and its storage content external world can carry out free access, described private cloud storage submodule Block mainly stores secret key and decryption function, only can be conducted interviews by the personnel of authentication；

Described cloud computing module realizes by disposing SOA server, including publicly-owned cloud computing submodule and privately owned cloud computing Submodule, described publicly-owned cloud computing submodule provides for cloud network node safety classification subsystem and network security monitoring subsystem Calculating and support, described privately owned cloud computing submodule provides to calculate for security protection configuration subsystem and supports, and all types of user is by eventually End program obtains high in the clouds data.

In this embodiment: reduced calculating and the storage capacity at remote scheduling center by cloud network, come by fire wall Ensure the transmission safety between this locality and cloud network, ensured the safety of cloud network itself by security protection system, and set Put identity verifier thereof and mobile information acquisition end has made the user having permission can obtain equipment real time information safely；Network system System node security hierarchy system 10 uses the node importance based on minimum spanning tree to calculate, can relatively accurately, amount of calculation less Ground calculates the importance of network node, and the node in network carries out safety classification on this basis, T3=0.35, and edge saves Count not over the 37% of overall network nodes；Security protection configuration subsystem 20 to the network node of different safety class it Between information transmission use different encryption policy, and bypass the immediate leadership when safe class and transmit the highest (when Shu n1-n2 Shu is the biggest), then add Close order of matrix number is the biggest, and cryptographic security is the best, and at the same level or when bypassing the immediate leadership little, the amount of calculation phase of AES Should reduce, have stronger adaptivity；Cloud service module is set, it is possible to save memory space, improves and calculate speed, save the time Cost.

Preferably, in described network security monitoring subsystem, the concrete positioning action of network node is as follows:

With network node as the center of circle, r is that radius draws circle, and the wireless senser quantity in circle that falls is n, biography that i-th is wireless Sensor receives the signal intensity of this network node and corresponds to q_i, i=1,2 ..., n；

The position of network node (x, y) as follows:

$x=\frac{{\Σ}_{i=1}^n{q}_i{x}_i}{{\Σ}_{i=1}^n{q}_i}$

$y=\frac{{\Σ}_{i=1}^n{q}_i{y}_i}{{\Σ}_{i=1}^n{q}_i}$

Described transport module is for being transferred to cloud service subsystem 40 by the monitoring result of sensing module.

Network security monitoring subsystem is set in this embodiment, it is possible to gather network node data, accurate positioning in time.

Last it should be noted that, above example is only in order to illustrate technical scheme, rather than the present invention is protected Protecting the restriction of scope, although having made to explain to the present invention with reference to preferred embodiment, those of ordinary skill in the art should Work as understanding, technical scheme can be modified or equivalent, without deviating from the reality of technical solution of the present invention Matter and scope.

Claims (3)

1. an intelligent power equipment data handling system based on classification safety, is characterized in that, including power equipment data acquisition Collection unit, for the state parameter of power equipment is acquired, described state parameter include transformator high and low side on off state, Transformator oneself state parameter, chopper and isolation switch state parameter；

Remote scheduling center, for receiving the status of electric power parameter collected by described power equipment data acquisition unit, Data are carried out consolidation form conversion, and the information format after conversion is defined as Unified Communication form, man-machine friendship is provided simultaneously Change port；

Device identification module, provides a special mark for each equipment, will be stored into cloud by the parameter in same mark source In the corresponding storage area of Internet；

Cloud Internet, for calculating the state parameter of power equipment and store, it is assumed that its total m network node and n Bar link；

Report to the police and interlocking modules, for judging the latching relation between each power equipment according to proofing rules, and according in advance If parameters threshold values determine whether parameter transfinites, if when latching relation does not meets proofing rules or parameter-beyond-limit to Operations staff sends alarm signal；

Security protection system, for providing protection for network node and link, it include cloud network node safety classification subsystem, Security protection configuration subsystem, network security monitoring subsystem and cloud service subsystem.

A kind of intelligent power equipment data handling system based on classification safety the most according to claim 1, is characterized in that, Also including firewall box, it is connected between remote scheduling center and cloud Internet, and the data at remote scheduling center are through anti- Cloud Internet could be entered after wall with flues equipment.

A kind of intelligent power equipment data handling system based on classification safety the most according to claim 2, is characterized in that, Also including authentication module and mobile information acquisition end, the user through authentication can be remote by mobile information acquisition end Journey obtains the state parameter of relevant device in cloud network；Described mobile information acquisition end includes mobile phone, flat board IPAD and hand-held electric Brain.