CN107947357B - Power distribution automation data acquisition device and method based on safety access area - Google Patents
Power distribution automation data acquisition device and method based on safety access area Download PDFInfo
- Publication number
- CN107947357B CN107947357B CN201710981660.6A CN201710981660A CN107947357B CN 107947357 B CN107947357 B CN 107947357B CN 201710981660 A CN201710981660 A CN 201710981660A CN 107947357 B CN107947357 B CN 107947357B
- Authority
- CN
- China
- Prior art keywords
- communication server
- power distribution
- server
- isolation device
- distribution terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 230000006854 communication Effects 0.000 claims abstract description 157
- 238000004891 communication Methods 0.000 claims abstract description 156
- 238000002955 isolation Methods 0.000 claims abstract description 68
- 238000004519 manufacturing process Methods 0.000 claims abstract description 18
- 230000005540 biological transmission Effects 0.000 claims description 53
- 230000001360 synchronised effect Effects 0.000 claims description 10
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000012545 processing Methods 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 3
- 239000013307 optical fiber Substances 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 244000144992 flock Species 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000000149 penetrating effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- H02J13/0017—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a distribution automation data acquisition device and method based on a safety access area, wherein a communication server is deployed in the safety access area; downlink data of the power distribution main station reach the communication server through the forward isolation device, and the communication server sends information to the power distribution terminal through a TCP link; the uplink message of the power distribution terminal is received and processed by the communication server and then converted into a text file, the text file is sent to a front-end server of the production control area through the reverse physical isolation device, specific file processing measures are taken, the real-time requirement of the file under the condition of passing through the reverse physical isolation device is guaranteed, and cross-safety-area data acquisition of power distribution automation data is finally achieved. The power distribution data acquisition technology based on the security access area can prevent an attacker from roundly attacking a power distribution master station system of a production control large area through a power distribution terminal, and ensure the safe and stable operation of a power grid.
Description
Technical Field
The invention belongs to the technical field of telemechanical information acquisition in a distribution network automation system, and particularly relates to a distribution automation data acquisition device and method based on a safety access area.
Background
With the rapid development of medium and low voltage power distribution networks, some medium and low voltage power distribution networks without optical fiber communication conditions adopt a public network (GPRS/CDMA/TD-SCDMA/230MHz and the like) mode for communication, and partial optical fiber communication channels pass through an external control area, so that a power distribution automation system faces network attack risks from the public network or a private network, and safe and reliable power supply of a power system to users is influenced; meanwhile, as the current international security situation is changed newly, an attacker can detour and attack the main station by the way of misinformation of fault information and the like of the substation terminal, and further security threats in a wider range are caused. In order to ensure the safe and stable operation of a power grid, a power distribution main station in a production control area is isolated from a field power distribution terminal, and a safe access area is arranged to protect the safe and stable operation of the main station. In the past, the problem of cross-region data acquisition is not solved well when the cross-safety access region is transmitted, and the abnormal switching of the working condition of the power distribution terminal is caused.
Disclosure of Invention
In order to solve the problems, the invention provides a distribution automation data acquisition device and method based on a safety access area, which can prevent an attacker from roundly attacking a distribution automation master station system through a substation or a distribution terminal and protect the safe and stable operation of the master station.
The technical purpose is achieved, the technical effect is achieved, and the invention is realized through the following technical scheme:
a distribution automation data acquisition device based on a safety access area comprises a first preposed acquisition server, a second preposed acquisition server, a forward physical isolation device and a reverse physical isolation device which are arranged in a production control area, and further comprises a first communication server, a second communication server, a remote first distribution terminal and a remote second distribution terminal which are arranged in the safety access area;
the data transmission end of the first power distribution terminal is connected with the data transmission end of the first communication server; the output end of the first communication server is connected with the input end of a reverse physical isolation device, and the output end of the reverse physical isolation device is connected with the input end of a first front-mounted acquisition server to finish data uplink;
the output end of the second prepositive acquisition server is connected with the input end of the forward physical isolation device, and the output end of the forward physical isolation device is connected with the input end of the second communication server; the data transmission end of the second power distribution terminal is connected with the data transmission end of the second communication server to complete data downlink;
the data transmission end of the first preposed acquisition server is also connected with the data transmission end of the second preposed acquisition server; and the data transmission end of the first communication server is also connected with the data transmission end of the second communication server.
Furthermore, the first communication server writes the received first power distribution terminal data into a text file in the format of an E file, locks the file and transmits the file to the first front-end acquisition server through the reverse physical isolation device.
Furthermore, the second front-end server sends a downlink message of the power distribution master station, the downlink message is transmitted to the second communication server through the forward physical isolation device, and is issued to the second power distribution terminal on site by the second communication server, and the first front-end server and the second front-end server are further used for configuring various parameter configuration items of the first power distribution terminal and the second power distribution terminal, and are automatically synchronized to the first communication server and the second communication server of the security access area through the forward physical isolation device.
Furthermore, the first communication server and the second communication server are mutually hot-standby, and exchange state information at regular time, wherein when one communication server fails, the other communication server takes over all channels.
Furthermore, the first communication server and the second communication server are responsible for establishing a communication link with the power distribution terminal and support a TCP client mode, a TCP service mode and a UDP communication mode.
A power distribution automation data acquisition method based on a safety access area comprises the following steps:
(1) the method comprises the steps of building a power distribution automation data acquisition device based on a safety access area, wherein the power distribution automation data acquisition device comprises a first preposed acquisition server, a second preposed acquisition server, a forward physical isolation device and a reverse physical isolation device which are arranged in a production control area, and further comprises a first communication server, a second communication server, a first power distribution terminal and a second power distribution terminal which are arranged in the safety access area;
(2) the first power distribution terminal is in communication with the first communication server; the first communication server writes the received first power distribution terminal data into a text file in an E file format, locks the file, and transmits the file to a first preposed acquisition server through a reverse physical isolation device to realize data uplink;
(3) and the second front-end server sends a downlink message of the power distribution main station, the downlink message is transmitted to the second communication server through the forward physical isolation device, and the downlink message is issued to the second power distribution terminal on the site by the second communication server, so that data downlink is realized.
Further, a data transmission end of the first power distribution terminal is connected with a data transmission end of the first communication server; the output end of the first communication server is connected with the input end of a reverse physical isolation device, and the output end of the reverse physical isolation device is connected with the input end of a first front-mounted acquisition server; the output end of the second prepositive acquisition server is connected with the input end of the forward physical isolation device, and the output end of the forward physical isolation device is connected with the input end of the second communication server; the data transmission end of the second power distribution terminal is connected with the data transmission end of the second communication server; the data transmission end of the first preposed acquisition server is also connected with the data transmission end of the second preposed acquisition server; and the data transmission end of the first communication server is also connected with the data transmission end of the second communication server.
Further, the first front-end server and the second front-end server are used for configuring various channel parameters of the first power distribution terminal and the second power distribution terminal, and then are automatically synchronized to the first communication server and the second communication server of the security access area through the forward isolation device.
Furthermore, the first communication server and the second communication server are mutually hot-standby, and exchange state information at regular time, wherein when one communication server fails, the other communication server takes over all channels.
Furthermore, the first communication server and the second communication server are responsible for establishing a communication link with the power distribution terminal and support a TCP client mode, a TCP service mode and a UDP communication mode.
The invention has the beneficial effects that:
the invention provides a distribution automation data acquisition device and method based on a safe access area, wherein a distribution main station of a production control large area is isolated from a field distribution terminal, and the safe access area is arranged to prevent an attacker from attacking a distribution automation main station system through a substation or a distribution terminal in a roundabout manner and protect the safe and stable operation of the main station; and a special data transmission method across safety zones is adopted, so that the real-time performance and stability of data acquisition are ensured.
Drawings
Fig. 1 is a schematic structural diagram of a data acquisition method based on a security access area according to the present invention;
FIG. 2 is a downlink data flow diagram of the data acquisition method based on the security access area according to the present invention
Fig. 3 is an uplink data flow diagram of the data acquisition method based on the security access area according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The following detailed description of the principles of the invention is provided in connection with the accompanying drawings.
Example 1
As shown in fig. 1, a distribution automation data acquisition device based on a security access area includes a first pre-acquisition server (pre-acquisition server B), a second pre-acquisition server (pre-acquisition server a), a forward physical isolation device, a reverse physical isolation device, a first communication server (communication server B), a second communication server (communication server a), a first remote distribution terminal and a second remote distribution terminal, which are located in a production control area;
the data transmission end of the first power distribution terminal is connected with the data transmission end of the first communication server; the output end of the first communication server is connected with the input end of a reverse physical isolation device, and the output end of the reverse physical isolation device is connected with the input end of a first front-mounted acquisition server to finish data uplink; the concrete during operation: the first communication server writes the received first power distribution terminal data into a text file in an E file format, and in order to prevent file access conflict between the first communication server and the reverse isolation device, the file needs to be locked in the embodiment of the invention, and preferably, the transmission content is digitally encrypted by adopting a digital signature based on an RSA key pair and an electric power special encryption algorithm; the data are transmitted to a first preposed acquisition server through a reverse physical isolation device to realize data uplink;
the output end of the second prepositive acquisition server is connected with the input end of the forward physical isolation device, and the output end of the forward physical isolation device is connected with the input end of the second communication server; the data transmission end of the second power distribution terminal is connected with the data transmission end of the second communication server to complete data downlink; the concrete during operation: after the second front-end server generates a downlink message of the power distribution main station, the downlink message is directly written into a text file, the text file is transmitted to a second communication server through a forward physical isolation device by a cross-region file transmission program of a power distribution main station system platform, and the second communication server transmits the text file to a second power distribution terminal on the spot to realize data downlink;
the first preposed acquisition server and the second preposed acquisition server are also used for configuring various access parameters of a first power distribution terminal and a second power distribution terminal, the configuration information is synchronized to a first communication server and a second communication server of a safety access area through a cross-area file transmission program of a power distribution master station system platform through a forward isolation device, the configuration information of the first power distribution terminal and the second power distribution terminal can be timely synchronized to the safety access area, and the synchronization mode is divided into full information synchronization and change information synchronization; the specific synchronous operation is realized by a cross-region file transmission process of a power distribution automation master station system (collection is part of the power distribution automation master station system) platform, the configuration information required by the access power distribution terminal comprises parameters such as a channel type, a network type, an IP address and a communication port of the terminal, the data transmission ends of the first communication server and the second communication server are connected and mutually hot-standby (namely, the first communication server and the second communication server have a dual-machine hot-standby function), state information is exchanged at regular time, and when one communication server fails, the other communication server takes over all channels; in a specific embodiment of the present invention, under normal conditions, the first communication server and the second communication server each bear 50% of access tasks according to a load balancing policy, and under abnormal conditions, task handover can be performed quickly, and one communication server takes over all data acquisition tasks.
The forward isolation device in the embodiment of the invention is used for preventing a penetrating TCP connection, forbidding direct establishment of the TCP connection between an internal network application gateway and an external network application gateway, ensuring that TCP response from a low security area to a high security area forbids carrying of application data, preventing illegal access of viruses and hackers, providing a forward data communication API function interface, and facilitating the modification of secondary system security physical isolation for users. The reverse isolation device provides a digital signature based on an RSA key pair and a function of digitally encrypting by adopting a special electric power encryption algorithm, provides a matched file transmission program, realizes conversion from half-angle characters to full-angle characters through a code conversion technology for data in a text file form, ensures that the data entering an I/II area is plain text data, meets the requirement of strong filtering of a plain text E language format of transmission content, can be realized by adopting the prior art, and is not repeated in the invention.
In addition, in the embodiment of the present invention, the first communication server and the second communication server are responsible for establishing communication links with the first power distribution terminal and the second power distribution terminal, and support a TCP client mode, a TCP service mode, and a UDP communication mode.
Example 2
In this embodiment, a power distribution automation data acquisition method based on a secure access area includes the following steps:
(1) building a power distribution automation data acquisition device based on a safety access area;
the distribution automation data acquisition device based on the safety access area comprises a first preposed acquisition server, a second preposed acquisition server, a forward physical isolation device and a reverse physical isolation device which are arranged in a production control area, and further comprises a first communication server, a second communication server, a remote first distribution terminal and a remote second distribution terminal which are arranged in the safety access area;
the data transmission end of the first power distribution terminal is connected with the data transmission end of the first communication server; the output end of the first communication server is connected with the input end of a reverse physical isolation device, and the output end of the reverse physical isolation device is connected with the input end of a first front-mounted acquisition server to finish data uplink; the output end of the second prepositive acquisition server is connected with the input end of the forward physical isolation device, and the output end of the forward physical isolation device is connected with the input end of the second communication server; the data transmission end of the second power distribution terminal is connected with the data transmission end of the second communication server to complete data downlink; the first prepositive acquisition server is connected with the data transmission end of the second prepositive acquisition server; and the first communication server is connected with the data transmission end of the second communication server.
(2) The method comprises the steps that various access parameters of a first power distribution terminal and a second power distribution terminal are configured by utilizing a first preposed acquisition server and a second preposed acquisition server, configuration information is synchronized to a communication server of a safe access area through a forward isolation device by a cross-area file transmission program of a power distribution master station system platform, the relevant configuration information accessed by the first power distribution terminal and the second power distribution terminal can be timely synchronized to the safe access area, and the synchronization mode is divided into full information synchronization and variable information synchronization; the specific synchronous operation is realized by a cross-region file transmission process of a platform of a power distribution automation master station system (the collection of the cross-region file transmission process is part of the power distribution automation master station system), and the configuration information required by accessing the power distribution terminal comprises parameters such as a channel type, a network type, an IP address and a communication port of the terminal.
(3) The remote power distribution terminal cannot directly communicate with a front server of a production control area, and is a power distribution terminal in a wireless communication mode or an optical fiber communication mode, so the remote power distribution terminal firstly communicates with a communication server of a safety access area;
in the embodiment of the present invention, when data uplink is to be implemented, as shown in fig. 3, the first power distribution terminal communicates with the first communication server, and the first communication server writes the received data of the first power distribution terminal into a text file in an E file format, and transmits the data to the first pre-acquisition server through the reverse physical isolation device, so as to implement data uplink; specifically, the method comprises the following steps: after receiving a message sent by a first power distribution terminal, a communication process of a first communication server in a safety access area is normally written into a message buffer area, and a process for generating a text file is added, wherein the process is responsible for writing data in an uplink message buffer area into a temporary text file; the reverse isolation device automatically transmits the text file to a specified path of the production control area, a first preposed acquisition server in the production control area increases a file analysis process, analyzes a temporary file of an uplink message, and stores message information into a specified message buffer area; further, in the foregoing process, the application program of the first communication server in the security access area generates a text file, the reverse physical isolation device is responsible for reading and transmitting the file, when two working processes are to perform read-write operations on one file at the same time, if the file is not locked, read-write collision may be caused, the content of the file is not completely written, and the file is read and transmitted to the production control area by the isolation device, in order to solve the problem, the file is protected by using a file lock, the method is simple and easy to implement, and the specific method is as follows: locking using the Flock function: the parameter LOCK _ EX of the Flock function is used for locking the file descriptor fd, if the file descriptor fd is successful, 0 is returned, which indicates that the file is not locked yet, and the write operation can be performed on the file descriptor; if it fails, return-1, indicating that the file has been locked, is being used, and so will not be used until it is unlocked. The parameter LOCK NB of the flood function represents non-blocking. The communication server performs specific writing operation on the file after locking: after the file is processed, unlocking the file; after unlocking, the reverse isolated transfer software (which is installed on the communication server in the secure access area) can access the file.
In the embodiment of the invention, when data downlink is to be realized, the second front-end server sends out a downlink message of the power distribution main station, the downlink message is transmitted to the second communication server through the forward physical isolation device, and the second communication server sends the downlink message to the second power distribution terminal on the site to realize the data downlink. As shown in fig. 3, which is a downlink message processing flow of the power distribution terminal, the protocol program on the pre-acquisition server still writes the protocol message into the downlink message buffer; the downlink message sending program reads data from the message buffer and sends the data through the forward isolation device. And the downlink message receiving process of the second communication server of the security access area is responsible for receiving the protocol message issued by the production control area and writing the protocol message into the message buffer area of the corresponding channel.
To sum up: compared with the traditional automatic data acquisition method for power distribution, the data acquisition based on the safety access area requires a front server of the production control area to directly analyze the local data file, a communication link with a power distribution terminal is not required to be established, and the communication task with the power distribution terminal is completely taken charge of by the communication server of the safety access area.
In the embodiment of the invention, in the implementation process of the distribution automation data acquisition method based on the safety access area, a first communication server and a second communication server in the safety access area have a dual-computer hot standby function, and the two communication servers have equivalent positions and can independently provide services to the outside without the assistance of other servers; the two servers exchange respective state information at regular time, and under normal conditions, 50% of data acquisition tasks are respectively completed, and when one server fails, the other server can take over the acquisition tasks of the failed server in time.
In summary, the following steps:
the invention discloses a distribution automation data acquisition device and method based on a safety access area, wherein a communication server is deployed in the safety access area; downlink data of the power distribution main station reach the communication server through the forward isolation device, and the communication server sends information to the power distribution terminal through being linked with the TCP; the uplink message of the power distribution terminal is received and processed by the communication server and then converted into a text file, the text file is sent to a front-end server of the production control area through the reverse physical isolation device, specific file processing measures are taken, the real-time requirement of the file under the condition of passing through the reverse physical isolation device is guaranteed, and cross-safety-area data acquisition of power distribution automation data is finally achieved. The power distribution data acquisition technology based on the security access area can prevent an attacker from roundly attacking a power distribution master station system of a production control large area through a power distribution terminal, and ensure the safe and stable operation of a power grid.
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (9)
1. A distribution automation data acquisition device based on a safety access area is characterized by comprising a first preposed acquisition server, a second preposed acquisition server, a forward physical isolation device and a reverse physical isolation device which are arranged in a production control area, and further comprising a first communication server, a second communication server, a first remote distribution terminal and a second remote distribution terminal which are arranged in the safety access area;
the data transmission end of the first power distribution terminal is connected with the data transmission end of the first communication server; the output end of the first communication server is connected with the input end of a reverse physical isolation device, and the output end of the reverse physical isolation device is connected with the input end of a first front-mounted acquisition server to finish data uplink;
the output end of the second prepositive acquisition server is connected with the input end of the forward physical isolation device, and the output end of the forward physical isolation device is connected with the input end of the second communication server; the data transmission end of the second power distribution terminal is connected with the data transmission end of the second communication server to complete data downlink;
the data transmission end of the first preposed acquisition server is also connected with the data transmission end of the second preposed acquisition server;
the data transmission end of the first communication server is also connected with the data transmission end of the second communication server;
the first front-end server and the second front-end server are also used for configuring various parameter configuration items of the first power distribution terminal and the second power distribution terminal, and are automatically synchronized to the first communication server and the second communication server of the security access area through the forward isolation device.
2. The distribution automation data acquisition device based on the safety access area as claimed in claim 1, wherein: the first communication server writes the received first power distribution terminal data into a text file in an E file format, locks the file and transmits the file to the first preposed acquisition server through the reverse physical isolation device.
3. The distribution automation data acquisition device based on the safety access area as claimed in claim 1, wherein: and the second front-end server sends a downlink message of the power distribution main station, the downlink message is transmitted to the second communication server through the forward physical isolation device, and the downlink message is issued to the second power distribution terminal on the spot by the second communication server.
4. The distribution automation data acquisition device based on the safety access area as claimed in claim 1, wherein: the first communication server and the second communication server are mutually hot-standby and exchange state information at regular time, and when one communication server fails, the other communication server takes over all channels.
5. The distribution automation data acquisition device based on the safety access area as claimed in claim 1, wherein: the first communication server and the second communication server are responsible for establishing a communication link with the power distribution terminal and supporting a TCP client mode, a TCP service mode and a UDP communication mode.
6. A distribution automation data acquisition method based on a safety access area is characterized in that: the method comprises the following steps:
(1) the method comprises the steps of building a power distribution automation data acquisition device based on a safety access area, wherein the power distribution automation data acquisition device comprises a first preposed acquisition server, a second preposed acquisition server, a forward physical isolation device and a reverse physical isolation device which are arranged in a production control area, and further comprises a first communication server, a second communication server, a first power distribution terminal and a second power distribution terminal which are arranged in the safety access area;
(2) the first power distribution terminal is in communication with the first communication server; the first communication server writes the received first power distribution terminal data into a text file in an E file format, locks the file, and transmits the file to a first preposed acquisition server through a reverse physical isolation device to realize data uplink;
(3) the second front-end server sends a downlink message of the power distribution master station, the downlink message is transmitted to the second communication server through the forward physical isolation device, and the second communication server sends the downlink message to a second power distribution terminal on the site to realize data downlink;
the first front-end server and the second front-end server are also used for configuring various parameter configuration items of the first power distribution terminal and the second power distribution terminal, and are automatically synchronized to the first communication server and the second communication server of the security access area through the forward isolation device.
7. The method according to claim 6, wherein the method comprises the following steps: the data transmission end of the first power distribution terminal is connected with the data transmission end of the first communication server; the output end of the first communication server is connected with the input end of a reverse physical isolation device, and the output end of the reverse physical isolation device is connected with the input end of a first front-mounted acquisition server; the output end of the second prepositive acquisition server is connected with the input end of the forward physical isolation device, and the output end of the forward physical isolation device is connected with the input end of the second communication server; the data transmission end of the second power distribution terminal is connected with the data transmission end of the second communication server; the data transmission end of the first preposed acquisition server is also connected with the data transmission end of the second preposed acquisition server; and the data transmission end of the first communication server is also connected with the data transmission end of the second communication server.
8. The method according to claim 6, wherein the method comprises the following steps: the first communication server and the second communication server are mutually hot-standby and exchange state information at regular time, and when one communication server fails, the other communication server takes over all channels.
9. The method according to claim 6, wherein the method comprises the following steps: the first communication server and the second communication server are responsible for establishing a communication link with the power distribution terminal and supporting a TCP client mode, a TCP service mode and a UDP communication mode.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710981660.6A CN107947357B (en) | 2017-10-20 | 2017-10-20 | Power distribution automation data acquisition device and method based on safety access area |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710981660.6A CN107947357B (en) | 2017-10-20 | 2017-10-20 | Power distribution automation data acquisition device and method based on safety access area |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107947357A CN107947357A (en) | 2018-04-20 |
CN107947357B true CN107947357B (en) | 2021-07-02 |
Family
ID=61936309
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710981660.6A Active CN107947357B (en) | 2017-10-20 | 2017-10-20 | Power distribution automation data acquisition device and method based on safety access area |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107947357B (en) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108599370A (en) * | 2018-05-10 | 2018-09-28 | 国网冀北电力有限公司秦皇岛供电公司 | Power distribution automation main station apparatus and system |
CN108964264A (en) * | 2018-06-22 | 2018-12-07 | 国电南瑞科技股份有限公司 | The wireless realization of debugging method of intelligent substation site device |
CN110829600B (en) * | 2019-11-26 | 2023-10-20 | 广东电网有限责任公司 | Error control system and method based on automatic safety zone isolation interaction |
CN111431923B (en) * | 2020-04-01 | 2022-07-01 | 国电南瑞科技股份有限公司 | Data security interaction system and method across security intranet and internet |
CN111614618A (en) * | 2020-04-17 | 2020-09-01 | 国网上海能源互联网研究院有限公司 | Cross-region data transmission method and system for physical isolation device |
CN111654488B (en) * | 2020-05-27 | 2022-08-02 | 中国电力科学研究院有限公司 | Three-station-in-one transformer substation and sensing terminal information access method |
CN112422348B (en) * | 2020-11-30 | 2022-09-30 | 国网上海市电力公司 | Power information data acquisition communication system and method |
CN113094729A (en) * | 2021-04-15 | 2021-07-09 | 华电(福建)风电有限公司 | Data security access method of offshore wind power integrated system |
CN113595090B (en) * | 2021-07-30 | 2023-08-25 | 中国电力科学研究院有限公司 | Multi-element load data processing method and system crossing safety zone |
CN114069836A (en) * | 2021-09-28 | 2022-02-18 | 国网浙江省电力有限公司杭州供电公司 | Artificial intelligence-based docking method for operation and maintenance operation of distribution automation system |
CN114244719B (en) * | 2021-11-29 | 2023-11-28 | 贵州乌江水电开发有限责任公司 | Centralized control power station communication topological structure suitable for public network and application method thereof |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101562338A (en) * | 2008-04-18 | 2009-10-21 | 东莞市腾华电子技术有限公司 | Distribution network automatic system architecture |
CN102185382A (en) * | 2011-05-16 | 2011-09-14 | 广东电网公司深圳供电局 | System and method for data communication between power distribution master station system and power distribution terminal |
CN103294802A (en) * | 2013-05-30 | 2013-09-11 | 国家电网公司 | Real-time operating information monitoring method for multi-million kilowatt-level wind power base fan |
CN103595511A (en) * | 2013-10-17 | 2014-02-19 | 广东电网公司茂名供电局 | Method for transmitting data from first area to third area of internal network of electric system |
CN107018134A (en) * | 2017-04-06 | 2017-08-04 | 北京中电普华信息技术有限公司 | A kind of distribution terminal secure accessing platform and its implementation |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102986168A (en) * | 2010-08-12 | 2013-03-20 | Abb研究有限公司 | A communication method and apparatus of network management system |
-
2017
- 2017-10-20 CN CN201710981660.6A patent/CN107947357B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101562338A (en) * | 2008-04-18 | 2009-10-21 | 东莞市腾华电子技术有限公司 | Distribution network automatic system architecture |
CN102185382A (en) * | 2011-05-16 | 2011-09-14 | 广东电网公司深圳供电局 | System and method for data communication between power distribution master station system and power distribution terminal |
CN103294802A (en) * | 2013-05-30 | 2013-09-11 | 国家电网公司 | Real-time operating information monitoring method for multi-million kilowatt-level wind power base fan |
CN103595511A (en) * | 2013-10-17 | 2014-02-19 | 广东电网公司茂名供电局 | Method for transmitting data from first area to third area of internal network of electric system |
CN107018134A (en) * | 2017-04-06 | 2017-08-04 | 北京中电普华信息技术有限公司 | A kind of distribution terminal secure accessing platform and its implementation |
Also Published As
Publication number | Publication date |
---|---|
CN107947357A (en) | 2018-04-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107947357B (en) | Power distribution automation data acquisition device and method based on safety access area | |
Zhao et al. | A survey on the internet of things security | |
Cleveland | IEC TC57 security standards for the power system's information infrastructure-Beyond simple encryption | |
CN106789015B (en) | Intelligent power distribution network communication safety system | |
CN110267270B (en) | Identity authentication method for sensor terminal access edge gateway in transformer substation | |
Beasley et al. | A survey of electric power synchrophasor network cyber security | |
CN101753553B (en) | Safety isolating and message switching system and method | |
CN106992984A (en) | A kind of method of the mobile terminal safety access information Intranet based on electric power acquisition net | |
CN109995769B (en) | Multi-stage heterogeneous trans-regional full-real-time safety management and control method and system | |
CN113746632A (en) | Multi-level identity authentication method for Internet of things system | |
Zhou et al. | Efficient application of GPRS and CDMA networks in SCADA system | |
CN110855707A (en) | Internet of things communication pipeline safety control system and method | |
CN111988328A (en) | Safety guarantee method and system for acquiring terminal data of power generation unit of new energy plant station | |
Dong et al. | Blockchain-based cross-domain authentication strategy for trusted access to mobile devices in the IoT | |
Farooq et al. | MPTCP based mitigation of denial of service (DoS) attack in PMU communication networks | |
Liu et al. | Lightweight and practical node clustering authentication protocol for hierarchical wireless sensor networks | |
CN109218292A (en) | A kind of electric power networks security boundary composite defense method and system | |
Czechowski et al. | Cyber security in communication of SCADA systems using IEC 61850 | |
CN102904905A (en) | Application security proxy method and application security proxy system | |
CN110365773B (en) | Message communication method based on block chain message address | |
CN107113278B (en) | The method, apparatus and system that neighbours establish | |
CN100556027C (en) | A kind of address renewing method of IKE Network Based | |
CN212463237U (en) | Gateway for controlling access to Internet of things based on block chain | |
Yan et al. | Design and Application of Security Gateway for Transmission Line Panoramic Monitoring Platform based on Microservice Architecture | |
CN114531266A (en) | Power distribution network data protection system and method based on intermediate database |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |