CN107947357B - Power distribution automation data acquisition device and method based on safety access area - Google Patents

Power distribution automation data acquisition device and method based on safety access area Download PDF

Info

Publication number
CN107947357B
CN107947357B CN201710981660.6A CN201710981660A CN107947357B CN 107947357 B CN107947357 B CN 107947357B CN 201710981660 A CN201710981660 A CN 201710981660A CN 107947357 B CN107947357 B CN 107947357B
Authority
CN
China
Prior art keywords
communication server
power distribution
server
isolation device
distribution terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710981660.6A
Other languages
Chinese (zh)
Other versions
CN107947357A (en
Inventor
武会超
陈宁
尹协文
张留留
谭志军
葛文林
王军
孟勇亮
孙世明
苏标龙
刘海涛
栾文鹏
吕广宪
王鹏
邵学俭
陈蕾
苏毅方
郑伟彦
徐重酉
戴晓红
韩寅峰
夏陈喆
莫金龙
孙勇
李建修
邵志敏
张世栋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NANJING NANRUI GROUP CO
State Grid Corp of China SGCC
State Grid Zhejiang Electric Power Co Ltd
China Electric Power Research Institute Co Ltd CEPRI
State Grid Shandong Electric Power Co Ltd
Nari Technology Co Ltd
NARI Nanjing Control System Co Ltd
Original Assignee
NANJING NANRUI GROUP CO
State Grid Corp of China SGCC
State Grid Zhejiang Electric Power Co Ltd
China Electric Power Research Institute Co Ltd CEPRI
State Grid Shandong Electric Power Co Ltd
Nari Technology Co Ltd
NARI Nanjing Control System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NANJING NANRUI GROUP CO, State Grid Corp of China SGCC, State Grid Zhejiang Electric Power Co Ltd, China Electric Power Research Institute Co Ltd CEPRI, State Grid Shandong Electric Power Co Ltd, Nari Technology Co Ltd, NARI Nanjing Control System Co Ltd filed Critical NANJING NANRUI GROUP CO
Priority to CN201710981660.6A priority Critical patent/CN107947357B/en
Publication of CN107947357A publication Critical patent/CN107947357A/en
Application granted granted Critical
Publication of CN107947357B publication Critical patent/CN107947357B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • H02J13/0017
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a distribution automation data acquisition device and method based on a safety access area, wherein a communication server is deployed in the safety access area; downlink data of the power distribution main station reach the communication server through the forward isolation device, and the communication server sends information to the power distribution terminal through a TCP link; the uplink message of the power distribution terminal is received and processed by the communication server and then converted into a text file, the text file is sent to a front-end server of the production control area through the reverse physical isolation device, specific file processing measures are taken, the real-time requirement of the file under the condition of passing through the reverse physical isolation device is guaranteed, and cross-safety-area data acquisition of power distribution automation data is finally achieved. The power distribution data acquisition technology based on the security access area can prevent an attacker from roundly attacking a power distribution master station system of a production control large area through a power distribution terminal, and ensure the safe and stable operation of a power grid.

Description

Power distribution automation data acquisition device and method based on safety access area
Technical Field
The invention belongs to the technical field of telemechanical information acquisition in a distribution network automation system, and particularly relates to a distribution automation data acquisition device and method based on a safety access area.
Background
With the rapid development of medium and low voltage power distribution networks, some medium and low voltage power distribution networks without optical fiber communication conditions adopt a public network (GPRS/CDMA/TD-SCDMA/230MHz and the like) mode for communication, and partial optical fiber communication channels pass through an external control area, so that a power distribution automation system faces network attack risks from the public network or a private network, and safe and reliable power supply of a power system to users is influenced; meanwhile, as the current international security situation is changed newly, an attacker can detour and attack the main station by the way of misinformation of fault information and the like of the substation terminal, and further security threats in a wider range are caused. In order to ensure the safe and stable operation of a power grid, a power distribution main station in a production control area is isolated from a field power distribution terminal, and a safe access area is arranged to protect the safe and stable operation of the main station. In the past, the problem of cross-region data acquisition is not solved well when the cross-safety access region is transmitted, and the abnormal switching of the working condition of the power distribution terminal is caused.
Disclosure of Invention
In order to solve the problems, the invention provides a distribution automation data acquisition device and method based on a safety access area, which can prevent an attacker from roundly attacking a distribution automation master station system through a substation or a distribution terminal and protect the safe and stable operation of the master station.
The technical purpose is achieved, the technical effect is achieved, and the invention is realized through the following technical scheme:
a distribution automation data acquisition device based on a safety access area comprises a first preposed acquisition server, a second preposed acquisition server, a forward physical isolation device and a reverse physical isolation device which are arranged in a production control area, and further comprises a first communication server, a second communication server, a remote first distribution terminal and a remote second distribution terminal which are arranged in the safety access area;
the data transmission end of the first power distribution terminal is connected with the data transmission end of the first communication server; the output end of the first communication server is connected with the input end of a reverse physical isolation device, and the output end of the reverse physical isolation device is connected with the input end of a first front-mounted acquisition server to finish data uplink;
the output end of the second prepositive acquisition server is connected with the input end of the forward physical isolation device, and the output end of the forward physical isolation device is connected with the input end of the second communication server; the data transmission end of the second power distribution terminal is connected with the data transmission end of the second communication server to complete data downlink;
the data transmission end of the first preposed acquisition server is also connected with the data transmission end of the second preposed acquisition server; and the data transmission end of the first communication server is also connected with the data transmission end of the second communication server.
Furthermore, the first communication server writes the received first power distribution terminal data into a text file in the format of an E file, locks the file and transmits the file to the first front-end acquisition server through the reverse physical isolation device.
Furthermore, the second front-end server sends a downlink message of the power distribution master station, the downlink message is transmitted to the second communication server through the forward physical isolation device, and is issued to the second power distribution terminal on site by the second communication server, and the first front-end server and the second front-end server are further used for configuring various parameter configuration items of the first power distribution terminal and the second power distribution terminal, and are automatically synchronized to the first communication server and the second communication server of the security access area through the forward physical isolation device.
Furthermore, the first communication server and the second communication server are mutually hot-standby, and exchange state information at regular time, wherein when one communication server fails, the other communication server takes over all channels.
Furthermore, the first communication server and the second communication server are responsible for establishing a communication link with the power distribution terminal and support a TCP client mode, a TCP service mode and a UDP communication mode.
A power distribution automation data acquisition method based on a safety access area comprises the following steps:
(1) the method comprises the steps of building a power distribution automation data acquisition device based on a safety access area, wherein the power distribution automation data acquisition device comprises a first preposed acquisition server, a second preposed acquisition server, a forward physical isolation device and a reverse physical isolation device which are arranged in a production control area, and further comprises a first communication server, a second communication server, a first power distribution terminal and a second power distribution terminal which are arranged in the safety access area;
(2) the first power distribution terminal is in communication with the first communication server; the first communication server writes the received first power distribution terminal data into a text file in an E file format, locks the file, and transmits the file to a first preposed acquisition server through a reverse physical isolation device to realize data uplink;
(3) and the second front-end server sends a downlink message of the power distribution main station, the downlink message is transmitted to the second communication server through the forward physical isolation device, and the downlink message is issued to the second power distribution terminal on the site by the second communication server, so that data downlink is realized.
Further, a data transmission end of the first power distribution terminal is connected with a data transmission end of the first communication server; the output end of the first communication server is connected with the input end of a reverse physical isolation device, and the output end of the reverse physical isolation device is connected with the input end of a first front-mounted acquisition server; the output end of the second prepositive acquisition server is connected with the input end of the forward physical isolation device, and the output end of the forward physical isolation device is connected with the input end of the second communication server; the data transmission end of the second power distribution terminal is connected with the data transmission end of the second communication server; the data transmission end of the first preposed acquisition server is also connected with the data transmission end of the second preposed acquisition server; and the data transmission end of the first communication server is also connected with the data transmission end of the second communication server.
Further, the first front-end server and the second front-end server are used for configuring various channel parameters of the first power distribution terminal and the second power distribution terminal, and then are automatically synchronized to the first communication server and the second communication server of the security access area through the forward isolation device.
Furthermore, the first communication server and the second communication server are mutually hot-standby, and exchange state information at regular time, wherein when one communication server fails, the other communication server takes over all channels.
Furthermore, the first communication server and the second communication server are responsible for establishing a communication link with the power distribution terminal and support a TCP client mode, a TCP service mode and a UDP communication mode.
The invention has the beneficial effects that:
the invention provides a distribution automation data acquisition device and method based on a safe access area, wherein a distribution main station of a production control large area is isolated from a field distribution terminal, and the safe access area is arranged to prevent an attacker from attacking a distribution automation main station system through a substation or a distribution terminal in a roundabout manner and protect the safe and stable operation of the main station; and a special data transmission method across safety zones is adopted, so that the real-time performance and stability of data acquisition are ensured.
Drawings
Fig. 1 is a schematic structural diagram of a data acquisition method based on a security access area according to the present invention;
FIG. 2 is a downlink data flow diagram of the data acquisition method based on the security access area according to the present invention
Fig. 3 is an uplink data flow diagram of the data acquisition method based on the security access area according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The following detailed description of the principles of the invention is provided in connection with the accompanying drawings.
Example 1
As shown in fig. 1, a distribution automation data acquisition device based on a security access area includes a first pre-acquisition server (pre-acquisition server B), a second pre-acquisition server (pre-acquisition server a), a forward physical isolation device, a reverse physical isolation device, a first communication server (communication server B), a second communication server (communication server a), a first remote distribution terminal and a second remote distribution terminal, which are located in a production control area;
the data transmission end of the first power distribution terminal is connected with the data transmission end of the first communication server; the output end of the first communication server is connected with the input end of a reverse physical isolation device, and the output end of the reverse physical isolation device is connected with the input end of a first front-mounted acquisition server to finish data uplink; the concrete during operation: the first communication server writes the received first power distribution terminal data into a text file in an E file format, and in order to prevent file access conflict between the first communication server and the reverse isolation device, the file needs to be locked in the embodiment of the invention, and preferably, the transmission content is digitally encrypted by adopting a digital signature based on an RSA key pair and an electric power special encryption algorithm; the data are transmitted to a first preposed acquisition server through a reverse physical isolation device to realize data uplink;
the output end of the second prepositive acquisition server is connected with the input end of the forward physical isolation device, and the output end of the forward physical isolation device is connected with the input end of the second communication server; the data transmission end of the second power distribution terminal is connected with the data transmission end of the second communication server to complete data downlink; the concrete during operation: after the second front-end server generates a downlink message of the power distribution main station, the downlink message is directly written into a text file, the text file is transmitted to a second communication server through a forward physical isolation device by a cross-region file transmission program of a power distribution main station system platform, and the second communication server transmits the text file to a second power distribution terminal on the spot to realize data downlink;
the first preposed acquisition server and the second preposed acquisition server are also used for configuring various access parameters of a first power distribution terminal and a second power distribution terminal, the configuration information is synchronized to a first communication server and a second communication server of a safety access area through a cross-area file transmission program of a power distribution master station system platform through a forward isolation device, the configuration information of the first power distribution terminal and the second power distribution terminal can be timely synchronized to the safety access area, and the synchronization mode is divided into full information synchronization and change information synchronization; the specific synchronous operation is realized by a cross-region file transmission process of a power distribution automation master station system (collection is part of the power distribution automation master station system) platform, the configuration information required by the access power distribution terminal comprises parameters such as a channel type, a network type, an IP address and a communication port of the terminal, the data transmission ends of the first communication server and the second communication server are connected and mutually hot-standby (namely, the first communication server and the second communication server have a dual-machine hot-standby function), state information is exchanged at regular time, and when one communication server fails, the other communication server takes over all channels; in a specific embodiment of the present invention, under normal conditions, the first communication server and the second communication server each bear 50% of access tasks according to a load balancing policy, and under abnormal conditions, task handover can be performed quickly, and one communication server takes over all data acquisition tasks.
The forward isolation device in the embodiment of the invention is used for preventing a penetrating TCP connection, forbidding direct establishment of the TCP connection between an internal network application gateway and an external network application gateway, ensuring that TCP response from a low security area to a high security area forbids carrying of application data, preventing illegal access of viruses and hackers, providing a forward data communication API function interface, and facilitating the modification of secondary system security physical isolation for users. The reverse isolation device provides a digital signature based on an RSA key pair and a function of digitally encrypting by adopting a special electric power encryption algorithm, provides a matched file transmission program, realizes conversion from half-angle characters to full-angle characters through a code conversion technology for data in a text file form, ensures that the data entering an I/II area is plain text data, meets the requirement of strong filtering of a plain text E language format of transmission content, can be realized by adopting the prior art, and is not repeated in the invention.
In addition, in the embodiment of the present invention, the first communication server and the second communication server are responsible for establishing communication links with the first power distribution terminal and the second power distribution terminal, and support a TCP client mode, a TCP service mode, and a UDP communication mode.
Example 2
In this embodiment, a power distribution automation data acquisition method based on a secure access area includes the following steps:
(1) building a power distribution automation data acquisition device based on a safety access area;
the distribution automation data acquisition device based on the safety access area comprises a first preposed acquisition server, a second preposed acquisition server, a forward physical isolation device and a reverse physical isolation device which are arranged in a production control area, and further comprises a first communication server, a second communication server, a remote first distribution terminal and a remote second distribution terminal which are arranged in the safety access area;
the data transmission end of the first power distribution terminal is connected with the data transmission end of the first communication server; the output end of the first communication server is connected with the input end of a reverse physical isolation device, and the output end of the reverse physical isolation device is connected with the input end of a first front-mounted acquisition server to finish data uplink; the output end of the second prepositive acquisition server is connected with the input end of the forward physical isolation device, and the output end of the forward physical isolation device is connected with the input end of the second communication server; the data transmission end of the second power distribution terminal is connected with the data transmission end of the second communication server to complete data downlink; the first prepositive acquisition server is connected with the data transmission end of the second prepositive acquisition server; and the first communication server is connected with the data transmission end of the second communication server.
(2) The method comprises the steps that various access parameters of a first power distribution terminal and a second power distribution terminal are configured by utilizing a first preposed acquisition server and a second preposed acquisition server, configuration information is synchronized to a communication server of a safe access area through a forward isolation device by a cross-area file transmission program of a power distribution master station system platform, the relevant configuration information accessed by the first power distribution terminal and the second power distribution terminal can be timely synchronized to the safe access area, and the synchronization mode is divided into full information synchronization and variable information synchronization; the specific synchronous operation is realized by a cross-region file transmission process of a platform of a power distribution automation master station system (the collection of the cross-region file transmission process is part of the power distribution automation master station system), and the configuration information required by accessing the power distribution terminal comprises parameters such as a channel type, a network type, an IP address and a communication port of the terminal.
(3) The remote power distribution terminal cannot directly communicate with a front server of a production control area, and is a power distribution terminal in a wireless communication mode or an optical fiber communication mode, so the remote power distribution terminal firstly communicates with a communication server of a safety access area;
in the embodiment of the present invention, when data uplink is to be implemented, as shown in fig. 3, the first power distribution terminal communicates with the first communication server, and the first communication server writes the received data of the first power distribution terminal into a text file in an E file format, and transmits the data to the first pre-acquisition server through the reverse physical isolation device, so as to implement data uplink; specifically, the method comprises the following steps: after receiving a message sent by a first power distribution terminal, a communication process of a first communication server in a safety access area is normally written into a message buffer area, and a process for generating a text file is added, wherein the process is responsible for writing data in an uplink message buffer area into a temporary text file; the reverse isolation device automatically transmits the text file to a specified path of the production control area, a first preposed acquisition server in the production control area increases a file analysis process, analyzes a temporary file of an uplink message, and stores message information into a specified message buffer area; further, in the foregoing process, the application program of the first communication server in the security access area generates a text file, the reverse physical isolation device is responsible for reading and transmitting the file, when two working processes are to perform read-write operations on one file at the same time, if the file is not locked, read-write collision may be caused, the content of the file is not completely written, and the file is read and transmitted to the production control area by the isolation device, in order to solve the problem, the file is protected by using a file lock, the method is simple and easy to implement, and the specific method is as follows: locking using the Flock function: the parameter LOCK _ EX of the Flock function is used for locking the file descriptor fd, if the file descriptor fd is successful, 0 is returned, which indicates that the file is not locked yet, and the write operation can be performed on the file descriptor; if it fails, return-1, indicating that the file has been locked, is being used, and so will not be used until it is unlocked. The parameter LOCK NB of the flood function represents non-blocking. The communication server performs specific writing operation on the file after locking: after the file is processed, unlocking the file; after unlocking, the reverse isolated transfer software (which is installed on the communication server in the secure access area) can access the file.
In the embodiment of the invention, when data downlink is to be realized, the second front-end server sends out a downlink message of the power distribution main station, the downlink message is transmitted to the second communication server through the forward physical isolation device, and the second communication server sends the downlink message to the second power distribution terminal on the site to realize the data downlink. As shown in fig. 3, which is a downlink message processing flow of the power distribution terminal, the protocol program on the pre-acquisition server still writes the protocol message into the downlink message buffer; the downlink message sending program reads data from the message buffer and sends the data through the forward isolation device. And the downlink message receiving process of the second communication server of the security access area is responsible for receiving the protocol message issued by the production control area and writing the protocol message into the message buffer area of the corresponding channel.
To sum up: compared with the traditional automatic data acquisition method for power distribution, the data acquisition based on the safety access area requires a front server of the production control area to directly analyze the local data file, a communication link with a power distribution terminal is not required to be established, and the communication task with the power distribution terminal is completely taken charge of by the communication server of the safety access area.
In the embodiment of the invention, in the implementation process of the distribution automation data acquisition method based on the safety access area, a first communication server and a second communication server in the safety access area have a dual-computer hot standby function, and the two communication servers have equivalent positions and can independently provide services to the outside without the assistance of other servers; the two servers exchange respective state information at regular time, and under normal conditions, 50% of data acquisition tasks are respectively completed, and when one server fails, the other server can take over the acquisition tasks of the failed server in time.
In summary, the following steps:
the invention discloses a distribution automation data acquisition device and method based on a safety access area, wherein a communication server is deployed in the safety access area; downlink data of the power distribution main station reach the communication server through the forward isolation device, and the communication server sends information to the power distribution terminal through being linked with the TCP; the uplink message of the power distribution terminal is received and processed by the communication server and then converted into a text file, the text file is sent to a front-end server of the production control area through the reverse physical isolation device, specific file processing measures are taken, the real-time requirement of the file under the condition of passing through the reverse physical isolation device is guaranteed, and cross-safety-area data acquisition of power distribution automation data is finally achieved. The power distribution data acquisition technology based on the security access area can prevent an attacker from roundly attacking a power distribution master station system of a production control large area through a power distribution terminal, and ensure the safe and stable operation of a power grid.
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims (9)

1. A distribution automation data acquisition device based on a safety access area is characterized by comprising a first preposed acquisition server, a second preposed acquisition server, a forward physical isolation device and a reverse physical isolation device which are arranged in a production control area, and further comprising a first communication server, a second communication server, a first remote distribution terminal and a second remote distribution terminal which are arranged in the safety access area;
the data transmission end of the first power distribution terminal is connected with the data transmission end of the first communication server; the output end of the first communication server is connected with the input end of a reverse physical isolation device, and the output end of the reverse physical isolation device is connected with the input end of a first front-mounted acquisition server to finish data uplink;
the output end of the second prepositive acquisition server is connected with the input end of the forward physical isolation device, and the output end of the forward physical isolation device is connected with the input end of the second communication server; the data transmission end of the second power distribution terminal is connected with the data transmission end of the second communication server to complete data downlink;
the data transmission end of the first preposed acquisition server is also connected with the data transmission end of the second preposed acquisition server;
the data transmission end of the first communication server is also connected with the data transmission end of the second communication server;
the first front-end server and the second front-end server are also used for configuring various parameter configuration items of the first power distribution terminal and the second power distribution terminal, and are automatically synchronized to the first communication server and the second communication server of the security access area through the forward isolation device.
2. The distribution automation data acquisition device based on the safety access area as claimed in claim 1, wherein: the first communication server writes the received first power distribution terminal data into a text file in an E file format, locks the file and transmits the file to the first preposed acquisition server through the reverse physical isolation device.
3. The distribution automation data acquisition device based on the safety access area as claimed in claim 1, wherein: and the second front-end server sends a downlink message of the power distribution main station, the downlink message is transmitted to the second communication server through the forward physical isolation device, and the downlink message is issued to the second power distribution terminal on the spot by the second communication server.
4. The distribution automation data acquisition device based on the safety access area as claimed in claim 1, wherein: the first communication server and the second communication server are mutually hot-standby and exchange state information at regular time, and when one communication server fails, the other communication server takes over all channels.
5. The distribution automation data acquisition device based on the safety access area as claimed in claim 1, wherein: the first communication server and the second communication server are responsible for establishing a communication link with the power distribution terminal and supporting a TCP client mode, a TCP service mode and a UDP communication mode.
6. A distribution automation data acquisition method based on a safety access area is characterized in that: the method comprises the following steps:
(1) the method comprises the steps of building a power distribution automation data acquisition device based on a safety access area, wherein the power distribution automation data acquisition device comprises a first preposed acquisition server, a second preposed acquisition server, a forward physical isolation device and a reverse physical isolation device which are arranged in a production control area, and further comprises a first communication server, a second communication server, a first power distribution terminal and a second power distribution terminal which are arranged in the safety access area;
(2) the first power distribution terminal is in communication with the first communication server; the first communication server writes the received first power distribution terminal data into a text file in an E file format, locks the file, and transmits the file to a first preposed acquisition server through a reverse physical isolation device to realize data uplink;
(3) the second front-end server sends a downlink message of the power distribution master station, the downlink message is transmitted to the second communication server through the forward physical isolation device, and the second communication server sends the downlink message to a second power distribution terminal on the site to realize data downlink;
the first front-end server and the second front-end server are also used for configuring various parameter configuration items of the first power distribution terminal and the second power distribution terminal, and are automatically synchronized to the first communication server and the second communication server of the security access area through the forward isolation device.
7. The method according to claim 6, wherein the method comprises the following steps: the data transmission end of the first power distribution terminal is connected with the data transmission end of the first communication server; the output end of the first communication server is connected with the input end of a reverse physical isolation device, and the output end of the reverse physical isolation device is connected with the input end of a first front-mounted acquisition server; the output end of the second prepositive acquisition server is connected with the input end of the forward physical isolation device, and the output end of the forward physical isolation device is connected with the input end of the second communication server; the data transmission end of the second power distribution terminal is connected with the data transmission end of the second communication server; the data transmission end of the first preposed acquisition server is also connected with the data transmission end of the second preposed acquisition server; and the data transmission end of the first communication server is also connected with the data transmission end of the second communication server.
8. The method according to claim 6, wherein the method comprises the following steps: the first communication server and the second communication server are mutually hot-standby and exchange state information at regular time, and when one communication server fails, the other communication server takes over all channels.
9. The method according to claim 6, wherein the method comprises the following steps: the first communication server and the second communication server are responsible for establishing a communication link with the power distribution terminal and supporting a TCP client mode, a TCP service mode and a UDP communication mode.
CN201710981660.6A 2017-10-20 2017-10-20 Power distribution automation data acquisition device and method based on safety access area Active CN107947357B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710981660.6A CN107947357B (en) 2017-10-20 2017-10-20 Power distribution automation data acquisition device and method based on safety access area

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710981660.6A CN107947357B (en) 2017-10-20 2017-10-20 Power distribution automation data acquisition device and method based on safety access area

Publications (2)

Publication Number Publication Date
CN107947357A CN107947357A (en) 2018-04-20
CN107947357B true CN107947357B (en) 2021-07-02

Family

ID=61936309

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710981660.6A Active CN107947357B (en) 2017-10-20 2017-10-20 Power distribution automation data acquisition device and method based on safety access area

Country Status (1)

Country Link
CN (1) CN107947357B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108599370A (en) * 2018-05-10 2018-09-28 国网冀北电力有限公司秦皇岛供电公司 Power distribution automation main station apparatus and system
CN108964264A (en) * 2018-06-22 2018-12-07 国电南瑞科技股份有限公司 The wireless realization of debugging method of intelligent substation site device
CN110829600B (en) * 2019-11-26 2023-10-20 广东电网有限责任公司 Error control system and method based on automatic safety zone isolation interaction
CN111431923B (en) * 2020-04-01 2022-07-01 国电南瑞科技股份有限公司 Data security interaction system and method across security intranet and internet
CN111614618A (en) * 2020-04-17 2020-09-01 国网上海能源互联网研究院有限公司 Cross-region data transmission method and system for physical isolation device
CN111654488B (en) * 2020-05-27 2022-08-02 中国电力科学研究院有限公司 Three-station-in-one transformer substation and sensing terminal information access method
CN112422348B (en) * 2020-11-30 2022-09-30 国网上海市电力公司 Power information data acquisition communication system and method
CN113094729A (en) * 2021-04-15 2021-07-09 华电(福建)风电有限公司 Data security access method of offshore wind power integrated system
CN113595090B (en) * 2021-07-30 2023-08-25 中国电力科学研究院有限公司 Multi-element load data processing method and system crossing safety zone
CN114069836A (en) * 2021-09-28 2022-02-18 国网浙江省电力有限公司杭州供电公司 Artificial intelligence-based docking method for operation and maintenance operation of distribution automation system
CN114244719B (en) * 2021-11-29 2023-11-28 贵州乌江水电开发有限责任公司 Centralized control power station communication topological structure suitable for public network and application method thereof

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101562338A (en) * 2008-04-18 2009-10-21 东莞市腾华电子技术有限公司 Distribution network automatic system architecture
CN102185382A (en) * 2011-05-16 2011-09-14 广东电网公司深圳供电局 System and method for data communication between power distribution master station system and power distribution terminal
CN103294802A (en) * 2013-05-30 2013-09-11 国家电网公司 Real-time operating information monitoring method for multi-million kilowatt-level wind power base fan
CN103595511A (en) * 2013-10-17 2014-02-19 广东电网公司茂名供电局 Method for transmitting data from first area to third area of internal network of electric system
CN107018134A (en) * 2017-04-06 2017-08-04 北京中电普华信息技术有限公司 A kind of distribution terminal secure accessing platform and its implementation

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102986168A (en) * 2010-08-12 2013-03-20 Abb研究有限公司 A communication method and apparatus of network management system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101562338A (en) * 2008-04-18 2009-10-21 东莞市腾华电子技术有限公司 Distribution network automatic system architecture
CN102185382A (en) * 2011-05-16 2011-09-14 广东电网公司深圳供电局 System and method for data communication between power distribution master station system and power distribution terminal
CN103294802A (en) * 2013-05-30 2013-09-11 国家电网公司 Real-time operating information monitoring method for multi-million kilowatt-level wind power base fan
CN103595511A (en) * 2013-10-17 2014-02-19 广东电网公司茂名供电局 Method for transmitting data from first area to third area of internal network of electric system
CN107018134A (en) * 2017-04-06 2017-08-04 北京中电普华信息技术有限公司 A kind of distribution terminal secure accessing platform and its implementation

Also Published As

Publication number Publication date
CN107947357A (en) 2018-04-20

Similar Documents

Publication Publication Date Title
CN107947357B (en) Power distribution automation data acquisition device and method based on safety access area
Zhao et al. A survey on the internet of things security
Cleveland IEC TC57 security standards for the power system's information infrastructure-Beyond simple encryption
CN106789015B (en) Intelligent power distribution network communication safety system
CN110267270B (en) Identity authentication method for sensor terminal access edge gateway in transformer substation
Beasley et al. A survey of electric power synchrophasor network cyber security
CN101753553B (en) Safety isolating and message switching system and method
CN106992984A (en) A kind of method of the mobile terminal safety access information Intranet based on electric power acquisition net
CN109995769B (en) Multi-stage heterogeneous trans-regional full-real-time safety management and control method and system
CN113746632A (en) Multi-level identity authentication method for Internet of things system
Zhou et al. Efficient application of GPRS and CDMA networks in SCADA system
CN110855707A (en) Internet of things communication pipeline safety control system and method
CN111988328A (en) Safety guarantee method and system for acquiring terminal data of power generation unit of new energy plant station
Dong et al. Blockchain-based cross-domain authentication strategy for trusted access to mobile devices in the IoT
Farooq et al. MPTCP based mitigation of denial of service (DoS) attack in PMU communication networks
Liu et al. Lightweight and practical node clustering authentication protocol for hierarchical wireless sensor networks
CN109218292A (en) A kind of electric power networks security boundary composite defense method and system
Czechowski et al. Cyber security in communication of SCADA systems using IEC 61850
CN102904905A (en) Application security proxy method and application security proxy system
CN110365773B (en) Message communication method based on block chain message address
CN107113278B (en) The method, apparatus and system that neighbours establish
CN100556027C (en) A kind of address renewing method of IKE Network Based
CN212463237U (en) Gateway for controlling access to Internet of things based on block chain
Yan et al. Design and Application of Security Gateway for Transmission Line Panoramic Monitoring Platform based on Microservice Architecture
CN114531266A (en) Power distribution network data protection system and method based on intermediate database

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant