CN108306853A - A kind of intelligent data acquisition unit that supporting block chain and IOT wireless telecommunications and encryption communication method - Google Patents

A kind of intelligent data acquisition unit that supporting block chain and IOT wireless telecommunications and encryption communication method Download PDF

Info

Publication number
CN108306853A
CN108306853A CN201711330910.6A CN201711330910A CN108306853A CN 108306853 A CN108306853 A CN 108306853A CN 201711330910 A CN201711330910 A CN 201711330910A CN 108306853 A CN108306853 A CN 108306853A
Authority
CN
China
Prior art keywords
data acquisition
module
acquisition unit
intelligent data
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201711330910.6A
Other languages
Chinese (zh)
Inventor
徐天
许常娜
李思维
谢娇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hui Bao Intelligent Technology (shanghai) Co Ltd
Original Assignee
Hui Bao Intelligent Technology (shanghai) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hui Bao Intelligent Technology (shanghai) Co Ltd filed Critical Hui Bao Intelligent Technology (shanghai) Co Ltd
Priority to CN201711330910.6A priority Critical patent/CN108306853A/en
Publication of CN108306853A publication Critical patent/CN108306853A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of intelligent data acquisition unit for supporting block chain and IOT wireless telecommunications and encryption communication methods, it is controlled by information security module and authentication is encrypted between intelligent data acquisition unit and the safe access gateway of public network, and carries out encrypted data transmission and verification;Described information security module controls intelligent data acquisition unit and carries out chain type Info-Defense.This programme can greatly improve the safety using convenience and data transmission of intelligent data acquisition unit.

Description

It is a kind of to support the intelligent data acquisition unit of block chain and IOT wireless telecommunications and encryption logical Communication method
Technical field
The present invention relates to smart grid security technologies, and in particular to intelligent data acquisition art scheme in intelligent grid.
Background technology
Intelligent grid has information-based, automation, interactive feature, cover power generation, transmission of electricity, power transformation, distribution, electricity consumption, The engineering fields such as scheduling, information, communication, transannular section and Integrated Demonstration, have " network is wider, interaction is more, technology innovation, User is more general " the features such as, face new Information Security Risk, it is necessary to ensure that strong intelligent grid operation system safety and stability fortune Row.Occurs the intelligent measurement and control Terminal Type equipment of substantial amounts, the information security wind faced in intelligent grid process of construction The risk category that the more traditional power grid in danger faces is more, and range bigger, level is more deep, the more complicated access ring of intelligent grid Border, flexible and varied access way, the intelligent access terminal of substantial amounts are safe, credible, controllable to information network and system Access propose new requirement.
Detection and control terminal is communicated using Ethernet, ethernet passive optical network, wireless public network (GPRS, 3G, TDCDMA etc.) System in, how to ensure system front server and to stress the authenticity of terminal network identity, how to protect communication data Privacy, integrality and non repudiation, how in the case where not changing System Network Architecture and seldom changing system settings Realize that safety is the project for needing to further investigate.First gate of the authentication as network security, it can be ensured that legal survey Control terminal can just carry out data transmission with legal front server, be the basis of entire information security, identity identifying technology An importance of network security research is had become, it plays vital work to the internet security of the Internet, applications With.
It is that information security issue most has on a large scale, under open network environment for solution generally acknowledged at present based on PKI systems Effect means, by playing the part of the public authorized organization role of third party, the letter for making both sides be able to confirm that mutual identity and be exchanged Breath.PKI systems public-key technology is combined with other encryption technologies, so that it may be suitable for the safe new demand of network application to develop Double strong factor authentications, the data integrity of digital signature and digital envelope, data security and transaction non-repudiation mechanism.Therefore The security solution based on PKI technologies is established, is one kind selection very well for carrying out authentication.
However in the prior art, it needs to match Secure Access Modules and safe access gateway, establishes escape way, Realize authentication, identification etc..But Secure Access Modules do not have acquisition and the forwarding capability of data, and do not have online Function, it is necessary to which being equipped with others DTU equipment could surf the Internet, and be communicated (referring to Fig. 1) with safe access gateway.
The prior art is in use, need data collector, terminal AM access module (i.e. corresponding secure accessing mould as a result, Block), DTU and power supply etc., matching component is more, and cost is higher, and practical application is inconvenient.
Invention content
The problems of for the above-mentioned prior art, need a kind of new and safe intelligent grid data to acquire and pass Transmission scheme.
For this purpose, problem to be solved by this invention is to provide a kind of intelligent data for supporting block chain and IOT wireless telecommunications Collector, and corresponding encryption communication method accordingly.
To solve the above-mentioned problems, the intelligent data acquisition unit provided by the invention for supporting block chain and IOT wireless telecommunications, Integrated information security module in the intelligent data acquisition unit, described information security module control intelligent data acquisition unit and public network Safe access gateway between authentication is encrypted, and carry out encrypted data transmission and verification;Described information security module It controls intelligent data acquisition unit and carries out chain type Info-Defense.
Further, the day that described information security module is generated intelligent data acquisition unit operation using chain type book keeping operation mode Will information-distribution type is stored in each node in intelligent data acquisition unit application system.
Further, described information security module includes encryption unit and chain type Info-Defense unit;The encryption is single The SM1 algorithms of data encryption are used for transmission in member, for the SM2 algorithms of bidirectional identity authentication and for data integrity validation SM3 algorithms.
Further, the chain type Info-Defense unit is directed to the log information that system generates, and comes according to following formula true Surely coefficient is selected, and optimal logger server is selected from intelligent data acquisition unit application system based on the selection coefficient To record the log information;
H=S*8+M*1.75-T*3.2;
Wherein, H is server selection coefficient, and T is the operating lag of server, and S is server storage capacity, and M is service Device bandwidth.
Further, the intelligent data acquisition unit includes:
Data acquisition module, the data acquisition module and nucleus module data connection, are used for data acquisition;
Wireless module, the wireless module and nucleus module data connection, for carrying out wireless data transmission;
Information security module, described information security module and nucleus module data connection, carry out the encrypted transmission of data with And log information secure storage;
Nucleus module, the nucleus module is main control module, with data acquisition module, wireless module, encrypting module, electricity Source module is connected, and coordinates cooperating between each module;
Power module, the power module are electrically connected with data acquisition module, nucleus module, wireless module and encrypting module It connects, working power is provided for it.
Further, the wireless module is 3G, 4G, WIFI or zigbee wireless communication module.
Further, the data acquisition module includes network interface unit and serial port unit, is respectively configured to provide TCP/IP Communication and bus communication, the network interface unit and serial port unit are controlled by nucleus module, transmission-receiving function are controlled by nucleus module And content.
Further, operation platform of the nucleus module as linux operating systems and application program.
Further, the nucleus module realizes data by being arranged, calling the corresponding interface to control data acquisition module Transmitting-receiving;By calling corresponding program and interface to realize the setting to wireless module, and realizes and dial up on the telephone, data transmit-receive;Pass through Interface in information security module is communicated with information security module, realizes that Data Encryption Transmission and log information are deposited safely Storage.
To solve the above-mentioned problems, the encryption communication method of intelligent data acquisition unit provided by the invention comprising:
It is preset in the safe access gateway of intelligent data acquisition unit and connection public network to be generated by authentication algorithm SM2 Certificate;
In transmission data, identity-based identifying algorithm SM2 is carried out between intelligent data acquisition unit and safe access gateway The validity of identity is verified in two-way authentication;
After identity validation, negotiated using SM2 Diffie-Hellman between intelligent data acquisition unit and safe access gateway The data encryption algorithm SM1 keys of Data Encryption Transmission;
Carried out data transmission using SM1 algorithms between intelligent data acquisition unit and safe access gateway, to transmission data into The full encryption of row, and utilize the integrality of data protection algorithms SM3 verify datas.
Further, the authentication algorithm SM2 is rivest, shamir, adelman.
Further, the data encryption algorithm SM1 is symmetric encipherment algorithm.
Intelligent data acquisition unit scheme provided by the invention can realize Data Encryption Transmission, while anti-by chain type information Imperial daily record generated to system operation carries out distributed preservation, avoids being attacked record, proposes the safety of system significantly.
Furthermore intelligent data acquisition unit provided by the invention specifically can integrated data acquisition, online, encryption, information security Etc. functions, greatly improve its safety for applying convenience and data transmission, have that deployment is convenient, data relative to existing equipment Transmit the advantages that safer, easy to maintain, at low cost.
Furthermore intelligent data acquisition unit provided by the invention is in actual use, can reduce the hardware interface on component, The function of two network interfaces is realized by a network interface.
Description of the drawings
It is further illustrated the present invention below in conjunction with the drawings and specific embodiments.
Fig. 1 is the application schematic diagram of existing Secure Access Modules;
Fig. 2 is the encryption method and intelligent data acquisition that block chain and IOT wireless communication techniques are supported in present example The schematic diagram of device;
Fig. 3 is the encryption method and intelligent data acquisition that block chain and IOT wireless communication techniques are supported in present example The application schematic diagram of device;
Fig. 4 is the encryption method and intelligent data acquisition that block chain and IOT wireless communication techniques are supported in present example Work flow diagram of the device based on cable network;
Fig. 5 is the encryption method and intelligent data acquisition that block chain and IOT wireless communication techniques are supported in present example Work flow diagram of the device based on wireless network;
Fig. 6 is elliptic curve schematic diagram in present example.
Specific implementation mode
In order to make the technical means, the creative features, the aims and the efficiencies achieved by the present invention be easy to understand, tie below Conjunction is specifically illustrating, and the present invention is further explained.
This example forms the intelligence with data acquisition, online and data safety encryption function by Integration Design Data collector, the intelligent data acquisition unit also support block chain and IOT wireless communication techniques.
Referring to Fig. 2, the theory of constitution figure of the intelligent data acquisition unit provided in a shown example.As seen from the figure, the branch It includes mainly data acquisition module to hold the encryption method of block chain and IOT wireless communication techniques and intelligent data acquisition unit 100 101, nucleus module 102, wireless module 103, information security module 104 and power module 105.
In the collector, data acquisition module 101 connects with 102 data connection of nucleus module, is adopted for completing data Collection, and have input/output function.
The data acquisition module 101 includes mainly network interface unit 101a and serial port unit 101b, and it is logical to provide TCP/IP respectively News and bus communication technology, wherein network interface unit 101a are band phy types, and are double network interfaces;Serial port unit 101b is that TTL turns 485, 485 bus data acquisition functions are provided.
Thus the data acquisition module 101 constituted, is connected with nucleus module 102, and is controlled and received by nucleus module 102 Send out function and content.
Wireless module 103 connects with 102 data of nucleus module, for realizing block chain and IOT wireless telecommunications skills is supported The encryption method of art and the wireless networking capabilities of intelligent data acquisition unit 100.
In specific implementation, which can be used the wireless communication modules such as 3G, 4G, WIFI or zigbee.But simultaneously It is without being limited thereto, other function modules for realizing wireless data transmission also can be used as needed.
Information security module 104 coordinates with 102 data connection of nucleus module, realizes intelligent data acquisition unit and public network Safe access gateway between authentication is encrypted, and carry out encrypted data transmission and verification;Described information security module It controls intelligent data acquisition unit and carries out chain type Info-Defense.
The information security module 104 is mainly mutual by encryption unit and chain type Info-Defense unit in specific implementation Coordinate to realize.
Wherein, encryption unit is made of corresponding encryption chip, is provided as the encryption built in the encryption chip, decipherment algorithm Data encrypting and deciphering technology, while the interface with peripheral device communication, network interface or serial ports being also provided on the encryption chip.
Furthermore the SM1 algorithms for being used for transmission data encryption are integrated in the encryption chip, for bidirectional identity authentication SM2 algorithms and SM3 algorithms for data integrity validation.
The functional characteristics of wherein SM1 algorithms is as follows:
1. realizing high-intensity high-speed symmetric cryptography;
2. realizing data encryption.
The functional characteristics of SM2 algorithms is as follows:
1. being used for bidirectional identity authentication;
2. Service Ticket is respectively configured in encrypting module and encryption gateway in the form of certificate;
3. using the validity of rivest, shamir, adelman verification identity;
4. negotiating symmetric cryptographic key by key schedule, which will be for the data encryption in subsequent communications.
Explanation is needed exist for, the SM2 algorithms in this programme use Based on Elliptic Curve Cryptosystem, but are handed in signature, key It changes aspect and is different from the international standards such as ECDSA, ECDH, but take safer mechanism.In addition, this SM2 algorithms are preferred One 256 curves are as standard curve.
The Weierstrass equations all of the above point and infinite point of elliptic curve constitute an addition abelian group, Middle infinite point is addition null element.The Adding law of this group is given by chord contact method (as shown in Figure 6).
One special place of this elliptic curve is infinite point, and the point special as one is denoted as O, it Not on an elliptic curvee, therefore it is referred to as infinite point.
Referring to Fig. 6, the addition of two differences P and Q in left figure, right figure are the addition of identical point P and P.By flat-cut Method can provide the addition equation on elliptic curve.The safety of this elliptic curve cryptosystem then establish elliptic curve from On discrete logarithm problem.
Digital signature and verification of the Digital Signature Algorithm suitable for commercial applications in this SM2 algorithms, can meet a variety of Authentication in cipher application and data integrity, the demand for security of authenticity.Key Exchange Protocol is suitable for commercial cipher Key in exchanges, can meet communicating pair by twice or optional tertiary information transmittance process, calculate obtain one by The shared secret key (session secret key) that both sides codetermine.Public key encryption algorithm disappearing suitable for national commercial cipher application Encryption and decryption is ceased, sender of the message can utilize the public key of recipient that message is encrypted, and recipient is carried out with corresponding private key Solution obtains message.
Digital Signature Algorithm in this SM2 algorithms, Key Exchange Protocol and public key encryption algorithm all employ the close pipe of country The SM3 cryptographic Hash algorithm and randomizer of reason office approval.Digital Signature Algorithm, Key Exchange Protocol and public key encryption Algorithm chooses finite field and elliptic curve according to general provisions, and generates key pair, specific algorithm, and flow and example are shown in SM2 standards.
This SM2 algorithms and RSA, symmetry algorithm equal strength compare as follows.
The functional characteristics of SM3 algorithms is as follows:
1. data protection;
2. whether verify data is tampered;
3. verification of data integrity.
SM3 algorithms can be l (l to length in this programme<2^64) the message m of position, is filled and Iteration Contraction, generates Hash Value, final Hash Value are 256.
When SM3 algorithms are filled in this programme, if the length of message m is l, position " 1 " is added to message end first Tail, then add k " 0 ", k is the minimum nonnegative integer for meeting l+1+k=448mod 512.Then 64 bit strings are added again, it should String is the binary representation of l, the integral multiple that message m ' the length after filling is 512.
Thus the encryption unit constituted can effectively realize two-way authentication, network layer data encrypt entirely, anti-playback with And data integrity protection.
Information security mould chain type Info-Defense unit in the block is adopted intelligent data using chain type book keeping operation mode in this programme The log information distribution that storage operation generates is stored in each node in intelligent data acquisition unit application system, thus comes real Existing chain type Info-Defense;Hacker can be avoided to be recorded using the attack that massive logs flood in daily record in this way, cause to be difficult at this The problem of clue in relation to hacker being found in a little information.
This programme is stored in each node by chain type accounting system technology, by daily record distribution, and single section is avoided with this Point is collapsed because log information overloads, while can investigate attack logs respectively in each different node with establishment officer.And Attempting to delete the hacker of log information can find that daily record is not stored in address and can not obtain the storage location of daily record, even if hair Showed position be also required to break through other systems be likely to delete or cover daily record, this cause pervious attack pattern actually without Method is realized.
Basic herein, this programme also automatically carries out daily record to be analyzed to find that hacker attack behavior therein, can specifically adopt It takes the mode of machine learning to learn its attack found automatically, and gives this Mode Feedback to leading portion server, for the latter Hacker attack is prevented according to the operation of these mode filterings user.
This programme in the specific time when, for system generate log information when, can find whithin a period of time most suitable Record the server of this daily record.In order to select optimal server, operating lag T of this programme based on server, storage Capacity S and its bandwidth M is calculated selection coefficient H by formula H=S*8+M*1.75-T*3.2, selects coefficient more big then excellent First select.
On this basis, in the case of selecting coefficient identical, this programme is further selected using polling algorithm.
It is most suitable for recording the server of this daily record finding, the subsequent daily record is sent to the server, and by the latter Complete log recording and persistence.
The following system pushes the notice to all systems connected to it, including newest bill information and New index number after the daily record is added, other systems can respond the information and preserve bill, until all clothes in whole system Business device all receives the update.
Nucleus module 102 in this collector, is used to run operating system and program, provides Peripheral Interface, to data It preserves etc..
In specific implementation, the operation platform of the nucleus module 102 as linux operating systems and application program, based on Control module, while controlling data acquisition module 101, wireless module 103, information security module 104, power module 105 and being connected, Them are controlled to cooperate.
For the nucleus module 102, peripheral resources are provided, by controlling chip accordingly, ddr, flash are constituted.
At runtime, by being arranged, calling, the corresponding interface controls network interface to the nucleus module 102 of such setting, serial ports (counts According to acquisition module 101) realize data transmitting-receiving;By calling corresponding program and interface to realize the setting to wireless module, and it is real Now dial up on the telephone, data transmit-receive;Communicated with encrypting module by network interface in encrypting module or serial ports, realize data plus Decrypt function.
Power module 105, with data acquisition module 101, nucleus module 102, wireless module 103 and encrypting module 104 electrical connections, working power is provided for it.
Intelligent data acquisition unit based on support block chain and IOT wireless telecommunications that said program is constituted, relative to existing Encrypting module must have double network interfaces, and a network interface is encrypted, and the scheme of network interface decryption, this programme utilizes different ports, It is provided simultaneously with the function of encryption and decryption on a network interface, realizes and realizes the function of two network interfaces using a network interface, subtract While few hardware interface, hardware volume is reduced.
The intelligent data acquisition unit that this example provides, the safety access system that can be formed with safe access gateway, in conjunction with The mature technologies such as PKI, VPN are organically combined safety with application, it is ensured that observing and controlling premised on facilitating the transparent access of application system Bidirectional identification identification between terminal and application server, it is ensured that information transmission safety, it is ensured that the terminal of access, which can monitor, to be examined Meter, is the powerful guarantee of the continuous normal safe operation of intelligent grid key service system.Come below by way of specific application example Explanation.
Referring to Fig. 3 which shows the encryption method and intelligent data acquisition of this support block chain and IOT wireless communication techniques The schematic diagram of device and the safety access system of safe access gateway composition.
As seen from the figure, the encryption method and intelligent data acquisition unit of this support block chain and IOT wireless communication techniques are being answered Used time is coordinated with wired and wireless two ways and safe access gateway 400:
1. wired mode, support the encryption method and intelligent data acquisition unit 100 of block chain and IOT wireless communication techniques with 200 data of router connect, and are connected to public network 300 by grid line by router 200, then by 300 data connection of public network to Safe access gateway 400, and safe access gateway 400 connects with 500 data of front server.
2. wireless mode supports that the encryption method and intelligent data acquisition unit 100 of block chain and IOT wireless communication techniques are straight Wireless network connection was connected to public network 300, then by 300 data connection of public network to safe access gateway 400, and secure accessing net 400 are closed with 500 data of front server to connect.
Based on above-mentioned safety access system, the workflow of this intelligent data acquisition unit 100 is as follows:
1. being directed to cable network, 100 workflow of intelligent data acquisition unit mainly includes the upload and download of data.
Upload flow (referring to Fig. 4):
Data acquisition module in intelligent data acquisition unit carries out data acquisition by serial ports or network interface, collects data It can repack and be uploaded later, it is public network to upload required network, and target is front server.It uploads data and is first sent to intelligence Encryption unit in energy data collector, encrypted unit are encrypted;And another delivery outlet of encryption unit can connect to Public network, the delivery outlet are connected to a RJ45 interface of intelligent data acquisition unit, can be communicated with outside.
Encryption unit is connected to safe access gateway by public network, and is authenticated with safe access gateway, certification at Encrypted data are uploaded into safe access gateway after work(, encrypted data are decrypted safe access gateway, and root According to Target IP, the data after decryption are issued into corresponding front server.
Download flow:
Front server data are sent to data collector, need data being first sent to safe access gateway, connect safely Data are encrypted function Access Gateway, and forward the data to corresponding encryption unit according to target, and encryption unit carries out data After decryption, and the data after decryption are sent to the intelligent data sampling module being attached thereto.
2. being directed to wireless network, 100 workflow of intelligent data acquisition unit mainly includes the upload and download of data.
Upload flow (referring to Fig. 5):
The encryption method and intelligent data acquisition unit of block chain and IOT wireless communication techniques is supported to pass through serial ports or network interface Carry out data acquisition, collect to repack after data and uploaded, upload needed for network be public network, target is preposition clothes Business device uploads data and is first sent to encryption unit, and encrypted unit is encrypted.
Because encryption unit can not connect public network, and need to be communicated with safe access gateway, then must pass through routing Mode is communicated by a retransmission process, and the retransmission process is with encryption unit while being communicated, also with Safe access gateway communicated (retransmission process here is run in the Linux system of intelligent data acquisition unit, it is possible to The radio network functions having using system are communicated with outside), as taken between encryption unit and safe access gateway The bridge of a communication has been built, and it is without any processing to the data of communication two party, and such encryption unit can be with applications It is communicated.Thus encryption unit is established by retransmission process and safe access gateway and is connected, and is then authenticated, certification at In the case of work(, encrypted data are uploaded to safe access gateway, turn data according to IP after safe access gateway decryption Issue corresponding front server.
Carry out during this Data Encryption Transmission the specific implementation process is as follows:
The first step:SM2 algorithms generate certificate be respectively placed in encryption unit and safe access gateway, encryption unit with It uses rivest, shamir, adelman, two-way authentication to verify the validity of identity between safe access gateway, is carrying out identity validation completion Later, and negotiate and generate next step SM1 keys;
Second step:Encryption unit is carried out data transmission using SM1 algorithms, to transmission data entirely add with symmetry algorithm It is close, and using the completeness and efficiency of SM3 proof of algorithm data, realize the protection to data.
Download flow:
Front server data are sent to data collector, need data being first sent to safe access gateway, connect safely Data are encrypted function Access Gateway, and using retransmission process as bridge, are established with corresponding encrypting module and connect and complete certification, it Corresponding encryption unit is forwarded the data to according to target afterwards, after data are decrypted encryption unit, and by the number after decryption According to being sent to the intelligent data acquisition unit being attached thereto.
Carry out during this Data Encryption Transmission the specific implementation process is as follows:
The first step:Rivest, shamir, adelman, two-way authentication is used to verify identity between safe access gateway and encryption unit Validity after carrying out identity validation completion, and negotiates next step SM1 keys;
Second step:Safe access gateway is carried out data transmission using SM1 algorithms, is carried out to transmission data with symmetry algorithm complete Encryption, and using the completeness and efficiency of SM3 proof of algorithm data, realize the protection to data
On the basis of said program, this application example further increases Distributed Time and sets service function, with further Improve the safety of application system.
The time is a very important infrastructure in a distributed system, if internal system Time Inconsistency, that The normal function of system will be unable to be unfolded, while misarrangement also becomes impossible.
Accordingly, this example further sets service function to realize internal clock synchronization mechanism by Distributed Time.
A time server is equipped in system, when being connected to National Time Service Center, Chinese Academy of Sciences to obtain correct Between, and other servers carry out time synchronization by private services and the server.
It can effectively avoid by the possibility of hacker attack by privately owned communication protocol, therefore hacker can not know communication message Format, while being needed according to different environment in proprietary protocol to be added to different secret grades, such as desktop Brain and server, it is possible to provide the identifying system based on digital certificate, and for embedded device, it is possible to provide it is calculated based on privately owned encryption The identifying system of method, to ensure to save the resource and bandwidth of embedded device.
Equipment can negotiate which kind of algorithm specifically used after access system with system, and the factor considered includes equipment sheet The reliability for the bandwidth and equipment end network that calculated performance, the equipment of body can use, but system can put forward each equipment Go out minimum algorithm requirement, equipment is not allowed to select too low algorithm to ensure the safety of whole system.
, can be by message frame clock synchronization for wireless telecom equipment, while it can be according to network fluctuation and network delay to the time Influence, the time data received is corrected.
The basic principles, main features and advantages of the present invention have been shown and described above.The technology of the industry Personnel are it should be appreciated that the present invention is not limited to the above embodiments, and the above embodiments and description only describe this The principle of invention, without departing from the spirit and scope of the present invention, various changes and improvements may be made to the invention, these changes Change and improvement all fall within the protetion scope of the claimed invention.

Claims (12)

1. supporting the intelligent data acquisition unit of block chain and IOT wireless telecommunications, which is characterized in that in the intelligent data acquisition unit Integrated information security module, described information security module control between intelligent data acquisition unit and the safe access gateway of public network into Row crypto identity certification, and carry out encrypted data transmission and verification;Described information security module control intelligent data acquisition unit into Row chain type Info-Defense.
2. intelligent data acquisition unit according to claim 1, which is characterized in that described information security module is remembered using chain type The log information distribution that intelligent data acquisition unit operation generates is stored in intelligent data acquisition unit application system by account mode Each node.
3. intelligent data acquisition unit according to claim 1 or 2, which is characterized in that described information security module includes adding Close unit and chain type Info-Defense unit;It is used for transmission the SM1 algorithms of data encryption in the encryption unit, is used for two-way body The SM2 algorithms of part certification and the SM3 algorithms for data integrity validation.
4. intelligent data acquisition unit according to claim 3, which is characterized in that the chain type Info-Defense unit, which is directed to, is The log information that system generates determines selection coefficient according to following formula, and is based on the selection coefficient from intelligent data acquisition unit Optimal logger server is selected in application system to record the log information;
H=S*8+M*1.75-T*3.2;
Wherein, H is server selection coefficient, and T is the operating lag of server, and S is server storage capacity, and M is server band It is wide.
5. intelligent data acquisition unit according to claim 1, which is characterized in that the intelligent data acquisition unit includes:
Data acquisition module, the data acquisition module and nucleus module data connection, are used for data acquisition;
Wireless module, the wireless module and nucleus module data connection, for carrying out wireless data transmission;
Information security module, described information security module and nucleus module data connection, carry out encrypted transmission and the day of data Will information security stores;
Nucleus module, the nucleus module is main control module, with data acquisition module, wireless module, encrypting module, power supply mould Block is connected, and coordinates cooperating between each module;
Power module, the power module are electrically connected with data acquisition module, nucleus module, wireless module and encrypting module, Working power is provided for it.
6. intelligent data acquisition unit according to claim 5, which is characterized in that the wireless module be 3G, 4G, WIFI or Zigbee wireless communication modules.
7. intelligent data acquisition unit according to claim 5, which is characterized in that the data acquisition module includes network interface list Member and serial port unit, are respectively configured to provide TCP/IP communications and bus communication, the network interface unit and serial port unit are controlled In nucleus module, transmission-receiving function and content are controlled by nucleus module.
8. intelligent data acquisition unit according to claim 5, which is characterized in that the nucleus module is operated as linux The operation platform of system and application program.
9. intelligent data acquisition unit according to claim 5, which is characterized in that the nucleus module is by being arranged, calling The corresponding interface controls the transmitting-receiving that data acquisition module realizes data;By calling corresponding program and interface to realize to wireless module Setting, and realize and dial up on the telephone, data transmit-receive;It is communicated with information security module by the interface in information security module, Realize Data Encryption Transmission and log information secure storage.
10. the encryption communication method of intelligent data acquisition unit, which is characterized in that including:
The preset card generated by authentication algorithm SM2 in the safe access gateway of intelligent data acquisition unit and connection public network Book;
In transmission data, identity-based identifying algorithm SM2 is carried out two-way between intelligent data acquisition unit and safe access gateway The validity of authentication verification identity;
After identity validation, SM2 Diffie-Hellman negotiation datas are used between intelligent data acquisition unit and safe access gateway The data encryption algorithm SM1 keys of encrypted transmission;
Carried out data transmission using SM1 algorithms between intelligent data acquisition unit and safe access gateway, transmission data is carried out complete Encryption, and utilize the integrality of data protection algorithms SM3 verify datas.
11. the encryption communication method of intelligent data acquisition unit according to claim 10, which is characterized in that the identity is recognized It is rivest, shamir, adelman to demonstrate,prove algorithm SM2.
12. the encryption communication method of intelligent data acquisition unit according to claim 10, which is characterized in that the data add Close algorithm SM1 is symmetric encipherment algorithm.
CN201711330910.6A 2017-12-13 2017-12-13 A kind of intelligent data acquisition unit that supporting block chain and IOT wireless telecommunications and encryption communication method Withdrawn CN108306853A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711330910.6A CN108306853A (en) 2017-12-13 2017-12-13 A kind of intelligent data acquisition unit that supporting block chain and IOT wireless telecommunications and encryption communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711330910.6A CN108306853A (en) 2017-12-13 2017-12-13 A kind of intelligent data acquisition unit that supporting block chain and IOT wireless telecommunications and encryption communication method

Publications (1)

Publication Number Publication Date
CN108306853A true CN108306853A (en) 2018-07-20

Family

ID=62869786

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711330910.6A Withdrawn CN108306853A (en) 2017-12-13 2017-12-13 A kind of intelligent data acquisition unit that supporting block chain and IOT wireless telecommunications and encryption communication method

Country Status (1)

Country Link
CN (1) CN108306853A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109150511A (en) * 2018-08-17 2019-01-04 深圳市晓控通信科技有限公司 A kind of data scanning device based on block chain technology
CN109495257A (en) * 2018-12-18 2019-03-19 国家电网有限公司 A kind of data collector encryption method based on the improvement close SM2 Encryption Algorithm of state
CN109743176A (en) * 2018-12-28 2019-05-10 百富计算机技术(深圳)有限公司 A kind of certificate update method, server and the POS terminal of POS terminal
CN110474921B (en) * 2019-08-28 2020-06-26 中国石油大学(北京) Perception layer data fidelity method for local area Internet of things
CN111431905A (en) * 2020-03-26 2020-07-17 重庆新致金服信息技术有限公司 Intelligent gateway system suitable for credit industry
CN112235328A (en) * 2020-12-16 2021-01-15 江苏迈诺建筑智能化工程有限公司 Integrated data secret communication transmission management system based on Internet of things
CN112784300A (en) * 2021-01-22 2021-05-11 重庆秦嵩科技有限公司 Multi-stage log encryption processing system and method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008011376A2 (en) * 2006-07-21 2008-01-24 General Electric Company System and method for providing network device authentication
CN106789616A (en) * 2017-02-10 2017-05-31 上海新储集成电路有限公司 A kind of things-internet gateway equipment and Internet of Things central platform
CN107122985A (en) * 2017-05-09 2017-09-01 广东工业大学 A kind of agricultural-product supply-chain traceability system based on Internet of Things and block chain
CN107343179A (en) * 2017-08-14 2017-11-10 华北电力大学 A kind of video information encryption and video terminal security certification system, authentication method and its application

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008011376A2 (en) * 2006-07-21 2008-01-24 General Electric Company System and method for providing network device authentication
CN106789616A (en) * 2017-02-10 2017-05-31 上海新储集成电路有限公司 A kind of things-internet gateway equipment and Internet of Things central platform
CN107122985A (en) * 2017-05-09 2017-09-01 广东工业大学 A kind of agricultural-product supply-chain traceability system based on Internet of Things and block chain
CN107343179A (en) * 2017-08-14 2017-11-10 华北电力大学 A kind of video information encryption and video terminal security certification system, authentication method and its application

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109150511A (en) * 2018-08-17 2019-01-04 深圳市晓控通信科技有限公司 A kind of data scanning device based on block chain technology
CN109495257A (en) * 2018-12-18 2019-03-19 国家电网有限公司 A kind of data collector encryption method based on the improvement close SM2 Encryption Algorithm of state
CN109495257B (en) * 2018-12-18 2021-08-06 国家电网有限公司 Data acquisition unit encryption method based on improved SM2 cryptographic algorithm
CN109743176A (en) * 2018-12-28 2019-05-10 百富计算机技术(深圳)有限公司 A kind of certificate update method, server and the POS terminal of POS terminal
CN109743176B (en) * 2018-12-28 2020-07-28 百富计算机技术(深圳)有限公司 POS terminal certificate updating method, server and POS terminal
CN110474921B (en) * 2019-08-28 2020-06-26 中国石油大学(北京) Perception layer data fidelity method for local area Internet of things
CN111431905A (en) * 2020-03-26 2020-07-17 重庆新致金服信息技术有限公司 Intelligent gateway system suitable for credit industry
CN112235328A (en) * 2020-12-16 2021-01-15 江苏迈诺建筑智能化工程有限公司 Integrated data secret communication transmission management system based on Internet of things
CN112784300A (en) * 2021-01-22 2021-05-11 重庆秦嵩科技有限公司 Multi-stage log encryption processing system and method

Similar Documents

Publication Publication Date Title
CN111083131B (en) Lightweight identity authentication method for power Internet of things sensing terminal
CN108306853A (en) A kind of intelligent data acquisition unit that supporting block chain and IOT wireless telecommunications and encryption communication method
CN113783836B (en) Internet of things data access control method and system based on block chain and IBE algorithm
CN109088870B (en) Method for safely accessing acquisition terminal of power generation unit of new energy plant station to platform
CN103354498B (en) A kind of file encryption transmission method of identity-based
CN103475464B (en) A kind of power special quantum encryption gateway system
CN104270249B (en) It is a kind of from the label decryption method without certificate environment to identity-based environment
CN105743646B (en) A kind of Identity based encryption method and system
CN101980558B (en) Method for encryption authentication on Ad hoc network transmission layer protocol
CN103929299B (en) Self-securing lightweight network message transmitting method with address as public key
CN105245326B (en) A kind of smart grid security communication means based on combination pin
CN108650227A (en) Handshake method based on datagram secure transfer protocol and system
CN108886468A (en) System and method for distributing the keying material and certificate of identity-based
CN104301108B (en) It is a kind of from identity-based environment to the label decryption method without certificate environment
CN109691013A (en) Block chain communication method between nodes, device and storage medium, block catenary system
CN208986966U (en) A kind of ciphering terminal and corresponding data transmission system
CN103618610A (en) Information safety algorithm based on energy information gateway in smart power grid
CN108667607A (en) A kind of quantum key synchronous method with electric terminal
CN103763099A (en) Electric power security communication network based on quantum key distribution technology
CN115085943B (en) Edge computing method and platform for safe encryption of electric power Internet of things in north and south directions
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN203851153U (en) Electric power security communication network based on quantum key distribution technology
CN109344639A (en) Distribution network automation double-protection safety chip, data transmission method and equipment
Seferian et al. Identity based key distribution framework for link layer security of AMI networks
CN108768669A (en) Based on ASIC trusted remote memory switching cards and its method for interchanging data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20180720

WW01 Invention patent application withdrawn after publication