CN108599927A - The protective relaying device of integrated national secret algorithm security module - Google Patents

The protective relaying device of integrated national secret algorithm security module Download PDF

Info

Publication number
CN108599927A
CN108599927A CN201810246044.0A CN201810246044A CN108599927A CN 108599927 A CN108599927 A CN 108599927A CN 201810246044 A CN201810246044 A CN 201810246044A CN 108599927 A CN108599927 A CN 108599927A
Authority
CN
China
Prior art keywords
data
security module
protective relaying
national secret
secret algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810246044.0A
Other languages
Chinese (zh)
Inventor
李良
王峥
丁岳
王于波
于同伟
张武洋
卢岩
刘国华
杨文�
耿亮
刘柱
任孝武
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Liaoning Electric Power Research Institute
Beijing Smartchip Microelectronics Technology Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Liaoning Electric Power Research Institute
Beijing Smartchip Microelectronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Information and Telecommunication Co Ltd, Liaoning Electric Power Research Institute, Beijing Smartchip Microelectronics Technology Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201810246044.0A priority Critical patent/CN108599927A/en
Publication of CN108599927A publication Critical patent/CN108599927A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02HEMERGENCY PROTECTIVE CIRCUIT ARRANGEMENTS
    • H02H1/00Details of emergency protective circuit arrangements
    • H02H1/0061Details of emergency protective circuit arrangements concerning transmission of signals

Abstract

The invention discloses a kind of protective relaying devices of integrated national secret algorithm security module, including relay protection application system and national secret algorithm security module.The relay protection application system is used to carry out relay protection to electric system.The national secret algorithm security module is connected with the relay protection application system, the data information for protecting the protective relaying device.The protective relaying device is integrated with national secret algorithm security module so that external device is not readily available the communication data of protective relaying device, to the communication data information of effective protection protective relaying device, protects the safety of national grid.

Description

The protective relaying device of integrated national secret algorithm security module
Technical field
The present invention relates to electric relay protection field, more particularly to a kind of relay protection of integrated national secret algorithm security module Device.
Background technology
Intelligent grid build in, when in electric system force device (such as generator, circuit) or electric system itself When failure has occurred jeopardizing safe operation of power system, protective relaying device can send warning signal in time, or directly to The breaker controlled sends out trip signal to terminate the development of these events.
Protective relaying device is mainly electrical quantity (electricity when short circuit or abnormal conditions occurring using element in electric system Stream, voltage, power, frequency etc.) variation constitute relay protection action principle, when protected power system component occur therefore When barrier, the breaker that the protective relaying device of the element quickly and accurately gives disengaging fault element nearest sends out trip signal, makes Fault element is disconnected from electric system in time, reduces the damage to power system component itself to the maximum extent, is reduced to electricity The influence of Force system safe power supply.Therefore protective relaying device is significant in terms of the safety for ensureing electric system.
All without data encryption module, arbitrary relay equipment can be accessed arbitrarily existing protective relaying device, communicate number It is illegally stolen and is distorted according to easy, and then the erroneous judgement, the equipment wrong diagnosis that cause relay protection to instruct are electric, it is more serious to influence me State's electric power netting safe running.Therefore the data information of existing protective relaying device is not protected, and is that an electric system is prodigious thin Weakness is badly in need of proposing solution.
Current most important data encryption mode is domestic cryptographic algorithm (national secret algorithm).National secret algorithm refers to State Commercial Cryptography Administration The domestic commercial cipher algorithm assert, including private SM1 and disclosed SM2, SM3, SM4 three classes algorithm, are symmetrical respectively Algorithm, asymmetric arithmetic, hash algorithm and symmetry algorithm.
Being disclosed in the information of the background technology part, it is only intended to increase understanding of the overall background of the invention, without answering It has been the prior art well known to persons skilled in the art when being considered as recognizing or imply that the information is constituted in any form.
Invention content
The purpose of the present invention is to provide a kind of protective relaying device of integrated national secret algorithm security module, the relay protections Device is integrated with national secret algorithm security module so that and external device is not readily available the communication data of protective relaying device, to The communication data information of effective protection protective relaying device protects the safety of national grid.
To achieve the above object, the present invention provides a kind of protective relaying device of integrated national secret algorithm security module, packets Include relay protection application system and national secret algorithm security module.The relay protection application system be used for electric system carry out after Electric protection simultaneously carries out data information transfer with external equipment.The national secret algorithm security module and the relay protection application system It is connected, the data information for protecting the protective relaying device.
In a preferred embodiment, the national secret algorithm security module includes safe storage, the hard IP of cryptographic algorithm Core, safety management module.Safe storage is used to carry out secure storage to the data information of the protective relaying device.Password is calculated For generating authentication data, the authentication data is authenticated interface equipment for the national secret algorithm security module the hard IP kernel of method It uses, is additionally operable to that the communication data of the protective relaying device is encrypted or decrypts.Safety management module and the safety Memory, the hard IP kernel of the cryptographic algorithm and the relay protection application system are connected, for being answered for the relay protection Security service mechanism is provided with system and national secret algorithm security module.
In a preferred embodiment, the hard IP kernel of the cryptographic algorithm uses the close SM1 algorithms of state.
In a preferred embodiment, the method that the hard IP of the cryptographic algorithm generates authentication data is using specified key Operation is encrypted to the authentication datas of the 16 bytes input factor, by the most-significant byte byte of the operation result and least-significant byte byte into Row exclusive or is to obtain authentication data.
In a preferred embodiment, the cryptographic calculation in the production method of the authentication data is the close SM1 algorithms of state.
In a preferred embodiment, the hard IP kernel of the cryptographic algorithm is to the communication data of the protective relaying device Ciphering process includes the following steps:The first step forms the length information that the plaintext communication data are added before plaintext communication data The new data is divided into one or more data blocks that 16 bytes are unit, the byte length of the last one data block by new data It is 1~16 byte;Second step, if the length of the last one data block is 15 bytes, in the last one data block After 16 byte of ' 80 ' polishing of 16 system number is added, if the length of the last one data block be 1~14 byte, at the last one 16 system numbers ' 80 ' are first added after data block, add 16 system number ' 0 ' of multidigit, until length reaches 16 bytes;Third walks, right Each data block is encrypted respectively;4th step combines all encrypted data blocks according to former sequence.
It is in a preferred embodiment, described that carry out encrypted method respectively to each data block be first using specified Then key generation procedure key is encrypted each data block using process key respectively.
In a preferred embodiment, the method for the specified key generation procedure key is using specified key pair 16 The byte process key input factor carries out SM1 cryptographic calculations and obtains process key.
Compared with prior art, the protective relaying device of integrated national secret algorithm security module according to the present invention has as follows Advantageous effect:
The protective relaying device of the integrated national secret algorithm security module can be with the communication of effective protection protective relaying device Data information protects the safety of national grid.
Description of the drawings
Fig. 1 be integrated national secret algorithm security module according to an embodiment of the present invention protective relaying device with it is upper The data interactive mode of machine.
Fig. 2 is the signal of the protective relaying device of integrated national secret algorithm security module according to an embodiment of the present invention Figure.
Fig. 3 is the algorithm of generation authentication data according to an embodiment of the present invention.
Fig. 4 is data encryption process according to an embodiment of the present invention.
Fig. 5 is the algorithm of generation process key according to an embodiment of the present invention.
Fig. 6 is data decrypting process according to an embodiment of the present invention.
Specific implementation mode
Below in conjunction with the accompanying drawings, the specific implementation mode of the present invention is described in detail, it is to be understood that the guarantor of the present invention Shield range is not restricted by specific implementation.
Unless otherwise explicitly stated, otherwise in entire disclosure and claims, term " comprising " or its change It changes such as "comprising" or " including " etc. and will be understood to comprise stated element or component, and do not exclude other members Part or other component parts.
Fig. 1 is the protective relaying device and host computer of integrated national secret algorithm security module according to an embodiment of the present invention Data interactive mode.
Preferably, according to an embodiment of the present invention, the close algorithm security module of acceding state in protective relaying device 11 11a, protective relaying device 11 will need the data that communicate to be encrypted by national secret algorithm security module 11a, data communication with Ciphertext form is transmitted to host computer 12, is decrypted by the national secret algorithm security module 12a in host computer 12.National secret algorithm is pacified The integrated approach of full module is not limited to certain ad hoc approach, and communication mode is not limited to certain communication protocol.
Fig. 2 is the protective relaying device 100 of integrated national secret algorithm security module according to an embodiment of the present invention Schematic diagram.
As shown, the protective relaying device 100 includes relay protection application system 21 and national secret algorithm security module 22. Relay protection action is realized by the relay protection application system 21.It is completed to interface by national secret algorithm security module 22 The certification of equipment and the encryption of communication data and decryption are to protect the data information of the protective relaying device.
National secret algorithm security module 22 includes safety management module 22a, safe storage 22b, the hard IP kernel of cryptographic algorithm 22c.Safety management module 22a is the safe maincenter of the protective relaying device 100, hard with safe storage 22b, cryptographic algorithm IP kernel 22c and relay protection application system 21 are connected, for pacifying to the relay protection application system 21 and national secret algorithm Full module 22 provides security service mechanism.Safe storage 22b is used to store the data information of the protective relaying device 100, The hard IP kernel 22c of cryptographic algorithm exists in the form of hardware, for carry out national secret algorithm generate authentication data, the authentication data supply described in National secret algorithm security module is authenticated interface equipment, and the hard IP kernel 22c of cryptographic algorithm is additionally operable to complete the relay protection dress Set the operation of encryption or the decryption of 100 communication data.Preferably, the hard IP kernel 22c of the cryptographic algorithm is symmetrical using the close SM1 of state Algorithm.
The method that the hard IP kernel 22c of cryptographic algorithm carries out national secret algorithm generation authentication data is as shown in Figure 3:Using specified Key KEY carries out SM1 cryptographic calculations to the authentication data input factor (16 byte), to the height of the encrypted result of 16 obtained bytes 8 bytes and low 8 byte carry out exclusive or to generate authentication data.
Fig. 4 is data encryption process according to an embodiment of the present invention.
Preferably, the hard IP kernel of the cryptographic algorithm is as follows to the ciphering process of data:
The first step:LD indicates that the length of clear data, LD usually account for a byte, is generated newly plus LD before clear data Data.
Second step:By the new data be divided into 16 bytes be unit data block, be expressed as BLOCK1, BLOCK2, BLOCK3, BLOCK4 etc..Last data block is likely to be 1~16 byte.
Third walks:If the length of the data block of last (or unique) is 16 bytes, the 4th step is gone to;If last If the length of one data block is 15 bytes, then 16 byte of ' 80 ' polishing of 16 system number is added after the last one data block, Go to the 4th step, if the length of the last one data block be 1~14 byte, be first added after the last one data block 16 into Number ' 80 ' processed adds 16 system number ' 0 ' of multidigit, until length reaches 16 bytes, goes to the 4th step.
4th step:Using specified key generation procedure key, then each data block is divided using process key It does not encrypt.The method of specified key generation procedure key is as shown in Figure 5:The factor is inputted to process key using specified key KEY SM1 cryptographic calculation generations are carried out, because the process key input factor is usually 8 bytes, multidigit " 0 " should be mended when generating process key Reach 16 bytes.
5th step:After calculating, all encrypted data blocks are linked in sequence together according to original.
Data deciphering then uses opposite process, as shown in Figure 6.
To sum up, the protective relaying device of integrated national secret algorithm security module provided by the invention is integrated with national secret algorithm safety Module so that external device is not readily available the communication data of protective relaying device, to effective protection protective relaying device Communication data information protects the safety of national grid.
The description of the aforementioned specific exemplary embodiment to the present invention is in order to illustrate and illustration purpose.These descriptions It is not wishing to limit the invention to disclosed precise forms, and it will be apparent that according to the above instruction, can much be changed And variation.The purpose of selecting and describing the exemplary embodiment is that explaining the specific principle of the present invention and its actually answering With so that those skilled in the art can realize and utilize the present invention a variety of different exemplary implementation schemes and Various chooses and changes.The scope of the present invention is intended to be limited by claims and its equivalents.

Claims (9)

1. a kind of protective relaying device of integrated national secret algorithm security module, which is characterized in that including:
Relay protection application system for carrying out relay protection to electric system, and carries out data information transfer with external equipment; And
Into row data communication between national secret algorithm security module, with the relay protection application system, based on national secret algorithm to institute Data information is stated to be encrypted or decryption processing.
2. the protective relaying device of integrated national secret algorithm security module according to claim 1, which is characterized in that the state Close algorithm security module includes:
Safe storage carries out secure storage for the data information to the protective relaying device;
The hard IP kernel of cryptographic algorithm is encrypted or decrypts for the data information to the protective relaying device;And
Safety management module, with the safe storage, the hard IP kernel of the cryptographic algorithm and the relay protection application system It is connected, for providing security service mechanism for the relay protection application system and national secret algorithm security module.
3. the protective relaying device of integrated national secret algorithm security module according to claim 2, which is characterized in that described close The code hard IP kernel of algorithm uses the close SM1 algorithms of state.
4. the protective relaying device of integrated national secret algorithm security module according to claim 2, which is characterized in that described close Code the hard IP kernel of algorithm be additionally operable to generate authentication data, the authentication data for the national secret algorithm security module to interface equipment into Row certification uses.
5. the protective relaying device of integrated national secret algorithm security module according to claim 4, which is characterized in that described close The method that the hard IP of code algorithm generates authentication data is encrypted using the authentication data input factor of 16 byte of specified key pair The most-significant byte byte of the operation result and least-significant byte byte are carried out exclusive or to obtain authentication data by operation.
6. the protective relaying device of integrated national secret algorithm security module according to claim 5, which is characterized in that the mirror Cryptographic calculation in the production method of other data is the close SM1 algorithms of state.
7. the protective relaying device of integrated national secret algorithm security module according to claim 2, which is characterized in that described close The code hard IP kernel of algorithm includes the following steps the ciphering process of the communication data of the protective relaying device:
The length information that the plaintext communication data are added before plaintext communication data is formed new data, by the new data by the first step It is divided into one or more data blocks that 16 bytes are unit, the byte length of the last one data block is 1~16 byte;
Second step, if the length of the last one data block be 15 bytes if, after the last one data block be added 16 into 16 byte of ' 80 ' polishing of number processed, if the length of the last one data block is 1~14 byte, after the last one data block first 16 system numbers ' 80 ' are added, add 16 system number ' 0 ' of multidigit, until length reaches 16 bytes;
Third walks, and is encrypted respectively to each data block;And
4th step combines all encrypted data blocks according to former sequence.
8. the protective relaying device of integrated national secret algorithm security module according to claim 7, which is characterized in that described right It is first then to use process key pair using key generation procedure key is specified that each data block, which carries out encrypted method respectively, Each data block is encrypted respectively.
9. the protective relaying device of integrated national secret algorithm security module according to claim 8, which is characterized in that the finger The method for determining key generation procedure key is to carry out SM1 cryptographic calculations using the specified key pair 16 byte process key input factor Obtain process key.
CN201810246044.0A 2018-03-23 2018-03-23 The protective relaying device of integrated national secret algorithm security module Pending CN108599927A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810246044.0A CN108599927A (en) 2018-03-23 2018-03-23 The protective relaying device of integrated national secret algorithm security module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810246044.0A CN108599927A (en) 2018-03-23 2018-03-23 The protective relaying device of integrated national secret algorithm security module

Publications (1)

Publication Number Publication Date
CN108599927A true CN108599927A (en) 2018-09-28

Family

ID=63627314

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810246044.0A Pending CN108599927A (en) 2018-03-23 2018-03-23 The protective relaying device of integrated national secret algorithm security module

Country Status (1)

Country Link
CN (1) CN108599927A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103066702A (en) * 2013-01-09 2013-04-24 珠海博威智能电网有限公司 On-off controller based on key communications
CN104410970A (en) * 2014-12-23 2015-03-11 北京极科极客科技有限公司 Wireless intelligent accessing method
CN106230993A (en) * 2016-09-29 2016-12-14 中国南方电网有限责任公司电网技术研究中心 The security protection compliance data acquisition method of electric power monitoring system and system
CN107171293A (en) * 2017-06-16 2017-09-15 国网辽宁省电力有限公司电力科学研究院 The system and method for relay protection O&M information multidimensional issue is realized in intelligent grid

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103066702A (en) * 2013-01-09 2013-04-24 珠海博威智能电网有限公司 On-off controller based on key communications
CN104410970A (en) * 2014-12-23 2015-03-11 北京极科极客科技有限公司 Wireless intelligent accessing method
CN106230993A (en) * 2016-09-29 2016-12-14 中国南方电网有限责任公司电网技术研究中心 The security protection compliance data acquisition method of electric power monitoring system and system
CN107171293A (en) * 2017-06-16 2017-09-15 国网辽宁省电力有限公司电力科学研究院 The system and method for relay protection O&M information multidimensional issue is realized in intelligent grid

Similar Documents

Publication Publication Date Title
US9911010B2 (en) Secure field-programmable gate array (FPGA) architecture
CN102880836B (en) Safety feature
CN103957109A (en) Cloud data privacy protection security re-encryption method
US9250671B2 (en) Cryptographic logic circuit with resistance to differential power analysis
EP2955871B1 (en) Cryptographic method for securely exchanging messages and device and system for implementing this method
CN104468089A (en) Data protecting apparatus and method thereof
CN101478548B (en) Data transmission ciphering and integrity checking method
CN107453880B (en) Cloud data secure storage method and system
CN104579679B (en) Wireless public network data forwarding method for agriculture distribution communication equipment
CN107135070A (en) Method for implanting, framework and the system of RSA key pair and certificate
CN1607511B (en) Data protection method and system
CN104268447A (en) Encryption method of embedded software
CN105978686A (en) Key management method and system
CN104866784A (en) BIOS encryption-based safety hard disk, and data encryption and decryption method
CN108900540A (en) A kind of business data processing method of the distribution terminal based on double-encryption
CN105187453A (en) Security encryption communication method of fault indicator
CN108599927A (en) The protective relaying device of integrated national secret algorithm security module
CN105022651A (en) Anti-piratic method in equipment production process and firmware burning device
CN103475466A (en) USBKey bus protection implementation method
CN205584238U (en) Network data encryption equipment
CN103001763A (en) Encryption method for maintenance of power distribution terminals
CN106385412A (en) Method for reduction round fault analysis of the first four rounds in SM4 cryptographic algorithm
CN105262743A (en) Data storage method, safety device and network storage system
CN105915345A (en) Realization method for authorized production and reform in home gateway device production testing
CN106341222A (en) Reduction wheel fault analysis method aiming at SM4 password algorithm intermediate 5 wheels

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination