CN108881224A - Encryption method and related device for power distribution automation system - Google Patents
Encryption method and related device for power distribution automation system Download PDFInfo
- Publication number
- CN108881224A CN108881224A CN201810628788.9A CN201810628788A CN108881224A CN 108881224 A CN108881224 A CN 108881224A CN 201810628788 A CN201810628788 A CN 201810628788A CN 108881224 A CN108881224 A CN 108881224A
- Authority
- CN
- China
- Prior art keywords
- key
- terminal
- random number
- encryption
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000009826 distribution Methods 0.000 title claims abstract description 73
- 238000000034 method Methods 0.000 title claims abstract description 56
- 230000005540 biological transmission Effects 0.000 claims abstract description 41
- 230000002457 bidirectional effect Effects 0.000 claims abstract description 39
- 238000003860 storage Methods 0.000 claims abstract description 13
- 238000004364 calculation method Methods 0.000 claims description 17
- 238000012545 processing Methods 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 10
- 238000005538 encapsulation Methods 0.000 claims description 2
- 230000009977 dual effect Effects 0.000 abstract description 3
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 238000009434 installation Methods 0.000 description 13
- 238000004422 calculation algorithm Methods 0.000 description 10
- 238000012795 verification Methods 0.000 description 9
- 230000007246 mechanism Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 238000004891 communication Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 4
- 101100203322 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) SKS1 gene Proteins 0.000 description 2
- 238000013524 data verification Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000005641 tunneling Effects 0.000 description 2
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses an encryption method of a distribution automation system, an IPSec safety tunnel with a very high safety coefficient is established between a safety gateway and a terminal, the data transmission safety of the distribution automation system on a network layer is kept, on the basis, bidirectional authentication is carried out between a main station and the terminal by adopting an asymmetric key, the safety of bidirectional identity authentication is improved, encryption transmission is adopted after the authentication is passed, the data transmission safety of the distribution automation system on an application layer is kept, the dual data encryption of the distribution automation system on the network layer and the application layer is realized, the data safety protection level of the distribution automation system is improved, and the possibility of being attacked maliciously is reduced. The application also discloses an encryption device, a server and a computer readable storage medium of the power distribution automation system, which have the beneficial effects.
Description
Technical field
This application involves electrical power distribution automatization system technical field, in particular to a kind of encryption side of electrical power distribution automatization system
Method, encryption device, server and computer readable storage medium.
Background technique
With power distribution network Fast Construction, power distribution network is responsible for more and more important function in the power system, as direct
Contact user power utilization important link, it safety whether be directly related to power supply capacity and power supply quality, also influence user
Daily production and living activity.
Power distribution automation network is built in actual area, passes through laying between the node in general power distribution network
Private communication optical fiber is communicated, and when being built to city expropriation of land and old town, the transformation difficulty of power distribution network increases, nothing
Method is laid with private communication optical fiber.Therefore, in this case, power distribution network uses public network communication (GPRS/CDMA/TD-
SCDMA/230Mhz etc.) transmit electric network information and control instruction.Correspondingly, needing to be added during wireless public network communication
The Security mechanism of network layer and application layer.
But the prior art is general to be only encrypted in network layer or application layer, causes security protection not comprehensive enough.
And two-way authentication is carried out usually using symmetric key before application layer establishes network communication in the prior art, and it is right
Claim key safety lower, distribution main website and distribution terminal can not be protected, when there are malicious attack, pseudo-base station can not be handled and attacked
The problem of hitting is unfavorable in this application environment of the needs compared with high safety protection level of power distribution network, it is possible to cause serious
Security consequences.
Therefore, how to improve safety of the power distribution network in network connection is that those skilled in the art's emphasis of interest is asked
Topic.
Summary of the invention
The purpose of the application is to provide encryption method, encryption device, server and the meter of a kind of electrical power distribution automatization system
Calculation machine readable storage medium storing program for executing establishes the high ipsec security tunnel of safety coefficient by elder generation between security gateway and terminal, protects
Electrical power distribution automatization system has been held in the data transmission security of network layer, on this basis using asymmetric between main website and terminal
Key carries out two-way authentication, improves the safety of bidirectional identification verifying, uses encrypted transmission after being verified again, maintains and match
Electric automation system realizes electrical power distribution automatization system in the dual of network layer and application layer in the data transmission security of application layer
Data encryption improves the data safety protection level of electrical power distribution automatization system, a possibility that reducing by malicious attack.
In order to solve the above technical problems, the application provides a kind of encryption method of electrical power distribution automatization system, including:
Security gateway establishes ipsec security tunnel in network layer using ipsec protocol and terminal;
When the ipsec security tunnel is successfully established, main website is by encryption authentication device with the terminal according to asymmetric
Key executes bidirectional identity authentication operation;
When bidirectional identity authentication operation passes through, the main website according to the chip serial number of the terminal of acquisition and
Key version chooses symmetric key, and carries out encrypted transmission to data message in application layer according to the symmetric key.
Optionally, security gateway establishes ipsec security tunnel using ipsec protocol and terminal, including:
The security gateway carries out working key generation processing to the terminal, is conversated according to obtained working key
Key generation processing, obtains session key;
The ipsec security tunnel is established according to the working key and the session key and the terminal, and is used
Symmetric cryptography mode encrypts the data message in the ipsec security tunnel to obtain encryption message, is sealed using ESP agreement
Dress mode is packaged transmission to the encryption message.
Optionally, security gateway establishes ipsec security tunnel using ipsec protocol and terminal, further includes:
The working key and the session key are updated according to the first predetermined period.
Optionally, main website executes bidirectional identity authentication behaviour according to unsymmetrical key by encryption authentication device and the terminal
Make, including:
The first random number that the encryption authentication device obtains is sent to the terminal by the main website, so that the terminal
First random number received and the second random number obtained the first signature calculation is carried out according to the first private key to handle
To the first signature, first random number, second random number and first signature are sent;
Whether first signature received according to the judgement of the first public key is correct;
It handles to obtain the second signature if so, carrying out the second signature calculation to second random number according to the second private key,
Second signature is sent so that the terminal received according to the second public key and second random number judgement described the
Whether two signatures are correct, if so, sending authenticate-acknowledge information to the main website;
Receive the authenticate-acknowledge information.
Optionally, terminal carries out first random number received and the second random number obtained according to the first private key
First signature calculation handles to obtain the first signature, by first random number, second random number and first signature
It sends, including:
The terminal obtains second random number, and to first random number and second random number received
Cryptographic Hash calculating is carried out, the first cryptographic Hash is obtained;
First cryptographic Hash is encrypted according to first private key, obtains first signature;
First random number, second random number and first signature are sent.
Optionally, whether first signature received according to the judgement of the first public key is correct, including:
Main website is decrypted first signature according to first public key, obtains first cryptographic Hash;
First random number and second random number are subjected to cryptographic Hash calculating, obtain the second cryptographic Hash;
Judge whether first cryptographic Hash and second cryptographic Hash are identical.
Optionally, further include:
First private key, first public key, second private key and second public affairs are updated according to predetermined period
Key.
The application also provides a kind of encryption device of electrical power distribution automatization system, including:
Network layer encryption module, for establishing ipsec security tunnel using ipsec protocol and terminal;
Application layer authentication module, for being successfully established when the ipsec security tunnel, main website passes through encryption certification dress
It sets and bidirectional identity authentication operation is executed according to unsymmetrical key with the terminal;
Application layer encryption module is chosen symmetrical close for the chip serial number and key version according to the terminal of acquisition
Key, and encrypted transmission is carried out to data message in application layer according to the symmetric key.
The application also provides a kind of server, including:
Memory, for storing computer program;
Processor, the step of encryption method as described above is realized when for executing the computer program.
The application also provides a kind of computer readable storage medium, and calculating is stored on the computer readable storage medium
The step of machine program, the computer program realizes encryption method as described above when being executed by processor.
A kind of encryption method of electrical power distribution automatization system provided herein, including:Security gateway uses ipsec protocol
Ipsec security tunnel is established in network layer with terminal;When the ipsec security tunnel is successfully established, main website passes through encryption certification
Device and the terminal execute bidirectional identity authentication according to unsymmetrical key and operate;When bidirectional identity authentication operation passes through
When, the main website chooses symmetric key according to the chip serial number and key version of the terminal of acquisition, and according to described right
Key is claimed to carry out encrypted transmission to data message in application layer.
The high ipsec security tunnel of safety coefficient is established between security gateway and terminal by elder generation, maintains distribution
Automated system is carried out between main website and terminal using unsymmetrical key on this basis in the data transmission security of network layer
Two-way authentication improves the safety of bidirectional identification verifying, uses encrypted transmission after being verified again, maintains power distribution automation
In the data transmission security of application layer, the double data for realizing electrical power distribution automatization system in network layer and application layer adds system
It is close, the data safety protection level of electrical power distribution automatization system is improved, a possibility that reducing by malicious attack.
The application also provides the encryption device, server and computer-readable storage medium of a kind of electrical power distribution automatization system
Matter has the above beneficial effect, and this will not be repeated here.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
The embodiment of application for those of ordinary skill in the art without creative efforts, can also basis
The attached drawing of offer obtains other attached drawings.
Fig. 1 is a kind of flow chart of the encryption method of electrical power distribution automatization system provided by the embodiment of the present application;
Fig. 2 is the flow chart for establishing ipsec security tunneling process of encryption method provided by the embodiment of the present application;
Fig. 3 is the flow chart of the bidirectional identity authentication operation of encryption method provided by the embodiment of the present application;
Fig. 4 is the flow chart of the encryption side of another kind electrical power distribution automatization system provided by the embodiment of the present application;
Fig. 5 is a kind of structural schematic diagram of the encryption device of electrical power distribution automatization system provided by the embodiment of the present application.
Specific embodiment
The core of the application is to provide encryption method, encryption device, server and the meter of a kind of electrical power distribution automatization system
Calculation machine readable storage medium storing program for executing establishes the high ipsec security tunnel of safety coefficient by elder generation between security gateway and terminal, protects
Electrical power distribution automatization system has been held in the data transmission security of network layer, on this basis using asymmetric between main website and terminal
Key carries out two-way authentication, improves the safety of bidirectional identification verifying, uses encrypted transmission after being verified again, maintains and match
Electric automation system realizes electrical power distribution automatization system in the dual of network layer and application layer in the data transmission security of application layer
Data encryption improves the data safety protection level of electrical power distribution automatization system, a possibility that reducing by malicious attack.
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application
In attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is
Some embodiments of the present application, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art
Every other embodiment obtained without making creative work, shall fall in the protection scope of this application.
The prior art is general to be only encrypted in network layer or application layer, causes security protection not comprehensive enough.And
Two-way authentication is carried out usually using symmetric key before application layer establishes network communication in the prior art, and it is symmetrical close
Key safety is lower, can not protect distribution main website and distribution terminal, when there are malicious attack, can not handle pseudo-base station attack
Problem is unfavorable in this application environment of the needs compared with high safety protection level of power distribution network, it is possible to cause serious safety
Property consequence.
Therefore, the present embodiment provides a kind of encryption methods of electrical power distribution automatization system, by elder generation in security gateway and terminal
Between establish the high ipsec security tunnel of safety coefficient, maintain electrical power distribution automatization system network layer data transmission peace
Entirely, two-way authentication is carried out using unsymmetrical key between main website and terminal on this basis, improves bidirectional identification verifying
Safety uses encrypted transmission again after being verified, maintain electrical power distribution automatization system in the data transmission security of application layer, in fact
Show electrical power distribution automatization system to encrypt in the double data of network layer and application layer, improves the data peace of electrical power distribution automatization system
Full protection is horizontal, a possibility that reducing by malicious attack.
Specifically, referring to FIG. 1, Fig. 1 is a kind of encryption side of electrical power distribution automatization system provided by the embodiment of the present application
The flow chart of method.
This method may include:
S101, security gateway establish ipsec security tunnel in network layer using ipsec protocol and terminal;
It should be noted that the structure of the electrical power distribution automatization system in the present embodiment is that main website is connect with security gateway, pacify
Full gateway is connect with terminal by public network.
Therefore, this step is intended to security gateway establishing ipsec security tunnel in network layer using ipsec protocol and terminal
Road.Specifically, this step is to pass through the Safeguard tactics using the Safeguard tactics based on national secret algorithm ipsec protocol
Ipsec security tunnel is established by security gateway and Distributing Terminal Assembly, the encryption and decryption and certification of network layer data may be implemented.
Wherein, IPSec (InternetProtocolSecurity) agreement is for providing the safety of IP layers (network layer).
When being communicated due to all hosts for supporting ICP/IP protocol, IP layers of processing will be passed through, so providing IP layers of peace
Full property is equivalent to provide the basis of secure communication for whole network.
S102, when ipsec security tunnel is successfully established, main website is by encryption authentication device and terminal according to unsymmetrical key
Execute bidirectional identity authentication operation;
On the basis of step S101, this step is intended to be successfully established when ipsec security tunnel, and main website passes through encryption certification
Device and terminal execute bidirectional identity authentication according to unsymmetrical key and operate.
In this step, due to being recognized in embodiment bidirectional identification using the bidirectional identity authentication operation based on unsymmetrical key
During card, need the data of certain length as the plaintext data in verification process, and whether plaintext data is stolen,
Also it will affect the safety in verification process, therefore use random number as the plaintext data in verification process in this step.Institute
By encryption authentication device acquisition random number in this step, and to pass through encryption authentication device and distribution certainly using the random number
Terminal in dynamicization system executes bidirectional identity authentication operation according to unsymmetrical key.
It should be noted that the safety of authentication is improved in the present embodiment, bidirectional identity authentication operation difference
Two-wheeled main website is carried out to terminal, terminal operates the authentication of main website, correspondingly, also saving respectively in main website and terminal
Two sets of unsymmetrical key, further increase the safety of authentication operation, the security risk for avoiding pseudo-base station from invading.
S103, when bidirectional identity authentication operation passes through, the main website is according to the chip serial number of the terminal of acquisition
Symmetric key is chosen with key version, and encrypted transmission is carried out to data message in application layer according to the symmetric key.
On the basis of step S102, that is, when bidirectional identity authentication operation passes through, main website obtains terminal at this time
Chip serial number and key version, so that getting and being used for according to chip serial number and key version between subsequent main website and terminal
Data message is encrypted in application layer to the symmetric key of data encryption, and according to the symmetric key, is realized in application layer
To the encrypted transmission of data message.
It should be noted that the ipsec security tunnel that security gateway and terminal are established in the present embodiment is in network layer
Implement corresponding safeguard protection, after the completion of IP Security protection, main website and terminal are laggard in application layer progress authentication
Row secure encrypted transmission, that is, the safe transmission of the response in application layer foundation.Therefore, the present embodiment is the equal of in distribution
It establishes in automated system and is protected in the double-encryption of network layer and application layer.
To sum up, the present embodiment between security gateway and terminal by first establishing the high ipsec security tunnel of safety coefficient
Road maintains electrical power distribution automatization system in the data transmission security of network layer, uses between main website and terminal on this basis
Unsymmetrical key carries out two-way authentication, improves the safety of bidirectional identification verifying, uses encrypted transmission after being verified again, protects
Electrical power distribution automatization system has been held in the data transmission security of application layer, has realized electrical power distribution automatization system in network layer and application layer
Double data encryption, improve the data safety protection level of electrical power distribution automatization system, reduce by the possibility of malicious attack
Property.
Based on a upper embodiment, the present embodiment mainly does the ipsec security tunnel of how establishing in a upper embodiment
Illustrate, other parts are substantially the same with a upper embodiment, and same section can refer to a upper embodiment, and this will not be repeated here.
Referring to FIG. 2, Fig. 2 is that encryption method provided by the embodiment of the present application establishes ipsec security tunneling process
Flow chart.
The process may include:
S201, security gateway carry out working key generation processing to terminal, are conversated according to obtained working key close
Key generation processing, obtains session key;
S202 establishes ipsec security tunnel according to working key and session key and terminal, and uses symmetric cryptography mode
Data message in ipsec security tunnel is encrypted to obtain encryption message, using ESP protocol encapsulation mode to encryption message
It is packaged transmission.
The peace in network layer can be established between the security gateway and terminal of electrical power distribution automatization system through this embodiment
Full protection mechanism improves the vertical protection range in distribution system, solves network layer attacks bring security risk.
Based on a upper embodiment, the present embodiment is mainly to explain to the bidirectional identity authentication operation in a upper embodiment,
Other parts are substantially the same with a upper embodiment, and same section can refer to a upper embodiment, and this will not be repeated here.
Referring to FIG. 3, Fig. 3 is the process of the bidirectional identity authentication operation of encryption method provided by the embodiment of the present application
Figure.
S301, main website are sent to terminal for the first random number that authentication device obtains is encrypted, so that terminal is according to the first private
The first random number received and the second random number obtained are carried out the first signature calculation and handle to obtain the first signature by key, by the
One random number, the second random number and the first signature are sent;
This step, which is intended to obtain main website, is used to carry out the original text namely the first random number of signature verification, and by this first
Random number is sent in terminal.It can just make terminal that the first random number received and the second random number are carried out the first signature to count
It calculates, obtains the first signature for verifying, and the signature being calculated and the first random number and the second random number are sent to
In main website.
Wherein, the first random number can be obtains from the encryption authentication device being arranged with main website, is also possible to according to soft
Part obtains random number.Certainly, it is true random number by the random number that the encryption authentication device being separately provided obtains, further increases
The safety of two-way authentication, a possibility that reduction by malicious attack.
It is obtained from the encrypting module or encryption chip being arranged with terminal correspondingly, the second random number can be, it can also be with
It is that random number is obtained according to software.Certainly, by the random number that the encryption device or encryption chip that are separately provided obtain be very with
A possibility that machine number further increases the safety of two-way authentication, reduces by by malicious attack.
Wherein, it is that signature is calculated by key side when carrying out signature authentication by unsymmetrical key, it is logical holds public key side
Cross the correctness that public key judges the key.Therefore main website is to terminal the first random number of transmission in the present embodiment, and terminal is according to first
The first signature is calculated in private key.
Whether S302, the first signature received according to the judgement of the first public key are correct;
On the basis of step S301, this step is intended to get the first random number, second transmitted by terminal when main website
When random number and the first signature, the first signature is verified according to the first public key.
S303 handles to obtain the second signature if so, carrying out the second signature calculation to the second random number according to the second private key,
Second signature is sent, so that whether terminal is correct according to the second signature that the second public key and the judgement of the second random number receive,
If so, sending authenticate-acknowledge information to main website;
On the basis of step S302, this step is intended to when S302 is when being verified, that is, the first signature is correct,
Main website carries out the second signature calculation processing to the second random number further according to the second private key, obtains the second signature, then second is signed
It is sent at terminal and is verified, can determine that certification passes through between main website and terminal when being verified.When be verified for
Informing main website then sends authenticate-acknowledge information to main website.
In general, when two devices just complete unilateral authentication after once signed is verified, namely hold one end of public key
Unilateral authentication is completed after verifying to signature.But malicious party steals to the first private key and disguises oneself as terminal in order to prevent,
Or the first public key of replacement makes main website that malicious peer is identified as correct terminal, therefore also need between main website and terminal again into
The certification of row once signed is calculated the second signature at this time with the second private key that main website is held, then carries out signature by terminal and test
Card, completes signature verification operations twice, improves the safety of verification operation, avoids side's key is stolen pseudo-base station is caused to invade
The case where.
S304 receives authenticate-acknowledge information.
On the basis of step S303, main website receives authenticate-acknowledge information in this step, completes between main website and terminal
Two-way authentication operation.
Wherein, the first private key and the first public key of the present embodiment introduction are the public key and private key of terminal, and the first private key saves
In the terminal, the first public key is stored in main website.Second private key and the second public key are the public key and private key of main website, and the second private key is protected
There are in main website, the second public key is saved in the terminal.
Optionally, in order to improve the reliability of bidirectional identity authentication, the present embodiment can also include:
The first private key, the first public key, the second private key and the second public key are updated according to predetermined period.
Wherein, predetermined period can choose such as 1 day or 1 week, can also be selected according to actual applicable cases, tool
Body is it is not limited here.
Above step S301 to S304 provide it is a kind of with unsymmetrical key carry out mutual authentication method, by private key with
The signature verification operations of public key improve the safety of bidirectional identification verifying, avoid the security risk of pseudo-base station intrusion.And
And to being verified than in the prior art by diploma system, this programme only needs to obtain random number and pre-set non-right
Key is claimed just to complete two-way authentication.
The first signature calculation processing in a upper embodiment, the second signature calculation are handled and according to the first public key or second
The signature judgment method that public key carries out can use following explanation using any one method provided in the prior art
The method of offer.
Wherein, the processing of the first signature calculation is handled with the second signature calculation in addition to the parameter brought into is different with result, other
Part is essentially identical, and following handled with the first signature calculation is illustrated, and the processing of the second signature calculation can refer to descendants.
The processing method may include:
S401, terminal obtains the second random number, and carries out cryptographic Hash to the first random number received and the second random number
It calculates, obtains the first cryptographic Hash;
Wherein, the first cryptographic Hash is called the abstract for doing the first random number and the second random number, usually transmits to needs
Text carries out cryptographic Hash and is calculated, can be using SHA1 (a kind of hash algorithm), SHA2 (another hash algorithm) or SHA3
(also a kind of hash algorithm) obtains.Wherein, the safety highest of SHA3 algorithm.
S402 is encrypted the first cryptographic Hash according to the first private key, obtains the first signature;
On the basis of step S401, this step is intended to that the first cryptographic Hash is encrypted by the first private key, obtains
To encrypted first signature.
S403 sends the first random number, the second random number and the first signature.
On the basis of step S402, by original text (the first random number and the second random number) and the first signature being calculated
It is sent in main website and is verified.
Wherein, the signature judgment method that the first public key or the second public key carry out, in addition to judging object difference, other parts base
This is identical, can mutually refer to, illustrate the signature judgment method of the first public key below.
This method may include:
S501, main website are decrypted the first signature according to the first public key, obtain the first cryptographic Hash;
This step is intended to go out according to the first public key decryptions the abstract of the original text transmitted in the first cryptographic Hash, that is, signature.
First random number and the second random number are carried out cryptographic Hash calculating, obtain the second cryptographic Hash by S502;
The original text that this step is intended to obtain directly carries out cryptographic Hash calculating, obtains the second cryptographic Hash.
It should be noted that the precedence relationship being not carried out between step S501 and step S502, can execute side by side,
It can be executed at random, as long as last available first cryptographic Hash and the second cryptographic Hash, specifically it is not limited here.
S503 judges whether the first cryptographic Hash and the second cryptographic Hash are identical.
On the basis of step S501 and step S502, this step is intended to judge whether are the first cryptographic Hash and the second cryptographic Hash
Identical, if the same decision verification passes through, and decision verification does not pass through if not identical.
Based on all of above embodiment, can also be provided between a kind of application main website in the actual environment and terminal below
The encryption method in network layer and application layer, that is, on the basis of original network layer encryption add the present embodiment in
In the mutual authentication method of the implementation of application layer.
Referring to FIG. 4, Fig. 4 is the process of the encryption side of another kind electrical power distribution automatization system provided by the embodiment of the present application
Figure.
In the method, the encryption of network layer is completed by security gateway and terminal, it is specific as follows:
The network layer encryption stage uses the Safeguard tactics based on national secret algorithm ipsec protocol, by security gateway and end
End device establishes ipsec security tunnel, realizes the encryption and decryption and certification of network layer data.Including following sub-step:
Step S601, both sides negotiate security mechanism, and security gateway first sends a security mechanism, terminal dress to terminal installation
Corresponding security mechanism is put back into again, and sends to security gateway oneself signing certificate and encrypted certificate simultaneously;
Step S602, both sides are based on digital certificate and complete authentication and data exchange, the data of exchange including the use of with
Identity number, signing certificate and encrypted certificate after machine number and public key encryption etc., it is substantially close that both sides are based on above data generation
Key parameter, and further calculate generation working key;
Step S603, carries out data verification, and both sides count security mechanism, identity number etc. with basic key parameter
Verify data is generated according to abstract operation, verify data is exchanged and verifies mutually;
Step S604 verifies errorless rear determining working key.
The main purpose of step S601 to step S603 are to generate working key.
Step S605, security gateway and terminal installation both sides carry out data exchange, and the data of exchange include that security mechanism (contains
Random number), encryption and signature key parameter, identity, and based on working key to above-mentioned data carry out abstract operation obtain
The hash key arrived;
Step S606, carry out data verification, based on working key to the information such as the encryption of both sides and signature key parameter into
Row abstract operation, generates verify data, exchanges verify data and verifies mutually;
Step S607 generates session key, encryption and signature key parameter to random number, both sides contained by security mechanism etc.
Information carries out abstract operation, obtains session encryption key and integrity of sessions check key;
Step S608 establishes the tunnel IPSec-VPN.
The main purpose of step S605 to step S608 are to generate session key.
Step S609, after security gateway and the foundation of the tunnel IPSec-VPN of terminal installation both sides, it is logical that both sides enter encryption
The letter stage;All data messages use symmetric cryptography mode, and encapsulate to ESP protocol massages and transmitted, and complete the network number of plies
According to encryption.
Step S609 is generated in the IPSec-VPN tunnel basis established after working key and session key, using encryption
Transmission.
The network layer encryption stage uses the Safeguard tactics based on ipsec protocol, is built by security gateway and terminal installation
Vertical ipsec security tunnel provides safe transmission service for distribution automation system data, and passes through Network Isolation and access control
The application of technology establishes safety curtain between the internal network and public network of distribution main station system.
In application layer, the encryption of application layer is completed by main website and terminal, it is specific as follows:
The application layer encryption stage uses the Safeguard tactics based on 101/104 agreement, is realized by main website and terminal installation
Bidirectional identity authentication, and the encryption and decryption based on standard national secret algorithm realization application layer data.Including following sub-step:
Step S610, main website and terminal installation establish link, and main website initiates the linking request with terminal, and security gateway returns
With terminal installation successful authentication result;
Step S611, main website and terminal installation complete bidirectional identity authentication, and main website takes random number R 1 from encryption authentication device,
It is sent to terminal installation, terminal installation takes random number R 2, main website is sent to after R1+R2 signs according to unsymmetrical key, simultaneously
Terminal installation saves R1, and main website verifies terminal signature validity according to unsymmetrical key, and main website is completed after being verified to terminal
Authentication, subsequent main website according to asymmetric key pair R2 sign, result is sent into terminal, terminal is tested according to unsymmetrical key
The correctness for demonstrate,proving main website signature completes authentication and return authentication confirmation message of the terminal to main website after being verified;
Step S612, the chip serial number of main website reading terminals device, after bidirectional identity authentication success, main website, which is sent, to be read
The message of terminal chip sequence number, terminal return to the sequence number of chip;
Step S613, main website obtain the current key version of terminal installation, and main website sends the report of reading terminals key version
Text, terminal return to the version number of key in current chip;
Step S610 to step S613 completes the operation of the bidirectional identity authentication between main website and terminal.
Step S614, both sides complete the negotiation of interactive key, application layer data are carried out encrypted transmission.
After the bidirectional identity authentication operation of step S610 to step S613 passes through, this step S614 is mainly in application layer
Complete encrypted transmission.
The application layer encryption stage on the basis of setting up ipsec security tunnel, realizes main website and distribution network terminal device
Between transmission channel connection, initiate authentication from main website to terminal installation, both sides are using domestic commercial asymmetric cryptographic algorithm
(SM2, SM3) realizes bidirectional identity authentication, and the second weight of business datum is realized based on pre-buried safe distribution of electric power protection key code system
Encryption and decryption.
To sum up, the high ipsec security tunnel of safety coefficient is established between security gateway and terminal by elder generation, is maintained
Electrical power distribution automatization system uses unsymmetrical key in the data transmission security of network layer between main website and terminal on this basis
Two-way authentication is carried out, the safety of bidirectional identification verifying is improved, uses encrypted transmission after being verified again, maintains distribution certainly
Dynamicization system realizes electrical power distribution automatization system in the double data of network layer and application layer in the data transmission security of application layer
Encryption, improves the data safety protection level of electrical power distribution automatization system, a possibility that reducing by malicious attack.
A kind of encryption device of electrical power distribution automatization system provided by the embodiments of the present application is introduced below, is described below
The encryption device of electrical power distribution automatization system a kind of can be mutual with a kind of above-described encryption method of electrical power distribution automatization system
To should refer to.
Specifically, referring to FIG. 5, Fig. 5 is a kind of encryption dress of electrical power distribution automatization system provided by the embodiment of the present application
The structural schematic diagram set.
The apparatus may include:
Network layer encryption module 100, for establishing ipsec security tunnel using ipsec protocol and terminal;
Application layer authentication module 200, for being successfully established when the ipsec security tunnel, main website passes through encryption certification dress
It sets and bidirectional identity authentication operation is executed according to unsymmetrical key with the terminal;
Application layer encryption module 300, for when bidirectional identity authentication operation passes through, the main website to be according to acquisition
The chip serial number and key version of the terminal choose symmetric key, and according to the symmetric key in application layer to datagram
Text carries out encrypted transmission.
The application also provides a kind of server, which is characterized in that including:
Memory, for storing computer program;
Processor, when for executing computer program the step of the realization such as encryption method of above embodiments.
The application also provides a kind of computer readable storage medium, which is characterized in that deposits on computer readable storage medium
The step of containing computer program, the encryption method such as above embodiments realized when computer program is executed by processor.
Each embodiment is described in a progressive manner in specification, the highlights of each of the examples are with other realities
The difference of example is applied, the same or similar parts in each embodiment may refer to each other.For device disclosed in embodiment
Speech, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is referring to method part illustration
?.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure
And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and
The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These
Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession
Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered
Think beyond scope of the present application.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor
The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit
Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology
In any other form of storage medium well known in field.
Above to a kind of encryption method of electrical power distribution automatization system provided herein, encryption device, server and
Computer readable storage medium is described in detail.Principle and embodiment of the specific case to the application used herein
It is expounded, the description of the example is only used to help understand the method for the present application and its core ideas.It should be pointed out that
For those skilled in the art, under the premise of not departing from the application principle, can also to the application into
Row some improvements and modifications, these improvement and modification are also fallen into the protection scope of the claim of this application.
Claims (10)
1. a kind of encryption method of electrical power distribution automatization system, which is characterized in that including:
Security gateway establishes ipsec security tunnel in network layer using ipsec protocol and terminal;
When the ipsec security tunnel is successfully established, main website is by encryption authentication device and the terminal according to unsymmetrical key
Execute bidirectional identity authentication operation;
When bidirectional identity authentication operation passes through, the main website is according to the chip serial number and key of the terminal of acquisition
Version chooses symmetric key, and carries out encrypted transmission to data message in application layer according to the symmetric key.
2. encryption method according to claim 1, which is characterized in that security gateway is established using ipsec protocol and terminal
Ipsec security tunnel, including:
The security gateway carries out working key generation processing to the terminal, is conversated key according to obtained working key
Generation processing, obtains session key;
The ipsec security tunnel is established according to the working key and the session key and the terminal, and using symmetrical
Cipher mode encrypts the data message in the ipsec security tunnel to obtain encryption message, using the protocol encapsulation side ESP
Formula is packaged transmission to the encryption message.
3. encryption method according to claim 2, which is characterized in that security gateway is established using ipsec protocol and terminal
Ipsec security tunnel further includes:
The working key and the session key are updated according to the first predetermined period.
4. encryption method according to claim 1, which is characterized in that main website passes through encryption authentication device and the terminal root
Bidirectional identity authentication operation is executed according to unsymmetrical key, including:
Obtained first random number of encryption authentication device is sent to the terminal by the main website so that the terminal according to
First random number received and the second random number obtained are carried out the first signature calculation and handle to obtain the by the first private key
One signature sends first random number, second random number and first signature;
Whether first signature received according to the judgement of the first public key is correct;
It handles to obtain the second signature if so, carrying out the second signature calculation to second random number according to the second private key, by institute
The transmission of the second signature is stated, so that second label that the terminal is received according to the second public key and second random number judgement
Whether name is correct, if so, sending authenticate-acknowledge information to the main website;
Receive the authenticate-acknowledge information.
5. encryption method according to claim 4, which is characterized in that terminal will be received according to the first private key described
One random number and obtain the second random number carry out the first signature calculation handle to obtain the first signature, by first random number,
Second random number and first signature are sent, including:
The terminal obtains second random number, and carries out to first random number received and second random number
Cryptographic Hash calculates, and obtains the first cryptographic Hash;
First cryptographic Hash is encrypted according to first private key, obtains first signature;
First random number, second random number and first signature are sent.
6. encryption method according to claim 5, which is characterized in that described first received according to the judgement of the first public key
It whether correct signs, including:
Main website is decrypted first signature according to first public key, obtains first cryptographic Hash;
First random number and second random number are subjected to cryptographic Hash calculating, obtain the second cryptographic Hash;
Judge whether first cryptographic Hash and second cryptographic Hash are identical.
7. according to the described in any item encryption methods of claim 4 to 6, which is characterized in that further include:
First private key, first public key, second private key and second public key are updated according to predetermined period.
8. a kind of encryption device of electrical power distribution automatization system, which is characterized in that including:
Network layer encryption module, for establishing ipsec security tunnel using ipsec protocol and terminal;
Application layer authentication module, for being successfully established when the ipsec security tunnel, main website by the encryption authentication device and
The terminal executes bidirectional identity authentication operation according to unsymmetrical key;
Application layer encryption module, for choosing symmetric key according to the chip serial number and key version of the terminal of acquisition,
And encrypted transmission is carried out to data message in application layer according to the symmetric key.
9. a kind of server, which is characterized in that including:
Memory, for storing computer program;
Processor realizes the step of encryption method as described in any one of claim 1 to 7 when for executing the computer program
Suddenly.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program, the computer program realize the step of encryption method as described in any one of claim 1 to 7 when being executed by processor
Suddenly.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810628788.9A CN108881224A (en) | 2018-06-19 | 2018-06-19 | Encryption method and related device for power distribution automation system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810628788.9A CN108881224A (en) | 2018-06-19 | 2018-06-19 | Encryption method and related device for power distribution automation system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108881224A true CN108881224A (en) | 2018-11-23 |
Family
ID=64339658
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810628788.9A Pending CN108881224A (en) | 2018-06-19 | 2018-06-19 | Encryption method and related device for power distribution automation system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108881224A (en) |
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109413112A (en) * | 2018-12-21 | 2019-03-01 | 北京科东电力控制系统有限责任公司 | High concurrent collecting method and device |
| CN109450937A (en) * | 2018-12-24 | 2019-03-08 | 深圳市华讯方舟卫星产业科技有限公司 | Information secure communications method, system, network interface card and storage medium |
| CN109560928A (en) * | 2018-12-03 | 2019-04-02 | 西安沣源智能装备科技有限公司 | A kind of encryption method based on state's net cryptographic protocol |
| CN109688115A (en) * | 2018-12-11 | 2019-04-26 | 北京数盾信息科技有限公司 | A kind of data safe transmission system |
| CN109905371A (en) * | 2019-01-24 | 2019-06-18 | 国网河南省电力公司电力科学研究院 | Two-way encrypted authentication system and its application method |
| CN110046906A (en) * | 2019-04-18 | 2019-07-23 | 郑建建 | A kind of the two-way authentication method of commerce and system of MPOS machine and server |
| CN110049045A (en) * | 2019-04-19 | 2019-07-23 | 中国南方电网有限责任公司 | A kind of security certification system of power carrier |
| CN110300108A (en) * | 2019-06-26 | 2019-10-01 | 国网山东省电力公司临朐县供电公司 | A kind of power distribution automation message encryption transmission method, system, terminal and storage medium |
| CN110311921A (en) * | 2019-07-11 | 2019-10-08 | 南方电网科学研究院有限责任公司 | Power distribution terminal encryption and decryption method, system, equipment and computer storage medium |
| CN110535653A (en) * | 2019-07-15 | 2019-12-03 | 中国电力科学研究院有限公司 | A kind of safe distribution terminal and its means of communication |
| CN111083129A (en) * | 2019-12-09 | 2020-04-28 | 广州信天翁信息科技有限公司 | Data secure transmission method, heterogeneous data transmission layer and system |
| CN111193735A (en) * | 2019-12-27 | 2020-05-22 | 泛在数字电能技术(珠海)有限公司 | Intelligent terminal safety communication system based on independent computing unit |
| CN111245862A (en) * | 2020-02-25 | 2020-06-05 | 无锡艾立德智能科技有限公司 | System for safely receiving and sending terminal data of Internet of things |
| CN111294212A (en) * | 2020-05-12 | 2020-06-16 | 广东纬德信息科技股份有限公司 | Security gateway key negotiation method based on power distribution |
| CN111475816A (en) * | 2020-04-09 | 2020-07-31 | 南京陇源汇能电力科技有限公司 | Distribution network terminal safety detection system and detection method thereof |
| CN111669289A (en) * | 2020-05-28 | 2020-09-15 | 国网上海市电力公司 | Network architecture system for orderly power utilization management |
| CN111711625A (en) * | 2020-06-15 | 2020-09-25 | 江苏方天电力技术有限公司 | Power system information security encryption system based on power distribution terminal |
| CN111865562A (en) * | 2020-07-23 | 2020-10-30 | 积成电子股份有限公司 | Encryption method and system based on AES and HMAC-SHA in DNP protocol of power distribution terminal |
| CN112351000A (en) * | 2020-10-16 | 2021-02-09 | 深圳Tcl新技术有限公司 | Bidirectional identity authentication method, system, device and storage medium |
| CN112751674A (en) * | 2020-12-30 | 2021-05-04 | 上海果通通信科技股份有限公司 | Virtual private network access authentication method, system, device and readable storage medium |
| CN112787990A (en) * | 2020-10-28 | 2021-05-11 | 国网辽宁省电力有限公司电力科学研究院 | Power terminal trusted access authentication method and system |
| CN113473470A (en) * | 2021-06-30 | 2021-10-01 | 广东纬德信息科技股份有限公司 | Charging pile networking communication system based on 5G and bidirectional communication method |
| CN113556307A (en) * | 2020-04-03 | 2021-10-26 | 国网上海能源互联网研究院有限公司 | Edge Internet of things agent, access gateway, Internet of things management platform and safety protection method |
| CN114221772A (en) * | 2021-12-14 | 2022-03-22 | 南方电网科学研究院有限责任公司 | Safety chip and method for electric intelligent lock |
| CN114422205A (en) * | 2021-12-30 | 2022-04-29 | 广西电网有限责任公司电力科学研究院 | Method for establishing data tunnel of network layer of CPU chip special for electric power |
| CN114697022A (en) * | 2022-03-18 | 2022-07-01 | 北京国泰网信科技有限公司 | Encryption authentication method applied to power distribution network system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105187453A (en) * | 2015-10-22 | 2015-12-23 | 宁波三星医疗电气股份有限公司 | Security encryption communication method of fault indicator |
| CN105871873A (en) * | 2016-04-29 | 2016-08-17 | 国家电网公司 | Security encryption authentication module for power distribution terminal communication and method thereof |
| CN107018134A (en) * | 2017-04-06 | 2017-08-04 | 北京中电普华信息技术有限公司 | A kind of distribution terminal secure accessing platform and its implementation |
| CN207166786U (en) * | 2017-09-04 | 2018-03-30 | 湖南长高思瑞自动化有限公司 | A kind of encryption communication terminal based on 4G networks |
-
2018
- 2018-06-19 CN CN201810628788.9A patent/CN108881224A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105187453A (en) * | 2015-10-22 | 2015-12-23 | 宁波三星医疗电气股份有限公司 | Security encryption communication method of fault indicator |
| CN105871873A (en) * | 2016-04-29 | 2016-08-17 | 国家电网公司 | Security encryption authentication module for power distribution terminal communication and method thereof |
| CN107018134A (en) * | 2017-04-06 | 2017-08-04 | 北京中电普华信息技术有限公司 | A kind of distribution terminal secure accessing platform and its implementation |
| CN207166786U (en) * | 2017-09-04 | 2018-03-30 | 湖南长高思瑞自动化有限公司 | A kind of encryption communication terminal based on 4G networks |
Non-Patent Citations (2)
| Title |
|---|
| 王正乾: "《电力LTE专网的IPSEC VPN安全网关研究》", 《IT技术论坛》 * |
| 穆鸿涛: "《基于国密算法的配电网安全交互网关的研究与实现》", 《中国优秀硕士论文辑》 * |
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109560928A (en) * | 2018-12-03 | 2019-04-02 | 西安沣源智能装备科技有限公司 | A kind of encryption method based on state's net cryptographic protocol |
| CN109688115A (en) * | 2018-12-11 | 2019-04-26 | 北京数盾信息科技有限公司 | A kind of data safe transmission system |
| CN109688115B (en) * | 2018-12-11 | 2022-09-13 | 北京数盾信息科技有限公司 | Data security transmission system |
| CN109413112A (en) * | 2018-12-21 | 2019-03-01 | 北京科东电力控制系统有限责任公司 | High concurrent collecting method and device |
| CN109450937A (en) * | 2018-12-24 | 2019-03-08 | 深圳市华讯方舟卫星产业科技有限公司 | Information secure communications method, system, network interface card and storage medium |
| CN109905371B (en) * | 2019-01-24 | 2021-07-06 | 国网河南省电力公司电力科学研究院 | Bidirectional encryption authentication system and application method thereof |
| CN109905371A (en) * | 2019-01-24 | 2019-06-18 | 国网河南省电力公司电力科学研究院 | Two-way encrypted authentication system and its application method |
| CN110046906A (en) * | 2019-04-18 | 2019-07-23 | 郑建建 | A kind of the two-way authentication method of commerce and system of MPOS machine and server |
| CN110049045A (en) * | 2019-04-19 | 2019-07-23 | 中国南方电网有限责任公司 | A kind of security certification system of power carrier |
| CN110300108A (en) * | 2019-06-26 | 2019-10-01 | 国网山东省电力公司临朐县供电公司 | A kind of power distribution automation message encryption transmission method, system, terminal and storage medium |
| CN110311921B (en) * | 2019-07-11 | 2022-02-25 | 南方电网科学研究院有限责任公司 | Power distribution terminal encryption and decryption method, system, equipment and computer storage medium |
| CN110311921A (en) * | 2019-07-11 | 2019-10-08 | 南方电网科学研究院有限责任公司 | Power distribution terminal encryption and decryption method, system, equipment and computer storage medium |
| CN110535653A (en) * | 2019-07-15 | 2019-12-03 | 中国电力科学研究院有限公司 | A kind of safe distribution terminal and its means of communication |
| CN111083129A (en) * | 2019-12-09 | 2020-04-28 | 广州信天翁信息科技有限公司 | Data secure transmission method, heterogeneous data transmission layer and system |
| CN111193735A (en) * | 2019-12-27 | 2020-05-22 | 泛在数字电能技术(珠海)有限公司 | Intelligent terminal safety communication system based on independent computing unit |
| CN111245862A (en) * | 2020-02-25 | 2020-06-05 | 无锡艾立德智能科技有限公司 | System for safely receiving and sending terminal data of Internet of things |
| CN113556307A (en) * | 2020-04-03 | 2021-10-26 | 国网上海能源互联网研究院有限公司 | Edge Internet of things agent, access gateway, Internet of things management platform and safety protection method |
| CN111475816A (en) * | 2020-04-09 | 2020-07-31 | 南京陇源汇能电力科技有限公司 | Distribution network terminal safety detection system and detection method thereof |
| CN111294212A (en) * | 2020-05-12 | 2020-06-16 | 广东纬德信息科技股份有限公司 | Security gateway key negotiation method based on power distribution |
| CN111669289A (en) * | 2020-05-28 | 2020-09-15 | 国网上海市电力公司 | Network architecture system for orderly power utilization management |
| CN111711625A (en) * | 2020-06-15 | 2020-09-25 | 江苏方天电力技术有限公司 | Power system information security encryption system based on power distribution terminal |
| CN111865562A (en) * | 2020-07-23 | 2020-10-30 | 积成电子股份有限公司 | Encryption method and system based on AES and HMAC-SHA in DNP protocol of power distribution terminal |
| CN112351000A (en) * | 2020-10-16 | 2021-02-09 | 深圳Tcl新技术有限公司 | Bidirectional identity authentication method, system, device and storage medium |
| CN112351000B (en) * | 2020-10-16 | 2024-02-09 | 深圳Tcl新技术有限公司 | Bidirectional identity verification method, system, equipment and storage medium |
| CN112787990A (en) * | 2020-10-28 | 2021-05-11 | 国网辽宁省电力有限公司电力科学研究院 | Power terminal trusted access authentication method and system |
| CN112787990B (en) * | 2020-10-28 | 2023-01-31 | 国网辽宁省电力有限公司电力科学研究院 | Power terminal trusted access authentication method and system |
| CN112751674A (en) * | 2020-12-30 | 2021-05-04 | 上海果通通信科技股份有限公司 | Virtual private network access authentication method, system, device and readable storage medium |
| CN112751674B (en) * | 2020-12-30 | 2023-05-02 | 上海优咔网络科技有限公司 | Virtual private network access authentication method, system, equipment and readable storage medium |
| CN113473470A (en) * | 2021-06-30 | 2021-10-01 | 广东纬德信息科技股份有限公司 | Charging pile networking communication system based on 5G and bidirectional communication method |
| CN114221772A (en) * | 2021-12-14 | 2022-03-22 | 南方电网科学研究院有限责任公司 | Safety chip and method for electric intelligent lock |
| CN114422205A (en) * | 2021-12-30 | 2022-04-29 | 广西电网有限责任公司电力科学研究院 | Method for establishing data tunnel of network layer of CPU chip special for electric power |
| CN114422205B (en) * | 2021-12-30 | 2024-03-01 | 广西电网有限责任公司电力科学研究院 | Method for establishing network layer data tunnel of special CPU chip for electric power |
| CN114697022A (en) * | 2022-03-18 | 2022-07-01 | 北京国泰网信科技有限公司 | Encryption authentication method applied to power distribution network system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108881224A (en) | Encryption method and related device for power distribution automation system | |
| CN104702611B (en) | A kind of device and method for protecting Secure Socket Layer session key | |
| CN105553951B (en) | Data transmission method and device | |
| CN108650227B (en) | Handshaking method and system based on datagram secure transmission protocol | |
| WO2017185999A1 (en) | Method, apparatus and system for encryption key distribution and authentication | |
| CN102082796B (en) | Method for encrypting channels and simplified method and system for encrypting channels based on HTTP (hyper text transport protocol) | |
| CN101667916B (en) | Method of identifying user identity by digital certificate based on separating mapping network | |
| CN111756529B (en) | Quantum session key distribution method and system | |
| US20110188659A1 (en) | Method of integrating quantum key distribution with internet key exchange protocol | |
| CN105553654B (en) | Key information processing method and device, key information management system | |
| CN107294937A (en) | Data transmission method, client and server based on network service | |
| CN102111273B (en) | Pre-sharing-based secure data transmission method for electric load management system | |
| CN111865939A (en) | Point-to-point national secret tunnel establishment method and device | |
| CN106411926A (en) | Data encryption communication method and system | |
| CN111756528B (en) | Quantum session key distribution method, device and communication architecture | |
| CN113868672B (en) | Module wireless firmware upgrading method, security chip and wireless firmware upgrading platform | |
| CN108900540A (en) | Service data processing method of power distribution terminal based on double encryption | |
| JP2012100206A (en) | Cryptographic communication relay system, cryptographic communication relay method and cryptographic communication relay program | |
| CN211352206U (en) | IPSec VPN cryptographic machine based on quantum key distribution | |
| CN115174114A (en) | SSL tunnel establishment method, server and client | |
| CN105991622A (en) | Message authentication method and device | |
| CN105591748B (en) | A kind of authentication method and device | |
| CN112291196B (en) | End-to-end encryption method and system suitable for instant messaging | |
| CN113365264A (en) | Block chain wireless network data transmission method, device and system | |
| KR20190040443A (en) | Apparatus and method for creating secure session of smart meter |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200508 Address after: 510663 Building 3, 4, 5 and 3 of Building J1, 11 Kexiang Road, Science City, Luogang District, Guangzhou City, Guangdong Province Applicant after: China South Power Grid International Co.,Ltd. Applicant after: CHINA SOUTHERN POWER GRID Co.,Ltd. Address before: 510663 Building 3, 4, 5 and 3 of Building J1, 11 Kexiang Road, Science City, Luogang District, Guangzhou City, Guangdong Province Applicant before: China South Power Grid International Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181123 |
|
| RJ01 | Rejection of invention patent application after publication |