CN110995716A - Data transmission encryption and decryption method and system for transformer substation inspection robot - Google Patents

Data transmission encryption and decryption method and system for transformer substation inspection robot Download PDF

Info

Publication number
CN110995716A
CN110995716A CN201911244426.0A CN201911244426A CN110995716A CN 110995716 A CN110995716 A CN 110995716A CN 201911244426 A CN201911244426 A CN 201911244426A CN 110995716 A CN110995716 A CN 110995716A
Authority
CN
China
Prior art keywords
data
key
session key
encryption
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911244426.0A
Other languages
Chinese (zh)
Other versions
CN110995716B (en
Inventor
孙歆
韩嘉佳
李沁园
吕磅
李霁远
汪自翔
孙昌华
戴桦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Zhejiang Electric Power Co Ltd
Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
State Grid Zhejiang Electric Power Co Ltd
Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Zhejiang Electric Power Co Ltd, Electric Power Research Institute of State Grid Zhejiang Electric Power Co Ltd filed Critical State Grid Zhejiang Electric Power Co Ltd
Priority to CN201911244426.0A priority Critical patent/CN110995716B/en
Publication of CN110995716A publication Critical patent/CN110995716A/en
Application granted granted Critical
Publication of CN110995716B publication Critical patent/CN110995716B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C1/00Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people
    • G07C1/10Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people together with the recording, indicating or registering of other data, e.g. of signs of identity
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a data transmission encryption and decryption method and system for a substation inspection robot, which comprises the steps that when the inspection robot is used as a data sender to upload data to an information management system, the uploaded data are encrypted by adopting an SM4 encryption algorithm, and encryption transmission of a session key is realized by adopting an IPK digital envelope technology, the information management system is used as a data receiver to receive ciphertext data C and a digital envelope β sent by the inspection robot, a preconfigured private key sk is called to open the digital envelope β to obtain a session key skey, and the data C is decrypted by the session key through the SM4 algorithm to obtain original data.

Description

Data transmission encryption and decryption method and system for transformer substation inspection robot
Technical Field
The invention relates to the field of information safety, in particular to a data transmission encryption and decryption method and system for a transformer substation inspection robot.
Background
The traditional transformer substation monitoring and inspection is mainly carried out in a manual mode, and the manual inspection mode has the defects of high labor intensity, low working efficiency, dispersed detection quality, single means and the like. Meanwhile, in geographical conditions such as plateau, hypoxia, cold and the like or severe weather conditions, the manual inspection still has great safety risks. Especially, manually detected data cannot be accurately and timely accessed to the management information system.
In order to meet the requirement of increasing power supply quality, the flexible and practical transformer substation inspection robot can be applied. The inspection robot not only plays the role of reducing personnel and improving efficiency, but also can remove human factors, timely and accurately uploads inspection data to a management information system, and the unattended process of the transformer substation is promoted more quickly. The robot patrols and examines the in-process, through installing all kinds of sensing equipment on the robot, patrols and examines the robot and will patrol and examine data mode transmission to the management information system through wireless communication, these data through comparing and the analysis, unusual phenomena such as the defect of discovery power equipment in time, foreign matter hang to automatic implementation is reported to the police or is carried out the fault handling that sets up in advance.
At present, inspection robots are gradually popularized and popularized in transformer substations, however, most data are uploaded in plain texts or simply and symmetrically encrypted, and effective management on keys of encrypted data is lacked. The multiple inspection robots and the server side adopt shared keys, so that greater safety risks exist. How to effectively manage and update the encryption key and how to realize the personalization of the encryption key are currently great challenges. Although the PKI CA system can solve the problem of updating the encryption key, the PKICA has high construction cost and strong center dependence, and is not suitable for the data transmission safety system of the inspection robot.
Disclosure of Invention
In order to realize efficient and safe inspection robot data transmission, the invention provides a transformer substation inspection robot data transmission encryption and decryption method and system based on IPK (identity public Key).
The invention adopts the following technical scheme: a data transmission encryption and decryption method for a transformer substation inspection robot comprises the following steps:
when the inspection robot is used as a data sender to upload data to the information management system, the uploaded data is encrypted by adopting an SM4 encryption algorithm, and encrypted transmission of a session key is realized by adopting an IPK digital envelope technology, wherein the encryption process specifically comprises the following steps:
1) the inspection robot calls the SDK of the IPK to generate a random number r, wherein r is more than 0 and less than n, and n is the order of an elliptic curve base point G;
2) calculating a session key skey for data encryption, namely skey x mod n, wherein (x, y) r ∙ G, G is an elliptic curve base point, and mod is a modular operation;
3) and carrying out SM4 encryption on the data to be uploaded by taking skey as a symmetric encryption key to obtain a ciphertext to be uploaded, namely C-Eskey(data), wherein the data is data to be uploaded, the skey is a key for encrypting the data, E is an encryption algorithm, and C is a ciphertext of the data to be uploaded;
4) computing the HMAC code corresponding to the server identifier, i.e. taking the self-defined public key R corresponding to the server asComputing hash operation Message Authentication code for server identification by HMAC (Key-Hashing for Message Authentication), where e is HR(IDserver) Where e is the HMAC code generated by the calculation, H is the Hash Algorithm, IDserverIs the identity of the server;
5) generating a selection coordinate sequence of the IPK through the HMAC code: the matrix is mxn, m is the number of rows, n is the number of columns, m is required, n is the number of power of 2;
6) selecting n elements from the public key matrix according to the selected coordinates, and adding to obtain the corresponding public key, namely PK-K0+K1+…+Kn-1In which K is0,K1,…,Kn-1N elements selected from the public key matrix according to the selection sequence;
7) generating a digital envelope to realize directional transmission of a session key, wherein β is r ∙ PK, wherein r is a random number and is a key factor for generating the session key skey, and PK is a public key of a server;
8) sending the ciphertext data C and the digital envelope β to the information management system server;
the invention ensures that only the appointed information management system server can decrypt the data, thereby effectively protecting the data from disclosure in the transmission process;
the information management system serves as a data receiver, receives ciphertext data C and the digital envelope β sent by the inspection robot, calls a pre-configured private key sk to open the digital envelope β to obtain a session key skey, and decrypts the ciphertext C through an SM4 algorithm by using the session key to obtain the original data.
Further, the private key sk is a private key applied to the IPK key management system when the inspection system is initialized, and is stored in the U shield of the secure password chip.
Further, the specific processing steps of the information management system are as follows:
1) the technical principle of an Elliptic Curve Cryptography (ECC) algorithm and an IPK system is PK-sk ∙ G;
2) the digital envelope β is transmitted into a security U shield, and a private key is called to calculate a session key skey, namely sk-1∙β=sk-1∙(r∙PK)=sk-1∙(r∙sk∙G)=r∙G=(x,y),skey=x mod n;
3) Decrypting to obtain original data, i.e. data ═ Dskey(C) Where C is the received ciphertext, skey is the session key obtained from the digital envelope, and D is the decryption algorithm.
The IPK is a novel public key system based on the identification, the identification and the user public key can select corresponding elements from a private key seed matrix through a mapping algorithm to perform large digital-analog addition to obtain an IPK private key of the user, and select corresponding elements from a public key seed matrix to perform ECC point addition to obtain the IPK public key of the user.
The invention also provides a data transmission encryption and decryption system of the transformer substation inspection robot, which comprises a data encryption module and a data decryption module; when the inspection robot is used as a data sender to upload data to the information management system, the inspection robot calls a data encryption module, and the data encryption module is adopted to encrypt the data; after receiving ciphertext data E (data) and session key ciphertext E (sk) sent by the inspection robot, the information management system decrypts by using a data decryption module;
a data encryption module: firstly, calculating an identification public key ipuk of a receiver server by using an identification id of the receiver management server and a public key matrix PKM through an IPK mapping algorithm, then inputting the identification public key ipuk into a U shield of the IPK to generate a session key sk, encrypting the session key sk by using the identification public key ipuk to form a session key ciphertext E (sk) and a digital envelope De, encrypting data by using the session key sk to form SM4 to form ciphertext data E (data), calculating CRC16 of the session key sk to generate a check code of 2 bytes, and finally packaging the ciphertext data E (data), the digital envelope De, the identification id of the management server, the CRC16 check code and the session key ciphertext E (sk) obtained by encryption and sending the ciphertext to an information management system;
a data decryption module: the IPK key management system KMS decrypts a session key ciphertext E (sk) through an identification private key ipvk which is configured in advance by a data receiving party to obtain a session key sk, disassembles a digital envelope De, and judges the authenticity of the session key sk; the session key sk is used to decrypt the ciphertext data e (data) into plaintext data.
As a supplement to the above system, in the data decryption module, the identification private key ipvk is stored in a security chip, a U shield, or a software shield. According to the security level requirement of the application, the security chip can be directly accessed into a hardware device circuit, and an independent U shield mode or a software module (software shield) with a virtual security chip function is adopted for replacement, but the hardware chip is recommended to be used for the application with high security requirement. The safety chip is used for establishing a safe data channel between the data sender and the data receiver so as to realize data encryption communication between the two parties.
As a supplement to the above system, in the data encryption module, when the identification public key ipuk is input to the U shield of the IPK, the session key sk is generated by invoking the SDK method.
The invention has the following beneficial technical effects: the invention solves the management problem of the public key through the IPK identification public key system, and can realize direct point-to-point data transmission encryption; the invention realizes the data transmission of the inspection robot with high efficiency and safety.
Drawings
FIG. 1 is a schematic diagram of a data transmission encryption and decryption method of a transformer substation inspection robot according to the invention;
fig. 2 is a block diagram of a data transmission encryption and decryption system of the substation inspection robot.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present invention.
Example 1
The embodiment provides a data transmission encryption and decryption method for a transformer substation inspection robot, which comprises the following steps of:
when the inspection robot is used as a data sender to upload data to the information management system, the uploaded data is encrypted by adopting an SM4 encryption algorithm, and encrypted transmission of a session key is realized by adopting an IPK digital envelope technology, wherein the encryption process specifically comprises the following steps:
1) the inspection robot calls the SDK of the IPK to generate a random number r, wherein r is more than 0 and less than n, and n is the order of an elliptic curve base point G;
2) calculating a session key skey for data encryption, namely skey x mod n, wherein (x, y) r ∙ G, G is an elliptic curve base point, and mod is a modular operation;
3) and carrying out SM4 encryption on the data to be uploaded by taking skey as a symmetric encryption key to obtain a ciphertext to be uploaded, namely C-Eskey(data), wherein the data is data to be uploaded, the skey is a key for encrypting the data, E is an encryption algorithm, and C is a ciphertext of the data to be uploaded; the SM4 cryptographic algorithm is adopted in the invention, and other symmetric encryption algorithms such as DES, 3DES, AES and the like can also be supported;
4) computing the HMAC code corresponding to the server identifier, that is, computing the hash operation Message Authentication code for the server identifier by using the customized public key R corresponding to the server as the key of HMAC (key-Hashing for Message Authentication), where e is HR(IDserver) Where e is the HMAC code generated by the calculation and H is the Hash algorithm, usually SM3, also supporting the SHA series of algorithms, IDserverIs the identity of the server;
5) generating a selection coordinate sequence of the IPK through the HMAC code: the matrix is mxn, m is the number of rows, n is the number of columns, m is required, n is the number of power of 2; with m being 25For example, the total length of the selected sequence is 5 × n bits, the first 5 × n bits of the HMAC are taken, and the row coordinates of the selected sequence are determined by grouping every 5 bits, and the column coordinates are incremented from 0 to n-1, so that the selected sequence can be determined by the row and column coordinates;
6) selecting n elements from the public key matrix according to the selected coordinates, and adding to obtain the corresponding public key, namely PK-K0+K1+…+Kn-1In which K is0,K1,…,Kn-1N elements selected from the public key matrix according to the selection sequence;
7) generating a digital envelope to realize directional transmission of a session key, wherein β is r ∙ PK, wherein r is a random number and is a key factor for generating the session key skey, and PK is a public key of a server;
8) the ciphertext data C and the digital envelope β are sent to the information management system server.
The information management system serves as a data receiving party, receives ciphertext data C and a digital envelope β sent by the inspection robot, calls a pre-configured private key sk to open the digital envelope β to obtain a session key skey, and decrypts the ciphertext C through an SM4 algorithm by using the session key to obtain original data.
The information management system comprises the following specific processing steps:
1) the technical principle of an Elliptic Curve Cryptography (ECC) algorithm and an IPK system is PK-sk ∙ G;
2) the digital envelope β is transmitted into a security U shield, and a private key is called to calculate a session key skey, namely sk-1∙β=sk-1∙(r∙PK)=sk-1∙(r∙sk∙G)=r∙G=(x,y),skey=x mod n;
3) Decrypting to obtain original data, i.e. data ═ Dskey(C) Where C is the received ciphertext, skey is the session key obtained from the digital envelope, D is the decryption algorithm, typically SM4, other symmetric cryptographic algorithms may also be supported.
Example 2
The embodiment provides a data transmission encryption and decryption system for a substation inspection robot, which comprises a data encryption module and a data decryption module, as shown in fig. 2; when the inspection robot is used as a data sender to upload data to the information management system, the inspection robot calls a data encryption module, and the data encryption module is adopted to encrypt the data; and after receiving the ciphertext data E (data) and the session key ciphertext E (sk) sent by the inspection robot, the information management system decrypts by adopting the data decryption module.
A data encryption module: firstly, calculating an identification public key ipuk of a receiver server by using an identification id of the receiver management server and a public key matrix PKM through an IPK mapping algorithm, then inputting the identification public key ipuk into a U shield of the IPK to generate a session key sk, encrypting the session key sk by using the identification public key ipuk to form a session key ciphertext E (sk) and a digital envelope De, encrypting data by using the session key sk to form SM4 to form ciphertext data E (data), calculating CRC16 of the session key sk to generate a check code of 2 bytes, and finally packaging the ciphertext data E (data), the digital envelope De, the identification id of the management server, the CRC16 check code and the session key ciphertext E (sk) obtained by encryption and sending the ciphertext to an information management system;
a data decryption module: the IPK key management system KMS decrypts a session key ciphertext E (sk) through an identification private key ipvk which is configured in advance by a data receiving party to obtain a session key sk, disassembles a digital envelope De, and judges the authenticity of the session key sk; the session key sk is used to decrypt the ciphertext data e (data) into plaintext data.
In the data decryption module, an identification private key ipvk is stored in a security chip, a U shield or a software shield.
In the data encryption module, when the identification public key ipuk is input into a U shield of the IPK, a session key sk is generated by calling an SDK mode.
The above description is only exemplary of the preferred embodiments of the present invention, and is not intended to limit the present invention, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (6)

1. A data transmission encryption and decryption method for a transformer substation inspection robot is characterized by comprising the following steps:
when the inspection robot is used as a data sender to upload data to the information management system, the uploaded data is encrypted by adopting an SM4 encryption algorithm, and encrypted transmission of a session key is realized by adopting an IPK digital envelope technology, wherein the encryption process specifically comprises the following steps:
1) the inspection robot calls the SDK of the IPK to generate a random number r, wherein r is more than 0 and less than n, and n is the order of an elliptic curve base point G;
2) calculating a session key skey for data encryption, namely skey x mod n, wherein (x, y) r ∙ G, G is an elliptic curve base point, and mod is a modular operation;
3) SM4 encryption is carried out on data to be uploaded by taking skey as a symmetric encryption keyObtain the ciphertext to be uploaded, i.e. C ═ Eskey(data), wherein the data is data to be uploaded, the skey is a key for encrypting the data, E is an encryption algorithm, and C is a ciphertext of the data to be uploaded;
4) computing the HMAC code corresponding to the server identifier, that is, computing the hash operation Message Authentication code for the server identifier by using the customized public key R corresponding to the server as the key of HMAC (key-Hashing for Message Authentication), where e is HR(IDserver) Where e is the HMAC code generated by the calculation, H is the Hash Algorithm, IDserverIs the identity of the server;
5) generating a selection coordinate sequence of the IPK through the HMAC code: the matrix is mxn, m is the number of rows, n is the number of columns, m is required, n is the number of power of 2;
6) selecting n elements from the public key matrix according to the selected coordinates, and adding to obtain the corresponding public key, namely PK-K0+K1+…+Kn-1In which K is0,K1,…,Kn-1N elements selected from the public key matrix according to the selection sequence;
7) generating a digital envelope to realize directional transmission of a session key, wherein β is r ∙ PK, wherein r is a random number and is a key factor for generating the session key skey, and PK is a public key of a server;
8) sending the ciphertext data C and the digital envelope β to the information management system server;
the information management system serves as a data receiver, receives ciphertext data C and the digital envelope β sent by the inspection robot, calls a pre-configured private key sk to open the digital envelope β to obtain a session key skey, and decrypts the ciphertext C through an SM4 algorithm by using the session key to obtain the original data.
2. The substation inspection robot data transmission encryption and decryption method according to claim 1, wherein the private key sk is a private key applied to an IPK key management system during initialization of the inspection system and is stored in a U shield of the security password chip.
3. The transformer substation inspection robot data transmission encryption and decryption method according to claim 1 or 2, characterized in that the information management system comprises the following specific processing steps:
1) the technical principle of an Elliptic Curve Cryptography (ECC) algorithm and an IPK system is PK-sk ∙ G;
2) the digital envelope β is transmitted into a security U shield, and a private key is called to calculate a session key skey, namely sk-1∙β=sk-1∙(r∙PK)=sk-1∙(r∙sk∙G)=r∙G=(x,y),skey=x mod n;
3) Decrypting to obtain original data, i.e. data ═ Dskey(C) Where C is the received ciphertext, skey is the session key obtained from the digital envelope, and D is the decryption algorithm.
4. A data transmission encryption and decryption system of a transformer substation inspection robot is characterized by comprising a data encryption module and a data decryption module; when the inspection robot is used as a data sender to upload data to the information management system, the inspection robot calls a data encryption module, and the data encryption module is adopted to encrypt the data; after receiving ciphertext data E (data) and session key ciphertext E (sk) sent by the inspection robot, the information management system decrypts by using a data decryption module;
a data encryption module: firstly, calculating an identification public key ipuk of a receiver server by using an identification id of the receiver management server and a public key matrix PKM through an IPK mapping algorithm, then inputting the identification public key ipuk into a U shield of the IPK to generate a session key sk, encrypting the session key sk by using the identification public key ipuk to form a session key ciphertext E (sk) and a digital envelope De, encrypting data by using the session key sk to form SM4 to form ciphertext data E (data), calculating CRC16 of the session key sk to generate a check code of 2 bytes, and finally packaging the ciphertext data E (data), the digital envelope De, the identification id of the management server, the CRC16 check code and the session key ciphertext E (sk) obtained by encryption and sending the ciphertext to an information management system;
a data decryption module: the IPK key management system KMS decrypts a session key ciphertext E (sk) through an identification private key ipvk which is configured in advance by a data receiving party to obtain a session key sk, disassembles a digital envelope De, and judges the authenticity of the session key sk; the session key sk is used to decrypt the ciphertext data e (data) into plaintext data.
5. The substation inspection robot data transmission encryption and decryption system according to claim 4, wherein in the data decryption module, the identification private key ipvk is stored in a security chip, a U shield or a software shield.
6. The substation inspection robot data transmission encryption and decryption system according to claim 4, wherein in the data encryption module, when the identification public key ipuk is input into a U shield of the IPK, the session key sk is generated by calling an SDK mode.
CN201911244426.0A 2019-12-06 2019-12-06 Data transmission encryption and decryption method and system for transformer substation inspection robot Active CN110995716B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911244426.0A CN110995716B (en) 2019-12-06 2019-12-06 Data transmission encryption and decryption method and system for transformer substation inspection robot

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911244426.0A CN110995716B (en) 2019-12-06 2019-12-06 Data transmission encryption and decryption method and system for transformer substation inspection robot

Publications (2)

Publication Number Publication Date
CN110995716A true CN110995716A (en) 2020-04-10
CN110995716B CN110995716B (en) 2022-09-02

Family

ID=70091025

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911244426.0A Active CN110995716B (en) 2019-12-06 2019-12-06 Data transmission encryption and decryption method and system for transformer substation inspection robot

Country Status (1)

Country Link
CN (1) CN110995716B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105933332A (en) * 2016-06-16 2016-09-07 杭州柯林电气股份有限公司 Transformer remote monitoring system with special encryption/decryption chip and working method of the system
CN112102516A (en) * 2020-09-22 2020-12-18 国网山东省电力公司电力科学研究院 Intelligent robot inspection system for transformer substation and access operation method thereof
CN112543189A (en) * 2020-11-27 2021-03-23 北京中电飞华通信有限公司 Data secure transmission method and system
CN112615660A (en) * 2020-11-27 2021-04-06 北京中电飞华通信有限公司 Data security transmission method and system for satellite short message communication
CN113364733A (en) * 2021-04-29 2021-09-07 国网浙江省电力有限公司嘉兴供电公司 Transformer substation field data encryption transmission method
CN113352318A (en) * 2021-04-29 2021-09-07 国网浙江省电力有限公司嘉兴供电公司 Intelligent robot communication link self-checking selection method
CN113395170A (en) * 2021-04-29 2021-09-14 国网浙江省电力有限公司嘉兴供电公司 Intelligent robot data transmission method based on linear topology transmission
CN114745207A (en) * 2022-06-10 2022-07-12 国汽智控(北京)科技有限公司 Data transmission method, device, equipment, computer readable storage medium and product

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101989984A (en) * 2010-08-24 2011-03-23 北京易恒信认证科技有限公司 Electronic document safe sharing system and method thereof
US20140294177A1 (en) * 2013-03-28 2014-10-02 Tata Consultancy Services Limited Identity based public key cryptosystem
CN106161444A (en) * 2016-07-07 2016-11-23 北京信长城技术研究院 Secure storage method of data and subscriber equipment
CN108667138A (en) * 2018-05-09 2018-10-16 国网浙江省电力有限公司温州供电公司 Intelligence system for power station inspection
CN108847942A (en) * 2018-06-03 2018-11-20 李维刚 A kind of authentication method and system based on mark public key
CN109412810A (en) * 2019-01-03 2019-03-01 李维刚 A kind of key generation method based on mark

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101989984A (en) * 2010-08-24 2011-03-23 北京易恒信认证科技有限公司 Electronic document safe sharing system and method thereof
US20140294177A1 (en) * 2013-03-28 2014-10-02 Tata Consultancy Services Limited Identity based public key cryptosystem
CN106161444A (en) * 2016-07-07 2016-11-23 北京信长城技术研究院 Secure storage method of data and subscriber equipment
CN108667138A (en) * 2018-05-09 2018-10-16 国网浙江省电力有限公司温州供电公司 Intelligence system for power station inspection
CN108847942A (en) * 2018-06-03 2018-11-20 李维刚 A kind of authentication method and system based on mark public key
CN109412810A (en) * 2019-01-03 2019-03-01 李维刚 A kind of key generation method based on mark

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105933332A (en) * 2016-06-16 2016-09-07 杭州柯林电气股份有限公司 Transformer remote monitoring system with special encryption/decryption chip and working method of the system
CN105933332B (en) * 2016-06-16 2022-09-16 杭州柯林电气股份有限公司 Transformer remote monitoring system with special encryption and decryption chip and working method thereof
CN112102516A (en) * 2020-09-22 2020-12-18 国网山东省电力公司电力科学研究院 Intelligent robot inspection system for transformer substation and access operation method thereof
CN112543189A (en) * 2020-11-27 2021-03-23 北京中电飞华通信有限公司 Data secure transmission method and system
CN112615660A (en) * 2020-11-27 2021-04-06 北京中电飞华通信有限公司 Data security transmission method and system for satellite short message communication
CN112543189B (en) * 2020-11-27 2023-05-09 北京中电飞华通信有限公司 Data security transmission method and system
CN113364733A (en) * 2021-04-29 2021-09-07 国网浙江省电力有限公司嘉兴供电公司 Transformer substation field data encryption transmission method
CN113352318A (en) * 2021-04-29 2021-09-07 国网浙江省电力有限公司嘉兴供电公司 Intelligent robot communication link self-checking selection method
CN113395170A (en) * 2021-04-29 2021-09-14 国网浙江省电力有限公司嘉兴供电公司 Intelligent robot data transmission method based on linear topology transmission
CN114745207A (en) * 2022-06-10 2022-07-12 国汽智控(北京)科技有限公司 Data transmission method, device, equipment, computer readable storage medium and product

Also Published As

Publication number Publication date
CN110995716B (en) 2022-09-02

Similar Documents

Publication Publication Date Title
CN110995716B (en) Data transmission encryption and decryption method and system for transformer substation inspection robot
US8600063B2 (en) Key distribution system
CN102333093A (en) Data encryption transmission method and system
CN104994112A (en) Method for encrypting communication data chain between unmanned aerial vehicle and ground station
CN101789865A (en) Dedicated server used for encryption and encryption method
CN109005027B (en) Random data encryption and decryption method, device and system
CN105610848A (en) Centralized data preservation method and system with source data security guaranty mechanism
CN101707767B (en) Data transmission method and devices
CN107579903B (en) Picture message secure transmission method and system based on mobile device
JP2022537733A (en) Authenticated key agreement
CN113285959A (en) Mail encryption method, decryption method and encryption and decryption system
CN108900540A (en) A kind of business data processing method of the distribution terminal based on double-encryption
CN106453391A (en) Long repeating data encryption and transmission method and system
CN104901803A (en) Data interaction safety protection method based on CPK identity authentication technology
KR20160020866A (en) Method and system for providing service encryption in closed type network
CN105610847A (en) Method for supporting security transmission and exchange of electronic official documents of multiple exchange nodes
CN104734847A (en) Shared symmetric key data encrypting and decrypting method for public key cryptography application
CN110417706A (en) A kind of safety communicating method based on interchanger
CN104954136A (en) Network security encryption device under cloud computing environment
CN107566119A (en) A kind of guard method of eSIM cards data safety and system
CN111740941A (en) Industrial scene real-time data file encryption transmission method
CN115314270A (en) Power business hierarchical encryption method and communication method based on quantum key
CN112291196B (en) End-to-end encryption method and system suitable for instant messaging
CN108882182A (en) Short message ciphering and deciphering device
CN111526131B (en) Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant