CN111884995A - 一种能源互联配电网智能配变终端安全接入框架及应用 - Google Patents

一种能源互联配电网智能配变终端安全接入框架及应用 Download PDF

Info

Publication number
CN111884995A
CN111884995A CN202010532680.7A CN202010532680A CN111884995A CN 111884995 A CN111884995 A CN 111884995A CN 202010532680 A CN202010532680 A CN 202010532680A CN 111884995 A CN111884995 A CN 111884995A
Authority
CN
China
Prior art keywords
security
iot
service
security access
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010532680.7A
Other languages
English (en)
Other versions
CN111884995B (zh
Inventor
刘春秀
孟海磊
房牧
王志强
姜云
曹清涛
李龙潭
刘璇
沙超
刘志刚
马歆哲
周在彦
苏冰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Pingyuan Power Supply Co Of State Grid Shandong Electric Power Co
Dezhou Power Supply Co of State Grid Shandong Electric Power Co Ltd
Original Assignee
Pingyuan Power Supply Co Of State Grid Shandong Electric Power Co
Dezhou Power Supply Co of State Grid Shandong Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pingyuan Power Supply Co Of State Grid Shandong Electric Power Co, Dezhou Power Supply Co of State Grid Shandong Electric Power Co Ltd filed Critical Pingyuan Power Supply Co Of State Grid Shandong Electric Power Co
Priority to CN202010532680.7A priority Critical patent/CN111884995B/zh
Publication of CN111884995A publication Critical patent/CN111884995A/zh
Application granted granted Critical
Publication of CN111884995B publication Critical patent/CN111884995B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02JCIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
    • H02J13/00Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
    • H02J13/00006Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by information or instructions transport means between the monitoring, controlling or managing units and monitored, controlled or operated power network element or electrical equipment
    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02JCIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
    • H02J13/00Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
    • H02J13/00006Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by information or instructions transport means between the monitoring, controlling or managing units and monitored, controlled or operated power network element or electrical equipment
    • H02J13/00028Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by information or instructions transport means between the monitoring, controlling or managing units and monitored, controlled or operated power network element or electrical equipment involving the use of Internet protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02EREDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
    • Y02E60/00Enabling technologies; Technologies with a potential or indirect contribution to GHG emissions mitigation
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/12Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them characterised by data transport means between the monitoring, controlling or managing units and monitored, controlled or operated electrical equipment
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/12Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them characterised by data transport means between the monitoring, controlling or managing units and monitored, controlled or operated electrical equipment
    • Y04S40/126Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them characterised by data transport means between the monitoring, controlling or managing units and monitored, controlled or operated electrical equipment using wireless data transmission
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/12Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them characterised by data transport means between the monitoring, controlling or managing units and monitored, controlled or operated electrical equipment
    • Y04S40/128Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them characterised by data transport means between the monitoring, controlling or managing units and monitored, controlled or operated electrical equipment involving the use of Internet protocol
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

本发明公开了一种能源互联配电网智能配变终端安全接入框架,包括智能配变终端、电力数据网和云主站;所述云主站的AC控制器用于处理管理数据,通过AC安全接入服务连接安全接入网关;IoT平台用于处理业务数据,通过IoT安全接入服务连接安全接入网关;所述电力数据网采用无线公网承载配电网数据,以VPN划分满足不同业务需求。所述智能配变终端的IoT‑Agent和AC‑Agent分别通过安全代理模块连接云主站的安全接入网关,向云主站传输业务数据和管理数据。本发明还公开了一种能源互联配电网智能配变终端数据处理方法,能实现安全代理模块与安全接入网关、IoT安全接入服务的TCP连接和双向认证,能够适应能源互联配电网的接入需求,全面提高数据传输安全性,增强系统可靠性。

Description

一种能源互联配电网智能配变终端安全接入框架及应用
技术领域
本发明涉及能源互联配电网安全领域,具体涉及一种能源互联配电网智能配变终端安全接入框架及应用。
背景技术
在能源互联网与配电自动化的交织中,根据国网云管边端顶层设计,统一物联网平台投入实际应用,这需要大规模批量接入智能配变终端,为能源互联配电网的安全问题带来了巨大的技术挑战。
能源互联配电网边设备与云之间的电力通信传输问题直接影响着电网安全,智能配变终端接入配电系统物联网平台存在着诸多问题,尤其是在自动化协议与非自动化协议融汇、物理通道与通信地址解除耦合、通信管理机或台区集中器类设备通信、现有端设备资源限制型等方面缺乏成套的解决方案和实施办法。
发明内容
为了解决上述技术问题,本发明提出了一种能源互联配电网智能配变终端安全接入框架及应用,能够适应能源互联配电网的接入需求,提高业务数据和管理数据的传输安全性,增强系统可靠性。
为实现上述目的,本发明采用以下技术方案:
一种能源互联配电网智能配变终端安全接入框架,包括智能配变终端、电力数据网和云主站;
所述云主站包括AC控制器、AC安全接入服务、IoT平台、IoT安全接入服务和安全接入网关;AC控制器用于处理管理数据,通过AC安全接入服务连接安全接入网关;IoT平台用于处理业务数据,通过IoT安全接入服务连接安全接入网关;
所述电力数据网采用无线公网承载配电网数据,以VPN划分满足不同业务需求;
所述智能配变终端包括IoT-Agent、AC-Agent和安全代理模块;IoT-Agent和AC-Agent分别通过安全代理模块连接云主站的安全接入网关,向云主站传输业务数据和管理数据。
进一步地,所述智能配变终端和云主站采用相同的加密芯片。
进一步地,所述加密芯片用于安全代理模块、AC安全接入服务和IoT安全接入服务的数据加解密。
进一步地,所述安全代理模块通过防火墙、数据隔离组件连接所述安全接入网关。
进一步地,所述业务数据采用配电物联网消息队列遥测传输协议传输。
进一步地,所述管理数据采用NETCONF协议传输。
本发明还提出了一种能源互联配电网智能配变终端数据处理方法,包括:
智能配变终端的安全代理模块与云主站的安全接入网关进行双向认证;
智能配变终端的安全代理模块与云主站的IoT安全接入服务进行双向认证和秘钥协商;
智能配变终端的IoT-Agent与云主站的IoT平台进行业务数据传输。
进一步地,所述智能配变终端的安全代理模块与云主站的安全接入网关进行双向认证,具体为:
安全代理模块向安全接入网关发起TCP连接请求;
安全接入网关将安全代理模块的TCP连接请求转发至IoT安全接入服务;
IoT安全接入服务发送TCP连接结果至安全接入网关;
安全接入网关将TCP连接结果发送至安全代理模块。
进一步地,所述智能配变终端的IoT-Agent与云主站的IoT平台进行业务数据传输,具体为:
安全代理模块与IoT-Agent的TCP连接建立成功;
IoT-Agent向IoT平台发起MQTT业务请求;
安全代理模块将MQTT业务请求报文进行加密处理并转发至IoT安全接入服务;
IoT安全接入服务将MQTT业务请求报文进行解密处理并转发至IoT平台;
IoT平台返回MQTT业务响应结果;
IoT安全接入服务将MQTT业务响应结果进行加密处理并转发至安全代理模块;
安全代理模块将MQTT业务响应结果进行解密处理并转发至IoT-Agent。
本发明的有益效果是:
本发明通过提出一种能源互联配电网智能配变终端安全接入框架及应用,针对智能配变终端与配电自动化主站具备相同加密芯片且主站侧已配置物联网IoT平台的情景,配置智能配变终端接入主站的业务通道和管理通道,通过IoT安全接入服务接入智能配变终端业务通道,实现业务数据的应用层认证和数据加解密,通过AC安全接入服务接入智能配变终端管理通道,实现管理数据的应用层认证和数据加解密,边侧智能配变终端的安全代理模块分别完成与安全接入网关、IoT安全接入服务的TCP连接和双向认证,以及IoT-Agent和IoT平台间业务数据的加解密。本发明能够适应能源互联配电网的接入需求,实现智能配变终端大规模批量接入,为大规模智能配变终端批量快速接入提供高效技术方案,提高业务数据和管理数据的传输安全性,增强系统可靠性。
附图说明
图1是本发明能源互联配电网智能配变终端安全接入框架结构示意图;
图2是本发明能源互联配电网智能配变终端数据处理方法流程图。
具体实施方式
为能清楚说明本方案的技术特点,下面通过具体实施方式,并结合其附图,对本发明进行详细阐述。下文的公开提供了许多不同的实施例或例子用来实现本发明的不同结构。为了简化本发明的公开,下文中对特定例子的部件和设置进行描述。此外,本发明可以在不同例子中重复参考数字和/或字母。这种重复是为了简化和清楚的目的,其本身不指示所讨论各种实施例和/或设置之间的关系。应当注意,在附图中所图示的部件不一定按比例绘制。本发明省略了对公知组件和处理技术及工艺的描述以避免不必要地限制本发明。
如图1所示,本发明实施例公开了一种能源互联配电网智能配变终端安全接入框架,包括智能配变终端、电力数据网和云主站;
所述云主站包括AC控制器(Access Controller,接入控制器)、AC安全接入服务、IoT(Internet of Things,物联网)平台、IoT安全接入服务和安全接入网关;AC控制器用于处理管理数据,通过AC安全接入服务连接安全接入网关;IoT平台用于处理业务数据,通过IoT安全接入服务连接安全接入网关;
所述电力数据网采用无线公网承载配电网数据,以VPN划分满足不同业务需求;
所述智能配变终端包括IoT-Agent、AC-Agent和安全代理模块;IoT-Agent和AC-Agent分别通过安全代理模块连接云主站的安全接入网关,向云主站传输业务数据和管理数据。
具体地,所述安全接入网关负责智能配变终端接入通道的认证,禁止非法终端的接入;
所述IoT安全接入服务负责智能配变终端业务通道的接入,负责身份认证和秘钥协商,实现业务数据的应用层认证和数据加解密,并将接入连接1:1转换为MQTT(MessageQueuing Telemetry Transport,消息队列遥测传输)协议后接入IoT平台;根据业务数据类型进行整包加解密,对上完成数据解密后,明文发送给IoT平台;对下行完成数据解密后,发送至边侧的智能配变终端;当检测到南向的TCP连接中断后,中断对应的北向TCP连接;
所述AC安全接入服务负责智能配变终端管理通道的接入,实现管理数据的应用层认证和数据加解密,并将接入连接转换为Netconf协议后接入AC控制器;
所述IoT-Agent增加安全适配,接收来自业务APP的数据,封装成MQTT协议报文,增加安全描述信息后,传输至安全代理模块,安全代理模块负责MQTT协议报文的加解密;
所述安全代理模块与云主站侧的IoT安全接入服务、AC安全接入服务配合,实现业务数据和管理数据的应用层认证和数据加解密,并将数据安全传输至云主站;对于IoT-Agent传输的长报文,安全代理模块分片进行加解密,合片后传输至IoT安全接入服务。
优选地,所述智能配变终端和云主站采用相同的加密芯片;智能配变终端的加密芯片用于安全代理模块的数据加解密,云主站的加密芯片用于AC安全接入服务和IoT安全接入服务的数据加解密。
优选地,所述安全代理模块与安全接入网关的数据传输还需经过防火墙、数据隔离组件的防护,实现业务数据和管理数据的安全传输。
本发明实施例还公开了一种能源互联配电网智能配变终端数据处理方法,包括:
智能配变终端的安全代理模块与云主站的安全接入网关进行双向认证;
智能配变终端的安全代理模块与云主站的IoT安全接入服务进行双向认证和秘钥协商;
智能配变终端的IoT-Agent与云主站的IoT平台进行业务数据传输。
所述能源互联配电网智能配变终端数据处理方法具体流程如图2所示,所述智能配变终端的安全代理模块与云主站的安全接入网关进行双向认证具体为:
安全代理模块向安全接入网关发起TCP连接请求;
安全接入网关将安全代理模块的TCP连接请求转发至IoT安全接入服务;
IoT安全接入服务发送TCP连接结果至安全接入网关;
安全接入网关将TCP连接结果发送至安全代理模块。
所述智能配变终端的IoT-Agent与云主站的IoT平台进行业务数据传输,具体为:
安全代理模块与IoT-Agent的TCP连接建立成功;
IoT-Agent向IoT平台发起MQTT业务请求;
安全代理模块将MQTT业务请求报文进行加密处理并转发至IoT安全接入服务;
IoT安全接入服务将MQTT业务请求报文进行解密处理并转发至IoT平台;
IoT平台返回MQTT业务响应结果;
IoT安全接入服务将MQTT业务响应结果进行加密处理并转发至安全代理模块;
安全代理模块将MQTT业务响应结果进行解密处理并转发至IoT-Agent。
上述虽然结合附图对本发明的具体实施方式进行了描述,但并非对本发明保护范围的限制。对于所属领域的技术人员来说,在上述说明的基础上还可以做出其它不同形式的修改或变形。这里无需也无法对所有的实施方式予以穷举。在本发明的技术方案的基础上,本领域技术人员不需要付出创造性劳动即可做出的各种修改或变形仍在本发明的保护范围以内。

Claims (9)

1.一种能源互联配电网智能配变终端安全接入框架,其特征在于,包括智能配变终端、电力数据网和云主站;
所述云主站包括AC控制器、AC安全接入服务、IoT平台、IoT安全接入服务和安全接入网关;AC控制器用于处理管理数据,通过AC安全接入服务连接安全接入网关;IoT平台用于处理业务数据,通过IoT安全接入服务连接安全接入网关;
所述电力数据网采用无线公网承载配电网数据,以VPN划分满足不同业务需求;
所述智能配变终端包括IoT-Agent、AC-Agent和安全代理模块;IoT-Agent和AC-Agent分别通过安全代理模块连接云主站的安全接入网关,向云主站传输业务数据和管理数据。
2.根据权利要求1所述的能源互联配电网智能配变终端安全接入框架,其特征在于,所述智能配变终端和云主站采用相同的加密芯片。
3.根据权利要求2所述的能源互联配电网智能配变终端安全接入框架,其特征在于,所述加密芯片用于安全代理模块、AC安全接入服务和IoT安全接入服务的数据加解密。
4.根据权利要求1所述的能源互联配电网智能配变终端安全接入框架,其特征在于,所述安全代理模块通过防火墙、数据隔离组件连接所述安全接入网关。
5.根据权利要求1所述的能源互联配电网智能配变终端安全接入框架,其特征在于,所述业务数据采用配电物联网消息队列遥测传输协议传输。
6.根据权利要求1所述的能源互联配电网智能配变终端安全接入框架,其特征在于,所述管理数据采用NETCONF协议传输。
7.一种能源互联配电网智能配变终端数据处理方法,其特征在于,包括:
智能配变终端的安全代理模块与云主站的安全接入网关进行双向认证;
智能配变终端的安全代理模块与云主站的IoT安全接入服务进行双向认证和秘钥协商;
智能配变终端的IoT-Agent与云主站的IoT平台进行业务数据传输。
8.根据权利要求7所述的能源互联配电网智能配变终端数据处理方法,其特征在于,所述智能配变终端的安全代理模块与云主站的安全接入网关进行双向认证,具体为:
安全代理模块向安全接入网关发起TCP连接请求;
安全接入网关将安全代理模块的TCP连接请求转发至IoT安全接入服务;
IoT安全接入服务发送TCP连接结果至安全接入网关;
安全接入网关将TCP连接结果发送至安全代理模块。
9.根据权利要求7所述的能源互联配电网智能配变终端数据处理方法,其特征在于,所述智能配变终端的IoT-Agent与云主站的IoT平台进行业务数据传输,具体为:
安全代理模块与IoT-Agent的TCP连接建立成功;
IoT-Agent向IoT平台发起MQTT业务请求;
安全代理模块将MQTT业务请求报文进行加密处理并转发至IoT安全接入服务;
IoT安全接入服务将MQTT业务请求报文进行解密处理并转发至IoT平台;
IoT平台返回MQTT业务响应结果;
IoT安全接入服务将MQTT业务响应结果进行加密处理并转发至安全代理模块;
安全代理模块将MQTT业务响应结果进行解密处理并转发至IoT-Agent。
CN202010532680.7A 2020-06-11 2020-06-11 一种能源互联配电网智能配变终端安全接入框架及应用 Active CN111884995B (zh)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010532680.7A CN111884995B (zh) 2020-06-11 2020-06-11 一种能源互联配电网智能配变终端安全接入框架及应用

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010532680.7A CN111884995B (zh) 2020-06-11 2020-06-11 一种能源互联配电网智能配变终端安全接入框架及应用

Publications (2)

Publication Number Publication Date
CN111884995A true CN111884995A (zh) 2020-11-03
CN111884995B CN111884995B (zh) 2022-10-14

Family

ID=73157483

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010532680.7A Active CN111884995B (zh) 2020-06-11 2020-06-11 一种能源互联配电网智能配变终端安全接入框架及应用

Country Status (1)

Country Link
CN (1) CN111884995B (zh)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112637270A (zh) * 2020-12-01 2021-04-09 青岛联众芯云科技有限公司 一种基于mqtt消息的专变采集终端系统及通信方法
CN112699367A (zh) * 2021-01-14 2021-04-23 南京林洋电力科技有限公司 一种基于双硬件安全模块的安全认证方法

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108173344A (zh) * 2017-12-29 2018-06-15 浙江亿安电力电子科技有限公司 Lora无线通信技术在低压配变台区的应用方法
CN110224493A (zh) * 2019-07-08 2019-09-10 佳源科技有限公司 一种基于物联网的新型配电自动化终端
CN110535653A (zh) * 2019-07-15 2019-12-03 中国电力科学研究院有限公司 一种安全的配电终端及其通讯方法
CN110830480A (zh) * 2019-11-13 2020-02-21 国网山西省电力公司信息通信分公司 一种基于电力物联网的配电终端安全接入系统
CN111083131A (zh) * 2019-12-10 2020-04-28 南瑞集团有限公司 一种用于电力物联网感知终端轻量级身份认证的方法
CN111147472A (zh) * 2019-12-23 2020-05-12 全球能源互联网研究院有限公司 一种边缘计算场景下的智能电表轻量级认证方法及系统

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108173344A (zh) * 2017-12-29 2018-06-15 浙江亿安电力电子科技有限公司 Lora无线通信技术在低压配变台区的应用方法
CN110224493A (zh) * 2019-07-08 2019-09-10 佳源科技有限公司 一种基于物联网的新型配电自动化终端
CN110535653A (zh) * 2019-07-15 2019-12-03 中国电力科学研究院有限公司 一种安全的配电终端及其通讯方法
CN110830480A (zh) * 2019-11-13 2020-02-21 国网山西省电力公司信息通信分公司 一种基于电力物联网的配电终端安全接入系统
CN111083131A (zh) * 2019-12-10 2020-04-28 南瑞集团有限公司 一种用于电力物联网感知终端轻量级身份认证的方法
CN111147472A (zh) * 2019-12-23 2020-05-12 全球能源互联网研究院有限公司 一种边缘计算场景下的智能电表轻量级认证方法及系统

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
江泽鑫: "电力物联网信息安全防护技术研究", 《信息技术与网络安全》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112637270A (zh) * 2020-12-01 2021-04-09 青岛联众芯云科技有限公司 一种基于mqtt消息的专变采集终端系统及通信方法
CN112699367A (zh) * 2021-01-14 2021-04-23 南京林洋电力科技有限公司 一种基于双硬件安全模块的安全认证方法

Also Published As

Publication number Publication date
CN111884995B (zh) 2022-10-14

Similar Documents

Publication Publication Date Title
CN111884995B (zh) 一种能源互联配电网智能配变终端安全接入框架及应用
KR101575862B1 (ko) 이기종 전력기기 간 보안 연계 시스템
CN110636052B (zh) 用电数据传输系统
CN108810011A (zh) 一种适用于电力专网的通用网络安全接入区系统及报文处理方法
TW202008839A (zh) 在隨機存取程序進行提早資料傳輸的基地台與使用者設備
CN102664896A (zh) 基于硬件加密的安全网络传输系统及传输方法
WO2013086827A1 (zh) Wifi网络桥接器、基于wifi的通信方法及系统
CN108092969A (zh) 变电站巡检机器人采集图像接入电力内网的系统及方法
CN112688945A (zh) 一种物联网终端数据的传输方法和传输系统
WO2015103848A1 (zh) 一种实现Wifi访问网络的方法、系统及终端
CN104661171A (zh) 一种用于mtc设备组的小数据安全传输方法和系统
CN109639497A (zh) 一种LoRa网关设备
CN104954339B (zh) 一种电力应急抢修远程通信方法及系统
CN108966217B (zh) 一种保密通信方法、移动终端及保密网关
CN105721509A (zh) 一种服务器系统
CN102724133A (zh) 一种ip报文传输的方法及装置
CN115802348B (zh) 一种低功耗NB-IoT终端及安全通信机制
EP3220584A1 (en) Wifi sharing method and system, home gateway and wireless local area network gateway
CN107819597B (zh) 网络数据传输方法和前置机
CN207573392U (zh) 用于用电信息采集的北斗安全数传终端
CN105309003A (zh) 管理基站的方法和基站
CN105450556B (zh) 信息传输方法和装置
CN113542254A (zh) 一种融合终端安全访问系统及方法
CN205249272U (zh) 一种多级信息封装加密装置
CN210578645U (zh) 一种加密通信装置和终端

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant