CN111901441A - Power distribution network link establishment and anti-intrusion system - Google Patents
Power distribution network link establishment and anti-intrusion system Download PDFInfo
- Publication number
- CN111901441A CN111901441A CN202010808777.6A CN202010808777A CN111901441A CN 111901441 A CN111901441 A CN 111901441A CN 202010808777 A CN202010808777 A CN 202010808777A CN 111901441 A CN111901441 A CN 111901441A
- Authority
- CN
- China
- Prior art keywords
- information
- communication
- station
- master station
- counter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000007689 inspection Methods 0.000 claims abstract description 10
- 238000004891 communication Methods 0.000 claims description 115
- 238000000034 method Methods 0.000 claims description 22
- 238000012544 monitoring process Methods 0.000 claims description 16
- 238000007726 management method Methods 0.000 claims description 14
- 230000003993 interaction Effects 0.000 claims description 9
- 230000001360 synchronised effect Effects 0.000 claims description 9
- 238000012937 correction Methods 0.000 claims description 8
- 238000012163 sequencing technique Methods 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 claims description 6
- 230000009545 invasion Effects 0.000 claims description 6
- 238000004088 simulation Methods 0.000 claims description 6
- 238000010276 construction Methods 0.000 claims description 4
- 238000012545 processing Methods 0.000 claims description 4
- 238000011161 development Methods 0.000 claims description 3
- 230000009365 direct transmission Effects 0.000 claims description 3
- 230000006698 induction Effects 0.000 claims description 3
- 230000008447 perception Effects 0.000 claims description 3
- 230000002265 prevention Effects 0.000 claims description 3
- 238000011084 recovery Methods 0.000 claims description 3
- 238000012360 testing method Methods 0.000 claims description 3
- 230000001960 triggered effect Effects 0.000 claims description 3
- 230000000007 visual effect Effects 0.000 claims description 3
- 238000012800 visualization Methods 0.000 claims description 3
- 239000000126 substance Substances 0.000 claims 1
- 230000006870 function Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- G—PHYSICS
- G08—SIGNALLING
- G08B—SIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
- G08B13/00—Burglar, theft or intruder alarms
- G08B13/02—Mechanical actuation
-
- G—PHYSICS
- G08—SIGNALLING
- G08B—SIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
- G08B13/00—Burglar, theft or intruder alarms
- G08B13/02—Mechanical actuation
- G08B13/10—Mechanical actuation by pressure on floors, floor coverings, stair treads, counters, or tills
-
- G—PHYSICS
- G08—SIGNALLING
- G08B—SIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
- G08B13/00—Burglar, theft or intruder alarms
- G08B13/18—Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength
- G08B13/189—Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength using passive radiation detection systems
- G08B13/19—Actuation by interference with heat, light, or radiation of shorter wavelength; Actuation by intruding sources of heat, light, or radiation of shorter wavelength using passive radiation detection systems using infrared-radiation detection systems
-
- G—PHYSICS
- G08—SIGNALLING
- G08B—SIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
- G08B7/00—Signalling systems according to more than one of groups G08B3/00 - G08B6/00; Personal calling systems according to more than one of groups G08B3/00 - G08B6/00
- G08B7/06—Signalling systems according to more than one of groups G08B3/00 - G08B6/00; Personal calling systems according to more than one of groups G08B3/00 - G08B6/00 using electric transmission, e.g. involving audible and visible signalling through the use of sound and light sources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/18—Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Power Engineering (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a power distribution network link establishment and anti-intrusion system, which comprises: the system comprises an anti-intrusion management module, a routing inspection display module and a link establishment module. The power distribution network link establishment and anti-intrusion system enhances the convenience and stability of link establishment, is configured with anti-intrusion protection on power distribution network equipment after the link is established, and displays inspection results in an all-around manner.
Description
Technical Field
The invention relates to the field of power distribution network safety, in particular to a power grid link establishment and anti-intrusion system.
Background
In order to realize the linking and anti-theft management of main station and station equipment such as transformers, overhaul tools, linking lines and other electric facilities, prevent the damage and loss of electric assets, the stability of the links and the anti-theft of the electric equipment must be ensured.
With the continuous promotion of intelligent power grid construction, many links of intelligent main stations and transformer substations have been realized unattended, so that electric power enterprises need to strengthen the process of establishing links, strengthen intelligent monitoring and timely alarm theft.
Disclosure of Invention
In order to solve the defects and shortcomings in the prior art, the invention provides a power distribution network link establishment and intrusion prevention system, which comprises: the system comprises an anti-intrusion management module, a routing inspection display module and a link establishment module; wherein.
And the anti-intrusion management module is used for managing the intrusion of the mobile terminal.
After the link is established, a tower protection is established and consists of an anti-theft bolt and a first tension sensor node of the electronic fence. The anti-theft bolt has infrared perception and can perceive that illegal personnel enter the vicinity of the tower. When the pyroelectric infrared information is transmitted to the first tension sensor node, the warning lamp is automatically lightened to send warning information. If events such as knocking, dismounting the anti-theft bolt, touching the electronic fence, pulling the electronic fence and the like occur, the alarm loudspeaker is triggered to send out a field alarm signal, and meanwhile, the alarm signal can also be transmitted to the power distribution network control center to be further processed by an operator.
The transformer protection device comprises an anti-theft bolt sensor node, a second tension sensor node, a distribution transformer parameter acquisition node and a fault current acquisition node. The distribution transformer parameter acquisition node is used for converging the sensing information of the anti-theft bolt and the electronic fence and then transmitting the sensing information to a long distance, and the fault current acquisition node transmits the acquired fault current signal to the power distribution network control center in a long distance.
And (3) preventing invasion of the surrounding, carrying out area division on the area needing anti-theft management, and then planning the sensor network in different areas. The enclosure intrusion management comprises the following four layers of protection.
The first layer of protection is to arrange an early warning area at the periphery of the enclosure, monitor the enclosure through a vibration sensor, an infrared sensor and the like, install an audible and visual alarm and warn about the behavior of entering the enclosure by mistake.
The second layer of protection is enclosure protection, namely, alarming is carried out when personnel overtake and destroy the behavior of the alarm facility. The anti-theft alarm corresponds to the camera, the laser correlation, the video monitoring and the tension fence equipment are combined for comprehensive monitoring, the anti-theft alarm switches the image of the alarm point to the main monitor for displaying, and security personnel can give an alarm in time according to the field condition.
The third layer of protection is protection in the enclosure. Once the personnel invasion information is monitored through equipment such as a pressure sensor and an underground induction cable, the anti-theft alarm displays the alarm position in a command center. And a voice recognition system and a fingerprint recognition system are also arranged at the door of the key area, and the entering and exiting conditions of the personnel in the key area are recorded.
The fourth layer of protection is to install patrol buttons and plan and configure patrol routes of security personnel.
And the inspection display module is used for inspecting the image.
The station scene reappearance is realized through three-dimensional modeling of the station scene, information addition, data/state visualization and information linkage, online monitoring sensing is carried out, and power grid operation information superposition and alarm information quick positioning are carried out. Carrying out three-dimensional laser scanning on an external scene of the plant station to construct an external three-dimensional model of the plant station; for the internal construction of the plant, three-dimensional modeling is used. The method specifically comprises the following steps.
Displaying a three-dimensional scene, and performing panoramic holographic simulation of a station to provide a basic platform for application display; displaying data state information, namely dynamically displaying the data state information of the monitoring equipment in a three-dimensional scene in the form of data, an instrument panel and an indicator light by taking the three-dimensional scene as a carrier; fitting image information, namely fitting the video monitoring live-action image information with the three-dimensional scene to realize the unified display of the live-action image and the three-dimensional scene; cloud picture simulation, namely generating a simulated cloud picture based on a three-dimensional scene according to the acquired equipment temperature information, and integrally displaying the distribution condition of temperature/load; positioning a hot spot/alarm point and comprehensively displaying information, presetting the hot spot/hot zone in a three-dimensional scene, and dynamically loading equipment ledger information; locating a relevant hotspot in the application; three-dimensional interaction, namely realizing synchronous interaction between an operator and a three-dimensional scene and between the operator and field equipment through a three-dimensional interaction interface; intelligent patrol, namely referring to a manual patrol path to realize automatic patrol based on a three-dimensional scene; and history inversion, namely realizing the reproduction of a history process and reproducing the processes of accident occurrence, development and recovery based on the three-dimensional scene and history data.
The link establishing module is used for establishing a link between the mobile terminal and the base station.
Formulating an automatic communication scheme of the master station, wherein the scheme comprises communication starting time, interval and data items, and storing the communication starting time, the interval and the data items into a database on a server; inserting a new scheme or modifying a scheme, generating automatic communication tasks according to the scheme, merging according to the contents of the automatic communication tasks, sequencing the tasks according to the importance levels of the automatic communication tasks, and storing the tasks into a task table.
When a communication scheme is set, the communication tasks are sequenced according to the sequence of the task starting time, and when the starting time of the communication tasks is consistent, the communication tasks are sequenced according to the following principle.
When the communication task types are different, the manual communication task is prior to the automatic communication task; the manual communication task is started by a user at random and requires on-site examination data; if the users are all automatic communication tasks, sorting the users according to the importance level degree of the users, and dividing the users into a first-level user, a second-level user and a third-level user, wherein the users with high level are preferentially collected.
When the main thread detects that a manual communication task exists, the manual communication task is prior to all automatic tasks, the main thread checks whether idle serial ports exist in all serial ports or not in sequence, if not, the main thread waits until one idle serial port is allocated to the manual communication task, and then a new thread is dynamically established to monitor the serial ports and receive and process data.
Configuring a master station and a factory station to carry out encryption communication in an encryption mode through a created communication thread, wherein the factory station adds a random character string in advance for sending a data packet, the random character string is called an initialization vector, and the encryption mode of a linked block password mode or a Hash linked block password mode is used; two counters are shared between two communication parties of the master station and the station, one for each communication party.
Wherein, the counter is initially set to zero and should be at least 128 bits, the counter value can be used as a random string in information encryption, after each information encryption, if the linked block cipher mode is used, the counter is increased by 1; if the hash chaining block cipher mode is used, increasing the number of the encrypted data blocks; both parties know the value of the counter and the two counters are synchronized at a predetermined time.
When the master station receives the encrypted data packets, the master station is instructed to decrypt the data packets and check whether the counter value is correct, and once the master station receives the first block of the ciphertext, the master station checks whether the counter value is correct; if so, the master station continues to decrypt and update its counter; otherwise, the master station discards the whole ciphertext; the master station decrypts the first block of the ciphertext using the counter; if the 1 st bit of the decrypted plaintext is inconsistent with the ciphertext of the counter value, the counter is not synchronized or the ciphertext is damaged; if the ciphertext is tampered, discarding the whole data packet by means of an error correction mechanism, otherwise, continuously trying the rest counters by the master station until the counter checking process is successful; the master station then decrypts using the verified counter and the corresponding key contribution information, transmitting each block of generated information to the server once it is available; if the counter cannot be verified in a preset number of tests, the master station informs the station of transmission failure, and starts a counter synchronization protocol in the next part.
Establishing a secure channel for two communication parties, configuring key deployment and adding the key deployment into two devices; the key may be a shared master key or a shared key for one session, which can be established from a shared key using a simple key establishment protocol; the secure channel identified by the key establishes other channels including a session secure channel, a time synchronization channel, an authenticated broadcast channel, and an authenticated emergency channel.
The master station immediately transmits the decrypted byte to the server, and when the last byte is encountered; if the information authentication code is successfully verified, the master station transmits the last byte to the server; otherwise, the master discards the last byte or sends a random byte to the server, discarding the entire message by means of an error correction mechanism.
The communication processing module supports selection, combination and sequencing of tasks; the method comprises an automatic communication task and a manual communication task, wherein the automatic communication task is that a master station completes transmission of data from a factory station to the master station according to a set period and an automatic communication scheme of the master station, and a complete temporary database is backed up on a server; the manual communication task is to read data in any time period of any line list or data station according to the starting time arbitrarily specified by a user.
When a plurality of manual communication instructions are sent, if meter reading objects designated by the sent manual communication instructions are the same factory station, collected data items are consistent, and only under the condition that communication starting time at any time is different, if the starting time of a plurality of manual communication tasks is not more than 5min apart, the tasks are combined into one task; and if the sent manual communication instruction objects are the same station, the starting time of the acquisition tasks is the same, but the acquisition data items are not completely consistent, merging the tasks according to the data items.
Preferably, the link establishing module is further configured to establish a link.
Configuring the counter synchronization protocol to be started by any party, and directly adding initial counter values of two devices; both devices may also add an initial counter value using the provided counter synchronization protocol; the master station can also use an authenticated broadcast channel to set the counter values of multiple stations to the same value using one piece of information.
If the information authentication code exists, the master station is instructed to verify the correctness of the information authentication code; if the information authentication code is correct, the master station transmits the decryption information to the server; otherwise, the master chooses to notify the plant that the information is corrupted or attempt to resynchronize the counters.
Preferably, the link establishing module is further configured to establish a link.
In the non-encryption mode, only information authentication can be carried out, and the factory station sends plaintext to the main station; in addition to the encryption mode and the non-encryption mode, the data direct transmission mode is also supported; i.e. data is transmitted without encryption and authentication.
The power distribution network link establishment and anti-intrusion system enhances the convenience and stability of link establishment, is configured with anti-intrusion protection on power distribution network equipment after the link is established, and displays inspection results in an all-around manner.
Drawings
Fig. 1 is a block diagram of a power distribution network link establishment and intrusion prevention system according to the present invention.
Detailed Description
As shown in fig. 1, the present invention provides a system for establishing a link and preventing intrusion in a power distribution network, comprising: the system comprises an anti-intrusion management module, a routing inspection display module and a link establishment module; wherein.
And the anti-intrusion management module is used for managing the intrusion of the mobile terminal.
After the link is established, a tower protection is established and consists of an anti-theft bolt and a first tension sensor node of the electronic fence. The anti-theft bolt has infrared perception and can perceive that illegal personnel enter the vicinity of the tower. When the pyroelectric infrared information is transmitted to the first tension sensor node, the warning lamp is automatically lightened to send warning information. If events such as knocking, dismounting the anti-theft bolt, touching the electronic fence, pulling the electronic fence and the like occur, the alarm loudspeaker is triggered to send out a field alarm signal, and meanwhile, the alarm signal can also be transmitted to the power distribution network control center to be further processed by an operator.
The transformer protection device comprises an anti-theft bolt sensor node, a second tension sensor node, a distribution transformer parameter acquisition node and a fault current acquisition node. The distribution transformer parameter acquisition node is used for converging the sensing information of the anti-theft bolt and the electronic fence and then transmitting the sensing information to a long distance, and the fault current acquisition node transmits the acquired fault current signal to the power distribution network control center in a long distance.
And (3) preventing invasion of the surrounding, carrying out area division on the area needing anti-theft management, and then planning the sensor network in different areas. The enclosure intrusion management comprises the following four layers of protection.
This is done because: on one hand, the communication distance of the wireless sensor network is greatly influenced by the environment, and the influence of distance factors can be reduced through regional division; another aspect is to obtain device location information more quickly to locate an abnormal device quickly.
The first layer of protection is to arrange an early warning area at the periphery of the enclosure, monitor the enclosure through a vibration sensor, an infrared sensor and the like, install an audible and visual alarm and warn about the behavior of entering the enclosure by mistake.
The second layer of protection is enclosure protection, namely, alarming is carried out when personnel overtake and destroy the behavior of the alarm facility. The anti-theft alarm corresponds to the camera, the laser correlation, the video monitoring and the tension fence equipment are combined for comprehensive monitoring, the anti-theft alarm switches the image of the alarm point to the main monitor for displaying, and security personnel can give an alarm in time according to the field condition.
The third layer of protection is protection in the enclosure. Once the personnel invasion information is monitored through equipment such as a pressure sensor and an underground induction cable, the anti-theft alarm displays the alarm position in a command center. And a voice recognition system and a fingerprint recognition system are also arranged at the door of the key area, and the entering and exiting conditions of the personnel in the key area are recorded.
The fourth layer of protection is to install patrol buttons and plan and configure patrol routes of security personnel.
And the inspection display module is used for inspecting the image.
The station scene reappearance is realized through three-dimensional modeling of the station scene, information addition, data/state visualization and information linkage, online monitoring sensing is carried out, and power grid operation information superposition and alarm information quick positioning are carried out. Carrying out three-dimensional laser scanning on an external scene of the plant station to construct an external three-dimensional model of the plant station; for the internal construction of the plant, three-dimensional modeling is used. The method specifically comprises the following steps.
Displaying a three-dimensional scene, and performing panoramic holographic simulation of a station to provide a basic platform for application display; displaying data state information, namely dynamically displaying the data state information of the monitoring equipment in a three-dimensional scene in the form of data, an instrument panel and an indicator light by taking the three-dimensional scene as a carrier; fitting image information, namely fitting the video monitoring live-action image information with the three-dimensional scene to realize the unified display of the live-action image and the three-dimensional scene; cloud picture simulation, namely generating a simulated cloud picture based on a three-dimensional scene according to the acquired equipment temperature information, and integrally displaying the distribution condition of temperature/load; positioning a hot spot/alarm point and comprehensively displaying information, presetting the hot spot/hot zone in a three-dimensional scene, and dynamically loading equipment ledger information; locating a relevant hotspot in the application; three-dimensional interaction, namely realizing synchronous interaction between an operator and a three-dimensional scene and between the operator and field equipment through a three-dimensional interaction interface; intelligent patrol, namely referring to a manual patrol path to realize automatic patrol based on a three-dimensional scene; and history inversion, namely realizing the reproduction of a history process and reproducing the processes of accident occurrence, development and recovery based on the three-dimensional scene and history data.
The link establishing module is used for establishing a link between the mobile terminal and the base station.
Formulating an automatic communication scheme of the master station, wherein the scheme comprises communication starting time, interval and data items, and storing the communication starting time, the interval and the data items into a database on a server; inserting a new scheme or modifying a scheme, generating automatic communication tasks according to the scheme, merging according to the contents of the automatic communication tasks, sequencing the tasks according to the importance levels of the automatic communication tasks, and storing the tasks into a task table.
When a communication scheme is set, the communication tasks are sequenced according to the sequence of the task starting time, and when the starting time of the communication tasks is consistent, the communication tasks are sequenced according to the following principle.
When the communication task types are different, the manual communication task is prior to the automatic communication task; the manual communication task is started by a user at random and requires on-site examination data; if the users are all automatic communication tasks, sorting the users according to the importance level degree of the users, and dividing the users into a first-level user, a second-level user and a third-level user, wherein the users with high level are preferentially collected.
When the main thread detects that a manual communication task exists, the manual communication task is prior to all automatic tasks, the main thread checks whether idle serial ports exist in all serial ports or not in sequence, if not, the main thread waits until one idle serial port is allocated to the manual communication task, and then a new thread is dynamically established to monitor the serial ports and receive and process data.
Configuring a master station and a factory station to carry out encryption communication in an encryption mode through a created communication thread, wherein the factory station adds a random character string in advance for sending a data packet, the random character string is called an initialization vector, and the encryption mode of a linked block password mode or a Hash linked block password mode is used; two counters are shared between two communication parties of the master station and the station, one for each communication party.
Wherein, the counter is initially set to zero and should be at least 128 bits, the counter value can be used as a random string in information encryption, after each information encryption, if the linked block cipher mode is used, the counter is increased by 1; if the hash chaining block cipher mode is used, increasing the number of the encrypted data blocks; both parties know the value of the counter and the two counters are synchronized at a predetermined time.
When the master station receives the encrypted data packets, the master station is instructed to decrypt the data packets and check whether the counter value is correct, and once the master station receives the first block of the ciphertext, the master station checks whether the counter value is correct; if so, the master station continues to decrypt and update its counter; otherwise, the master station discards the whole ciphertext; the master station decrypts the first block of the ciphertext using the counter; if the 1 st bit of the decrypted plaintext is inconsistent with the ciphertext of the counter value, the counter is not synchronized or the ciphertext is damaged; if the ciphertext is tampered, discarding the whole data packet by means of an error correction mechanism, otherwise, continuously trying the rest counters by the master station until the counter checking process is successful; the master station then decrypts using the verified counter and the corresponding key contribution information, transmitting each block of generated information to the server once it is available; if the counter cannot be verified in a preset number of tests, the master station informs the station of transmission failure, and starts a counter synchronization protocol in the next part.
Establishing a secure channel for two communication parties, configuring key deployment and adding the key deployment into two devices; the key may be a shared master key or a shared key for one session, which can be established from a shared key using a simple key establishment protocol; the secure channel identified by the key establishes other channels including a session secure channel, a time synchronization channel, an authenticated broadcast channel, and an authenticated emergency channel.
The master station immediately transmits the decrypted byte to the server, and when the last byte is encountered; if the information authentication code is successfully verified, the master station transmits the last byte to the server; otherwise, the master discards the last byte or sends a random byte to the server, discarding the entire message by means of an error correction mechanism.
The communication processing module supports selection, combination and sequencing of tasks; the method comprises an automatic communication task and a manual communication task, wherein the automatic communication task is that a master station completes transmission of data from a factory station to the master station according to a set period and an automatic communication scheme of the master station, and a complete temporary database is backed up on a server; the manual communication task is to read data in any time period of any line list or data station according to the starting time arbitrarily specified by a user.
When a plurality of manual communication instructions are sent, if meter reading objects designated by the sent manual communication instructions are the same factory station, collected data items are consistent, and only under the condition that communication starting time at any time is different, if the starting time of a plurality of manual communication tasks is not more than 5min apart, the tasks are combined into one task; and if the sent manual communication instruction objects are the same station, the starting time of the acquisition tasks is the same, but the acquisition data items are not completely consistent, merging the tasks according to the data items.
Preferably, the link establishing module is further configured to establish a link.
Configuring the counter synchronization protocol to be started by any party, and directly adding initial counter values of two devices; both devices may also add an initial counter value using the provided counter synchronization protocol; the master station can also use an authenticated broadcast channel to set the counter values of multiple stations to the same value using one piece of information.
If the information authentication code exists, the master station is instructed to verify the correctness of the information authentication code; if the information authentication code is correct, the master station transmits the decryption information to the server; otherwise, the master chooses to notify the plant that the information is corrupted or attempt to resynchronize the counters.
Preferably, the link establishing module is further configured to establish a link.
In the non-encryption mode, only information authentication can be carried out, and the factory station sends plaintext to the main station; in addition to the encryption mode and the non-encryption mode, the data direct transmission mode is also supported; i.e. data is transmitted without encryption and authentication.
The automatic communication of each master station is preset, the automatic communication task can automatically send a communication request to a server at intervals of a fixed time, the server receives the request and detects the resource use condition, whether an available serial port exists is checked, if yes, the serial port is distributed to the automatic communication task, a new thread is dynamically created to monitor the serial port, and data are received and processed; and if no idle serial port exists, waiting until the serial port is released and allocated to the automatic communication task.
The device connection processing module also detects a task table on the server, checks whether an executed task exists, transmits a communication task and related information to the communication service program if the executed task exists, modifies a mark of the task, detects and allocates communication resources, and allocates the resources according to the busy and idle states of the required resources.
The communication service program creates a communication thread for each received automatic communication or manual communication task, and every five threads use the distributed serial ports and corresponding resources to complete the content specified by the corresponding communication task; and transmitting the data returned by the factory station to the server and storing the data in the temporary database.
The error correction mechanism may be CRC cyclic redundancy error correction.
The anti-intrusion management module, the patrol display module and the link establishment module realize module functions through corresponding processes and threads, the modules are connected with each other through logic or electricity, and the specific functions of the modules can be realized by a physical processor executing program codes stored in a memory.
The power distribution network link establishment and anti-intrusion system enhances the convenience and stability of link establishment, is configured with anti-intrusion protection on power distribution network equipment after the link is established, and displays inspection results in an all-around manner.
The embodiments of the present invention have been described in detail with reference to the drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention.
Claims (3)
1. A power distribution network link establishment and intrusion prevention system is characterized by comprising: the system comprises an anti-intrusion management module, a routing inspection display module and a link establishment module; wherein the content of the first and second substances,
the anti-intrusion management module is used for:
after a link is established, establishing tower protection, wherein the tower protection consists of an anti-theft bolt and a first tension sensor node of an electronic fence; the anti-theft bolt has infrared perception and can perceive that illegal personnel enters the vicinity of the tower; when the pyroelectric infrared information is transmitted to the first tension sensor node, the warning lamp is automatically lightened to send warning information; if events such as knocking, detaching the anti-theft bolt, touching the electronic fence, pulling the electronic fence and the like occur, the alarm horn is triggered to send out a field alarm signal, and meanwhile, the alarm signal is also transmitted to the power distribution network control center to be further processed by an operator;
the transformer protection comprises an anti-theft bolt sensor node, a second tension sensor node, a distribution transformer parameter acquisition node and a fault current acquisition node; the distribution transformer parameter acquisition node is used for converging the sensing information of the anti-theft bolt and the electronic fence and then transmitting the sensing information to a long distance, and the fault current acquisition node transmits the acquired fault current signal to the power distribution network control center in a long distance;
the method comprises the following steps of (1) preventing invasion of a surrounding, carrying out region division on a region needing anti-theft management, and then planning a sensor network in different regions; the enclosure intrusion management comprises the following four layers of protection:
the first layer of protection is to arrange an early warning area at the periphery of the enclosure, monitor the enclosure through a vibration sensor, an infrared sensor and the like, install an audible and visual alarm and warn about the behavior of entering the enclosure by mistake.
The second layer of protection is enclosure protection, namely alarming when personnel overthrow and damage the behavior of the alarm facility; the anti-theft alarm corresponds to the camera, the laser correlation, the video monitoring and the tension fence equipment are combined for comprehensive monitoring, the anti-theft alarm switches the image of the alarm point to the display of the main monitor, and security personnel can give an alarm in time according to the field condition;
the third layer of protection is protection in the enclosure; once the personnel invasion information is monitored by equipment such as a pressure sensor, an underground induction cable and the like, the anti-theft alarm displays an alarm position in a command center; a voice recognition system and a fingerprint recognition system are also arranged at the door of the key area, and the entering and exiting conditions of the personnel in the key area are recorded;
the fourth layer of protection is to install patrol buttons and plan and configure patrol routes of security personnel;
the patrol inspection display module is used for:
the method comprises the steps of realizing station scene reappearance through station scene three-dimensional modeling, information addition, data/state visualization and information linkage, monitoring and sensing on line, and performing power grid operation information superposition and alarm information quick positioning; carrying out three-dimensional laser scanning on an external scene of the plant station to construct an external three-dimensional model of the plant station; for the internal construction of the plant, three-dimensional modeling is used; the method specifically comprises the following steps:
displaying a three-dimensional scene, and performing panoramic holographic simulation of a station to provide a basic platform for application display; displaying data state information, namely dynamically displaying the data state information of the monitoring equipment in a three-dimensional scene in the form of data, an instrument panel and an indicator light by taking the three-dimensional scene as a carrier; fitting image information, namely fitting the video monitoring live-action image information with the three-dimensional scene to realize the unified display of the live-action image and the three-dimensional scene; cloud picture simulation, namely generating a simulated cloud picture based on a three-dimensional scene according to the acquired equipment temperature information, and integrally displaying the distribution condition of temperature/load; positioning a hot spot/alarm point and comprehensively displaying information, presetting the hot spot/hot zone in a three-dimensional scene, and dynamically loading equipment ledger information; locating a relevant hotspot in the application; three-dimensional interaction, namely realizing synchronous interaction between an operator and a three-dimensional scene and between the operator and field equipment through a three-dimensional interaction interface; intelligent patrol, namely referring to a manual patrol path to realize automatic patrol based on a three-dimensional scene; historical inversion, namely realizing the reappearance of a historical process and reproducing the processes of accident occurrence, development and recovery based on a three-dimensional scene and historical data;
the link establishing module is configured to:
formulating an automatic communication scheme of the master station, wherein the scheme comprises communication starting time, interval and data items, and storing the communication starting time, the interval and the data items into a database on a server; inserting a new scheme or a modified scheme, generating an automatic communication task according to the scheme, merging according to the content of the automatic communication task, sequencing the tasks according to the importance level of the automatic communication task, and storing the tasks into a task table;
when a communication scheme is set, sequencing communication tasks according to the sequence of task starting time, and when the starting time of the communication tasks is consistent, sequencing according to the following principle;
when the communication task types are different, the manual communication task is prior to the automatic communication task; the manual communication task is started by a user at random and requires on-site examination data; if the users are all automatic communication tasks, sorting the users according to the importance level degree of the users, and dividing the users into a first-level user, a second-level user and a third-level user, wherein the users with high level are preferentially collected;
when the main thread detects that a manual communication task exists, the manual communication task is prior to all automatic tasks, the main thread checks whether idle serial ports exist in all serial ports or not in sequence, if not, the main thread waits until one idle serial port is allocated to the manual communication task, and then a new thread is dynamically established to monitor the serial ports and receive and process data;
configuring a master station and a factory station to carry out encryption communication in an encryption mode through a created communication thread, wherein the factory station adds a random character string in advance for sending a data packet, the random character string is called an initialization vector, and the encryption mode of a linked block password mode or a Hash linked block password mode is used; two shared counters are used between two communication parties of a master station and a plant station, and one counter is used for each communication party;
wherein, the counter is initially set to zero and should be at least 128 bits, the counter value can be used as a random string in information encryption, after each information encryption, if the linked block cipher mode is used, the counter is increased by 1; if the hash chaining block cipher mode is used, increasing the number of the encrypted data blocks; both communicating parties know the value of the counter and the two counters are synchronized at a predetermined time;
when the master station receives the encrypted data packets, the master station is instructed to decrypt the data packets and check whether the counter value is correct, and once the master station receives the first block of the ciphertext, the master station checks whether the counter value is correct; if so, the master station continues to decrypt and update its counter; otherwise, the master station discards the whole ciphertext; the master station decrypts the first block of the ciphertext using the counter; if the 1 st bit of the decrypted plaintext is inconsistent with the ciphertext of the counter value, the counter is not synchronized or the ciphertext is damaged; if the ciphertext is tampered, discarding the whole data packet by means of an error correction mechanism, otherwise, continuously trying the rest counters by the master station until the counter checking process is successful; the master station then decrypts using the verified counter and the corresponding key contribution information, transmitting each block of generated information to the server once it is available; if the counter cannot be verified in the preset number of tests, the master station informs the station of transmission failure and starts a counter synchronization protocol in the next part;
establishing a secure channel for two communication parties, configuring key deployment and adding the key deployment into two devices; the key may be a shared master key or a shared key for one session, which can be established from a shared key using a simple key establishment protocol; establishing other channels including a session security channel, a time synchronization channel, an authentication broadcast channel and an authentication emergency channel by using the security channel identified by the key;
the master station immediately transmits the decrypted byte to the server, and when the last byte is encountered; if the information authentication code is successfully verified, the master station transmits the last byte to the server; otherwise, the master station discards the last byte or sends a random byte to the server, and discards the whole information by means of an error correction mechanism;
the communication processing module supports selection, combination and sequencing of tasks; the method comprises an automatic communication task and a manual communication task, wherein the automatic communication task is that a master station completes transmission of data from a factory station to the master station according to a set period and an automatic communication scheme of the master station, and a complete temporary database is backed up on a server; the manual communication task is to read data in any time period of any line list or data station according to the starting time arbitrarily specified by a user;
when a plurality of manual communication instructions are sent, if meter reading objects designated by the sent manual communication instructions are the same factory station, collected data items are consistent, and only under the condition that communication starting time at any time is different, if the starting time of a plurality of manual communication tasks is not more than 5min apart, the tasks are combined into one task; and if the sent manual communication instruction objects are the same station, the starting time of the acquisition tasks is the same, but the acquisition data items are not completely consistent, merging the tasks according to the data items.
2. The system of claim 1, wherein the link establishment module is further configured to:
configuring the counter synchronization protocol to be started by any party, and directly adding initial counter values of two devices; both devices may also add an initial counter value using the provided counter synchronization protocol; the master station can also use an authentication broadcast channel to set the counter values of a plurality of stations to be the same value by using one piece of information;
if the information authentication code exists, the master station is instructed to verify the correctness of the information authentication code; if the information authentication code is correct, the master station transmits the decryption information to the server; otherwise, the master chooses to notify the plant that the information is corrupted or attempt to resynchronize the counters.
3. The system of claim 1, wherein the link establishment module is further configured to:
in the non-encryption mode, only information authentication can be carried out, and the factory station sends plaintext to the main station; in addition to the encryption mode and the non-encryption mode, the data direct transmission mode is also supported; i.e. data is transmitted without encryption and authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010808777.6A CN111901441A (en) | 2020-08-12 | 2020-08-12 | Power distribution network link establishment and anti-intrusion system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010808777.6A CN111901441A (en) | 2020-08-12 | 2020-08-12 | Power distribution network link establishment and anti-intrusion system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111901441A true CN111901441A (en) | 2020-11-06 |
Family
ID=73229260
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010808777.6A Withdrawn CN111901441A (en) | 2020-08-12 | 2020-08-12 | Power distribution network link establishment and anti-intrusion system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111901441A (en) |
-
2020
- 2020-08-12 CN CN202010808777.6A patent/CN111901441A/en not_active Withdrawn
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8972730B2 (en) | System and method of using a signed GUID | |
| CN112398860A (en) | Safety control method and device | |
| EP3920503B1 (en) | Resource request method, device and storage medium | |
| CN103168458B (en) | For the method and apparatus of the key management of anti-manipulation | |
| CN108306896B (en) | Substation state monitoring system and method with data protection function | |
| CN112328271B (en) | Vehicle-mounted equipment software upgrading method and system | |
| CN110675150A (en) | Federation chain-based compliance management and supervision method and device | |
| CN110225038B (en) | Method, device and system for industrial information security | |
| CN111901442B (en) | Power station communication monitoring system | |
| CN112087301A (en) | Gas meter safety certification system based on state cryptographic algorithm | |
| CN111901441A (en) | Power distribution network link establishment and anti-intrusion system | |
| CN114827200B (en) | Intelligent automobile basic map data safety protection assembly | |
| CN113315778B (en) | Double-encryption information security transmission method applied to hidden danger positioning | |
| CN108270601B (en) | Mobile terminal, alarm information acquisition method and device and alarm information sending method and device | |
| CN107492157A (en) | Base station iron tower inspection platform | |
| CN115361273A (en) | Block chain-based electric power operation and maintenance safety supervision and emergency management and control system and method | |
| CN115600189A (en) | Commercial password application security evaluation system | |
| CN112953976B (en) | Access method and device of network equipment | |
| CN110912915B (en) | Communication safety early warning system based on data acquisition | |
| CN113794563A (en) | Communication network security control method and system | |
| CN111935287B (en) | Security protection processing system is connected to electric wire netting equipment | |
| CN111883277A (en) | Nuclear power station safety credible state monitoring system based on physical disconnection | |
| CN111490971A (en) | General hospital information infrastructure safety operation and maintenance and auditing method | |
| CN114244553B (en) | Rail transit operation information safety release method and device | |
| CN112543193B (en) | Remote transmission method for synchronous acquisition of action message data of relay protection device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20201106 |