CN112307463A - Internet of things smart meter production test system and safety protection method - Google Patents

Abstract

The invention discloses a production test system and a safety protection method for an Internet of things intelligent meter. The problem of current meter lack the security measure in the production test link, have the leakage information is solved. The system comprises a meter end, an operation and maintenance server end and a cloud end which are sequentially connected through encryption communication, wherein a credible test tool is connected to the meter end, and the credible test tool is connected with a cloud device end through the encryption communication. During the production test of the meter end, the contents contacted by an operator are encrypted, all the contents burnt into the MCU controller are verified, and all the communication is encrypted based on identity authentication, so that the risk of disclosure is reduced from the source.

Description

Internet of things smart meter production test system and safety protection method

Technical Field

The invention relates to the technical field of meter safety, in particular to a production test system and a safety protection method for an internet of things intelligent meter.

Background

The development of the technology of the internet of things and the intelligent meter industry realize wireless remote monitoring, and the wireless remote monitoring comprises data acquisition and uploading, local storage, abnormal monitoring, remote upgrading, valve control and the like. At present, the mainstream solution uses a wireless communication module to interact data with an application platform, because the cost and the operation and maintenance are considered, the importance on the safety part is low, most meter devices on the market do not take safety protection measures, and the communication link and the interior of the MCU are exposed to attackers.

The meter device usually uses an MCU without a secure kernel architecture, a bare computer executes codes, and has no secure software architecture and no trusted MCU internal execution environment.

The scheme with safety protection is generally an SE scheme, namely a safety SE module is externally hung outside an MCU (microprogrammed control unit), and the main functions realized by the SE module comprise: the method comprises the steps of safe storage of a secret key, data encryption and decryption operation and safe storage of information. The secure storage of the key can establish a relatively perfect key management system, ensuring that the key cannot be read. The data encryption and decryption operation comprises support of common security algorithms, sensitive data ciphertext transmission, data transmission tamper resistance and the like. The information security storage comprises a strict file access authority mechanism and a reliable authentication algorithm and flow.

However, the prior art has the following disadvantages:

1) the SE scheme only ensures the relative safety of the interior of the SE module, but a communication interface with the MCU is exposed, and an attacker monitoring the communication interface can also possibly acquire decrypted data.

2) The SE scheme can not ensure the internal safety of the MCU and the safe starting and upgrading of the MCU, and once the MCU is cracked, the SE chip loses the function. External SE chips also increase device cost.

3) For equipment with unencrypted communication, the MCU interacts data with the communication module through the interface, and the interactive data from the equipment to the cloud end can be read out through a debugging tool, so that a protocol is analyzed, and false data is forged. Without a credible identity authentication mechanism, equipment and a server are easy to forge. In addition, at present, the communication of the equipment also adopts an encryption mode, the encryption mode comprises symmetric encryption and asymmetric encryption, and the equipment generally adopts one mode.

4) For the MCU without a secure hardware and software architecture, the interior of the MCU can be read and tampered by a debugging tool, and illegal equipment is forged.

5) In the existing equipment production test link, strict secrecy measures are not taken in the code burning process, and information can be possibly leaked from the source.

In the prior art, attention has been paid to protection of meter safety in hardware and software, but safety protection is still lacked in a production test link, so a production test safety protection system and a corresponding production test safety protection method need to be designed to protect meter information from the source.

Disclosure of Invention

The invention mainly solves the problems that in the prior art, a meter lacks security measures in a production test link and information leakage exists, and provides an Internet of things intelligent meter production test system and a security protection method.

The technical problem of the invention is mainly solved by the following technical scheme: the utility model provides a thing networking smart meter production test system, includes meter end, fortune dimension server end and high in the clouds that connect gradually through encrypting the communication, is connected with credible test fixture on the meter end, and credible test fixture is connected with cloud ware end through encrypting the communication, and the meter end includes the MCU controller, the MCU controller includes safe world part and non-safe world part, has deployed credible execution environment in safe world part, has deployed non-safe environment in non-safe world part, is provided with safe kernel module in the credible execution environment, starts loading module, OTA upgrading module, safe service module, safe drive module and safe API interface module, is provided with user application CA module and non-safe kernel module in non-safe environment. The operation and maintenance server side and the test server side are both cloud sides. All the contents burnt into the MCU controller are verified, all the communication is encrypted communication based on identity authentication, and the encrypted communication comprises encrypted communication between a meter end and an operation and maintenance server end, encrypted communication between the operation and maintenance server end and a cloud end, and encrypted communication between the cloud end and a credible test tool. The safety of the production test link of the meter end is ensured. The invention protects the meter end from two aspects of hardware safety and software safety, solves the security loophole on the meter end software, prevents the meter end from being controlled by other hardware equipment, and simultaneously prevents the malicious software from being cracked. The meter end can not read effective information after being detached, and risks of cup cracking and imitation of other manufacturers are reduced. The MCU controller supports a safety kernel framework, the MCU controller is divided into a safety world part and a non-safety world part, the safety world part can access all resources, the non-safety world part only can access the non-safety world resources but forbids to access the safety world resources, and when the non-safety world illegally accesses the safety world resources, the MCU controller intercepts the safety world resources from hardware to generate abnormity. The safe world part and the non-safe world part can be switched through the safe API interface module and are strictly monitored by the MCU controller. The software security protection method is characterized in that a trusted firmware framework based on an MCU kernel is protected in software security, a trusted execution environment TEE is deployed in a secure world part, a non-secure environment NSE is deployed in a non-secure world part, and corresponding functional modules are respectively arranged in the trusted execution environment and the non-secure environment, so that the software security protection is realized, and the software is prevented from being maliciously cracked.

A security kernel module: creating, scheduling and communicating the multitasking thread, and creating an isolated security partition;

starting the loading module: starting application firmware according to a fixed sequence, and detecting a trust root, security attribute configuration, application firmware legality and application firmware update of the application firmware, wherein the application firmware comprises a secure application firmware and a non-secure application firmware;

and the trust root detection ensures the safety of the starting loading module, and after the meter end is electrified, the starting loading module is started first, and then the application firmware is started.

And starting a loading module to detect the MCU controller and a safety-related register, and judging whether the safety attribute configuration meets the requirement or not to ensure a safe hardware environment.

Before the loading module is started to start the application firmware, the signature carried by the application firmware is checked on line, the validity is judged, the application firmware is started, and the application firmware is verified every time the application firmware is started.

Before the loading module is started to start the application firmware, the information of the new application firmware is detected, the validity of the application firmware is verified through signature, the new application firmware replaces the old application firmware according to a rule, and then the new application firmware is started.

An OTA upgrading module: remotely upgrading the application firmware; the original application firmware is signed first with a signature algorithm and then encrypted. The meter end downloads the encrypted application firmware, verifies the signature after decrypting the application firmware, and restarts the meter end to update the firmware if the signature is legal.

A security service module: the system comprises a safe storage, an encryption and decryption library and a safe function functional module; different functional modules are used for different safety partitions without mutual interference.

The secure storage is used for encrypting sensitive information and storing the encrypted sensitive information in a secure storage area of the trusted execution environment TEE, wherein the sensitive information comprises a device ID, cloud authentication information, a secret key, metering data, money amount and the like. The encryption and decryption library provides encryption and decryption functions required by the system.

A safety driving module: the system comprises a hardware random number generator and a hardware encryption and decryption module which are carried out in a trusted execution environment; the system specifically comprises a hardware random number generator RNG, a hardware encryption and decryption module Cryptoto and other necessary drives. The hardware random number generator is used for generating true random numbers, and the hardware encryption and decryption module is used for improving the speed of the encryption and decryption algorithm.

A security API interface module: a resource call interface is provided between the trusted execution environment and the unsecure environment. And switching of the MCU controller between the safe world state and the non-safe world state is realized. The non-secure environment NSE may call a secure service on the trusted execution environment TEE side through the secure API interface, and the trusted execution environment TEE may also call a non-secure function on the NSE side.

A production test safety protection method for an Internet of things intelligent meter comprises the following steps,

s1, based on MCU controller trust root verification, burning and starting a loading module, a key pair and a user certificate; all the content burned into the MCU controller is verified, and the start loading module, the key pair and the user certificate are verified by the trust root of the MCU controller. The boot loading module adopts a fixed sequence boot mechanism to prevent the application firmware from entering the application area by bypassing a series of security checks of the boot loading module.

S2, starting a loading module to perform partition management on the flash, and initializing a security configuration register; different partitions are managed by the partitions to store different data and codes, a security configuration register is initialized, and a trusted hardware environment is configured.

S3, burning the encrypted application firmware, and decrypting and writing the application firmware into an application area; because the key pair is led into the MCU controller before, the encrypted application firmware is burned into other MCU controllers and cannot be decrypted to run, and the safety of the burned application firmware is ensured.

S4, generating and burning cloud authentication information, and verifying the authentication information by a meter end;

and S5, setting a self-delivery mode.

During the production test of the meter end, the contents contacted by an operator are encrypted, all the contents burnt into the MCU controller are verified, and all the communication is encrypted based on identity authentication, so that the risk of disclosure is reduced from the source.

As a preferable scheme, the specific process of step S3 includes:

s31, burning the encrypted application firmware;

s32, the application firmware is decrypted in the trusted execution environment by the starting loading module;

and S33, verifying whether the application firmware is legal or not through the signature, if so, sucking the application firmware into the application area, and if not, reporting an error. In the scheme, the application firmware is verified by the starting loading module, so that the safety of the burning content is ensured.

As a preferable scheme, the specific process of step S4 includes:

s41, cloud end authentication information is generated by the cloud end, and the cloud end authentication information comprises an equipment ID, a cloud end application account and a cloud end application account password;

s42, the cloud sends the cloud authentication information to a credible test tool to be burnt to a meter end, and meanwhile the cloud registers to an operation and maintenance server end according to the cloud authentication information;

s43, the meter end sends a request for accessing the operation and maintenance server end, the operation and maintenance server end judges whether the meter end is registered, if so, a test command is sent to the meter end, the next step is carried out, and if not, test abnormity is prompted; the unregistered meter end cannot connect to the operation server.

And S44, the operation and maintenance server side judges whether the meter end response information is received or not, if so, the meter end is prompted to have normal functions and communication, the next step is carried out, and if not, the test abnormity is prompted.

As a preferable scheme, the specific process of step S5 includes: and (4) closing a DEBUG pin at the meter end, and activating hardware read-write protection. After the MCU controller enters factory setting, the application firmware in the MCU controller cannot be read in any way, except that the OTA upgrading module cannot change the application firmware in the MCU controller in any way.

As a preferred scheme, the specific process of encrypted communication includes:

a. the two communication parties hold own key pairs, CA root certificates and CA signed and issued user certificates, wherein the user certificates comprise the own public keys of the users, identity information and CA certificate signatures;

b. both communication parties establish a communication link and exchange respective certificates;

c. the two communication parties respectively carry out identity authentication on the other party;

d. after the identity authentication is passed, the two communication parties use an asymmetric mode to carry out symmetric key agreement;

e. and encrypting and decrypting the information in communication according to the calculated symmetric encryption.

The scheme integrates the advantages of the symmetric encryption mode and the asymmetric encryption mode, uses the asymmetric mode to negotiate the symmetric key, and then uses the symmetric key to carry out subsequent encryption communication, so that the security degree is high, the efficiency ratio is high, and the security risk of eavesdropping in a communication link is solved. The symmetric key is renegotiated periodically, and mutual authentication is performed before each negotiation.

As a preferable scheme, the specific process of step c comprises:

c1. a communication party acquires a CA public key from a CA root certificate;

c2. and (4) verifying the user certificate of the other communication party by using the CA public key, if the user certificate of the other communication party passes the verification, judging that the user certificate of the other communication party is authentic, and entering the step S04, if the user certificate of the other communication party does not pass the verification, judging that the user certificate of the other communication party is not authentic, and reporting an error. The two communication parties mutually verify the authenticity of the user certificate of the other party through the method. The identity authentication uses a trusted authority CA to sign a issued digital certificate, the digital certificate is an electronic file which can be used for verifying the identity of a public key holder, the content comprises public key related information, user identity information and the signature of a certificate issuer, and the problem that an intruder replaces a public key to attack a system can be solved.

As a preferable scheme, the specific process of step d comprises:

d1. both communication parties reach consensus in advance and use the same algorithm parameters;

d2. after the user certificate passes the verification, the two communication parties acquire the public key of the opposite party from the user certificate of the opposite party;

d3. a communication party generates a true random number by using hardware to generate a private parameter A;

d4. calculating a sharing parameter A by using the private parameter A according to an algorithm;

d5. the communication party packs the sharing parameter A and the algorithm description information, encrypts by using a public key of the communication party and sends the encrypted information to the communication party;

d6. the other party of the communication uses the private key to decrypt and obtain the sharing parameter A and the algorithm description information;

d7. repeating the steps d3-d6, generating a privacy parameter B by the other communication party, and obtaining a sharing parameter B and algorithm description information by the one communication party;

d8. the two communication parties use the same algorithm to calculate the same secret key according to the private parameter of the two communication parties and the sharing parameter of the other communication party, and the secret key is used as a symmetric encryption key for subsequent communication.

In the scheme, the communication party adopts the private parameter of the communication party and the sharing parameter of the other party to calculate by adopting the same calculation, and the same secret key can be calculated by the same algorithm because the communication party contains the private parameter of the communication party and the private parameter of the other party. The symmetric key is negotiated through the calculation, and subsequent communication encryption and decryption are carried out, and due to the fact that the symmetric encryption method and the asymmetric encryption method are combined, the safety is improved, and meanwhile the speed and efficiency ratio is improved.

Therefore, the invention has the advantages that:

1. all the contents burnt into the MCU controller are verified, and all the communication is encrypted communication based on identity authentication, so that information leakage in the production test process is prevented, and the safety of the production test link of the meter end is ensured;

2. the meter end is protected from two aspects of hardware safety and software safety, the security loophole on the meter end software is solved, the meter end is prevented from being controlled by other hardware equipment, and malicious software cracking is prevented.

3. The encryption and decryption security is enhanced on communication, and the security risk of eavesdropping in a communication link is solved. The advantages of the symmetric encryption mode and the asymmetric encryption mode are integrated, the symmetric key is negotiated in the asymmetric encryption mode, and then the subsequent encryption communication is carried out by the symmetric key, so that the safety degree is high, and the efficiency ratio is high.

Drawings

FIG. 1 is a block diagram of one configuration of the present invention;

FIG. 2 is a schematic diagram of an architecture of an MCU controller according to the present invention;

FIG. 3 is a schematic flow chart of a production test safety protection method of the present invention;

fig. 4 is a schematic flow chart of encryption/decryption communication according to the present invention.

The method comprises the steps of 1, a meter end 2, an operation and maintenance server end 3, a cloud end 4, a trusted test tool 5, a secure world part 6, a non-secure world part 7, a trusted execution environment 8, a non-secure environment 9, a secure kernel module 10, a startup loading module 11, a secure service module 12, a secure driver module 13, an OTA upgrading module 14, a secure API (application program interface) module 15, a CA (certification authority) module 16 and a non-secure kernel module.

Detailed Description

The technical scheme of the invention is further specifically described by the following embodiments and the accompanying drawings.

Example (b):

the utility model provides an thing networking smart meter production test system, as shown in figure 1, include meter end 1, fortune dimension server end 2 and high in the clouds 3 that connect gradually through encrypting the communication, be connected with credible test fixture 4 on the meter end, credible test fixture is connected with cloud ware end through encrypting the communication. All the contents burnt into the MCU controller are verified, and all the communication is encrypted communication based on identity authentication, so that the safety of the production test link of the meter end is ensured.

The meter end comprises an MCU controller, as shown in FIG. 2, the MCU controller comprises a secure world part 5 and a non-secure world part 6, a trusted execution environment 7 is deployed in the secure world part, a non-secure environment 8 is deployed in the non-secure world part, a secure kernel module 9, a start loading module 10, an OTA upgrading module 13, a secure service module 11, a secure driver module 12 and a secure API interface module 14 are arranged in the trusted execution environment, and a user application CA module 15 and a non-secure kernel module 16 are arranged in the non-secure environment.

A security kernel module: creating, scheduling and communicating the multitasking thread, and creating an isolated security partition;

starting the loading module: starting application firmware according to a fixed sequence, and detecting a trust root, security attribute configuration, application firmware legality and application firmware update of the application firmware, wherein the application firmware comprises a secure application firmware and a non-secure application firmware;

and the trust root detection ensures the safety of the starting loading module, and after the meter end is electrified, the starting loading module is started first, and then the application firmware is started.

And starting a loading module to detect the MCU controller and a safety-related register, and judging whether the safety attribute configuration meets the requirement or not to ensure a safe hardware environment.

Before the loading module is started to start the application firmware, the signature carried by the application firmware is checked on line, the validity is judged, the application firmware is started, and the application firmware is verified every time the application firmware is started.

Before the loading module is started to start the application firmware, the information of the new application firmware is detected, the validity of the application firmware is verified through signature, the new application firmware replaces the old application firmware according to a rule, and then the new application firmware is started.

An OTA upgrading module: remotely upgrading the application firmware; the original application firmware is signed first with a signature algorithm and then encrypted. The meter end downloads the encrypted application firmware, verifies the signature after decrypting the application firmware, and restarts the meter end to update the firmware if the signature is legal.

A security service module: the system comprises a safe storage, an encryption and decryption library and a safe function functional module; different functional modules are used for different safety partitions without mutual interference.

The secure storage is used for encrypting sensitive information and storing the encrypted sensitive information in a secure storage area of the trusted execution environment TEE, wherein the sensitive information comprises a device ID, cloud authentication information, a secret key, metering data, money amount and the like. The encryption and decryption library provides encryption and decryption functions required by the system.

A safety driving module: the system comprises a hardware random number generator and a hardware encryption and decryption module which are carried out in a trusted execution environment; the system specifically comprises a hardware random number generator RNG, a hardware encryption and decryption module Cryptoto and other necessary drives. The hardware random number generator is used for generating true random numbers, and the hardware encryption and decryption module is used for improving the speed of the encryption and decryption algorithm.

A security API interface module: a resource call interface is provided between the trusted execution environment and the unsecure environment. And switching of the MCU controller between the safe world state and the non-safe world state is realized. The non-secure environment NSE may call a secure service on the trusted execution environment TEE side through the secure API interface, and the trusted execution environment TEE may also call a non-secure function on the NSE side.

A production test safety protection method for an Internet of things smart meter is shown in figure 3 and comprises the following steps,

s1, based on MCU controller trust root verification, burning and starting a loading module, a key pair and a user certificate; all the content burned into the MCU controller is verified, and the start loading module, the key pair and the user certificate are verified by the trust root of the MCU controller. The boot loading module adopts a fixed sequence boot mechanism to prevent the application firmware from entering the application area by bypassing a series of security checks of the boot loading module.

S2, starting a loading module to perform partition management on the flash, storing different data and codes in different partitions, initializing a security configuration register, and configuring a credible hardware environment;

s3, burning the encrypted application firmware, and decrypting and writing the application firmware into an application area; the specific process comprises the following steps:

s31, burning the encrypted application firmware;

s32, the application firmware is decrypted in the trusted execution environment by the starting loading module;

and S33, verifying whether the application firmware is legal or not through the signature, if so, sucking the application firmware into the application area, and if not, reporting an error. Because the key pair is led into the MCU controller before, the encrypted application firmware is burned into other MCU controllers and cannot be decrypted to run, and the safety of the burned application firmware is ensured.

S4, generating and burning cloud authentication information, and verifying the authentication information by a meter end; the specific process comprises the following steps:

s41, cloud end authentication information is generated by the cloud end, and the cloud end authentication information comprises an equipment ID, a cloud end application account and a cloud end application account password;

s42, the cloud sends the cloud authentication information to a credible test tool to be burnt to a meter end, and meanwhile the cloud registers to an operation and maintenance server end according to the cloud authentication information;

s43, the meter end sends a request for accessing the operation and maintenance server end, the operation and maintenance server end judges whether the meter end is registered, if so, a test command is sent to the meter end, the next step is carried out, and if not, test abnormity is prompted; the unregistered meter end cannot connect to the operation server.

And S44, the operation and maintenance server side judges whether the meter end response information is received or not, if so, the meter end is prompted to have normal functions and communication, the next step is carried out, and if not, the test abnormity is prompted.

And S5, setting a self-leaving factory mode, including a meter end closed DEBUG pin, and activating hardware read-write protection. After the MCU controller enters factory setting, the application firmware in the MCU controller cannot be read in any way, except that the OTA upgrading module cannot change the application firmware in the MCU controller in any way.

All communications in the process of the examination, test and safety protection method are encrypted communications based on identity authentication, and the specific process comprises the following steps:

a. the two communication parties hold own key pairs, CA root certificates and CA signed and issued user certificates, wherein the user certificates comprise the own public keys of the users, identity information and CA certificate signatures;

b. both communication parties establish a communication link and exchange respective certificates;

c. the two communication parties respectively carry out identity authentication on the other party; the specific process comprises the following steps:

c1. a communication party acquires a CA public key from a CA root certificate;

c2. and (4) verifying the user certificate of the other communication party by using the CA public key, if the user certificate of the other communication party passes the verification, judging that the user certificate of the other communication party is authentic, and entering the step S04, if the user certificate of the other communication party does not pass the verification, judging that the user certificate of the other communication party is not authentic, and reporting an error.

d. After the identity authentication is passed, the two communication parties use an asymmetric mode to carry out symmetric key agreement; the specific process comprises the following steps:

d1. both communication parties reach consensus in advance and use the same algorithm parameters;

d2. after the user certificate passes the verification, the two communication parties acquire the public key of the opposite party from the user certificate of the opposite party;

d3. a communication party generates a true random number by using hardware to generate a private parameter A;

d4. calculating a sharing parameter A by using the private parameter A according to an algorithm;

d5. the communication party packs the sharing parameter A and the algorithm description information, encrypts by using a public key of the communication party and sends the encrypted information to the communication party;

d6. the other party of the communication uses the private key to decrypt and obtain the sharing parameter A and the algorithm description information;

d7. repeating the steps d3-d6, generating a privacy parameter B by the other communication party, and obtaining a sharing parameter B and algorithm description information by the one communication party;

d8. the two communication parties use the same algorithm to calculate the same secret key according to the private parameter of the two communication parties and the sharing parameter of the other communication party, and the secret key is used as a symmetric encryption key for subsequent communication.

e. And encrypting and decrypting the information in communication according to the calculated symmetric encryption.

As shown in fig. 4, the following description will be made specifically by taking an example of the user a and the user B.

User a includes a CA root certificate, a user certificate a, and a key pair, which includes a public key a and a key a. User B includes a CA root certificate, a user certificate B, and a key pair, which includes a public key B and a key B. In addition, user a and user B agree in advance and use the same algorithm parameters.

User A and user B establish a communication link and send respective user credentials to each other, i.e. exchange respective user credentials.

And the two communication parties carry out identity authentication. A user A acquires a CA public key from a CA root certificate; and verifying the user certificate of the communication user B by using the CA public key, judging the user certificate of the user B to be authentic if the user certificate of the communication user B passes the verification, judging the user certificate of the user B to be non-authentic if the user certificate of the communication user B does not pass the verification, and reporting an error. Similarly, the user B acquires a CA public key from the CA root certificate; and verifying the user certificate of the communication user A by using the CA public key, if the user certificate of the communication user A passes the verification, judging the user certificate of the user A to be authentic, if the user certificate of the communication user A does not pass the verification, judging the user certificate of the user A to be non-authentic, and reporting an error.

After passing the identity authentication, the user A acquires the public key B from the user certificate of the user B, and the user B acquires the public key A from the user certificate of the user A.

The user A generates a true random number by using hardware to generate a private parameter A, and the private parameter A is used for calculating a sharing parameter A according to an algorithm.

And the user A packs the sharing parameter A and the algorithm description information, encrypts by using the public key B of the user B and sends the encrypted public key B to the user B.

And the user B uses the private key of the user B for decryption to obtain the sharing parameter A and the algorithm description information.

Similarly, by adopting the steps, the user B generates the private parameter B, and the user A obtains the shared parameter B and the algorithm description information.

And the user A and the user B use the same algorithm to calculate the same secret key according to the private parameter of the user A and the sharing parameter of the other party, and the secret key is used as a symmetric encryption key for subsequent communication.

The method combines the advantages of symmetric encryption and asymmetric encryption. A symmetric key is negotiated through an asymmetric encryption mode, and subsequent communication encryption and decryption are carried out, so that not only is the safety improved, but also the speed and efficiency ratio is improved.

The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made to the described embodiments or alternatives may be employed by those skilled in the art without departing from the spirit or ambit of the invention as defined in the appended claims.

Although the terms meter side, operation and maintenance server side, cloud side, trusted test fixture 5-part of the secure world are used more often herein, the possibility of using other terms is not excluded. These terms are used merely to more conveniently describe and explain the nature of the present invention; they are to be construed as being without limitation to any additional limitations that may be imposed by the spirit of the present invention.

Claims (8)

1. The utility model provides a thing networking smart meter production test system which characterized in that: the meter comprises a meter end (1), an operation and maintenance server end (2) and a cloud end (3) which are sequentially connected through encrypted communication, wherein a trusted test tool (4) is connected to the meter end, the trusted test tool is connected with a cloud device end through the encrypted communication, the meter end comprises an MCU (microprogrammed control unit) controller, the MCU controller comprises a safe world part (5) and an unsafe world part (6), a trusted execution environment (7) is deployed at the safe world part, an unsafe environment (8) is deployed at the unsafe world part, a safe kernel module (9), a starting loading module (10), an OTA upgrading module (13), a safe service module (11), a safe driving module (12) and a safe API interface module (14) are arranged in the trusted execution environment, and a user application CA module (15) and a non-safe kernel module (16) are arranged in the unsafe environment.

2. The safety protection method for the production test of the Internet of things intelligent meter adopts the system in claim 1, and is characterized in that: comprises the following steps of (a) carrying out,

s1, based on MCU controller trust root verification, burning and starting a loading module, a key pair and a user certificate;

s2, starting a loading module to perform partition management on the flash, and initializing a security configuration register;

s3, burning the encrypted application firmware, and decrypting and writing the application firmware into an application area;

s4, generating and burning cloud authentication information, and verifying the authentication information by a meter end;

and S5, setting a self-delivery mode.

3. The safety protection method for the production test of the internet of things smart meter according to claim 2, wherein the specific process of the step S3 comprises the following steps:

s31, burning the encrypted application firmware;

s32, the application firmware is decrypted in the trusted execution environment by the starting loading module;

and S33, verifying whether the application firmware is legal or not through the signature, if so, sucking the application firmware into the application area, and if not, reporting an error.

4. The safety protection method for the production test of the internet of things smart meter according to claim 2, wherein the specific process of the step S4 comprises the following steps:

s41, cloud end authentication information is generated by the cloud end, and the cloud end authentication information comprises an equipment ID, a cloud end application account and a cloud end application account password;

s42, the cloud sends the cloud authentication information to a credible test tool to be burnt to a meter end, and meanwhile the cloud registers to an operation and maintenance server end according to the cloud authentication information;

s43, the meter end sends a request for accessing the operation and maintenance server end, the operation and maintenance server end judges whether the meter end is registered, if so, a test command is sent to the meter end, the next step is carried out, and if not, test abnormity is prompted;

and S44, the operation and maintenance server side judges whether the meter end response information is received or not, if so, the meter end is prompted to have normal functions and communication, the next step is carried out, and if not, the test abnormity is prompted.

5. The safety protection method for the production test of the internet of things smart meter according to claim 2, wherein the specific process of the step S5 comprises the following steps: and (4) closing a DEBUG pin at the meter end, and activating hardware read-write protection.

6. The production test safety protection method for the internet of things smart meter according to any one of claims 2 to 5, wherein the specific process of encrypted communication comprises the following steps:

a. the two communication parties hold own key pairs, CA root certificates and CA signed and issued user certificates, wherein the user certificates comprise the own public keys of the users, identity information and CA certificate signatures;

b. both communication parties establish a communication link and exchange respective certificates;

c. the two communication parties respectively carry out identity authentication on the other party;

d. after the identity authentication is passed, the two communication parties use an asymmetric mode to carry out symmetric key agreement;

e. and encrypting and decrypting the information in communication according to the calculated symmetric encryption.

7. The production test safety protection method for the Internet of things smart meter according to claim 6, wherein the specific process of the step c comprises the following steps:

c1. a communication party acquires a CA public key from a CA root certificate;

c2. and (4) verifying the user certificate of the other communication party by using the CA public key, if the user certificate of the other communication party passes the verification, judging that the user certificate of the other communication party is authentic, and entering the step S04, if the user certificate of the other communication party does not pass the verification, judging that the user certificate of the other communication party is not authentic, and reporting an error.

8. The production test safety protection method for the Internet of things smart meter according to claim 6, wherein the specific process of the step d comprises the following steps:

d1. both communication parties reach consensus in advance and use the same algorithm parameters;

d2. after the user certificate passes the verification, the two communication parties acquire the public key of the opposite party from the user certificate of the opposite party;

d3. a communication party generates a true random number by using hardware to generate a private parameter A;

d4. calculating a sharing parameter A by using the private parameter A according to an algorithm;

d5. the communication party packs the sharing parameter A and the algorithm description information, encrypts by using a public key of the communication party and sends the encrypted information to the communication party;

d6. the other party of the communication uses the private key to decrypt and obtain the sharing parameter A and the algorithm description information;

d7. repeating the steps d3-d6, generating a privacy parameter B by the other communication party, and obtaining a sharing parameter B and algorithm description information by the one communication party;

d8. the two communication parties use the same algorithm to calculate the same secret key according to the private parameter of the two communication parties and the sharing parameter of the other communication party, and the secret key is used as a symmetric encryption key for subsequent communication.

Images