CN112600789A - Information transmission method and device, electric power metering equipment and storage medium - Google Patents

Information transmission method and device, electric power metering equipment and storage medium Download PDF

Info

Publication number
CN112600789A
CN112600789A CN202011296679.5A CN202011296679A CN112600789A CN 112600789 A CN112600789 A CN 112600789A CN 202011296679 A CN202011296679 A CN 202011296679A CN 112600789 A CN112600789 A CN 112600789A
Authority
CN
China
Prior art keywords
security
information
safety
control information
zone
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011296679.5A
Other languages
Chinese (zh)
Other versions
CN112600789B (en
Inventor
张文瀚
詹卫许
张育辉
王武
代庆
杨军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southern Power Grid Digital Grid Research Institute Co Ltd
Original Assignee
Southern Power Grid Digital Grid Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southern Power Grid Digital Grid Research Institute Co Ltd filed Critical Southern Power Grid Digital Grid Research Institute Co Ltd
Priority to CN202011296679.5A priority Critical patent/CN112600789B/en
Publication of CN112600789A publication Critical patent/CN112600789A/en
Application granted granted Critical
Publication of CN112600789B publication Critical patent/CN112600789B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Remote Monitoring And Control Of Power-Distribution Networks (AREA)

Abstract

The information transmission method receives operation information and control information in a power grid through a safety access area, the operation information is the operation state of non-control equipment in the power grid, human interference factors and the like are few, the information safety coefficient is high, the control information needs to be processed by different control nodes and different workers, and the information safety coefficient is low. Therefore, the operation information is directly transmitted to the target safety area, and the control information is sequentially transmitted from the safety access area to the target safety area through different safety areas according to the sequence of the safety levels from low to high, so that on the premise of ensuring the safety of power information transmission, the transmission efficiency of the information is greatly improved by reducing the transmission nodes of the operation information, the technical problem of low real-time performance of current power information transmission is solved, and the technical effect of improving the real-time performance of power information transmission is achieved.

Description

Information transmission method and device, electric power metering equipment and storage medium
Technical Field
The present application relates to the field of power grid security technologies, and in particular, to an information transmission method and apparatus, a power metering device, and a storage medium.
Background
Along with the construction of an electric power information system, the safety of electric power information is concerned, a metering automation system is developed in response, the metering automation system is a bridge for constructing electric power operation and distribution integrated application, the functions of metering and remote measuring of a transformer substation, user load management, distribution transformer metering monitoring, low-voltage centralized meter reading and the like can be realized, the power utilization condition of a user can be acquired in time, and data is analyzed and processed, so that the metering accuracy and timeliness are improved. Meanwhile, the metering automation system can also provide accurate and reliable data in the aspects of power utilization management and line loss management, so that the problem of metering faults can be found in time, and users can be guided and supervised safely, reasonably and scientifically power utilization according to the method.
The metering automation system belongs to the category of electric power monitoring systems and needs to accord with the safety protection principle. Current measurement automation system carries out information acquisition through collection equipment etc. to the consumer in the electric wire netting, then gets into the intranet that is used for analysis management through public network with the information of gathering, need pass through safe access district, safe I district, safe II district and safe III district in the information transmission process from public network to the intranet, all be provided with the net floodgate between every safe district, pierce through this net floodgate and need consume more than 5 seconds at least to it is low to lead to current electric power information transmission real-time.
Disclosure of Invention
In view of the above, it is necessary to provide an information transmission method, an information transmission apparatus, a power metering device, and a storage medium.
In a first aspect, an information transmission method is provided, which is applied to an electric power metering device, where the electric power metering device includes a security access area and a plurality of security areas that are isolated from each other, and security levels of the plurality of security areas are different, and the method includes:
receiving operation information and control information through a safety access area, wherein the operation information is used for representing the operation state of non-control equipment in a power grid, and the control information is used for representing the action state of control equipment in the power grid;
directly transmitting the operation information from the security access area to a target security area, wherein the target security area is the security area with the highest security level in the plurality of security areas;
the control information is transmitted from the security access area to the target security area through different security areas in sequence according to the security level from low to high;
and storing the operation information and the control information transmitted to the target safety zone in a database.
In an optional embodiment of the present application, the plurality of security zones include a first security zone, a second security zone, and a third security zone, where the first security zone is a security zone with a lowest security level, and the third security zone is a security zone with a highest security level, and the control information is transmitted from the security access zone to the target security zone through different security zones in sequence from the lowest security level to the highest security level, including: sending the control information to a first safety zone; performing first safety processing on the control information through a first gatekeeper; sending the control information subjected to the first safety processing to a second safety area; performing second safety processing on the control information through a second gatekeeper; and sending the control information subjected to the second safety processing to a target safety area.
In an alternative embodiment of the present application, the first security process is an entitlement authentication process and the second security process is a security audit process.
In an optional embodiment of the present application, the receiving the operation information and the control information through the secure access area includes: receiving operation information through an operation gateway proxy; control information is received by the control gateway proxy.
In an optional embodiment of the present application, the directly transmitting the operation information from the security access area to the target security area includes: and directly transmitting the operation information to the target safety zone through the operation gateway proxy.
In an optional embodiment of the present application, sending the control information to the first security zone comprises: the control information is sent to the first security zone by the control gateway proxy.
In an optional embodiment of the present application, further comprising: writing the control information which does not pass the first safety processing and/or the second safety processing into a blacklist; and forbidding the control information in the blacklist to transmit the first safety zone, the second safety zone and the third safety zone.
In a second aspect, there is provided an information transmission apparatus, the apparatus comprising: the device comprises an information receiving module, a first transmission module, a second transmission module and a storage module.
The information receiving module is used for receiving operation information and control information through the security access area, wherein the operation information is used for representing the operation state of non-control equipment in the power grid, and the control information is used for representing the action state of control equipment in the power grid.
The first transmission module is used for directly transmitting the operation information from the security access area to a target security area, and the target security area is the security area with the highest security level in the plurality of security areas.
The second transmission module is used for transmitting the control information from the security access area to the target security area through different security areas in sequence from low security level to high security level.
The storage module is used for storing the operation information and the control information transmitted to the target safety zone in a database.
In an optional embodiment of the present application, the second transmission module comprises: the transmission device comprises a first sub transmission module, a second sub transmission module, a third sub transmission module, a fourth sub transmission module and a fifth sub transmission module. The first sub-transmission module is used for sending the control information to the first safety zone. The second sub-transmission module is used for carrying out first safety processing on the control information through the first gatekeeper. The third sub-transmission module is used for sending the control information subjected to the first safety processing to the second safety area. The fourth sub-transmission module is used for carrying out second safety processing on the control information through the second gatekeeper. The fifth sub-transmission module is used for sending the control information subjected to the second safety processing to the target safety area.
In an alternative embodiment of the present application, the first security process is an entitlement authentication process and the second security process is a security audit process.
In an optional embodiment of the present application, the information receiving module includes: the device comprises a first sub information receiving module and a second sub information receiving module. The first sub information receiving module is used for receiving the operation information through the operation gateway proxy. The second sub information receiving module is used for receiving control information through the control gateway proxy.
In an optional embodiment of the present application, the first transmission module is specifically configured to transmit the operation information directly to the target security zone through the operation gateway proxy.
In an optional embodiment of the present application, the first sub-transmission module is specifically configured to send the control information to the first security zone through the control gateway proxy.
In an optional embodiment of the present application, the second transmission module further comprises: a sixth sub-transmission module and a seventh sub-transmission module. The sixth sub-transmission module is used for writing the control information which does not pass the first safety processing and/or the second safety processing into a blacklist. The seventh sub-transmission module is configured to prohibit transmission of the first security zone, the second security zone, and the third security zone by the control information in the blacklist.
In a third aspect, there is provided a power metering device comprising a memory and a processor, the memory storing a computer program, the processor implementing the steps of the method as above when executing the computer program.
In a fourth aspect, a computer-readable storage medium is provided, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method as above.
The embodiment of the application provides an information transmission method, operation information and control information in a power grid are received through a security access area, the operation information is the operation state of non-control equipment in the power grid, human interference factors and other interference factors are few, the information security coefficient is high, the control information needs to be processed by different control nodes and different workers, and the information security coefficient is low. Therefore, the operation information is directly transmitted to the target safety area, and the control information is sequentially transmitted from the safety access area to the target safety area through different safety areas according to the sequence of the safety levels from low to high, so that on the premise of ensuring the safety of power information transmission, the transmission efficiency of the information is greatly improved by reducing the transmission nodes of the operation information, the technical problem of low real-time performance of current power information transmission is solved, and the technical effect of improving the real-time performance of power information transmission is achieved.
Drawings
FIG. 1 is a diagram of an exemplary embodiment of a method for transferring information;
FIG. 2 is a flow chart illustrating a method of information transfer according to an embodiment;
FIG. 3 is a flow chart illustrating a method of information transfer according to an embodiment;
FIG. 4 is a flow chart illustrating a method of information transfer according to an embodiment;
FIG. 5 is a block diagram showing the structure of an information transmission apparatus according to an embodiment;
fig. 6 is a block diagram showing the structure of the electric power metering device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
At present, with the construction of an electric power information system, the safety of electric power information is concerned, a metering automation system is developed in response, the metering automation system is a bridge for constructing electric power operation and distribution integrated application, the functions of metering and remote measuring of a transformer substation, user load management, distribution and transformation metering monitoring, low-voltage centralized reading and the like can be realized, the power utilization condition of a user can be acquired in time, and data is analyzed and processed, so that the metering accuracy and timeliness are improved. The metering automation system belongs to the category of electric power monitoring systems and needs to accord with the safety protection principle. Current measurement automation system carries out information acquisition through collection equipment etc. to the consumer in the electric wire netting, then gets into the intranet that is used for analysis management through public network with the information of gathering, need pass through safe access district, safe I district, safe II district and safe III district in the information transmission process from public network to the intranet, all be provided with the net floodgate between every safe district, pierce through this net floodgate and need consume more than 5 seconds at least to it is low to lead to current electric power information transmission real-time.
In view of this, an embodiment of the present application provides an information transmission method, where operation information and control information in a power grid are received through a security access area, where the operation information is an operation state of a non-control device in the power grid, human and other interference factors are few, an information security coefficient is higher, and the control information needs to be processed by different control nodes and different workers, and the information security coefficient is lower. Therefore, the operation information is directly transmitted to the target safety area, and the control information is sequentially transmitted from the safety access area to the target safety area through different safety areas according to the sequence of the safety levels from low to high, so that on the premise of ensuring the safety of power information transmission, the transmission efficiency of the information is greatly improved by reducing the transmission nodes of the operation information, the technical problem of low real-time performance of current power information transmission is solved, and the technical effect of improving the real-time performance of power information transmission is achieved.
In the following, a brief description will be given of an implementation environment related to the information transmission method provided in the embodiments of the present application.
Referring to fig. 1, an information transmission method provided in an embodiment of the present application is applied to an electric power metering device, where the electric power metering device includes: the system comprises a master station device, a communication device and a plurality of terminal devices, wherein the plurality of terminal devices are in communication connection with the master station device through the communication device, and can comprise a station terminal, a special transformer terminal, a public transformer terminal, a low-voltage centralized meter reading terminal and the like, and the plurality of terminal devices are respectively used for receiving power information of different nodes and different power devices in a power grid and transmitting the power information to the master station device through the communication device for analysis and processing. The main station equipment comprises a safety access area and a plurality of safety areas which are isolated from each other, wherein the safety levels of the safety areas are different, and the safety areas are used for processing power information with different safety levels. The following embodiments describe the information transmission method in detail with the power metering apparatus as an execution subject.
Referring to fig. 2, an embodiment of the present application provides an information transmission method, including the following steps 201 to 204:
step 201, the electric power metering device receives operation information and control information through a security access area.
The method comprises the steps that acquisition equipment in the power grid acquires power information of different nodes or different power equipment in the power grid, wherein the power information comprises operation information and control information, the operation information is used for representing the operation state of non-control equipment in the power grid, and the control information is used for representing the action state of control equipment in the power grid. It should be noted that the control device may be a controller, an opening/closing device, a breaker, or the like, and the non-control device may be any device other than the control device such as a controller, an opening/closing device, a breaker, or the like, for example, a cable, a transformer, a tower pole, or the like. The collection device sends collected operation information, control information and the like to the electric power metering device through communication equipment and the like. The electric power metering equipment comprises a safety access area and a plurality of safety areas which are isolated from each other, receives operation information and control information from different nodes or different equipment through internal terminal equipment, and transmits the operation information and the control information to the safety access area through communication equipment.
Step 202, the power metering device directly transmits the operation information from the security access area to the target security area.
The electric power metering equipment comprises a safety access area and a plurality of safety areas which are isolated from each other, the safety levels of the safety areas are different, the target safety area is the safety area with the highest safety level in the safety areas, and all electric power information is integrated and comprehensively managed in the target safety area. And the safety access area and the plurality of safety areas are safely isolated through a container or a virtual machine. The plurality of safety zones are sequentially arranged according to the safety levels from small to large, and in the traditional scheme, all the electric power information sequentially passes through the plurality of safety zones which are sequentially arranged according to the safety levels from small to large. The running information in the power information is the running state of the non-control equipment in the power grid, human and other interference factors are few, and the information safety factor is higher, so that in the embodiment, the running information does not pass through an intermediate transition safety zone, is directly transmitted to a target safety zone from a safety access zone through communication equipment and the like, namely the safety zone with the highest safety level, so that the transmission efficiency of the running information is greatly improved, and the transmission efficiency of the power information is greatly improved.
And 203, the electric power metering equipment transmits the control information to the target safety area from the safety access area through different safety areas in sequence from low to high in safety level.
After receiving the control information, the electric power metering equipment firstly sends the control information to a safety area with the lowest safety level, and firstly carries out primary safety processing on the control information in the safety area with the lowest safety level. And then, sending the control information subjected to the primary security processing to a security zone with a higher security level through communication equipment and the like for further security processing, and so on until the control information is sent to the target security zone, namely the security zone with the highest security level. The control information needs to be processed by different control nodes and different workers, and the information safety factor is low, so that the control information sequentially passes through different safety zones to be safely processed and then enters a target safety zone through the transmission mode, and the safety of the power information and the safety of the power grid information processing system are guaranteed to the greatest extent.
And step 204, the power metering equipment stores the operation information and the control information transmitted to the target safety zone in a database.
The operation information is transmitted to a target safety zone through the safety zones with different safety levels, namely the safety zone with the highest safety level, and the operation information and the control information are stored in the target safety zone after being subjected to safety processing. Then, in the target security zone, the operation information and the control information are transmitted to a database for storage via a communication device or the like. It should be noted that the database in this embodiment may be a general database, or may also be a publishing database, where the publishing database is directly interfaced with an information processing platform in a power grid, so as to directly send the operation information and the control information stored in the database to the information processing platform for further processing of the information. The database can effectively relieve the pressure of the information processing platform on the information processing peak value, so that the stability of information transmission between the electric power metering equipment and the information processing platform is improved.
According to the information transmission method provided by the embodiment of the application, the operation information and the control information in the power grid are received through the security access area, the operation information is the operation state of non-control equipment in the power grid, interference factors such as man-made interference and the like are few, the information security coefficient is high, the control information needs to be processed by different control nodes and different workers, and the information security coefficient is low. Therefore, the operation information is directly transmitted to the target safety area, and the control information is sequentially transmitted from the safety access area to the target safety area through different safety areas according to the sequence of the safety levels from low to high, so that on the premise of ensuring the safety of power information transmission, the transmission efficiency of the information is greatly improved by reducing the transmission nodes of the operation information, the technical problem of low real-time performance of current power information transmission is solved, and the technical effect of improving the real-time performance of power information transmission is achieved.
Referring to fig. 3, in an alternative embodiment of the present application, the plurality of security zones includes a first security zone, a second security zone, and a third security zone, the first security zone is the security zone with the lowest security level, and the third security zone is the security zone with the highest security level. It is noted that the plurality of security zones are all located in the master device of the power metering device. Step 203 comprises steps 301-305:
step 301, the power metering device sends control information to a first safety zone.
The terminal device in the power metering device transmits the control information to the first security zone of the master device through a communication device or the like. The first security zone is the security zone with the lowest security level, and only more than 90% of information passing through the security access zone can enter the first security zone.
Step 302, the electric power metering device performs a first security process on the control information through the first gatekeeper.
The first security zone is provided with a first gateway, and after the control information enters the first security zone, the first gateway performs first security processing on the control information, such as Trojan horse checking and killing processing, authority identification processing and the like, wherein different authority identification processing, such as identity authentication, control verification, instruction verification, fee control key verification and the like, can be performed in the authority identification processing process, so as to further improve the security of the control information. The specific processing type of the first safety processing is not further limited in this embodiment, and may be specifically selected or set according to actual situations.
Step 303, the power metering device sends the control information subjected to the first safety processing to the second safety area.
The electric power metering equipment sends the control information subjected to the first safety processing in the first safety zone to the second safety zone through communication equipment and the like, the safety level of the second safety zone is between the first safety zone and the third safety zone, and the second safety zone is a transition buffer zone of the first safety zone and the third safety zone.
And step 304, the electric power metering equipment performs second safety processing on the control information through a second network gate.
And a second gateway is arranged in the second security area, and after the control information enters the second security area, the second gateway performs second security processing on the control information, such as security isolation processing, kernel protection processing, protocol conversion processing, security audit processing and the like, so as to improve the security of the control information. The security audit can include processes such as encryption, decryption, CRC data check and the like on the control information, so as to further improve the security of the control information. The second safety process is not particularly limited in this embodiment, and may be specifically selected or set according to actual situations.
Step 305, the electric power metering device sends the control information subjected to the second safety processing to the target safety zone.
The control information subjected to the first safety processing and the second safety processing has high safety and completely meets the safety level requirement of a power grid, so that the control information subjected to the first safety processing and the second safety processing in sequence is sent to a target safety area to be stored or further issued to a power grid information processing platform, the power grid information processing platform or an internal network cannot be damaged, and the safety is high.
With continuing reference to fig. 3, in an alternative embodiment of the present application, step 203 further includes steps 306-307:
and step 306, the power metering equipment writes the control information which does not pass the first safety processing and/or the second safety processing into a blacklist.
The control information processed through the first security processing smoothly enters the second security area, and the control information entering the second security area can also smoothly enter the third security area after the second security processing, and is stored or issued in the third security area. However, when the control information of the first security zone does not pass the first security process of the first gatekeeper, the power metering device disconnects further transmission of the control information, writes the control information into the blacklist, and prohibits the control information in the blacklist by using a policy, so as to prevent reconnection or transmission of the control information from damaging the security of information transmission of the power grid system, thereby further improving the security of information transmission in the embodiment.
Step 307, the power metering device prohibits the control information in the blacklist from transmitting the first safety zone, the second safety zone and the third safety zone.
When the control information does not pass the first security processing, the control information is written into a blacklist, and the control information is prohibited from being further transmitted to the second security zone by using a policy, so that the control information does not enter the third security zone. When the control information passes the first security processing but does not pass the second security processing, the control information is written into a blacklist, and the control information is prohibited from being further transmitted to the third security area by using a policy, so that the security of information transmission of the power grid system is ensured, and the security of information transmission in the embodiment is further improved.
Referring to fig. 4, in an alternative embodiment of the present application, step 201 specifically includes steps 401 to 402:
step 401, the power metering device receives operation information through an operation gateway proxy.
The power information received by the terminal devices is classified by a load balancer or other devices with information classification functions and is respectively sent to different proxy gateways, and the different proxy gateways receive information matched with the proxy gateways through preset protocols and the like. In this embodiment, the load balancer divides the power information into operation information and control information, and sends the operation information to the operation gateway agent through the communication device or the communication gateway, and the operation gateway agent receives the operation information, thereby completing the classification and reception of the operation information in the power information. The storage module stores the operation information through a EMS memory message queue to realize the persistence of the operation information, thereby ensuring the upper program failure and not influencing the data of the bottom program, combining the message queue arrangement processing algorithm to ensure the stability of data processing, reducing the peak performance pressure of the network and improving the speed and quality of data interaction.
Step 402, the power metering device receives control information through a control gateway proxy.
The load balancer classifies the power information in the plurality of terminal devices, divides the power information into operation information and control information, and sends the control information to the control gateway, and the control gateway receives the control information through a preset protocol, so that the classification and the receiving of the control information in the power information are completed. The control information is stored in the storage module through a message queue of memory, so that the persistence of the control information is realized, the faults of an upper layer program are guaranteed, the data of a bottom layer program are not influenced, the stability of data processing is guaranteed by combining a message queue arrangement processing algorithm, the peak performance pressure of a network is reduced, and the speed and the quality of data interaction are improved. It should be noted that the control gateway agent and the running gateway agent may be safely isolated by a container, a virtual machine, etc. to ensure that each gateway agent may run independently without interfering with each other, so as to further improve the security of information transmission of the present application.
In an optional embodiment of the present application, the step 202 specifically includes: and the power metering equipment directly transmits the operation information to the target safety zone through the operation gateway proxy.
The load balancer classifies the power information, divides the power information into operation information and control information, is provided with an operation gateway proxy and a control gateway proxy in a security access area, the operation gateway proxy is matched with the operation information, sends the operation information to the operation gateway proxy, and the operation gateway proxy receives the operation information and transmits the operation information to a target security area through communication equipment and the like.
In an alternative embodiment of the present application, step 301 comprises: and the power metering equipment sends the control information to the first safety zone through the control gateway proxy.
The load balancer classifies the power information, divides the power information into operation information and control information, is provided with an operation gateway proxy and a control gateway proxy in a security access area, the control gateway proxy is matched with the control information, sends the control information to the control gateway proxy, and the control gateway proxy receives the control information and transmits the control information to a first security area through communication equipment and the like.
It should be understood that, although the steps in the flowchart are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in the figures may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of execution of the steps or stages is not necessarily sequential, but may be performed alternately or in alternation with other steps or at least some of the other steps or stages.
Referring to fig. 5, an embodiment of the present application provides an information transmission apparatus 10, including: the information receiving module 100, the first transmission module 200, the second transmission module 300 and the storage module 400.
The information receiving module 100 is configured to receive operation information and control information through a security access area, where the operation information is used to represent an operation state of a non-control device in a power grid, and the control information is used to represent an action state of a control device in the power grid.
The first transmission module 200 is configured to transmit the operation information from the security access area directly to a target security area, where the target security area is a security area with a highest security level among the plurality of security areas.
The second transmission module 300 is configured to transmit the control information from the security access area to the target security area sequentially through different security areas according to a sequence from a low security level to a high security level.
The storage module 400 is used to store the operation information and the control information transferred into the target security zone in a database.
In an optional embodiment of the present application, the second transmission module 300 includes: the transmission device comprises a first sub transmission module, a second sub transmission module, a third sub transmission module, a fourth sub transmission module and a fifth sub transmission module.
The first sub-transmission module is used for sending the control information to the first safety zone.
The second sub-transmission module is used for carrying out first safety processing on the control information through the first gatekeeper.
The third sub-transmission module is used for sending the control information subjected to the first safety processing to the second safety area.
The fourth sub-transmission module is used for carrying out second safety processing on the control information through the second gatekeeper.
The fifth sub-transmission module is used for sending the control information subjected to the second safety processing to the target safety area.
In an alternative embodiment of the present application, the first security process is an entitlement authentication process and the second security process is a security audit process.
In an optional embodiment of the present application, the information receiving module 100 includes: the device comprises a first sub information receiving module and a second sub information receiving module.
The first sub information receiving module is used for receiving the operation information through the operation gateway proxy.
The second sub information receiving module is used for receiving control information through the control gateway proxy.
In an optional embodiment of the present application, the first transmission module 200 is specifically configured to transmit the operation information directly to the target security zone through the operation gateway proxy.
In an optional embodiment of the present application, the first sub-transmission module is specifically configured to send the control information to the first security zone through the control gateway proxy.
In an optional embodiment of the present application, the second transmission module 300 further includes: a sixth sub-transmission module and a seventh sub-transmission module.
The sixth sub-transmission module is used for writing the control information which does not pass the first safety processing and/or the second safety processing into a blacklist.
The seventh sub-transmission module is configured to prohibit transmission of the first security zone, the second security zone, and the third security zone by the control information in the blacklist.
For specific limitations of the information transmission device 10, reference may be made to the above limitations of the information transmission method, which are not described in detail herein. The respective modules in the above-described information transmission apparatus 10 may be implemented in whole or in part by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the power metering equipment, and can also be stored in a memory in the power metering equipment in a software form, so that the processor can call and execute the corresponding operations of the modules.
Fig. 6 is a schematic diagram of an internal structure of an electric power metering device in an embodiment of the present application, where the electric power metering device may be a server. As shown in fig. 6, the power metering device includes a processor, a memory, and a communication component connected by a system bus. Wherein, the processor is used for providing calculation and control capability and supporting the operation of the whole power metering equipment. The memory may include a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The computer program can be executed by a processor to implement an information transmission method provided by the above embodiments. The internal memory provides a cached execution environment for the operating system and computer programs in the non-volatile storage medium. The power metering device may communicate with other power metering devices (e.g., STAs) through the communication component.
It will be understood by those skilled in the art that the configuration shown in fig. 6 is a block diagram of only a portion of the configuration associated with the present application, and does not constitute a limitation on the power metering device to which the present application is applied, and a particular power metering device may include more or less components than those shown in the drawings, or combine certain components, or have a different arrangement of components.
In one embodiment, there is provided an electricity metering apparatus comprising: the system comprises a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to realize the following steps:
receiving operation information and control information through a safety access area, wherein the operation information is used for representing the operation state of non-control equipment in a power grid, and the control information is used for representing the action state of control equipment in the power grid;
directly transmitting the operation information from the security access area to a target security area, wherein the target security area is the security area with the highest security level in the plurality of security areas;
the control information is transmitted from the security access area to the target security area through different security areas in sequence according to the security level from low to high;
and storing the operation information and the control information transmitted to the target safety zone in a database.
In one embodiment of the application, the processor when executing the computer program further performs the steps of: sending the control information to a first safety zone; performing first safety processing on the control information through a first gatekeeper; sending the control information subjected to the first safety processing to a second safety area; performing second safety processing on the control information through a second gatekeeper; and sending the control information subjected to the second safety processing to a target safety area.
In one embodiment of the application, the processor when executing the computer program further performs the steps of: the first security process is a permission authentication process, and the second security process is a security audit process.
In one embodiment of the application, the processor when executing the computer program further performs the steps of: receiving operation information through an operation gateway proxy; control information is received by the control gateway proxy.
In one embodiment of the application, the processor when executing the computer program further performs the steps of: and directly transmitting the operation information to the target safety zone through the operation gateway proxy.
In one embodiment of the application, the processor when executing the computer program further performs the steps of: the control information is sent to the first security zone by the control gateway proxy.
In one embodiment of the application, the processor when executing the computer program further performs the steps of: writing the control information which does not pass the first safety processing and/or the second safety processing into a blacklist; and forbidding the control information in the blacklist to transmit the first safety zone, the second safety zone and the third safety zone.
The implementation principle and technical effect of the power metering device provided by the embodiment of the application are similar to those of the method embodiment, and are not repeated herein.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
receiving operation information and control information through a safety access area, wherein the operation information is used for representing the operation state of non-control equipment in a power grid, and the control information is used for representing the action state of control equipment in the power grid;
directly transmitting the operation information from the security access area to a target security area, wherein the target security area is the security area with the highest security level in the plurality of security areas;
the control information is transmitted from the security access area to the target security area through different security areas in sequence according to the security level from low to high;
and storing the operation information and the control information transmitted to the target safety zone in a database.
In one embodiment of the application, the computer program when executed by the processor further performs the steps of: sending the control information to a first safety zone; performing first safety processing on the control information through a first gatekeeper; sending the control information subjected to the first safety processing to a second safety area; performing second safety processing on the control information through a second gatekeeper; and sending the control information subjected to the second safety processing to a target safety area.
In one embodiment of the present application, the first security process is an entitlement authentication process and the second security process is a security audit process.
In one embodiment of the application, the computer program when executed by the processor further performs the steps of: receiving operation information through an operation gateway proxy; control information is received by the control gateway proxy.
In one embodiment of the application, the computer program when executed by the processor further performs the steps of: and directly transmitting the operation information to the target safety zone through the operation gateway proxy.
In one embodiment of the application, the computer program when executed by the processor further performs the steps of: the control information is sent to the first security zone by the control gateway proxy.
In one embodiment of the application, the computer program when executed by the processor further performs the steps of: writing the control information which does not pass the first safety processing and/or the second safety processing into a blacklist; and forbidding the control information in the blacklist to transmit the first safety zone, the second safety zone and the third safety zone.
The implementation principle and technical effect of the computer-readable storage medium provided by this embodiment are similar to those of the above-described method embodiment, and are not described herein again.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware related to instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in M forms, such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), synchronous Link (SyMchliMk) DRAM (SLDRAM), RaMbus (RaMbus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above examples only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. An information transmission method is applied to an electric power metering device, the electric power metering device comprises a safety access area and a plurality of safety areas which are isolated from each other, and the safety levels of the plurality of safety areas are different, and the method comprises the following steps:
receiving operation information and control information through the safety access area, wherein the operation information is used for representing the operation state of non-control equipment in the power grid, and the control information is used for representing the action state of control equipment in the power grid;
directly transmitting the operation information from the security access area to a target security area, wherein the target security area is a security area with the highest security level in the plurality of security areas;
the control information is transmitted to the target safety zone from the safety access zone through different safety zones in sequence from low to high in safety level;
storing the operation information and the control information transmitted into the target safety zone in a database.
2. The information transmission method according to claim 1, wherein the plurality of security zones include a first security zone, a second security zone and a third security zone, the first security zone is a security zone with a lowest security level, the third security zone is a security zone with a highest security level, and the transmitting the control information from the security access zone to the target security zone sequentially through different security zones in descending order of security level comprises:
sending the control information to a first safety zone;
performing first safety processing on the control information through a first gatekeeper;
sending the control information subjected to the first safety processing to a second safety area;
performing second safety processing on the control information through a second gatekeeper;
and sending the control information subjected to the second safety processing to the target safety zone.
3. The information transmission method according to claim 2, wherein the first security process is an authority authentication process, and the second security process is a security audit process.
4. The information transmission method according to claim 1, wherein the receiving operation information and control information through the secure access area includes:
receiving the operation information through an operation gateway proxy;
the control information is received by a control gateway proxy.
5. The information transmission method according to claim 4, wherein the directly transmitting the operation information from the security access area to a target security area comprises:
and directly transmitting the operation information to the target safety zone through the operation gateway proxy.
6. The information transmission method according to claim 4, wherein the sending the control information to the first security zone includes:
and sending the control information to the first safety zone through the control gateway proxy.
7. The information transmission method according to claim 2, further comprising:
writing the control information which does not pass the first security processing and/or the second security processing into a blacklist;
forbidding the control information in the blacklist from transmitting the first, second and third security zones.
8. An information transmission apparatus, characterized in that the apparatus comprises:
the information receiving module is used for receiving operation information and control information through the safety access area, wherein the operation information is used for representing the operation state of non-control equipment in the power grid, and the control information is used for representing the action state of control equipment in the power grid;
the first transmission module is used for directly transmitting the operation information from the security access area to a target security area, wherein the target security area is the security area with the highest security level in the plurality of security areas;
the second transmission module is used for transmitting the control information from the security access area to the target security area through different security areas in sequence from low security level to high security level;
and the storage module is used for storing the operation information and the control information transmitted to the target safety zone in a database.
9. An electricity metering device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any one of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
CN202011296679.5A 2020-11-18 2020-11-18 Information transmission method and device, electric power metering equipment and storage medium Active CN112600789B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011296679.5A CN112600789B (en) 2020-11-18 2020-11-18 Information transmission method and device, electric power metering equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011296679.5A CN112600789B (en) 2020-11-18 2020-11-18 Information transmission method and device, electric power metering equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112600789A true CN112600789A (en) 2021-04-02
CN112600789B CN112600789B (en) 2022-11-25

Family

ID=75183206

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011296679.5A Active CN112600789B (en) 2020-11-18 2020-11-18 Information transmission method and device, electric power metering equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112600789B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102088393A (en) * 2009-12-02 2011-06-08 南京南瑞继保电气有限公司 Method for transmitting positive and negative data across safety zone
CN104468310A (en) * 2014-11-14 2015-03-25 国家电网公司 Power communication system and method
CN108063751A (en) * 2017-10-20 2018-05-22 国网宁夏电力有限公司 A kind of public network safety access method for new energy power plant
CN209607185U (en) * 2018-12-05 2019-11-08 国网浙江省电力有限公司培训中心 A kind of electric power monitoring system network safety prevention experience system
CN111200592A (en) * 2019-12-17 2020-05-26 深圳供电局有限公司 Information transmission method, device and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102088393A (en) * 2009-12-02 2011-06-08 南京南瑞继保电气有限公司 Method for transmitting positive and negative data across safety zone
CN104468310A (en) * 2014-11-14 2015-03-25 国家电网公司 Power communication system and method
CN108063751A (en) * 2017-10-20 2018-05-22 国网宁夏电力有限公司 A kind of public network safety access method for new energy power plant
CN209607185U (en) * 2018-12-05 2019-11-08 国网浙江省电力有限公司培训中心 A kind of electric power monitoring system network safety prevention experience system
CN111200592A (en) * 2019-12-17 2020-05-26 深圳供电局有限公司 Information transmission method, device and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈达: "一种单向安全隔离与信息交换机制", 《信息网络安全》 *

Also Published As

Publication number Publication date
CN112600789B (en) 2022-11-25

Similar Documents

Publication Publication Date Title
Wang et al. Multi-agent based attack-resilient system integrity protection for smart grid
RU2583703C2 (en) Malicious attack detection and analysis
CN109033143B (en) Distributed and regional power grid data processing system and method based on block chain
Pour et al. A review on cyber security issues and mitigation methods in smart grid systems
CN104484187B (en) A kind of information integration method and system
Mashima et al. Artificial command delaying for secure substation remote control: Design and implementation
de Souza et al. Deploying wireless sensor networks–based smart grid for smart meters monitoring and control
US11477213B2 (en) Technologies for providing secure emergency power control of high voltage direct current transmission system
CN113507691B (en) Information pushing system and method based on power distribution network cross-region service
CN104601723A (en) Power marketing management system SOA framework based on internal service bus
CN111696335A (en) Centralized meter for automated metering management of power distribution services
de Carvalho et al. Analyzing impact of communication network topologies on reconfiguration of networked microgrids, impact of communication system on smart grid reliability, security and operation
CN106326736A (en) Data processing method and system
Marchetto et al. A formal approach to verify connectivity and optimize VNF placement in industrial networks
CN114205340B (en) Fuzzy test method and device based on intelligent power equipment
Appiah-Kubi et al. Decentralized intrusion prevention (DIP) against co-ordinated cyberattacks on distribution automation systems
Flosbach et al. Architecture and prototype implementation for process-aware intrusion detection in electrical grids
CN112600789B (en) Information transmission method and device, electric power metering equipment and storage medium
US20180262502A1 (en) Method for operating an industrial network and industrial network
CN112015813A (en) Data sharing method, system and device of power distribution network and computer equipment
CN110300099A (en) A kind of electric power industrial control system static state and dynamic leak analysis and digging technology
CN114400517B (en) Substation partition monitoring system
Liu et al. An extreme value theory-based catastrophe bond design for cyber risk management of power systems
CN109193594A (en) Determine method, apparatus, server and the storage medium of electric power safety protection class
Liang et al. Anomaly detection based on edge computing framework for AMI

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant