CN112769764A - Metering data transmission key storage method of instrument and transmission method and device thereof - Google Patents

Metering data transmission key storage method of instrument and transmission method and device thereof Download PDF

Info

Publication number
CN112769764A
CN112769764A CN202011539417.7A CN202011539417A CN112769764A CN 112769764 A CN112769764 A CN 112769764A CN 202011539417 A CN202011539417 A CN 202011539417A CN 112769764 A CN112769764 A CN 112769764A
Authority
CN
China
Prior art keywords
data
metering
encryption
abstract
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011539417.7A
Other languages
Chinese (zh)
Inventor
曾争
霍梓航
张晓平
林国营
张思建
王鹏
邓凯
潘登
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Southern Power Grid Power Technology Co Ltd
Original Assignee
China Southern Power Grid Power Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Southern Power Grid Power Technology Co Ltd filed Critical China Southern Power Grid Power Technology Co Ltd
Priority to CN202011539417.7A priority Critical patent/CN112769764A/en
Publication of CN112769764A publication Critical patent/CN112769764A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Arrangements For Transmission Of Measured Signals (AREA)

Abstract

The embodiment of the invention relates to a method for storing a metering data transmission key of a meter, a transmission method and a device thereof, wherein a metering center verification mechanism for encrypting an encryption and decryption key of metering data to be transmitted in the meter can encrypt the encryption and decryption key to obtain an encrypted signature and MAC data after ESAM security authentication, a management module decrypts and verifies the encrypted signature and the MAC data, and only if decryption and verification are successful, the encryption and decryption key of the metering data to be transmitted can be stored in the management module, so that the encryption and decryption key can only be opened to the management module, a bus in the management module is allowed to access the encryption and decryption key, other peripheral devices and external media cannot access the encryption and decryption key without right, the problems that the data storage and transmission of the existing metering device adopt the symmetric encryption and decryption keys for data confidentiality and the encryption key is exposed or stolen are solved, this in turn causes data theft or tampering with the metering apparatus, causing problems with metering misalignment of the metering apparatus.

Description

Metering data transmission key storage method of instrument and transmission method and device thereof
Technical Field
The invention relates to the technical field of instrument data safety, in particular to a metering data transmission key storage method of an instrument and a transmission method and device thereof.
Background
The metering, measurement data and operation parameters of metering devices such as electronic instruments and meters are legal metering data, and the security requirement is extremely high, so the protection of the metering, measurement data and operation parameters of the metering devices is of great importance, metering device manufacturers such as the electronic instruments and meters generally adopt an encryption and decryption algorithm to carry out encryption transmission protection on the legal metering data and the operation parameters in the transmission process, but the existing encryption and decryption algorithm key has the problem of storage, if the encryption and decryption key is not stored properly, the encryption and decryption algorithm is invalid after interception, and the metering, measurement data and operation parameters of the metering devices are easy to tamper and destroy.
The existing metering device manufacturers such as electronic instruments and meters generally adopt an external EEPROM/FLASH memory of an MCU/SOC chip of the electronic instrument and meter to store a symmetric encryption and decryption key, when legal metering data and operation parameters need to be transmitted, an electronic instrument and meter program reads the symmetric encryption and decryption key in the external EEPROM/FLASH memory of the MCU/SOC chip through an I2C/SPI bus, and then uses the encryption and decryption key to encrypt and decrypt communication transmission data. Because the symmetric encryption and decryption keys are stored in the EEPROM/FLASH memory outside the MCU/SOC chip of the electronic instrument and meter, when legal metering data and operating parameters need to be transmitted, encrypted and decrypted, the symmetric encryption and decryption keys in the EEPROM/FLASH memory outside the MCU/SOC chip need to be read by an I2C/SPI bus, and then an encryption and decryption algorithm is used for encryption and decryption operation, while the I2C/SPI bus is exposed outside the MCU/SOC and is easy to monitor, so that the encryption and decryption keys are exposed or stolen, the legal metering data and the operating parameters are stolen or tampered, and the metering misalignment of a metering device is caused.
Disclosure of Invention
The embodiment of the invention provides a metering data transmission key storage method of a meter, a transmission method and a transmission device thereof, which are used for solving the technical problems that data storage and transmission of the existing metering device adopt symmetric encryption and decryption keys for data confidentiality, the encryption and decryption keys are exposed or stolen, data of the metering device is stolen or tampered, and metering of the metering device is inaccurate.
In order to achieve the above object, the embodiments of the present invention provide the following technical solutions:
a metering data transmission key storage method of a meter comprises the following steps:
s10, carrying out ESAM security certification on the instrument and a measuring center verification mechanism, if the measuring center verification mechanism passes the ESAM security certification, encrypting an encryption and decryption key of the measuring data to be transmitted in the instrument by the measuring center verification mechanism in a cipher machine and ESAM ciphertext and MAC mode to obtain an encrypted signature and MAC data, and transmitting the encrypted signature and the MAC data to a management module for managing the measuring instrument;
s20, the management module decrypts and verifies the encrypted signature and the MAC data by adopting an ESAM;
s30, if the decryption and the signature verification of the management module are successful, storing the encryption and decryption key to the management module;
and S40, if the decryption or the signature verification of the management module fails, discarding the metering data to be transmitted corresponding to the encryption and decryption key and reporting an error.
Preferably, in step S30, if the management module decrypts and verifies the encrypted signature and the MAC data by using the ESAM, the obtained obfuscated key is a obfuscated key corresponding to the encrypted and decrypted key, the obfuscated key is decrypted by using an obfuscated reduction algorithm in the LIB library of the metering module connected to the management module, so as to obtain a real key corresponding to the encrypted and decrypted key, and the real key is stored in the EEPROM/FLASH in the MCU/SOC chip of the metering module.
Preferably, in step S30, if the decryption and the signature verification of the management module are successful, the metering data to be transmitted is stored in the EEPROM/FLASH in the MCU/SOC chip of the management module.
Preferably, after step S40, if the number of times of decryption or signature verification failure of the management module exceeds 5 times per day, the management module does not receive the encrypted signature and the MAC data any more.
The invention also provides a method for transmitting the metering data of the meter, which is based on the method for transmitting the metering data of the meter, namely a safety encryption method, and comprises the following steps:
s1, a sending end obtains metering data to be transmitted, and the sending end extracts the abstract of the metering data to be transmitted by adopting an abstract algorithm of an LIB library in the security encryption method to obtain a data abstract;
s2, the sending end encrypts the metering data to be transmitted and the data abstract by adopting a symmetric encryption algorithm and a KEY encryption of an LIB library in the safety encryption method to obtain an encrypted ciphertext, and transmits the encrypted ciphertext to a receiving end;
s3, the receiving end receives the encrypted ciphertext, and a symmetric encryption algorithm KEY KEY of an LIB library in the secure encryption method is called to decrypt the encrypted ciphertext to obtain decrypted data;
s4, the receiving end extracts the abstract in the decrypted data by adopting an abstract algorithm of an LIB library in the security encryption method to obtain a decrypted data abstract;
s5, if the data abstract is consistent with the decrypted data abstract, the receiving end receives the encrypted ciphertext transmitted by the transmitting end and is in communication connection with the transmitting end; and if the data abstract is inconsistent with the decrypted data abstract, the receiving end discards the encrypted ciphertext transmitted by the transmitting end and feeds back the abnormal communication connection between the receiving end and the transmitting end to the transmitting end.
Preferably, after step S5, the metering data transmission method of the meter further includes: if the sender receives the receiver feedback communication connection abnormality, the steps S1 to S5 are executed again.
Preferably, when the number of times that the receiving end receives the feedback communication connection abnormality of the receiving end exceeds 3 times, the transmitting end and the receiving end stop data transmission.
The invention also provides a metering data transmission device of the meter, which is based on the metering data transmission method of the meter, namely a safety encryption method, and comprises a data acquisition module, a data encryption module, a data decryption module, a data extraction module and a data transmission module;
the data acquisition module is used for a sending end to acquire the metering data to be transmitted, and the sending end adopts the abstract algorithm of the LIB library in the security encryption method to extract the abstract of the metering data to be transmitted to obtain a data abstract;
the data encryption module is used for encrypting the metering data to be transmitted and the data abstract by the sending end by adopting a symmetric encryption algorithm and a KEY encryption of an LIB library in the security encryption method to obtain an encrypted ciphertext and transmitting the encrypted ciphertext to a receiving end;
the data decryption module is used for receiving the encrypted ciphertext according to the receiving end and calling a symmetric encryption algorithm KEY KEY of an LIB library in the secure encryption method to decrypt the encrypted ciphertext to obtain decrypted data;
the data extraction module is used for the receiving end to extract the abstract in the decrypted data by adopting an abstract algorithm of an LIB library in the secure encryption method to obtain a decrypted data abstract;
the data transmission module is used for receiving the encrypted ciphertext transmitted by the transmitting end by the receiving end according to the consistency of the data abstract and the decrypted data abstract and carrying out communication connection with the transmitting end; and the receiving end discards the encrypted ciphertext transmitted by the transmitting end and feeds back the communication connection abnormity between the receiving end and the transmitting end to the transmitting end according to the inconsistency between the data abstract and the decrypted data abstract.
The present invention also provides a computer-readable storage medium for storing computer instructions which, when run on a computer, cause the computer to perform the above-described method of transferring metering data of a meter.
The invention also provides terminal equipment, which comprises a processor and a memory;
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is used for executing the metering data transmission method of the meter according to the instructions in the program codes.
According to the technical scheme, the embodiment of the invention has the following advantages: the metering data transmission key storage method of the instrument encrypts the encryption and decryption key after a metering center verification mechanism which encrypts the encryption and decryption key of the metering data to be transmitted in the instrument passes ESAM security authentication to obtain an encrypted signature and MAC data, the management module decrypts and verifies the encrypted signature and the MAC data, and the encryption and decryption key of the metering data to be transmitted can be stored in the management module only if decryption and verification are successful, so that the encryption and decryption key can only be opened to the management module, a bus in the management module is allowed to access the encryption and decryption key, other peripheral devices and external media cannot access the encryption and decryption key without authority, and the problems that data storage and transmission of the existing metering device adopt the symmetric encryption and decryption key for data confidentiality, the encryption and decryption key is exposed or stolen and then the data of the metering device is stolen or tampered are solved, causing technical problems of metering misalignment of the metering appliance.
The metering data transmission method and the metering data transmission device of the instrument adopt the metering data transmission key storage method of the instrument to store the metering data to be transmitted, after the metering data to be transmitted needs to be encrypted and decrypted in the transmission process, the data digests before encryption and the data digests after decryption are compared, the data transmission can be carried out after the encrypted and decrypted data digests are consistent, and the risk that the key is falsified in the data transmission process is avoided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 is a flowchart illustrating steps of a method for storing a metering data transmission key of a meter according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating steps of a method for transmitting measurement data of a meter according to an embodiment of the present invention.
Fig. 3 is a block diagram of a method for transmitting measurement data of a meter according to an embodiment of the present invention.
Fig. 4 is a block diagram of a metering data transmission device of a meter according to an embodiment of the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the embodiments described below are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the application provides a metering data transmission key storage method of a meter and a transmission method and device thereof, and solves the technical problems that data encryption and decryption keys are adopted for data security in data storage and transmission of the existing metering device, the encryption and decryption keys are exposed or stolen, data of the metering device is stolen or tampered, and metering of the metering device is inaccurate.
The first embodiment is as follows:
fig. 1 is a flowchart illustrating steps of a method for storing a metering data transmission key of a meter according to an embodiment of the present invention.
As shown in fig. 1, an embodiment of the present invention provides a method for storing a metering data transmission key of a meter, including the following steps:
s10, carrying out ESAM security certification on the instrument and a measuring center verification mechanism, if the measuring center verification mechanism passes the ESAM security certification, encrypting an encryption and decryption key of the measuring data to be transmitted in the instrument by the measuring center verification mechanism in a cipher machine and ESAM ciphertext and MAC mode to obtain an encrypted signature and MAC data, and transmitting the encrypted signature and the MAC data to a management module for managing a measuring instrument;
s20, the management module decrypts and verifies the encrypted signature and the MAC data by adopting an ESAM;
s30, if the decryption and the signature verification of the management module are successful, storing the encryption and decryption keys into the management module;
s40, if the management module fails to decrypt or verify the signature, discarding the metering data to be transmitted corresponding to the encryption and decryption key and reporting an error.
In the embodiment of the invention, the encryption and decryption keys of the metering data to be transmitted in the electronic metering instrument are generally stored in an EEPROM/FLASH in an MCU/SOC chip in the electronic metering instrument (namely, a metering device).
In step S10 of the embodiment of the present invention, the metering data to be transmitted obtained by the meter measurement is mainly encrypted, so that the encrypted metering data to be transmitted has higher security and reliability.
It should be noted that, before encrypting the metering data to be transmitted, the metering data transmission key storage method of the meter performs ESAM security certification on the encryption and decryption keys corresponding to the metering data to be transmitted in the metering center verification mechanism, and the metering center verification mechanism encrypts the encryption and decryption keys only if the encryption and decryption keys pass the ESAM security certification. In this embodiment, the metering center verification mechanism performs ESAM security certification through the metering center verification table body or the meter and management module of the power master station, after the ESAM security certification is passed, the metering center verification mechanism encrypts the encryption and decryption key through the crypto engine, performs encryption signature through an ESAM ciphertext and MAC mode, obtains an encryption signature and MAC data, and issues the encryption signature and the MAC data to the management module through the communication channel.
In step S20 of the embodiment of the present invention, the management module mainly receives the encrypted signature and the MAC data, and decrypts and verifies the encrypted signature and the MAC data.
In the step S30 of the embodiment of the present invention, the management module decrypts and verifies the encrypted signature and the MAC data according to the step S20, and stores the corresponding encryption and decryption keys into the EEPROM/FLASH in the MCU/SOC chip of the management module only after the decryption and verification are successful, so that the problem that the existing keys for storing the measurement data in the memory outside the MCU/SOC chip are easily intercepted and tampered with can be avoided.
It should be noted that the encryption and decryption keys of the metering data to be transmitted of the electronic metering instrument are stored in the EEPROM/FLASH in the MCU/SOC chip in the management module, so that the keys are only open to the MCU/SOC, allowing the firmware program in the MCU/SOC to access the keys through the system bus in the MCU/SOC, and other peripherals and external media cannot access the keys.
In step S40 of the embodiment of the present invention, the management module fails to decrypt or verify the encrypted signature and the MAC data according to step S20, and the management module does not store the encryption/decryption key and discards or deletes the encryption/decryption key, and can report an error in an alarm or short message manner to remind the meter.
It should be noted that, in step S40, unnecessary data storage of the EEPROM/FLASH in the MCU/SOC chip of the management module can be avoided, which results in resource waste.
The metering data transmission key storage method of the instrument provided by the invention can encrypt the encryption and decryption key after the metering center verification mechanism which encrypts the encryption and decryption key of the metering data to be transmitted in the instrument passes the ESAM security certification to obtain the encrypted signature and the MAC data, the management module decrypts and verifies the encrypted signature and the MAC data, and the encryption and decryption key of the metering data to be transmitted can be stored in the management module only if the decryption and verification are successful, so that the encryption and decryption key can only be opened to the management module, a bus in the management module is allowed to access the encryption and decryption key, other peripheral devices and external media cannot access the encryption and decryption key without right, thereby solving the problems that the data storage and transmission of the existing metering device adopt the symmetric encryption and decryption key for data confidentiality, the encryption and decryption key is exposed or stolen, and the data of the metering device is stolen or tampered, causing technical problems of metering misalignment of the metering appliance.
It should be noted that the management module in the method for storing the metering data transmission key of the meter may be disposed in the meter, that is, the encryption and decryption key of the metering data to be transmitted is stored in the EEPROM/FLASH in the MCU/SOC chip of the meter. In this embodiment, the MCU/SOC chip of the meter preferably adopts a chip with a FLASH/EEPROM protection mechanism, where FLASH/EEPROM protection refers to allowing a user to limit access to a FLASH/EEPROM in the MCU/SOC chip by enabling different security levels in the system, and includes data reading and setting. When encryption and decryption keys need to be transmitted for the metering data to be transmitted, the encryption and decryption keys stored in the EEPROM/FLASH in the MCU/SOC chip are obtained through the MCU/SOC internal bus, and then communication transmission data and encryption and decryption operations are carried out.
In an embodiment of the present invention, in step S30, if the management module decrypts and verifies the encrypted signature and the MAC data by using the ESAM, the obtained obfuscated key is a secret key corresponding to the encrypted and decrypted secret key, the obfuscated secret key is decrypted by using an obfuscation reduction algorithm in the LIB library of the metering module connected to the management module, so as to obtain a real secret key corresponding to the encrypted and decrypted secret key, and the real secret key is stored in the EEPROM/FLASH in the MCU/SOC chip of the metering module.
It should be noted that, the LIB library is generally arranged in the MCU or the SOC chip, and the LIB library generally includes a hash algorithm and a symmetric encryption algorithm, where the hash algorithm is used to extract the summary of the data information to be transmitted. The symmetric encryption algorithm comprises a symmetric encryption algorithm and a symmetric decryption algorithm; a random number generator algorithm.
In the embodiment of the invention, the management module and the metering module are respectively embedded into the LIB library, and are called and used by the main program of the management module or the metering module when in confusion recovery and data encryption and decryption under the condition of a confusion key. The access to the FLASH/EEPROM in the MCU/SOC chip is limited by enabling different security levels, and the access to the FLASH/EEPROM in the MCU/SOC chip is limited through a hardware interface by program setting, as shown in table 1 below.
Table 1 shows security levels of access encryption and decryption keys
Level of security Description of the invention
0 Without protection
1 SWD interface accessible chip, ISP access requires password
2 Forbidding access to the chip through the SWD interface, ISP access needs password
3 Disabling access to a chip via any hardware interface
As can be seen from table 1, the higher the security level, the higher the degree of restriction of access to the encryption/decryption key, and the higher the security of the encryption/decryption key.
In an embodiment of the present invention, after step S40, if the number of times of decryption or signature verification failure of the management module per day exceeds 5 times, the management module does not receive the encrypted signature and the MAC data, that is, the management module does not receive the encryption/decryption key of the metering data to be transmitted, so as to further prevent the risk of brute force in the encryption/decryption key.
Example two:
fig. 2 is a flowchart illustrating steps of a method for transmitting measurement data of a meter according to an embodiment of the present invention, and fig. 3 is a block diagram illustrating the method for transmitting measurement data of a meter according to an embodiment of the present invention.
As shown in fig. 2, an embodiment of the present invention further provides a method for transmitting metering data of a meter, where the method for transmitting metering data of a meter is based on the above-mentioned method for transmitting metering data of a meter, that is, a secure encryption method, and the method for transmitting metering data includes the following steps:
s1, a sending end obtains metering data to be transmitted, and the sending end extracts an abstract of the metering data to be transmitted by adopting an abstract algorithm of an LIB library in a security encryption method to obtain a data abstract;
s2, encrypting the measured data to be transmitted and the data abstract by the transmitting end by adopting a symmetric encryption algorithm of an LIB library and KEY encryption in a safe encryption method to obtain an encrypted ciphertext, and transmitting the encrypted ciphertext to the receiving end;
s3, the receiving end receives the encrypted ciphertext, and a symmetric encryption algorithm KEY KEY of the LIB library in the secure encryption method is called to decrypt the encrypted ciphertext to obtain decrypted data;
s4, extracting the abstract in the decrypted data by the receiving end by adopting an abstract algorithm of an LIB library in a security encryption method to obtain the decrypted data abstract;
s5, if the data abstract is consistent with the decrypted data abstract, the receiving end receives the encrypted ciphertext transmitted by the transmitting end and is in communication connection with the transmitting end; and if the data abstract is inconsistent with the decrypted data abstract, the receiving end discards the encrypted ciphertext transmitted by the transmitting end and feeds back the communication connection abnormity between the receiving end and the transmitting end to the transmitting end.
In an embodiment of the present invention, after step S5, the method for transmitting metering data of a meter further includes: if the sender receives the receiver feedback communication connection abnormality, the steps S1 to S5 are executed again. And when the receiving end receives the times that the receiving end feeds back the communication connection abnormity for more than 3 times, the transmitting end and the receiving end stop data transmission.
In the embodiment of the invention, the metering data transmission method of the meter mainly transmits the metering data to be transmitted between the management module and the metering module, and takes the client as a sending end and the server as a receiving end for explanation. Specifically, the measurement data to be transmitted includes key parameters such as operation parameters, electric energy, clock, instantaneous quantity, operation state quantity, and the like. As shown in fig. 3, a symmetric encryption algorithm is used between the management module and the metering module to encrypt DATA and transmit the encrypted DATA, before DATA transmission, a client initiates digest extraction of the DATA to be transmitted to obtain a DATA digest HASA, encrypts the DATA to be transmitted and the full DATA + HASH of the DATA digest HASA to obtain an encrypted ciphertext DATA ', a server receives the encrypted ciphertext DATA ' to decrypt the encrypted ciphertext DATA ' to obtain decrypted DATA + HASH ', extracts the digest of the DATA in the decrypted DATA + HASH ' to obtain a decrypted DATA digest CHECK _ HASH, compares the decrypted DATA digest CHECK _ HASH with the DATA digest HASA, and if the decrypted DATA digest CHECK _ HASH is consistent with the DATA digest HASH, the server normally receives the DATA to be transmitted, otherwise, responds to the client abnormally, and the client performs fault-tolerant retransmission processing after receiving an abnormal DATA frame.
When the management module actively generates the metering data to be transmitted to the metering module, the management module is used as a client to encrypt the metering data to be transmitted, and the metering module is used as a server to decrypt the transmission ciphertext; when the metering module actively generates metering data to be transmitted to the metering module, the metering module is used as a client to encrypt the metering data to be transmitted, and the management module is used as a server to decrypt the transmitted ciphertext. In this embodiment, the client encrypts the data using a symmetric encryption algorithm; the server decrypts the data using a symmetric encryption algorithm.
The metering data transmission method of the instrument provided by the embodiment of the invention adopts the metering data transmission key storage method of the instrument to store the metering data to be transmitted, after the metering data to be transmitted is encrypted and decrypted in the transmission process, the data digests before encryption and after decryption are compared, and the data transmission can be carried out only after the encrypted and decrypted data digests are compared to be consistent, so that the risk of tampering the key in the data transmission process is avoided.
Example three:
fig. 4 is a block diagram of a metering data transmission device of a meter according to an embodiment of the present invention.
As shown in fig. 4, an embodiment of the present invention further provides a device for transmitting metering data of a meter, based on the above-mentioned method for transmitting metering data of a meter, that is, the secure encryption method, the device for transmitting metering data includes a data obtaining module 10, a data encryption module 20, a data decryption module 30, a data extraction module 40, and a data transmission module 50;
the data acquisition module 10 is configured to obtain, by a sending end, the metering data to be transmitted, where the sending end extracts a digest of the metering data to be transmitted by using a digest algorithm in an LIB library in a secure encryption method to obtain a data digest;
the data encryption module 20 is configured to encrypt the metering data to be transmitted and the data digest by using a symmetric encryption algorithm of the LIB library and KEY encryption in a secure encryption method at the transmitting end to obtain an encrypted ciphertext, and transmit the encrypted ciphertext to the receiving end;
the data decryption module 30 is configured to receive the encrypted ciphertext according to the receiving end, and invoke a symmetric encryption algorithm KEY in the LIB library in the secure encryption method to decrypt the encrypted ciphertext, so as to obtain decrypted data;
the data extraction module 40 is used for the receiving end to extract the abstract in the decrypted data by adopting an abstract algorithm of an LIB library in a security encryption method to obtain a decrypted data abstract;
the data transmission module 50 is used for receiving the encrypted ciphertext transmitted by the transmitting end by the receiving end according to the consistency of the data abstract and the decrypted data abstract and performing communication connection with the transmitting end; and the receiving end discards the encrypted ciphertext transmitted by the transmitting end according to the inconsistency of the data abstract and the decrypted data abstract and feeds back the abnormal communication connection between the receiving end and the transmitting end to the transmitting end.
It should be noted that the modules in the apparatus in the third embodiment correspond to the steps in the method in the second embodiment, the steps in the method in the second embodiment have been described in detail in the second embodiment, and the contents of the modules in the apparatus are not described in detail in the third embodiment.
Example four:
an embodiment of the present invention provides a computer-readable storage medium for storing computer instructions, which, when run on a computer, cause the computer to execute the above-mentioned metering data transmission method of a meter.
Example five:
the embodiment of the invention provides terminal equipment, which comprises a processor and a memory;
a memory for storing the program code and transmitting the program code to the processor;
and the processor is used for executing the metering data transmission method of the meter according to the instructions in the program codes.
It should be noted that the processor is configured to execute the steps of the above-mentioned embodiment of the metering data transmission method of the meter according to the instructions in the program code. Alternatively, the processor, when executing the computer program, implements the functions of each module/unit in each system/apparatus embodiment described above.
Illustratively, a computer program may be partitioned into one or more modules/units, which are stored in a memory and executed by a processor to accomplish the present application. One or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution of the computer program in the terminal device.
The terminal device may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The terminal device may include, but is not limited to, a processor, a memory. Those skilled in the art will appreciate that the terminal device is not limited and may include more or fewer components than those shown, or some components may be combined, or different components, e.g., the terminal device may also include input output devices, network access devices, buses, etc.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage may be an internal storage unit of the terminal device, such as a hard disk or a memory of the terminal device. The memory may also be an external storage device of the terminal device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the terminal device. Further, the memory may also include both an internal storage unit of the terminal device and an external storage device. The memory is used for storing computer programs and other programs and data required by the terminal device. The memory may also be used to temporarily store data that has been output or is to be output.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A metering data transmission key storage method of a meter is characterized by comprising the following steps:
s10, carrying out ESAM security certification on the instrument and a measuring center verification mechanism, if the measuring center verification mechanism passes the ESAM security certification, encrypting an encryption and decryption key of the measuring data to be transmitted in the instrument by the measuring center verification mechanism in a cipher machine and ESAM ciphertext and MAC mode to obtain an encrypted signature and MAC data, and transmitting the encrypted signature and the MAC data to a management module for managing the measuring instrument;
s20, the management module decrypts and verifies the encrypted signature and the MAC data by adopting an ESAM;
s30, if the decryption and the signature verification of the management module are successful, storing the encryption and decryption key to the management module;
and S40, if the decryption or the signature verification of the management module fails, discarding the metering data to be transmitted corresponding to the encryption and decryption key and reporting an error.
2. The method as claimed in claim 1, wherein in step S30, if the management module decrypts and verifies the encrypted signature and the MAC data using ESAM, the obtained obfuscated key is a secret key corresponding to the encrypted and decrypted secret key, the secret key is decrypted using an obfuscation reduction algorithm in an LIB library of the metering module connected to the management module, so as to obtain a real secret key corresponding to the encrypted and decrypted secret key, and the real secret key is stored in an EEPROM/FLASH in an MCU/SOC chip of the metering module.
3. The method for storing the metering data transmission key of the meter according to claim 2, wherein in step S30, if the decryption and the signature verification of the management module are successful, the metering data to be transmitted is stored in an EEPROM/FLASH in the MCU/SOC chip of the management module.
4. The method for storing the metering data transmission key of the meter according to claim 1, wherein after step S40, if the number of decryption or signature verification failures of the management module exceeds 5 times per day, the management module does not receive the encrypted signature and the MAC data any more.
5. A method for transmitting metering data of a meter, based on the method for transmitting metering data of a meter according to claims 1-4, namely a security encryption method, the method for transmitting metering data comprising the steps of:
s1, a sending end obtains metering data to be transmitted, and the sending end extracts the abstract of the metering data to be transmitted by adopting an abstract algorithm of an LIB library in the security encryption method to obtain a data abstract;
s2, the sending end encrypts the metering data to be transmitted and the data abstract by adopting a symmetric encryption algorithm and a KEY encryption of an LIB library in the safety encryption method to obtain an encrypted ciphertext, and transmits the encrypted ciphertext to a receiving end;
s3, the receiving end receives the encrypted ciphertext, and a symmetric encryption algorithm KEY KEY of an LIB library in the secure encryption method is called to decrypt the encrypted ciphertext to obtain decrypted data;
s4, the receiving end extracts the abstract in the decrypted data by adopting an abstract algorithm of an LIB library in the security encryption method to obtain a decrypted data abstract;
s5, if the data abstract is consistent with the decrypted data abstract, the receiving end receives the encrypted ciphertext transmitted by the transmitting end and is in communication connection with the transmitting end; and if the data abstract is inconsistent with the decrypted data abstract, the receiving end discards the encrypted ciphertext transmitted by the transmitting end and feeds back the abnormal communication connection between the receiving end and the transmitting end to the transmitting end.
6. The metering data transmission method of a meter according to claim 5, further comprising, after step S5: if the sender receives the receiver feedback communication connection abnormality, the steps S1 to S5 are executed again.
7. The method of claim 6, wherein the transmitting end and the receiving end stop data transmission when the receiving end receives the number of times that the feedback communication connection of the receiving end is abnormal exceeds 3 times.
8. A metering data transmission device of a meter, which is based on the metering data transmission method, namely a security encryption method, of the meter according to claims 1-4, and comprises a data acquisition module, a data encryption module, a data decryption module, a data extraction module and a data transmission module;
the data acquisition module is used for a sending end to acquire the metering data to be transmitted, and the sending end adopts the abstract algorithm of the LIB library in the security encryption method to extract the abstract of the metering data to be transmitted to obtain a data abstract;
the data encryption module is used for encrypting the metering data to be transmitted and the data abstract by the sending end by adopting a symmetric encryption algorithm and a KEY encryption of an LIB library in the security encryption method to obtain an encrypted ciphertext and transmitting the encrypted ciphertext to a receiving end;
the data decryption module is used for receiving the encrypted ciphertext according to the receiving end and calling a symmetric encryption algorithm KEY KEY of an LIB library in the secure encryption method to decrypt the encrypted ciphertext to obtain decrypted data;
the data extraction module is used for the receiving end to extract the abstract in the decrypted data by adopting an abstract algorithm of an LIB library in the secure encryption method to obtain a decrypted data abstract;
the data transmission module is used for receiving the encrypted ciphertext transmitted by the transmitting end by the receiving end according to the consistency of the data abstract and the decrypted data abstract and carrying out communication connection with the transmitting end; and the receiving end discards the encrypted ciphertext transmitted by the transmitting end and feeds back the communication connection abnormity between the receiving end and the transmitting end to the transmitting end according to the inconsistency between the data abstract and the decrypted data abstract.
9. A computer-readable storage medium for storing computer instructions which, when run on a computer, cause the computer to perform the method of transferring metering data of a meter according to claim 5.
10. A terminal device comprising a processor and a memory;
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor for executing the method of transferring metering data of a meter according to claim 5 in accordance with instructions in the program code.
CN202011539417.7A 2020-12-23 2020-12-23 Metering data transmission key storage method of instrument and transmission method and device thereof Pending CN112769764A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011539417.7A CN112769764A (en) 2020-12-23 2020-12-23 Metering data transmission key storage method of instrument and transmission method and device thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011539417.7A CN112769764A (en) 2020-12-23 2020-12-23 Metering data transmission key storage method of instrument and transmission method and device thereof

Publications (1)

Publication Number Publication Date
CN112769764A true CN112769764A (en) 2021-05-07

Family

ID=75694737

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011539417.7A Pending CN112769764A (en) 2020-12-23 2020-12-23 Metering data transmission key storage method of instrument and transmission method and device thereof

Country Status (1)

Country Link
CN (1) CN112769764A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114567486A (en) * 2022-03-01 2022-05-31 上海浦东软件平台有限公司 Method and system for regulating and controlling metering parameters of intelligent metering equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101969438A (en) * 2010-10-25 2011-02-09 胡祥义 Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things
CN106506470A (en) * 2016-10-31 2017-03-15 大唐高鸿信安(浙江)信息科技有限公司 network data security transmission method
CN108768978A (en) * 2018-05-16 2018-11-06 浙江大学 A kind of remote storage method of servicing and system based on SGX
CN109800588A (en) * 2019-01-24 2019-05-24 工业和信息化部装备工业发展中心 Bar code dynamic encrypting method and device, bar code dynamic decryption method and device
CN111343164A (en) * 2020-02-14 2020-06-26 杭州海兴电力科技股份有限公司 Data encryption method and device applied to electric energy meter and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101969438A (en) * 2010-10-25 2011-02-09 胡祥义 Method for realizing equipment authentication, data integrity and secrecy transmission for Internet of Things
CN106506470A (en) * 2016-10-31 2017-03-15 大唐高鸿信安(浙江)信息科技有限公司 network data security transmission method
CN108768978A (en) * 2018-05-16 2018-11-06 浙江大学 A kind of remote storage method of servicing and system based on SGX
CN109800588A (en) * 2019-01-24 2019-05-24 工业和信息化部装备工业发展中心 Bar code dynamic encrypting method and device, bar code dynamic decryption method and device
CN111343164A (en) * 2020-02-14 2020-06-26 杭州海兴电力科技股份有限公司 Data encryption method and device applied to electric energy meter and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114567486A (en) * 2022-03-01 2022-05-31 上海浦东软件平台有限公司 Method and system for regulating and controlling metering parameters of intelligent metering equipment
CN114567486B (en) * 2022-03-01 2024-02-13 上海浦东软件平台有限公司 Method and system for regulating and controlling metering parameters of intelligent metering equipment

Similar Documents

Publication Publication Date Title
CN108206831B (en) Electronic seal realization method, server, client and readable storage medium
EP2999156B1 (en) Device authenticity determination system and device authenticity determination method
US20050283826A1 (en) Systems and methods for performing secure communications between an authorized computing platform and a hardware component
CN108347361B (en) Application program testing method and device, computer equipment and storage medium
CN104463007A (en) Data authentication method and apparatus thereof
CN110995685B (en) Data encryption and decryption method, device, system and storage medium
CN209803788U (en) PCIE credible password card
EP1763720A2 (en) Systems and methods for securing a computer boot
CN111654510B (en) Signing terminal with national encryption function and signing data transmission method
CN112688942B (en) Electric energy meter firmware program upgrading method, device, medium and equipment based on ESAM
CN112311718A (en) Method, device and equipment for detecting hardware and storage medium
CN115348023A (en) Data security processing method and device
CN111654371A (en) Trusted computing-based hybrid encryption secure data transmission method
CN111127014A (en) Transaction information processing method, server, user terminal, system and storage medium
CN112910641B (en) Verification method and device for cross-link transaction supervision, relay link node and medium
CN112769764A (en) Metering data transmission key storage method of instrument and transmission method and device thereof
CN106992865A (en) Data signature method and system, data sign test method and device
CN206907059U (en) China second-generation identity card reads encryption system
CN113783846B (en) Trusted data transmission system and method
CN114928756A (en) Video data protection, encryption and verification method, system and equipment
CN204904277U (en) Two encryption lock ukey of intelligence developments
US20120331290A1 (en) Method and Apparatus for Establishing Trusted Communication With External Real-Time Clock
CN113508380A (en) Method for terminal entity authentication
CN114285584B (en) Encryption algorithm experiment system
JP6063317B2 (en) Terminal device and determination method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210507