CN113364803A - Block chain-based security authentication method for power distribution Internet of things - Google Patents
Block chain-based security authentication method for power distribution Internet of things Download PDFInfo
- Publication number
- CN113364803A CN113364803A CN202110718633.6A CN202110718633A CN113364803A CN 113364803 A CN113364803 A CN 113364803A CN 202110718633 A CN202110718633 A CN 202110718633A CN 113364803 A CN113364803 A CN 113364803A
- Authority
- CN
- China
- Prior art keywords
- edge gateway
- power terminal
- terminal device
- authentication
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The disclosure describes a block chain-based security authentication method for a power distribution internet of things, which includes: the method comprises the steps that each edge gateway is used as a block chain node to construct a block chain, each power terminal device sends corresponding device information and a preset password to the edge gateway, the edge gateway processes the device information and the preset password to complete registration, the edge gateway generates a first encrypted ciphertext and a second encrypted ciphertext, the edge gateway generates a target ciphertext combination based on the first encrypted ciphertext and the second encrypted ciphertext, the target ciphertext combination is linked on the block chain, the power terminal device sends authentication information to the edge gateway, the edge gateway obtains authentication data from the authentication information, the edge gateway obtains a first authentication data abstract based on the authentication data and extracts a second digital abstract from the block chain, and the edge gateway realizes the safety authentication of the edge gateway on the power terminal device based on the first authentication data abstract and the second digital abstract. Therefore, the identity authentication of the power terminal equipment can be completed more efficiently.
Description
Technical Field
The disclosure particularly relates to a safety certification method of a power distribution internet of things based on a block chain.
Background
With the effective fusion of new-generation information technologies such as the internet of things and the internet with the smart grid, the traditional power grid is promoted to gradually transform to the smart grid, and the large-range and high-efficiency configuration of energy resources is realized by building the smart grid.
The traditional power distribution internet of things is based on the existing internet environment, the identity authentication of power terminal equipment is uniformly carried out through a central server so as to ensure the effective operation of a power distribution system,
however, the existing design often encounters the problem that the amount of computation required for the central server to reply is huge due to identity authentication application or data transmission brought by massive power terminal equipment, and such a problem often causes that the power distribution terminal often cannot efficiently complete identity authentication when applying for identity authentication.
Disclosure of Invention
The present disclosure has been made in view of the above circumstances, and an object thereof is to provide a security authentication method for a block chain-based power distribution internet of things, which can more efficiently perform authentication of an identity of a power terminal device.
Therefore, the present disclosure provides a safety certification method for a power distribution internet of things based on a block chain, where the power distribution internet of things includes one or more power distribution areas, and any power distribution area includes at least one edge gateway and a plurality of power terminal devices, and the intelligent management system includes: respectively taking each edge gateway as a block chain main node to construct a block chain, respectively sending equipment information and a preset password corresponding to each edge gateway to the edge gateways in the same power distribution area by each power terminal equipment, generating an identity and a target password corresponding to the power terminal equipment by the edge gateways based on the received equipment information and the preset password and sending the identity and the target password to the power terminal equipment, sending the identity and the target password to the edge gateways by the power terminal equipment to complete registration, generating a first digital abstract based on the identity and a first encryption algorithm, generating a second digital abstract by the edge gateways based on a second encryption algorithm, the identity and the equipment information, generating a first character string group by the edge gateways based on the first digital abstract and the edge gateway identification and generating a first encrypted ciphertext based on a third encryption algorithm, the edge gateway generates a second character string combination based on the second digital abstract and the edge gateway identification and generates a second encrypted ciphertext based on a fourth encryption algorithm, the edge gateway generates a target ciphertext combination based on the first encrypted ciphertext and the second encrypted ciphertext and further combines the target ciphertext on the block chain, the power terminal equipment sends authentication information to the edge gateway, the edge gateway receives the authentication information and obtains authentication data from the authentication information, the edge gateway obtains a first authentication data abstract based on the authentication data and extracts the second digital abstract from the block chain based on the authentication data, and the edge gateway realizes the safety authentication of the edge gateway on the power terminal equipment based on the first authentication data abstract and the second digital abstract. In this case, the identity authentication of the power terminal device can be performed by the edge gateway, and thus the identity authentication of the power terminal device can be completed more efficiently.
Further, in the detection system relating to the first aspect of the present disclosure, optionally, the device information includes an area number, a type number, and a number of the power terminal device. Thereby, the device information can be obtained.
In addition, in the detection system according to the first aspect of the present disclosure, optionally, the preset password is generated based on a pseudo random number generator built in the power terminal device. Thereby enabling the preset password to be obtained.
In addition, in the detection system according to the first aspect of the present disclosure, optionally, the edge gateway generates a random number by a random number generator, and the edge gateway generates the target password based on the random number and the preset password. Thereby, the target password can be obtained.
In addition, in the detection system according to the first aspect of the present disclosure, optionally, the edge gateway obtains the target password by performing an exclusive or operation on the random number and the preset password. Thereby, the target password can be obtained.
Further, in the detection system according to the first aspect of the present disclosure, optionally, the first encryption algorithm is a SHA-256 encryption algorithm or an SM3 algorithm, and the second encryption algorithm is a SHA-256 encryption algorithm or an SM3 algorithm. Thereby, the first digital digest and the second digital digest can be obtained easily.
In addition, in the detection system according to the first aspect of the present disclosure, optionally, the third encryption algorithm is an SM2 algorithm or an RSA algorithm, and the fourth encryption algorithm is an SM2 algorithm or an RSA algorithm. Thereby, the first encrypted ciphertext and the second encrypted ciphertext can be conveniently obtained.
In addition, in the detection system according to the first aspect of the present disclosure, optionally, the edge gateway implements block chain uplink by writing the target ciphertext combination into a padding field for block chain uplink, where the padding field is a field in which uplink information is recorded. Thus, the edge gateway can write the target ciphertext combination into the block chain.
In addition, in the detection system according to the first aspect of the present disclosure, optionally, before the electric terminal device sends authentication information to the edge gateway, the electric terminal device negotiates a session key with the edge gateway, and decrypts the identity characteristic information in a clear text or by using the session key. Therefore, the method and the device can be beneficial to the safe data interaction between the power terminal equipment and the edge gateway, and can be convenient for the identity authentication of the power terminal equipment by the subsequent edge gateway.
In addition, in the detection system according to the first aspect of the present disclosure, optionally, the power terminal device encrypts, by using a session key, the authentication data to obtain the authentication information, and sends the authentication information to the edge gateway, where the authentication data includes the identity and the device information. In this case, the edge gateway can be enabled to effectively identify and distinguish the power terminal devices.
According to the method, the safety authentication method of the power distribution internet of things based on the block chain can be used for completing identity authentication of the power terminal equipment more efficiently.
Drawings
Embodiments of the present disclosure will now be explained in further detail, by way of example only, with reference to the accompanying drawings, in which:
fig. 1 is a scene diagram illustrating a power distribution internet of things to which examples of the present disclosure relate.
Fig. 2 is a scene diagram illustrating one power distribution area to which an example of the present disclosure relates.
Fig. 3 is a flowchart illustrating a security authentication method for a power distribution internet of things based on a block chain according to an example of the present disclosure.
Fig. 4 is a flowchart illustrating writing target information of a power terminal device into a block chain according to an example of the present disclosure.
Fig. 5 is a flow chart illustrating authentication of an electrical terminal device by an edge gateway and a blockchain.
Fig. 6 is a flowchart illustrating data transmission between power terminal devices according to an example of the present disclosure.
Detailed Description
Hereinafter, preferred embodiments of the present disclosure will be described in detail with reference to the accompanying drawings. In the following description, the same components are denoted by the same reference numerals, and redundant description thereof is omitted. The drawings are schematic and the ratio of the dimensions of the components and the shapes of the components may be different from the actual ones.
It is noted that the terms "comprises," "comprising," and "having," and any variations thereof, in this disclosure, for example, a process, method, system, article, or apparatus that comprises or has a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include or have other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The disclosure provides a safety certification method (sometimes referred to as a safety certification method for short) of a power distribution internet of things based on a block chain. The security authentication method according to the embodiment of the present disclosure may be applied to a smart grid or a power distribution internet of things 1 (see fig. 1). According to the method, the safety authentication method of the power distribution internet of things 1 based on the block chain can be used for completing the identity authentication of the power terminal equipment more efficiently. The light-weight safety architecture of the power distribution internet of things 1 can be constructed in the embodiment related to the disclosure. In some examples, the power distribution internet of things 1 may distribute security authentication tasks (or identity authentication tasks) of power terminal devices in the power distribution physical Network 1 to edge devices (also referred to as "edge gateways") based on an edge control technology of a Software Defined Network (SDN). In this case, the identity authentication of the power terminal device can be realized by the edge device. Therefore, huge burden of a large amount of electric terminal equipment on the central server can be effectively relieved, and the identity authentication of the electric terminal equipment can be completed more efficiently.
Fig. 1 is a scene diagram illustrating a power distribution internet of things 1 to which an example of the present disclosure relates. In some examples, referring to fig. 1, a power distribution internet of things 1 may include one or more power distribution zones (e.g., power distribution zone 110, power distribution zone 120, and power distribution zone 130). In some examples, the electrical zones may be partitioned according to the communication area (or communication coverage) of the edge gateway. In some examples, each power distribution zone may include an edge gateway. In some examples, the number of edge gateways may be one or more. For example, the power distribution area 110 may include an edge gateway 111, the power distribution area 120 may include an edge gateway 121, the power distribution area 130 may include an edge gateway 131, the power distribution area 140 may include an edge gateway 141, and so on. In some examples, each power distribution zone may include power terminal equipment. In some examples, the number of power terminal devices in each power distribution area may be one or more. For example, the number of power terminal devices in the power distribution area 110 may be 3, respectively the power terminal device 112, the power terminal device 113, the power terminal device 114, and the like.
Fig. 2 is a scene diagram illustrating one power distribution area P to which the present disclosure example relates. Fig. 2 shows a scene diagram corresponding to a power distribution area P, where the power distribution area P includes an edge gateway S and several power terminal devices D, such as a first power terminal device D1 and a second power terminal device D2. Fig. 3 is a flowchart illustrating a security authentication method of the power distribution internet of things 1 based on the block chain according to an example of the present disclosure.
In the embodiment related to the present disclosure, a safety certification method for a power distribution internet of things 1 based on a block chain is provided (see fig. 3). In this embodiment, referring to fig. 3, the safety certification method for the power distribution internet of things 1 based on the block chain may include the following steps: performing blockchain initialization by the edge gateway S (step S10); registering the power terminal device D through the edge gateway S (step S20); the power terminal device D is authenticated by the edge gateway S (step S30). According to the safety authentication method disclosed by the invention, the identity authentication of the power terminal equipment D can be more efficiently completed.
In step S10, a blockchain initialization may be performed by the edge gateway S, as described above.
In some examples, the edge gateways S corresponding to the respective power distribution areas P may be respectively used as the main node of the block chain to construct the block chain, and the power terminal devices D in the communication area of the edge gateways S are used as the sub-nodes of the block chain. In some examples, each edge gateway S may construct a blockchain trust domain (simply "trust domain"). In this case, if the power terminal device D performs identity authentication within the trust domain, all power terminal devices D trusting the authentication domain (i.e. trust domain) may accept the identity authentication. In some examples, the edge gateway S may serve as a master device of the blockchain trust domain, and the power terminal devices D in the same power distribution area may serve as slave devices of the blockchain trust domain.
In step S20, the power terminal device D may be registered by the edge gateway S as described above.
In some examples, in step S20, the edge gateway S needs to register the power terminal devices D that join the same distribution area P (see fig. 2 and 3). In this case, the edge gateway S can perform identity identification and information registration on the electric terminal device D, so that the edge gateway S can better identify and distinguish the electric terminal device D, and the subsequent identity authentication of the electric terminal device D through the edge gateway S can be facilitated. In some examples, the power terminal device D may be registered by the edge gateway S within the same blockchain trust domain. Or the power terminal device D may be registered by the edge gateway S of the same distribution area P.
In some examples, each power terminal device D may transmit the target information to the edge gateway S, respectively. In some examples, the target information may include device information and a preset password of the power terminal device D. In some examples, the device information may be information that can distinguish the individual power terminal devices D. In some examples, the device information may include information such as an area number, a type number, and a number of the power terminal device D. Thereby, the device information can be obtained. In some examples, the area number may be a number of a blockchain area. In some examples, the type number may be a number of a device type. In some examples, the number may be a number in the same type of device in the area. In some examples, the device information may be generated when power terminal device D joins the blockchain trust domain.
In some examples, the preset password transmitted by the power terminal device D may be generated based on a pseudo random number generator built in the power terminal device D. Thereby enabling the preset password to be obtained. In some examples, the power terminal device D may store the generated preset password.
In some examples, the edge gateway S may receive the destination information transmitted by the power terminal device D. In some examples, the edge gateway S may generate registration information based on the received target information and may transmit the registration information to the corresponding power terminal device D.
Specifically, the edge gateway S may receive the device information and the preset password transmitted by the power terminal device D. In some examples, the edge gateway S may generate an identity corresponding to the power terminal device D based on the received device information. In some examples, the identity may be a unique device identity corresponding to the power terminal device D.
In some examples, the edge gateway S may generate a target password corresponding to the power terminal device D based on the received preset password. In some examples, the edge gateway S generates a target password based on the random number and a preset password. In some examples, the edge gateway S may generate a random number by a random number generator. In some examples, the edge gateway S may obtain the target password by xoring the random number and a preset password. Thereby, the target password can be obtained.
In some examples, the registration information may include an identification and a target password. In some examples, the edge gateway S may store the generated registration information. In some examples, the edge gateway S may store the device information in a database of the edge gateway S.
In some examples, the edge gateway S may send the registration information to the corresponding power terminal device D. For example, the edge gateway S may transmit registration information such as an identification and a target password to the corresponding power terminal device D. In other examples, the edge gateway S may send the registration information and the preset password to the corresponding power terminal device D after generating the registration information. In some examples, the power terminal device may be confirmed to correspond to the registration information by comparing the received preset password with a self-generated preset password. In some examples, the power terminal device D may store the received registration information.
In some examples, the edge gateway S may also generate a key pair for the power terminal device D.
In some examples, the identity may be a public key of the power terminal device D. In some examples, the target password may be a private key of the power terminal device D. Or the target password and the preset password may be a private key pair of the power terminal device D.
In some examples, the power terminal device D may send registration information to the edge gateway S to complete the registration. Specifically, in some examples, the power terminal device D may receive the identity and the target password sent by the edge gateway S and may send the identity and the target password to the edge gateway S over the secure channel. In some examples, if the edge gateway S obtains the registration information corresponding to the received registration information by querying the data stored in the edge gateway S, it indicates that the power terminal device D completes registration. In this case, the edge gateway S may transmit notification information that registration has been completed to the power terminal device D. In some examples, if the edge gateway S does not obtain the corresponding registration information by querying the data stored in itself after receiving the registration information, it indicates that the power terminal device D does not complete the registration. In this case, the edge gateway S may store the received registration information to complete the registration, and thereafter may transmit notification information that the registration has been completed to the power terminal device D.
In step S30, as described above, the power terminal device D may be authenticated by the edge gateway S.
In some examples, step S30 may include writing target information of the power terminal device D into the blockchain, and authenticating the power terminal device D based on the edge gateway S and the blockchain.
In step S30, as described above, the power terminal device D may be authenticated by the edge gateway S.
In some examples, step S30 may include writing target information of the power terminal device D into the blockchain, and authenticating the power terminal device D through the edge gateway S and the blockchain.
Fig. 4 is a flowchart illustrating writing of target information of the power terminal device D into the block chain according to an example of the present disclosure. Fig. 5 is a flowchart showing the authentication of the power terminal device D by the edge gateway S and the block chain.
In the embodiment according to the present disclosure, referring to fig. 4, writing the target information of the power terminal device D into the block chain may include: the edge gateway S generates a first digital digest based on the identity and the first encryption algorithm in the registration information of the power terminal device D, and the edge gateway S generates a second digital digest based on the identity and the device information of the power terminal device D and the second encryption algorithm (step S311); the edge gateway S generates a first character string combination based on the first digital digest and the edge gateway identifier and generates a first encrypted ciphertext based on the third encryption algorithm, the edge gateway S generates a second character string combination based on the second digital digest and the edge gateway identifier and generates a second encrypted ciphertext based on the fourth encryption algorithm (step S312), the edge gateway S generates a target ciphertext combination based on the first encrypted ciphertext and the second encrypted ciphertext (step S313), and the edge gateway S combines the target ciphertext in a block chain uplink (step S314).
In step S311, as described above, the edge gateway S generates a first digital digest based on the identity in the registration information of the power terminal device D and the first encryption algorithm, and the edge gateway S generates a second digital digest based on the identity and the stored device information and the second encryption algorithm.
In some examples, the edge gateway S may generate the first digital digest based on the identity and a first encryption algorithm. In some examples, the first encryption algorithm may be a SHA-256 encryption algorithm or an SM3 algorithm, among others. Thereby, the first digital digest can be obtained easily.
In some examples, the edge gateway S may generate a second digital digest based on the identity and the device information and a second encryption algorithm. In some examples, the edge gateway S may generate the identity digital digest based on the second encryption algorithm and the identity. In some examples, the edge gateway S may generate a device information digital digest based on the second encryption algorithm and the device information. In some examples, the edge gateway S may concatenate the identity digital digest and the device information digital digest combination into a string to generate the second digital digest. In some examples, the second encryption algorithm may be a SHA-256 encryption algorithm or an SM3 algorithm, among others. Thereby, the obtaining of the second digital digest can be facilitated.
In step S312, as described above, the edge gateway S may generate a first combination of strings based on the first digital digest and the edge gateway identifier and generate a first encrypted ciphertext based on the third encryption algorithm, and the edge gateway S may generate a second combination of strings based on the second digital digest and the edge gateway identifier and generate a second encrypted ciphertext based on the fourth encryption algorithm.
In some examples, the edge gateway identification may be an edge gateway number to which the edge gateway S corresponds. In this case, the edge gateway number may be used to distinguish the edge gateways of different distribution areas. In some examples, the edge gateway identification may be generated when the edge gateway S registers on the cloud gateway.
In some examples, the edge gateway S may generate a first string combination based on the first digital digest and the edge gateway identification, as described above. In some examples, the edge gateway S may concatenate the first digital digest with the edge gateway identification to generate a first string combination.
In some examples, the edge gateway S may generate a first encryption ciphertext based on the third encryption algorithm and the first string combination. In some examples, the third encryption algorithm may be the SM2 algorithm or the RSA algorithm. Thereby, the first encrypted ciphertext can be obtained conveniently. In some examples, the edge gateway S may use the public key of the power terminal device D and apply a third encryption algorithm to asymmetrically encrypt the first string combination to form a first encrypted ciphertext.
In some examples, the edge gateway S may generate a second string combination based on the second digital digest and the edge gateway identification. In some examples, the edge gateway S may concatenate the second digital digest with the edge gateway identification to generate a second string combination.
In some examples, the edge gateway S may generate a second encryption ciphertext based on a fourth encryption algorithm and the second string combination. In some examples, the fourth encryption algorithm may be the SM2 algorithm or the RSA algorithm. Thereby, the second encrypted ciphertext can be obtained conveniently. In some examples, the edge gateway S may use the edge gateway S public key and apply a fourth encryption algorithm to asymmetrically encrypt the second combination of strings to form a second encrypted ciphertext.
In some examples, the edge gateway S public key may be generated when registered on the cloud gateway.
In step S313, the edge gateway S may receive the first encrypted ciphertext and generate a target ciphertext combination based on the second encrypted ciphertext.
In some examples, the edge gateway S may segment the first encrypted ciphertext and the second encrypted ciphertext according to a certain rule, and then connect them together to form a complete ciphertext, i.e., a target ciphertext combination. In some examples, the edge gateway S may combine the first encrypted ciphertext and the second encrypted ciphertext using a pound sign ("#") to obtain the target ciphertext combination.
In step S314, the edge gateway S may assemble the target cipher text on the blockchain as described above.
In some examples, the edge gateway S may write the target cipher text combination into a padding field for uplink on the blockchain to complete writing the target information into the blockchain. In some examples, the padding field may be a field that records uplink information. This enables the edge gateway S to write the target ciphertext combination into the blockchain. In some examples, the target information may include identification, device information, and the like.
In the embodiment related to the present disclosure, before data transmission between the power terminal devices D, the edge gateway S is required to perform identity authentication on the power terminal devices D. For example, before the first power terminal device D1 transmits data to the second power terminal device D2, the edge gateway S may authenticate that the first power terminal device D1 is legitimate.
In the embodiment related to the present disclosure, referring to fig. 5, the identity authentication of the power terminal device D by the edge gateway S may include the following steps: the power terminal device D may transmit authentication information to the edge gateway S (step S321), and the edge gateway S implements authentication of the power terminal device D based on the authentication information and the encrypted device information obtained from the blockchain (step S322); after the authentication is successful, the electric power terminal device D transmits a request content to the edge gateway S to implement the security authentication of the electric power terminal device D by the edge gateway S (step S323).
In step S321, as described above, the power terminal device D may transmit the authentication information to the edge gateway S.
In some examples, the power terminal device D may send the authentication information to the edge gateway S by encrypting the authentication data or the like to obtain the authentication information. In some examples, the authentication data may include identification and device information, among others. In this case, the edge gateway S can be made to efficiently identify and distinguish the power terminal devices D.
In some examples, prior to step S321, the power terminal device D may negotiate a session key with the edge gateway S. In some examples, the power terminal device D and the edge gateway S may encrypt and decrypt through a session key when performing data interaction. In some examples, the power terminal device D may encrypt the authentication data by the session key to obtain authentication information to send to the edge gateway S. Therefore, safe data interaction between the power terminal device D and the edge gateway S can be facilitated, and identity authentication of the power terminal device D by the subsequent edge gateway S can be facilitated.
In step S322, as described above, the edge gateway S may implement authentication of the power terminal device D based on the authentication information and the encrypted device information obtained from the blockchain.
In some examples, the edge gateway S may receive the authentication information and obtain authentication data therefrom. In some examples, the edge gateway S may decrypt the authentication information to obtain authentication data therefrom and request content. In some examples, the edge gateway S may decrypt the authentication information with the session key. Therefore, the authentication data can be obtained, and the identity authentication of the power terminal device D by the edge gateway S can be facilitated.
In some examples, the edge gateway S may obtain identity data from the authentication data. In some examples, the identity data may refer to device information, i.e., area number, type number, and the like.
In some examples, the edge gateway S may obtain the first authentication data digest based on the authentication data. In some examples, the edge gateway S may generate the first authentication data digest based on the identity and device information in the authentication data and a second encryption algorithm.
In some examples, the edge gateway S may extract the cryptographic device information from the blockchain based on the identity in the authentication data. In some examples, the encrypted device information may be a second digital digest, or the like.
In some examples, the edge gateway S may enable authentication of the power terminal device D by the edge gateway S by matching the first authentication data digest and the second digital digest.
In step S323, as described above, after the authentication is successful, the power terminal device D transmits request content to the edge gateway S to implement data transmission between the power terminal devices D. In some examples, the request content may include an identification of other power terminal devices to be transmitted by power terminal device D, and the like. In this case, the edge gateway S may identify the power terminal devices D to be transmitted based on the identity to implement data transmission between the power terminal devices D.
In some examples, the power terminal device D may send the request content to the edge gateway S encrypted with the session key. In some examples, the edge gateway S may decrypt the requested content with the session key and store it in its own database to enable data transfer between the power terminal devices D.
Fig. 6 is a flowchart illustrating data transmission between the power terminal devices D according to the example of the present disclosure.
In the embodiment related to the present disclosure, in the power distribution internet of things 1, data can be securely transmitted between the power terminal devices D. For example, data transmission may be performed between the first power terminal device D1 and the second power terminal device D2. In some examples, the first power terminal device D1 may transmit the transmitted data to the edge gateway S, and the edge gateway S may verify the data transmitted by the first power terminal device D1 and, if the verification is passed, may transmit the data to the second power terminal device D2. The following describes in detail a process of data secure transmission between the power terminal devices D with reference to the drawings.
In the present embodiment, referring to fig. 6, the process of data transmission between the first power terminal device D1 and the second power terminal device D2 may include the steps of: the first power terminal device D1 may generate a target data packet from the target transmission data, encrypt the target data packet by using a fifth encryption algorithm to obtain a digital digest of the transmission data, and sign the digital digest of the transmission data by using a private key thereof to obtain a transmission data ciphertext (step S41); the first power terminal device D1 transmits the target data packet, the signed transmission data cipher text, and the data generation timestamp to the edge gateway S, and performs signature authentication (step S42); if the verification is passed, the edge gateway S may transmit the encrypted transmission data to the second power terminal device D2, and the second power terminal device D2 may decrypt the encrypted transmission data to obtain the target transmission data (step S43).
In some examples, in step S41, the first power terminal device D1 may generate the target transmission data into a target data packet based on the network communication protocol. In some examples, the target transmission data may include data information that the first power terminal device D1 wants to transfer to the second power terminal device D2. In some examples, the destination data packet may include identification of the first power terminal device D1, device information, and the like. This can facilitate authentication by the subsequent edge gateway S. In some examples, the destination data packet may also contain relevant identity information (e.g., identification, device information, etc.) of the power terminal device D (the second power terminal device D2) that the first power terminal device D1 wants to transmit data. For example, the destination data packet may further include information such as an identification and device information of the second power terminal device D2. This can facilitate the subsequent edge gateway S to accurately transmit information to the second power terminal device D2.
In some examples, the first power terminal device D1 may encrypt the target data packet using a fifth encryption algorithm to obtain a digital digest of the transmission data. In some examples, the fifth encryption algorithm may be a SHA-2 encryption algorithm. In some examples, the first power terminal device D1 may sign a digital digest of the transmission data with its private key, resulting in a transmission data cipher text.
In some examples, in step S42, the first power terminal device D1 may send the target data packet, the signed transmission data cipher, and the data generation timestamp to the edge gateway S. In some examples, the data generation timestamp may be generated by the first power terminal device D1 according to the time of data transmission. In some examples, the first power terminal device D1 may send information such as a destination data packet, a signed transmission data cipher, and a data generation timestamp to the edge gateway S in the same power distribution area.
In some examples, the edge gateway S may broadcast information such as the received target data packet, the signed transmission data cipher text, and the data generation timestamp to other edge gateways S in the power distribution internet of things 1. In this case, any edge gateway S in the power distribution internet of things 1 may perform signature verification on information such as the target data packet, the transmission data ciphertext after signature, and the data generation timestamp sent by the first power terminal device D1. This can effectively improve the efficiency of verification. In some examples, the signature verification may refer to that the edge gateway S decrypts the signed transmission data ciphertext based on the public key of the first power terminal device D1 to obtain a third digital digest of the transmission data, and compares the third digital digest with a fourth digital digest of the transmission data calculated by the edge gateway S using a fifth encryption algorithm on the target data packet, and if the third digital digest and the fourth digital digest are equal, it indicates that the data is not tampered (i.e., the data passes the verification). In some examples, if an edge gateway S obtains a verification result of signature verification, the edge gateway S may broadcast the obtained verification result to other edge gateways S in the power distribution internet of things 1. In this case, the other edge gateways S may obtain the authentication result.
In some examples, in step S43, the edge gateway S may confirm whether to transmit the encrypted transmission data to the second power terminal device D2 according to the verification result. In some examples, if the verification passes, the edge gateway S may transmit the encrypted transmission data to the second power terminal device D2. In some examples, the edge gateway S may obtain information such as an identity of the second power terminal device D2 from the destination data packet. In this case, the encrypted transmission data may be obtained by encrypting the target packet by the edge gateway S located in the same power distribution area as the second power terminal device D2 to transmit the encrypted transmission data to the second power terminal device D2. In some examples, the second power terminal device D2 may decrypt the encrypted transmission data to obtain the target transmission data. In some examples, the encryption and decryption of the edge gateway S and the power terminal device D is based on a session key negotiated between them. Thereby, information transmission between the power terminal devices D can be realized.
While the present disclosure has been described in detail in connection with the drawings and examples, it should be understood that the above description is not intended to limit the disclosure in any way. Those skilled in the art can make modifications and variations to the present disclosure as needed without departing from the true spirit and scope of the disclosure, which fall within the scope of the disclosure.
Claims (10)
1. A safety certification method for a power distribution Internet of things based on a block chain is provided, wherein the power distribution Internet of things comprises one or more power distribution areas, and any power distribution area comprises at least one edge gateway and a plurality of power terminal devices, and the intelligent management system comprises: each edge gateway is respectively used as a block chain main node to construct a block chain, each electric terminal device respectively sends corresponding device information and a preset password to the edge gateway in the same distribution area, the edge gateway generates an identity and a target password corresponding to the electric terminal device based on the received device information and the preset password and sends the identity and the target password to the electric terminal device, the electric terminal device sends the identity and the target password to the edge gateway to complete registration, the edge gateway generates a first digital abstract based on the identity and a first encryption algorithm, the edge gateway generates a second digital abstract based on a second encryption algorithm, the identity and the device information, the edge gateway generates a first character string group based on the first digital abstract and the edge gateway identification and generates a first encryption ciphertext based on a third encryption algorithm, the edge gateway generates a second character string combination based on the second digital abstract and the edge gateway identification and generates a second encrypted ciphertext based on a fourth encryption algorithm, the edge gateway generates a target ciphertext combination based on the first encrypted ciphertext and the second encrypted ciphertext and further combines the target ciphertext on the block chain, the power terminal equipment sends authentication information to the edge gateway, the edge gateway receives the authentication information and obtains authentication data from the authentication information, the edge gateway obtains a first authentication data abstract based on the authentication data and extracts the second digital abstract from the block chain based on the authentication data, and the edge gateway realizes the safety authentication of the edge gateway on the power terminal equipment based on the first authentication data abstract and the second digital abstract.
2. The secure authentication method of claim 1,
the device information includes an area number, a type number, and a number of the power terminal device.
3. The secure authentication method of claim 1,
the preset password is generated based on a pseudo random number generator built in the power terminal device.
4. The secure authentication method of claim 1,
and the edge gateway generates a random number through a random number generator, and generates the target password based on the random number and the preset password.
5. The secure authentication method of claim 4,
and the edge gateway obtains the target password by carrying out XOR operation on the random number and the preset password.
6. The secure authentication method of claim 1,
the first encryption algorithm is an SHA-256 encryption algorithm or an SM3 algorithm, and the second encryption algorithm is an SHA-256 encryption algorithm or an SM3 algorithm.
7. The secure authentication method of claim 1,
the third encryption algorithm is an SM2 algorithm or an RSA algorithm, and the fourth encryption algorithm is an SM2 algorithm or an RSA algorithm.
8. The secure authentication method of claim 1,
the edge gateway realizes block chain uplink by writing the target ciphertext combination into a padding field for block chain uplink, wherein the padding field is a field recording uplink information.
9. The secure authentication method of claim 1,
before the electric terminal equipment sends authentication information to the edge gateway, the electric terminal equipment and the edge gateway negotiate a session key, and the identity characteristic information is subjected to plaintext or decryption through the session key.
10. The secure authentication method of claim 9,
and the electric terminal equipment encrypts the authentication data through a session key to obtain the authentication information and sends the authentication information to the edge gateway, wherein the authentication data comprises the identity and the equipment information.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210143481.6A CN114500081B (en) | 2021-06-28 | 2021-06-28 | Data transmission method of power distribution Internet of things based on block chain |
| CN202110718633.6A CN113364803B (en) | 2021-06-28 | 2021-06-28 | Block chain-based security authentication method for power distribution Internet of things |
| CN202210143071.1A CN114513361B (en) | 2021-06-28 | 2021-06-28 | Power distribution Internet of things based on block chain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110718633.6A CN113364803B (en) | 2021-06-28 | 2021-06-28 | Block chain-based security authentication method for power distribution Internet of things |
Related Child Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210143481.6A Division CN114500081B (en) | 2021-06-28 | 2021-06-28 | Data transmission method of power distribution Internet of things based on block chain |
| CN202210143071.1A Division CN114513361B (en) | 2021-06-28 | 2021-06-28 | Power distribution Internet of things based on block chain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113364803A true CN113364803A (en) | 2021-09-07 |
| CN113364803B CN113364803B (en) | 2022-03-11 |
Family
ID=77536848
Family Applications (3)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110718633.6A Active CN113364803B (en) | 2021-06-28 | 2021-06-28 | Block chain-based security authentication method for power distribution Internet of things |
| CN202210143481.6A Active CN114500081B (en) | 2021-06-28 | 2021-06-28 | Data transmission method of power distribution Internet of things based on block chain |
| CN202210143071.1A Active CN114513361B (en) | 2021-06-28 | 2021-06-28 | Power distribution Internet of things based on block chain |
Family Applications After (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210143481.6A Active CN114500081B (en) | 2021-06-28 | 2021-06-28 | Data transmission method of power distribution Internet of things based on block chain |
| CN202210143071.1A Active CN114513361B (en) | 2021-06-28 | 2021-06-28 | Power distribution Internet of things based on block chain |
Country Status (1)
| Country | Link |
|---|---|
| CN (3) | CN113364803B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114189858A (en) * | 2021-12-09 | 2022-03-15 | 国网江苏省电力有限公司泰州供电分公司 | Electric power 5G public network secure transmission method based on asymmetric encryption |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2020010332A (en) * | 2018-07-02 | 2020-01-16 | アバイア インコーポレーテッド | Federated blockchain identity model and personally identifiable secure information data transmission model for RCS |
| CN111447067A (en) * | 2020-03-19 | 2020-07-24 | 江苏方天电力技术有限公司 | Encryption authentication method for power sensing equipment |
| CN111478902A (en) * | 2020-04-07 | 2020-07-31 | 江苏润和智融科技有限公司 | Power edge gateway equipment and sensing data uplink storage method based on same |
| CN112839041A (en) * | 2021-01-05 | 2021-05-25 | 国网浙江省电力有限公司嘉兴供电公司 | Block chain-based power grid identity authentication method, device, medium and equipment |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20200043000A1 (en) * | 2018-08-03 | 2020-02-06 | Panasonic Intellectual Property Corporation Of America | Data distribution method, authentication server, and data structure |
| CN109495516A (en) * | 2019-01-07 | 2019-03-19 | 国网江苏省电力有限公司无锡供电分公司 | Electric power internet-of-things terminal cut-in method based on block chain |
| CN109787987A (en) * | 2019-01-29 | 2019-05-21 | 国网江苏省电力有限公司无锡供电分公司 | Electric power internet-of-things terminal identity identifying method based on block chain |
| CN112383504A (en) * | 2020-09-28 | 2021-02-19 | 国网山东省电力公司冠县供电公司 | Electric power thing networking block chain data management system |
| CN112291230B (en) * | 2020-10-26 | 2023-04-07 | 公安部第一研究所 | Data security authentication transmission method and device for terminal of Internet of things |
| CN112417424A (en) * | 2020-12-02 | 2021-02-26 | 中国电力科学研究院有限公司 | Authentication method and system for power terminal |
| CN112600892B (en) * | 2020-12-07 | 2022-01-28 | 北京邮电大学 | Block chain equipment and system for Internet of things and working method |
-
2021
- 2021-06-28 CN CN202110718633.6A patent/CN113364803B/en active Active
- 2021-06-28 CN CN202210143481.6A patent/CN114500081B/en active Active
- 2021-06-28 CN CN202210143071.1A patent/CN114513361B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2020010332A (en) * | 2018-07-02 | 2020-01-16 | アバイア インコーポレーテッド | Federated blockchain identity model and personally identifiable secure information data transmission model for RCS |
| CN111447067A (en) * | 2020-03-19 | 2020-07-24 | 江苏方天电力技术有限公司 | Encryption authentication method for power sensing equipment |
| CN111478902A (en) * | 2020-04-07 | 2020-07-31 | 江苏润和智融科技有限公司 | Power edge gateway equipment and sensing data uplink storage method based on same |
| CN112839041A (en) * | 2021-01-05 | 2021-05-25 | 国网浙江省电力有限公司嘉兴供电公司 | Block chain-based power grid identity authentication method, device, medium and equipment |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114189858A (en) * | 2021-12-09 | 2022-03-15 | 国网江苏省电力有限公司泰州供电分公司 | Electric power 5G public network secure transmission method based on asymmetric encryption |
| CN114189858B (en) * | 2021-12-09 | 2023-10-24 | 国网江苏省电力有限公司泰州供电分公司 | Asymmetric encryption-based power 5G public network secure transmission method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114513361A (en) | 2022-05-17 |
| CN114500081A (en) | 2022-05-13 |
| CN114513361B (en) | 2022-11-01 |
| CN113364803B (en) | 2022-03-11 |
| CN114500081B (en) | 2022-09-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111083131B (en) | Lightweight identity authentication method for power Internet of things sensing terminal | |
| WO2019137014A1 (en) | Quantum key fusion-based secure communication method and apparatus for virtual power plant, and medium | |
| CN108683501B (en) | Multiple identity authentication system and method with timestamp as random number based on quantum communication network | |
| US7907735B2 (en) | System and method of creating and sending broadcast and multicast data | |
| KR101434569B1 (en) | Apparatus and method for providing security service in home network | |
| CN113553574A (en) | Internet of things trusted data management method based on block chain technology | |
| KR20190073472A (en) | Method, apparatus and system for transmitting data | |
| Tan et al. | Comments on “dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks” | |
| CN103763356A (en) | Establishment method, device and system for connection of secure sockets layers | |
| CN108650028B (en) | Multiple identity authentication system and method based on quantum communication network and true random number | |
| CN111092717A (en) | Group authentication-based safe and reliable communication method in smart home environment | |
| CN108809633B (en) | Identity authentication method, device and system | |
| CN110087240B (en) | Wireless network security data transmission method and system based on WPA2-PSK mode | |
| CN108964896B (en) | Kerberos identity authentication system and method based on group key pool | |
| CN112351037B (en) | Information processing method and device for secure communication | |
| CN104113409A (en) | Secret key managing method and system of SIP (session initiation protocol) video monitoring networking system | |
| CN105610773A (en) | Communication encryption method of electric energy meter remote meter reading | |
| CN104243439A (en) | File transfer processing method and system and terminals | |
| CN108964895B (en) | User-to-User identity authentication system and method based on group key pool and improved Kerberos | |
| CN116388995A (en) | Lightweight smart grid authentication method based on PUF | |
| CN114154181A (en) | Privacy calculation method based on distributed storage | |
| TW201628370A (en) | Network group authentication system and method | |
| CN113364803B (en) | Block chain-based security authentication method for power distribution Internet of things | |
| CN108965266B (en) | User-to-User identity authentication system and method based on group key pool and Kerberos | |
| CN116743372A (en) | Quantum security protocol implementation method and system based on SSL protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Yang Huixuan Inventor after: Zhang Ruizhao Inventor before: Yang Huixuan Inventor before: Zhang Ruizhao Inventor before: Zhu Yuechao |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220707 Address after: 250101 rooms 1-3133, building 1, No.88, West Convention and Exhibition Road, high tech Zone, Jinan City, Shandong Province Patentee after: Shandong Huake Information Technology Co.,Ltd. Patentee after: Beijing Huaqing Zhihui Energy Technology Co.,Ltd. Patentee after: Beijing Huaqing Future Energy Technology Research Institute Co.,Ltd. Address before: 250101 rooms 1-3133, building 1, No.88, West Convention and Exhibition Road, high tech Zone, Jinan City, Shandong Province Patentee before: Shandong Huake Information Technology Co.,Ltd. Patentee before: Beijing Huaqing Zhihui Energy Technology Co.,Ltd. |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Security authentication method for distribution IoT based on blockchain Effective date of registration: 20230403 Granted publication date: 20220311 Pledgee: Ji'nan finance Company limited by guarantee Pledgor: Shandong Huake Information Technology Co.,Ltd. Registration number: Y2023980037136 |