CN113556355A - Key processing system and method for intelligent equipment of power distribution network - Google Patents

Key processing system and method for intelligent equipment of power distribution network Download PDF

Info

Publication number
CN113556355A
CN113556355A CN202110868917.3A CN202110868917A CN113556355A CN 113556355 A CN113556355 A CN 113556355A CN 202110868917 A CN202110868917 A CN 202110868917A CN 113556355 A CN113556355 A CN 113556355A
Authority
CN
China
Prior art keywords
ied
equipment
key
distribution network
intelligent substation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110868917.3A
Other languages
Chinese (zh)
Other versions
CN113556355B (en
Inventor
罗金满
刘飘
李晓霞
王湘女
董彩红
刘卓贤
谭雄华
梁浩波
郭孝基
温兆聪
芦大伟
周智明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Power Grid Co Ltd
Dongguan Power Supply Bureau of Guangdong Power Grid Co Ltd
Original Assignee
Guangdong Power Grid Co Ltd
Dongguan Power Supply Bureau of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Power Grid Co Ltd, Dongguan Power Supply Bureau of Guangdong Power Grid Co Ltd filed Critical Guangdong Power Grid Co Ltd
Priority to CN202110868917.3A priority Critical patent/CN113556355B/en
Publication of CN113556355A publication Critical patent/CN113556355A/en
Application granted granted Critical
Publication of CN113556355B publication Critical patent/CN113556355B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Abstract

The embodiment of the invention discloses a key processing system and method for intelligent equipment of a power distribution network. The system comprises: the intelligent substation key management system comprises a power distribution network key management device, at least one intelligent substation IED device and a north orientation device; the intelligent substation IED equipment uses a current encryption public key to perform asymmetric encryption on an IED equipment identification information plaintext of the intelligent substation IED equipment, and sends the encrypted information to the power distribution network key management equipment to perform equipment identification information input; the northbound device uses the decryption private key to asymmetrically decrypt the IED device identification information ciphertext, and identifies and confirms the device identification information; after the device identification is recorded and confirmed, the power distribution network key management device randomly generates a new encryption public key and a corresponding decryption private key, and sends the new encryption public key and the corresponding private key to the intelligent substation IED device and the northbound device respectively through a symmetric encryption and decryption algorithm. By adopting the technical scheme of the embodiment of the invention, the updating difficulty of the key is reduced, and the updating efficiency of the key is improved.

Description

Key processing system and method for intelligent equipment of power distribution network
Technical Field
The embodiment of the invention relates to the technical field of information security, in particular to a key processing system and method for intelligent equipment of a power distribution network.
Background
In the traditional single-key cipher communication, two communication parties use the same key to encrypt and decrypt, namely, the two parties involved in the key encrypt a specified unique symmetric key by using a public key, and the unique key and information encrypted by the key are sent to the other party (such as EDI exchange), so that the two parties share the same key. In a complicated and diversified network environment, the key updating lacks certain security, and once the key is stolen by others, the economic loss of both parties of the trade can be caused. In addition, a series of complicated operation flows such as real identity authentication and digital signature are required to be performed on the formation of the key through a key updating mode of a certificate updating authority (CA), and the time efficiency and the updating performance are low.
Disclosure of Invention
The embodiment of the invention provides a key processing system and a key processing method for intelligent equipment of a power distribution network, which are used for reducing the complex processes involved in key distribution processing of IED equipment and northbound equipment.
In a first aspect, an embodiment of the present invention provides a key processing system for a power distribution network smart device, including: the intelligent substation key management system comprises a power distribution network key management device, at least one intelligent substation IED device and a north orientation device; wherein the content of the first and second substances,
the intelligent substation IED equipment is configured to use a current encryption public key to carry out asymmetric encryption on the plaintext of IED equipment identification information of the intelligent substation IED equipment, and send the encrypted information to the power distribution network key management equipment to carry out equipment identification information input;
the northbound device is configured to asymmetrically decrypt the IED device identification information ciphertext by using a current decryption private key corresponding to the current encryption public key, and identify and confirm the device identification information;
the power distribution network key management equipment is further configured to randomly generate a new encryption public key and a corresponding new decryption private key after the equipment identifier is recorded and confirmed, and send the new encryption public key to the intelligent substation IED equipment and the new decryption private key to the northbound equipment through encryption and decryption of a symmetric encryption algorithm.
In a second aspect, an embodiment of the present invention further provides a key processing method for a power distribution network smart device, including:
the intelligent substation IED equipment uses the current encryption public key to perform asymmetric encryption on the plaintext of the IED equipment identification information of the intelligent substation IED equipment, and sends the encrypted plaintext to the power distribution network key management equipment to perform equipment identification information input;
the northbound device uses a current decryption private key corresponding to the current encryption public key to asymmetrically decrypt the IED device identification information ciphertext, and identifies and confirms the device identification information;
after the device identification is recorded and confirmed, the power distribution network key management device randomly generates a new encryption public key and a corresponding new decryption private key, and sends the new encryption public key to the intelligent substation IED device and the new decryption private key to the northbound device through encryption and decryption of a symmetric encryption algorithm.
The embodiment of the invention provides a key processing scheme of intelligent equipment of a power distribution network, and by adopting the technical scheme of the embodiment of the invention, a special key management system of the power distribution network is built, so that the required key is convenient to update, and the reliability and the safety of data in the transmission process are ensured; the complex process involved in key distribution processing of the IED equipment and the northbound equipment is reduced, and the transmission efficiency of information between the IED equipment and the northbound equipment is improved.
The above summary of the present invention is merely an overview of the technical solutions of the present invention, and the present invention can be implemented in accordance with the content of the description in order to make the technical means of the present invention more clearly understood, and the above and other objects, features, and advantages of the present invention will be more clearly understood.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a schematic structural diagram of a key processing system of a power distribution network smart device according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of another key processing system for power distribution network smart devices according to an embodiment of the present application
Fig. 3 is a schematic flowchart of a key processing method for a power distribution network smart device according to an embodiment of the present application.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings, which show exemplary embodiments of the invention, however, it should be understood that the exemplary embodiments described herein are merely illustrative of the invention and are not limiting thereof. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. In addition, it should be noted that, for convenience of description, only a part of structures related to the present invention, not all of the structures, are shown in the drawings.
In order to better understand the technical solution of the embodiment of the present invention, a key distribution process is briefly introduced below, and the specific process is as follows: the two parties involved in the key share the same key by encrypting a specified unique symmetric key by using a public key and transmitting the unique key and information encrypted by the key to the other party (such as EDI exchange); or by the updating mode of a certificate updating organization (CA), the trading partners can exchange public keys by using digital certificates, namely, the distribution and the updating of the keys of both parties are completed by a third party organization which is trusted by both parties.
The updating of the symmetric key lacks certain security, once the key is stolen by others, the economic huge loss of both parties of trade will be caused; the key is distributed through a trustworthy mechanism, a series of complicated operation processes such as true identity authentication, digital signature and the like are required to form the key, and the time efficiency and the renewability of the key are low. Therefore, for the information characteristics of the power distribution network, the existing key distribution mode needs to be improved to reduce the difficulty of updating the key and improve the updating efficiency of the key.
The following embodiments and alternatives thereof are described in detail with respect to a key processing system and method of a power distribution network smart device provided in the embodiments of the present invention.
Fig. 1 is a schematic structural diagram of a key processing system for a power distribution network smart device provided in an embodiment of the present invention, and a technical solution of this embodiment is applicable to a situation of key processing, and is particularly applicable to a situation of key processing for a power distribution network smart device. As shown in fig. 1, the key processing system of the power distribution network smart device provided in the embodiment of the present invention specifically includes: a distribution network key management device 110, at least one intelligent substation IED device 120 and a northbound device 130; wherein the content of the first and second substances,
the intelligent substation IED device 120 uses the current encryption public key to perform asymmetric encryption on the plaintext of the IED device identification information of itself, and sends the plaintext to the distribution network key management device 110 for device identification information entry.
The distribution network key management device 110 may refer to a key responsible for updating the intelligent substation IED devices. For example, it may be that the distribution network key management device 110 needs to send necessary encryption and decryption keys to the intelligent substation IED device 120 and the northbound device 130 respectively for encryption and decryption of data; or the distribution network key management device 110 randomly generates a new key through the SM4 encryption and decryption process, and sends the public key corresponding to the intelligent substation IED device 120 and the private key corresponding to the northbound device 130 to the two devices respectively.
Specifically, in this embodiment, the number of the intelligent substation IED device 120 and the north direction device 130 may be one or more.
The intelligent substation IED device 120 is a distribution network intelligent electronic device, and may refer to a state monitoring intelligent electronic device, for example, in a key processing system of the distribution network intelligent device, the state of the IED device may be monitored, if the encryption key sent by the distribution network key management device 110 is received.
The northbound device 130 asymmetrically decrypts the IED device identification information ciphertext of the intelligent substation IED device 120 by using the current decryption private key corresponding to the current encryption public key, and performs device identification information identification and confirmation.
Northbound device 130 may refer to a translator, including but not limited to an aggregator, a gateway, and the like. For example, the northbound device 130 may obtain id information of the intelligent substation IED device 120 through asymmetric decryption and analysis, and confirm the information; the northbound device 130 may further use a new decryption private key to asymmetrically decrypt the ciphertext of the IED device power information to obtain a plaintext of the IED device power information sent by the intelligent substation IED device 120.
After the device identifier is entered and confirmed, the distribution network key management device 110 randomly generates a new encrypted public key and a corresponding new decryption private key, and sends the new encrypted public key to the intelligent substation IED device 120 and sends the new decryption private key to the northbound device 130 through encryption and decryption of a symmetric encryption algorithm.
A public key refers to a public key that is typically used to encrypt session keys, verify digital signatures, or encrypt data that can be decrypted with a corresponding private key. The data encrypted by the private key can be decrypted only by the corresponding public key; meanwhile, if decryption with a private key is possible, it must be the encryption of the corresponding public key.
Private key refers to a key known only to itself. The data encrypted by the public key can be decrypted only by the corresponding private key; meanwhile, if decryption with a public key is possible, it must be the encryption of the corresponding private key.
The private key appears in pairs with the public key. For example, the distribution network key management device 110 sends the encrypted public key and the corresponding decrypted private key to the intelligent substation IED device 120 and the northbound device 130 for the entry, identification and confirmation of the IED device information.
In the present embodiment, the distribution network key management device 110 sends an encryption key and a decryption key to the intelligent substation IED device 120 and the northbound device 130, respectively, for data encryption and decryption; then, the intelligent substation 120 encrypts and decrypts the plaintext of the IED device identification information and sends the encrypted plaintext to the distribution network key management device 110, so as to realize the entry, identification and confirmation of the identification information; finally, the distribution network key management device 110 distributes the IED public key and the corresponding private key to be respectively sent to the intelligent substation IED device 120 and the northbound device 130 for encryption and decryption of the IED information through a symmetric encryption algorithm.
The embodiment of the invention provides a key processing scheme of intelligent equipment of a power distribution network, and by adopting the technical scheme of the embodiment of the invention, a special key management system of the power distribution network is built, so that the required key is convenient to update, and the reliability and the safety of data in the transmission process are ensured; the complex process involved in key distribution processing of the IED equipment and the northbound equipment is reduced, and the transmission efficiency of information between the IED equipment and the northbound equipment is improved.
Fig. 2 is a schematic structural diagram of another key processing system for power distribution network smart devices provided in the embodiment of the present invention, which is refined on the basis of the foregoing embodiment, and optionally, the system further includes: a communication head station 140. Wherein the content of the first and second substances,
the intelligent substation IED device 120 sends the IED device identification information ciphertext obtained by asymmetrically encrypting the IED device identification information plaintext to the intelligent substation IED device 120 through the communication master station 140.
The communication central station 140 may refer to a communication unit composed of a plurality of fixed communication stations and line maintenance units, and sub-units, and is a center for connecting, scheduling communication lines (circuits) and transmitting and exchanging information. The communication central station 140 may refer to a center for information exchange among the distribution network key management device 110, the intelligent substation IED device 120, and the northbound device 130. For example, the communication master station 140 is used in an information feedback process of the intelligent substation IED device 120 and the northbound device 130, and then transmits information received by the communication master station 140 to the distribution network key management device 110 for entry and matching, so that the three devices are interconnected in a network communication process.
Plaintext refers to words or strings of characters that are not encrypted, and may refer to text, bitmaps, digitized speech, digitized video images, or the like, for example. For example, the id information of the intelligent substation IED device itself is plaintext information when the id information is not processed by the encryption algorithm.
The distribution network key management device 110 sends the IED device identification information cipher text to the northbound device through the communication central station 140.
The ciphertext refers to that the plaintext acts through an encryption algorithm, and the acted characters are called as ciphertext; for the ciphertext, if the plaintext is desired to be obtained, the plaintext is required to be recovered by decrypting through a decryption algorithm corresponding to the encryption algorithm. For example, the intelligent substation IED device 120 encrypts through an asymmetric encryption algorithm, packages id information of itself, sends the id information to the distribution network key management device 110, and enters information, where the id information of the IED device is plaintext information, and the packaged information is ciphertext information; the northbound device 130 performs analysis through an asymmetric decryption algorithm to obtain id information of the IED device, and confirms the information, where the id information of the IED device obtained through the analysis is plaintext information.
The intelligent substation IED device 120 uses the current encryption public key to perform asymmetric encryption on the plaintext of the IED device identification information of itself, and sends the plaintext to the distribution network key management device 110 for device identification information entry.
The asymmetric encryption algorithm is a secret method of a key, which means that a key used for encryption is different from a key used for decryption, and a decrypted key cannot be derived from the encrypted key. Asymmetric encryption algorithms include, but are not limited to, RSA, Elgamal, knapsack algorithm, and SM2 algorithm. For example, the intelligent substation IED device encrypts its IED device identification information in clear using the SM2 algorithm, where the key used for encryption is different from the key used for later decryption.
The northbound device 130 asymmetrically decrypts the IED device identification information ciphertext by using the current decryption private key corresponding to the current encryption public key, and performs device identification information identification and confirmation.
After the device identifier is entered and confirmed, the distribution network key management device 110 randomly generates a new encrypted public key and a corresponding new decryption private key, and sends the new encrypted public key to the intelligent substation IED device 120 and sends the new decryption private key to the northbound device 130 through encryption and decryption of a symmetric encryption algorithm.
Symmetric encryption (also called private key encryption) refers to an encryption algorithm that uses the same key for encryption and decryption. Sometimes called traditional cryptographic algorithm, the encryption key can be deduced from the decryption key, and the decryption key can also be deduced from the encryption key. Symmetric encryption algorithms include, but are not limited to, the DES algorithm, the 3DES algorithm, the TDEA algorithm, and the SM4 algorithm. For example, the distribution network management device 110 allocates a corresponding IED public key and a corresponding northbound device private key to be sent to the intelligent substation IED device 120 and the northbound device 130, respectively, through the SM4 encryption and decryption algorithm.
In the embodiment of the present invention, firstly, a communication master station 140 with higher security needs to be established for the information feedback process of the intelligent substation IED device 120 and the northbound device 130, and then the information received by the communication master station 140 is transmitted to the distribution network key management device 110 for entry and matching, so as to implement the mutual connection of the three devices in the network communication; secondly, the distribution network key management device 110 needs to send necessary encryption and decryption keys to the intelligent substation IED device 120 and the northbound device 130 respectively for data encryption and decryption; then, the plaintext of the identification information of the intelligent substation IED device 120 is encrypted and decrypted and sent to the distribution network key management device 110, so that the identification information is input, identified and confirmed; then, a new encryption public key is sent to the intelligent substation IED device 120 and a new decryption private key is sent to the northbound device 130 through encryption and decryption of the symmetric encryption algorithm; finally, the IED information is encrypted by the encryption public key of the asymmetric encryption algorithm and sent to the northbound device 130; the new decryption private key of the northbound device 130 decrypts the ciphertext of the IED device power information and obtains the plaintext of the IED device power information.
According to the embodiment of the invention, by constructing special key management equipment for the power distribution network, the required key is convenient to update, and the reliability and the safety of data in the transmission process are ensured; the key distribution method and the key distribution system have the advantages that the complex process related to key distribution processing of the IED equipment and the northbound equipment of the intelligent substation is reduced, the transmission efficiency of information between the IED equipment and the northbound equipment is improved, and the technical effects of reducing the key updating difficulty and improving the key updating efficiency are achieved.
Fig. 3 is a schematic flowchart of a key processing method for a power distribution network smart device provided in an embodiment of the present invention, and the technical solution of this embodiment is applicable to a case of key processing, and is particularly applicable to a case of key processing for a power distribution network smart device, and the method can be executed by a key processing system for a power distribution network smart device provided in any embodiment of the present invention. As shown in fig. 3, the method for processing the key of the power distribution network smart device provided in the embodiment of the present invention specifically includes the following steps:
s310, the intelligent substation IED equipment sends an IED equipment identification information ciphertext obtained by asymmetrically encrypting an IED equipment identification information plaintext to the power distribution network key management equipment through a communication master station;
and S320, the power distribution network key management equipment sends the IED equipment identification information cipher text to northbound equipment through the communication master station.
S330, the intelligent substation IED device uses the current encryption public key to perform asymmetric encryption on the plaintext of the IED device identification information of the intelligent substation IED device, and sends the encrypted plaintext to the power distribution network key management device to perform device identification information entry.
S340, the northbound device uses the current decryption private key corresponding to the current encryption public key to asymmetrically decrypt the IED device identification information ciphertext, and the device identification information is identified and confirmed.
On the basis of the foregoing embodiment, optionally, the method further includes: the northbound device comprises an aggregator and a gateway.
And S350, after the equipment identification is input and confirmed, the power distribution network key management equipment randomly generates a new encryption public key and a corresponding new decryption private key, and sends the new encryption public key to the intelligent substation IED equipment and sends the new decryption private key to the northbound equipment through encryption and decryption of a symmetric encryption algorithm.
On the basis of the foregoing embodiment, optionally, the method further includes: the algorithm used for asymmetric encryption and decryption is the SM2 algorithm, and the algorithm used for symmetric encryption and decryption is the SM4 algorithm.
S360, the intelligent substation IED device uses the new encryption public key to perform asymmetric encryption on the plaintext of the IED device power information, and sends the obtained ciphertext of the IED device power information to the northbound device;
on the basis of the foregoing embodiment, optionally, the method further includes: and the northbound equipment uses a new decryption private key to asymmetrically decrypt the ciphertext of the IED equipment power information to obtain the plaintext of the IED equipment power information sent by the intelligent substation IED equipment.
The key processing method for the power distribution network intelligent device provided in the embodiment of the present invention may be applied to the key processing system for the power distribution network intelligent device provided in any embodiment of the present invention, and has corresponding functions and beneficial effects of the key processing system for the power distribution network intelligent device.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (10)

1. A key processing system of a power distribution network intelligent device is characterized by comprising: the intelligent substation key management system comprises a power distribution network key management device, at least one intelligent substation IED device and a north orientation device; wherein the content of the first and second substances,
the intelligent substation IED equipment is configured to use a current encryption public key to carry out asymmetric encryption on the plaintext of IED equipment identification information of the intelligent substation IED equipment, and send the encrypted information to the power distribution network key management equipment to carry out equipment identification information input;
the northbound device is configured to asymmetrically decrypt the IED device identification information ciphertext by using a current decryption private key corresponding to the current encryption public key, and identify and confirm the device identification information;
the power distribution network key management equipment is further configured to randomly generate a new encryption public key and a corresponding new decryption private key after the equipment identifier is recorded and confirmed, and send the new encryption public key to the intelligent substation IED equipment and the new decryption private key to the northbound equipment through encryption and decryption of a symmetric encryption algorithm.
2. The system of claim 1, wherein the northbound device comprises an aggregator and a gateway.
3. The system of claim 1, further comprising a communication head station;
the intelligent substation IED equipment is configured to send an IED equipment identification information ciphertext obtained by asymmetrically encrypting an IED equipment identification information plaintext to the power distribution network key management equipment through the communication master station;
and the power distribution network key management equipment is configured to send the IED equipment identification information cipher text to the northbound equipment through the communication master station.
4. The system according to claim 1, wherein the intelligent substation IED device is configured to asymmetrically encrypt plaintext of IED device power information using a new encryption public key, and send the obtained ciphertext of the IED device power information to the northbound device;
and the northbound device is configured to asymmetrically decrypt the ciphertext of the IED device power information by using a new decryption private key to obtain the plaintext of the IED device power information sent by the intelligent substation IED device.
5. The system of claim 1, wherein the asymmetric encryption and decryption algorithm is the SM2 algorithm, and the symmetric encryption and decryption algorithm is the SM4 algorithm.
6. A key processing method for intelligent equipment of a power distribution network is characterized by comprising the following steps:
the intelligent substation IED equipment uses the current encryption public key to perform asymmetric encryption on the plaintext of the IED equipment identification information of the intelligent substation IED equipment, and sends the encrypted plaintext to the power distribution network key management equipment to perform equipment identification information input;
the northbound device uses a current decryption private key corresponding to the current encryption public key to asymmetrically decrypt the IED device identification information ciphertext, and identifies and confirms the device identification information;
after the device identification is recorded and confirmed, the power distribution network key management device randomly generates a new encryption public key and a corresponding new decryption private key, and sends the new encryption public key to the intelligent substation IED device and the new decryption private key to the northbound device through encryption and decryption of a symmetric encryption algorithm.
7. The method of claim 6, wherein the northbound device comprises an aggregator and a gateway.
8. The method of claim 6, further comprising:
the intelligent substation IED equipment sends an IED equipment identification information ciphertext obtained by asymmetrically encrypting an IED equipment identification information plaintext to the power distribution network key management equipment through the communication master station;
and the power distribution network key management equipment sends the IED equipment identification information cipher text to the northbound equipment through the communication master station.
9. The method of claim 6, comprising:
the intelligent substation IED device uses the new encryption public key to perform asymmetric encryption on the plaintext of the IED device power information and sends the obtained ciphertext of the IED device power information to the northbound device;
and the northbound equipment uses a new decryption private key to asymmetrically decrypt the ciphertext of the IED equipment power information to obtain the plaintext of the IED equipment power information sent by the intelligent substation IED equipment.
10. The method of claim 6, wherein the asymmetric encryption and decryption algorithm is the SM2 algorithm, and the symmetric encryption and decryption algorithm is the SM4 algorithm.
CN202110868917.3A 2021-07-30 2021-07-30 Key processing system and method for intelligent equipment of power distribution network Active CN113556355B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110868917.3A CN113556355B (en) 2021-07-30 2021-07-30 Key processing system and method for intelligent equipment of power distribution network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110868917.3A CN113556355B (en) 2021-07-30 2021-07-30 Key processing system and method for intelligent equipment of power distribution network

Publications (2)

Publication Number Publication Date
CN113556355A true CN113556355A (en) 2021-10-26
CN113556355B CN113556355B (en) 2023-04-28

Family

ID=78104939

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110868917.3A Active CN113556355B (en) 2021-07-30 2021-07-30 Key processing system and method for intelligent equipment of power distribution network

Country Status (1)

Country Link
CN (1) CN113556355B (en)

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050033957A1 (en) * 2003-06-25 2005-02-10 Tomoaki Enokida Digital certificate management system, digital certificate management apparatus, digital certificate management method, update procedure determination method and program
CN101005359A (en) * 2006-01-18 2007-07-25 华为技术有限公司 Method and device for realizing safety communication between terminal devices
CN101068143A (en) * 2007-02-12 2007-11-07 中兴通讯股份有限公司 Network equipment identification method
WO2009143766A1 (en) * 2008-05-26 2009-12-03 西安西电捷通无线网络通信有限公司 Method, system for distributing key and method, system for online updating public key
CN101807818A (en) * 2010-02-25 2010-08-18 华北电力大学 Device access authentication method of distribution network automated communication system based on ID
CN103079198A (en) * 2011-10-26 2013-05-01 中兴通讯股份有限公司 Key updating method and system for sensor node
CN103354498A (en) * 2013-05-31 2013-10-16 北京鹏宇成软件技术有限公司 Identity-based file encryption transmission method
CN103491531A (en) * 2013-08-23 2014-01-01 中国科学技术大学 Method for using quantum keys to improve safety of electric power information transmission in power system WiMAX wireless communication network
CN105187376A (en) * 2015-06-16 2015-12-23 西安电子科技大学 Safe communication method of internal automobile network in Telematics
CN105245326A (en) * 2015-09-10 2016-01-13 电子科技大学 Intelligent power grid safety communication method based on combination cipher
CN108574524A (en) * 2017-03-10 2018-09-25 林星山 A kind of distribution hotel monitoring system
CN108667479A (en) * 2017-03-31 2018-10-16 成都南太芯微科技有限公司 The remote secure transmission system of power equipment big data based on Internet of Things
CN110300108A (en) * 2019-06-26 2019-10-01 国网山东省电力公司临朐县供电公司 A kind of power distribution automation message encryption transmission method, system, terminal and storage medium
CN111147247A (en) * 2020-03-09 2020-05-12 广东电网有限责任公司电力调度控制中心 Key updating method, key updating device, computer equipment and storage medium
CN111404664A (en) * 2020-02-28 2020-07-10 南京如般量子科技有限公司 Quantum secret communication identity authentication system and method based on secret sharing and multiple mobile devices
CN111711686A (en) * 2020-06-15 2020-09-25 江苏方天电力技术有限公司 Safety protection method based on power distribution terminal

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050033957A1 (en) * 2003-06-25 2005-02-10 Tomoaki Enokida Digital certificate management system, digital certificate management apparatus, digital certificate management method, update procedure determination method and program
CN101005359A (en) * 2006-01-18 2007-07-25 华为技术有限公司 Method and device for realizing safety communication between terminal devices
CN101068143A (en) * 2007-02-12 2007-11-07 中兴通讯股份有限公司 Network equipment identification method
WO2009143766A1 (en) * 2008-05-26 2009-12-03 西安西电捷通无线网络通信有限公司 Method, system for distributing key and method, system for online updating public key
CN101807818A (en) * 2010-02-25 2010-08-18 华北电力大学 Device access authentication method of distribution network automated communication system based on ID
CN103079198A (en) * 2011-10-26 2013-05-01 中兴通讯股份有限公司 Key updating method and system for sensor node
CN103354498A (en) * 2013-05-31 2013-10-16 北京鹏宇成软件技术有限公司 Identity-based file encryption transmission method
CN103491531A (en) * 2013-08-23 2014-01-01 中国科学技术大学 Method for using quantum keys to improve safety of electric power information transmission in power system WiMAX wireless communication network
CN105187376A (en) * 2015-06-16 2015-12-23 西安电子科技大学 Safe communication method of internal automobile network in Telematics
CN105245326A (en) * 2015-09-10 2016-01-13 电子科技大学 Intelligent power grid safety communication method based on combination cipher
CN108574524A (en) * 2017-03-10 2018-09-25 林星山 A kind of distribution hotel monitoring system
CN108667479A (en) * 2017-03-31 2018-10-16 成都南太芯微科技有限公司 The remote secure transmission system of power equipment big data based on Internet of Things
CN110300108A (en) * 2019-06-26 2019-10-01 国网山东省电力公司临朐县供电公司 A kind of power distribution automation message encryption transmission method, system, terminal and storage medium
CN111404664A (en) * 2020-02-28 2020-07-10 南京如般量子科技有限公司 Quantum secret communication identity authentication system and method based on secret sharing and multiple mobile devices
CN111147247A (en) * 2020-03-09 2020-05-12 广东电网有限责任公司电力调度控制中心 Key updating method, key updating device, computer equipment and storage medium
CN111711686A (en) * 2020-06-15 2020-09-25 江苏方天电力技术有限公司 Safety protection method based on power distribution terminal

Also Published As

Publication number Publication date
CN113556355B (en) 2023-04-28

Similar Documents

Publication Publication Date Title
KR20190073472A (en) Method, apparatus and system for transmitting data
CN108282329B (en) Bidirectional identity authentication method and device
CN108964897B (en) Identity authentication system and method based on group communication
CN101090316A (en) Identify authorization method between storage card and terminal equipment at off-line state
KR20150079489A (en) Instant messaging method and system
US20220021526A1 (en) Certificateless public key encryption using pairings
CN108683501B (en) Multiple identity authentication system and method with timestamp as random number based on quantum communication network
CN104901803A (en) Data interaction safety protection method based on CPK identity authentication technology
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN103117851A (en) Encryption control method and device capable of achieving tamper-proofing and repudiation-proofing by means of public key infrastructure (PKI)
CN106453246A (en) Equipment identity information distribution method, device and system
CN108650028B (en) Multiple identity authentication system and method based on quantum communication network and true random number
CN104753682A (en) Generating system and method of session keys
TWI422241B (en) Spectrum authorization and related communications methods and apparatus
CN111314065A (en) Data encryption transmission method, server and system based on virtual private network
CN108964895B (en) User-to-User identity authentication system and method based on group key pool and improved Kerberos
CN108173641B (en) Zigbee safety communication method based on RSA
CN110138544A (en) A kind of encrypting and decrypting system and method for internet of things equipment
CN114679262A (en) Quantum key distribution system and method fusing asymmetric system
CN105262586B (en) The method for distributing key and device of automobile burglar equipment
CN112055071B (en) Industrial control safety communication system and method based on 5G
CN113556355B (en) Key processing system and method for intelligent equipment of power distribution network
US20220038267A1 (en) Methods and devices for secured identity-based encryption systems with two trusted centers
CN101296077A (en) Identity authentication system based on bus type topological structure
JP4924943B2 (en) Authenticated key exchange system, authenticated key exchange method and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant