CN114257385A - Secure communication method and device, electronic equipment and storage medium - Google Patents

Secure communication method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114257385A
CN114257385A CN202010948250.3A CN202010948250A CN114257385A CN 114257385 A CN114257385 A CN 114257385A CN 202010948250 A CN202010948250 A CN 202010948250A CN 114257385 A CN114257385 A CN 114257385A
Authority
CN
China
Prior art keywords
quantity data
electric quantity
server
ciphertext
message authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010948250.3A
Other languages
Chinese (zh)
Inventor
张�杰
黄鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CERNET Corp
Xian Jiaotong Liverpool University
Original Assignee
CERNET Corp
Xian Jiaotong Liverpool University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CERNET Corp, Xian Jiaotong Liverpool University filed Critical CERNET Corp
Priority to CN202010948250.3A priority Critical patent/CN114257385A/en
Publication of CN114257385A publication Critical patent/CN114257385A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Arrangements For Transmission Of Measured Signals (AREA)

Abstract

The embodiment of the application discloses a secure communication method, a device, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring current electric quantity data, an identification code of the intelligent electric meter and a first timestamp; respectively carrying out first encryption processing and second encryption processing on the electric quantity data, the identification code of the intelligent ammeter and the first timestamp to respectively obtain a first ciphertext and a first message authentication code; uploading the first ciphertext and the first message authentication code to a server, so that the server obtains the electric quantity data by decrypting the first ciphertext and authenticates the obtained electric quantity data through the first message authentication code; receiving feedback information sent by the server, and judging whether the server successfully stores the electric quantity data or not based on the feedback information; and if not, returning to execute the operation of uploading the first ciphertext and the first message authentication code to the server. The embodiment of the application realizes the purpose of communication safety between the intelligent ammeter and the server in the distributed energy system.

Description

Secure communication method and device, electronic equipment and storage medium
Technical Field
The embodiment of the application relates to the technical field of information security, in particular to a secure communication method, a secure communication device, electronic equipment and a storage medium.
Background
The distributed energy system refers to an energy comprehensive utilization system distributed at a user side. Compared with the traditional centralized energy supply system, the distributed energy system is directly oriented to users, locally produces and supplies energy according to the requirements of the users, and reduces the loss of a transmission link to the minimum, thereby realizing the maximization of energy utilization efficiency. In recent years, the development and landing of distributed energy systems have been promoted by the introduction of decentralized technologies such as block chains, and many distributed energy systems based on block chains and distributed energy trading systems based on block chains have come into play.
In a distributed energy system, the collection and transmission of electric quantity data are the most basic ring, and data analysis and energy transaction can be carried out only by timely and safely reporting the electric quantity data collected by the intelligent electric meter to a server. On the other hand, since the smart meter belongs to a device with relatively weak computing and storage capabilities, it is impossible to perform secure communication using the currently most popular Security Transport Layer (TLS) protocol. Therefore, how to ensure the safe transmission of data between the smart meter and the server becomes an important issue in the distributed energy system.
Disclosure of Invention
The embodiment of the application provides a secure communication method and device for a distributed energy system, a smart meter, a server and a storage medium, so as to achieve the purpose of secure communication between the smart meter and the server in the distributed energy system.
In a first aspect, an embodiment of the present application provides a secure communication method, which is applied to a smart meter in a distributed energy system, where the method includes:
acquiring current electric quantity data, an identification code of the intelligent electric meter and a first time stamp, wherein the first time stamp is the current system time of the intelligent electric meter;
respectively performing first encryption processing and second encryption processing on the electric quantity data, the identification code of the intelligent ammeter and the first timestamp to respectively obtain a first ciphertext and a first message authentication code;
uploading the first ciphertext and the first message authentication code to a server, so that the server obtains electric quantity data by decrypting the first ciphertext and authenticates the obtained electric quantity data through the first message authentication code;
receiving feedback information sent by a server, and judging whether the server successfully stores the electric quantity data or not based on the feedback information;
and if not, returning to execute the operation of uploading the first ciphertext and the first message authentication code to the server.
In a second aspect, an embodiment of the present application provides a secure communication method, which is applied to a server in a distributed energy system, and the method includes:
receiving a first ciphertext and a first message authentication code uploaded by the intelligent electric meter, wherein the first ciphertext and the first message authentication code are obtained by respectively performing first encryption processing and second encryption processing on the acquired current electric quantity data, the identification code of the intelligent electric meter and the first timestamp by the intelligent electric meter;
decrypting the first ciphertext to obtain electric quantity data, and authenticating the electric quantity data through a first message authentication code;
and generating feedback information according to the authentication result, and issuing the feedback information to the intelligent electric meter.
In a third aspect, an embodiment of the present application further provides a secure communication apparatus, configured in a distributed energy system, for a smart meter, where the apparatus includes:
the system comprises an acquisition module, a processing module and a display module, wherein the acquisition module is used for acquiring current electric quantity data, an identification code of the intelligent electric meter and a first timestamp, and the first timestamp is the current system time of the intelligent electric meter;
the first encryption calculation module is used for respectively carrying out first encryption processing and second encryption processing on the electric quantity data, the identification code of the intelligent ammeter and the first timestamp to respectively obtain a first ciphertext and a first message authentication code;
the first sending module is used for uploading the first ciphertext and the first message authentication code to a server, so that the server obtains electric quantity data by decrypting the first ciphertext and authenticates the obtained electric quantity data through the first message authentication code;
the first receiving module is used for receiving feedback information sent by the server and judging whether the server successfully stores the electric quantity data or not based on the feedback information;
and the return module is used for returning and executing the operation of uploading the first ciphertext and the first message authentication code to the server when the judgment result is negative.
In a fourth aspect, an embodiment of the present application further provides a secure communication apparatus configured in a server in a distributed energy system, where the apparatus includes:
the second receiving module is used for receiving a first ciphertext and a first message authentication code uploaded by the intelligent electric meter, wherein the first ciphertext and the first message authentication code are obtained by respectively performing first encryption processing and second encryption processing on the acquired current electric quantity data, the identification code of the intelligent electric meter and the first timestamp by the intelligent electric meter;
the decryption authentication module is used for decrypting the first ciphertext to obtain electric quantity data and authenticating the electric quantity data through a first message authentication code;
and the feedback information generating and issuing module is used for generating feedback information according to the authentication result and issuing the feedback information to the intelligent ammeter.
In a fifth aspect, an embodiment of the present application further provides an electronic device, including:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement a secure communication method as in any embodiment of the present application.
In a sixth aspect, the present application further provides a storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the secure communication method according to any embodiment of the present application.
In the embodiment of the application, the collected current electric quantity data is encrypted, so that the electric quantity data collected by the intelligent electric meter can be safely reported to the server, meanwhile, whether the server successfully receives the electric quantity data or not is verified according to feedback information issued by the server, the electric quantity data is retransmitted when the server fails to receive the electric quantity data, and the safe communication between the intelligent electric meter and the server in the distributed energy system is guaranteed.
Drawings
FIG. 1 is a schematic flow chart of a secure communication method according to a first embodiment of the present application;
FIG. 2 is a schematic flow chart diagram of a secure communication method according to a second embodiment of the present application;
fig. 3 is a schematic structural diagram of a secure communications device according to a third embodiment of the present application;
fig. 4 is a schematic structural diagram of a secure communication device according to a fourth embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device implementing a secure communication method according to the present application.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting of the application. It should be further noted that, for the convenience of description, only some of the structures related to the present application are shown in the drawings, not all of the structures.
Fig. 1 is a flowchart illustrating a secure communication method according to a first embodiment of the present application, where the secure communication method is applicable to a situation where a smart meter sends power data to a server in a distributed energy system, and the method may be performed by a secure communication device, which may be implemented in software and/or hardware, and may be integrated on an electronic device, for example, the smart meter in the distributed energy system.
In this embodiment, in order to ensure that the smart meter and the server in the distributed energy system can communicate safely, first, a communication connection is established between the smart meter and the server through a network interface, and for example, the smart meter may establish a User Datagram Protocol (UDP) connection with the server through a preset communication module, where the preset communication module may be a 4G communication module, and may also be another communication module, which is not limited specifically herein. After the connection between the intelligent electric meter and the server is established, the intelligent electric meter is registered in the server to communicate, wherein the process of registering the electric meter in the server is as follows: the intelligent electric meter sends a registration request to the server, and obtains and stores the intelligent electric meter associated parameters according to the registration result, for example, after the electric meter registration is successful, the intelligent electric meter stores the corresponding associated parameters, wherein the intelligent electric meter associated parameters at least comprise a preset key, an identification code of the intelligent electric meter and a period for uploading electric quantity data, the preset key is used for encrypting and decrypting in the communication process of the intelligent electric meter and the server, and the period for uploading the electric quantity data refers to a time interval for the intelligent electric meter to send the electric quantity data to the server.
In another optional registration manner, when registering the smart meter with the server, the smart meter may be connected to a computer device through a Universal Serial Bus (USB), and perform a registration task through a user operation interface, and the computer device may be connected to the server through a Transport Layer Security (TLS), so as to ensure confidentiality and consistency of the registration information transmitted during the registration phase. On the basis, as shown in fig. 1, the secure communication method specifically includes the following steps:
s101, acquiring current electric quantity data, an identification code of the intelligent electric meter and a first timestamp.
The first timestamp is the current system time of the intelligent electric meter, and the identification code of the intelligent electric meter is a number capable of uniquely identifying the intelligent electric meter, is determined when the intelligent electric meter initiates registration to the server, and is stored in the intelligent electric meter. Because the intelligent electric meter can measure the effective values of the electric quantity, the current, the voltage and the like in real time through the internal detection components, when the current electric quantity data is acquired, the current electric quantity data can be read from the detection components through a preset protocol (such as an RS485 data protocol).
S102, respectively carrying out first encryption processing and second encryption processing on the electric quantity data, the identification code of the intelligent electric meter and the first timestamp to respectively obtain a first ciphertext and a first message authentication code.
In the embodiment of the application, in order to guarantee the safety of data communication, the electric quantity data to be transmitted needs to be encrypted, and optionally, the current electric quantity data, the identification code of the intelligent electric meter and the first timestamp are subjected to first encryption to obtain a first ciphertext. Illustratively, based on the preset key, a first Encryption processing is performed on the electricity quantity data, the identification code of the smart meter and the first timestamp by using a first Encryption algorithm (e.g., an Advanced Encryption Standard (AES) Encryption algorithm), so as to obtain a first ciphertext. During specific implementation, the encryption function provided by the AES encryption algorithm can be used for operating the preset key, the electric quantity data, the identification code of the intelligent electric meter and the first timestamp, and the first ciphertext is obtained according to the output of the encryption function.
Further, in order to avoid tampering of the encrypted electric quantity data in the transmission process, second encryption processing can be performed on the electric quantity data, the identification code of the smart meter and the first timestamp to obtain a first message authentication code, so that a subsequent server can confirm whether the electric quantity data is tampered in the transmission process based on the first message authentication code. In an optional implementation manner, based on a preset key, performing second encryption processing on the electric quantity data, the identification code of the smart meter, and the first timestamp by using a second encryption Algorithm to obtain a first message authentication code, where the second encryption Algorithm may be a Secure Hash Algorithm (SHA).
S103, uploading the first ciphertext and the first message authentication code to a server, so that the server obtains the electric quantity data by decrypting the first ciphertext and authenticates the obtained electric quantity data through the first message authentication code.
Optionally, the smart electric meter may upload the first ciphertext and the first message authentication code to the server based on a User Datagram Protocol (UDP), so that the server decrypts the first ciphertext through the preset key to obtain the electric quantity data, and authenticates the obtained electric quantity data through the first message authentication code, where the authentication is performed to determine whether the electric quantity data in the first ciphertext is tampered in the transmission process. The process of authenticating the acquired electric quantity data through the first message authentication code comprises the following steps: and based on a preset key, encrypting the electric quantity data obtained after decryption, the identification code of the intelligent electric meter and the first timestamp by using a second encryption algorithm to obtain a new second message authentication code, comparing the new second message authentication code with the original second message authentication code uploaded by the intelligent electric meter, and if the new second message authentication code is the same as the original second message authentication code, indicating that the electric quantity data is not tampered in the transmission process, and after the authentication is passed, storing the electric quantity data by the server.
And S104, receiving feedback information issued by the server, and judging whether the server successfully stores the electric quantity data or not based on the feedback information.
The feedback information at least comprises information used for representing whether the server passes the authentication of the received electric quantity data or not, and the information is stored in the server. In order to avoid the feedback information being tampered in the transmission process, the feedback information sent by the server is encrypted information, and specifically, the feedback information includes a second ciphertext and a second message authentication code generated by the server after encryption processing; accordingly, determining whether the server has successfully stored the power amount data based on the feedback information includes S1-S2:
s1, decrypting the second ciphertext by using a preset secret key to obtain an electric quantity data storage result identifier and a second timestamp.
The electric quantity data storage result identification comprises numbers '0' and '1', wherein '0' represents that the first message authentication code fails to be verified, the electric quantity data is not stored, and the intelligent electric meter is requested to retransmit the data; "1" indicates that the first message authentication code passes verification and the electric quantity data is successfully stored; the second timestamp refers to the system time of the server when the server encrypts the electric quantity data storage result identifier.
And S2, judging whether the electric quantity data storage result identification and the second timestamp meet preset conditions, if so, authenticating the electric quantity data storage result identification through a second message authentication code, and determining whether the server successfully stores the electric quantity data according to an authentication result.
Wherein, judge whether electric quantity data storage result sign and second timestamp satisfy preset condition, include: and judging whether the difference value of the second time stamp and the first time stamp is within a preset interval [0, t ], wherein the value of t can be preset according to the actual situation, and judging whether the electric quantity data storage result identifier is '0', and if the two judgment results are 'yes', authenticating the electric quantity data storage result identifier through a second message authentication code so as to judge whether the electric quantity data storage result identifier is tampered. The specific authentication process comprises the following steps: and based on a preset key, encrypting the electric quantity data storage result identifier and the second timestamp by using a second encryption algorithm to obtain a new second message authentication code, comparing the new second message authentication code with the original second message authentication code, and if the new second message authentication code is equal to the original second message authentication code, passing the verification, thereby knowing that the server does not successfully store the electric quantity data and needing to execute the step S105.
It should be noted that, if it is determined whether the difference between the second time stamp and the first time stamp is within the preset interval [0, t ], it is determined whether the electric quantity data storage result identifier is "1", and after the authentication is passed, it indicates that the server has successfully stored the electric quantity data, and at this time, after waiting for a time interval of one cycle, the smart meter continues to execute the steps of S101 to S104.
And S105, if not, returning to execute the operation of uploading the first ciphertext and the first message authentication code to the server.
In the embodiment of the application, the collected current electric quantity data is encrypted, so that the electric quantity data collected by the intelligent electric meter can be safely reported to the server, meanwhile, whether the server successfully receives the electric quantity data or not is verified according to feedback information issued by the server, the electric quantity data is retransmitted when the server fails to receive the electric quantity data, and the safe communication between the intelligent electric meter and the server in the distributed energy system is guaranteed.
Fig. 2 is a flowchart illustrating a secure communication method according to a second embodiment of the present application, where the secure communication method is applicable to a situation where a smart meter sends power data to a server in a distributed energy system, and the method may be performed by a secure communication device, which may be implemented in software and/or hardware, and may be integrated on an electronic device, for example, on the server in the distributed energy system.
In the embodiment of the application, the server needs to register the smart meter on the server to realize communication with the smart meter, and specifically, the server generates the associated parameter of the smart meter in response to a registration request sent by the smart meter, wherein the associated parameter of the smart meter at least comprises a preset key, an identification code of the smart meter and a period for uploading electric quantity data. In an optional implementation manner, the server may generate a unique identification code for the electricity meter through a preset encoding rule or a random number generator, generate a random number as a key through the random number generator, and determine a period according to specific application requirements; the server records the identification code, the key and the period into a database.
On the basis of the above, referring to fig. 2, the method includes:
s201, receiving a first ciphertext and a first message authentication code uploaded by the intelligent electric meter.
The intelligent electric meter obtains the current electric quantity data, the identification code of the intelligent electric meter and the first time stamp through the first encryption processing and the second encryption processing. Specifically, refer to the description of the above embodiments, which are not repeated herein.
S202, decrypting the first ciphertext to obtain electric quantity data, and authenticating the electric quantity data through a first message authentication code.
Optionally, the first ciphertext is decrypted by using a preset key to obtain the electric quantity data, the first timestamp and the identification code of the smart meter, in order to determine whether the electric quantity data in the first ciphertext is tampered in the data transmission process, it is first determined whether the identification code of the smart meter exists in the server, and if so, it is further determined whether a difference value between the current system time of the server and the first timestamp is within a preset time interval [0, p ], where p is a value preset according to an actual situation, and if so, the electric quantity data is authenticated by using the first message authentication code. Optionally, based on a preset key, encrypting the electric quantity data, the first timestamp and the identification code of the smart meter by using an SHA encryption algorithm to obtain a new first authentication code, comparing the new first message authentication code with the original first message authentication code, if the new first message authentication code is the same as the original first message authentication code, the authentication is passed, the electric quantity data is not modified, and at this time, the electric quantity data can be stored in the server; on the contrary, if the difference indicates that the electric quantity data is tampered, the authentication fails, and the server cannot store the electric quantity data received this time.
And S203, generating feedback information according to the authentication result, and issuing the feedback information to the intelligent electric meter.
Optionally, generating feedback information based on the authentication result includes: generating an electric quantity data storage result identifier according to the authentication result; the electric quantity data storage result identifier is used for indicating whether the electric quantity data passes the authentication and is stored in the server, for example, the electric quantity data storage result identifier comprises numbers '0' and '1', the '0' indicates that the first message authentication code fails to be verified, the electric quantity data is not stored, and the smart meter is requested to retransmit the data; "1" indicates that the first message authentication code passes verification and the electric quantity data is successfully stored; performing third encryption processing and fourth encryption processing on the electric quantity data storage result identifier and the second timestamp based on a preset key to obtain feedback information comprising a second ciphertext and a second message authentication code; wherein the second time stamp is a system time at the time of the server encryption processing.
And sending the feedback information to the intelligent ammeter so as to inform the ammeter to upload the electric quantity data again after the electric quantity data is tampered.
In the embodiment of the application, the server can verify whether the received electric quantity data come from the intelligent electric meter corresponding to the identity number, whether the electric quantity data are lost or tampered in the transmission process, and the intelligent electric meter is required to retransmit the data when the data are failed to be received, so that the communication safety between the intelligent electric meter and the server of the distributed energy system is guaranteed.
Fig. 3 is a schematic structural diagram of a secure communication apparatus for transmitting power data to a server by a smart meter in a distributed energy system according to a third embodiment of the present application, where the apparatus is configured on the smart meter in the distributed energy system, and referring to fig. 3, the apparatus includes:
the acquisition module 301 is configured to acquire current electric quantity data, an identification code of the smart meter, and a first timestamp, where the first timestamp is a current system time of the smart meter;
the first encryption calculation module 302 is configured to perform first encryption processing and second encryption processing on the electric quantity data, the identification code of the smart meter, and the first timestamp respectively to obtain a first ciphertext and a first message authentication code respectively;
a first sending module 303, configured to upload the first ciphertext and the first message authentication code to a server, so that the server obtains the electric quantity data by decrypting the first ciphertext, and authenticates the obtained electric quantity data by using the first message authentication code;
the first receiving module 304 is configured to receive feedback information sent by a server, and determine whether the server has successfully stored the electric quantity data based on the feedback information;
and a returning module 305, configured to, if the determination result is negative, return to perform an operation of uploading the first ciphertext and the first message authentication code to the server.
On the basis of the foregoing embodiment, optionally, the apparatus further includes:
the first registration module is used for sending a registration request to the server before acquiring the electric quantity data, and acquiring and storing the correlation parameters of the intelligent electric meter according to a registration result; the intelligent electric meter association parameters at least comprise a preset secret key, an identification code of the intelligent electric meter and a period of uploading electric quantity data;
correspondingly, the first encryption calculation module is specifically configured to:
and respectively carrying out first encryption processing and second encryption processing on the electric quantity data, the identification code of the intelligent electric meter and the first timestamp by utilizing a first encryption algorithm and a second encryption algorithm based on the preset secret key.
On the basis of the foregoing embodiment, optionally, the feedback information includes a second ciphertext and a second message authentication code that are generated by the server through encryption processing;
correspondingly, the base first receiving module is further configured to:
decrypting the second ciphertext by using the preset key to obtain an electric quantity data storage result identifier and a second timestamp;
and judging whether the electric quantity data storage result identification and the second timestamp meet preset conditions, if so, authenticating the electric quantity data storage result identification through the second message authentication code, and determining whether the server successfully stores the electric quantity data according to an authentication result.
On the basis of the above embodiment, optionally, the smart meter establishes a communication connection with the server through a network interface.
The secure communication device provided by the embodiment of the application can execute the secure communication method provided by any embodiment of the application, and has corresponding functional modules and beneficial effects of the execution method.
Fig. 4 is a schematic structural diagram of a secure communication apparatus according to a fourth embodiment of the present application, where the apparatus is used for transmitting power data to a server by a smart meter in a distributed energy system, and the apparatus is configured on the server in the distributed energy system, and referring to fig. 4, the apparatus includes:
the second receiving module 401 is configured to receive a first ciphertext and a first message authentication code uploaded by the smart meter, where the first ciphertext and the first message authentication code are obtained by the smart meter performing first encryption processing and second encryption processing on the acquired current electric quantity data, the identification code of the smart meter, and the first timestamp, respectively;
a decryption authentication module 402, configured to decrypt the first ciphertext to obtain electric quantity data, and authenticate the electric quantity data through a first message authentication code;
and the feedback information generating and issuing module 403 is configured to generate feedback information according to the authentication result, and issue the feedback information to the smart meter.
On the basis of the above embodiment, optionally, the feedback information generating and issuing module includes:
the identification generation unit is used for generating an electric quantity data storage result identification according to the authentication result; the electric quantity data storage result identification is used for indicating whether the electric quantity data passes the authentication and is stored in the server;
the encryption unit is used for performing third encryption processing and fourth encryption processing on the electric quantity data storage result identifier and the second timestamp to obtain feedback information comprising a second ciphertext and a second message authentication code; where the second timestamp is the server's current system time.
On the basis of the foregoing embodiment, optionally, the apparatus further includes:
the second registration module is used for responding to a registration request sent by the intelligent electric meter and generating intelligent electric meter association parameters; the correlation parameters of the intelligent electric meter at least comprise a preset secret key, an identification code of the intelligent electric meter and a period of uploading electric quantity data.
The secure communication device provided by the embodiment of the application can execute the secure communication method provided by any embodiment of the application, and has corresponding functional modules and beneficial effects of the execution method.
Fig. 5 is a schematic structural diagram of an electronic device provided in an embodiment of the present application. As shown in fig. 5, the electronic device (e.g., a smart meter) provided in the embodiment of the present application includes: one or more processors 502 and memory 501; the processor 502 in the electronic device may be one or more, and one processor 502 is taken as an example in fig. 5; the memory 501 is used to store one or more programs; the one or more programs are executed by the one or more processors 502, such that the one or more processors 502 implement the secure communication method as described in any of the embodiments of the present application.
The electronic device may further include: an input device 503 and an output device 504.
The processor 502, the memory 501, the input device 503 and the output device 504 in the electronic apparatus may be connected by a bus or other means, and fig. 5 illustrates the connection by the bus as an example.
The storage device 501 in the electronic device is used as a computer-readable storage medium for storing one or more programs, which may be software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the application control method provided in the embodiments of the present application. The processor 502 executes various functional applications and data processing of the electronic device by executing software programs, instructions and modules stored in the storage device 501, namely, implements the secure communication method in the above method embodiment.
The storage device 501 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the electronic device, and the like. Further, the memory 501 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, memory 501 may further include memory located remotely from processor 602, which may be connected to devices through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 503 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the electronic apparatus. The output device 504 may include a display device such as a display screen.
And when the one or more programs included in the electronic device are executed by the one or more processors 602, the programs perform the following operations:
acquiring current electric quantity data, an identification code of the intelligent electric meter and a first time stamp, wherein the first time stamp is the current system time of the intelligent electric meter;
respectively performing first encryption processing and second encryption processing on the electric quantity data, the identification code of the intelligent ammeter and the first timestamp to respectively obtain a first ciphertext and a first message authentication code;
uploading the first ciphertext and the first message authentication code to a server, so that the server obtains electric quantity data by decrypting the first ciphertext and authenticates the obtained electric quantity data through the first message authentication code;
receiving feedback information sent by a server, and judging whether the server successfully stores the electric quantity data or not based on the feedback information;
and if not, returning to execute the operation of uploading the first ciphertext and the first message authentication code to the server.
The present embodiment also provides an electronic device, that is, a server in a distributed energy system, which has a structure similar to the above structure and is configured to perform the following operations:
receiving a first ciphertext and a first message authentication code uploaded by the intelligent electric meter, wherein the first ciphertext and the first message authentication code are obtained by respectively performing first encryption processing and second encryption processing on the acquired current electric quantity data, the identification code of the intelligent electric meter and the first timestamp by the intelligent electric meter;
decrypting the first ciphertext to obtain electric quantity data, and authenticating the electric quantity data through a first message authentication code;
and generating feedback information according to the authentication result, and issuing the feedback information to the intelligent electric meter.
Of course, it can be understood by those skilled in the art that when one or more programs included in the electronic device are executed by the one or more processors 502, the programs may also perform related operations in the application control method provided in any embodiment of the present application.
One embodiment of the present application provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, is operable to perform a method of secure communication, the method comprising:
acquiring current electric quantity data, an identification code of the intelligent electric meter and a first time stamp, wherein the first time stamp is the current system time of the intelligent electric meter; respectively performing first encryption processing and second encryption processing on the electric quantity data, the identification code of the intelligent ammeter and the first timestamp to respectively obtain a first ciphertext and a first message authentication code; uploading the first ciphertext and the first message authentication code to a server, so that the server obtains electric quantity data by decrypting the first ciphertext and authenticates the obtained electric quantity data through the first message authentication code; receiving feedback information sent by a server, and judging whether the server successfully stores the electric quantity data or not based on the feedback information; and if not, returning to execute the operation of uploading the first ciphertext and the first message authentication code to the server.
Optionally, the program, when executed by a processor, may be further configured to perform the method provided in any of the embodiments of the present application.
The computer storage media of the embodiments of the present application may take any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read Only Memory (ROM), an Erasable Programmable Read Only Memory (EPROM), a flash Memory, an optical fiber, a portable CD-ROM, an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. A computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take a variety of forms, including, but not limited to: an electromagnetic signal, an optical signal, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, Radio Frequency (RF), etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including, for example, a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present application and the technical principles employed. It will be understood by those skilled in the art that the present application is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the application. Therefore, although the present application has been described in more detail with reference to the above embodiments, the present application is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present application, and the scope of the present application is determined by the scope of the appended claims.

Claims (11)

1. A secure communication method is applied to a smart meter in a distributed energy system, and comprises the following steps:
acquiring current electric quantity data, an identification code of the intelligent electric meter and a first time stamp, wherein the first time stamp is the current system time of the intelligent electric meter;
respectively performing first encryption processing and second encryption processing on the electric quantity data, the identification code of the intelligent ammeter and the first timestamp to respectively obtain a first ciphertext and a first message authentication code;
uploading the first ciphertext and the first message authentication code to a server, so that the server obtains electric quantity data by decrypting the first ciphertext and authenticates the obtained electric quantity data through the first message authentication code;
receiving feedback information sent by a server, and judging whether the server successfully stores the electric quantity data or not based on the feedback information;
and if not, returning to execute the operation of uploading the first ciphertext and the first message authentication code to the server.
2. The method of claim 1, wherein prior to obtaining the charge data, the method further comprises:
sending a registration request to the server, and acquiring and storing the correlation parameters of the intelligent electric meter according to the registration result; the intelligent electric meter association parameters at least comprise a preset secret key, an identification code of the intelligent electric meter and a period of uploading electric quantity data;
correspondingly, it is right electric quantity data, smart electric meter's identification code and first time stamp carry out first encryption processing and second encryption processing, include:
and respectively carrying out first encryption processing and second encryption processing on the electric quantity data, the identification code of the intelligent electric meter and the first timestamp by utilizing a first encryption algorithm and a second encryption algorithm based on the preset secret key.
3. The method according to claim 2, wherein the feedback information comprises a second ciphertext and a second message authentication code generated by the server through encryption processing;
correspondingly, the judging whether the server has successfully stored the electric quantity data based on the feedback information includes:
decrypting the second ciphertext by using the preset key to obtain an electric quantity data storage result identifier and a second timestamp;
and judging whether the electric quantity data storage result identification and the second timestamp meet preset conditions, if so, authenticating the electric quantity data storage result identification through the second message authentication code, and determining whether the server successfully stores the electric quantity data according to an authentication result.
4. The method of claim 1, wherein the smart meter establishes a communication connection with the server through a network interface.
5. A secure communication method is applied to a server in a distributed energy system, and comprises the following steps:
receiving a first ciphertext and a first message authentication code uploaded by the intelligent electric meter, wherein the first ciphertext and the first message authentication code are obtained by respectively performing first encryption processing and second encryption processing on the acquired current electric quantity data, the identification code of the intelligent electric meter and the first timestamp by the intelligent electric meter;
decrypting the first ciphertext to obtain electric quantity data, and authenticating the electric quantity data through a first message authentication code;
and generating feedback information according to the authentication result, and issuing the feedback information to the intelligent electric meter.
6. The method of claim 5, wherein generating feedback information based on the authentication result comprises:
generating an electric quantity data storage result identifier according to the authentication result; the electric quantity data storage result identification is used for indicating whether the electric quantity data passes the authentication and is stored in the server;
performing third encryption processing and fourth encryption processing on the electric quantity data storage result identifier and the second timestamp to obtain feedback information comprising a second ciphertext and a second message authentication code; where the second timestamp is the server's current system time.
7. The method of claim 5, further comprising:
responding to a registration request sent by the intelligent electric meter, and generating intelligent electric meter association parameters; the correlation parameters of the intelligent electric meter at least comprise a preset secret key, an identification code of the intelligent electric meter and a period of uploading electric quantity data.
8. A secure communication apparatus, wherein the apparatus comprises a smart meter configured in a distributed energy system, the apparatus comprising:
the system comprises an acquisition module, a processing module and a display module, wherein the acquisition module is used for acquiring current electric quantity data, an identification code of the intelligent electric meter and a first timestamp, and the first timestamp is the current system time of the intelligent electric meter;
the first encryption calculation module is used for respectively carrying out first encryption processing and second encryption processing on the electric quantity data, the identification code of the intelligent ammeter and the first timestamp to respectively obtain a first ciphertext and a first message authentication code;
the first sending module is used for uploading the first ciphertext and the first message authentication code to a server, so that the server obtains electric quantity data by decrypting the first ciphertext and authenticates the obtained electric quantity data through the first message authentication code;
the first receiving module is used for receiving feedback information sent by the server and judging whether the server successfully stores the electric quantity data or not based on the feedback information;
and the return module is used for returning and executing the operation of uploading the first ciphertext and the first message authentication code to the server when the judgment result is negative.
9. A secure communication apparatus, applied to a server in a distributed energy system, the apparatus comprising:
the second receiving module is used for receiving a first ciphertext and a first message authentication code uploaded by the intelligent electric meter, wherein the first ciphertext and the first message authentication code are obtained by respectively performing first encryption processing and second encryption processing on the acquired current electric quantity data, the identification code of the intelligent electric meter and the first timestamp by the intelligent electric meter;
the decryption authentication module is used for decrypting the first ciphertext to obtain electric quantity data and authenticating the electric quantity data through a first message authentication code;
and the feedback information generating and issuing module is used for generating feedback information according to the authentication result and issuing the feedback information to the intelligent ammeter.
10. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the secure communications method of any of claims 1-4 or claims 5-7.
11. A storage medium on which a computer program is stored which, when being executed by a processor, carries out a secure communication method according to any one of claims 1 to 4 or claims 5 to 7.
CN202010948250.3A 2020-09-10 2020-09-10 Secure communication method and device, electronic equipment and storage medium Pending CN114257385A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010948250.3A CN114257385A (en) 2020-09-10 2020-09-10 Secure communication method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010948250.3A CN114257385A (en) 2020-09-10 2020-09-10 Secure communication method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114257385A true CN114257385A (en) 2022-03-29

Family

ID=80788063

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010948250.3A Pending CN114257385A (en) 2020-09-10 2020-09-10 Secure communication method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114257385A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101326732B1 (en) * 2012-07-24 2013-11-20 한전케이디엔주식회사 Automatic meter reading method using encryption key
CN108667601A (en) * 2017-03-31 2018-10-16 华为技术有限公司 A kind of method, apparatus and equipment of transmission data
CN109286500A (en) * 2018-09-30 2019-01-29 百度在线网络技术(北京)有限公司 Vehicle Electronic Control Unit ECU authentication method, device and equipment
CN110650478A (en) * 2019-10-12 2020-01-03 捷德(中国)信息科技有限公司 OTA method, system, device, SE module, program server and medium
CN111131156A (en) * 2019-11-20 2020-05-08 支付宝(杭州)信息技术有限公司 Data reading method and device, metering equipment and server
CN111294366A (en) * 2020-05-13 2020-06-16 西南石油大学 Statistical analysis method for aggregation of encrypted data for resisting secret key leakage in smart power grid
CN111435913A (en) * 2019-01-14 2020-07-21 海信集团有限公司 Identity authentication method and device for terminal of Internet of things and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101326732B1 (en) * 2012-07-24 2013-11-20 한전케이디엔주식회사 Automatic meter reading method using encryption key
CN108667601A (en) * 2017-03-31 2018-10-16 华为技术有限公司 A kind of method, apparatus and equipment of transmission data
CN109286500A (en) * 2018-09-30 2019-01-29 百度在线网络技术(北京)有限公司 Vehicle Electronic Control Unit ECU authentication method, device and equipment
CN111435913A (en) * 2019-01-14 2020-07-21 海信集团有限公司 Identity authentication method and device for terminal of Internet of things and storage medium
CN110650478A (en) * 2019-10-12 2020-01-03 捷德(中国)信息科技有限公司 OTA method, system, device, SE module, program server and medium
CN111131156A (en) * 2019-11-20 2020-05-08 支付宝(杭州)信息技术有限公司 Data reading method and device, metering equipment and server
CN111294366A (en) * 2020-05-13 2020-06-16 西南石油大学 Statistical analysis method for aggregation of encrypted data for resisting secret key leakage in smart power grid

Similar Documents

Publication Publication Date Title
CN111435913B (en) Identity authentication method and device for terminal of Internet of things and storage medium
CN111708991A (en) Service authorization method, service authorization device, computer equipment and storage medium
CN102111265A (en) Method for encrypting embedded secure access module (ESAM) of power system acquisition terminal
CN105610773B (en) A kind of communication encryption method of electric energy meter remote meter reading
CN110381075B (en) Block chain-based equipment identity authentication method and device
CN105072125A (en) HTTP communication system and method
CN102281143B (en) Remote unlocking system of intelligent card
CN113114699A (en) Vehicle terminal identity certificate application method
CN112887282A (en) Identity authentication method, device and system and electronic equipment
CN111435390A (en) Safety protection method for operation and maintenance tool of power distribution terminal
CN112134694B (en) Data interaction method, master station, terminal and computer readable storage medium
CN112733172A (en) Smart power grid data aggregation scheme based on RSA and differential privacy
CN111654503A (en) Remote control method, device, equipment and storage medium
CN104579659A (en) Device for safety information interaction
CN109922022A (en) Internet of Things communication means, platform, terminal and system
CN112235276B (en) Master-slave equipment interaction method, device, system, electronic equipment and computer medium
CN114154181A (en) Privacy calculation method based on distributed storage
CN111435389A (en) Power distribution terminal operation and maintenance tool safety protection system
KR101491553B1 (en) Secure SmartGrid Communication System and Method using DMS based on Certification
CN110278077B (en) Method, device, equipment and storage medium for acquiring data information of electric energy meter
CN111510421B (en) Data processing method and device, electronic equipment and computer readable storage medium
CN116599719A (en) User login authentication method, device, equipment and storage medium
CN113992336B (en) Encryption network offline data trusted exchange method and device based on block chain
CN112291055A (en) Industrial internet data communication encryption method
CN114257385A (en) Secure communication method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination