CN114531265B - Terminal safety access and data protection method based on virtual power plant - Google Patents

Terminal safety access and data protection method based on virtual power plant Download PDF

Info

Publication number
CN114531265B
CN114531265B CN202111423492.1A CN202111423492A CN114531265B CN 114531265 B CN114531265 B CN 114531265B CN 202111423492 A CN202111423492 A CN 202111423492A CN 114531265 B CN114531265 B CN 114531265B
Authority
CN
China
Prior art keywords
virtual power
power plant
data
terminal
station
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111423492.1A
Other languages
Chinese (zh)
Other versions
CN114531265A (en
Inventor
屠晓栋
周旻
顾曦华
钱伟杰
怀月容
刘维亮
邢旭亮
应杰耀
周晓琴
金祝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiaxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Jiaxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiaxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical Jiaxing Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority to CN202111423492.1A priority Critical patent/CN114531265B/en
Publication of CN114531265A publication Critical patent/CN114531265A/en
Application granted granted Critical
Publication of CN114531265B publication Critical patent/CN114531265B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/06Energy or water supply
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Economics (AREA)
  • Strategic Management (AREA)
  • Water Supply & Treatment (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Public Health (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Medical Informatics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a terminal safety access and data protection method based on a virtual power plant, which comprises the following steps: s1, setting a plurality of virtual power plant substations according to the distribution condition of terminals aggregated by the virtual power plants; s2, the virtual power plant master station in the virtual power plant and all virtual power plant sub-stations are communicated through encryption; s3, simultaneously sending an application to the virtual power plant master station and the virtual power plant substation when the terminal is accessed, and accessing the virtual power grid after the application is passed; and S4, when the terminal transmits data, the data part after being divided and encrypted is directly transmitted to the virtual power plant master station, and the other part is transmitted to the virtual power plant master station through the virtual power plant sub-station. According to the invention, the virtual power plant main station and the plurality of virtual power plant sub-stations are used as the main, are connected with each other through the virtual network loading channel, each virtual power plant sub-station is responsible for accessing each terminal in the sub-region where the virtual power plant sub-station is located, and are communicated in the public network after data encryption, so that the cost is reduced on the basis of ensuring the safety.

Description

Terminal safety access and data protection method based on virtual power plant
Technical Field
The invention relates to the technical field of virtual power plants, in particular to a terminal security access and data protection method based on a virtual power plant.
Background
The virtual power plant organically combines energy forms such as a distributed generator set, controllable loads and distributed energy storage facilities, realizes a carrier for integrating and regulating various distributed energy sources through a matched regulation and control technology and a communication technology, and can be used as a special power plant to participate in power grid operation. Virtual power plants are becoming the latest trend in the power field as an advanced regional energy centralized management mode. The distributed generator sets, the controllable loads and the distributed energy storage facilities of the virtual power plant are distributed in a distributed area, the distributed generator sets, the controllable loads and the distributed energy storage facilities cannot communicate with the virtual power plant energy management platform through a private network, and can only communicate through a non-private network, namely a public network.
The virtual power plant energy management platform disclosed in China patent literature has a publication number of CN111049720A and a publication date of 2020-04-21, and comprises a control center and a controlled equipment group, wherein a VPN server is deployed in the control center, and corresponding VPN gateways are respectively arranged for a control server of the control center and a distributed energy equipment client of the controlled equipment group, so that the distributed energy equipment can communicate with the control service through the corresponding VPN gateway, the VPN server and the VPN gateway corresponding to the control service by utilizing the distributed energy equipment client, and the communication security between the control server and the distributed energy equipment client is ensured by utilizing the characteristic that a private network is established on a public network by utilizing a VPN technology for encrypted communication. However, in the technology, a VPN gateway needs to be set for each distributed energy device to establish a VPN link, when the number of the distributed energy devices is not large, the cost is not obvious, but when the range is expanded to one city or a plurality of city groups, not only the distributed energy devices, other controllable coincidence, distributed energy storage devices and the like need to be accessed into a virtual power plant, at the moment, all the distributed energy devices and the like are connected and communicated through the built private network channels, the running cost can be greatly increased, and information congestion is easily caused because of frequent information communication.
Disclosure of Invention
The invention provides a terminal safety access and data protection method based on a virtual power plant, which aims to solve the problems that in the prior art, when a virtual power plant integrates and regulates various distributed energy sources, potential safety hazards are caused by public network communication, and communication cost is high by using a virtual private network channel in a large area.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
a terminal safety access and data protection method based on a virtual power plant comprises the following steps:
s1, setting a plurality of virtual power plant substations according to the distribution condition of terminals aggregated by the virtual power plants;
s2, the virtual power plant master station in the virtual power plant and all virtual power plant sub-stations are communicated through encryption;
s3, simultaneously sending an application to the virtual power plant master station and the virtual power plant substation when the terminal is accessed, and accessing the virtual power grid after the application is passed;
and S4, when the terminal transmits data, the data part after being divided and encrypted is directly transmitted to the virtual power plant master station, and the other part is transmitted to the virtual power plant master station through the virtual power plant sub-station.
In the invention, the virtual power plant substation and a plurality of virtual power plant substations are connected in an encrypted communication manner to form a control trunk for resource aggregation and coordination optimization of the virtual power plant, and all terminals aggregated in the virtual power plant are used as different branches to be connected with the virtual power plant substation and the virtual power plant substation in communication manner, so that at least two different ways exist for communication between each terminal and the virtual power plant substation. In this case, there may be a primary and secondary path for information exchange between the terminal and the virtual power plant, and if necessary, the safety and integrity of the information transmission process may be determined by comparing the information transmitted through the two paths. The information can be split into two parts for transmission respectively, and even if one part of the information is cracked, the other part can still ensure the safety of the data information under the condition that the other part is not cracked.
Preferably, in the step S1, a plurality of sub-areas are divided according to the number of terminals, the difference value of the number of terminals in each sub-area is smaller than a set value, and each sub-area is provided with a virtual power plant sub-station.
The difference value of the number of the terminals in each sub-area is smaller than the set value, so that the number of the terminals in each sub-area after the area division is basically consistent, the difference value of the number of the data information processed by each virtual power plant sub-station is small, and the situation that part of the virtual power plant sub-stations work busy and other virtual power plant sub-stations are in an idle state is avoided.
Preferably, a substation front-end processing area is arranged between the virtual power plant substation and the external communication network; a head station front end processing area is arranged between the virtual power plant head station and an external communication network; the master station front-end processing area or the sub-station front-end processing area is used for processing public data information or insensitive business.
The front end processing area of the sub-station and the front end processing area of the master station are collectively called as front end processing areas, and the functions of the front end processing area and the front end processing area of the master station are the same, namely, the sub-station or the master station of the virtual power plant is isolated from an external communication network, and whether data information of the external communication network is transmitted into the sub-station or the master station of the virtual power plant is determined after screening analysis of the front end processing areas. The external communication network is a public network, and communication between the virtual power plant main station and the virtual power plant sub-station can be selected to be directly communicated or communicated through the front-end processing area according to actual conditions.
Preferably, the front-end processing area of the master station or the front-end processing area of the sub-station classifies the communication, and the communication data of the terminal is connected with the front-end processing area for communication after identity authentication; when the communication transmission of the terminal relates to data information modification in the virtual power plant, connection communication is required to be carried out after the front-end processing area is subjected to identity authentication and front-end security verification.
In the invention, the terminals are connected with the front-end processing area when the virtual power plant performs communication, each terminal uses the fixed terminal address and the access ID, and the terminals can perform data information communication with the front-end processing area after identity authentication. Public data information and non-sensitive traffic may be processed in the front-end processing region. When the data information of the internal complement of the virtual power plant is changed, the front-end processing area is required to further carry out safety verification on the terminal, and the terminal can be accessed into the virtual power plant after the terminal passes the safety verification.
Preferably, a virtual private network is established between the virtual power plant master station and the virtual power plant sub-stations and between any two virtual power plant sub-stations for encrypted communication. According to the invention, the trunks of the virtual power plants are communicated in pairs through the virtual private network encryption, so that the safety of communication between the trunks is ensured. In addition, the terminals that access the virtual power plant have mobile terminals in addition to fixed-location terminals.
Preferably, the step S3 includes the following steps:
s31, the terminal respectively sends an access application to the virtual power plant master station and the virtual power plant sub-station in the sub-area where the virtual power plant master station is located;
s32, the virtual power plant substation inspects the access application and transmits an inspection result to the virtual power plant main station;
s33, the virtual power plant master station examines the access application and receives the examination result of the virtual power plant substation;
and S34, when the virtual power plant master station and the virtual power plant substation pass the verification, the terminal is accessed to the virtual power plant.
When the terminal wants to access the virtual power grid, the virtual power plant master station and the virtual power plant substation are required to be checked and checked at the same time to access the virtual power grid, and the access of the terminal is performed through double verification, so that the access safety of the virtual power plant can be ensured. In addition, when one of the two auditing conditions is failed, the auditing process and the judgment reason can be simultaneously transmitted to the virtual power plant main station, and manual auditing is carried out by staff, so that the problem that the terminal cannot be accessed into the virtual power plant due to auditing errors is avoided. Meanwhile, the virtual power plant substation or the virtual power plant master station can conduct periodic recheck on the terminal which has completed access to judge the security of terminal access.
Preferably, the step S4 includes the steps of:
s41, dividing terminal transmission data into first sub-data and second sub-data;
s42, the first data are encrypted in a first encryption mode to obtain first encrypted data, and the second data are encrypted in a second encryption mode to obtain second encrypted data;
s43, forming a first data packet by the first encrypted data and the second encrypted data, and forming a second data packet by the second encrypted data and the first encrypted data;
s44, the first data packet and the second data packet are transmitted to the virtual power plant total station through different transmission paths;
s45, the virtual power plant master station decrypts and reassembles the data packet into terminal transmission data.
In the invention, terminal data to be transmitted are split into two groups of different data at the terminal, each group of data is encrypted by using different encryption modes, and the obtained two groups of encrypted data are respectively transmitted through a terminal-virtual power plant total station and a terminal-virtual power plant sub-station-virtual power plant total station, and are respectively decrypted and recombined in the virtual power plant total station to obtain original data. Because of the different data encryption modes, only one group of encrypted data can be obtained even if one transmission path is broken, and the original data of one group of encrypted data is split, so that effective information cannot be obtained because of the integrity defect, and the difficulty of obtaining the original terminal data from the encrypted data is increased.
Preferably, the virtual power plant master station stores data information of all terminals, and the virtual power plant slave station stores data information backup of all terminals in the sub-area where the virtual power plant slave station is located.
In the invention, the virtual power plant master station stores the data information of all terminals, and can communicate with all terminals; the virtual power station sub-station stores the data information backup of the terminal of the sub-area where the virtual power station is located, and can communicate with the terminal of the sub-area where the virtual power station is located. In this case, when a problem occurs in a certain virtual plant sub-station, the terminal may be directly coordinated and controlled by the virtual plant master station, or may be coordinated and controlled by another virtual plant sub-station adjacent to the virtual plant sub-station.
The invention has the following beneficial effects: the virtual power plant main station and the plurality of virtual power plant sub-stations are used as trunks and are connected through virtual network loading channels, each virtual power plant sub-station is responsible for accessing each terminal in the sub-region where the virtual power plant sub-station is located, and the virtual power plant sub-station is communicated in a public network after data encryption, so that the cost is reduced on the basis of ensuring the safety; the intervention of the terminal needs to pass double auditing verification, and meanwhile, the accessed terminal is subjected to periodical rechecking, so that the safety of the terminal accessing the virtual power plant is ensured; in the process of terminal data transmission, terminal data are split and encrypted in different encryption modes, and the terminal data are transmitted to a virtual power plant main station from two paths respectively, so that specific data content cannot be obtained even if part of the data are cracked, and the safety of data information is greatly ensured; the virtual power plant main station and the virtual power plant sub-stations are respectively stored with data information of the terminals which are respectively communicated, and the virtual power plant main station and the virtual power plant sub-stations are mutually communicated, so that when a problem occurs in a certain sub-station or the main station, the whole virtual power plant can still perform coordinated control work, and the working stability of the virtual power plant is ensured.
Drawings
FIG. 1 is a schematic diagram of a terminal secure access and data protection method of the present invention;
FIG. 2 is a flow chart of the secure access of the terminal to the virtual power plant of the present invention;
FIG. 3 is a schematic diagram of a communication connection between a terminal and a virtual power plant according to the present invention.
Detailed Description
The invention is further described below with reference to the drawings and detailed description.
A terminal safety access and data protection method based on a virtual power plant is shown in fig. 1, and comprises the following steps:
s1, setting a plurality of virtual power plant substations according to the distribution condition of terminals aggregated by the virtual power plants;
the terminal coverage range of the virtual power plant aggregation is divided into a plurality of sub-areas, the difference value of the terminal quantity between any two sub-areas is smaller than a set value, a virtual power plant sub-station is arranged in each sub-area, and the virtual power plant sub-station can communicate with terminals in the sub-areas.
S2, the virtual power plant master station in the virtual power plant and all virtual power plant sub-stations are communicated through encryption;
and establishing a virtual private network between the virtual power plant master station and the virtual power plant sub-stations and between any two virtual power plant sub-stations for encrypted communication, so that data information can be safely communicated in the virtual power plant.
S3, simultaneously sending an application to the virtual power plant master station and the virtual power plant substation when the terminal is accessed, and accessing the virtual power grid after the application is passed;
as shown in fig. 2, S3 includes the following steps:
s31, the terminal respectively sends an access application to the virtual power plant master station and the virtual power plant sub-station in the sub-area where the virtual power plant master station is located;
s32, the virtual power plant substation inspects the access application and transmits an inspection result to the virtual power plant main station;
s33, the virtual power plant master station examines the access application and receives the examination result of the virtual power plant substation;
and S34, when the virtual power plant master station and the virtual power plant substation pass the verification, the terminal is accessed to the virtual power plant.
S4, when the terminal transmits data, the data part after being divided and encrypted is directly transmitted to the virtual power plant main station, and the other part is transmitted to the virtual power plant main station through the virtual power plant sub-station;
s4, the following steps are included:
s41, dividing terminal transmission data into first sub-data and second sub-data;
s42, the first data are encrypted in a first encryption mode to obtain first encrypted data, and the second data are encrypted in a second encryption mode to obtain second encrypted data;
s43, forming a first data packet by the first encrypted data and the second encrypted data, and forming a second data packet by the second encrypted data and the first encrypted data;
s44, the first data packet and the second data packet are transmitted to the virtual power plant total station through different transmission paths;
s45, the virtual power plant master station decrypts and reassembles the data packet into terminal transmission data.
A substation front end processing area is arranged between the virtual power plant substation and the terminal, and the substation front end processing area is connected with the terminal through a public network; a head station front end processing area is arranged between the virtual power plant head station and the terminal, and the head station front end processing area is connected with the terminal through a public network; the front-end processing area of the main station or the front-end processing area of the sub-station is used for processing public data information or non-sensitive business, and particularly as shown in fig. 3, the front-end processing area of the main station or the front-end processing area of the sub-station classifies communication, and communication data of the terminal is connected with the front-end processing area for communication after identity authentication; when the communication transmission of the terminal relates to data information modification in the virtual power plant, the terminal needs to be subjected to identity authentication and front-end safety verification in the front-end processing area to be connected and communicated with the virtual power plant.
The virtual power plant master station stores data information of all terminals, and the virtual power plant sub station stores data information backup of all terminals in the sub area where the virtual power plant sub station is located. The virtual power plant substation can regularly backup and store the data information of all terminals in the subarea where the virtual power plant substation is located from all terminal data information stored in the virtual power plant main station.
In the invention, the virtual power plant substation and a plurality of virtual power plant substations are connected in an encrypted communication manner to form a control trunk for resource aggregation and coordination optimization of the virtual power plant, and all terminals aggregated in the virtual power plant are used as different branches to be connected with the virtual power plant substation and the virtual power plant substation in communication manner, so that at least two different ways exist for communication between each terminal and the virtual power plant substation. In this case, there may be a primary and secondary path for information exchange between the terminal and the virtual power plant, and if necessary, the safety and integrity of the information transmission process may be determined by comparing the information transmitted through the two paths. The information can be split into two parts for transmission respectively, and even if one part of the information is cracked, the other part can still ensure the safety of the data information under the condition that the other part is not cracked.
The difference value of the number of the terminals in each sub-area is smaller than the set value, so that the number of the terminals in each sub-area after the area division is basically consistent, the difference value of the number of the data information processed by each virtual power plant sub-station is small, and the situation that part of the virtual power plant sub-stations work busy and other virtual power plant sub-stations are in an idle state is avoided. This set point may be determined as a percentage, e.g. five percent, of the total number of terminals in the sub-area. In addition, when a terminal is added, reduced or modified in a sub-area, the information thereof has the responsibility of the virtual power station sub-station in the sub-area.
The front end processing area of the sub-station and the front end processing area of the master station are collectively called as front end processing areas, and the functions of the front end processing area and the front end processing area of the master station are the same, namely, the sub-station or the master station of the virtual power plant is isolated from an external communication network, and whether data information of the external communication network is transmitted into the sub-station or the master station of the virtual power plant is determined after screening analysis of the front end processing areas. The external communication network is a public network, and communication between the virtual power plant main station and the virtual power plant sub-station can be selected to be directly communicated or communicated through the front-end processing area according to actual conditions.
In the invention, the terminals are connected with the front-end processing area when the virtual power plant performs communication, each terminal uses the fixed terminal address and the access ID, and the terminals can perform data information communication with the front-end processing area after identity authentication. The disclosed data information and non-sensitive business, such as the release of a virtual power plant work report, the application arrangement of terminal maintenance detection and the like, can be processed in the front-end processing area, and the work of changing the internal data information of the virtual power plant is not needed. When the data information of the internal complement of the virtual power plant is changed, the front-end processing area is required to further carry out safety verification on the terminal, and the terminal can be accessed into the virtual power plant after the terminal passes the safety verification.
According to the invention, the trunks of the virtual power plants are communicated in pairs through the virtual private network encryption, so that the safety of communication between the trunks is ensured. In addition, the terminals that access the virtual power plant have mobile terminals in addition to fixed-location terminals. When a terminal in a fixed position needs to change the position from one sub-area to another sub-area, virtual power stations in the two involved sub-areas need to transmit data information to complete the transfer and confirmation of terminal information. For a mobile terminal, since it is in motion, the virtual station sub-stations of the sub-area through which it moves need to communicate to confirm the security and correctness of the mobile terminal data information.
When the terminal wants to access the virtual power grid, the virtual power plant master station and the virtual power plant substation are required to be checked and checked at the same time to access the virtual power grid, and the access of the terminal is performed through double verification, so that the access safety of the virtual power plant can be ensured. In addition, when one of the two auditing conditions is failed, the auditing process and the judgment reason can be simultaneously transmitted to the virtual power plant main station, and manual auditing is carried out by staff, so that the problem that the terminal cannot be accessed into the virtual power plant due to auditing errors is avoided. Meanwhile, the virtual power plant substation or the virtual power plant master station can conduct periodic recheck on the terminal which has completed access to judge the security of terminal access.
In the invention, terminal data to be transmitted are split into two groups of different data at the terminal, each group of data is encrypted by using different encryption modes, and the obtained two groups of encrypted data are respectively transmitted through a terminal-virtual power plant total station and a terminal-virtual power plant sub-station-virtual power plant total station, and are respectively decrypted and recombined in the virtual power plant total station to obtain original data. Because of the different data encryption modes, only one group of encrypted data can be obtained even if one transmission path is broken, and the original data of one group of encrypted data is split, so that effective information cannot be obtained because of the integrity defect, and the difficulty of obtaining the original terminal data from the encrypted data is increased.
In the invention, the virtual power plant master station stores the data information of all terminals, and can communicate with all terminals; the virtual power station sub-station stores the data information backup of the terminal of the sub-area where the virtual power station is located, and can communicate with the terminal of the sub-area where the virtual power station is located. In this case, when a problem occurs in a certain virtual plant sub-station, the terminal may be directly coordinated and controlled by the virtual plant master station, or may be coordinated and controlled by another virtual plant sub-station adjacent to the virtual plant sub-station. When the virtual power plant total station has a problem, the original coverage area can be regarded as a set of a plurality of independent subareas, and each subarea is coordinately controlled by the virtual power plant substation, so that the stability and the safety of the work of the virtual power plant are ensured.
In the embodiment of the invention, the virtual power plant master station of the virtual power plant is used as a central coordination control part, the virtual power plant sub-stations are used as a coordination control part of the sub-areas, each virtual power plant sub-station has a terminal address range for communication when the virtual power plant sub-station is set, and all the terminal address ranges are not overlapped and are combined to form the terminal address range of the coordination control of the whole virtual power plant. When accessing by a new terminal, a terminal address is first allocated according to the actual location of the access terminal, each terminal address corresponding to and having only one terminal. Then, an access ID is allocated to the type of the access terminal, wherein the access ID comprises a combination of letters of a first half part and numbers of a second half part, different letters are used for indicating whether the access terminal is a distributed energy source, an energy storage system or a load, and further the type of the distributed energy source, the capacity of the energy storage system, the type of the load and the like can be indicated; the number of terminals is represented by a number as a serial number so that each terminal has a unique access ID. The access ID and the terminal address are information that identifies that the authenticated terminal must provide. The access ID, terminal address and specific text and data information of the new terminal, including the registrant information when registering the terminal, are all established that a single document is stored in the database of the virtual power plant master station and the backup database of the virtual power plant sub-station, respectively.
When the terminal obtains the access ID and the terminal address and needs to access the virtual power plant, the terminal is firstly connected with the corresponding virtual power plant substation according to the terminal address, the terminal sends an access application to the virtual power plant substation, and then the terminal sends the same access application to the virtual power plant main station. The virtual power plant substation inspects and verifies the access ID, the terminal address and the registrant information of the terminal, judges whether a new terminal can be accessed again in the subarea under the current condition, gives out an auditing result and sends the auditing result to the virtual power plant main station. The virtual power plant master station examines and verifies the access ID, the terminal address and the registrant information of the terminal, judges whether a new terminal can be accessed in the virtual power plant under the current condition, and gives an examination result. When both pass the verification, a new terminal can be accessed; when the two auditing results are that one of the two results passes the failure, the staff needs to be informed to manually audit and verify whether the terminal can be accessed. Because the data information in the virtual power plant is changed when the terminal is accessed, a registrant is required to perform terminal access operation, and one or more of face recognition, voice recognition, fingerprint recognition, key input and the like are required to be verified when front-end security verification is performed, so that the security and normalization of terminal access are ensured. Correspondingly, when the access of the terminal is canceled, the actual position of the terminal is changed and the text and data information of the updated terminal is changed, the operation can be executed only after the front-end security verification is carried out by the registrant, and one or more registrants can exist.
The virtual power plant main station is provided with a main station front end processing area, the virtual power plant sub-station is provided with a sub-station front end processing area, the main station front end processing area and the sub-station front end processing area are collectively called as a front end processor, and the functions are the same, so that the sub-station or the main station of the virtual power plant and a public communication network are isolated. The virtual power plant substation and the substation front-end processing area are described below as examples. When a terminal accessed to the virtual power plant transmits data information to a virtual power plant substation, the data information firstly reaches a substation front-end processing area, and the substation front-end processing area firstly processes the data information. Judging whether the request data information of the terminal relates to the change of the data information in the virtual power plant or the inquiry of related sensitive information, wherein the sensitive information can be set by a terminal registration user, the virtual power plant is defined by the user or related staff is used for inputting the setting. When the terminal equipment is not involved in time, the front end processing area of the sub-station has self-processing and corresponding functions, corresponding information is directly transmitted to the terminal, and when the terminal equipment needs maintenance or inspection, maintenance application information can be sent from the terminal to the sub-station of the virtual power plant, and after the application information is received by the front end processing area of the sub-station, relevant maintenance personnel are automatically matched with the terminal to complete the auditing and processing work of the application. When sensitive information or data information in the virtual power plant is changed, the front-end processing area of the substation needs to perform identity authentication on the terminal, and continuously requires front-end security verification after the terminal address and the access ID of the terminal are authenticated, namely, a registrant with the terminal needs to perform terminal operation verification on the registrant information before the terminal is in communication connection with the substation of the virtual power plant. The virtual power station substation automatically sends verification information to the mobile terminal equipment of the registrant after receiving the data information transmitted by the terminal, and the registrant can perform subsequent information inquiring or modifying operation after verification confirmation on the mobile terminal equipment.
For the transmission of important terminal data information, the terminal data is split before the terminal is transmitted, for example, the terminal data is arranged according to m rows and n columns, odd column data in n columns is taken as first sub data, even column data in n columns is taken as second sub data, and the content of the terminal data is read once per row during normal reading and arrangement, so that the first sub data and the second sub data after the extraction of the data columns cannot display and contain the content of the original terminal data. The first data is encrypted by a first encryption mode to form first encrypted data, the second data is encrypted by a second encryption mode to form second encrypted data, and different encryption modes can be selected by a random selection mode when the terminal is encrypted, including but not limited to any existing encryption technology. And then the first data packet is formed by the first encrypted data and the second encrypted mode at the terminal, the first data packet is encrypted by the encryption password which is set in advance by the registrant during registration, the second data packet is formed by the second encrypted data and the first encrypted mode, and the second data packet is encrypted by the encryption password which is set in advance by the registrant during registration. The data transmission from the terminal to the virtual power plant total station has two paths, namely, the terminal-virtual power plant total station, the terminal-virtual power plant sub-station-virtual power plant total station. The first data packet randomly selects one path for transmission, and the second data packet selects the other path for transmission. After the virtual power plant total station is reached, the first data packet and the second data packet are decrypted through the encryption passwords stored in the database, the first encrypted data and the second encrypted data are decrypted according to the first encryption mode and the second encryption mode which are obtained through decryption, and the terminal data are obtained after the terminal data are combined according to columns.
The terminals accessed in the virtual power plant are mobile terminals such as electric automobiles, mobile power generation equipment, mobile electric equipment and the like besides terminals at fixed positions, and because the positions of the mobile terminals are not fixed and can move among different subareas, dynamic terminal addresses are allocated in addition to access IDs (identity) in access registration, and the dynamic terminal addresses comprise fixed terminal addresses of a front part and dynamic codes of a rear part, wherein the fixed terminal addresses refer to terminal addresses corresponding to the actual positions of the mobile terminals when the mobile terminals are accessed into the virtual power grid at the beginning, and the form of the fixed terminal addresses is the same as that of the fixed terminals. And the data information of the mobile terminal is stored in the virtual power plant substation corresponding to the virtual power plant total station and the fixed terminal address. The dynamic code represents the code of the sub-area where the mobile terminal is located in the moving process, and corresponds to the sub-area where the mobile terminal is located in the current situation, and three ways exist for data information transmission when the mobile terminal exchanges data information in the current situation are respectively: mobile terminal-virtual power plant total station; the method comprises the steps of enabling a mobile terminal to be in a sub-station of a sub-area virtual power plant where the mobile terminal is currently located, initially accessing the sub-station of the sub-area virtual power plant, and enabling the mobile terminal to be in a main station of the virtual power plant; the mobile terminal-the sub-station of the virtual power plant in the sub-region where the mobile terminal is currently located-the main station of the virtual power plant.
The foregoing embodiments are further illustrative and explanatory of the invention, as is not restrictive of the invention, and any modifications, equivalents, and improvements made within the spirit and principles of the invention are intended to be included within the scope of the invention.

Claims (7)

1. The terminal safety access and data protection method based on the virtual power plant is characterized by comprising the following steps:
s1, setting a plurality of virtual power plant substations according to the distribution condition of terminals aggregated by the virtual power plants;
s2, the virtual power plant master station in the virtual power plant and all virtual power plant sub-stations are communicated through encryption;
s3, simultaneously sending an application to the virtual power plant master station and the virtual power plant substation when the terminal is accessed, and accessing the virtual power grid after the application is passed;
s4, when the terminal transmits data, the data part after being divided and encrypted is directly transmitted to the virtual power plant main station, and the other part is transmitted to the virtual power plant main station through the virtual power plant sub-station;
s41, dividing terminal transmission data into first sub-data and second sub-data;
s42, the first data are encrypted in a first encryption mode to obtain first encrypted data, and the second data are encrypted in a second encryption mode to obtain second encrypted data;
s43, forming a first data packet by the first encrypted data and the second encrypted data, and forming a second data packet by the second encrypted data and the first encrypted data;
s44, the first data packet and the second data packet are transmitted to the virtual power plant total station through different transmission paths;
s45, the virtual power plant master station decrypts and reassembles the data packet into terminal transmission data.
2. The method for secure access and data protection of terminals based on virtual power plants according to claim 1, wherein in S1, a plurality of sub-areas are divided according to the number of terminals, the difference of the number of terminals in each sub-area is smaller than a set value, and a virtual power plant sub-station is arranged in each sub-area.
3. The method for secure access and data protection of a terminal based on a virtual power plant according to claim 1 or 2, wherein a substation front-end processing area is provided between the virtual power plant substation and an external communication network; a head station front end processing area is arranged between the virtual power plant head station and an external communication network; the master station front-end processing area or the sub-station front-end processing area is used for processing public data information or insensitive business.
4. The method for terminal security access and data protection based on virtual power plant according to claim 3, wherein the front-end processing area of the main station or the front-end processing area of the sub-station classifies the communication, and the communication data of the terminal is connected and communicated with the front-end processing area after identity authentication; when the communication transmission of the terminal relates to data information modification in the virtual power plant, connection communication is required to be carried out after the front-end processing area is subjected to identity authentication and front-end security verification.
5. The method for secure access and data protection of a terminal based on a virtual power plant according to claim 1, wherein in S2, a virtual private network is established between a virtual power plant master station and a virtual power plant sub-station and between any two virtual power plant sub-stations for encrypted communication.
6. A method for secure access and data protection of a terminal based on a virtual power plant according to claim 1 or 2 or 4 or 5, wherein the step S3 comprises the following steps:
s31, the terminal respectively sends an access application to the virtual power plant master station and the virtual power plant sub-station in the sub-area where the virtual power plant master station is located;
s32, the virtual power plant substation inspects the access application and transmits an inspection result to the virtual power plant main station;
s33, the virtual power plant master station examines the access application and receives the examination result of the virtual power plant substation;
and S34, when the virtual power plant master station and the virtual power plant substation pass the verification, the terminal is accessed to the virtual power plant.
7. The method for secure access and data protection of terminals based on a virtual power plant according to claim 1 or 5, wherein the virtual power plant master station stores data information of all terminals, and the virtual power plant sub station stores data information backup of all terminals in a sub-area where the virtual power plant is located.
CN202111423492.1A 2021-11-26 2021-11-26 Terminal safety access and data protection method based on virtual power plant Active CN114531265B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111423492.1A CN114531265B (en) 2021-11-26 2021-11-26 Terminal safety access and data protection method based on virtual power plant

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111423492.1A CN114531265B (en) 2021-11-26 2021-11-26 Terminal safety access and data protection method based on virtual power plant

Publications (2)

Publication Number Publication Date
CN114531265A CN114531265A (en) 2022-05-24
CN114531265B true CN114531265B (en) 2023-09-26

Family

ID=81618892

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111423492.1A Active CN114531265B (en) 2021-11-26 2021-11-26 Terminal safety access and data protection method based on virtual power plant

Country Status (1)

Country Link
CN (1) CN114531265B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101394273A (en) * 2008-10-17 2009-03-25 电子科技大学 Multichannel ciphered information transmission method
CN102509167A (en) * 2011-12-19 2012-06-20 国网电力科学研究院 Photovoltaic power generation and energy management system based on virtual power plant
CN103617455A (en) * 2013-11-29 2014-03-05 广东电网公司电力科学研究院 Power network and plant two-stage optimal load scheduling method based on virtual machine set subgroup
CN108063751A (en) * 2017-10-20 2018-05-22 国网宁夏电力有限公司 A kind of public network safety access method for new energy power plant
CN110416998A (en) * 2019-07-01 2019-11-05 华北电力大学 A kind of complicated distribution scheduling Control management system in area based on virtual power plant
CN111668929A (en) * 2020-05-28 2020-09-15 国网上海市电力公司 Distributed electric energy management control system based on virtual power plant
CN112510763A (en) * 2019-09-16 2021-03-16 南京南瑞继保电气有限公司 Source-grid-load cooperative control system and method
CN113315172A (en) * 2021-05-21 2021-08-27 华中科技大学 Distributed source load data scheduling system of electric heating comprehensive energy
CN113542212A (en) * 2021-05-21 2021-10-22 国网辽宁省电力有限公司鞍山供电公司 Virtual power plant peak regulation instruction safety certification method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2577853B (en) * 2018-06-22 2021-03-24 Moixa Energy Holdings Ltd Systems for machine learning, optimising and managing local multi-asset flexibility of distributed energy storage resources

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101394273A (en) * 2008-10-17 2009-03-25 电子科技大学 Multichannel ciphered information transmission method
CN102509167A (en) * 2011-12-19 2012-06-20 国网电力科学研究院 Photovoltaic power generation and energy management system based on virtual power plant
CN103617455A (en) * 2013-11-29 2014-03-05 广东电网公司电力科学研究院 Power network and plant two-stage optimal load scheduling method based on virtual machine set subgroup
CN108063751A (en) * 2017-10-20 2018-05-22 国网宁夏电力有限公司 A kind of public network safety access method for new energy power plant
CN110416998A (en) * 2019-07-01 2019-11-05 华北电力大学 A kind of complicated distribution scheduling Control management system in area based on virtual power plant
CN112510763A (en) * 2019-09-16 2021-03-16 南京南瑞继保电气有限公司 Source-grid-load cooperative control system and method
CN111668929A (en) * 2020-05-28 2020-09-15 国网上海市电力公司 Distributed electric energy management control system based on virtual power plant
CN113315172A (en) * 2021-05-21 2021-08-27 华中科技大学 Distributed source load data scheduling system of electric heating comprehensive energy
CN113542212A (en) * 2021-05-21 2021-10-22 国网辽宁省电力有限公司鞍山供电公司 Virtual power plant peak regulation instruction safety certification method

Also Published As

Publication number Publication date
CN114531265A (en) 2022-05-24

Similar Documents

Publication Publication Date Title
CN109922162B (en) Flat building equipment Internet of things monitoring system and method based on block chain
US6678826B1 (en) Management system for distributed out-of-band security databases
DE602005000704T2 (en) System for processing cryptographic keys for a wireless access point
CN107231299A (en) A kind of chain route and realized the system that block chain communicates across chain
CN113079215B (en) Block chain-based wireless security access method for power distribution Internet of things
CN111083697B (en) Access method, terminal, micro base station and access system
CN112217793B (en) Cross-system trust management system suitable for power Internet of things
CN111818056B (en) Industrial Internet identity authentication method based on block chain
CN107040495B (en) Multi-level combined identity authentication method applied to industrial communication and service
CN112540926A (en) Resource allocation fairness federal learning method based on block chain
CN108966216B (en) Mobile communication method and system applied to power distribution network
CN102685745A (en) Wireless access point (AP) equipment authentication method and system
CN109714170B (en) Data isolation method in alliance chain and corresponding alliance chain system
CN101232424B (en) Access method, access system, trust service center, network trust platform
CN106576101A (en) A system and method for managing secure communications in an ad-hoc network
CN102056163B (en) Distributed mesh network key management method and wireless access point device
CN115208779A (en) Data stream monitoring method based on block chain and big data and cloud computing service platform
CN114531265B (en) Terminal safety access and data protection method based on virtual power plant
CN110430207B (en) Multi-point remote cross-network interaction collaborative authentication method for smart power grid
CN114466359B (en) Distributed user authentication system and authentication method suitable for low orbit satellite network
CN114189858B (en) Asymmetric encryption-based power 5G public network secure transmission method
CN110830585A (en) Internet of things system and communication method thereof
CN114466038B (en) Communication protection system of electric power thing networking
CN113992336B (en) Encryption network offline data trusted exchange method and device based on block chain
CN114302396B (en) Data management method, device, equipment, storage medium and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant