CN115051813B - New energy platform control instruction protection method and system - Google Patents

New energy platform control instruction protection method and system Download PDF

Info

Publication number
CN115051813B
CN115051813B CN202210964355.7A CN202210964355A CN115051813B CN 115051813 B CN115051813 B CN 115051813B CN 202210964355 A CN202210964355 A CN 202210964355A CN 115051813 B CN115051813 B CN 115051813B
Authority
CN
China
Prior art keywords
centralized control
control
instruction
interface
control instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210964355.7A
Other languages
Chinese (zh)
Other versions
CN115051813A (en
Inventor
张五一
江楠
田叶
刘雪梅
汤敏杰
张晏斌
俞利锋
冯佳峰
李知耘
韩乃民
李祥
阎军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Branch Of China Huadian Group Co ltd
Huadian Fuxin Energy Development Co ltd Guangdong Branch
Nanjing Huadun Power Information Security Evaluation Co Ltd
Original Assignee
Guangdong Branch Of China Huadian Group Co ltd
Huadian Fuxin Energy Development Co ltd Guangdong Branch
Nanjing Huadun Power Information Security Evaluation Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Branch Of China Huadian Group Co ltd, Huadian Fuxin Energy Development Co ltd Guangdong Branch, Nanjing Huadun Power Information Security Evaluation Co Ltd filed Critical Guangdong Branch Of China Huadian Group Co ltd
Priority to CN202210964355.7A priority Critical patent/CN115051813B/en
Publication of CN115051813A publication Critical patent/CN115051813A/en
Application granted granted Critical
Publication of CN115051813B publication Critical patent/CN115051813B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Abstract

The invention provides a new energy platform control instruction protection method and system, belonging to the technical field of information communication, wherein the method is based on a key dispersion technology, and surrounds the safety requirement of a three-layer architecture of a new energy platform, wherein the three-layer architecture comprises a centralized control side, a field station side and a field side, and specifically comprises the following steps: the centralized control side signs a control instruction issued by an operator obtaining the user right and performs centralized control side signature verification; the centralized control side performs integrity calculation and data encryption operation on the control command passing the signature verification and then sends the control command to the station side; the station side carries out station side signature checking and integrity checking, and the control command passing the integrity checking is sent to the field side after being signed by the station side; and the field side performs field side signature verification on the control command and acquires an operator identifier from the control command passing the signature verification to perform legal identifier verification. Important sensitive data such as control instructions and the like can be prevented from being tampered and leaked, the behavior process of the control instructions can be traced, and the important data in the service can be managed and controlled.

Description

New energy platform control instruction protection method and system
Technical Field
The invention belongs to the technical field of information communication, and particularly relates to a new energy platform control instruction protection method and system.
Background
The new energy development will enter a new stage, and the proportion of the power generation and installation of new energy in China to the total installation of the electric power in China in the future will exceed 50%. With the continuous expansion of the new energy quantity, new energy enterprises must pay high attention to the network security protection problem of the new energy system.
At present, in a new energy scene, the protection foundation is weak, the hidden danger is serious, the safety protection means is single, the safety situation monitoring and early warning capability is insufficient, application data such as control instructions issued by operators are not protected, data are falsified, the hidden danger of service downtime is caused, the records based on the operators are not carried out on service operation, the misoperation cannot be traced, and the behavior cannot be determined.
Therefore, the method and the system for protecting the control instruction of the new energy platform are provided aiming at a three-layer structure of the new energy platform with a field side, a station side and a centralized control side, can prevent important sensitive data such as the control instruction from being tampered and leaked, can trace the source of the behavior process of the control instruction, and can ensure that the important data in the service can be managed and controlled.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide a new energy platform control instruction protection method and a system, which meet the safety requirements of a three-layer structure with a centralized control side, a field station side and a field side around a new energy platform, can prevent important sensitive data such as control instructions from being tampered and leaked, can trace the behavior process of the control instructions, ensure the controllability of important data in business, realize the safety of the whole process of issuing the control instructions from the centralized control side to the field side, and ensure the authenticity, integrity, confidentiality and non-repudiation of the control instruction business data.
In order to achieve the purpose, the technical scheme of the invention is as follows:
a new energy platform control instruction protection method includes a centralized control side, a field station side and a field side which are in communication connection, the centralized control side manages a plurality of asymmetric keys and synchronizes the asymmetric keys to the field station side and the field side, the asymmetric keys include private key information and public key information which correspond to signatures of different operators, and the method includes the following steps:
step S1: the centralized control side signs a control instruction issued by an operator obtaining user authority, and carries out centralized control side signature verification on the control instruction according to corresponding centralized control side public key information, wherein the control instruction comprises an operator identifier;
step S2: the centralized control side carries out integrity calculation on the control command passing the signature verification to obtain corresponding command data and a HASH value, carries out centralized control side signature on the HASH value according to corresponding private key information of the centralized control side, carries out encryption operation on the command data and then sends the command data and the HASH value to the station side;
and step S3: after the station side decrypts the received HASH value and the instruction data, the station side checks the sign of the HASH value according to the corresponding station side public key information, and performs integrity check on the instruction data according to the HASH value passing the sign check;
and step S4: the field station side converts the instruction data which passes the integrity verification into the control instruction, carries out field station side signature on the control instruction according to corresponding field station side private key information and then issues the control instruction to the field side;
step S5: and the field side checks the label of the control command according to the corresponding field side public key information, acquires an operator identification from the control command passing the label checking, judges whether the operator identification is legal or not, and sends the control command with the legal operator identification to a fan of the field side for operation.
Preferably, the centralized control side includes a centralized control system client, a centralized control side password service device and a centralized control system server, which are in communication connection, and the step S1 includes:
step S11: the centralized control system server calls an identity authentication interface of the centralized control side password service device to perform identity authentication on the operator, if the identity authentication is passed, the step S12 is performed, and if the identity authentication is not passed, the operator is prohibited from logging in and error reporting information is generated and returned to the centralized control system client for the operator to check;
step S12: the centralized control system client signs a control command issued by an operator according to the private key information of the centralized control side and then sends the control command to the centralized control system server;
step S13: and the centralized control system server calls a centralized control side signature checking interface of the centralized control side password service device to check the signature of the control command according to the corresponding centralized control side public key information, if the signature is checked to pass, the step S2 is carried out, and if the signature is not checked to pass, the control command is discarded and command signature checking failure information is generated.
Preferably, after step S13, the method further includes: and the centralized control system server calls a centralized control side encryption interface of the centralized control side password service device to encrypt the control instruction and store the encrypted control instruction in a local storage area of the centralized control side.
Preferably, the step S2 includes:
step S21: the centralized control system server calls a centralized control side HASH interface of the centralized control side password service device to carry out integrity calculation on the control instruction to obtain a corresponding HASH value and instruction data;
step S22: the centralized control system server calls a centralized control side signature interface of the centralized control side password service device to sign the HASH value;
step S23: the centralized control system server calls a centralized control side encryption interface of the centralized control side password service device to encrypt the signed HASH value and the signed instruction data;
step S24: and the centralized control system server side issues the encrypted HASH value and the encrypted instruction data to the site side in a message form.
Preferably, the station side includes a fan monitoring front server, a station side password service device and a fan monitoring system, which are in communication connection, and the step S3 includes:
step S31: the fan monitoring front server establishes an encryption channel with the station side password service device after receiving the encrypted HASH value and the encrypted instruction data;
step S32: the fan monitoring front server calls a site side decryption interface of the site side password service device to decrypt the HASH value and the instruction data;
step S33: the fan monitoring front-end server calls a site side label checking interface of the site side password service device to check the HASH value according to the corresponding site side public key information, if the label checking is passed, the step S34 is carried out, and if the label checking is not passed, the control instruction is discarded and instruction label checking failure information is generated;
step S34: and the fan monitoring front-end server calls a station side HASH interface of the station side password service device to perform integrity verification on the instruction data according to the HASH value, if the verification is passed, the step S4 is performed, and if the verification is not passed, the control instruction is discarded and instruction integrity verification failure information is generated.
Preferably, the step S4 includes:
step S41: the fan monitoring front server converts the instruction data into the control instruction according to a protocol format, calls a site side signature interface of the site side password service device to sign the control instruction and then sends the control instruction to the fan monitoring system;
step S42: after receiving the signed control command, the fan monitoring system establishes an encryption channel with the station side password service device;
step S43: the fan monitoring system calls a field station side label checking interface of the field station side password service device to check the label of the control instruction according to the corresponding field station side public key information, if the label is checked to be passed, the step S44 is carried out, and if the label is not checked to be passed, the control instruction is discarded and instruction label checking failure information is generated;
step S44: and the fan monitoring system calls a station side signature interface of the station side password service device to sign the control command and sends the signed control command to the field side.
Preferably, the step S41 further includes: the fan monitoring front-end server calls a field side encryption interface of the field side password service device to encrypt the control command which passes the integrity check and then store the control command in a local storage area of the fan monitoring front-end server; and the number of the first and second groups,
the step S43 is followed by: and the fan monitoring system calls a site side encryption interface of the site side password service device to encrypt the control command and then store the encrypted control command in a local storage area of the fan monitoring system.
Preferably, the site side includes a site side security access authentication device and a fan, in step S5, the site side security access authentication device performs site side signature verification on the control command according to corresponding site side public key information, if the signature verification passes, the control command is sent to the fan on the site side, and if the signature verification fails, the control command is discarded and command signature verification failure information is generated.
Preferably, the fan on the site side includes an operator verification module, the operator verification module establishes an operator identification list, the operator identification list can configurably store an operator list with a legal signature, and the following steps are continued for the control instruction that passes the verification: the operator verification module acquires an operator identifier from the control instruction, judges whether the operator identifier is in the operator identifier list, and sends the control instruction to the PLC module of the fan to execute the control instruction if the operator is in the operator identifier list.
The invention also provides a new energy platform control instruction protection system, which comprises:
the system comprises a centralized control side, a field station side and a field side which are in communication connection, wherein the centralized control side manages a plurality of asymmetric keys and synchronizes the asymmetric keys to the field station side and the field side, and the asymmetric keys comprise private key information and public key information which correspond to signatures of different operators;
the centralized control side comprises a centralized control system client, a centralized control side password service device and a centralized control system server which are in communication connection, and the centralized control side password service device is provided with a centralized control side signature checking interface, a centralized control side HASH interface, a centralized control side signature interface and a centralized control side encryption interface;
the centralized control system client is used for signing a control instruction issued by an operator obtaining user authority and then sending the control instruction to the centralized control system server;
the centralized control system server is used for calling a centralized control side signature checking interface to carry out centralized control side signature checking on the control command according to corresponding centralized control side public key information, calling a centralized control side HASH interface to carry out integrity calculation on the control command passing the signature checking to obtain corresponding command data and an HASH value, calling a centralized control side signature interface to carry out centralized control side signature on the HASH value according to corresponding centralized control side private key information and calling a centralized control side encryption interface to carry out encryption operation on the HASH value and the command data and then send the encrypted HASH value and the command data to the field station side;
the station side comprises a fan monitoring preposed server, a station side password service device and a fan monitoring system which are in communication connection, and the station side password service device is provided with a station side decryption interface, a station side signature checking interface, a station side HASH interface and a station side signature interface;
the fan monitoring front-end server is used for establishing an encryption channel with the site side password service device after receiving the encrypted HASH value and the instruction data, calling a site side decryption interface to decrypt the HASH value and the instruction data, calling a site side signature verification interface to verify the HASH value according to corresponding site side public key information, calling the site side HASH interface to perform integrity verification on the instruction data according to the HASH value, converting the instruction data passing the integrity verification into the control instruction, calling a site side signature interface to sign the control instruction, and sending the control instruction to the fan monitoring system;
the fan monitoring system is used for calling a field station side label checking interface to check the label of the control instruction according to the corresponding field station side public key information, calling the field station side label checking interface to sign the control instruction and then sending the control instruction to the field side;
the field side comprises a field side safety access authentication device and a fan which are in communication connection;
the field side safety access authentication device is used for carrying out field side signature checking on the control command according to corresponding field side public key information and then sending the control command to the fan;
and the fan acquires an operator identification from the control instruction passing the label checking, judges whether the operator identification is legal or not, and runs the control instruction with the legal operator identification through a PLC (programmable logic controller) of the fan.
The technical scheme of the invention has the beneficial effects that:
the invention disperses the service key data meeting different field station service characteristics around the safety requirement of a three-layer structure with a centralized control side, a field station side and a field side of a new energy platform, carries out signature and signature verification operation, data integrity operation and data encryption and decryption operation on control instructions transmitted among the centralized control side, the field station side and the field side until finally completing signature verification and legal identification verification on the control instructions at the field side, embeds the safety requirement of the control instructions into the safety protection of each service layer, can prevent important sensitive data such as the control instructions from being tampered and leaked, can trace the behavior process of the control instructions, ensure the manageability and controllability of important data in service, realize the safety of the whole process of issuing the control instructions from the centralized control side to the field side, and ensure the authenticity, integrity, confidentiality and non-repudiation of the control instruction service data.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent by describing in more detail exemplary embodiments thereof with reference to the attached drawings, in which like reference numerals generally represent like parts throughout.
Fig. 1 is a flowchart illustrating steps of a new energy platform control instruction protection method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram illustrating a new energy platform control instruction protection system according to an embodiment of the present invention;
fig. 3 is a schematic flowchart illustrating a step S1 of a new energy platform control instruction protection method according to an embodiment of the present invention;
fig. 4 is a flowchart illustrating step S2 of the new energy platform control instruction protection method according to the embodiment of the present invention;
fig. 5 is a flowchart illustrating step S3 of the new energy platform control instruction protection method according to the embodiment of the present invention;
fig. 6 is a flowchart illustrating a step S4 of a new energy platform control instruction protection method according to an embodiment of the present invention;
fig. 7 shows an interface schematic diagram of a centralized control side password service device in a new energy platform control instruction protection system according to an embodiment of the present invention;
fig. 8 is a schematic interface diagram illustrating a site-side password service device in a new energy platform control instruction protection system according to an embodiment of the present invention;
fig. 9 shows a schematic structural diagram of a terminal fan of the new energy platform control instruction protection system provided by the embodiment of the invention.
Description of the reference numerals:
1. a centralized control side; 11. a centralized control system client; 12. a centralized control system server; 13. a centralized control side password service device; 2. a station side; 21. the fan monitors the front server; 22. a station side password service device; 23. a fan monitoring system; 3. the field side; 31. the site side is safely accessed to the authentication device; 32. a fan.
Detailed Description
Preferred embodiments of the present invention will be described in more detail below. While the following describes preferred embodiments of the present invention, it should be understood that the present invention may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
Example one
Referring to fig. 1 and 2, the present invention provides a new energy platform control instruction protection method, where a new energy platform includes a centralized control side 1, a field station side 2, and a field side 3 that are in communication connection, the centralized control side 1 manages multiple asymmetric keys and synchronizes the asymmetric keys to the field station side 2 and the field side 3, where the asymmetric keys include private key information and public key information corresponding to signatures of different operators, and the method includes:
step S1: the centralized control side 1 signs a control instruction issued by an operator obtaining user authority, and carries out centralized control side signature verification on the control instruction according to corresponding centralized control side public key information, wherein the control instruction comprises an operator identifier;
step S2: the centralized control side 1 carries out integrity calculation on the control command passing the signature checking to obtain corresponding command data and a HASH value, carries out centralized control side signature on the HASH value according to corresponding private key information of the centralized control side, carries out encryption operation on the centralized control side signature and the command data, and then sends the command data and the HASH value to the station side 2;
and step S3: the station side 2 decrypts the received HASH value and the instruction data, performs station side signature verification on the HASH value according to the corresponding station side public key information, and performs integrity verification on the instruction data according to the signed HASH value;
and step S4: the site side 2 converts the instruction data passing the integrity verification into a control instruction, performs site side signature on the control instruction according to the corresponding site side private key information, and then sends the control instruction to the site side 3;
step S5: the field side 3 performs field side signature verification on the control instruction according to the corresponding field side public key information, acquires an operator identifier from the control instruction passing the signature verification, judges whether the operator identifier is legal, and sends the control instruction with the legal operator identifier to the fan 32 of the field side 3 for operation.
Specifically, the key management platform of the centralized control side 1 serves as a management layer of asymmetric keys, manages a plurality of asymmetric keys, and forms a standard service key according to service characteristic requirements of different stations and according to a certain rule. For example, the same key data may be distributed into several different pieces of service key data according to different dispersion factors, and stored in the asset management devices on the centralized control side 1 and the station side 2, so as to meet the service characteristic requirements of different stations. The distributed factors of the service key are generally composed of variable factors such as sequence numbers, equipment numbers and the like, so that the key data distributed generation process is guaranteed to be buckled layer by layer, the process is tight, and the method has high safety and wide applicability.
The centralized control system operating terminal deployment of centralized control side 1 accords with USBKey and drive, the certificate management platform issues certificates for equipment login users, the centralized control system reads the USBKey certificates, and the identity of the login service system users is identified based on SM2 digital certificate technology in combination with the identity authority mechanism of the service system. And during actual operation, calling a USBKey password service interface, and carrying out signature based on an operator certificate on a control instruction issued by an operator obtaining the user authority.
Before the centralized control side 1 issues the signed control command to the station side 2, public key information with the same index as the private key information used by the signature of the operator is found from the asset management device of the centralized control side 1 for signature verification and signature verification information (the signature verification information comprises signature verification time, the ID of the operator, signature verification results and the like) is recorded. After the signature verification passes, the centralized control side HASH interface of the centralized control side password service device 13 is called to carry out HASH calculation to obtain an HASH value, then the centralized control side signature interface is called to carry out HASH value signature, and finally the centralized control side encryption interface is called to encrypt the command data and the signed HASH value together and send the command data and the signed HASH value to the station side 2.
After the fan monitoring front-end server 21 of the site side 2 receives the encrypted signature HASH value and the instruction data, a site side decryption interface of the site side password service device 22 is called to decrypt the data, then a site side signature verification interface of the site side password service device 22 is called, public key information with the same index as the private key information used by the operator for signature is found from the asset management device of the site side 2 to verify the signature, and signature verification information is recorded. After the signature passes, the HASH interface on the site side is called to perform data integrity verification, finally, the command data is converted into a control command in a protocol format, and the fan monitoring front-end server 21 calls the signature interface of the password service device 22 on the site side to sign the control command and then sends the control command to the fan monitoring system 23. And after receiving the signed instruction data, the fan monitoring system 23 calls a field station side signature checking interface of the field station side password service device 22 to check the signature, and after the signature passes, the fan monitoring system 23 calls the field station side signature interface of the field station side password service device 22 to sign the control instruction and then sends the control instruction to the field side 3.
The safety access authentication device 31 of the field side 3 checks the label of the control instruction according to the public key information in the asset management device of the field side, acquires the operator identification from the control instruction passing the label checking, judges whether the operator identification is legal, and sends the control instruction with the legal operator identification to the fan 32 for operation.
The control instructions transmitted among the centralized control side, the field station side and the field side are subjected to signature and signature verification operation, integrity operation and encryption and decryption operation until signature verification of the control instructions and legal identification verification of operators are completed at the field side finally, the safety requirements of the control instructions are embedded into safety protection of each business layer, and risks of leakage, stealing and tampering caused by transmission of the control instructions in a data plaintext form are prevented through an encryption and decryption mechanism and an operator signature mechanism, so that the control instructions are damaged after being tampered, and the transmitted control instructions have confidentiality. The centralized control side 1 is characterized in that a centralized control system operator issues a control instruction after logging in an identity certificate system based on an operator to obtain login authority, and signs the control instruction, and the signature and signature verification of a service key in a service layer and a verification mechanism of a field side are combined to ensure that the operation of each control instruction is traceable, so that the problems that the source of the control instruction is not trusted, the operator is not certified to cause incapability of tracing and the like when the control instruction is issued if a production accident occurs are solved, the control instruction has authenticity and non-repudiation, and the system is prevented from being damaged due to illegal issuing of the control instruction. HASH operation is carried out on the control command at the centralized control side 1 and the station side 2, and the integrity of the transmitted control command is ensured, so that the whole process safety of the control command issued from the centralized control side to the field side is realized, the control command and other important data in the service can be managed and controlled, and the authenticity, the integrity, the confidentiality and the non-repudiation of the control command are ensured.
Preferably, the SM4 symmetric cryptographic algorithm is adopted to encrypt and decrypt the transmitted control command; carrying out integrity verification on the control instruction sent by the centralized control side 1 by adopting an SM3 password hash algorithm; and adopting an SM2 elliptic curve public key cryptographic algorithm, using the corresponding centralized control side public key information or the field station side public key information to check the signature of the received control instruction, and using the corresponding centralized control side private key information or the field station side private key information to sign.
In a preferred example, the centralized control side 1 includes a centralized control system client 11, a centralized control side password service device 13 and a centralized control system server 12 that are connected in communication, as shown in fig. 3, step S1 includes:
step S11: the centralized control system server 12 calls an identity authentication interface of the centralized control side password service device 13 to perform identity authentication on the operator, if the identity authentication is passed, the step S12 is performed, and if the identity authentication is not passed, the operator is prohibited from logging in and error reporting information is generated and returned to the centralized control system client 11 for the operator to check;
step S12: the centralized control system client 11 signs a control instruction issued by an operator according to the private key information of the centralized control side and sends the control instruction to the centralized control system server 12;
step S13: and the centralized control system server 12 calls a centralized control side signature checking interface of the centralized control side password service device 13 to check the signature of the control instruction according to the corresponding centralized control side public key information, if the signature is checked to be passed, the step S2 is carried out, and if the signature is not checked to be passed, the control instruction is discarded and instruction signature checking failure information is generated.
Specifically, the centralized control side password service device 13 includes an identity authentication interface, a centralized control side encryption interface, a centralized control side signature verification interface, and a centralized control side HASH interface, and the centralized control system service end 12 is connected to the centralized control side password service device 13 and can call each interface of the centralized control side password service device 13. The centralized control system server 12 calls an identity authentication interface of the centralized control side password service device 13 to authenticate the identity of an operator according to certificate information in the centralized control side asset management device, if the authentication fails, authentication failure information is returned to the centralized control system client 11 to report errors, meanwhile, the operator is not allowed to log in, if the authentication passes, the centralized control system client 11 allows a login related authority interface according to the authority of the operator to obtain the authority of issuing the control instruction, and calls a centralized control side signature verification interface of the centralized control side password service device 13 to verify the control instruction according to corresponding centralized control side public key information, so that the risk of data leakage and tampering after the control instruction is intercepted is prevented, the intensity of operation authority authentication is increased by deploying the centralized control side password service device 13, and the risk of illegal issuing of the control instruction by the operator is reduced.
A preferred example, step S13 is followed by: the centralized control system server 12 calls the centralized control side encryption interface of the centralized control side password service device 13 to encrypt the control command and store the encrypted control command in the local storage area of the centralized control side 1.
Specifically, the centralized control system server 12 calls a centralized control side encryption interface of the centralized control side password service device 13, encrypts the control command, and stores the encrypted control command in a local designated directory for backup. Before the control instruction is used, the centralized control system server 12 calls a centralized control side decryption interface of the centralized control side password service device 13, decrypts the stored control instruction and then uses data, and encrypts important service data of the control instruction and then locally stores the encrypted important service data in the centralized control side 1, so that the system is prevented from being damaged and cannot be recovered, and the safety protection of the data is improved.
Further, the centralized control side cryptographic service device 13 further includes an HMAC interface, and the HMAC interface of the centralized control side cryptographic service device is called to perform HMAC operation on the data, so as to obtain an HMAC value, and then store the HMAC value locally. Before using the data each time, calling an HMAC interface of the centralized control side password service device, calculating again to obtain an HMAC 'value, comparing the locally stored HMAC value with the HMAC' value which is calculated again, and if the locally stored HMAC value is the same as the locally stored HMAC value, the integrity check is passed, so that the data can be used to ensure the integrity of the locally stored control instruction.
A preferred example, as shown in fig. 4, step S2 includes:
step S21: the centralized control system server 12 calls a centralized control side HASH interface of the centralized control side password service device 13 to carry out integrity calculation on the control instruction to obtain a corresponding HASH value and instruction data;
step S22: the centralized control system server 12 calls a centralized control side signature interface of the centralized control side password service device 13 to sign the HASH value;
step S23: the centralized control system server 12 calls a centralized control side encryption interface of the centralized control side password service device 13 to encrypt the signed HASH value and the command data;
step S24: the centralized control system server 12 issues the encrypted HASH value and the instruction data to the site side 2 in a message form.
Specifically, the centralized control system server 12 performs HASH calculation on the control command by calling the centralized control side HASH interface of the centralized control side password service device 13 to obtain a corresponding HASH value and command data, then calls the centralized control side encryption interface of the centralized control side password service device 13 to encrypt the HASH value and the command data, and sends the encrypted command data and the calculated HASH value to the site side 2 together in a message form.
In a preferred example, the site side 2 includes a fan monitoring front-end server 21, a site side password service device 22 and a fan monitoring system 23, which are connected in communication, as shown in fig. 5, and the step S3 includes:
step S31: the fan monitoring front-end server 21 establishes an encryption channel with the station side password service device after receiving the encrypted HASH value and the encrypted instruction data;
step S32: the fan monitoring front-end server 21 calls a site side decryption interface of the site side password service device 22 to decrypt the HASH value and the instruction data;
step S33: the fan monitoring front-end server 21 calls a site side signature checking interface of the site side password service device 22 to check the HASH value according to the corresponding site side public key information, if the signature checking is passed, the step S34 is carried out, and if the signature checking is not passed, the control instruction is discarded and instruction signature checking failure information is generated;
step S34: the fan monitoring front-end server 21 calls a station side HASH interface of the station side password service device 22 to perform integrity verification on the instruction data according to the HASH value, if the verification is passed, the step S4 is performed, and if the verification is not passed, the control instruction is discarded and instruction integrity verification failure information is generated.
Specifically, the certificate management platform issues a service key certificate of a corresponding device to the fan monitoring front-end server 21, and the yard-side password service apparatus 22 establishes an encryption channel with the fan monitoring front-end server 21 and the fan monitoring system 23 through the synchronous certificate chain information. The specific mode is as follows: when the station side password service device 22 is initialized, a double certificate used by an encryption channel is generated, and when the station side password service device 22 is connected for the first time, the encryption channel dedicated public key is sent to the fan monitoring front server 21 by the encryption channel interface. Before the blower monitoring front-end server 21 calls the encryption channel interface of the site side password service device 22 each time, the encryption channel is called first, the encryption channel is encrypted by using the public key special for the encryption channel and then sent to the site side password service device 22, and the site side password service device 22 decrypts by using the private key special for the encryption channel. After the verification is passed, the two parties negotiate a transmission encryption key, an encryption security channel is established, and related services such as data decryption, integrity verification, signature verification and the like are transmitted.
The station side cryptographic service apparatus 22 includes a station side HASH interface, a station side decryption interface, a station side encryption interface, a station side signature interface, and a station side signature verification interface. The site side front server 21 is connected with the site side password service device 22, each interface of the site side password service device 22 can be called, after the encrypted instruction data of the centralized control side 1 and the calculated HASH value are received, the site side decryption interface of the site side password service device 22 is called, after the data are decrypted, the site side verification interface of the site side password service device 22 is called again to verify the decrypted HASH value according to the corresponding site side public key information, the site side HASH interface of the site side password service device 22 is called according to the HASH value passing verification to verify the data integrity of the instruction data, and the data are used after the verification is passed. And ensuring the integrity of data transmission of the control command from the centralized control side 1 to the station side 2.
A preferred example, as shown in fig. 6, step S4 includes:
step S41: the fan monitoring front-end server 21 converts the instruction data into a control instruction according to a protocol format, calls a site side signature interface of the site side password service device 22 to sign the control instruction, and sends the control instruction to the fan monitoring system 23;
step S42: after receiving the signed control instruction, the fan monitoring system 23 establishes an encryption channel with the station side password service device 22;
step S43: the fan monitoring system 23 calls a station side signature checking interface of the station side password service device 22 to check the signature of the control command according to the corresponding station side public key information, if the signature is checked to be passed, the step S44 is carried out, and if the signature is not checked to be passed, the control command is discarded and command signature checking failure information is generated;
step S44: the fan monitoring system 23 calls a site side signature interface of the site side password service device 22 to sign the control instruction, and sends the signed control instruction to the site side 3.
Specifically, the fan monitoring system 23 is connected to the site-side password service device 22, and each interface of the site-side password service device 22 can be called as well, so that the control instruction is checked and signed at the fan monitoring system 23, the identity of the operator of the initiator is confirmed to be credible, and the control instruction is signed according to the site-side private key information after the control instruction passes the signature check and then is issued to the site side 3.
In a preferred example, step S41 further includes: the fan monitoring front-end server 21 calls a field side encryption interface of the field side password service device 22 to encrypt the control command passing the integrity check and store the encrypted control command in a local storage area of the fan monitoring front-end server 21; and the number of the first and second groups,
step S43 is followed by: the fan monitoring system 23 calls a site side encryption interface of the site side password service device 22 to encrypt the control command and store the encrypted control command in a local storage area of the fan monitoring system 23.
Specifically, the fan monitoring front-end server 21 and the fan monitoring system 23 respectively call a site side encryption interface of the site side password service device 22, and after encryption, the encrypted data are respectively stored in the fan monitoring front-end server 21 and the fan monitoring system 23 on the site side 2 for backup and restoration. If the data is needed, the site side decryption interface of the site side cryptographic service device 22 is called to decrypt the stored control command.
In a preferred example, the site side 3 includes a site side security access authentication device 31 and a fan 32, in step S5, the site side security access authentication device 31 performs site side signature verification on the control command according to the corresponding site side public key information, sends the control command to the fan 32 of the site side 3 if the signature verification passes, discards the control command if the signature verification does not pass, and generates command signature verification failure information.
In a preferred example, the fan 32 on the site side 3 includes an operator verification module, the operator verification module establishes an operator identification list, the operator identification list can configurably store an operator list with a legal signature, and the following steps are continued for a control instruction that the signature passes: the operator verification module acquires an operator identifier from the control instruction, judges whether the operator identifier is in the operator identifier list, and sends the control instruction to the PLC module of the fan to execute the control instruction if the operator exists in the operator identifier list.
Specifically, the on-site-side security access authentication device 31 performs on-site-side signature verification on the control instruction according to the corresponding on-site-side public key information, acquires an operator identifier for the control instruction passing the signature verification, and the operator verification module judges whether the operator identifier is in an operator identifier list, and sends the control instruction of the legal identifier to the PLC module of the fan to operate, and if the legal identifier verification fails, discards the control instruction. Even if the control instruction is tampered in the service layer transmission process, the tampered control instruction is prevented from running on the terminal fan through the field side public key information verification and the operator identification verification mechanism, and the field side is ensured to produce safely.
Example two
Referring to fig. 2 and 7 to 9, the present embodiment further provides a new energy platform control instruction protection system, where the system includes:
the system comprises a centralized control side 1, a field station side 2 and a field side 3 which are in communication connection, wherein the centralized control side 1 manages a plurality of asymmetric keys and synchronizes the asymmetric keys to the field station side 2 and the field side 3, and the asymmetric keys comprise private key information and public key information which correspond to signatures of different operators;
the centralized control side 1 comprises a centralized control system client 11, a centralized control side password service device 13 and a centralized control system service end 12 which are in communication connection, and the centralized control side password service device 13 is provided with a centralized control side signature checking interface, a centralized control side HASH interface, a centralized control side signature interface and a centralized control side encryption interface;
the centralized control system client 11 is used for signing a control instruction issued by an operator obtaining user authority and then sending the control instruction to the centralized control system server 12;
the centralized control system server 12 is used for calling a centralized control side signature checking interface to perform centralized control side signature checking on the control command according to the corresponding centralized control side public key information, calling a centralized control side HASH interface to perform integrity calculation on the control command subjected to signature checking to obtain corresponding command data and HASH value, calling a centralized control side signature interface to perform centralized control side signature on the HASH value according to the corresponding centralized control side private key information, calling a centralized control side encryption interface to perform encryption operation on the HASH value and the command data, and then issuing the result to the station side 2;
the station side 2 comprises a fan monitoring front-end server 21, a station side password service device 22 and a fan monitoring system 23 which are in communication connection, and the station side password service device 22 is provided with a station side decryption interface, a station side signature verification interface, a station side HASH interface and a station side signature interface;
the fan monitoring front-end server 21 is used for establishing an encryption channel with the site side password service device after receiving the encrypted HASH value and the encrypted instruction data, calling a site side decryption interface to decrypt the HASH value and the encrypted instruction data, calling a site side signature verification interface to verify the HASH value according to the corresponding site side public key information, calling the site side HASH interface to perform integrity verification on the instruction data according to the HASH value, converting the instruction data passing the integrity verification into a control instruction, calling a site side signature interface to sign the control instruction, and sending the control instruction to the fan monitoring system;
the fan monitoring system 23 is used for calling the station side label checking interface to check the label of the control instruction according to the corresponding station side public key information, calling the station side label checking interface to sign the control instruction and then sending the control instruction to the field side 3;
the field side 3 comprises a field side safety access authentication device 31 and a fan 32 which are in communication connection;
the field side safety access authentication device 31 is used for carrying out field side signature verification on the control command according to the corresponding field side public key information and then sending the control command to the fan 32;
the fan 32 obtains the operator identifier from the control instruction passing the label checking, determines whether the operator identifier is legal, and runs the control instruction having the legal operator identifier through the PLC of the fan.
The system ensures the safety of the whole process of issuing the downlink control instruction from the centralized control side to the field side, and reference is made to the specific process in the first embodiment, which is not described in detail herein.
While embodiments of the present invention have been described above, the above description is illustrative, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments.

Claims (10)

1. A new energy platform control instruction protection method is characterized in that a new energy platform comprises a centralized control side, a field station side and a field side which are in communication connection, the centralized control side manages a plurality of asymmetric keys and synchronizes the asymmetric keys to the field station side and the field side, the asymmetric keys comprise private key information and public key information which correspond to signatures of different operators, and the method comprises the following steps:
step S1: the centralized control side signs a control instruction issued by an operator obtaining user authority, and carries out centralized control side signature verification on the control instruction according to corresponding centralized control side public key information, wherein the control instruction comprises an operator identifier;
step S2: the centralized control side carries out integrity calculation on the control command passing the signature verification to obtain corresponding command data and a HASH value, carries out centralized control side signature on the HASH value according to corresponding private key information of the centralized control side, carries out encryption operation on the command data and then sends the command data and the HASH value to the station side;
and step S3: after the station side decrypts the received HASH value and the instruction data, the station side checks the sign of the HASH value according to the corresponding station side public key information, and performs integrity check on the instruction data according to the HASH value passing the sign check;
and step S4: the station side converts the instruction data which passes the integrity verification into the control instruction, carries out station side signature on the control instruction according to the corresponding station side private key information and then sends the control instruction to the field side;
step S5: and the field side checks the label of the control instruction according to the corresponding field side public key information, acquires an operator identification from the control instruction passing the label checking, judges whether the operator identification is legal or not, and sends the control instruction with the legal operator identification to the fan of the field side for operation.
2. The new energy platform control instruction protection method according to claim 1, wherein the centralized control side includes a centralized control system client, a centralized control side password service device and a centralized control system server that are in communication connection, and the step S1 includes:
step S11: the centralized control system server calls an identity authentication interface of the centralized control side password service device to perform identity authentication on the operator, if the identity authentication is passed, the step S12 is performed, and if the identity authentication is not passed, the operator is prohibited from logging in and error reporting information is generated and returned to the centralized control system client for the operator to check;
step S12: the centralized control system client signs a control instruction issued by an operator according to the private key information of the centralized control side and then sends the control instruction to the centralized control system server;
step S13: and the centralized control system server calls a centralized control side signature checking interface of the centralized control side password service device to check the signature of the control instruction according to the corresponding public key information of the centralized control side, if the signature is checked to pass, the step S2 is carried out, and if the signature is not checked to pass, the control instruction is discarded and command signature checking failure information is generated.
3. The method for protecting the new energy platform control command according to claim 2, further comprising, after the step S13: and the centralized control system server calls a centralized control side encryption interface of the centralized control side password service device to encrypt the control instruction and store the encrypted control instruction in a local storage area of the centralized control side.
4. The new energy platform control instruction protection method according to claim 2, wherein the step S2 includes:
step S21: the centralized control system server calls a centralized control side HASH interface of the centralized control side password service device to carry out integrity calculation on the control instruction to obtain a corresponding HASH value and instruction data;
step S22: the centralized control system server calls a centralized control side signature interface of the centralized control side password service device to sign the HASH value;
step S23: the centralized control system server calls a centralized control side encryption interface of the centralized control side password service device to encrypt the signed HASH value and the command data;
step S24: and the centralized control system server side issues the encrypted HASH value and the encrypted instruction data to the yard side in a message form.
5. The new energy platform control instruction protection method according to claim 2, wherein the site side includes a fan monitoring front-end server, a site side password service device and a fan monitoring system, which are in communication connection, and the step S3 includes:
step S31: the fan monitoring front-end server receives the encrypted HASH value and the encrypted instruction data and then establishes an encryption channel with the station side password service device;
step S32: the fan monitoring front-end server calls a site side decryption interface of the site side password service device to decrypt the HASH value and the instruction data;
step S33: the fan monitoring front-end server calls a site side label checking interface of the site side password service device to check the HASH value according to the corresponding site side public key information, if the label checking is passed, the step S34 is carried out, and if the label checking is not passed, the control instruction is discarded and instruction label checking failure information is generated;
step S34: and the fan monitoring front-end server calls a station side HASH interface of the station side password service device to perform integrity verification on the instruction data according to the HASH value, if the verification is passed, the step S4 is performed, and if the verification is not passed, the control instruction is discarded and instruction integrity verification failure information is generated.
6. The new energy platform control instruction protection method according to claim 5, wherein the step S4 includes:
step S41: the fan monitoring front server converts the instruction data into the control instruction according to a protocol format, calls a site side signature interface of the site side password service device to sign the control instruction and then sends the control instruction to the fan monitoring system;
step S42: after receiving the signed control command, the fan monitoring system establishes an encryption channel with the station side password service device;
step S43: the fan monitoring system calls a field station side label checking interface of the field station side password service device to check the label of the control instruction according to the corresponding field station side public key information, if the label is checked to be passed, the step S44 is carried out, and if the label is not checked to be passed, the control instruction is discarded and instruction label checking failure information is generated;
step S44: and the fan monitoring system calls a station side signature interface of the station side password service device to sign the control command and sends the signed control command to the field side.
7. The method according to claim 6, wherein the step S41 further includes: the fan monitoring front-end server calls a field side encryption interface of the field side password service device to encrypt the control command which passes the integrity check and then store the control command in a local storage area of the fan monitoring front-end server; and (c) a second step of,
the step S43 further includes: and the fan monitoring system calls a site side encryption interface of the site side password service device to encrypt the control command and then store the encrypted control command in a local storage area of the fan monitoring system.
8. The new energy platform control instruction protection method according to claim 5, wherein the site side includes a site side security access authentication device and a fan, and in step S5, the site side security access authentication device performs site side signature verification on the control instruction according to corresponding site side public key information, and sends the control instruction to the fan on the site side if the signature verification passes, and discards the control instruction and generates instruction signature verification failure information if the signature verification does not pass.
9. The new energy platform control instruction protection method according to claim 8, wherein a fan on a site side includes an operator verification module, the operator verification module establishes an operator identification list, the operator identification list configurably stores an operator list with a legal signature, and the following steps are continued for the control instruction passing the signature verification: the operator verification module obtains an operator identification from the control command, judges whether the operator identification is in the operator identification list, and sends the control command to a PLC module of the fan to execute the control command if the operator is in the operator identification list.
10. A new energy platform control instruction protection system, characterized in that, the system includes:
the system comprises a centralized control side, a field station side and a field side which are in communication connection, wherein the centralized control side manages a plurality of asymmetric keys and synchronizes the asymmetric keys to the field station side and the field side, and the asymmetric keys comprise private key information and public key information which correspond to signatures of different operators;
the centralized control side comprises a centralized control system client, a centralized control side password service device and a centralized control system server which are in communication connection, wherein the centralized control side password service device is provided with a centralized control side signature checking interface, a centralized control side HASH interface, a centralized control side signature interface and a centralized control side encryption interface;
the centralized control system client is used for signing a control instruction issued by an operator obtaining user authority and then sending the control instruction to the centralized control system server;
the centralized control system server is used for calling a centralized control side signature checking interface to perform centralized control side signature checking on the control instruction according to corresponding centralized control side public key information, calling the centralized control side HASH interface to perform integrity calculation on the control instruction passing the signature checking to obtain corresponding instruction data and an HASH value, calling the centralized control side signature interface to perform centralized control side signature on the HASH value according to corresponding centralized control side private key information and calling the centralized control side encryption interface to perform encryption operation on the HASH value and the instruction data and then send the result to the yard side;
the station side comprises a fan monitoring front server, a station side password service device and a fan monitoring system which are in communication connection, and the station side password service device is provided with a station side decryption interface, a station side signature checking interface, a station side HASH interface and a station side signature interface;
the fan monitoring front-end server is used for establishing an encryption channel with the site side password service device after receiving the encrypted HASH value and the instruction data, calling a site side decryption interface to decrypt the HASH value and the instruction data, calling a site side signature verification interface to verify the HASH value according to corresponding site side public key information, calling the site side HASH interface to perform integrity verification on the instruction data according to the HASH value, converting the instruction data passing the integrity verification into the control instruction, calling a site side signature interface to sign the control instruction, and sending the control instruction to the fan monitoring system;
the fan monitoring system is used for calling a field station side label checking interface to check the label of the control instruction according to the corresponding field station side public key information, calling the field station side label checking interface to sign the control instruction and then issuing the control instruction to the field side;
the field side comprises a field side safety access authentication device and a fan which are in communication connection;
the field side safety access authentication device is used for carrying out field side signature checking on the control command according to corresponding field side public key information and then sending the control command to the fan;
and the fan acquires an operator identification from the control instruction passing the label checking, judges whether the operator identification is legal or not, and runs the control instruction with the legal operator identification through a PLC (programmable logic controller) of the fan.
CN202210964355.7A 2022-08-12 2022-08-12 New energy platform control instruction protection method and system Active CN115051813B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210964355.7A CN115051813B (en) 2022-08-12 2022-08-12 New energy platform control instruction protection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210964355.7A CN115051813B (en) 2022-08-12 2022-08-12 New energy platform control instruction protection method and system

Publications (2)

Publication Number Publication Date
CN115051813A CN115051813A (en) 2022-09-13
CN115051813B true CN115051813B (en) 2023-01-03

Family

ID=83168004

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210964355.7A Active CN115051813B (en) 2022-08-12 2022-08-12 New energy platform control instruction protection method and system

Country Status (1)

Country Link
CN (1) CN115051813B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115225415B (en) * 2022-09-21 2023-01-24 南京华盾电力信息安全测评有限公司 Password application platform for new energy centralized control system and monitoring and early warning method
CN115348114B (en) * 2022-10-19 2023-02-28 浙江浩普智能科技有限公司 Intelligent power plant data safety transmission method and system, electronic equipment and medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685114A (en) * 2012-04-24 2012-09-19 广东电网公司电力科学研究院 Metering data transmission system based on identity encryption and data transmission method
CN103618610A (en) * 2013-12-06 2014-03-05 上海千贯节能科技有限公司 Information safety algorithm based on energy information gateway in smart power grid
CN104202170A (en) * 2014-09-22 2014-12-10 上海众人科技有限公司 Identity authentication system and method based on identifiers

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3672143A1 (en) * 2018-12-20 2020-06-24 Safenet Canada Inc. Method for generating stateful hash based signatures of messages to be signed

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685114A (en) * 2012-04-24 2012-09-19 广东电网公司电力科学研究院 Metering data transmission system based on identity encryption and data transmission method
CN103618610A (en) * 2013-12-06 2014-03-05 上海千贯节能科技有限公司 Information safety algorithm based on energy information gateway in smart power grid
CN104202170A (en) * 2014-09-22 2014-12-10 上海众人科技有限公司 Identity authentication system and method based on identifiers

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
新能源集控中心一体化平台关键技术的探究;何婷等;《中国水利水电科学研究院学报》;20210228;第19卷(第1期);全文 *

Also Published As

Publication number Publication date
CN115051813A (en) 2022-09-13

Similar Documents

Publication Publication Date Title
CN108768988B (en) Block chain access control method, block chain access control equipment and computer readable storage medium
CN115051813B (en) New energy platform control instruction protection method and system
US8171527B2 (en) Method and apparatus for securing unlock password generation and distribution
CN107046531B (en) Data processing method and system for accessing data of monitoring terminal to power information network
CN106656503B (en) Method for storing cipher key, data encryption/decryption method, electric endorsement method and its device
CN109905371B (en) Bidirectional encryption authentication system and application method thereof
CN111435390A (en) Safety protection method for operation and maintenance tool of power distribution terminal
CN111540093A (en) Access control system and control method thereof
CN112671710A (en) Security encryption device based on national cryptographic algorithm, bidirectional authentication and encryption method
CN111277417A (en) Electronic signature implementation method based on national network security technology architecture
CN111147257A (en) Identity authentication and information confidentiality method, monitoring center and remote terminal unit
CN111224784B (en) Role separation distributed authentication and authorization method based on hardware trusted root
CN110445782A (en) A kind of multi-media safety broadcast control system and method
CN111435389A (en) Power distribution terminal operation and maintenance tool safety protection system
CN114697082A (en) Production and application method of encryption and decryption device in server-free environment
CN112865965B (en) Train service data processing method and system based on quantum key
CN110838910B (en) Subway comprehensive monitoring system based on SM3 and SM4 communication encryption
CN110798447B (en) Intelligent terminal local authorization method, device and system based on network communication
CN113676330B (en) Digital certificate application system and method based on secondary secret key
CN112738122B (en) Online key management system and method in complex scene in rail transit field
KR102419057B1 (en) Message security system and method of railway communication network
CN115086085A (en) New energy platform terminal security access authentication method and system
CN114173303A (en) Train-ground session key generation method and system for CTCS-3 level train control system
CN113347004A (en) Encryption method for power industry
CN113783846A (en) Trusted data transmission system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant