CN115694815A - Communication encryption method and device for power distribution terminal - Google Patents

Communication encryption method and device for power distribution terminal Download PDF

Info

Publication number
CN115694815A
CN115694815A CN202310000639.9A CN202310000639A CN115694815A CN 115694815 A CN115694815 A CN 115694815A CN 202310000639 A CN202310000639 A CN 202310000639A CN 115694815 A CN115694815 A CN 115694815A
Authority
CN
China
Prior art keywords
quantum key
power
key
quantum
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310000639.9A
Other languages
Chinese (zh)
Other versions
CN115694815B (en
Inventor
张磐
杨挺
徐科
郭志标
魏然
吴磊
梁海深
郑悦
陈沼宇
张海丰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin University
State Grid Corp of China SGCC
State Grid Tianjin Electric Power Co Ltd
Electric Power Research Institute of State Grid Tianjin Electric Power Co Ltd
Original Assignee
Tianjin University
State Grid Corp of China SGCC
State Grid Tianjin Electric Power Co Ltd
Electric Power Research Institute of State Grid Tianjin Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin University, State Grid Corp of China SGCC, State Grid Tianjin Electric Power Co Ltd, Electric Power Research Institute of State Grid Tianjin Electric Power Co Ltd filed Critical Tianjin University
Priority to CN202310000639.9A priority Critical patent/CN115694815B/en
Publication of CN115694815A publication Critical patent/CN115694815A/en
Application granted granted Critical
Publication of CN115694815B publication Critical patent/CN115694815B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a communication encryption method and a communication encryption device for power distribution terminals, wherein a communication encryption strategy of a power service is determined according to the service priority of the power service to be transmitted between the power distribution terminals, and an original quantum key is obtained from a quantum key pool to encrypt and transmit the power service; calculating the net key generation rate of the quantum key pool in real time; when the net secret key generation rate is smaller than or equal to a preset rate threshold value, acquiring a recovery quantum secret key from a recovery secret key pool to carry out encryption transmission on a preset type of electric power service to be transmitted; wherein the recovered quantum key is generated from the used original quantum key. By adopting the method and the device, different communication encryption strategies can be distributed for the power services with different priorities, the encryption transmission process is adjusted according to the actual situation, and the residual secret key amount of the quantum secret key pool can meet the normal communication requirement between the power distribution terminals.

Description

一种配电终端的通信加密方法和装置Communication encryption method and device for power distribution terminal

技术领域technical field

本发明涉及配电网技术领域,尤其涉及一种配电终端的通信加密方法和装置。The invention relates to the technical field of power distribution network, in particular to a communication encryption method and device for a power distribution terminal.

背景技术Background technique

通信和信息安全是制约配电网自动化、实用化的两大难题,配电自动化接入层通信技术的发展要求与之相匹配的信息安全保障技术不断迭代完善。就目前技术发展趋势而言,5G通信成为配电自动化接入层通信的主要替代方式。基于5G通信的馈线自动化,一般采用速动型Multi-Agent、纵差保护等原理作为馈线自动化的主逻辑,特别适用于对供电可靠性要求极高的场景。速动型Multi-Agent、纵差保护等新型馈线自动化原理依赖于终端-终端间横向对等通信,而现行配电自动化加密认证体系仅建立在主站-终端间纵向通信维度,无法适应横向加密认证的安全业务需求。Communication and information security are two major problems that restrict the automation and practicality of distribution network. The development of distribution automation access layer communication technology requires continuous iteration and improvement of matching information security technology. As far as the current technology development trend is concerned, 5G communication has become the main alternative method for distribution automation access layer communication. Feeder automation based on 5G communication generally adopts principles such as snap-action Multi-Agent and vertical differential protection as the main logic of feeder automation, which is especially suitable for scenarios that require extremely high reliability of power supply. New feeder automation principles such as snap-action Multi-Agent and longitudinal differential protection rely on horizontal peer-to-peer communication between terminals and terminals. However, the current distribution automation encryption certification system is only established in the vertical communication dimension between the master station and the terminal, and cannot adapt to horizontal encryption. Certified security business requirements.

因此,针对5G馈线自动化信息通信认证要求,通过配电终端量子安全移动介质独有的量子密钥对终端之间的通信数据进行加密,从而实现“终端-终端”间对等通信会话的安全传输,便于终端间的直接互认证,防止关键电力终端在复杂通信环境中身份信息遭受暴力篡改、捕获、窃取等攻击。量子密钥分发(Quantum Key Distribution,QKD)技术具有理论上“无条件安全”的优势,使得量子保密通信相比于传统的通信方式更加安全可靠。Therefore, in response to the certification requirements of 5G feeder automation information communication, the communication data between terminals is encrypted through the quantum key unique to the quantum-safe mobile medium of power distribution terminals, so as to realize the secure transmission of "terminal-terminal" peer-to-peer communication sessions , to facilitate direct mutual authentication between terminals, and to prevent the identity information of key power terminals from being violently tampered with, captured, and stolen in a complex communication environment. Quantum Key Distribution (Quantum Key Distribution, QKD) technology has the advantage of "unconditional security" in theory, making quantum secure communication more secure and reliable than traditional communication methods.

然而,发明人发现现有技术至少存在如下问题:随着量子保密通信的广泛应用,配电终端之间的通信业务不断增加,配电终端之间实现数据通信所需的量子密钥数量大幅上升,当前量子密钥分发器件的量子密钥生成率低,如果所有通信业务都采用一次一密(one-time pad,OTP)方案,所需消耗的量子密钥量较多,导致量子密钥量不足,将无法满足配电终端之间所有电力业务的正常传输需求。However, the inventor found at least the following problems in the prior art: With the wide application of quantum secure communication, the communication business between power distribution terminals continues to increase, and the number of quantum keys required for data communication between power distribution terminals has increased significantly , the quantum key generation rate of the current quantum key distribution device is low. If all communication services adopt the one-time pad (OTP) scheme, the amount of quantum keys required to be consumed is large, resulting in a large amount of quantum keys Insufficient, it will not be able to meet the normal transmission needs of all power services between power distribution terminals.

发明内容Contents of the invention

本发明实施例的目的是提供一种配电终端的通信加密方法和装置,其能够为不同优先级的电力业务分配不同的通信加密策略,并根据实际情况对加密传输过程进行调整,保证量子密钥池的剩余密钥量能够满足配电终端之间的正常通信需求。The purpose of the embodiments of the present invention is to provide a communication encryption method and device for power distribution terminals, which can assign different communication encryption strategies to power services with different priorities, and adjust the encrypted transmission process according to actual conditions to ensure quantum encryption. The remaining keys in the key pool can meet the normal communication requirements between power distribution terminals.

为实现上述目的,本发明实施例提供了一种配电终端的通信加密方法,包括:In order to achieve the above purpose, an embodiment of the present invention provides a communication encryption method for a power distribution terminal, including:

根据配电终端之间待传输的电力业务的业务优先级,确定所述电力业务的通信加密策略;According to the service priority of the power service to be transmitted between the power distribution terminals, determine the communication encryption strategy of the power service;

根据所述通信加密策略,从量子密钥池中获取原始量子密钥对所述电力业务进行加密传输;其中,所述原始量子密钥为量子密钥池生成的未使用的量子密钥;According to the communication encryption strategy, the original quantum key is obtained from the quantum key pool to encrypt and transmit the power service; wherein, the original quantum key is an unused quantum key generated by the quantum key pool;

实时计算所述量子密钥池的净密钥生成速率;所述净密钥生成速率为单位时间内量子密钥池的量子密钥生成量与量子密钥消耗量之差;Calculate the net key generation rate of the quantum key pool in real time; the net key generation rate is the difference between the quantum key generation amount and the quantum key consumption of the quantum key pool per unit time;

当所述净密钥生成速率小于等于预设的速率阈值时,从回收密钥池中获取回收量子密钥对预设类型的待传输的电力业务进行加密传输;其中,所述回收量子密钥是根据已使用过的原始量子密钥生成的。When the net key generation rate is less than or equal to the preset rate threshold, the recovered quantum key is obtained from the recovered key pool to encrypt and transmit the preset type of power services to be transmitted; wherein, the recovered quantum key is generated from the original quantum key that has already been used.

作为上述方案的改进,所述电力业务的业务优先级越高,对应的通信加密策略的加密等级和密钥更新频率越高;其中,所述加密等级与传输所述电力业务所使用的量子密钥量呈正相关关系。As an improvement to the above solution, the higher the business priority of the power service, the higher the encryption level and key update frequency of the corresponding communication encryption strategy; The amount of key is positively correlated.

作为上述方案的改进,所述预设类型的电力业务为业务优先级低于第一预设等级阈值的电力业务。As an improvement to the above solution, the preset type of electric service is an electric service with a service priority lower than a first preset level threshold.

作为上述方案的改进,通过以下方式生成和存储所述回收量子密钥:As an improvement of the above scheme, the recovered quantum key is generated and stored in the following manner:

在获取原始量子密钥对所述电力业务进行加密传输的过程中,检测所述电力业务的加密传输过程是否安全;In the process of obtaining the original quantum key for encrypted transmission of the power service, detecting whether the encrypted transmission process of the power service is safe;

当所述加密传输过程安全时,获取所述加密传输过程中所使用的原始量子密钥中的第一量子密钥,作为所述回收量子密钥,并存储至所述回收密钥池中;其中,所述第一量子密钥是通过预设的分割算法对所述所使用的原始量子密钥进行划分后得到的。When the encrypted transmission process is safe, obtain the first quantum key in the original quantum key used in the encrypted transmission process as the recovered quantum key, and store it in the recovered key pool; Wherein, the first quantum key is obtained by dividing the used original quantum key through a preset division algorithm.

作为上述方案的改进,所述在获取原始量子密钥对所述电力业务进行加密传输的过程中,检测所述电力业务的加密传输过程是否安全,具体为:As an improvement of the above solution, in the process of obtaining the original quantum key to encrypt and transmit the power service, it is detected whether the encrypted transmission process of the power service is safe, specifically:

在对所述电力业务进行加密传输之前,将所获取的原始量子密钥采用所述分割算法划分为所述第一量子密钥和第二量子密钥;Before encrypting and transmitting the power service, divide the obtained original quantum key into the first quantum key and the second quantum key by using the split algorithm;

根据所述第一量子密钥、所述第二量子密钥和所传输的电力业务生成检测标签

Figure 886736DEST_PATH_IMAGE001
;其中,k1为第一量子密钥,k2为第二量子密钥,x为所传输的电力业 务的业务数据,
Figure 965551DEST_PATH_IMAGE002
为预设的哈希函数; Generate a detection tag according to the first quantum key, the second quantum key and the transmitted power service
Figure 886736DEST_PATH_IMAGE001
; Wherein, k1 is the first quantum key, k2 is the second quantum key, and x is the business data of the electric power business transmitted,
Figure 965551DEST_PATH_IMAGE002
is the preset hash function;

在对所述电力业务进行加密传输之后,判断在预设等待时长内作为接收端的配电终端是否接收到业务数据;After encrypting and transmitting the power service, it is judged whether the service data is received by the power distribution terminal as the receiving end within the preset waiting period;

若是,根据所述接收到的业务数据生成验证标签

Figure 276577DEST_PATH_IMAGE003
;其中, x’为接收到的业务数据; If yes, generate a verification tag based on the received business data
Figure 276577DEST_PATH_IMAGE003
; Wherein, x' is the received business data;

当所述检测标签和所述验证标签相等时,判定所述电力业务的加密传输过程安全,当所述检测标签和所述验证标签不相等时,判定所述电力业务的加密传输过程不安全;When the detection tag is equal to the verification tag, it is determined that the encrypted transmission process of the power service is safe; when the detection tag is not equal to the verification tag, it is determined that the encrypted transmission process of the power service is not safe;

若否,判定所述电力业务的加密传输过程不安全。If not, it is determined that the encrypted transmission process of the electric power service is not safe.

作为上述方案的改进,所述从回收密钥池中获取回收量子密钥对预设类型的待传输的电力业务进行加密传输,具体包括:As an improvement of the above scheme, the acquisition of the recovery quantum key from the recovery key pool encrypts and transmits the preset type of power services to be transmitted, specifically including:

随机获取所述回收密钥池中的至少两个回收量子密钥;Randomly obtain at least two recycled quantum keys in the recycled key pool;

将所述至少两个回收量子密钥采用预设的合成算法进行合成,得到组合量子密钥,并采用所述组合量子密钥对预设类型的待传输的电力业务进行加密传输。Combining the at least two recycled quantum keys with a preset synthesis algorithm to obtain a combined quantum key, and using the combined quantum key to encrypt and transmit preset types of power services to be transmitted.

作为上述方案的改进,所述从回收密钥池中获取回收量子密钥对预设类型的待传输的电力业务进行加密传输,具体包括:As an improvement of the above scheme, the acquisition of the recovery quantum key from the recovery key pool encrypts and transmits the preset type of power services to be transmitted, specifically including:

随机获取所述回收密钥池中的两个回收量子密钥,作为第一回收量子密钥和第二回收量子密钥;Randomly obtain two recovered quantum keys in the recovered key pool as the first recovered quantum key and the second recovered quantum key;

采用所述第一回收量子密钥对预设类型的待传输的电力业务的业务数据进行一次加密之后,再采用所述第二回收量子密钥对一次加密后的业务数据进行二次加密并传输。After using the first recovery quantum key to encrypt the business data of the preset type of power service to be transmitted once, then use the second recovery quantum key to encrypt the business data encrypted once and transmit it .

作为上述方案的改进,所述回收量子密钥是根据业务优先级高于第二预设等级阈值的电力业务在加密传输过程中已使用过的原始量子密钥生成的。As an improvement to the above solution, the reclaimed quantum key is generated according to the original quantum key that has been used in the encrypted transmission process of the electric business whose service priority is higher than the second preset level threshold.

作为上述方案的改进,当所述净密钥生成速率小于等于所述预设的速率阈值时,所述方法还包括:As an improvement of the above solution, when the net key generation rate is less than or equal to the preset rate threshold, the method further includes:

通过降低每一所述电力业务的加密等级和/或密钥更新频率,对每一所述电力业务的通信加密策略进行调整。The communication encryption policy of each electric service is adjusted by reducing the encryption level and/or key update frequency of each electric service.

本发明实施例还提供了一种配电终端的通信加密装置,包括:The embodiment of the present invention also provides a communication encryption device for a power distribution terminal, including:

加密策略确定模块,用于根据配电终端之间待传输的电力业务的业务优先级,确定所述电力业务的通信加密策略;An encryption policy determination module, configured to determine a communication encryption policy for the electric power service according to the service priority of the electric power service to be transmitted between power distribution terminals;

第一加密传输模块,用于根据所述通信加密策略,从量子密钥池中获取原始量子密钥对所述电力业务进行加密传输;其中,所述原始量子密钥为量子密钥池生成的未使用的量子密钥;The first encryption transmission module is used to obtain the original quantum key from the quantum key pool to encrypt and transmit the power service according to the communication encryption strategy; wherein, the original quantum key is generated by the quantum key pool unused quantum keys;

净密钥生成速率计算模块,用于实时计算所述量子密钥池的净密钥生成速率;所述净密钥生成速率为单位时间内量子密钥池的量子密钥生成量与量子密钥消耗量之差;The net key generation rate calculation module is used to calculate the net key generation rate of the quantum key pool in real time; the net key generation rate is the amount of quantum key generation and the quantum key of the quantum key pool per unit time difference in consumption;

第二加密传输模块,用于当所述净密钥生成速率小于等于预设的速率阈值时,从回收密钥池中获取回收量子密钥对预设类型的待传输的电力业务进行加密传输;其中,所述回收量子密钥是根据已使用过的原始量子密钥生成的。The second encryption transmission module is used to obtain the recovery quantum key from the recovery key pool to encrypt and transmit the preset type of power service to be transmitted when the net key generation rate is less than or equal to the preset rate threshold; Wherein, the recovered quantum key is generated according to the used original quantum key.

与现有技术相比,本发明公开的配电终端的通信加密方法和装置,为配电终端之间不同的业务优先级的电力业务分配不同的通信加密策略,并从量子密钥池中获取原始量子密钥进行加密传输,在电力业务的加密传输过程中,将已使用的原始量子密钥进行回收并存储,同时,实时计算当前时刻量子密钥池的净密钥生成速率,当检测到所述净密钥生成速率小于等于预设的速率阈值时,调整对电力业务的加密传输方式,针对预设类型的待传输的电力业务,从回收密钥池中获取回收量子密钥进行加密传输。Compared with the prior art, the communication encryption method and device for power distribution terminals disclosed in the present invention allocate different communication encryption strategies for power services with different business priorities between power distribution terminals, and obtain the encryption strategy from the quantum key pool The original quantum key is encrypted and transmitted. During the encrypted transmission process of the power business, the used original quantum key is recovered and stored. At the same time, the net key generation rate of the quantum key pool at the current moment is calculated in real time. When detected When the net key generation rate is less than or equal to the preset rate threshold, adjust the encrypted transmission mode for the electric power business, and obtain the recovered quantum key from the recovered key pool for encrypted transmission for the preset type of power business to be transmitted .

采用本发明实施例的技术手段,为不同业务优先级的电力业务分配不同的通信加密策略,低业务优先级的电力业务对应的通信加密策略的所消耗的量子密钥和密钥更新频率较小,高业务优先级的电力业务对应的通信加密策略的所消耗的量子密钥和密钥更新频率较大,从而减少低业务优先级的电力业务在加密传输过程中所需要消耗的量子密钥量,相比于所有电力业务均采用一次一密的方案,本发明实施例能够有效缓解量子密钥池生成量子密钥的速率较低导致无法满足所有电力业务的正常传输需求的问题。在此基础上,当检测到净密钥生成速率过低时,将部分电力业务的加密传输过程调整为采用已经使用过的量子密钥进行加密,可进一步节省原始量子密钥的使用量,为高业务优先级的电力业务保留更多的原始量子密钥,提高量子密钥池的净密钥生成速率,避免量子密钥量不足导致无法满足配电终端之间所有电力业务的正常传输需求的问题,保证配电终端之间的电力业务的正常传输需求和传输效率。Using the technical means of the embodiment of the present invention, different communication encryption strategies are assigned to power services with different business priorities, and the consumption of quantum keys and key update frequency of the communication encryption strategies corresponding to power services with low business priorities is relatively small , the communication encryption strategy corresponding to the high business priority power business consumes a larger quantum key and key update frequency, thereby reducing the amount of quantum keys that the low business priority power business needs to consume during encrypted transmission Compared with the one-time pad scheme that all power services adopt, the embodiment of the present invention can effectively alleviate the problem that the quantum key pool can not meet the normal transmission requirements of all power services due to the low rate of quantum key generation. On this basis, when it is detected that the net key generation rate is too low, the encrypted transmission process of some power services is adjusted to use the quantum key that has already been used for encryption, which can further save the use of the original quantum key. The power business with high business priority retains more original quantum keys, increases the net key generation rate of the quantum key pool, and avoids the failure to meet the normal transmission requirements of all power services between power distribution terminals due to insufficient quantum keys The problem is to ensure the normal transmission requirements and transmission efficiency of power services between power distribution terminals.

附图说明Description of drawings

图1是本发明实施例提供的第一种实施方式下的配电终端的通信加密方法的流程示意图;FIG. 1 is a schematic flowchart of a communication encryption method for a power distribution terminal in a first implementation mode provided by an embodiment of the present invention;

图2是本发明实施例中生成回收量子密钥的流程示意图;Fig. 2 is a schematic flow diagram of generating and recovering quantum keys in an embodiment of the present invention;

图3是本发明实施例中生成回收量子密钥的原理示意图;Fig. 3 is the schematic diagram of the principle of generating and recovering the quantum key in the embodiment of the present invention;

图4是本发明实施例提供的一种配电终端的通信加密装置的结构示意图。Fig. 4 is a schematic structural diagram of a communication encryption device for a power distribution terminal provided by an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

参见图1,是本发明实施例提供的第一种实施方式下的配电终端的通信加密方法的流程示意图,本发明实施例提供了一种配电终端的通信加密方法,应用于配电网系统,可以由配电网中的控制器执行,所述方法具体包括步骤S11至S14:Referring to FIG. 1 , it is a schematic flowchart of a communication encryption method for a power distribution terminal under the first implementation mode provided by an embodiment of the present invention. An embodiment of the present invention provides a communication encryption method for a power distribution terminal, which is applied to a power distribution network The system can be executed by a controller in the distribution network, and the method specifically includes steps S11 to S14:

S11、根据配电终端之间待传输的电力业务的业务优先级,确定所述电力业务的通信加密策略;S11. Determine the communication encryption strategy for the power service according to the service priority of the power service to be transmitted between the power distribution terminals;

S12、根据所述通信加密策略,从量子密钥池中获取原始量子密钥对所述电力业务进行加密传输;其中,所述原始量子密钥为量子密钥池生成的未使用的量子密钥;S12. According to the communication encryption strategy, obtain the original quantum key from the quantum key pool to encrypt and transmit the power service; wherein, the original quantum key is an unused quantum key generated by the quantum key pool ;

S13、实时计算所述量子密钥池的净密钥生成速率;所述净密钥生成速率为单位时间内量子密钥池的量子密钥生成量与量子密钥消耗量之差;S13. Calculate the net key generation rate of the quantum key pool in real time; the net key generation rate is the difference between the quantum key generation amount and the quantum key consumption amount of the quantum key pool per unit time;

S14、当所述净密钥生成速率小于等于预设的速率阈值时,从回收密钥池中获取回收量子密钥对预设类型的待传输的电力业务进行加密传输;其中,所述回收量子密钥是根据已使用过的原始量子密钥生成的。S14. When the net key generation rate is less than or equal to the preset rate threshold, obtain the recovery quantum key from the recovery key pool to encrypt and transmit the power service of the preset type to be transmitted; wherein, the recovery quantum Keys are generated from raw quantum keys that have already been used.

配电网中的不同配电终端之间通常具有若干个电力业务需要进行通信数据传输,作为举例,常见的电力业务包括继电保护、安全稳定控制、调度数据网、变电站综合监控、调度电话、配网自动化、通信智能化管理系统、客户联络系统、客户关系管理系统、用户用电信息采集、数据中心和会议电视系统等业务场景。本发明实施例通过配电终端的量子安全移动介质独有的量子密钥对终端之间的电力业务通信数据进行加密,从而实现“终端-终端”间对等通信数据的安全传输,便于终端间的直接互认证。量子CPE配电终端基于诱骗态BB84协议,采用偏振编码实现量子密钥分发,为通信双方提供不可给通过计算破译的安全量子密钥。There are usually several power services between different distribution terminals in the distribution network that require communication data transmission. As an example, common power services include relay protection, safety and stability control, dispatch data network, substation comprehensive monitoring, dispatch telephone, Business scenarios such as distribution network automation, communication intelligent management system, customer contact system, customer relationship management system, user electricity consumption information collection, data center and conference TV system. In the embodiment of the present invention, the quantum key unique to the quantum-safe mobile medium of the power distribution terminal is used to encrypt the power service communication data between the terminals, thereby realizing the secure transmission of peer-to-peer communication data between "terminals and terminals", which facilitates the communication between terminals. direct mutual authentication. The quantum CPE power distribution terminal is based on the decoy state BB84 protocol, and uses polarization coding to realize quantum key distribution, providing both communication parties with a secure quantum key that cannot be deciphered by calculation.

在现有的数据通信领域中,采用量子密钥进行数据加密传输通常采用一次一密方案,所消耗的量子密钥量等于加密的数据量,因此对量子密钥的消耗量较大,特别是在密钥更新频率较快的情况下,量子密钥分发器件(也即量子密钥池)中原始的量子密钥的生成速率难以满足正常的加密通信需求。本发明实施例对配电终端之间电力业务的加密传输过程进行改进,以保证配电终端之间的电力业务的正常传输。In the existing field of data communication, the one-time pad scheme is usually adopted for data encryption and transmission using quantum keys, and the amount of quantum keys consumed is equal to the amount of encrypted data, so the consumption of quantum keys is relatively large, especially When the key update frequency is fast, the original quantum key generation rate in the quantum key distribution device (that is, the quantum key pool) cannot meet the normal encryption communication requirements. The embodiments of the present invention improve the encrypted transmission process of power services between power distribution terminals, so as to ensure normal transmission of power services between power distribution terminals.

具体地,对配电终端之间需要传输的电力业务进行业务优先级的划分,进而根据预设的业务优先级与通信加密策略类型的对应关系,为不同业务登记的电力业务分配不同类型的通信加密策略。Specifically, divide the business priority of the power business that needs to be transmitted between power distribution terminals, and then assign different types of communication to the power business of different business registrations according to the corresponding relationship between the preset business priority and the type of communication encryption strategy. encryption policy.

作为可选的实施方式,所述对配电终端之间需要传输的电力业务进行业务优先级的划分,具体包括:As an optional implementation manner, the division of business priorities for power services that need to be transmitted between power distribution terminals specifically includes:

确定配电终端之间待传输的电力业务的业务类型;其中,所述业务类型是根据确定所述电力业务的重要性和时延要求进行划分得到的;根据所述电力业务的业务类型,确定所述电力业务的业务优先级;其中,所述电力业务的重要性和时延要求越高,所述业务优先级越高。Determine the business type of the power business to be transmitted between power distribution terminals; wherein, the business type is obtained by dividing the importance and delay requirements of the power business; according to the business type of the power business, determine The service priority of the power service; wherein, the higher the importance and delay requirement of the power service, the higher the service priority.

作为优选的实施方式,所述通信加密策略包括加密等级和密钥更新频率,所述加密等级与传输所述电力业务所使用的量子密钥量呈正相关关系,也即,加密等级越高,业务传输过程中所使用的量子密钥量越多,加密安全性也越高。密钥更新频率指的是业务传输过程中对量子密钥进行更新的频率,密钥更新频率越大,加密安全性也越高。As a preferred embodiment, the communication encryption strategy includes an encryption level and a key update frequency, and the encryption level is positively correlated with the amount of quantum keys used to transmit the electric power service, that is, the higher the encryption level, the The more quantum keys used in the transmission process, the higher the encryption security. The key update frequency refers to the frequency of updating the quantum key during business transmission. The higher the key update frequency, the higher the encryption security.

则步骤S11中,根据配电终端之间待传输的电力业务的业务优先级,确定所述电力业务的通信加密策略,满足以下需求:所述电力业务的业务优先级越高,对应的通信加密策略的加密等级和密钥更新频率越高。Then in step S11, according to the business priority of the power business to be transmitted between the power distribution terminals, determine the communication encryption strategy of the power business to meet the following requirements: the higher the business priority of the power business, the corresponding communication encryption The policy has a higher encryption level and key update frequency.

进而,配电终端之间待传输的电力业务根据对应确定的通信加密策略,按照其密钥更新频率和加密等级,从量子密钥池中获取相应数量的原始量子密钥进行加密传输。Furthermore, the power business to be transmitted between power distribution terminals obtains a corresponding number of original quantum keys from the quantum key pool for encrypted transmission according to the corresponding determined communication encryption strategy, according to the key update frequency and encryption level.

具体地,根据所述通信加密策略,从量子密钥池中获取对所述电力业务进行加密所需的原始量子密钥,作为目标量子密钥;Specifically, according to the communication encryption strategy, the original quantum key required to encrypt the power service is obtained from the quantum key pool as the target quantum key;

采用所述目标量子密钥对所述电力业务的业务数据进行加密处理,得到加密业务数据,以使作为发送端的配电终端将所述加密业务数据通过量子传输信道发送给作为接收端的配电终端。Use the target quantum key to encrypt the service data of the electric power service to obtain encrypted service data, so that the power distribution terminal as the sending end sends the encrypted service data to the power distribution terminal as the receiving end through a quantum transmission channel .

在具体应用场景中,作为举例,将配电网的电力业务划分为三个业务类型:In the specific application scenario, as an example, the power business of the distribution network is divided into three business types:

属于第一业务类型的电力业务包括:继电保护、安全稳定控制、调度数据网、变电站综合监控;Electric power services belonging to the first business type include: relay protection, safety and stability control, dispatching data network, and comprehensive monitoring of substations;

属于第二业务类型的电力业务包括:调度电话、配网自动化、通信智能化管理系统、客户联络系统;The electric power business belonging to the second business type includes: dispatching telephone, distribution network automation, communication intelligent management system, customer contact system;

属于第三业务类型的电力业务包括:客户关系管理系统、用户用电信息采集、数据中心、会议电视系统。The electric power business belonging to the third business type includes: customer relationship management system, user electricity consumption information collection, data center, and video conference system.

其中第一业务类型的电力业务是维护电力系统稳定性的关键,应保证其最安全、最优先的传输,第二业务类型次之,第三业务类型最后。每一业务类型对应一个业务优先级,第一业务类型对应第一业务优先级,第二业务类型对应第二业务优先级,第三业务类型对应第三业务优先级,其中,第一业务优先级高于第二业务优先级,第二业务优先级高于第三业务优先级。Among them, the power business of the first business type is the key to maintaining the stability of the power system, and its safest and highest priority transmission should be guaranteed, the second business type is second, and the third business type is the last. Each service type corresponds to a service priority, the first service type corresponds to the first service priority, the second service type corresponds to the second service priority, and the third service type corresponds to the third service priority, wherein the first service priority higher than the second service priority, which is higher than the third service priority.

进一步地,针对三个业务优先级,分别对应设置三种通信加密策略:Further, for the three business priorities, three communication encryption strategies are set correspondingly:

第一种通信加密策略为:一次一密方案,也即消耗的量子密钥量等于加密的数据量,该加密策略下所消耗的量子密钥量和密钥更新频率最大。The first communication encryption strategy is: one-time pad scheme, that is, the amount of quantum keys consumed is equal to the amount of encrypted data, and the amount of quantum keys consumed and the key update frequency are the largest under this encryption strategy.

第二种通信加密策略为:使用量子密钥代替会话密钥。在该策略中,选择了AES-128加密算法。每个业务的长度和用于每次加密的密钥是128位。密钥更新频率为f=B/D,其中,f是量子密钥更新频率,B是某个电力业务传输在一秒内的数据流,D表示数据传输阈值,表示使用128位量子密钥的最大加密数据长度。可以看出,长度为Bt 的电力业务在加密传输过程中所消耗的的量子密钥长度128 Bt/D。考虑到密钥新鲜度的降低和由于数据传输阈值过高而产生的潜在安全风险,密钥每8-16个业务加密一次。也就是说,数据传输阈值的范围为1 kbit-2 kbit。该加密策略下所消耗的量子密钥量和密钥更新频率次之。The second communication encryption strategy is to use quantum keys instead of session keys. In this policy, the AES-128 encryption algorithm is selected. The length of each transaction and the key used for each encryption is 128 bits. The key update frequency is f=B/D, where f is the quantum key update frequency, B is the data flow of a power service transmission within one second, and D is the data transmission threshold, which means that the 128-bit quantum key is used Maximum encrypted data length. It can be seen that the quantum key length consumed by the power service with a length of Bt is 128 Bt/D during encrypted transmission. Considering the reduction of key freshness and potential security risks due to high data transmission threshold, the key is encrypted every 8-16 transactions. That is, the data transfer threshold ranges from 1 kbit to 2 kbit. The amount of quantum keys consumed and the frequency of key updates under this encryption strategy are next.

第三种通信加密策略为:使用量子密钥来替代主密钥。在经典加密中,主密钥生成会话密钥的方式可以表示为KS=PRF(KM,n,S),其中,KS是会话密钥,n是由两个站点协商的随机值,S是防止不同明文选择相同密钥的非随机字符串, KM是主密钥,其长度可以记录为128位。PRF为伪随机函数,通常用哈希函数代替,安全性较高的SHA-256更为可取。因此,生成的会话密钥的长度为256位。根据主密钥和会话密钥的比例,更换主密钥时,密钥更新阈值和量子密钥更新频率分别是更换会话密钥时的2倍和1/2倍。则流量Bt消耗的量子密钥是64Bt/D。该加密策略下所消耗的量子密钥量和密钥更新频率最小。The third communication encryption strategy is to use quantum keys instead of master keys. In classical encryption, the way the master key generates the session key can be expressed as K S =PRF(K M ,n,S), where K S is the session key, n is a random value negotiated by two sites, S is a non-random character string that prevents different plaintexts from choosing the same key, K M is the master key, and its length can be recorded as 128 bits. PRF is a pseudo-random function, which is usually replaced by a hash function, and SHA-256 with higher security is more preferable. Therefore, the length of the generated session key is 256 bits. According to the ratio of the master key to the session key, when the master key is replaced, the key update threshold and quantum key update frequency are 2 times and 1/2 times that of the session key. Then the quantum key consumed by the traffic Bt is 64Bt/D. The amount of quantum keys consumed and the key update frequency are the smallest under this encryption strategy.

需要说明的是,以上场景仅作为举例,在实际应用中,可以根据配电网的实际应用情况,对不同电力业务的业务优先级进行划分,并为不同的业务优先级分配不同的通信加密策略,均不影响本发明取得的有益效果。It should be noted that the above scenarios are only examples. In practical applications, the business priorities of different power services can be divided according to the actual application conditions of the distribution network, and different communication encryption strategies can be assigned to different business priorities. , all do not affect the beneficial effect that the present invention obtains.

并且需要特别说明的是,在对所述电力业务进行加密传输的过程中,本发明实施例还将控制器配置用于对加密传输过程中所使用的原始量子密钥进行采集,以生成回收量子密钥,并存储在预先设置的回收密钥池中作为备用。And it needs to be specially noted that, in the process of encrypted transmission of the power service, the embodiment of the present invention also configures the controller to collect the original quantum key used in the encrypted transmission process, so as to generate the recovery quantum key key and store it in a pre-set recycled key pool as a backup.

进一步地,在对所述电力业务进行加密传输的过程中,所述控制器实时计算所述量子密钥池的净密钥生成速率,具体地,步骤S13通过以下步骤S131至S133计算得到:Further, in the process of encrypted transmission of the electric power service, the controller calculates the net key generation rate of the quantum key pool in real time, specifically, step S13 is calculated through the following steps S131 to S133:

S131、获取单位时间内所述量子密钥池生成原始量子密钥的数量,记为生成数量X1,以及单位时间内所述量子密钥池消耗原始量子密钥的数量,记为消耗数量X2;S131. Obtain the quantity of original quantum keys generated by the quantum key pool per unit time, recorded as the generated quantity X1, and the quantity of original quantum keys consumed by the quantum key pool per unit time, recorded as the consumed quantity X2;

S132、计算所述生成数量X1和所述消耗数量X2的差值;S132. Calculate the difference between the generated quantity X1 and the consumed quantity X2;

S133、根据所述差值和所述单位时间,计算得到所述量子密钥池的净密钥生成速率:S133. According to the difference and the unit time, calculate the net key generation rate of the quantum key pool:

△R=(X1-X2)/t;△R=(X1-X2)/t;

其中,△R为净密钥生成速率,t为所述单位时间,其值可以根据实际情况进行设置和调整。Among them, ΔR is the net key generation rate, t is the unit time, and its value can be set and adjusted according to the actual situation.

可选地,单位时间内所述量子密钥池消耗原始量子密钥的数量X2是根据所述单位时间内配电网的所有电力业务的加密传输需求进行计算得到的。消耗数量X2满足以下计算公式:Optionally, the quantity X2 of original quantum keys consumed by the quantum key pool per unit time is calculated according to the encrypted transmission requirements of all power services of the distribution network within the unit time. Consumption quantity X2 satisfies the following calculation formula:

Figure 48224DEST_PATH_IMAGE004
Figure 48224DEST_PATH_IMAGE004

其中,

Figure 998863DEST_PATH_IMAGE005
表示采用第m种业务优先级的通信加密策略的电力业务所消耗的 总量子密钥量,其中,m为划分的业务优先级的数量。 in,
Figure 998863DEST_PATH_IMAGE005
Indicates the total amount of quantum keys consumed by the power service using the communication encryption strategy of the m-th service priority, where m is the number of divided service priorities.

以上述三种业务优先级的电力业务为例,则消耗数量Q2满足以下计算公式:Taking the power business of the above three business priorities as an example, the consumption quantity Q2 satisfies the following calculation formula:

Figure 881368DEST_PATH_IMAGE006
Figure 881368DEST_PATH_IMAGE006

其中,

Figure 296169DEST_PATH_IMAGE007
Figure 48837DEST_PATH_IMAGE008
Figure 549088DEST_PATH_IMAGE009
分别代表使用第一种业务优先级的通信加密策略的 第i个电力业务、使用第二种业务优先级的通信加密策略的第j个电力业务和使用第三种业 务优先级的通信加密策略的第k个电力业务所消耗的原始量子密钥量,y1、y2、y3分别代表这 三种类型的电力业务的数量。 in,
Figure 296169DEST_PATH_IMAGE007
,
Figure 48837DEST_PATH_IMAGE008
and
Figure 549088DEST_PATH_IMAGE009
respectively represent the i-th power business using the communication encryption strategy of the first business priority, the j-th power business using the communication encryption strategy of the second business priority, and the communication encryption strategy of the third business priority The amount of original quantum keys consumed by the kth power service, y 1 , y 2 , and y 3 respectively represent the quantities of these three types of power services.

通常情况下,配电网的电力业务在量子密钥加密正常的情况下,需要密钥池中的剩余密钥数量在合理的范围内波动,量子密钥池中原始量子密钥的剩余数量的增减速率取决于净密钥生成速率ΔR,当净密钥生成速率ΔR为正时,池中的密钥数量随时间增加,否则下降。因此,本发明实施例设置预设的速率阈值Rset来对净密钥生成速率的大小进行表征,所述预设的速率阈值Rset大于等于0。优选地,Rset=0。Usually, when the quantum key encryption is normal for the power business of the distribution network, the remaining key quantity in the key pool needs to fluctuate within a reasonable range, and the remaining quantity of the original quantum key in the quantum key pool The rate of increase and deceleration depends on the net key generation rate ΔR. When the net key generation rate ΔR is positive, the number of keys in the pool increases with time, otherwise it decreases. Therefore, in this embodiment of the present invention, a preset rate threshold R set is set to characterize the net key generation rate, and the preset rate threshold R set is greater than or equal to zero. Preferably, R set =0.

当所述净密钥生成速率满足ΔR≤Rset时,表明当前量子密钥池中生成的原始量子密钥的数量无法满足当前配电网所有待传输的电力业务的加密传输需求,因此,需要对加密传输过程进行调整。When the net key generation rate satisfies ΔR≤R set , it indicates that the number of original quantum keys generated in the current quantum key pool cannot meet the encrypted transmission requirements of all power services to be transmitted in the current distribution network. Therefore, it is necessary to Adjust the encrypted transmission process.

具体地,当所述净密钥生成速率小于等于预设的速率阈值时,判断当前所述配电终端的电力业务是否存在所述预设类型的电力业务;若是,确定待传输的电力业务中为预设类型的电力业务,针对该预设类型的电力业务,根据其通信加密策略,更换为从回收密钥池中获取回收量子密钥进行加密传输,而不消耗量子密钥池中生成的原始量子密钥。Specifically, when the net key generation rate is less than or equal to a preset rate threshold, it is judged whether the power service of the power distribution terminal currently has the power service of the preset type; It is a preset type of power business. For this preset type of power business, according to its communication encryption strategy, it is replaced by obtaining the recovered quantum key from the recovered key pool for encrypted transmission without consuming the quantum keys generated in the quantum key pool. Raw Quantum Key.

可以理解地,对于不为所述预设类型的电力业务,可以仍然采用原来的通信加密策略,从量子密钥池中获取生成的原始量子密钥进行加密传输。It can be understood that for power services that are not of the preset type, the original communication encryption strategy can still be used, and the generated original quantum key can be obtained from the quantum key pool for encrypted transmission.

优选地,所述预设类型的电力业务为业务优先级低于第一预设等级阈值的电力业务。Preferably, the preset type of electrical service is an electrical service whose service priority is lower than a first preset level threshold.

需要说明的是,所述第一预设等级阈值为预先设置的,其值可以根据实际应用情况下对电力业务的业务优先级的划分数量进行确定,在此不做具体限定。It should be noted that the first preset level threshold is preset, and its value may be determined according to the number of divisions of business priorities of electric power services in actual application situations, and is not specifically limited here.

以上述三种业务优先级的电力业务为例,可以设置所述第一预设等级阈值为2,则对于第一业务优先级和第二业务等级的电力业务,当满足ΔR≤Rset时,可以仍然从量子密钥池中获取生成的原始量子密钥进行加密传输;对于第三业务优先级的电力业务,更换为从回收密钥池中获取回收量子密钥进行加密传输。Taking the power business of the above three business priorities as an example, the first preset level threshold can be set to 2, then for the power business of the first business priority and the second business level, when ΔR≤R set is satisfied, The generated original quantum key can still be obtained from the quantum key pool for encrypted transmission; for the power business with the third business priority, it is replaced by obtaining the recycled quantum key from the recycled key pool for encrypted transmission.

本发明实施例提供了一种配电终端的通信加密方法,为配电终端之间不同的业务优先级的电力业务分配不同的通信加密策略,并从量子密钥池中获取原始量子密钥进行加密传输,在电力业务的加密传输过程中,将已使用的原始量子密钥进行回收并存储,同时,实时计算当前时刻量子密钥池的净密钥生成速率,当检测到所述净密钥生成速率小于等于预设的速率阈值时,调整对电力业务的加密传输方式,针对预设类型的待传输的电力业务,从回收密钥池中获取回收量子密钥进行加密传输。采用本发明实施例的技术手段,为不同业务优先级的电力业务分配不同的通信加密策略,低业务优先级的电力业务对应的通信加密策略的所消耗的量子密钥和密钥更新频率较小,高业务优先级的电力业务对应的通信加密策略的所消耗的量子密钥和密钥更新频率较大,从而减少低业务优先级的电力业务在加密传输过程中所需要消耗的量子密钥量,相比于所有电力业务均采用一次一密的方案,本发明实施例能够有效缓解量子密钥池生成量子密钥的速率较低导致无法满足所有电力业务的正常传输需求的问题。在此基础上,当检测到净密钥生成速率过低时,将部分电力业务的加密传输过程调整为采用已经使用过的量子密钥进行加密,可进一步节省原始量子密钥的使用量,为高业务优先级的电力业务保留更多的原始量子密钥,提高量子密钥池的净密钥生成速率,避免量子密钥量不足导致无法满足配电终端之间所有电力业务的正常传输需求的问题,保证配电终端之间的电力业务的正常传输需求和传输效率。The embodiment of the present invention provides a communication encryption method for power distribution terminals, which allocates different communication encryption strategies for power services with different business priorities between power distribution terminals, and obtains the original quantum key from the quantum key pool for encryption. Encrypted transmission, during the encrypted transmission process of power business, the used original quantum key is recovered and stored, and at the same time, the net key generation rate of the quantum key pool at the current moment is calculated in real time, when the net key is detected When the generation rate is less than or equal to the preset rate threshold, adjust the encryption transmission method for the power service, and obtain the recovery quantum key from the recovery key pool for encrypted transmission for the preset type of power service to be transmitted. Using the technical means of the embodiment of the present invention, different communication encryption strategies are assigned to power services with different business priorities, and the consumption of quantum keys and key update frequency of the communication encryption strategies corresponding to power services with low business priorities is relatively small , the communication encryption strategy corresponding to the high business priority power business consumes a larger quantum key and key update frequency, thereby reducing the amount of quantum keys that the low business priority power business needs to consume during encrypted transmission Compared with the one-time pad scheme that all power services adopt, the embodiment of the present invention can effectively alleviate the problem that the quantum key pool can not meet the normal transmission requirements of all power services due to the low rate of quantum key generation. On this basis, when it is detected that the net key generation rate is too low, the encrypted transmission process of some power services is adjusted to use the quantum key that has already been used for encryption, which can further save the use of the original quantum key. The power business with high business priority retains more original quantum keys, increases the net key generation rate of the quantum key pool, and avoids the failure to meet the normal transmission requirements of all power services between power distribution terminals due to insufficient quantum keys The problem is to ensure the normal transmission requirements and transmission efficiency of power services between power distribution terminals.

作为优选的实施方式,本发明实施例在上一实施例的基础上进一步实施,参见图2,是本发明实施例中生成回收量子密钥的流程示意图,通过以下步骤S21至S22生成和存储所述回收量子密钥:As a preferred implementation mode, the embodiment of the present invention is further implemented on the basis of the previous embodiment. Referring to FIG. 2, it is a schematic flow chart of generating and recovering the quantum key in the embodiment of the present invention. The generated and stored quantum keys are generated and stored through the following steps S21 to S22. To recover the quantum key:

S21、在获取原始量子密钥对所述电力业务进行加密传输的过程中,检测所述电力业务的加密传输过程是否安全;S21. During the process of obtaining the original quantum key to encrypt and transmit the power service, check whether the encrypted transmission process of the power service is safe;

S22、当所述加密传输过程安全时,获取所述加密传输过程中所使用的原始量子密钥中的第一量子密钥,作为所述回收量子密钥,并存储至所述回收密钥池中;其中,所述第一量子密钥是通过预设的分割算法对所述所使用的原始量子密钥进行划分后得到的。S22. When the encrypted transmission process is safe, obtain the first quantum key among the original quantum keys used in the encrypted transmission process as the recovered quantum key, and store it in the recovered key pool In; wherein, the first quantum key is obtained by dividing the original quantum key used by a preset division algorithm.

在本发明实施例中,为了保证已使用过的原始量子密码在后续业务加密过程中的应用安全性,需要对回收的原始量子密码进行安全性验证。具体地,采用量子密钥池生成的原始量子密钥对配电网的电力业务进行加密传输的过程中,所述控制器还用于检测该加密传输过程的安全性,当检测到该加密传输过程安全时,再将加密传输过程中所使用的原始量子密钥进行回收,并且,更优选为对已使用的原始量子密钥中的部分量子密钥(也即第一量子密钥)进行回收。而检测到该加密传输过程不安全时,则将该加密传输过程中所使用的原始量子密钥丢弃,不进行回收处理。In the embodiment of the present invention, in order to ensure the application security of the used original quantum cryptography in the subsequent business encryption process, it is necessary to perform security verification on the recycled original quantum cryptography. Specifically, in the process of encrypting and transmitting the power services of the distribution network using the original quantum key generated by the quantum key pool, the controller is also used to detect the security of the encrypted transmission process. When the encrypted transmission is detected When the process is safe, the original quantum key used in the encrypted transmission process is recovered, and, more preferably, part of the quantum key (that is, the first quantum key) in the used original quantum key is recovered . When it is detected that the encrypted transmission process is not safe, the original quantum key used in the encrypted transmission process is discarded without recycling.

采用本发明实施例的技术手段,通过在检测加密传输安全之后再对使用的原始量子密钥进行回收,能够提高后续业务加密传输过程的安全性,并且,采用回收部分量子密钥的方式,能够使得任意两次加密传输过程所使用的密钥并不完全相同,更进一步提高了加密传输过程的安全性。By adopting the technical means of the embodiment of the present invention, by recovering the original quantum key used after detecting the security of the encrypted transmission, the security of the subsequent business encrypted transmission process can be improved, and, by recovering part of the quantum key, it can The keys used in any two encrypted transmission processes are not exactly the same, which further improves the security of the encrypted transmission process.

优选地,参见图3,是本发明实施例中生成回收量子密钥的原理示意图,步骤S21,也即所述在获取原始量子密钥对所述电力业务进行加密传输的过程中,检测所述电力业务的加密传输过程是否安全,具体包括步骤S211至S216:Preferably, referring to FIG. 3 , it is a schematic diagram of the principle of generating and recovering the quantum key in the embodiment of the present invention, step S21, that is, in the process of obtaining the original quantum key for encrypted transmission of the power service, detecting the Whether the encrypted transmission process of the electric power business is safe, specifically includes steps S211 to S216:

S211、在对所述电力业务进行加密传输之前,将所获取的原始量子密钥采用所述分割算法划分为所述第一量子密钥和第二量子密钥;S211. Before encrypting and transmitting the power service, divide the obtained original quantum key into the first quantum key and the second quantum key by using the split algorithm;

S212、根据所述第一量子密钥、所述第二量子密钥和所传输的电力业务生成检测 标签

Figure 969705DEST_PATH_IMAGE001
;其中,k1为第一量子密钥,k2为第二量子密钥,x为所传输的电 力业务的业务数据,
Figure 442275DEST_PATH_IMAGE002
为预设的哈希函数; S212. Generate a detection tag according to the first quantum key, the second quantum key, and the transmitted power service
Figure 969705DEST_PATH_IMAGE001
; Wherein, k1 is the first quantum key, k2 is the second quantum key, and x is the business data of the electric power business transmitted,
Figure 442275DEST_PATH_IMAGE002
is the preset hash function;

S213、在对所述电力业务进行加密传输之后,判断在预设等待时长内作为接收端的配电终端是否接收到业务数据;S213. After encrypting and transmitting the power service, determine whether the service data is received by the power distribution terminal serving as the receiving end within a preset waiting period;

S214、若预设等待时长内作为接收端的配电终端接收到业务数据,根据所述接收 到的业务数据生成验证标签

Figure 368774DEST_PATH_IMAGE003
;其中,x’为接收到的业务数据; S214. If the power distribution terminal serving as the receiving end receives service data within the preset waiting time, generate a verification label according to the received service data
Figure 368774DEST_PATH_IMAGE003
; Among them, x' is the received business data;

S215、当所述检测标签和所述验证标签相等时,判定所述电力业务的加密传输过程安全,当所述检测标签和所述验证标签不相等时,判定所述电力业务的加密传输过程不安全;S215. When the detection tag is equal to the verification tag, determine that the encrypted transmission process of the electric power service is safe; when the detection tag is not equal to the verification tag, determine that the encrypted transmission process of the electric power service is not Safety;

S216、若预设等待时长内作为接收端的配电终端未接收到业务数据,判定所述电力业务的加密传输过程不安全。S216. If the power distribution terminal serving as the receiving end does not receive the service data within the preset waiting time, determine that the encrypted transmission process of the power service is not safe.

在本发明实施例中,首先将终端间(作为发送端的配电终端A和作为接收端的配电 终端B)共享的原始量子密钥分成两部分k = k1‖k2,并使用它们来生成一个检测标签tag,

Figure 294004DEST_PATH_IMAGE001
,对于加密的业务数据x,
Figure 518312DEST_PATH_IMAGE002
表示为AXU泛哈希函数。配电终端A 将字符串x‖t在传输信道C上发送给配电终端B,经过一段预定时间,判断配电终端B是否接 收到字符串x′‖t′后,若接收到该字符串,检查验证标签
Figure 579809DEST_PATH_IMAGE003
是否与检 测标签tag相等,若相等,表明没有检测到非法监听,传输信道C的传输是安全的,则它在外 部接口接受并输出业务数据x′,并立即将配电终端A输出的密钥k1进行回收。若不相等,输 出错误符号nor,判定的传输过程是不安全的。如果经过预定时间未接收到该字符串,同样 输出错误符号nor,判定的传输过程是不安全的。 In the embodiment of the present invention, the original quantum key shared between the terminals (the power distribution terminal A as the sending end and the power distribution terminal B as the receiving end) is first divided into two parts k = k1∥k2, and they are used to generate a detection label tag,
Figure 294004DEST_PATH_IMAGE001
, for encrypted business data x,
Figure 518312DEST_PATH_IMAGE002
Expressed as an AXU universal hash function. Power distribution terminal A sends the string x‖t to power distribution terminal B on the transmission channel C. After a predetermined period of time, after judging whether power distribution terminal B has received the string x′‖t’, if it receives the string , check the authentication tab
Figure 579809DEST_PATH_IMAGE003
Whether it is equal to the detection label tag, if it is equal, it indicates that no illegal interception has been detected, and the transmission of the transmission channel C is safe, then it accepts and outputs the business data x′ on the external interface, and immediately sends the key output by the power distribution terminal A k1 for recycling. If they are not equal, the error symbol nor is output, and the determined transmission process is unsafe. If the character string is not received after a predetermined time, the error symbol nor is also output, and the determined transmission process is unsafe.

需要说明的是,采用预设的分割算法将原始量子密钥k划分为第一量子密钥 k1和第二量子密钥k2的具体手段根据实际情况进行设置,均不影响本发明取得的有益效果。It should be noted that the specific means of dividing the original quantum key k into the first quantum key k1 and the second quantum key k2 by using the preset segmentation algorithm are set according to the actual situation, which will not affect the beneficial effects obtained by the present invention .

采用本发明实施例的技术手段,通过对原始量子密钥分成两部分,结合加密传输的业务数据,在传输前和传输后对应分别生成检测标签和验证标签,来实现对加密传输过程是否安全的判断,提高了对加密安全检测的精准性,保证了回收的量子密钥的可用性。Using the technical means of the embodiment of the present invention, by dividing the original quantum key into two parts, combined with the encrypted transmission business data, correspondingly generating detection labels and verification labels before and after transmission, to realize whether the encrypted transmission process is safe Judgment improves the accuracy of encryption security detection and ensures the usability of recovered quantum keys.

作为优选的实施方式,本发明实施例在上述任一实施例的基础上进一步实施,为了进一步提高采用回收量子密钥进行加密传输的安全性,本发明实施例对采用回收密钥池中的回收量子密钥对电力业务进行加密传输的过程进行优化。As a preferred implementation mode, the embodiment of the present invention is further implemented on the basis of any of the above-mentioned embodiments. In order to further improve the security of using the recovered quantum key for encrypted transmission, the embodiment of the present invention uses the recovered quantum key in the recovery key pool. Quantum keys optimize the process of encrypted transmission of power services.

在一种优选的实施方式下,在步骤S14中,所述从回收密钥池中获取回收量子密钥对预设类型的待传输的电力业务进行加密传输,具体包括步骤S141a和S142a:In a preferred implementation manner, in step S14, the acquisition of the recovery quantum key from the recovery key pool encrypts and transmits the preset type of power services to be transmitted, specifically including steps S141a and S142a:

S141 a、随机获取所述回收密钥池中的至少两个回收量子密钥;S141 a. Randomly obtain at least two recovered quantum keys in the recovered key pool;

S142a、将所述至少两个回收量子密钥采用预设的合成算法进行合成,得到组合量子密钥,并采用所述组合量子密钥对预设类型的待传输的电力业务进行加密传输。S142a. Synthesize the at least two recovered quantum keys using a preset synthesis algorithm to obtain a combined quantum key, and use the combined quantum key to encrypt and transmit a preset type of power service to be transmitted.

在本发明实施例中,对于预设类型的待传输的电力业务,从回收密钥池中随机获取至少两个回收量子密钥,并将所述至少两个回收量子密钥进行合成,再用于对所述电力业务进行加密传输。In the embodiment of the present invention, for a preset type of power service to be transmitted, at least two recovered quantum keys are randomly obtained from the recovered key pool, and the at least two recovered quantum keys are synthesized, and then used Encrypted transmission of the power service.

需要说明的是,采用预设的合成算法将至少两个回收量子密钥进行合成的具体手段根据实际情况进行设置,均不影响本发明取得的有益效果。It should be noted that the specific means of synthesizing at least two recovered quantum keys using a preset synthesis algorithm is set according to the actual situation, which will not affect the beneficial effects obtained by the present invention.

采用本发明实施例的技术手段,通过随机获取至少两个回收量子密钥合成为组合量子密钥,在很大概率上所述组合量子密钥不是来自于同一个电力业务在先加密过程中使用的原始量子密钥,采用所述组合量子密钥对后续业务进行加密传输,能够进一步提高加密安全性。Using the technical means of the embodiment of the present invention, at least two recycled quantum keys are randomly obtained to synthesize a combined quantum key, and with a high probability, the combined quantum key is not used in the previous encryption process of the same power service The original quantum key, using the combined quantum key to encrypt and transmit subsequent services can further improve encryption security.

在另一种优选的实施方式下,在步骤S14中,所述从回收密钥池中获取回收量子密钥对预设类型的待传输的电力业务进行加密传输,具体包括步骤S141b和S142b:In another preferred implementation manner, in step S14, the acquisition of the recovery quantum key from the recovery key pool encrypts and transmits the preset type of power services to be transmitted, specifically including steps S141b and S142b:

S141b、随机获取所述回收密钥池中的两个回收量子密钥,作为第一回收量子密钥和第二回收量子密钥;S141b. Randomly obtain two recovered quantum keys in the recovered key pool as the first recovered quantum key and the second recovered quantum key;

S142b、采用所述第一回收量子密钥对预设类型的待传输的电力业务的业务数据进行一次加密之后,再采用所述第二回收量子密钥对一次加密后的业务数据进行二次加密并传输。S142b. After encrypting the service data of the power service of the preset type to be transmitted by using the first recovered quantum key, and then using the second recovered quantum key to encrypt the once-encrypted business data twice and transmit.

在本发明实施例中,对于预设类型的待传输的电力业务,从回收密钥池中随机获取两个回收量子密钥,采用其中一个回收量子密钥对待传输的业务数据进行一次加密,再对一次加密后得到的加密数据采用另一个回收量子密钥进行二次加密,得到二次加密数据,再由发送端的配电终端通过传输信道发送给接收端的配电终端。In the embodiment of the present invention, for a preset type of power service to be transmitted, two recovered quantum keys are randomly obtained from the recovered key pool, and one of the recovered quantum keys is used to encrypt the business data to be transmitted once, and then The encrypted data obtained after the first encryption is encrypted twice with another recovered quantum key to obtain the second encrypted data, and then the power distribution terminal at the sending end sends it to the power distribution terminal at the receiving end through the transmission channel.

可以理解地,接收端的配电终端在接收到二次加密数据后,需要进行一次解密,再进行二次解密得到业务数据。Understandably, after receiving the twice-encrypted data, the power distribution terminal at the receiving end needs to perform one decryption, and then perform second decryption to obtain service data.

发明实施例的技术手段,通过随机获取两个回收量子密钥来对业务数据进行两次加密,能够进一步提高加密安全性,很大程度上避免采用回收的量子密钥进行加密导致传输的业务数据容易被窃听的情况。According to the technical means of the embodiment of the invention, the business data is encrypted twice by randomly obtaining two recovered quantum keys, which can further improve the security of the encryption, and largely avoid the use of the recovered quantum keys to encrypt the transmitted business data. vulnerable to eavesdropping.

作为优选的实施方式,为了更进一步提高采用回收量子密钥进行加密传输的安全性,在本发明实施例中,所述回收量子密钥是根据业务优先级高于第二预设等级阈值的电力业务在加密传输过程中已使用过的原始量子密钥生成的。As a preferred implementation mode, in order to further improve the security of encrypted transmission using the recovered quantum key, in the embodiment of the present invention, the recovered quantum key is based on the power of the business priority higher than the second preset level threshold It is generated by the original quantum key that has been used by the business during encrypted transmission.

需要说明的是,所述第二预设等级阈值为预先设置的,其值可以根据实际应用情况下对电力业务的业务优先级的划分数量进行确定,在此不做具体限定。It should be noted that the second preset level threshold is preset, and its value may be determined according to the number of divisions of business priorities of electric power services in an actual application situation, and is not specifically limited here.

以上述三种业务优先级的电力业务为例,可以设置所述第二预设等级阈值为2,也即仅对第一业务优先级的电力业务在加密传输过程中所使用的原始量子密钥进行回收,对于第二和第三业务优先级的电力业务在加密传输过程中所使用的原始量子密钥则丢弃。Taking the power business of the above three business priorities as an example, the second preset level threshold can be set to 2, that is, only the original quantum key used in the encrypted transmission process for the power business of the first business priority For recovery, the original quantum key used in the encrypted transmission process for the second and third service priority power services is then discarded.

可选地,结合上述实施方式,将业务优先级高于第二预设等级阈值的电力业务(例如第一业务优先级的电力业务)在加密传输过程中已使用过的原始量子密钥中的第一量子密钥进行回收,生成回收量子密钥,并在检测到量子密钥池的净密钥生成速率小于等于预设的速率阈值时,从回收密钥池中获取回收量子密钥对业务优先级低于第一预设等级阈值的待传输的电力业务(例如第三业务优先级的电力业务)进行加密传输。Optionally, in combination with the above-mentioned implementation manner, the power services whose business priority is higher than the second preset level threshold (for example, the power business with the first business priority) in the original quantum key that has been used in the encrypted transmission process Recycle the first quantum key, generate the recovered quantum key, and obtain the recovered quantum key pair service from the recovered key pool when it is detected that the net key generation rate of the quantum key pool is less than or equal to the preset rate threshold The power service to be transmitted whose priority is lower than the first preset level threshold (for example, the power service of the third service priority) is encrypted for transmission.

作为优选的实施方式,本发明实施例在上述任一实施例的基础上进一步实施所述方法还包括步骤S15:As a preferred implementation mode, the embodiment of the present invention further implements the method on the basis of any of the above embodiments and further includes step S15:

S15、当所述净密钥生成速率小于等于所述预设的速率阈值时,通过降低每一所述电力业务的加密等级和/或密钥更新频率,对每一所述电力业务的通信加密策略进行调整。S15. When the net key generation rate is less than or equal to the preset rate threshold, encrypt the communication of each of the power services by reducing the encryption level and/or key update frequency of each of the power services Strategies are adjusted.

具体地,步骤S15包括:Specifically, step S15 includes:

S151、获取当前待传输的电力业务中业务优先级大于第三预设等级阈值的电力业务,作为第一类调整电力业务;获取当前待传输的电力业务中业务优先级小于等于所述第三预设等级阈值的电力业务,作为第二类调整电力业务;S151. Acquire power services with a service priority greater than the third preset level threshold among the current power services to be transmitted, and use them as the first type of adjusted power services; The power business with a grade threshold is regarded as the second type of adjusted power business;

S152、执行第一调整操作;所述第一调整操作包括:重置所述第一类调整电力业务的密钥更新频率,并将所述第一类调整电力业务的加密等级降低至少一个等级值,以及,将所述第二类调整电力业务的密钥更新频率降低至少一个频率调整步长;S152. Perform a first adjustment operation; the first adjustment operation includes: resetting the key update frequency of the first type of adjustment power service, and reducing the encryption level of the first type of adjustment power service by at least one level value , and, reducing the key update frequency of the second type of power adjustment service by at least one frequency adjustment step;

S153、经过第一预设时长,判断当前是否符合调整成功的条件;其中,所述调整成功的条件为:所述净密钥生成速率大于第二预设速率阈值Rset’,或所述量子密钥池中的剩余量子密钥大于预设密钥量阈值;其中,所述第二预设速率阈值Rset’大于所述预设的速率阈值RsetS153. After the first preset time period, judge whether the current adjustment success condition is met; wherein, the adjustment success condition is: the net key generation rate is greater than the second preset rate threshold R set ', or the quantum The remaining quantum keys in the key pool are greater than the preset key quantity threshold; wherein, the second preset rate threshold R set 'is greater than the preset rate threshold R set ;

S154、若符合调整成功的条件,则重置每一电力业务的通信加密策略;S154. If the condition for successful adjustment is met, reset the communication encryption policy of each electric power service;

S155、若不符合调整成功的条件,则执行第二调整操作,所述第二调整操作包括:将所述第一类调整电力业务的密钥更新频率降低至少一个频率调整步长,以及,重置所述第二类调整电力业务的密钥更新频率,并将所述第二类调整电力业务的加密等级降低至少一个等级值;S155. If the condition for successful adjustment is not met, perform a second adjustment operation, the second adjustment operation includes: reducing the key update frequency of the first type of adjusted power service by at least one frequency adjustment step, and resetting Setting the key update frequency of the second type of adjusted power service, and reducing the encryption level of the second type of adjusted power service by at least one level value;

S156、经过第二预设时长,判断当前是否符合所述调整成功的条件;S156. After a second preset period of time, determine whether the condition for successful adjustment is currently met;

S157、若符合调整成功的条件,则重置每一电力业务的通信加密策略;S157. If the condition for successful adjustment is met, reset the communication encryption policy of each electric power service;

S158、若不符合调整成功的条件,则返回步骤S151,重新执行第一调整操作。S158. If the condition for successful adjustment is not met, return to step S151 and re-execute the first adjustment operation.

采用本发明实施例的技术手段,当检测到所述净密钥生成速率小于等于预设的速率阈值时,除了启用量子密钥回收机制之外,还通过对电力业务的加密等级和/或密钥更新频率进行调整,以快速增大量子密钥池中的原始量子密钥的剩余数量,增大净密钥生成速率,保证配电终端之间的电力业务的正常传输需求和传输效率。Using the technical means of the embodiment of the present invention, when it is detected that the net key generation rate is less than or equal to the preset rate threshold, in addition to enabling the quantum key recovery mechanism, the encryption level and/or encryption Adjust the key update frequency to quickly increase the remaining number of original quantum keys in the quantum key pool, increase the net key generation rate, and ensure the normal transmission requirements and transmission efficiency of power services between power distribution terminals.

参见图4,是本发明实施例提供的一种配电终端的通信加密装置的结构示意图,本发明实施例还提供了一种配电终端的通信加密装置30,包括:Referring to FIG. 4 , it is a schematic structural diagram of a communication encryption device for a power distribution terminal provided by an embodiment of the present invention. The embodiment of the present invention also provides a communication encryption device 30 for a power distribution terminal, including:

加密策略确定模块31,用于根据配电终端之间待传输的电力业务的业务优先级,确定所述电力业务的通信加密策略;An encryption policy determination module 31, configured to determine a communication encryption policy for the power service according to the service priority of the power service to be transmitted between power distribution terminals;

第一加密传输模块32,用于根据所述通信加密策略,从量子密钥池中获取原始量子密钥对所述电力业务进行加密传输;其中,所述原始量子密钥为量子密钥池生成的未使用的量子密钥;The first encryption transmission module 32 is used to obtain the original quantum key from the quantum key pool to encrypt and transmit the power service according to the communication encryption strategy; wherein, the original quantum key is generated by the quantum key pool of unused quantum keys;

净密钥生成速率计算模块33,用于实时计算所述量子密钥池的净密钥生成速率;所述净密钥生成速率为单位时间内量子密钥池的量子密钥生成量与量子密钥消耗量之差;The net key generation rate calculation module 33 is used to calculate the net key generation rate of the quantum key pool in real time; difference in key consumption;

第二加密传输模块34,用于当所述净密钥生成速率小于等于预设的速率阈值时,从回收密钥池中获取回收量子密钥对预设类型的待传输的电力业务进行加密传输;其中,所述回收量子密钥是根据已使用过的原始量子密钥生成的。The second encryption transmission module 34 is used to obtain the recovery quantum key from the recovery key pool to encrypt and transmit the preset type of power service to be transmitted when the net key generation rate is less than or equal to the preset rate threshold ; Wherein, the recovery quantum key is generated according to the used original quantum key.

采用本发明实施例的技术手段,为不同业务优先级的电力业务分配不同的通信加密策略,不同通信加密策略的所消耗的量子密钥和密钥更新频率不同,减少低业务优先级的电力业务在加密传输过程中所需要消耗的量子密钥量,相比于所有电力业务均采用一次一密的方案,本发明实施例能够有效缓解量子密钥池生成量子密钥的速率较低导致无法满足所有电力业务的正常传输需求的问题。在此基础上,当检测到净密钥生成速率过低时,将部分电力业务的加密传输过程调整为采用已经使用过的量子密钥进行加密,可进一步节省原始量子密钥的使用量,为高业务优先级的电力业务保留更多的原始量子密钥,提高量子密钥池的净密钥生成速率,避免量子密钥量不足导致无法满足配电终端之间所有电力业务的正常传输需求的问题,保证配电终端之间的电力业务的正常传输需求和传输效率。Using the technical means of the embodiment of the present invention, different communication encryption strategies are assigned to power services with different business priorities, and the quantum keys and key update frequencies consumed by different communication encryption strategies are different, reducing power services with low business priorities Compared with the one-time pad scheme used in all power services, the amount of quantum keys that need to be consumed in the encrypted transmission process, the embodiment of the present invention can effectively alleviate the low rate of quantum key generation by the quantum key pool, which cannot meet the requirements A matter of the normal transmission needs of all electricity services. On this basis, when it is detected that the net key generation rate is too low, the encrypted transmission process of some power services is adjusted to use the quantum key that has already been used for encryption, which can further save the use of the original quantum key. The power business with high business priority retains more original quantum keys, increases the net key generation rate of the quantum key pool, and avoids the failure to meet the normal transmission requirements of all power services between power distribution terminals due to insufficient quantum keys The problem is to ensure the normal transmission requirements and transmission efficiency of power services between power distribution terminals.

需要说明的是,本发明实施例提供的一种配电终端的通信加密装置用于执行上述任一实施例提供的一种配电终端的通信加密方法的所有流程步骤,两者的工作原理和有益效果一一对应,因而不再赘述。It should be noted that a communication encryption device for a power distribution terminal provided in an embodiment of the present invention is used to perform all the process steps of a communication encryption method for a power distribution terminal provided in any of the above-mentioned embodiments. The beneficial effects are one-to-one correspondence, and thus will not be repeated.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-OnlyMemory,ROM)或随机存储记忆体(RandomAccessMemory,RAM)等。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented through computer programs to instruct related hardware, and the programs can be stored in a computer-readable storage medium. During execution, it may include the processes of the embodiments of the above-mentioned methods. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM) or a random access memory (Random Access Memory, RAM) and the like.

以上所述是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也视为本发明的保护范围。The above description is a preferred embodiment of the present invention, and it should be pointed out that for those skilled in the art, without departing from the principle of the present invention, some improvements and modifications can also be made, and these improvements and modifications are also considered Be the protection scope of the present invention.

Claims (10)

1. A communication encryption method for a power distribution terminal is characterized by comprising the following steps:
determining a communication encryption strategy of the power service according to the service priority of the power service to be transmitted between the power distribution terminals;
according to the communication encryption strategy, an original quantum key is obtained from a quantum key pool to encrypt and transmit the power service; the original quantum key is an unused quantum key generated by a quantum key pool;
calculating the net key generation rate of the quantum key pool in real time; the net key generation rate is the difference between the quantum key generation amount and the quantum key consumption amount of the quantum key pool in unit time;
when the net secret key generation rate is smaller than or equal to a preset rate threshold value, acquiring a recovery quantum secret key from a recovery secret key pool to carry out encryption transmission on a preset type of electric power service to be transmitted; wherein the recovered quantum key is generated from the used original quantum key.
2. The communication encryption method for the power distribution terminal according to claim 1, wherein the higher the service priority of the power service is, the higher the encryption level and the key update frequency of the corresponding communication encryption policy are; wherein the encryption level has a positive correlation with the quantum key amount used for transmitting the power service.
3. The communication encryption method for the power distribution terminal according to claim 2, wherein the predetermined type of power traffic is power traffic having a traffic priority lower than a first predetermined level threshold.
4. The communication encryption method for the power distribution terminal according to claim 1, wherein the recycling quantum key is generated and stored by:
detecting whether the encryption transmission process of the power business is safe or not in the process of obtaining the original quantum key to carry out encryption transmission on the power business;
when the encryption transmission process is safe, acquiring a first quantum key in original quantum keys used in the encryption transmission process as the recovery quantum key, and storing the first quantum key in the recovery key pool; the first quantum key is obtained by dividing the used original quantum key through a preset segmentation algorithm.
5. The communication encryption method for the power distribution terminal according to claim 4, wherein in the process of obtaining the original quantum key to encrypt and transmit the power service, whether the encryption transmission process of the power service is safe is detected, specifically:
before the power business is encrypted and transmitted, dividing the obtained original quantum key into the first quantum key and the second quantum key by adopting the segmentation algorithm;
generating a detection tag from the first quantum key, the second quantum key, and the transmitted power traffic
Figure 416802DEST_PATH_IMAGE001
(ii) a Wherein k1 is a first quantum key, k2 is a second quantum key, x is service data of the transmitted power service,
Figure 60273DEST_PATH_IMAGE002
is a preset hash function;
after the power service is encrypted and transmitted, whether a power distribution terminal serving as a receiving end receives service data within a preset waiting time is judged;
if yes, generating a verification label according to the received service data
Figure 205559DEST_PATH_IMAGE003
(ii) a Wherein x' is the received service data;
when the detection tag and the verification tag are equal, judging that the encryption transmission process of the power service is safe, and when the detection tag and the verification tag are not equal, judging that the encryption transmission process of the power service is unsafe;
and if not, judging that the encryption transmission process of the power service is unsafe.
6. The communication encryption method for the power distribution terminal according to claim 1, wherein the obtaining the recycling quantum key from the recycling key pool encrypts and transmits a preset type of power service to be transmitted, and specifically includes:
randomly acquiring at least two recovery quantum keys in the recovery key pool;
and synthesizing the at least two recovered quantum keys by adopting a preset synthesis algorithm to obtain a combined quantum key, and encrypting and transmitting the preset type of power service to be transmitted by adopting the combined quantum key.
7. The communication encryption method for the power distribution terminal according to claim 4, wherein the obtaining of the recycling quantum key from the recycling key pool performs encrypted transmission on a preset type of power service to be transmitted, and specifically includes:
randomly acquiring two recovered quantum keys in the recovered key pool as a first recovered quantum key and a second recovered quantum key;
and after the first recovery quantum key is adopted to encrypt the service data of the preset type of power service to be transmitted for the first time, the second recovery quantum key is adopted to encrypt the service data after the first encryption for the second time and transmit the service data.
8. The communication encryption method for the power distribution terminal according to claim 3, wherein the recovered quantum key is generated according to an original quantum key that has been used in the encryption transmission process by the power service with the service priority higher than the second preset level threshold.
9. The communication encryption method for the power distribution terminal according to claim 2, wherein when the net key generation rate is equal to or less than the preset rate threshold, the method further comprises:
and adjusting the communication encryption strategy of each power service by reducing the encryption grade and/or the key updating frequency of each power service.
10. A communication encryption apparatus for a power distribution terminal, comprising:
the encryption strategy determining module is used for determining a communication encryption strategy of the power service according to the service priority of the power service to be transmitted between the power distribution terminals;
the first encryption transmission module is used for acquiring an original quantum key from a quantum key pool according to the communication encryption strategy to encrypt and transmit the power service; the original quantum key is an unused quantum key generated by a quantum key pool;
the net key generation rate calculation module is used for calculating the net key generation rate of the quantum key pool in real time; the net key generation rate is the difference between the quantum key generation amount and the quantum key consumption amount of the quantum key pool in unit time;
the second encryption transmission module is used for acquiring a recovery quantum key from a recovery key pool to carry out encryption transmission on the preset type of power service to be transmitted when the net key generation rate is less than or equal to a preset rate threshold; wherein the recovered quantum key is generated from the used original quantum key.
CN202310000639.9A 2023-01-03 2023-01-03 Communication encryption method and device for power distribution terminal Active CN115694815B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310000639.9A CN115694815B (en) 2023-01-03 2023-01-03 Communication encryption method and device for power distribution terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310000639.9A CN115694815B (en) 2023-01-03 2023-01-03 Communication encryption method and device for power distribution terminal

Publications (2)

Publication Number Publication Date
CN115694815A true CN115694815A (en) 2023-02-03
CN115694815B CN115694815B (en) 2023-03-28

Family

ID=85057153

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310000639.9A Active CN115694815B (en) 2023-01-03 2023-01-03 Communication encryption method and device for power distribution terminal

Country Status (1)

Country Link
CN (1) CN115694815B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116318689A (en) * 2023-05-25 2023-06-23 天津市城市规划设计研究总院有限公司 Method and system for improving information transmission safety of Internet of things equipment by utilizing quantum key
CN118214164A (en) * 2024-04-11 2024-06-18 湖北兴盛通电气设备有限公司 A pre-installed substation management system and method
CN118555142A (en) * 2024-07-29 2024-08-27 成都凌亚科技有限公司 Multi-interface data processing method and system based on FPGA
CN118972057A (en) * 2024-10-12 2024-11-15 深圳市旭子科技有限公司 Quantum key distribution method, device, equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170324550A1 (en) * 2016-05-06 2017-11-09 Alibaba Group Holding Limited System and method for encryption and decryption based on quantum key distribution
CN107508671A (en) * 2017-08-18 2017-12-22 北京邮电大学 Service communication method and device based on quantum key distribution
CN108134669A (en) * 2018-01-11 2018-06-08 北京国电通网络技术有限公司 Towards the quantum key dynamic supply method of power scheduling business and management system
CN110048833A (en) * 2019-03-04 2019-07-23 全球能源互联网研究院有限公司 Power business encryption method and device based on quantum satellite key network
CN113765660A (en) * 2021-09-06 2021-12-07 东南大学 A method for on-demand distribution of quantum keys for IoT terminal devices
CN114499842A (en) * 2021-12-31 2022-05-13 华南师范大学 A Reinforcement Learning-Based Key Resource Pre-allocation Method for QKD Networks
CN115314270A (en) * 2022-07-29 2022-11-08 国网浙江省电力有限公司宁波供电公司 Power business hierarchical encryption method and communication method based on quantum key

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170324550A1 (en) * 2016-05-06 2017-11-09 Alibaba Group Holding Limited System and method for encryption and decryption based on quantum key distribution
CN107508671A (en) * 2017-08-18 2017-12-22 北京邮电大学 Service communication method and device based on quantum key distribution
CN108134669A (en) * 2018-01-11 2018-06-08 北京国电通网络技术有限公司 Towards the quantum key dynamic supply method of power scheduling business and management system
CN110048833A (en) * 2019-03-04 2019-07-23 全球能源互联网研究院有限公司 Power business encryption method and device based on quantum satellite key network
CN113765660A (en) * 2021-09-06 2021-12-07 东南大学 A method for on-demand distribution of quantum keys for IoT terminal devices
CN114499842A (en) * 2021-12-31 2022-05-13 华南师范大学 A Reinforcement Learning-Based Key Resource Pre-allocation Method for QKD Networks
CN115314270A (en) * 2022-07-29 2022-11-08 国网浙江省电力有限公司宁波供电公司 Power business hierarchical encryption method and communication method based on quantum key

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李恕海;王育民;: "四维Hilbert空间上的量子密钥分配协议" *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116318689A (en) * 2023-05-25 2023-06-23 天津市城市规划设计研究总院有限公司 Method and system for improving information transmission safety of Internet of things equipment by utilizing quantum key
CN118214164A (en) * 2024-04-11 2024-06-18 湖北兴盛通电气设备有限公司 A pre-installed substation management system and method
CN118214164B (en) * 2024-04-11 2024-12-13 湖北兴盛通电气设备有限公司 A pre-installed substation management system and method
CN118555142A (en) * 2024-07-29 2024-08-27 成都凌亚科技有限公司 Multi-interface data processing method and system based on FPGA
CN118972057A (en) * 2024-10-12 2024-11-15 深圳市旭子科技有限公司 Quantum key distribution method, device, equipment and storage medium
CN118972057B (en) * 2024-10-12 2025-02-11 深圳市旭子科技有限公司 Quantum key distribution method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN115694815B (en) 2023-03-28

Similar Documents

Publication Publication Date Title
CN115694815A (en) Communication encryption method and device for power distribution terminal
CN113038468B (en) A quantum key distribution and negotiation method for wireless terminals in the Internet of Things
US9032208B2 (en) Communication terminal, communication system, communication method and communication program
US8948377B2 (en) Encryption device, encryption system, encryption method, and encryption program
CN103475464B (en) A kind of power special quantum encryption gateway system
CN104618109B (en) A kind of electric power terminal data safe transmission method based on digital signature
CN104486316A (en) Quantum key classification providing method for improving electric power data transmission security
KR102609578B1 (en) Apparatus, method and computer program for managing quantum cryptography key
CN111541690B (en) Safety protection method for communication between intelligent terminal and server
CN118337386B (en) Network security communication method, storage medium, device and computer program product based on improved enhanced quantum security encryption algorithm
CN116528228B (en) A method, communication method, and system for Internet of Vehicles preset and session key distribution
CN101931623A (en) A secure communication method suitable for remote control with limited capabilities of the controlled terminal
CN114866778B (en) Monitoring video safety system
CN111163108A (en) A system and method for compound encryption of security terminal chip of power internet of things
CN116318702A (en) Multi-particle GHZ state-based semi-quantum ring signature method and device
CN107896216A (en) Key management, data encryption and identity authentication method for electric power measuring instrument
CN114125831A (en) 5G smart grid user side data acquisition method and system based on proxy re-encryption
CN112398655B (en) File transmission method, server and computer storage medium
CN118509227A (en) Data transmission method, device and system
CN117914483A (en) Secure communication method, apparatus, device and medium
CN111510294A (en) Method for improving office system security by using secret key
CN206602532U (en) A kind of system that communication is encrypted
CN110061895B (en) Close-range energy-saving communication method and system for quantum computing resisting application system based on key fob
CN108810016B (en) Terminal access authentication method based on quantum cipher watermark
CN111431721A (en) IBE-based Internet of things equipment encryption method in intelligent medical environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant