CN116801243A - Device and method for mobile digital operation in electric power marketing site - Google Patents
Device and method for mobile digital operation in electric power marketing site Download PDFInfo
- Publication number
- CN116801243A CN116801243A CN202310823842.6A CN202310823842A CN116801243A CN 116801243 A CN116801243 A CN 116801243A CN 202310823842 A CN202310823842 A CN 202310823842A CN 116801243 A CN116801243 A CN 116801243A
- Authority
- CN
- China
- Prior art keywords
- operation terminal
- ciphertext
- terminal
- power
- session key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000004891 communication Methods 0.000 claims abstract description 72
- 230000003993 interaction Effects 0.000 claims abstract description 68
- 238000012795 verification Methods 0.000 claims description 21
- 230000001276 controlling effect Effects 0.000 claims description 14
- 238000012545 processing Methods 0.000 claims description 10
- 102000007315 Telomeric Repeat Binding Protein 1 Human genes 0.000 claims description 8
- 108010033711 Telomeric Repeat Binding Protein 1 Proteins 0.000 claims description 8
- 230000004044 response Effects 0.000 claims description 8
- 231100000279 safety data Toxicity 0.000 claims description 7
- 238000012360 testing method Methods 0.000 claims description 7
- 238000004364 calculation method Methods 0.000 claims description 5
- 230000005611 electricity Effects 0.000 claims description 4
- 102000005591 NIMA-Interacting Peptidylprolyl Isomerase Human genes 0.000 claims description 3
- 108010059419 NIMA-Interacting Peptidylprolyl Isomerase Proteins 0.000 claims description 3
- 238000012790 confirmation Methods 0.000 claims description 2
- 230000001105 regulatory effect Effects 0.000 claims description 2
- 230000002452 interceptive effect Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 10
- 238000004590 computer program Methods 0.000 description 7
- 238000012423 maintenance Methods 0.000 description 4
- 238000007689 inspection Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- WHXSMMKQMYFTQS-UHFFFAOYSA-N Lithium Chemical compound [Li] WHXSMMKQMYFTQS-UHFFFAOYSA-N 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 229910052744 lithium Inorganic materials 0.000 description 2
- 229910000838 Al alloy Inorganic materials 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 229910052751 metal Inorganic materials 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000005507 spraying Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J13/00—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
- H02J13/00001—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by the display of information or by user interaction, e.g. supervisory control and data acquisition systems [SCADA] or graphical user interfaces [GUI]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/11—Arrangements specific to free-space transmission, i.e. transmission through air or vacuum
- H04B10/114—Indoor or close-range type systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Abstract
The invention provides a device and a method for mobile digital operation of an electric power marketing site, wherein the device comprises a first operation terminal and a second operation terminal, the first operation terminal realizes communication interaction with an electric power background system and the second operation terminal, and the second operation terminal realizes interaction with the first operation terminal and electric network asset equipment. The device adopts the flexible configurability of the first operation terminal and the second operation terminal, has an external network operation mode, can utilize the high-quality computing resources of the external network, and can cover the traditional internal network operation mode. Furthermore, the device also considers the possibility of supplying power to other external equipment, and in order to improve the usability of the device, a large-capacity charging device, a mobile storage space and a mobile hot spot function are additionally designed for the second operation terminal, so that the usability of the device is greatly expanded.
Description
Technical Field
The invention relates to the field of safety analysis of power systems, in particular to a method and a device for determining voltage support strength of a new energy power system.
Background
In the electric power marketing field operation, the special terminal equipment can help field operation staff to finish the field operations such as ammeter repair, collection operation and maintenance, metering operation and maintenance, field inspection, emergency power failure, asset management, key update and the like. In order to reduce the work load of on-site operation and maintenance personnel, the prior art develops a special terminal device for the power business, metering and operation and inspection professions, and assists the on-site operation and maintenance personnel to carry out on-site business handling, on-site information acquisition and recording, on-site equipment inspection and tour and other works. Through the upgrading of the operation mode and the iteration of the device, various special terminal devices obtain good application results.
However, through intensive investigation and analysis, the problems of short battery endurance mileage, battery bulge, slow GPS positioning, automatic camera overheat closing, short infrared meter reading distance, low infrared meter reading success rate and the like of the special terminal device which is disclosed to be used are found. And the special terminal device can only complete work order closed loop and data acquisition work through the power intranet due to mandatory safety requirements, and cannot utilize various high-quality computing resources in the external network.
Therefore, designing a new field operation terminal device and operation mode to improve and optimize the current situation of field operation is a problem to be solved.
Disclosure of Invention
The invention provides a device and a method for determining mobile digital operation of an electric power marketing site, aiming at solving the problems that a terminal device used for the electric power marketing site in the prior art has short battery endurance mileage, battery bulge, low GPS positioning, automatic closing of overheat of a camera, short infrared meter reading distance and low infrared meter reading success rate, and can only use electric power intranet operation and cannot utilize various high-quality computing resources in an extranet.
According to one aspect of the present invention, there is provided an apparatus for mobile digital work on an electricity marketing site, the apparatus comprising:
the first operation terminal is used for carrying out communication interaction with the power background system and the second operation terminal respectively on the power marketing site, wherein:
performing first identity authentication with the power background system to log in to the power background system;
receiving a mobile operation work order issued by a power background system, directly executing the mobile operation work order when the content of the mobile operation work order is that interaction with power grid asset equipment is not needed, and submitting an operation result; and
when the content of the mobile operation work order is that interaction with the power grid asset equipment is needed, establishing communication connection with a second operation terminal, performing session negotiation and key updating with the second operation terminal, controlling the second operation terminal to perform second identity authentication with the power background system, and generating a session key; the second operation terminal is controlled to complete session negotiation with the power grid asset equipment and communication interaction with the power grid asset equipment, and an operation result is submitted to the power background system after the interaction is completed, wherein the session key is simultaneously saved by the power background system and is used for generating authority required by authentication and interaction of the power grid asset equipment in the mobile operation work order;
And the second operation terminal is used for communicating and interacting with the power grid asset equipment and the first operation terminal respectively when the first operation terminal determines that the content of the mobile operation work order issued by the power background system needs to interact with the power grid asset equipment on the power marketing site.
According to another aspect of the present invention, there is provided a method of mobile digital work on an electricity marketing site, the method comprising:
the first operation terminal performs first identity authentication with the power background system, and logs in to the power background system when the first identity authentication is passed;
the first operation terminal receives a mobile operation work order issued by the power background system;
when the content of the mobile operation work order is that interaction with power grid asset equipment is not needed, the first operation terminal directly executes the mobile operation work order and submits an operation result;
when the content of the mobile operation work order is that interaction with the power grid asset equipment is needed, the first operation terminal establishes communication connection with the second operation terminal;
after the first operation terminal and the second operation terminal establish communication connection, the first operation terminal and the second operation terminal carry out session negotiation;
When the session negotiation between the first operation terminal and the second operation terminal is successful and the equipment state of the second operation terminal is a factory test state, the first operation terminal performs key updating operation on the second operation terminal, wherein after the key updating operation is successful, the equipment state of the second operation terminal is changed into a put-into-use state, and in the life cycle of the second operation terminal, the key updating operation is only performed once;
when the session negotiation between the first operation terminal and the second operation terminal is successful and the equipment state of the second operation terminal is the in-use state, the first operation terminal controls the second operation terminal to carry out second identity authentication with the power background system and generate a session key, wherein the session key is simultaneously saved by the power background system and is used for generating authority required by authentication and interaction of power grid asset equipment in the mobile operation work order;
after the second identity authentication is completed by the second operation terminal and the power background system, the first operation terminal sends the mobile operation work order to the second operation terminal, and the second operation terminal decrypts and generates the Ming Wen Gong work order data according to the session key, wherein the mobile operation work order is a work order of which the content needs to interact with the power grid asset equipment;
After the first operation terminal receives the plaintext work order data, controlling the second operation terminal to perform session negotiation with the power grid asset equipment according to the requirement of the plaintext work order data;
and after the session negotiation between the second operation terminal and the power grid asset equipment is successful, the first operation terminal controls the second operation terminal to perform communication interaction with the power grid asset equipment, and submits an operation result to the power background system.
The invention relates to a device and a method for mobile digital operation of an electric power marketing site, wherein the device comprises a first operation terminal and a second operation terminal, the first operation terminal realizes communication interaction with an electric power background system and the second operation terminal, and the second operation terminal realizes interaction with the first operation terminal and electric network asset equipment. The device avoids the problems that the prior electric power marketing field terminal device is limited by the performance of an intranet when communication with an electric power background system is realized through an average VPN and an APN public network channel built in the electric power system in order to ensure the safety of uploading and downloading task data, the operation process is slow and the efficiency is low, and the operation time length caused by short power supply time length is short. Furthermore, the device also considers the possibility of supplying power to other external equipment, and in order to improve the usability of the device, a large-capacity charging device, a mobile storage space and a mobile hot spot function are additionally designed for the second operation terminal, so that the usability of the device is greatly expanded.
Drawings
Exemplary embodiments of the present invention may be more completely understood in consideration of the following drawings:
FIG. 1 is a schematic diagram of an apparatus for mobile digital operation in a power marketing site according to a preferred embodiment of the present invention;
FIG. 2 is a schematic diagram of an apparatus operating in intranet mode and extranet mode according to a preferred embodiment of the present invention;
FIG. 3 is a flow chart of a method of mobile digitized work on a power marketing site in accordance with the preferred embodiment of the invention;
FIG. 4 is an interactive flow chart for establishing a communication connection between a first work terminal and a second work terminal in accordance with a preferred embodiment of the present invention;
FIG. 5 is an interactive flow chart of a session negotiation between a first and second work terminals in accordance with a preferred embodiment of the present invention;
FIG. 6 is an interactive flow chart of a first and second job terminals for key updating in accordance with a preferred embodiment of the present invention;
FIG. 7 is a flowchart of interaction of a first work terminal controlling a second work terminal to perform a second authentication with a power backend system in accordance with a preferred embodiment of the present invention;
fig. 8 is an interactive flow chart of a second work terminal generating a bill Wen Gong based on the work order data transmitted by the first work terminal according to the preferred embodiment of the present invention;
FIG. 9 is an interactive flow chart of a first job terminal controlling a second job terminal to conduct a session negotiation with a grid asset device in accordance with a preferred embodiment of the present invention;
fig. 10 is an interactive flow diagram of a first job terminal controlling a second job terminal to communicate with a grid asset device in accordance with a preferred embodiment of the present invention.
Detailed Description
The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the examples described herein, which are provided to fully and completely disclose the present invention and fully convey the scope of the invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, like elements/components are referred to by like reference numerals.
Unless otherwise indicated, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. In addition, it will be understood that terms defined in commonly used dictionaries should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
Fig. 1 is a schematic structural view of an apparatus for mobile digital operation in a power marketing site according to a preferred embodiment of the present invention. As shown in fig. 1, the apparatus 100 includes:
a first operation terminal 101, configured to perform communication interaction with a power backend system and a second operation terminal respectively at a power marketing site, where:
performing first identity authentication with the power background system to log in to the power background system;
receiving a mobile operation work order issued by a power background system, directly executing the mobile operation work order when the content of the mobile operation work order is that interaction with power grid asset equipment is not needed, and submitting an operation result; and
when the content of the mobile operation work order is that interaction with the power grid asset equipment is needed, establishing communication connection with a second operation terminal, performing session negotiation and key updating with the second operation terminal, controlling the second operation terminal to perform second identity authentication with the power background system, and generating a session key; the second operation terminal is controlled to complete session negotiation with the power grid asset equipment and communication interaction with the power grid asset equipment, and an operation result is submitted to the power background system after the interaction is completed, wherein the session key is simultaneously saved by the power background system and is used for generating authority required by authentication and interaction of the power grid asset equipment in the mobile operation work order;
And the second operation terminal 102 is used for respectively carrying out communication interaction with the power grid asset equipment and the first operation terminal when the first operation terminal determines that the content of the mobile operation work order issued by the power background system needs to be interacted with the power grid asset equipment on the power marketing site.
In the preferred embodiment, the first operation terminal may be an intelligent terminal capable of surfing the internet, such as a mobile phone, a tablet, etc. The second work terminal is a communication device which is specially designed to interact with the grid asset device. The data transmission mode of the device for carrying out the mobile digital operation on the electric power marketing site can be the same as the special terminal device in the prior art, and can be an intranet mode or an extranet mode unique to the device. Fig. 2 is a schematic diagram of an apparatus according to a preferred embodiment of the present invention operating in intranet mode and extranet mode. As shown in fig. 2, when the job mode is the extranet mode, the internet, internet large area and power backend system are involved. The Internet comprises a first operation terminal and a second operation terminal, and the first operation terminal and the second operation terminal are matched with each other to perform field operation. The mobile operation work order information is generated by the power background system, penetrates through the Internet and is transmitted to a first operation terminal of the power marketing mobile digital operation site, and after the first operation terminal and the second operation terminal cooperate to complete operation content, an operation result is returned to the power background system through the Internet. In this mode, the first operation terminal performs dual identity authentication through the security sdk and the information security access gateway, and performs data interaction on the basis of establishing a security channel.
When the operation mode is the intranet mode, the device has the same use effect as the special terminal in the prior art, and the device directly performs communication interaction with the power background system through the power wireless special network. In this mode, the operation efficiency is low under the constraint of the power wireless network.
Preferably, the second operation terminal includes the casing, control processing module, man-machine interaction module, measurement communication authentication module, outside extension module, infrared communication module, bluetooth module, bar code scanning module, power module and fixed storage module, wherein:
a housing for accommodating a portion of the second work terminal other than the housing;
the control processing module is used for regulating and controlling the operation of other modules in the second operation terminal and is directly connected with other modules;
the man-machine interaction module is used for determining the state of the second operation terminal;
the metering communication authentication module is used for completing key storage, encryption and decryption flow control, and comprises a secure encryption chip to realize encryption, decryption, signature verification, identity authentication, access right control and communication channel protection of data;
the external expansion module is used for configuring different patch cords to realize the communication between the second operation terminal and the power grid asset equipment and the data interaction with the power background system;
The infrared communication module is used for generating an infrared signal so as to enable the second operation terminal to communicate with the electric network asset equipment through the infrared signal;
the Bluetooth module is used for establishing communication connection between the second operation terminal and the first operation terminal;
the bar code scanning module is used for scanning bar codes and/or two-dimensional codes on the power grid asset equipment to acquire power grid asset equipment information;
the power supply module is used for supplying power to all modules in the second operation terminal and supplying power to external equipment through the external expansion module;
the fixed storage module is used for storing files, and is used as a system program code running space, a data operation space, a system stack allocation, a temporary data interaction space and a virtual hard disk space of the second operation terminal.
Preferably, the second work terminal further includes:
the public network wireless communication module is used for providing a mobile hot spot as a base station when the SIM card slot is placed in the SIM card, and assisting various mobile devices comprising the first operation terminal to access the mobile internet;
and the mobile storage module is used as mobile storage equipment when the TF card slot is placed in the TF, and the data is imported and extracted through the external expansion module.
In the preferred embodiment, the main frequency of the control processing module is not lower than 38KHz. The infrared communication module comprises a common infrared communication module and a laser infrared communication module. In order to realize the functions of the infrared communication module and the bar code scanning module, the second operation terminal is provided with a scanner window. The power supply module not only comprises a button battery for supplying power to the control processing module, but also comprises a high-capacity lithium battery, wherein the high-capacity lithium battery can supply power to external equipment through the external expansion module, and at the moment, the second operation terminal is equivalent to a high-capacity charger baby. Corresponding to the functions of the external expansion module, the second operation terminal provides a TYPE-C external expansion interface, supports USB2.0 or above high-speed transmission standard, supports the 18W rapid charging function, supports conversion from a USB interface to an RS485 interface and the like, and is provided with an antistatic circuit and an external attack protection circuit.
In addition, the surface of the second operation terminal is designed to be screwless, the inner structure is designed to be combined with the front panel and the rear panel by using a buckle, and the requirements of water resistance and drop resistance are met on the premise of safety and reliability; the surface is treated by adopting a fine grinding process, the metal texture of the aluminum alloy anode is achieved, and the bar codes and related product information are directly silk-screened on the shell by adopting code spraying and laser carving, so that the quality and texture of the product are improved.
Preferably, the man-machine interaction module comprises:
the key is positioned at the side edge of the shell and used for switching on and switching off the second operation terminal and lighting the display screen;
the display screen is used for displaying the residual electric quantity and the function starting state of the second operation terminal through a plurality of icons;
and the buzzer is used for being started up at the second operation terminal and used as a prompt tone when being communicated with the power grid asset equipment to represent the working state.
In the preferred embodiment, the on-off key of the second operation terminal is flexible and reliable, has no blocking or poor contact phenomenon, and has a key life of not less than 200 ten thousand times. The display screen is a color segment code type liquid crystal display screen, is matched with a high-brightness lens, replaces a traditional indicator lamp, and supports 10 kinds of working state icon display of battery electric quantity, charging indication, a 4G network, wi-Fi, bluetooth communication, bar code scanning, infrared communication, laser infrared communication, RS485/23 communication and TF card insertion states.
Preferably, the first and second work terminals include:
the first operation terminal and the second operation terminal are of split type structures, and are used separately, so that short-distance communication can be performed; or alternatively
The first operation terminal and the second operation terminal are of a buckle type/magnetic attraction type structure, and are physically connected through buckles/magnets; or alternatively
The second operation terminal is of a wearable structure and is attached to the body of an operator holding the first operation terminal through a binding band.
Fig. 3 is a flow chart of a method of mobile digitized work on a power marketing site according to a preferred embodiment of the invention. As shown in fig. 3, the method of the present preferred embodiment for performing the power marketing field mobile digitized operation starts at step 301.
In step 301, a first operation terminal performs a first identity authentication with a power background system, and logs in to the power background system when the first identity authentication is passed;
in step 302, the first operation terminal receives a mobile operation work order issued by the power background system;
in step 303, when the content of the mobile job ticket is that interaction with the power grid asset equipment is not needed, the first job terminal directly executes the mobile job ticket and submits a job result;
in step 304, when the content of the mobile job ticket is that interaction with the power grid asset equipment is required, the first job terminal establishes communication connection with a second job terminal;
In step 305, after the first operation terminal establishes a communication connection with the second operation terminal, the first operation terminal performs session negotiation with the second operation terminal;
in step 306, when the session negotiation between the first operation terminal and the second operation terminal is successful and the equipment state of the second operation terminal is a factory test state, the first operation terminal performs a key updating operation on the second operation terminal, wherein after the key updating operation is successful, the equipment state of the second operation terminal is changed to be in a use state, and in the life cycle of the second operation terminal, the key updating operation is performed only once;
in step 307, when the session negotiation between the first operation terminal and the second operation terminal is successful and the equipment state of the second operation terminal is the in-use state, the first operation terminal controls the second operation terminal to perform the second identity authentication with the power background system and generate a session key, wherein the session key is simultaneously saved by the power background system and is used for generating the authority required by authentication and interaction of the power grid asset equipment in the mobile operation work order;
In step 308, after the second identity authentication is completed by the second operation terminal and the power background system, the first operation terminal sends the mobile operation work order to the second operation terminal, and the second operation terminal decrypts according to the session key to generate Ming Wen Gong work order data, wherein the mobile operation work order is a work order whose content needs to interact with the power grid asset equipment;
in step 309, after receiving the plaintext work order data, the first operation terminal controls the second operation terminal to perform session negotiation with the power grid asset device according to the requirement of the plaintext work order data;
in step 310, after the session negotiation between the second operation terminal and the grid asset device is successful, the first operation terminal controls the second operation terminal to perform communication interaction with the grid asset device, and submits an operation result to the power background system.
Preferably, the first operation terminal performs a first authentication with a power backend system, and logs in to the power backend system when the first authentication passes, including:
when the first operation terminal logs in the power background system, a user name and a password are input to perform first identity authentication;
When the first identity authentication is passed, the power background system returns a unique session key UID;
and when logging in the power background system, the first operation terminal downloads and acquires the mobile operation work order according to the session key UID.
Preferably, when the content of the mobile job ticket is that interaction with the power grid asset equipment is required, the first job terminal establishes communication connection with the second job terminal, including:
the second operation terminal is powered on, and a preset symmetric key K1 is adopted to encrypt the plaintext PIN code PIN1 to obtain ciphertext E k1 (PIN 1) and encrypting the encrypted ciphertext E k1 (PIN 1) and the device ID of the second operation terminal to form a message E k1 (PIN 1) ID hairFeeding the first operation terminal;
the first operation terminal sends and decrypts the message E k1 The request of (PIN 1) ID is sent to the power background system, after receiving a plaintext PIN code PIN2 returned by the power background system, a connection request containing the PIN2 is sent to the second operation terminal through a message, wherein the plaintext PIN code PIN2 is used for calculating a symmetric key K1 by the power background system, and decrypting the ciphertext E based on the symmetric key K1 k1 (PIN 1) obtained;
and the second operation terminal confirms after receiving the connection request containing the PIN2, judges that the connection is successful when the confirmation message is error-free, and sends a message state 1I ID composed of the equipment ID and the state information state1 to the first operation terminal, wherein the state information comprises a factory test state and an in-use state.
Fig. 4 is an interactive flow chart for establishing a communication connection between a first work terminal and a second work terminal according to a preferred embodiment of the present invention. As shown in fig. 4, when the second work terminal is in communication connection with the first work terminal, encryption of the plaintext PIN1 is completed by the metering communication authentication module using the symmetric key K1. When the first operation terminal needs to decrypt the message sent by the second operation terminal, the cipher machine of the power background system is called, and the decryption is completed after the symmetric key K1 is calculated by the cipher machine.
Preferably, after the first operation terminal establishes a communication connection with the second operation terminal, the first operation terminal performs session negotiation with the second operation terminal, including:
after the first operation terminal and the second operation terminal establish a certain connection, a request for acquiring a random number is sent to the power background system, and a random number R1 generated by the power background system is received;
The first operation terminal sends a request for encrypting the random number R1 to the power background system and receives ciphertext E returned by the power background system k2 (R1) after which the ciphertext E is to be included k2 (R1) transmitting a session negotiation request instruction of a session negotiation start command to the second job terminalWherein the ciphertext E k2 (R1) encrypting R1 by the power backend system using a symmetric key K2;
after receiving the session negotiation request instruction, the second operation terminal decrypts the ciphertext E by using a symmetric key K2 preset by the second operation terminal k2 (R1) obtaining a random number R1', generating a random number R2, and encrypting R1' ||R2 by using the symmetric key K2 to obtain a ciphertext E k2 (R1' ||R2) after the ciphertext E k2 (R1' ||r2) to the first job terminal;
the first operation terminal sends and decrypts the ciphertext E k2 (R1' ||r2) and receiving plaintext R3 and R4 returned by the power backend system, wherein the plaintext R3 and R4 are decrypted by the power backend system using the symmetric key K2 to decrypt the ciphertext E k2 (R1' ||r2) to obtain;
the first operation terminal compares and verifies R3 and R1, after verification, R3, R4 and device ID are used for carrying out key derivative calculation to generate a session key K3, and R4 is encrypted by using the session key K3 to obtain ciphertext E k3 (R4) after which the ciphertext E is to be included k3 (R4) transmitting a session negotiation ending instruction of a session negotiation ending instruction to the second job terminal;
after receiving the instruction of ending the session negotiation, the second operation terminal calls random numbers R1 and R2 and equipment ID to perform key derivative calculation to obtain the session key K3, and decrypts the ciphertext E based on the session key K3 k3 And (R4) obtaining a plaintext R4', comparing and verifying the received R4' with R2, judging that the session negotiation is successful after the verification is passed, and returning a session negotiation success message to the first operation terminal.
Fig. 5 is an interactive flowchart for session negotiation between a first and a second job terminal according to a preferred embodiment of the present invention. As shown in fig. 5, when the second operation terminal performs session negotiation with the first operation terminal, data encryption and decryption in the second operation terminal and generation of a random number are completed through the metering communication authentication module. And when the first operation terminal needs to decrypt the message sent by the second operation terminal and calculate the session key of the first operation terminal and the second operation terminal, calling a cipher machine of the power background system to finish. When the first job terminal encrypts data transmitted to the second job terminal after the session keys of the first job terminal and the second job terminal are generated, the session keys of the two communication may be directly used.
Preferably, when the session negotiation between the first operation terminal and the second operation terminal is successful and the device state of the second operation terminal is a factory test state, the first operation terminal performs a key update operation on the second operation terminal, including:
the first operation terminal sends the equipment ID of the second operation terminal to the power background system, and acquires a formal key ciphertext K4 of the second operation terminal returned by the power background system;
the first operation terminal uses the session key K3 to encrypt K4 to obtain ciphertext E k3 (K4) After that, will contain the ciphertext E k3 (K4) The key updating instruction of the second operation terminal is sent to the second operation terminal;
after receiving the key update instruction, the second operation terminal decrypts the ciphertext E by using the session key K3 k3 (K4) Obtaining and storing a formal key K4, modifying the state information of the formal key K4 into a service state after the key K4 is successfully stored, and sending a key updating success identifier to the first operation terminal;
and after receiving the key updating success identification of the second operation terminal, the first operation terminal determines that the key updating of the second operation terminal is successful.
Fig. 6 is an interactive flowchart for key update of the first and second job terminals according to the preferred embodiment of the present invention. As shown in fig. 6, the first operation terminal invokes the power background system crypto machine to obtain the formal key ciphertext K4 and encrypts the formal key ciphertext through the session key K3, and the second operation terminal decrypts the ciphertext sent by the first terminal, which is completed through the calculation communication authentication module.
Preferably, when the session negotiation between the first operation terminal and the second operation terminal is successful and the equipment state of the second operation terminal is the in-use state, the first operation terminal controls the second operation terminal to perform the second identity authentication with the power background system, and generates a session key, including:
the first operation terminal generates an instruction message N for acquiring the information of the second operation terminal, and encrypts the instruction message N by using the session key K3 to obtain a ciphertext E k3 (N) after the ciphertext E k3 (N) sending to the second work terminal;
the second operation terminal receives the ciphertext E k3 (N) after decrypting the ciphertext E using the session key K3 k3 (N) obtaining a plaintext instruction message N, generating a data information string N1 based on the plaintext N, and encrypting the data information string N1 by using the session key K3 to obtain a ciphertext E k3 (N1) and apply the ciphertext E k3 (N1) transmitting to the first work terminal;
the first operation terminal uses the session key K3 to decrypt the ciphertext E k3 (N1) obtaining a data information string N1;
the first operation terminal obtains a ciphertext M1 and a signature S1 from a power background according to the information content of the data information string N1;
the first operation terminal encrypts M1S 1 data by using the session key K3 to obtain ciphertext E k3 After (M1S 1), the ciphertext E k3 (m1||s1) transmitting to the second job terminal;
the second operation terminal uses the session key K3 to decrypt the received ciphertext E k3 (M1S 1) to obtain M1S 1 data, verifying the ciphertext M1 and the signature S1, generating a ciphertext M2 and a signature S2 after verification is passed, and encrypting the M2S 2 data by using the session key K3 to obtain a ciphertext E k3 (M2S 2) and converting the ciphertext E k3 (m2||s2) transmitting to the first job terminal;
the first operation terminal uses the session key K3 to decrypt the ciphertext E k3 (M2S 2) to obtain M2S 2 plaintext data;
the first operation terminal sends a request for verifying the ciphertext M2 and the signature S2 to the power background system, and the power background system verifies a session key OSK generated after success, wherein the power background system stores the session key OSK for generating rights required for authenticating and interacting power grid asset equipment in a mobile operation work order.
Fig. 7 is a flow chart showing interaction of a first operation terminal with a second operation terminal for second authentication with a power backend system according to a preferred embodiment of the present invention. As shown in fig. 7, the first work terminal invokes the power backend system crypto-engine to acquire the formal key ciphertext, and encrypts and decrypts data using the session key K3 with the second work terminal. The second operation terminal encrypts and decrypts the data, verifies the ciphertext and the signature transmitted by the first operation terminal, and generates new ciphertext and signature through the metering communication authentication module.
Preferably, after the second identity authentication is completed by the second operation terminal and the power background system, the first operation terminal sends the mobile operation worksheet to the second operation terminal, and the second operation terminal decrypts according to the session key to generate the Ming Wen Gong worksheet data, which includes:
when the first operation terminal determines that the content of the mobile operation work order is required to be in communication interaction with the power grid asset equipment, encrypting the work order data ciphertext N2 by using the session key K3 to obtain a ciphertext E k3 (N2) after the ciphertext E k3 (N2) transmitting to the second work terminal;
The second operation terminal uses the session key K3 to decrypt the received ciphertext data E k3 (N2) obtaining a work order data ciphertext N2, obtaining a work order data plaintext N3 after the work order data ciphertext N2 is successfully decrypted, and encrypting the plaintext N3 by using the session key K3 to obtain a ciphertext E k3 (N3) and apply the ciphertext E k3 (N3) returning to the first work terminal;
the first operation terminal uses the session key K3 to decrypt the ciphertext E k3 (N3) obtaining the worksheet data plaintext N3.
Fig. 8 is an interactive flow chart of the second work terminal according to the preferred embodiment of the present invention, which generates the bill Wen Gong based on the work order data transmitted from the first work terminal. As shown in fig. 8, the first job terminal completes data encryption and decryption by the session key K3. And the encryption and decryption of the data by the second operation terminal are completed through the metering communication authentication module.
Preferably, after the first operation terminal receives the plaintext work order data, the second operation terminal is controlled to perform session negotiation with the power grid asset device according to the requirement of the plaintext work order data, including:
the first operation terminal generates a session negotiation command N4, and encrypts the session negotiation command N4 by using the session key K3 to obtain ciphertext E k3 (N4) after the ciphertext E k3 (N4) transmitting to the second work terminal;
the second operation terminal uses the session key K3 to decrypt the ciphertext E k3 (N4) executing the session negotiation command after obtaining the plaintext N4 to obtain the ciphertext M3 and the signature S3, and encrypting the ciphertext M3 and the signature S3 by using the session key K3 to obtain the ciphertext E k3 (M3S 3) and converting the ciphertext E k3 (m3||s3) transmitting to the first job terminal;
the first operation terminal uses the session key K3 to decrypt the ciphertext E k3 (M3S 3) to obtain plaintext M3S 3, organizing negotiation message N5 containing ciphertext M3 and signature S3 for session negotiation with the power grid asset equipment, and encrypting the negotiation message N5 by using the session key K3 to obtain ciphertext E k3 (N5) after the ciphertext E k3 (N5) transmitting to the second work terminal;
the second operation terminal uses the session key K3 to decrypt the received ciphertext E k3 (N5) after obtaining the negotiation message N5, sending the message N5 to power grid asset equipment;
after receiving the message N5, the power grid asset equipment checks the ciphertext M3 and the signature S3, and returns an asset equipment response message N6 containing the random number M4 and the signature information S4 to the second operation terminal after the check is successful;
The second operation terminal uses the session key K3 to encrypt the received asset equipment response message N6 to obtain ciphertext E k3 (N6) and apply the ciphertext E k3 (N6) transmitting to the first work terminal;
the first operation terminal uses the session key K3 to decrypt the ciphertext E k3 (N6) obtaining an asset equipment response message N6, then organizing a verification message M4S 4 according to a random number M4 and signature information S4 contained in the asset equipment response message N6, and encrypting the verification message M4S 4 through the session key K3 to obtain a ciphertext E k3 (M4||S4) after the ciphertext E k3 (M4I S4) to the second operation terminal, wherein the ciphertext E k3 (m4||s4) by the power backend system;
the second operation terminal uses the session key K3 to decrypt the received ciphertext E k3 (M4S 4) to obtain a random number M4 and signature information S4, and verifying the random number M4 and the signature information S4 to obtain a verification result N7, and encrypting the verification result N7 by using the session key K3 to obtain a ciphertext E k3 (N7) and transmitting it to the first work terminal;
the first operation terminal decrypts the received ciphertext E by using the session key K3 k3 (N7) after obtaining the verification result N7, determining whether the session negotiation is successful or not according to the verification result.
Fig. 9 is an interactive flow chart of a first job terminal controlling a second job terminal to conduct session negotiation with a grid asset device in accordance with a preferred embodiment of the present invention. As shown in fig. 9, the first operation terminal still completes data encryption and decryption through the session key K3, and the second operation terminal completes data encryption and decryption, ciphertext generation and signature generation through the metering communication authentication module.
Preferably, after the session negotiation between the second operation terminal and the power grid asset device is successful, the first operation terminal controls the second operation terminal to perform communication interaction with the power grid asset device, and submits an operation result to the power background system, including:
after the session negotiation between the second operation terminal and the power grid asset equipment is successful, the first operation terminal generates an instruction for acquiring the safety data of the task data N8 according to the information of the mobile operation work order, and encrypts the task data N8 by using the session key K3 to obtain a ciphertext E k3 (N8) converting the ciphertext E k3 (N8) transmitting to the second work terminal;
The second operation terminal uses the session key K3 to decrypt the received ciphertext E k3 (N8) obtaining task data N8, encrypting the task data N8 to obtain security data N9, and encrypting the security data N9 by using the session key K3 to obtain ciphertext E k3 (N9) transmitting the result to the first work terminal;
the first operation terminal uses the session key K3 to decrypt the ciphertext E k3 (N9) obtaining the security data N9, organizing an interaction instruction N10 interacted with the asset equipment according to the security data N9, and encrypting the interaction instruction N10 by using the session key K3 to obtain a ciphertext E k3 (N10) after the ciphertext E k3 (N10) transmitting to the second work terminal;
the second operation terminal uses the session key K3 to decrypt the received ciphertext E k3 (N10) obtaining the interaction instruction N10, and then sending the interaction instruction N10 to corresponding power grid asset equipment;
after the power grid asset equipment receives the interaction instruction N10, returning the safety data N11 needing to be returned to the second operation terminal by using an original path;
the second operation terminal encrypts the safety data N11 by using the session key K3 to obtain ciphertext E K3 (N11) after that, transmitting it to the first work terminal;
the first operation terminal uses the session key K3 to decrypt the ciphertext E k3 (N11) obtaining the secure data N11, organizing an instruction N12 for decrypting the secure data according to the secure data N11, and using the session key K3 encrypting the instruction N12 to obtain ciphertext E k3 (N12) after the ciphertext E k3 (N12) transmitting to the second work terminal;
the second operation terminal uses the session key K3 to decrypt the received ciphertext E k3 (N12) obtaining the instruction N12, decrypting the instruction N12 to obtain plaintext data N13 returned by the power grid asset equipment, and encrypting the plaintext data N13 by using the session key K3 to obtain ciphertext E k3 (N13) returning to the first work terminal;
the first operation terminal uses the session key K3 to decrypt the ciphertext E k3 And (N13) obtaining plaintext data N13, and uploading the plaintext data N13 to a power background system, wherein the plaintext data N13 is an operation result of interaction between the second operation terminal and the power grid asset equipment.
Fig. 10 is an interactive flow diagram of a first job terminal controlling a second job terminal to communicate with a grid asset device in accordance with a preferred embodiment of the present invention. As shown in fig. 10, the first operation terminal completes data encryption and decryption by the session key K3, and the second operation terminal completes data encryption and decryption, and ciphertext and signature generation by the metering communication authentication module.
As can be seen from the description of fig. 4 to 10, the first operation terminal and the second operation terminal are connected through bluetooth, reliability of both sides is guaranteed through identity authentication, bluetooth communication is encrypted and protected through a security soft algorithm module built in the second operation terminal, and security data interaction is performed with on-site power grid asset equipment after the first operation terminal and the second operation terminal are matched through invoking a metering communication authentication module built in the second operation terminal.
The device for mobile digital operation on the electric power marketing site fully utilizes the intelligent terminal of site operators, integrates infrared communication, bar code scanning and 5G hot spot through configuration, is a second operation terminal which is easy to charge treasures and mobile storage space, effectively combines computing resources such as external network geographic positioning and the like, and increases the usability of the peripheral equipment while covering all functions of the traditional site operation terminal. Has important significance in improving marketing service level, improving marketing site operation management level, promoting basic level load reduction and synergy and the like.
The invention has been described with reference to a few embodiments. However, as is well known to those skilled in the art, other embodiments than the above disclosed invention are equally possible within the scope of the invention, as defined by the appended patent claims.
Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise therein. All references to "a/an/the [ means, component, etc. ]" are to be interpreted openly as referring to at least one instance of said means, component, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical aspects of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the above embodiments, it should be understood by those of ordinary skill in the art that: modifications and equivalents may be made to the specific embodiments of the invention without departing from the spirit and scope of the invention, which is intended to be covered by the claims.
Claims (14)
1. An apparatus for mobile digital work on an electricity marketing site, the apparatus comprising:
the first operation terminal is used for carrying out communication interaction with the power background system and the second operation terminal respectively on the power marketing site, wherein:
performing first identity authentication with the power background system to log in to the power background system;
receiving a mobile operation work order issued by a power background system, directly executing the mobile operation work order when the content of the mobile operation work order is that interaction with power grid asset equipment is not needed, and submitting an operation result; and
when the content of the mobile operation work order is that interaction with the power grid asset equipment is needed, establishing communication connection with a second operation terminal, performing session negotiation and key updating with the second operation terminal, controlling the second operation terminal to perform second identity authentication with the power background system, and generating a session key; the second operation terminal is controlled to complete session negotiation with the power grid asset equipment and communication interaction with the power grid asset equipment, and an operation result is submitted to the power background system after the interaction is completed, wherein the session key is simultaneously saved by the power background system and is used for generating authority required by authentication and interaction of the power grid asset equipment in the mobile operation work order;
And the second operation terminal is used for communicating and interacting with the power grid asset equipment and the first operation terminal respectively when the first operation terminal determines that the content of the mobile operation work order issued by the power background system needs to interact with the power grid asset equipment on the power marketing site.
2. The apparatus of claim 1, wherein the second work terminal comprises a housing, a control processing module, a human-machine interaction module, a metering communication authentication module, an external expansion module, an infrared communication module, a bluetooth module, a barcode scanning module, a power supply module, and a fixed storage module, wherein:
a housing for accommodating a portion of the second work terminal other than the housing;
the control processing module is used for regulating and controlling the operation of other modules in the second operation terminal and is directly connected with other modules;
the man-machine interaction module is used for determining the state of the second operation terminal;
the metering communication authentication module is used for completing key storage, encryption and decryption flow control, and comprises a secure encryption chip to realize encryption, decryption, signature verification, identity authentication, access right control and communication channel protection of data;
The external expansion module is used for configuring different patch cords to realize the communication between the second operation terminal and the power grid asset equipment and the data interaction with the power background system;
the infrared communication module is used for generating an infrared signal so as to enable the second operation terminal to communicate with the electric network asset equipment through the infrared signal;
the Bluetooth module is used for establishing communication connection between the second operation terminal and the first operation terminal;
the bar code scanning module is used for scanning bar codes and/or two-dimensional codes on the power grid asset equipment to acquire power grid asset equipment information;
the power supply module is used for supplying power to all modules in the second operation terminal and supplying power to external equipment through the external expansion module;
the fixed storage module is used for storing files, and is used as a system program code running space, a data operation space, a system stack allocation, a temporary data interaction space and a virtual hard disk space of the second operation terminal.
3. The apparatus of claim 2, wherein the second work terminal further comprises:
the public network wireless communication module is used for providing a mobile hot spot as a base station when the SIM card slot is placed in the SIM card, and assisting various mobile devices comprising the first operation terminal to access the mobile internet;
And the mobile storage module is used as mobile storage equipment when the TF card slot is placed in the TF, and the data is imported and extracted through the external expansion module.
4. The apparatus of claim 2, wherein the human-machine interaction module comprises:
the key is positioned at the side edge of the shell and used for switching on and switching off the second operation terminal and lighting the display screen;
the display screen is used for displaying the residual electric quantity and the function starting state of the second operation terminal through a plurality of icons;
and the buzzer is used for being started up at the second operation terminal and used as a prompt tone when being communicated with the power grid asset equipment to represent the working state.
5. The apparatus of claim 1, wherein the first and second work terminals are configured to include:
the first operation terminal and the second operation terminal are of split type structures, and are used separately, so that short-distance communication can be performed; or alternatively
The first operation terminal and the second operation terminal are of a buckle type/magnetic attraction type structure, and are physically connected through buckles/magnets; or alternatively
The second operation terminal is of a wearable structure and is attached to the body of an operator holding the first operation terminal through a binding band.
6. A method of mobile digitized work on an electricity marketing site, the method comprising:
the first operation terminal performs first identity authentication with the power background system, and logs in to the power background system when the first identity authentication is passed;
the first operation terminal receives a mobile operation work order issued by the power background system;
when the content of the mobile operation work order is that interaction with power grid asset equipment is not needed, the first operation terminal directly executes the mobile operation work order and submits an operation result;
when the content of the mobile operation work order is that interaction with the power grid asset equipment is needed, the first operation terminal establishes communication connection with the second operation terminal;
after the first operation terminal and the second operation terminal establish communication connection, the first operation terminal and the second operation terminal carry out session negotiation;
when the session negotiation between the first operation terminal and the second operation terminal is successful and the equipment state of the second operation terminal is a factory test state, the first operation terminal performs key updating operation on the second operation terminal, wherein after the key updating operation is successful, the equipment state of the second operation terminal is changed into a put-into-use state, and in the life cycle of the second operation terminal, the key updating operation is only performed once;
When the session negotiation between the first operation terminal and the second operation terminal is successful and the equipment state of the second operation terminal is the in-use state, the first operation terminal controls the second operation terminal to carry out second identity authentication with the power background system and generate a session key, wherein the session key is simultaneously saved by the power background system and is used for generating authority required by authentication and interaction of power grid asset equipment in the mobile operation work order;
after the second identity authentication is completed by the second operation terminal and the power background system, the first operation terminal sends the mobile operation work order to the second operation terminal, and the second operation terminal decrypts and generates the Ming Wen Gong work order data according to the session key, wherein the mobile operation work order is a work order of which the content needs to interact with the power grid asset equipment;
after the first operation terminal receives the plaintext work order data, controlling the second operation terminal to perform session negotiation with the power grid asset equipment according to the requirement of the plaintext work order data;
and after the session negotiation between the second operation terminal and the power grid asset equipment is successful, the first operation terminal controls the second operation terminal to perform communication interaction with the power grid asset equipment, and submits an operation result to the power background system.
7. The method of claim 6, wherein the first work terminal performs a first authentication with a power backend system and logs in to the power backend system when the first authentication passes, comprising:
when the first operation terminal logs in the power background system, a user name and a password are input to perform first identity authentication;
when the first identity authentication is passed, the power background system returns a unique session key UID;
and when logging in the power background system, the first operation terminal downloads and acquires the mobile operation work order according to the session key UID.
8. The method of claim 6, wherein the first job terminal establishing a communication connection with a second job terminal when the content of the mobile job ticket is that interaction with a grid asset device is required, comprising:
the second operation terminal is powered on, and a preset symmetric key K1 is adopted to encrypt the plaintext PIN code PIN1 to obtain ciphertext E k1 (PIN 1) and encrypting the encrypted ciphertext E k1 (PIN 1) and the equipment ID of the second operation terminal form a broadcast message E k1 Broadcasting (PIN 1) ID;
after the first operation terminal scans the message broadcast by the second terminal, the first operation terminal sends and decrypts the message E k1 The request of (PIN 1) ID is sent to the power background system, after receiving a plaintext PIN code PIN2 returned by the power background system, a connection request containing the PIN2 is sent to the second operation terminal through a message, wherein the plaintext PIN code PIN2 is used for calculating a symmetric key K1 by the power background system, and decrypting the ciphertext E based on the symmetric key K1 k1 (PIN 1) obtained;
and the second operation terminal confirms after receiving the connection request containing the PIN2, judges that the connection is successful when the confirmation message is error-free, and sends a message state 1I ID composed of the equipment ID and the state information state1 to the first operation terminal, wherein the state information comprises a factory test state and an in-use state.
9. The method of claim 6, wherein the first work terminal performing session negotiation with the second work terminal after the first work terminal establishes a communication connection with the second work terminal, comprises:
after the first operation terminal and the second operation terminal establish a certain connection, a request for acquiring a random number is sent to the power background system, and a random number R1 generated by the power background system is received;
The first operation terminal sends a request for encrypting the random number R1 to the power background system and receives ciphertext E returned by the power background system k2 (R1) after which the ciphertext E is to be included k2 (R1) transmitting a session negotiation request instruction of a session negotiation start command to the second job terminal, wherein the ciphertext E k2 (R1) encrypting R1 by the power backend system using a symmetric key K2;
after receiving the session negotiation request instruction, the second operation terminal decrypts the ciphertext E by using a symmetric key K2 preset by the second operation terminal k2 (R1) obtaining a random number R1', generating a random number R2, and encrypting R1' ||R2 by using the symmetric key K2 to obtain a ciphertext E k2 (R1' ||R2) after the ciphertext E k2 (R1' ||r2) to the first job terminal;
the first operation terminal sends and decrypts the ciphertext E k2 (R1' ||r2) and receiving plaintext R3 and R4 returned by the power backend system, wherein the plaintext R3 and R4 are decrypted by the power backend system using the symmetric key K2 to decrypt the ciphertext E k2 (R1' ||r2) to obtain;
the first operation terminal compares and verifies R3 and R1, after verification is passed, sends a request for encrypting R4 to the power background system, and receives ciphertext E returned by the power background system k3 (R4) after which the ciphertext E is to be included k3 (R4) transmitting a session coordination end instruction of a session negotiation end instruction to the second job terminal, wherein the ciphertext E k3 (R4) performing key derivative calculation by using R3, R4 and a device ID by the power background system, generating a session key K3, and encrypting R4 by using the session key K3;
after receiving the instruction of ending the session negotiation, the second operation terminal calls random numbers R1 and R2 and equipment ID to perform key derivative calculation to obtain the session key K3, and decrypts the ciphertext E based on the session key K3 k3 And (R4) obtaining a plaintext R4', comparing and verifying the received R4' with R2, judging that the session negotiation is successful after the verification is passed, and returning a session negotiation success message to the first operation terminal.
10. The method according to claim 9, wherein when the session negotiation between the first operation terminal and the second operation terminal is successful and the device state of the second operation terminal is a factory test state, the first operation terminal performs a key update operation on the second operation terminal, including:
the first operation terminal sends the equipment ID of the second operation terminal to the power background system, and acquires a formal key ciphertext K4 of the second operation terminal returned by the power background system;
The first operation terminal uses the session key K3 to encrypt the formal key ciphertext K4 to obtain ciphertext E k3 (K4) After that, will contain the ciphertext E k3 (K4) The key updating instruction of the second operation terminal is sent to the second operation terminal;
after receiving the key update instruction, the second operation terminal decrypts the ciphertext E by using the session key K3 k3 (K4) Obtaining and storing a formal key ciphertext K4, modifying state information of the formal key ciphertext K4 into a service state after the formal key ciphertext K4 is successfully stored, and sending a key updating success identifier to the first operation terminal;
and after receiving the key updating success identification of the second operation terminal, the first operation terminal determines that the key updating of the second operation terminal is successful.
11. The method of claim 9, wherein when the session negotiation between the first and second operation terminals is successful and the device state of the second operation terminal is in use, the first operation terminal controls the second operation terminal to perform a second authentication with the power backend system, and generates a session key, including:
the first operation terminal generates an instruction message N for acquiring the information of the second operation terminal, and encrypts the instruction message N by using the session key K3 to obtain a ciphertext E k3 (N) after the ciphertext E k3 (N) sending to the second work terminal;
the second operation terminal receives the ciphertext E k3 (N) after decrypting the ciphertext E using the session key K3 k3 (N) obtaining a plaintext instruction message N, generating a data information string N1 based on the plaintext N, and encrypting the data information string N1 by using the session key K3 to obtain a ciphertext E k3 (N1) and apply the ciphertext E k3 (N1) transmitting to the first work terminal;
the first operation terminal receives the ciphertext E k3 (N1) after decrypting the ciphertext E using the session key K3 k3 (N1) obtaining a data information string N1;
the first operation terminal obtains a ciphertext M1 and a signature S1 from a power background according to the information content of the data information string N1;
the first operation terminal encrypts the ciphertext M1 and the obtained ciphertext E of the signature S1 by using the session key K3 k3 After (M1S 1), the ciphertext E k3 (m1||s1) transmitting to the second job terminal;
the second operation terminal uses the session key K3 to decrypt the received ciphertext E k3 (M1S 1) to obtain M1S 1 data, verifying the ciphertext M1 and the signature S1, generating a ciphertext M2 and a signature S2 after verification is passed, and encrypting the M2S 2 data by using the session key K3 to obtain a ciphertext E k3 (M2S 2) and converting the ciphertext E k3 (m2||s2) transmitting to the first job terminal;
the first operation terminal receives the ciphertext E k3 After (m2||s2), the ciphertext E is decrypted using the session key K3 k3 (m2||s2) to obtain m2|s2 data;
the first operation terminal sends a request for verifying the ciphertext M2 and the signature S2 to the power background system, and the power background system generates a session key OSK after successful verification, wherein the power background system stores the session key OSK for generating rights required for authenticating and interacting power grid asset equipment in a mobile operation work order.
12. The method of claim 9, wherein the first job terminal transmitting the mobile job ticket to the second job terminal after the second job terminal completes the second identity authentication with the power backend system, the second job terminal decrypting the generated data of the list Wen Gong according to the session key, comprising:
when the first operation terminal determines that the content of the mobile operation work order is required to be in communication interaction with the power grid asset equipment, the session key K3 is used for encrypting the work order data ciphertext N2 to obtain a ciphertext E k3 (N2) after the ciphertext E k3 (N2) transmitting to the second work terminal;
the second operation terminal uses the session key K3 to decrypt the received ciphertext data E k3 (N2) obtaining a work order data ciphertext N2, obtaining a work order data plaintext N3 after the work order data ciphertext N2 is successfully decrypted, and encrypting the plaintext N3 by using the session key K3 to obtain a ciphertext E k3 (N3) and apply the ciphertext E k3 (N3) returning to the first work terminal;
the first operation terminal receives the ciphertext E k3 (N3) after decrypting the ciphertext E using the session key K3 k3 (N3) obtaining the worksheet data plaintext N3.
13. The method of claim 9, wherein after the first job terminal receives the plaintext work order data, controlling the second job terminal to perform session negotiation with the grid asset device according to the requirement of the plaintext work order data, comprising:
the first operation terminal generates a session negotiation command N4, and encrypts the session negotiation command N4 by using the session key K3 to obtain a ciphertext E k3 (N4) after the ciphertext E k3 (N4) transmitting to the second work terminal;
the second operation terminal uses the session key K3 to decrypt the ciphertext E k3 (N4) executing the session negotiation command after obtaining the plaintext N4 to obtain the ciphertext M3 and the signature S3, and encrypting the ciphertext M3 and the signature S3 by using the session key K3 to obtain the ciphertext E k3 (M3S 3) and converting the ciphertext E k3 (m3||s3) transmitting to the first job terminal;
the first operation terminal receives the ciphertext E k3 After (M3S 3), the ciphertext E is decrypted using the session key K3 k3 (M3S 3) to obtain plaintext M3S 3, organizing negotiation message N5 containing ciphertext M3 and signature S3 for session negotiation with the power grid asset equipment, and encrypting the negotiation message N5 by using the session key K3 to obtain ciphertext E k3 (N5), and the ciphertext E k3 (N5) transmitting to the second work terminal;
the second operation terminal uses the session key K3 to decrypt the received ciphertext E k3 (N5) after obtaining the negotiation message N5, sending the message N5 to power grid asset equipment;
after receiving the message N5, the power grid asset equipment checks the ciphertext M3 and the signature S3, and returns an asset equipment response message N6 containing the random number M4 and the signature information S4 to the second operation terminal after the check is successful;
the second operation terminal uses the session key K3 to encrypt the received asset equipment response message N6 to obtain ciphertext E k3 (N6) and apply the ciphertext E k3 (N6) transmitting to the first work terminal;
the first operation terminal uses the session key K3 to decrypt the ciphertext E k3 (N6) obtaining an asset equipment response message N6, and then organizing a verification message M4S 4 according to a random number M4 and signature information S4 contained in the asset equipment response message N6And encrypts the verification message M4S 4 through the session key K3 to obtain a ciphertext E k3 (M4||S4) after the ciphertext E k3 (m4||s4) transmitting to the second job terminal;
the second operation terminal uses the session key K3 to decrypt the received ciphertext E k3 (M4S 4) to obtain a random number M4 and signature information S4, and verifying the random number M4 and the signature information S4 to obtain a verification result N7, and encrypting the verification result N7 by using the session key K3 to obtain a ciphertext E k3 (N7) and transmitting it to the first work terminal;
the first operation terminal uses the session key K3 to decrypt the received ciphertext E k3 (N7) obtaining a verification result N7, and determining whether the session negotiation is successful or not according to the verification result.
14. The method according to claim 9, wherein the first job terminal controlling the second job terminal to perform communication interaction with the grid asset device and submitting a job result to the power backend system after the second job terminal successfully negotiates with the grid asset device session, comprises:
After the session negotiation between the second operation terminal and the power grid asset equipment is successful, the first operation terminal generates an instruction for acquiring the safety data of the task data N8 according to the information of the mobile operation work order, and encrypts the task data N8 by using the session key K3 to obtain a ciphertext E k3 (N8) converting the ciphertext E k3 (N8) transmitting to the second work terminal;
the second operation terminal uses the session key K3 to decrypt the received ciphertext E k3 (N8) obtaining task data N8, encrypting the task data N8 to obtain security data N9, and encrypting the security data N9 by using the session key K3 to obtain ciphertext E k3 (N9) transmitting the result to the first work terminal;
the first operation terminal uses the session key K3 to decrypt the ciphertext E k3 (N9) obtaining the security data N9, andorganizing an interaction instruction N10 interacted with the asset equipment according to the safety data N9, and encrypting the interaction instruction N10 by using the session key K3 to obtain a ciphertext E k3 (N10) after the ciphertext E k3 (N10) transmitting to the second work terminal;
the second operation terminal uses the session key K3 to decrypt the received ciphertext E k3 (N10) obtaining the interaction instruction N10, and then sending the interaction instruction N10 to corresponding power grid asset equipment;
after the power grid asset equipment receives the interaction instruction N10, returning the safety data N11 needing to be returned to the second operation terminal by using an original path;
the second operation terminal encrypts the safety data N11 by using the session key K3 to obtain ciphertext E K3 (N11) after that, transmitting it to the first work terminal;
the first operation terminal decrypts the ciphertext E by the session key K3 k3 (N11) obtaining the secure data N11, organizing an instruction N12 for decrypting the secure data according to the secure data N11, and encrypting the instruction N12 by using the session key K3 to obtain a ciphertext E k3 (N12) after the ciphertext E k3 (N12) transmitting to the second work terminal;
the second operation terminal uses the session key K3 to decrypt the received ciphertext E k3 (N12) obtaining the instruction N12, decrypting the instruction N12 to obtain plaintext data N13 returned by the power grid asset equipment, and encrypting the plaintext data N13 by using the session key K3 to obtain ciphertext E k3 (N13) returning to the first work terminal;
The first operation terminal uses the session key K3 to decrypt the ciphertext E k3 And (N13) obtaining plaintext data N13, and uploading the plaintext data N13 to a power background system, wherein the plaintext data N13 is an operation result of interaction between the second operation terminal and the power grid asset equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310823842.6A CN116801243A (en) | 2023-07-06 | 2023-07-06 | Device and method for mobile digital operation in electric power marketing site |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310823842.6A CN116801243A (en) | 2023-07-06 | 2023-07-06 | Device and method for mobile digital operation in electric power marketing site |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116801243A true CN116801243A (en) | 2023-09-22 |
Family
ID=88036564
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310823842.6A Pending CN116801243A (en) | 2023-07-06 | 2023-07-06 | Device and method for mobile digital operation in electric power marketing site |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116801243A (en) |
-
2023
- 2023-07-06 CN CN202310823842.6A patent/CN116801243A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5818563B2 (en) | Charging system for electric mobile object, charging device for electric mobile object, portable communication terminal and server device included therein, and charging method for electric mobile object | |
| CN101984575B (en) | Method and device for protecting mobile terminal software | |
| CN106375287B (en) | Charging method of new energy automobile | |
| KR101800737B1 (en) | Control method of smart device for self-identification, recording medium for performing the method | |
| CN106611310B (en) | Data processing method, wearable electronic device and system | |
| CN104636777B (en) | ID card information obtains system | |
| CN101527714B (en) | Method, device and system for accreditation | |
| CN106911476B (en) | Encryption and decryption device and method | |
| CN107994985B (en) | A kind of cipher card and the method to data processing | |
| CN102255109A (en) | Authentication method for mobile terminal battery, and mobile terminal thereof | |
| CN103152180A (en) | Authenticated encryption equipment and method with wireless communication function | |
| CN112248844A (en) | Charging starting method of charging pile, intelligent terminal and charging system | |
| CN102546172A (en) | Access control method of intelligent card, intelligent card, terminal and system | |
| CN203278851U (en) | Authenticated encryption device with wireless communication function | |
| CN109039627A (en) | Cryptographic key negotiation method, equipment, storage medium and system | |
| CN108696361A (en) | Configuration method, generation method and the device of smart card | |
| CN104867004A (en) | Mobile payment system and mobile payment method thereof | |
| EP1681648B1 (en) | Communication device and digital signature generation method | |
| CN104835038A (en) | Networking payment device and networking payment method | |
| CN108182745A (en) | The smart lock and its encryption method of a kind of decentralization | |
| CN105471580B (en) | Signature rechecking method and device | |
| CN106886728A (en) | The reading device and method of a kind of smart card | |
| CN116801243A (en) | Device and method for mobile digital operation in electric power marketing site | |
| EP3086583B1 (en) | Wireless terminal network locking method and system | |
| CN113055157B (en) | Biological characteristic verification method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |