CN117354068A - Method and system for improving communication security of distributed energy management system - Google Patents

Method and system for improving communication security of distributed energy management system Download PDF

Info

Publication number
CN117354068A
CN117354068A CN202311658717.0A CN202311658717A CN117354068A CN 117354068 A CN117354068 A CN 117354068A CN 202311658717 A CN202311658717 A CN 202311658717A CN 117354068 A CN117354068 A CN 117354068A
Authority
CN
China
Prior art keywords
data
equipment
communication
acquiring
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202311658717.0A
Other languages
Chinese (zh)
Other versions
CN117354068B (en
Inventor
鲍卫东
邵波
陈荣
杨怀仁
张毅诚
杨艳天
金坚锋
李钟煦
陈红敏
姚昕辰
俞翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Zhejiang Electric Power Co Ltd Yiwu Power Supply Co
Jinhua Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
State Grid Zhejiang Electric Power Co Ltd Yiwu Power Supply Co
Jinhua Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Zhejiang Electric Power Co Ltd Yiwu Power Supply Co, Jinhua Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical State Grid Zhejiang Electric Power Co Ltd Yiwu Power Supply Co
Priority to CN202311658717.0A priority Critical patent/CN117354068B/en
Publication of CN117354068A publication Critical patent/CN117354068A/en
Application granted granted Critical
Publication of CN117354068B publication Critical patent/CN117354068B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y10/00Economic sectors
    • G16Y10/75Information technology; Communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast

Abstract

The invention discloses a method and a system for improving communication security of a distributed energy management system, wherein the method comprises the following steps: communication data of all devices in a preset networking are obtained, wherein the devices in the networking comprise photovoltaic devices, energy storage devices, charging pile devices, power distribution devices, air conditioning devices and EMQ master control devices; carrying out data type distinction based on the communication data to identify target data with different security levels, wherein the target data comprises first data and second data, the first data is general data, and the second data is security data; and performing level analysis based on the target data, and performing partition processing on the target data by combining a preset processing mechanism. According to the invention, on the premise of meeting network requirements, the cost expenditure is reduced, the network safety of the production park is improved, the communication data intercommunication of park production equipment is realized by utilizing the Internet of things, and the data safety and park production stability are enhanced.

Description

Method and system for improving communication security of distributed energy management system
Technical Field
The invention relates to the technical field of data processing, in particular to a method and a system for improving communication security of a distributed energy management system.
Background
Along with the continuous application of the internet of things technology, for a production park, a suitable networking solution is comprehensively judged and given based on the actual situation and conditions of the field park so as to meet the stable operation of intelligent internet of things equipment.
The diversity of industrial scenes puts various demands on the industrial network, and various characteristics are presented, wherein typical characteristics are as follows: firstly, network isolation, "private network-specific", especially production network, must ensure high security, high stability and high reliability. And secondly, the data is not delivered from the factory, the data is preferentially separated locally in consideration of data security, and the data is stored on cloud equipment/servers of factories. Thirdly, aiming at specific production scenes, the requirements of ultralow time delay, overlarge bandwidth, stable time delay and high reliability exist, and specific requirements are slightly different in cooperation with equipment scenes.
The SD-LAN, software-defined intranet, (Software Defined local area network) is a service formed by applying SDN technology to a LAN scenario, where the service is used to connect with enterprise networks, data centers, internet applications and cloud services in a wide geographic range, for example, for places such as industrial parks or smart parks, so as to construct LANs in different regions into a large LAN to implement intra-network communication. For each networking device in the local area network, for example, energy storage devices (charging piles and energy storage cabinets), sensing devices (sensors and cameras) and terminal devices (gateway devices and intelligent electric meters) all need to be connected into the internal network for communication so as to ensure data security and data stability, and at present, the problems that the devices cannot cooperate with each other, the communication efficiency is low and the like still exist and are to be solved.
Disclosure of Invention
The invention aims to provide a method and a system for improving communication safety of a distributed energy management system, which can reduce cost expenditure on the premise of meeting network requirements, can improve network safety of a production park and realize communication data intercommunication of park production equipment by utilizing the Internet of things, and can enhance data safety and park production stability.
The first aspect of the present invention provides a method for improving communication security of a distributed energy management system, comprising the steps of:
acquiring communication data of each device in a preset networking, wherein,
the networking internal equipment comprises photovoltaic equipment, energy storage equipment, charging pile equipment, power distribution equipment, air conditioning equipment and EMQ total control equipment;
data type discrimination is performed based on the communication data to identify target data that are to be obtained at different security levels, wherein,
the target data comprises first data and second data, wherein the first data is general data, and the second data is safe data;
and performing level analysis based on the target data, and performing partition processing on the target data by combining a preset processing mechanism.
In this scheme, the acquiring communication data of each device in a preset network specifically includes:
Establishing communication connection with terminals corresponding to all devices in a preset networking;
and acquiring real-time operation data of the terminals corresponding to the devices to obtain the communication data, wherein the communication data at least comprises device state data, workshop operation data and total control data.
In this solution, the distinguishing of data types based on the communication data to identify and obtain target data with different security levels specifically includes:
acquiring data type factors of different communication data;
distinguishing the communication data based on the data type factor, wherein,
obtaining the first data based on a generic data factor identification; and
the second data is identified based on a security data factor.
In this scheme, the obtaining the real-time operation data of the terminal corresponding to each device to obtain the communication data specifically includes:
acquiring a photovoltaic device state based on a photovoltaic inverter arranged on the photovoltaic device; acquiring the state of the energy storage device based on a 485 interface arranged on the energy storage device; acquiring the state of the charging pile equipment based on a 485 interface arranged on the charging pile equipment; acquiring the state of the air conditioning equipment based on an intelligent switch electrically connected with the air conditioning equipment;
Obtaining the equipment state data based on the photovoltaic equipment state, the energy storage equipment state, the charging pile equipment state and the air conditioning equipment state;
acquiring a distribution equipment state based on a smart electric meter arranged on the distribution equipment, and acquiring workshop operation data based on the distribution setting state;
and acquiring the total control data based on the EMQ total control equipment.
In this solution, the performing, based on the target data, the performing, by combining a preset processing mechanism, the partitioning processing on the target data specifically includes:
transmitting data by using a universal network based on the first data;
and performing security level identification based on the second data, wherein,
transmitting the second data below the target level by using a primary encryption network;
and storing the second data positioned above the target level and the target level by using a secondary encryption network.
In the scheme, the method further comprises protocol normalization conversion based on all the devices in different networking.
The second aspect of the present invention also provides a communication security system for improving a distributed energy management system, including a memory and a processor, where the memory includes a method program for improving the communication security of the distributed energy management system, and when the method program for improving the communication security of the distributed energy management system is executed by the processor, the method program implements the following steps:
Acquiring communication data of each device in a preset networking, wherein,
the networking internal equipment comprises photovoltaic equipment, energy storage equipment, charging pile equipment, power distribution equipment, air conditioning equipment and EMQ total control equipment;
data type discrimination is performed based on the communication data to identify target data that are to be obtained at different security levels, wherein,
the target data comprises first data and second data, wherein the first data is general data, and the second data is safe data;
and performing level analysis based on the target data, and performing partition processing on the target data by combining a preset processing mechanism.
In this scheme, the acquiring communication data of each device in a preset network specifically includes:
establishing communication connection with terminals corresponding to all devices in a preset networking;
and acquiring real-time operation data of the terminals corresponding to the devices to obtain the communication data, wherein the communication data at least comprises device state data, workshop operation data and total control data.
In this solution, the distinguishing of data types based on the communication data to identify and obtain target data with different security levels specifically includes:
acquiring data type factors of different communication data;
Distinguishing the communication data based on the data type factor, wherein,
obtaining the first data based on a generic data factor identification; and
the second data is identified based on a security data factor.
In this scheme, the obtaining the real-time operation data of the terminal corresponding to each device to obtain the communication data specifically includes:
acquiring a photovoltaic device state based on a photovoltaic inverter arranged on the photovoltaic device; acquiring the state of the energy storage device based on a 485 interface arranged on the energy storage device; acquiring the state of the charging pile equipment based on a 485 interface arranged on the charging pile equipment; acquiring the state of the air conditioning equipment based on an intelligent switch electrically connected with the air conditioning equipment;
obtaining the equipment state data based on the photovoltaic equipment state, the energy storage equipment state, the charging pile equipment state and the air conditioning equipment state;
acquiring a distribution equipment state based on a smart electric meter arranged on the distribution equipment, and acquiring workshop operation data based on the distribution setting state;
and acquiring the total control data based on the EMQ total control equipment.
In this solution, the performing, based on the target data, the performing, by combining a preset processing mechanism, the partitioning processing on the target data specifically includes:
Transmitting data by using a universal network based on the first data;
and performing security level identification based on the second data, wherein,
transmitting the second data below the target level by using a primary encryption network;
and storing the second data positioned above the target level and the target level by using a secondary encryption network.
In the scheme, the method further comprises protocol normalization conversion based on all the devices in different networking.
A third aspect of the present invention provides a computer readable storage medium having embodied therein a method program for improving communication security of a distributed energy management system of a machine, which when executed by a processor, implements the steps of a method for improving communication security of a distributed energy management system as described in any of the above.
According to the method and the system for improving the communication safety of the distributed energy management system, disclosed by the invention, on the premise of meeting network requirements, the cost expenditure can be reduced, the network safety of a production park can be improved, the communication data intercommunication of park production equipment can be realized by utilizing the Internet of things, the data safety and the park production stability are enhanced, the distributed architecture is utilized for managing a plurality of networking equipment in an intranet, the data collaboration and the communication efficiency among the plurality of equipment can be effectively improved, and the stability and the safety of intranet data can be ensured by an established communication safety mechanism.
Drawings
FIG. 1 illustrates a flow chart of a method of improving the communication security of a distributed energy management system of the present invention;
FIG. 2 illustrates a block diagram of a system for improving the communication security of a distributed energy management system in accordance with the present invention.
Detailed Description
In order that the above-recited objects, features and advantages of the present invention will be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description. It should be noted that, in the case of no conflict, the embodiments of the present application and the features in the embodiments may be combined with each other.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those described herein, and therefore the scope of the present invention is not limited to the specific embodiments disclosed below.
FIG. 1 illustrates a flow chart of a method of improving communication security of a distributed energy management system of the present application.
As shown in fig. 1, the present application discloses a method for improving communication security of a distributed energy management system, which includes the following steps:
s102, acquiring communication data of all devices in a preset networking;
S104, distinguishing data types based on the communication data to identify and obtain target data with different security levels;
s106, performing level analysis based on the target data, and performing partition processing on the target data by combining a preset processing mechanism.
It should be noted that, in this embodiment, in order to improve the safety of communication data in a campus, communication data of each device in a preset network is first acquired, where the devices in the network include a photovoltaic device, an energy storage device, a charging pile device, a power distribution device, an air conditioning device and an EMQ master control device, where EMQ is a leading open source internet of things MQTT server, and supports a large-scale, high-concurrency, reliable and safe internet of things application, correspondingly, the communication data is acquired based on a communication device disposed on each device in the network, and then the communication data is subjected to data type distinction to identify and obtain target data with different safety levels, where the target data includes first data and second data, further, based on the target data, the target data is subjected to level analysis, and partition processing is performed on the target data in combination with a preset processing mechanism, where different target data corresponds to different processing mechanisms, and correspondingly, the first data is general data, that is data with a low safety level, and the second data is safety level, that is, the data needs to be transmitted or encrypted by using a network.
According to an embodiment of the present invention, the acquiring communication data of each device in a preset network specifically includes:
establishing communication connection with terminals corresponding to all devices in a preset networking;
and acquiring real-time operation data of the terminals corresponding to the devices to obtain the communication data, wherein the communication data at least comprises device state data, workshop operation data and total control data.
It should be noted that, in this embodiment, the acquired communication data of each device in the network includes at least device status data, workshop operation data and overall control data, and specifically, communication connection with a terminal corresponding to each device in the preset network needs to be established, so that the communication data is obtained based on real-time operation data of a terminal corresponding to each device.
According to an embodiment of the present invention, the data type distinguishing is performed based on the communication data to identify target data with different security levels, and the method specifically includes:
acquiring data type factors of different communication data;
distinguishing the communication data based on the data type factor, wherein,
obtaining the first data based on a generic data factor identification; and
the second data is identified based on a security data factor.
It should be noted that, in this embodiment, the data type distinction is performed based on the communication data, specifically, the data type factors of different communication data are obtained for distinction, where the first data is obtained based on the general data factor identification; and obtaining the second data based on the secure data factor identification.
According to an embodiment of the present invention, the obtaining the real-time operation data of the terminal corresponding to each device to obtain the communication data specifically includes:
acquiring a photovoltaic device state based on a photovoltaic inverter arranged on the photovoltaic device; acquiring the state of the energy storage device based on a 485 interface arranged on the energy storage device; acquiring the state of the charging pile equipment based on a 485 interface arranged on the charging pile equipment; acquiring the state of the air conditioning equipment based on an intelligent switch electrically connected with the air conditioning equipment;
obtaining the equipment state data based on the photovoltaic equipment state, the energy storage equipment state, the charging pile equipment state, the power distribution equipment state and the air conditioning equipment state;
acquiring a distribution equipment state based on a smart electric meter arranged on the distribution equipment, and acquiring workshop operation data based on the distribution setting state;
And acquiring the total control data based on the EMQ total control equipment.
It should be noted that, in this embodiment, the real-time operation data of the terminals corresponding to different devices are different, and accordingly, the state of the photovoltaic device is obtained based on the photovoltaic inverter disposed on the photovoltaic device; acquiring the state of the energy storage device based on a 485 interface arranged on the energy storage device; acquiring the state of the charging pile equipment based on a 485 interface arranged on the charging pile equipment; acquiring the state of the air conditioning equipment based on an intelligent switch electrically connected with the air conditioning equipment; obtaining the equipment state data based on the photovoltaic equipment state, the energy storage equipment state, the charging pile equipment state and the air conditioning equipment state; acquiring a power distribution equipment state based on a smart electric meter arranged on the power distribution equipment, and acquiring workshop operation data based on the power distribution setting state; and acquiring the master control data based on the EMQ master control equipment.
According to an embodiment of the present invention, the performing, based on the target data, the performing, by combining with a preset processing mechanism, the partitioning processing on the target data specifically includes:
Transmitting data by using a universal network based on the first data;
and performing security level identification based on the second data, wherein,
transmitting the second data below the target level by using a primary encryption network;
and storing the second data positioned above the target level and the target level by using a secondary encryption network.
It should be noted that in this embodiment, there are different transmission and storage mechanisms corresponding to target data with different security levels, where data transmission is performed by using a general network based on the first data; and performing security level identification based on the second data, wherein the second data below the target level is transmitted by using a primary encryption network; and storing the second data above the target level by using a secondary encryption network, specifically, only using a general network for data transmission of the first data with low security level, judging the security level and the target level based on the data when the first data is required to be transmitted by using the encryption network, and transmitting the second data below the target level by using the primary encryption network to indicate that the second data can be transmitted with an external network, and storing the second data above the target level and the second data above the target level by using the secondary encryption network to indicate that the second data cannot be transmitted with the external network and is only used for local transmission and storage.
According to the embodiment of the invention, the method further comprises the step of carrying out protocol normalization conversion based on the devices in different networking.
It should be noted that, in this embodiment, the data connection is required for the industrial internet, and the outstanding problem is data intercommunication, and a large number of devices adopt different protocols, so that the data protocols need to be normalized and converted.
It is worth mentioning that the method further includes obtaining the device status data based on a monitoring device, specifically including:
acquiring photovoltaic equipment monitoring data based on a camera arranged at the position of the photovoltaic equipment;
acquiring monitoring data of the energy storage equipment based on a camera arranged at the position of the energy storage equipment;
acquiring monitoring data of the power distribution equipment based on a camera arranged at the position of the power distribution equipment;
acquiring monitoring data of the charging pile equipment based on a camera arranged at the position of the charging pile equipment;
and adding the photovoltaic equipment monitoring data, the energy storage equipment monitoring data, the power distribution equipment monitoring data and the charging pile equipment monitoring data into the equipment state data.
In this embodiment, besides obtaining the device status data by using the communication terminals disposed on different devices, the monitor data may be obtained based on the cameras disposed at the corresponding device positions and added to the device status data, where the added data at least includes the photovoltaic device monitor data, the energy storage device monitor data, the power distribution device monitor data, and the charging pile device monitor data.
It is worth mentioning that the method further comprises data linking based on status data of different devices, specifically comprising:
extracting state data of different devices for data linking, wherein,
carrying out data link based on the state of the energy storage equipment and the state of the charging pile equipment, and carrying out data link based on the monitoring data of the energy storage equipment and the monitoring data of the charging pile equipment;
and carrying out data link on the basis of the photovoltaic equipment state and the distribution equipment state, and carrying out data link on the basis of the photovoltaic equipment monitoring data and the distribution equipment monitoring data.
It should be noted that, in this embodiment, because of the precondition of energy conversion and data intercommunication between different devices in the campus, there is a need to link data that can be matched, specifically, link data based on the state of the energy storage device and the state of the charging pile device, and link data based on the monitoring data of the energy storage device and the monitoring data of the charging pile device; and carrying out data link based on the photovoltaic equipment state and the distribution equipment state, and carrying out data link based on the photovoltaic equipment monitoring data and the distribution equipment monitoring data, so as to provide basic data guarantee for synchronously carrying out safety reminding.
It is worth mentioning that the method further comprises outputting a security reminder based on the monitoring data, and specifically comprises the following steps:
identifying energy storage alarm parameters of the energy storage equipment, judging whether the current energy storage alarm parameters are true based on the corresponding data links, or identifying charging pile alarm parameters of the charging pile equipment, and judging whether the current charging pile equipment alarm parameters are true based on the corresponding data links; and
and identifying the photovoltaic alarm parameters of the photovoltaic equipment, judging whether the current photovoltaic alarm parameters are true based on the corresponding data links, or identifying the distribution alarm parameters of the distribution equipment, and judging whether the current distribution alarm parameters are true based on the corresponding data links.
It should be noted that, in this embodiment, the conventional alarm authenticity identification needs to perform secondary identification at one end of the local alarm or manually perform identification, and the application sets a data link, so that, because an alarm occurs at one end of the data link, the other end of the link can perform alarm synchronously, so that bidirectional identification of data links can be performed for different alarm parameters, specifically, the energy storage alarm parameters of the energy storage device are identified, whether the current energy storage alarm parameters are true or not is judged based on the corresponding data link, or whether the current energy storage alarm parameters of the charging pile device are true or not is judged based on the corresponding data link, for example, if the energy storage alarm parameters display the alarm information of the energy storage device, at this time, the state of the charging pile device connected with the energy storage device is extracted to judge whether the alarm is true or not, wherein if the state of the charging pile device is normal, the energy storage alarm information is indicated to be wrong, specifically, and if the state of the charging pile device is abnormal synchronously, the energy storage alarm information is indicated to be true, emergency treatment is required; and identifying the photovoltaic alarm parameters of the photovoltaic equipment, judging whether the current photovoltaic alarm parameters are true based on the corresponding data links, or identifying the distribution alarm parameters of the distribution equipment, judging whether the current distribution alarm parameters are true based on the corresponding data links, for example, if the photovoltaic alarm parameters display the alarm information of the photovoltaic equipment, extracting the state of the distribution equipment which is in data connection with the photovoltaic alarm parameters can judge whether the alarm is true, wherein if the state of the distribution equipment is normal, the photovoltaic alarm information is indicated to be wrong, particularly erroneous judgment, if the state of the distribution equipment is abnormal in synchronization, the photovoltaic alarm information is indicated to be true, emergency treatment is required, the number value of the specific links can be selected in multiple mode, and therefore the multi-dimensional alarm authenticity identification can be carried out based on multiple data.
FIG. 2 illustrates a block diagram of a system for improving the communication security of a distributed energy management system in accordance with the present invention.
As shown in fig. 2, the invention discloses a communication security system for improving a distributed energy management system, which comprises a memory and a processor, wherein the memory comprises a method program for improving the communication security of the distributed energy management system, and the method program for improving the communication security of the distributed energy management system realizes the following steps when being executed by the processor:
acquiring communication data of each device in a preset networking, wherein,
the networking internal equipment comprises photovoltaic equipment, energy storage equipment, charging pile equipment, power distribution equipment, air conditioning equipment and EMQ total control equipment;
data type discrimination is performed based on the communication data to identify target data that are to be obtained at different security levels, wherein,
the target data comprises first data and second data, wherein the first data is general data, and the second data is safe data;
and performing level analysis based on the target data, and performing partition processing on the target data by combining a preset processing mechanism.
It should be noted that, in this embodiment, in order to improve the safety of communication data in a campus, communication data of each device in a preset network is first acquired, where the devices in the network include a photovoltaic device, an energy storage device, a charging pile device, a power distribution device, an air conditioning device and an EMQ master control device, where EMQ is a leading open source internet of things MQTT server, and supports a large-scale, high-concurrency, reliable and safe internet of things application, correspondingly, the communication data is acquired based on a communication device disposed on each device in the network, and then the communication data is subjected to data type distinction to identify and obtain target data with different safety levels, where the target data includes first data and second data, further, based on the target data, the target data is subjected to level analysis, and partition processing is performed on the target data in combination with a preset processing mechanism, where different target data corresponds to different processing mechanisms, and correspondingly, the first data is general data, that is data with a low safety level, and the second data is safety level, that is, the data needs to be transmitted or encrypted by using a network.
According to an embodiment of the present invention, the acquiring communication data of each device in a preset network specifically includes:
establishing communication connection with terminals corresponding to all devices in a preset networking;
and acquiring real-time operation data of the terminals corresponding to the devices to obtain the communication data, wherein the communication data at least comprises device state data, workshop operation data and total control data.
It should be noted that, in this embodiment, the acquired communication data of each device in the network includes at least device status data, workshop operation data and overall control data, and specifically, communication connection with a terminal corresponding to each device in the preset network needs to be established, so that the communication data is obtained based on real-time operation data of a terminal corresponding to each device.
According to an embodiment of the present invention, the data type distinguishing is performed based on the communication data to identify target data with different security levels, and the method specifically includes:
acquiring data type factors of different communication data;
distinguishing the communication data based on the data type factor, wherein,
obtaining the first data based on a generic data factor identification; and
the second data is identified based on a security data factor.
It should be noted that, in this embodiment, the data type distinction is performed based on the communication data, specifically, the data type factors of different communication data are obtained for distinction, where the first data is obtained based on the general data factor identification; and obtaining the second data based on the secure data factor identification.
According to an embodiment of the present invention, the obtaining the real-time operation data of the terminal corresponding to each device to obtain the communication data specifically includes:
acquiring a photovoltaic device state based on a photovoltaic inverter arranged on the photovoltaic device; acquiring the state of the energy storage device based on a 485 interface arranged on the energy storage device; acquiring the state of the charging pile equipment based on a 485 interface arranged on the charging pile equipment; acquiring the state of the air conditioning equipment based on an intelligent switch electrically connected with the air conditioning equipment;
obtaining the equipment state data based on the photovoltaic equipment state, the energy storage equipment state, the charging pile equipment state, the power distribution equipment state and the air conditioning equipment state;
acquiring a distribution equipment state based on a smart electric meter arranged on the distribution equipment, and acquiring workshop operation data based on the distribution setting state;
And acquiring the total control data based on the EMQ total control equipment.
It should be noted that, in this embodiment, the real-time operation data of the terminals corresponding to different devices are different, and accordingly, the state of the photovoltaic device is obtained based on the photovoltaic inverter disposed on the photovoltaic device; acquiring the state of the energy storage device based on a 485 interface arranged on the energy storage device; acquiring the state of the charging pile equipment based on a 485 interface arranged on the charging pile equipment; acquiring the state of the air conditioning equipment based on an intelligent switch electrically connected with the air conditioning equipment; obtaining the equipment state data based on the photovoltaic equipment state, the energy storage equipment state, the charging pile equipment state and the air conditioning equipment state; acquiring a power distribution equipment state based on a smart electric meter arranged on the power distribution equipment, and acquiring workshop operation data based on the power distribution setting state; and acquiring the master control data based on the EMQ master control equipment.
According to an embodiment of the present invention, the performing, based on the target data, the performing, by combining with a preset processing mechanism, the partitioning processing on the target data specifically includes:
Transmitting data by using a universal network based on the first data;
and performing security level identification based on the second data, wherein,
transmitting the second data below the target level by using a primary encryption network;
and storing the second data positioned above the target level and the target level by using a secondary encryption network.
It should be noted that in this embodiment, there are different transmission and storage mechanisms corresponding to target data with different security levels, where data transmission is performed by using a general network based on the first data; and performing security level identification based on the second data, wherein the second data below the target level is transmitted by using a primary encryption network; and storing the second data above the target level by using a secondary encryption network, specifically, only using a general network for data transmission of the first data with low security level, judging the security level and the target level based on the data when the first data is required to be transmitted by using the encryption network, and transmitting the second data below the target level by using the primary encryption network to indicate that the second data can be transmitted with an external network, and storing the second data above the target level and the second data above the target level by using the secondary encryption network to indicate that the second data cannot be transmitted with the external network and is only used for local transmission and storage.
According to the embodiment of the invention, the method further comprises the step of carrying out protocol normalization conversion based on the devices in different networking.
It should be noted that, in this embodiment, the data connection is required for the industrial internet, and the outstanding problem is data intercommunication, and a large number of devices adopt different protocols, so that the data protocols need to be normalized and converted.
It is worth mentioning that the method further includes obtaining the device status data based on a monitoring device, specifically including:
acquiring photovoltaic equipment monitoring data based on a camera arranged at the position of the photovoltaic equipment;
acquiring monitoring data of the energy storage equipment based on a camera arranged at the position of the energy storage equipment;
acquiring monitoring data of the power distribution equipment based on a camera arranged at the position of the power distribution equipment;
acquiring monitoring data of the charging pile equipment based on a camera arranged at the position of the charging pile equipment;
and adding the photovoltaic equipment monitoring data, the energy storage equipment monitoring data, the power distribution equipment monitoring data and the charging pile equipment monitoring data into the equipment state data.
In this embodiment, besides obtaining the device status data by using the communication terminals disposed on different devices, the monitor data may be obtained based on the cameras disposed at the corresponding device positions and added to the device status data, where the added data at least includes the photovoltaic device monitor data, the energy storage device monitor data, the power distribution device monitor data, and the charging pile device monitor data.
It is worth mentioning that the method further comprises data linking based on status data of different devices, specifically comprising:
extracting state data of different devices for data linking, wherein,
carrying out data link based on the state of the energy storage equipment and the state of the charging pile equipment, and carrying out data link based on the monitoring data of the energy storage equipment and the monitoring data of the charging pile equipment;
and carrying out data link on the basis of the photovoltaic equipment state and the distribution equipment state, and carrying out data link on the basis of the photovoltaic equipment monitoring data and the distribution equipment monitoring data.
It should be noted that, in this embodiment, because of the precondition of energy conversion and data intercommunication between different devices in the campus, there is a need to link data that can be matched, specifically, link data based on the state of the energy storage device and the state of the charging pile device, and link data based on the monitoring data of the energy storage device and the monitoring data of the charging pile device; and carrying out data link based on the photovoltaic equipment state and the distribution equipment state, and carrying out data link based on the photovoltaic equipment monitoring data and the distribution equipment monitoring data, so as to provide basic data guarantee for synchronously carrying out safety reminding.
It is worth mentioning that the method further comprises outputting a security reminder based on the monitoring data, and specifically comprises the following steps:
identifying energy storage alarm parameters of the energy storage equipment, judging whether the current energy storage alarm parameters are true based on the corresponding data links, or identifying charging pile alarm parameters of the charging pile equipment, and judging whether the current charging pile equipment alarm parameters are true based on the corresponding data links; and
and identifying the photovoltaic alarm parameters of the photovoltaic equipment, judging whether the current photovoltaic alarm parameters are true based on the corresponding data links, or identifying the distribution alarm parameters of the distribution equipment, and judging whether the current distribution alarm parameters are true based on the corresponding data links.
It should be noted that, in this embodiment, the conventional alarm authenticity identification needs to perform secondary identification at one end of the local alarm or manually perform identification, and the application sets a data link, so that, because an alarm occurs at one end of the data link, the other end of the link can perform alarm synchronously, so that bidirectional identification of data links can be performed for different alarm parameters, specifically, the energy storage alarm parameters of the energy storage device are identified, whether the current energy storage alarm parameters are true or not is judged based on the corresponding data link, or whether the current energy storage alarm parameters of the charging pile device are true or not is judged based on the corresponding data link, for example, if the energy storage alarm parameters display the alarm information of the energy storage device, at this time, the state of the charging pile device connected with the energy storage device is extracted to judge whether the alarm is true or not, wherein if the state of the charging pile device is normal, the energy storage alarm information is indicated to be wrong, specifically, and if the state of the charging pile device is abnormal synchronously, the energy storage alarm information is indicated to be true, emergency treatment is required; and identifying the photovoltaic alarm parameters of the photovoltaic equipment, judging whether the current photovoltaic alarm parameters are true based on the corresponding data links, or identifying the distribution alarm parameters of the distribution equipment, judging whether the current distribution alarm parameters are true based on the corresponding data links, for example, if the photovoltaic alarm parameters display the alarm information of the photovoltaic equipment, extracting the state of the distribution equipment which is in data connection with the photovoltaic alarm parameters can judge whether the alarm is true, wherein if the state of the distribution equipment is normal, the photovoltaic alarm information is indicated to be wrong, particularly erroneous judgment, if the state of the distribution equipment is abnormal in synchronization, the photovoltaic alarm information is indicated to be true, emergency treatment is required, the number value of the specific links can be selected in multiple mode, and therefore the multi-dimensional alarm authenticity identification can be carried out based on multiple data.
A third aspect of the present invention provides a computer-readable storage medium having embodied therein a method program for improving communication security of a distributed energy management system, which when executed by a processor, implements the steps of a method for improving communication security of a distributed energy management system as described in any one of the above.
According to the method and the system for improving the communication safety of the distributed energy management system, disclosed by the invention, on the premise of meeting network requirements, the cost expenditure can be reduced, the network safety of a production park can be improved, the communication data intercommunication of park production equipment can be realized by utilizing the Internet of things, the data safety and the park production stability are enhanced, the distributed architecture is utilized for managing a plurality of networking equipment in an intranet, the data collaboration and the communication efficiency among the plurality of equipment can be effectively improved, and the stability and the safety of intranet data can be ensured by an established communication safety mechanism.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above described device embodiments are only illustrative, e.g. the division of the units is only one logical function division, and there may be other divisions in practice, such as: multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the various components shown or discussed may be coupled or directly coupled or communicatively coupled to each other via some interface, whether indirectly coupled or communicatively coupled to devices or units, whether electrically, mechanically, or otherwise.
The units described above as separate components may or may not be physically separate, and components shown as units may or may not be physical units; can be located in one place or distributed to a plurality of network units; some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present invention may be integrated in one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated in one unit; the integrated units may be implemented in hardware or in hardware plus software functional units.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, where the program, when executed, performs steps including the above method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk or an optical disk, or the like, which can store program codes.
Alternatively, the above-described integrated units of the present invention may be stored in a computer-readable storage medium if implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solutions of the embodiments of the present invention may be embodied in essence or a part contributing to the prior art in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, ROM, RAM, magnetic or optical disk, or other medium capable of storing program code.

Claims (10)

1. A method for improving communication security of a distributed energy management system, comprising the steps of:
acquiring communication data of each device in a preset networking, wherein,
the networking internal equipment comprises photovoltaic equipment, energy storage equipment, charging pile equipment, power distribution equipment, air conditioning equipment and EMQ total control equipment;
data type discrimination is performed based on the communication data to identify target data that are to be obtained at different security levels, wherein,
The target data comprises first data and second data, wherein the first data is general data, and the second data is safe data;
and performing level analysis based on the target data, and performing partition processing on the target data by combining a preset processing mechanism.
2. The method for improving the communication security of the distributed energy management system according to claim 1, wherein the acquiring the communication data of each device in the preset network specifically comprises:
establishing communication connection with terminals corresponding to all devices in a preset networking;
and acquiring real-time operation data of the terminals corresponding to the devices to obtain the communication data, wherein the communication data at least comprises device state data, workshop operation data and total control data.
3. The method for improving the communication security of the distributed energy management system according to claim 2, wherein the distinguishing of the data types based on the communication data is performed to identify the target data with different security levels, specifically comprising:
acquiring data type factors of different communication data;
distinguishing the communication data based on the data type factor, wherein,
Obtaining the first data based on a generic data factor identification; and
the second data is identified based on a security data factor.
4. The method for improving communication security of a distributed energy management system according to claim 3, wherein the obtaining real-time operation data of terminals corresponding to each device to obtain the communication data specifically includes:
acquiring a photovoltaic device state based on a photovoltaic inverter arranged on the photovoltaic device; acquiring the state of the energy storage device based on a 485 interface arranged on the energy storage device; acquiring the state of the charging pile equipment based on a 485 interface arranged on the charging pile equipment; acquiring the state of the air conditioning equipment based on an intelligent switch electrically connected with the air conditioning equipment;
obtaining the equipment state data based on the photovoltaic equipment state, the energy storage equipment state, the charging pile equipment state and the air conditioning equipment state;
acquiring a distribution equipment state based on a smart electric meter arranged on the distribution equipment, and acquiring workshop operation data based on the distribution setting state;
and acquiring the total control data based on the EMQ total control equipment.
5. The method for improving communication security of a distributed energy management system according to claim 4, wherein the performing the level analysis based on the target data and performing the partition processing on the target data in combination with a preset processing mechanism specifically comprises:
Transmitting data by using a universal network based on the first data;
and performing security level identification based on the second data, wherein,
transmitting the second data below the target level by using a primary encryption network;
and storing the second data positioned above the target level and the target level by using a secondary encryption network.
6. The method of claim 5, further comprising performing protocol normalization based on devices within different networking.
7. The communication security system for improving the distributed energy management system is characterized by comprising a memory and a processor, wherein the memory comprises a method program for improving the communication security of the distributed energy management system, and the method program for improving the communication security of the distributed energy management system realizes the following steps when being executed by the processor:
acquiring communication data of each device in a preset networking, wherein,
the networking internal equipment comprises photovoltaic equipment, energy storage equipment, charging pile equipment, power distribution equipment, air conditioning equipment and EMQ total control equipment;
data type discrimination is performed based on the communication data to identify target data that are to be obtained at different security levels, wherein,
The target data comprises first data and second data, wherein the first data is general data, and the second data is safe data;
and performing level analysis based on the target data, and performing partition processing on the target data by combining a preset processing mechanism.
8. The system for improving communication security of a distributed energy management system according to claim 7, wherein the acquiring communication data of each device in a preset network specifically comprises:
establishing communication connection with terminals corresponding to all devices in a preset networking;
and acquiring real-time operation data of the terminals corresponding to the devices to obtain the communication data, wherein the communication data at least comprises device state data, workshop operation data and total control data.
9. The system for improving communication security of a distributed energy management system according to claim 8, wherein the data type discrimination is performed based on the communication data to identify target data with different security levels, specifically comprising:
acquiring data type factors of different communication data;
distinguishing the communication data based on the data type factor, wherein,
Obtaining the first data based on a generic data factor identification; and
the second data is identified based on a security data factor.
10. A computer readable storage medium, characterized in that it includes a method program for improving the communication security of a distributed energy management system, where the method program for improving the communication security of a distributed energy management system implements the steps of a method for improving the communication security of a distributed energy management system according to any one of claims 1 to 6 when executed by a processor.
CN202311658717.0A 2023-12-06 2023-12-06 Method and system for improving communication security of distributed energy management system Active CN117354068B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311658717.0A CN117354068B (en) 2023-12-06 2023-12-06 Method and system for improving communication security of distributed energy management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311658717.0A CN117354068B (en) 2023-12-06 2023-12-06 Method and system for improving communication security of distributed energy management system

Publications (2)

Publication Number Publication Date
CN117354068A true CN117354068A (en) 2024-01-05
CN117354068B CN117354068B (en) 2024-03-01

Family

ID=89356145

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311658717.0A Active CN117354068B (en) 2023-12-06 2023-12-06 Method and system for improving communication security of distributed energy management system

Country Status (1)

Country Link
CN (1) CN117354068B (en)

Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030182435A1 (en) * 2000-11-13 2003-09-25 Digital Doors, Inc. Data security system and method for portable device
US20040143714A1 (en) * 2002-11-18 2004-07-22 Arm Limited Apparatus and method for controlling access to a memory unit
US20050091661A1 (en) * 2003-10-24 2005-04-28 Kurien Thekkthalackal V. Integration of high-assurance features into an application through application factoring
CN101276432A (en) * 2008-05-20 2008-10-01 普天信息技术研究院有限公司 Memory card and method for realizing digital content protection
CN102164034A (en) * 2010-02-19 2011-08-24 爱迪德有限责任公司 Device and method for establishing secure trust key
CN105095945A (en) * 2014-05-07 2015-11-25 中兴软创科技股份有限公司 SD card capable of securely storing data
WO2018049892A1 (en) * 2016-09-14 2018-03-22 广东欧珀移动通信有限公司 Data transmission method and apparatus, and terminal
US20200153800A1 (en) * 2018-11-13 2020-05-14 Seagate Technology Llc Sensor nodes and host forming a tiered ecosystem that uses public and private data for duplication
CN111538995A (en) * 2020-04-26 2020-08-14 支付宝(杭州)信息技术有限公司 Data storage method and device and electronic equipment
CN111753297A (en) * 2020-05-29 2020-10-09 国网福建省电力有限公司 Multi-information-flow modular access method applicable to multi-station fusion substation monitoring system
WO2022116629A1 (en) * 2020-12-03 2022-06-09 珠海格力电器股份有限公司 Data transmission method, apparatus, and device, and computer-readable storage medium
CN114817998A (en) * 2022-06-28 2022-07-29 国汽智控(北京)科技有限公司 Data security calling method and device, electronic equipment and storage medium
CN115883216A (en) * 2022-12-01 2023-03-31 国网青海省电力公司信息通信公司 Communication system safety protection method and device and electronic equipment
CN116010360A (en) * 2022-12-05 2023-04-25 国网河北省电力有限公司信息通信分公司 Similarity-based electric power text data storage method and device
CN116305181A (en) * 2022-12-30 2023-06-23 广州汇通国信科技有限公司 Information security protection method and device for project management platform
CN116471120A (en) * 2023-05-22 2023-07-21 广东电网有限责任公司 Data encryption method and related device for secondary security system of power grid
CN116599776A (en) * 2023-07-18 2023-08-15 深圳友讯达科技股份有限公司 Smart electric meter management method, device, equipment and storage medium based on Internet of things
CN116938440A (en) * 2022-04-11 2023-10-24 中国移动通信集团辽宁有限公司 Data processing method, apparatus, device, storage medium and computer program product

Patent Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030182435A1 (en) * 2000-11-13 2003-09-25 Digital Doors, Inc. Data security system and method for portable device
US20040143714A1 (en) * 2002-11-18 2004-07-22 Arm Limited Apparatus and method for controlling access to a memory unit
US20050091661A1 (en) * 2003-10-24 2005-04-28 Kurien Thekkthalackal V. Integration of high-assurance features into an application through application factoring
CN101276432A (en) * 2008-05-20 2008-10-01 普天信息技术研究院有限公司 Memory card and method for realizing digital content protection
CN102164034A (en) * 2010-02-19 2011-08-24 爱迪德有限责任公司 Device and method for establishing secure trust key
CN105095945A (en) * 2014-05-07 2015-11-25 中兴软创科技股份有限公司 SD card capable of securely storing data
WO2018049892A1 (en) * 2016-09-14 2018-03-22 广东欧珀移动通信有限公司 Data transmission method and apparatus, and terminal
US20200153800A1 (en) * 2018-11-13 2020-05-14 Seagate Technology Llc Sensor nodes and host forming a tiered ecosystem that uses public and private data for duplication
CN111538995A (en) * 2020-04-26 2020-08-14 支付宝(杭州)信息技术有限公司 Data storage method and device and electronic equipment
CN111753297A (en) * 2020-05-29 2020-10-09 国网福建省电力有限公司 Multi-information-flow modular access method applicable to multi-station fusion substation monitoring system
WO2022116629A1 (en) * 2020-12-03 2022-06-09 珠海格力电器股份有限公司 Data transmission method, apparatus, and device, and computer-readable storage medium
CN116938440A (en) * 2022-04-11 2023-10-24 中国移动通信集团辽宁有限公司 Data processing method, apparatus, device, storage medium and computer program product
CN114817998A (en) * 2022-06-28 2022-07-29 国汽智控(北京)科技有限公司 Data security calling method and device, electronic equipment and storage medium
CN115883216A (en) * 2022-12-01 2023-03-31 国网青海省电力公司信息通信公司 Communication system safety protection method and device and electronic equipment
CN116010360A (en) * 2022-12-05 2023-04-25 国网河北省电力有限公司信息通信分公司 Similarity-based electric power text data storage method and device
CN116305181A (en) * 2022-12-30 2023-06-23 广州汇通国信科技有限公司 Information security protection method and device for project management platform
CN116471120A (en) * 2023-05-22 2023-07-21 广东电网有限责任公司 Data encryption method and related device for secondary security system of power grid
CN116599776A (en) * 2023-07-18 2023-08-15 深圳友讯达科技股份有限公司 Smart electric meter management method, device, equipment and storage medium based on Internet of things

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
耿伟智;付道俊;邱鹏;陈鼎新;: "一种多加密技术的网络安全监控系统设计", 工业控制计算机, no. 12, 25 December 2019 (2019-12-25) *

Also Published As

Publication number Publication date
CN117354068B (en) 2024-03-01

Similar Documents

Publication Publication Date Title
CN104242465B (en) A kind of transformer substation remote monitoring system based on B/S and method
CN1399452A (en) Bluetooth extra-band management and business amount monitor in radio access point
CN110807460B (en) Transformer substation intelligent patrol system based on image recognition and application method thereof
CN105207853A (en) Local area network monitoring management method
CN108770008A (en) Configuration method, device and the storage medium that household appliance networks
CN101635703A (en) Method for detecting WEB service abnormality
CN107872364A (en) A kind of monitoring method of router state, apparatus and system
CN113381876B (en) Bus log collection method based on intelligent gateway and intelligent gateway
CN111064755A (en) Data protection method and device, computer equipment and storage medium
CN114205340B (en) Fuzzy test method and device based on intelligent power equipment
CN111628994A (en) Industrial control environment anomaly detection method, system and related device
CN117354068B (en) Method and system for improving communication security of distributed energy management system
CN107483084B (en) Broadband carrier networking method, site and system
CN109474540A (en) A kind of method and device identifying OPC flow
CN110958291B (en) Industrial vehicle data transmission system and method
CN105049543A (en) P2P communication system and method crossing asymmetric NAT between intelligent routers
CN114338074B (en) Automatic detection method and detection system for IP white list of power distribution terminal
CN114785874A (en) Method for providing high-availability transmission channel based on multi-network protocol
CN112866186B (en) Security level determination method and device
CN112491841A (en) Data processing method, device and system
CN114173332A (en) Data encryption transmission method and device suitable for 5G intelligent power grid inspection robot
CN112995508A (en) Intelligent camera
CN111131793A (en) Video network access safety device
CN113315830A (en) Data transmission method of data engineering machine for industrial internet
CN111107086A (en) Remote control switching method for protocol defense device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant