CN214205583U - End-to-end external secure communication device based on electric power trusted computing platform communication - Google Patents
End-to-end external secure communication device based on electric power trusted computing platform communication Download PDFInfo
- Publication number
- CN214205583U CN214205583U CN202120381833.2U CN202120381833U CN214205583U CN 214205583 U CN214205583 U CN 214205583U CN 202120381833 U CN202120381833 U CN 202120381833U CN 214205583 U CN214205583 U CN 214205583U
- Authority
- CN
- China
- Prior art keywords
- module
- protocol
- access module
- security
- secure
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The application provides an end-to-end external secure communication device based on electric power trusted computing platform communication, which comprises a secure access module, a communication module and a remote terminal, wherein the communication module is connected with the secure access module; the communication module is configured to transmit information to the security access module, the security access module is configured to encrypt or decrypt the information, and the remote terminal is configured to receive the information transmitted from the security access module and generate a corresponding command. The application provides an end-to-end external secure communication device based on electric power trusted computing platform communication, can upgrade the system on the basis that hardware is not changed, reduces the cost of upgrading because of changing hardware, and safe and reliable more solves the problem that the existing electric power terminal needs to modify original terminal software and hardware when upgrading, easily appears loophole in upgrading, increases the running risk of original equipment.
Description
Technical Field
The application relates to the technical field of secure communication, in particular to an end-to-end external secure communication device based on electric power trusted computing platform communication.
Background
The intelligent power grid is the intellectualization of the power grid, and is established on the basis of an integrated high-speed bidirectional communication network, and the purposes of reliability, safety, economy, high efficiency, environmental friendliness and safe use of the power grid are realized through advanced sensing and measuring technology, equipment technology, control method and decision support system technology. In the construction process of the smart grid, a huge number of terminal devices appear, which means that the smart grid faces a huge information security problem.
When the existing electric power terminal is upgraded with the credible security characteristic, the board card is added in the electric power terminal to increase the corresponding communication interface, and meanwhile, the corresponding algorithm software is added in the original software system to complete the upgrade of the electric power terminal so as to reduce the hidden danger of the information security problem.
However, the existing power terminal needs to modify the original terminal software and hardware during upgrading, which is prone to leak during upgrading and increases the running risk of the original equipment.
SUMMERY OF THE UTILITY MODEL
The application provides an end-to-end external safety communication device based on electric power trusted computing platform communication, which aims to solve the problems that the existing electric power terminal needs to modify the original terminal software and hardware when being upgraded, the vulnerability is easy to appear in the upgrade, and the running risk of the original equipment is increased.
The application provides an end-to-end external secure communication device based on electric power trusted computing platform communication, which comprises a secure access module, a communication module and a remote terminal, wherein the communication module is connected with the secure access module, and the secure access module is wirelessly connected with the remote terminal; wherein the communication module is configured to transmit information to the security access module, the security access module is configured to encrypt or decrypt information, and the remote terminal is configured to receive information transmitted from the security access module and generate a corresponding command.
Optionally, the secure access module may be a secure access module provided with an electrical port, or may be a secure access module provided with a first serial port or a secure access module provided with a second serial port.
Optionally, when the secure access module is a secure access module with an electrical port, the secure access module with the electrical port includes a first hardware protocol stack chip, an encryption chip, and a second hardware protocol stack chip; the encryption chip is arranged between the first hardware protocol stack chip and the hardware protocol stack chip.
Optionally, the safety access module provided with the electrical port is configured with two electrical ports.
Optionally, when the secure access module is a secure access module with a first serial port, the secure access module with the first serial port includes a first secure protocol module, a first password module, and a TCP/UDP protocol simulation module; the first password module and the TCP/UDP protocol simulation module are respectively connected with the first security protocol module;
the first security protocol module is configured to process a security protocol with a security access gateway, the first cryptographic module is configured to provide cryptographic operation services required by the first security protocol module, and the TCP/UDP protocol simulation module is configured to receive an IP message sent by the first security protocol module, simulate a TCP/UDP client, and establish a connection with a service front-end processor.
Optionally, when the secure access module is a secure access module with a second serial port, the secure access module with the second serial port includes a protocol analysis module, a second secure protocol module, and a second cryptographic module; the protocol analysis module and the second password module are respectively connected with the second security protocol module;
the protocol analysis module is configured to transparently forward a protocol message for connection control, and after connection is successfully established, the protocol analysis module and the security access gateway perform security tunnel management, key agreement and other processes through a second security protocol module, the second security protocol module is configured to process a security protocol with the security access gateway, and includes functions of key agreement, tunnel establishment, updating and the like, and directly calls a second cryptographic module to complete cryptographic operation in the security protocol, and the second cryptographic module is configured to provide cryptographic operation service required by the second security protocol module.
According to the technical scheme, the external secure communication device from end to end based on the electric power trusted computing platform communication comprises a secure access module, a communication module and a remote terminal, wherein the communication module is connected with the secure access module, and the secure access module is wirelessly connected with the remote terminal; the communication module is configured to transmit information to a security access module, the security access module is configured to encrypt or decrypt the information, and the remote terminal is configured to receive the information transmitted from the security access module and generate a corresponding command. The safety access module can be a safety access module with an electric port or a safety access module with a serial port, and the internal structures of the safety access module with the electric port and the safety access module with the serial port are different. The application provides a terminal-to-terminal external secure communication device based on electric power credible computing platform communication can upgrade the system on the basis of not changing hardware, reduces the cost of upgrading because of changing hardware, and safe and reliable more solves the problem that the existing electric power terminal needs to modify original terminal software and hardware when upgrading, easily appears loophole in upgrading, increases the running risk of original equipment.
Drawings
In order to more clearly explain the technical solution of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious to those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of an end-to-end external secure communication device based on electric trusted computing platform communication according to the present application;
fig. 2 is a schematic structural diagram of a security access module provided with an electrical port according to the present application;
fig. 3 is a schematic structural diagram of a security access module provided with a first serial port according to the present application;
fig. 4 is a schematic structural diagram of the security access module provided with the second serial port.
Illustration of the drawings:
wherein, 1-a secure access module; 2-a communication module; 3-a remote terminal; 11-a safety access module provided with an electric port; 12-a security access module provided with a first serial port; 13-a security access module provided with a second serial port; 111-a first hardware protocol stack chip; 112-an encryption chip; 113-a second hardware protocol stack chip; 121-a first security protocol module; 122-a first cryptographic module; 123-TCP/UDP protocol simulation module; 131-a protocol parsing module; 132-a second security protocol module; 133-second cryptographic module.
Detailed Description
Reference will now be made in detail to embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following examples do not represent all embodiments consistent with the present application. But merely as exemplifications of systems and methods consistent with certain aspects of the application, as recited in the claims.
Referring to fig. 1, a schematic structural diagram of an end-to-end external secure communication device based on electric power trusted computing platform communication according to the present application is shown. As shown in fig. 1, the application provides an end-to-end external secure communication device based on electric trusted computing platform communication, including a secure access module 1, a communication module 2, and a remote terminal 3, where the communication module 2 is connected to the secure access module 1, and the secure access module 1 is wirelessly connected to the remote terminal 3; wherein, the communication module 2 is configured to transmit information to the security access module 1, the security access module 1 is configured to encrypt or decrypt information, and the remote terminal 3 is configured to receive information transmitted from the security access module 1 and generate corresponding commands.
It should be noted that the communication module 2 may receive or output any one or more of a 3G signal, a GPRS signal, and a WiFi signal.
Further, the secure access module 1 may be a secure access module 11 provided with an electrical port, or may be a secure access module 12 provided with a first serial port or a secure access module 13 provided with a second serial port.
Referring to fig. 2, a schematic structural diagram of a security access module provided with an electrical port according to the present application is shown. As can be seen from fig. 2, when the secure access module 1 is the secure access module 11 with an electrical port, the secure access module 11 with an electrical port includes a first hardware protocol stack chip 111, an encryption chip 112, and a second hardware protocol stack chip 113; the encryption chip 112 is disposed between the first hardware protocol stack chip 111 and the hardware protocol stack chip 113.
Wherein, the encryption chip 112 is configured to process a security protocol with a secure access gateway; the first hardware protocol stack chip 111 is configured to be connected with an external remote terminal, and the second hardware protocol stack chip 113 is configured to be connected with an external switch/ONU/router.
Further, the safety access module 11 with an electrical port is configured with a dual electrical port.
In the specific embodiment process:
the first hardware protocol stack chip 111: and the gateway address is set as the gateway address of the RTU and is connected with the RTU.
Ascending: the input is an Ethernet data frame, and the whole IP layer message is output to the encryption chip.
Descending: the input is an IP message and is directly output from a TCP/IP protocol stack network layer.
The encryption chip 112: processing a security protocol with a security access gateway, and establishing connection, wherein the connection comprises processes of key agreement, identity authentication and the like.
Ascending: and receiving the IP layer message of the first protocol stack chip 111, encrypting the IP layer message, and sending the encrypted IP layer message as an application layer message to the second hardware protocol stack chip 113.
Descending: and receiving application layer ciphertext data sent by the second hardware protocol stack chip 113, decrypting the application layer ciphertext data into an IP layer message, and sending the IP layer message to the IP layer of the first hardware protocol stack chip 111.
The second hardware protocol stack chip 113: set as RTU address, and connect with switch/ONU/router.
Ascending: and receiving the ciphertext sent by the encryption chip 112, and sending the ciphertext to the secure access gateway as application layer data.
Descending: and receiving data sent by the security access gateway, extracting application layer data, and sending the application layer data to the security chip 112.
Wherein the uplink and downlink represent different transmission directions.
Referring to fig. 3, a schematic structural diagram of the security access module provided with the first serial port is shown. As shown in fig. 3, when the secure access module 1 is the secure access module 12 with a first serial port, the secure access module 12 with a first serial port includes a first secure protocol module 121, a first password module 122, and a TCP/UDP protocol simulation module 123; the first cryptographic module 122 and the TCP/UDP protocol simulation module 123 are respectively connected to the first security protocol module 121;
the first security protocol module 121 is configured to process a security protocol with a security access gateway, the first cryptographic module 122 is configured to provide cryptographic operation services required by the first security protocol module 121, and the TCP/UDP protocol simulation module 123 is configured to receive an IP packet sent by the first security protocol module 121, simulate a TCP/UDP client, and establish a connection with a service front-end processor.
Referring to fig. 4, a schematic structural diagram of the security access module provided with the second serial port is shown. As can be seen from fig. 4, when the secure access module 1 is the secure access module 13 with a second serial port, the secure access module 13 with a second serial port includes a protocol parsing module 131, a second secure protocol module 132, and a second cryptographic module 133; the protocol analysis module 132 and the second password 133 module are respectively connected to the second security protocol module 131;
in the specific embodiment process:
the protocol parsing module 131 is configured to transparently forward a protocol packet for connection control, and after connection is successfully established, the protocol parsing module 132 performs security tunnel management, key agreement and other processes with the security access gateway through the second security protocol module 132, the second security protocol module 132 is configured to process a security protocol with the security access gateway, including functions of key agreement, tunnel establishment, update and the like, and directly call the second cryptographic module 133 to complete cryptographic operation in the security protocol, and the second cryptographic module 133 is configured to provide cryptographic operation services required by the second security protocol module 132.
According to the technical scheme, the external secure communication device from end to end based on the electric power trusted computing platform communication comprises a secure access module 1, a communication module 2 and a remote terminal 3, wherein the communication module 2 is connected with the secure access module 1, and the secure access module 1 is wirelessly connected with the remote terminal 3; the communication module 2 is configured to transmit information to the security access module 1, the security access module 1 is configured to encrypt or decrypt information, and the remote terminal 3 is configured to receive information transmitted from the security access module 1 and generate a corresponding command. The safety access module 1 may be a safety access module 11 provided with an electrical port, or may be a safety access module 12 provided with a first serial port or a safety access module 13 provided with a second serial port, and the internal structures thereof are different. The application provides a terminal-to-terminal external secure communication device based on electric power credible computing platform communication can upgrade the system on the basis of not changing hardware, reduces the cost of upgrading because of changing hardware, and safe and reliable more solves the problem that the existing electric power terminal needs to modify original terminal software and hardware when upgrading, easily appears loophole in upgrading, increases the running risk of original equipment.
While there have been shown and described what are at present considered the fundamental principles and essential features of the application, and advantages thereof, it will be apparent to those skilled in the art that the application is not limited to the details of the foregoing exemplary embodiments, but is capable of other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.
The embodiments provided in the present application are only a few examples of the general concept of the present application, and do not limit the scope of the present application. Any other embodiments extended according to the scheme of the present application without inventive efforts will be within the scope of protection of the present application for a person skilled in the art.
Claims (6)
1. An end-to-end external secure communication device based on electric power trusted computing platform communication is characterized by comprising a secure access module (1), a communication module (2) and a remote terminal (3), wherein the communication module (2) is connected with the secure access module (1), and the secure access module (1) is wirelessly connected with the remote terminal (3); wherein the communication module (2) is configured to transmit information to the security access module (1), the security access module (1) is configured to encrypt or decrypt information, and the remote terminal (3) is configured to receive information transmitted from the security access module (1) and generate a corresponding command.
2. The electric power trusted computing platform communication end-to-end external secure communication device as claimed in claim 1, wherein the secure access module (1) may be a secure access module (11) provided with an electrical port, a secure access module (12) provided with a first serial port, or a secure access module (13) provided with a second serial port.
3. The electric power trusted computing platform communication end-to-end external secure communication device according to claim 2, wherein when the secure access module (1) is a secure access module (11) with an electrical port, the secure access module (11) with an electrical port includes a first hardware protocol stack chip (111), an encryption chip (112), and a second hardware protocol stack chip (113); wherein the encryption chip (112) is disposed between the first hardware protocol stack chip (111) and the second hardware protocol stack chip (113).
4. The electric power trusted computing platform communication-based end-to-end external secure communication device as claimed in claim 3, wherein said electric port-equipped secure access module (12) is of a dual-electric port configuration.
5. The electric power trusted computing platform communication end-to-end external secure communication device according to claim 2, wherein when the secure access module (1) is a secure access module (12) having a first serial port, the secure access module (12) having the first serial port includes a first secure protocol module (121), a first cryptographic module (122), and a TCP/UDP protocol simulation module (123); the first password module (122) and the TCP/UDP protocol simulation module (123) are respectively connected with the first security protocol module (121);
the first security protocol module (121) is configured to process a security protocol with a security access gateway, the first cryptographic module (122) is configured to provide cryptographic operation services required by the first security protocol module (121), and the TCP/UDP protocol simulation module (123) is configured to receive an IP packet sent by the first security protocol module (121), simulate a TCP/UDP client, and establish a connection with a service front-end processor.
6. The electric power trusted computing platform communication end-to-end external secure communication device according to claim 2, wherein when the secure access module (1) is a secure access module (13) having a second serial port, the secure access module (13) having the second serial port includes a protocol parsing module (131), a second secure protocol module (132), and a second cryptographic module (133); the protocol analysis module (131) and the second password module (133) are respectively connected with the second security protocol module (132);
the protocol analysis module (131) is configured to transparently forward a protocol packet for connection control, and after connection establishment is successful, a second security protocol module (132) and a security access gateway perform security tunnel management and key negotiation processes, the second security protocol module (132) is configured to process a security protocol with the security access gateway, including key negotiation, tunnel establishment and update functions, and directly call a second cryptographic module (133) to complete cryptographic operation in the security protocol, and the second cryptographic module (133) is configured to provide cryptographic operation service required by the second security protocol module (132).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202120381833.2U CN214205583U (en) | 2021-02-20 | 2021-02-20 | End-to-end external secure communication device based on electric power trusted computing platform communication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202120381833.2U CN214205583U (en) | 2021-02-20 | 2021-02-20 | End-to-end external secure communication device based on electric power trusted computing platform communication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN214205583U true CN214205583U (en) | 2021-09-14 |
Family
ID=77639175
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202120381833.2U Active CN214205583U (en) | 2021-02-20 | 2021-02-20 | End-to-end external secure communication device based on electric power trusted computing platform communication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN214205583U (en) |
-
2021
- 2021-02-20 CN CN202120381833.2U patent/CN214205583U/en active Active
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3633913A1 (en) | Provisioning a secure connection using a pre-shared key | |
| CN110267270B (en) | Identity authentication method for sensor terminal access edge gateway in transformer substation | |
| CN108270554B (en) | Terminal pairing method and system | |
| CN110636052B (en) | Power consumption data transmission system | |
| CN102571702A (en) | Key generation method, system and equipment in Internet of things | |
| KR101575862B1 (en) | Security association system between heterogeneous power devices | |
| CN104219217A (en) | SA (security association) negotiation method, device and system | |
| CN111711625A (en) | Power system information security encryption system based on power distribution terminal | |
| CN102348210A (en) | Method and mobile security equipment for security mobile officing | |
| CN112270020B (en) | Terminal equipment safety encryption device based on safety chip | |
| CN111988328A (en) | Safety guarantee method and system for acquiring terminal data of power generation unit of new energy plant station | |
| Urien | Introducing TLS/DTLS secure access modules for IoT frameworks: concepts and experiments | |
| CN111357305B (en) | Communication method, equipment, system and storage medium of movable platform | |
| CN113783868A (en) | Method and system for protecting security of gate Internet of things based on commercial password | |
| CN108966217A (en) | A kind of secret communication method, mobile terminal and secrecy gateway | |
| CN115802348B (en) | Low-power consumption NB-IoT terminal and secure communication mechanism | |
| CN214205583U (en) | End-to-end external secure communication device based on electric power trusted computing platform communication | |
| CN114301967B (en) | Control method, device and equipment for narrowband Internet of things | |
| CN113765900B (en) | Protocol interaction information output transmission method, adapter device and storage medium | |
| CN115567195A (en) | Secure communication method, client, server, terminal and network side equipment | |
| CN211046952U (en) | Internet of things safety communication device based on NB-IoT | |
| CN114707158A (en) | Network communication authentication method and network communication authentication system based on TEE | |
| CN113422753A (en) | Data processing method and device, electronic equipment and computer storage medium | |
| CN111935112A (en) | Serial-based cross-network data safety ferrying equipment and method | |
| CN207573392U (en) | For the safe data transmission terminal of the Big Dipper of power information acquisition |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |