Disclosure of Invention
The utility model relates to a have and proposed in view of foretell situation, its aim at provides a safety certification equipment of distribution thing networking based on block chain that can accomplish power terminal equipment's authentication more high-efficiently.
Therefore, the utility model provides a safety certification equipment of distribution thing networking based on block chain, the distribution thing networking includes one or more distribution district, and arbitrary distribution district includes at least one safety certification equipment and a plurality of power terminal equipment, a serial communication port, safety certification equipment includes: the system comprises a receiving module, an identity generating module, an encrypting module, a sending module and a verifying module, wherein the receiving module is used for receiving equipment information, a preset password and authentication information sent by the electric power terminal equipment; the identity generation module registers the electric power terminal equipment based on the equipment information and the preset password, and the encryption module is used for generating a first encrypted ciphertext and a second encrypted ciphertext based on the equipment information and the preset password and generating a target ciphertext combination by using the first encrypted ciphertext and the second encrypted ciphertext; the sending module is used for combining the target ciphertext on a block chain, the block chain takes the safety certification equipment as a block chain main node, and the verification module is used for carrying out safety certification on the electric power terminal equipment based on the certification information and the digital abstract extracted from the block chain. In this case, the identity authentication of the power terminal device can be performed by the edge gateway, and thus the identity authentication of the power terminal device can be completed more efficiently.
Additionally, in the detection system related to the first aspect of the present invention, optionally, the identity generation module generates the identity and the target password corresponding to the power terminal device based on the received device information and the preset password and passes through the sending module sends the identity and the target password to the power terminal device, and the power terminal device sends the identity and the target password to the security authentication device to complete the registration. In this case, the security authentication device can perform identity identification and information registration on the power terminal device, so that the security authentication device can better identify and distinguish the power terminal device, and the identity authentication of the power terminal device through the security authentication device can be conveniently realized subsequently.
Additionally, in the detection system according to the first aspect of the present invention, optionally, a storage module is included, the storage module is configured to store an encryption algorithm, and the encryption algorithm includes: the identity authentication device comprises a first encryption algorithm for generating a first digital digest based on the identity, a second encryption algorithm for generating a second digital digest based on the identity and the device information, a third encryption algorithm for generating a first encryption ciphertext based on a first character string combination generated by the first digital digest and a security authentication device identifier, and a fourth encryption algorithm for generating a second encryption ciphertext based on a second character string combination generated by the second digital digest and the security authentication device identifier, wherein the encryption algorithms are stored in the storage module in the form of software. In this case, the encryption algorithm can be called at any time, and the corresponding encryption algorithm can be called according to different steps.
Further, in the detection system according to the first aspect of the present invention, optionally, the device information includes an area number, a type number, and a number of the power terminal device. Thereby, the device information can be obtained.
In addition, in the detection system according to the first aspect of the present invention, optionally, the preset password is generated based on a pseudo random number generator built in the power terminal device. Thereby enabling the preset password to be obtained.
Further, in the detection system according to the first aspect of the present invention, optionally, the security authentication device generates a random number by a random number generator, and generates the target password based on the random number and the preset password. Thereby, the target password can be obtained.
Further, in the detection system according to the first aspect of the present invention, optionally, the security authentication device obtains the target password by performing an exclusive or operation on the random number and the preset password. Thereby, the target password can be obtained.
Further, in the detection system according to the first aspect of the present invention, optionally, the first encryption algorithm is a SHA-256 encryption algorithm or an SM3 algorithm, and the second encryption algorithm is a SHA-256 encryption algorithm or an SM3 algorithm. Thereby, the first digital digest and the second digital digest can be obtained easily.
Further, in the detection system according to the first aspect of the present invention, optionally, the third encryption algorithm is an SM2 algorithm or an RSA algorithm, and the fourth encryption algorithm is an SM2 algorithm or an RSA algorithm. Thereby, the first encrypted ciphertext and the second encrypted ciphertext can be conveniently obtained.
Further, in the detection system according to the first aspect of the present invention, optionally, the edge gateway writes the target ciphertext combination into a padding field for block chain chaining to implement block chain chaining, where the padding field is a field in which information on the chaining is recorded. Thus, the edge gateway can write the target ciphertext combination into the block chain.
According to the utility model discloses, can provide the safety certification method of the distribution thing networking based on the block chain of accomplishing the authentication of power terminal equipment more high-efficiently.
Detailed Description
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the following description, the same components are denoted by the same reference numerals, and redundant description thereof is omitted. The drawings are schematic and the ratio of the dimensions of the components and the shapes of the components may be different from the actual ones.
It is noted that the terms "comprises," "comprising," and "having," and any variations thereof, in the present disclosure, such that a process, method, system, article, or apparatus that comprises or has a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include or have other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The utility model provides a safety certification equipment of distribution thing networking based on block chain. (sometimes can be referred to simply as safety certification equipment) the utility model relates to a distribution thing networking equipment can carry out safety certification through the power terminal equipment in the distribution thing networking of a distribution thing networking based on block chain safety certification method (sometimes can be referred to simply as safety certification method) in to the distribution thing networking.
The utility model discloses a safety certification equipment that embodiment relates can be applied to smart power grids or distribution thing networking. According to the utility model discloses, can provide the safety certification method of the distribution thing networking based on the block chain of accomplishing the authentication of power terminal equipment more high-efficiently. The utility model relates to an implementation can construct the lightweight safety framework of distribution thing networking. In some examples, the power distribution internet of things may be based on an edge control technology of a Software Defined Network (SDN), and a security authentication task (or an identity authentication task) of a power terminal device in a power distribution physical Network may be allocated to an edge device (also referred to as a "security authentication device"). In this case, the identity authentication of the power terminal device can be realized by the edge device. Therefore, huge burden of a large amount of electric terminal equipment on the central server can be effectively relieved, and the identity authentication of the electric terminal equipment can be completed more efficiently.
Fig. 1 is a scene diagram illustrating a power distribution internet of things 1 according to an example of the present invention. In some examples, referring to fig. 1, a power distribution internet of things 1 may include one or more power distribution zones (e.g., power distribution zone 110, power distribution zone 120, and power distribution zone 130). In some examples, the electrical zones may be divided according to a communication area (or communication coverage) of the security authentication device. In some examples, each power distribution zone may include a security authentication device. In some examples, the number of secure authentication devices may be one or more. For example, power distribution area 110 may include security authentication device 111, power distribution area 120 may include security authentication device 121, power distribution area 130 may include security authentication device 131, power distribution area 140 may include security authentication device 141, and so forth. In some examples, each power distribution zone may include power terminal equipment. In some examples, the number of power terminal devices in each power distribution area may be one or more. For example, the number of power terminal devices in the power distribution area 110 may be 3, respectively the power terminal device 112, the power terminal device 113, the power terminal device 114, and the like.
The structure of each power distribution region and the manner of transmission of signal streams are described below by the power distribution region P.
Fig. 2 is a view showing a power distribution area P according to an example of the present invention. Fig. 2 shows a scene diagram corresponding to a power distribution area P, where the power distribution area P may include a security authentication device S and several power terminal devices D, such as a first power terminal device D1 and a second power terminal device D2. Fig. 3 is a block diagram showing a security authentication device S according to an example of the present invention. Fig. 4 is a flow chart illustrating a security authentication method of the block chain-based power distribution internet of things 1 according to an example of the present invention.
In some examples, as shown in fig. 3, the secure authentication device S may include: the system comprises a receiving module S-1, an identity generating module S-2, an encrypting module S-3, a sending module S-4 and a verifying module S-5.
In some examples, the receiving module S-1 may be configured to receive device information, a preset password, and authentication information transmitted by the power terminal device D.
In some examples, the identity generation module S-2 registers the power terminal device D based on the device information and a preset password.
In some examples, the encryption module S-3 is configured to generate a first encryption ciphertext and a second encryption ciphertext based on the device information and the preset password, and generate a target ciphertext combination using the first encryption ciphertext and the second encryption ciphertext.
In some examples, the sending module S-4 is configured to combine the target ciphertext into a blockchain having the secure authentication apparatus S as the blockchain master.
In some examples, the verification module S-5 securely authenticates the power terminal device D based on the authentication information and the digital digest extracted from the blockchain.
In an embodiment of the present invention, a security authentication method suitable for a security authentication device S is provided (see fig. 4). In this embodiment, referring to fig. 4, the safety certification method for the power distribution internet of things 1 based on the block chain may include the following steps: performing blockchain initialization by the security authentication apparatus S (step S10); registering the power terminal device D with the security authentication device S (step S20); the power terminal device D is authenticated by the security authentication device S (step S30). According to the utility model discloses a safety certification method can accomplish power terminal equipment D's authentication more high-efficiently.
In step S10, as described above, the block chain initialization may be performed by the secure authentication device S.
In some examples, the security authentication devices S corresponding to the power distribution areas P may be respectively used as the blockchain master nodes to construct blockchains, and the power terminal devices D in the communication areas of the security authentication devices S are used as child nodes of the blockchain. In some examples, each secure authentication device S may construct a blockchain trust domain (simply "trust domain"). In this case, if the power terminal device D performs identity authentication within the trust domain, all power terminal devices D trusting the authentication domain (i.e. trust domain) may accept the identity authentication. In some examples, the security authentication device S may serve as a master device of the blockchain trust domain, and the power terminal devices D in the same power distribution area may serve as slave devices of the blockchain trust domain.
In step S20, the power terminal device D may be registered by the identity generation module S-2 of the security authentication device S, as described above.
In some examples, in step S20, the identity generation module S-2 of the secure authentication device S needs to register the power terminal device D (see fig. 2 and 4) joined to the same distribution area P. In this case, the security authentication device S can perform identity identification and information registration on the power terminal device D, so that the security authentication device S can better identify and distinguish the power terminal device D, and the subsequent identity authentication of the power terminal device D by the security authentication device S can be facilitated. In some examples, the power terminal device D may be registered by the security authentication device S within the same blockchain trust domain. Or the power terminal device D may be registered by the security authentication device S of the same distribution area P.
In some examples, each power terminal device D may transmit the target information to the security authentication device S, respectively. In some examples, the target information may include device information and a preset password of the power terminal device D. In some examples, the device information may be information that can distinguish the individual power terminal devices D. In some examples, the device information may include information such as an area number, a type number, and a number of the power terminal device D. Thereby, the device information can be obtained. In some examples, the area number may be a number of a blockchain area. In some examples, the type number may be a number of a device type. In some examples, the number may be a number in the same type of device in the area. In some examples, the device information may be generated when the power terminal device D joins the blockchain trust domain.
In some examples, the preset password transmitted by the power terminal device D may be generated based on a pseudo random number generator built in the power terminal device D. Thereby enabling the preset password to be obtained. In some examples, the power terminal device D may store the generated preset password.
In some examples, the security authentication device S may receive the target information transmitted by the power terminal device D. In some examples, the security authentication device S may receive the target information module transmitted by the power terminal device D through the receiving module S-1 and generate the registration information based on the received target information through the identity generating module S-2, and may transmit to the corresponding power terminal device D.
Specifically, the security authentication device S may receive device information and a preset password transmitted by the power terminal device D. In some examples, the security authentication device S may generate an identity corresponding to the power terminal device D based on the received device information. In some examples, the identity may be a unique device identity corresponding to the power terminal device D.
In some examples, the security authentication device S may generate a target password corresponding to the power terminal device D based on the received preset password by using the identity generation module S-2. In some examples, the secure authentication device S may generate a target password based on a random number and a preset password using the identity generation module S-2. In some examples, the secure authentication device S may generate a random number by a random number generator using the identity generation module S-2. In some examples, the secure authentication device S may obtain the target password by xoring the random number and the preset password using the identity generation module S-2. Thereby, the target password can be obtained.
In some examples, the registration information may include an identification and a target password. In some examples, the secure authentication device S may include a storage module (described later) that may store the generated registration information. In some examples, the secure authentication device S may store the device information in a database of the secure authentication device S.
In some examples, the transmitting module S-4 of the security authentication device S may transmit the registration information to the corresponding power terminal device D. For example, the transmitting module S-4 may transmit registration information such as an identification and a target password to the corresponding power terminal device D. In other examples, after the identity generating module S-2 generates the registration information, the sending module S-4 may send the registration information and the preset password to the corresponding power terminal device D. In some examples, it may be confirmed that the power terminal device D corresponds to the registration information by comparing the received preset password with the self-generated preset password. In some examples, the power terminal device D may store the received registration information.
In some examples, the secure authentication device S may also generate a key pair for the power terminal device D.
In some examples, the identity may be a public key of the power terminal device D. In some examples, the target password may be a private key of the power terminal device D. Or the target password and the preset password may be a private key pair of the power terminal device D.
In some examples, the sending module S-4 may send registration information to the secure authentication device S to complete the registration. Specifically, in some examples, the receiving module S-1 of the power terminal device D may receive the identity and the target password transmitted by the security authentication device S, and may transmit the identity and the target password to the security authentication device S through the secure channel. In some examples, if the receiving module S-1 of the security authentication device S receives the registration information and then obtains the registration information corresponding to the received registration information by querying the data stored in the storage module, it indicates that the power terminal device D completes the registration. In this case, the security authentication device S may transmit notification information that registration has been completed to the power terminal device D. In some examples, if the secure authentication device S receives the registration information and does not obtain the corresponding registration information by querying the data stored in the storage module, it indicates that the power terminal device D does not complete the registration. In this case, the security authentication device S may store the received registration information to complete the registration, and thereafter may transmit notification information that the registration has been completed to the power terminal device D.
In step S30, as described above, the power terminal device D can be authenticated by the security authentication device S.
In some examples, step S30 may include writing target information of the power terminal device D into the blockchain, and authenticating the power terminal device D based on the security authentication device S and the blockchain.
In step S30, as described above, the power terminal device D can be authenticated by the transmission module S-4 of the security authentication device S.
In some examples, step S30 may include writing target information of the power terminal device D into the blockchain, and authenticating the power terminal device D through the security authentication device S and the blockchain.
In some examples, as described above, the secure authentication device S may include a storage module (not shown). In some examples, the storage module may be to store an encryption algorithm, the encryption algorithm including: the identity authentication device comprises a first encryption algorithm for generating a first digital digest based on the identity, a second encryption algorithm for generating a second digital digest based on the identity and the device information, a third encryption algorithm for generating a first encryption ciphertext based on a first character string combination generated by the first digital digest and a security authentication device identifier, and a fourth encryption algorithm for generating a second encryption ciphertext based on a second character string combination generated by the second digital digest and the security authentication device identifier, wherein the encryption algorithms are stored in the storage module in the form of software. In this case, the encryption algorithm can be called at any time, and the corresponding encryption algorithm can be called according to different steps.
The utility model relates to an among the embodiment, write into the target information of power terminal equipment D in the block chain can include following step: the encryption module S-3 of the security authentication device S may generate a first digital digest based on the identity and the first encryption algorithm in the registration information of the power terminal device D, and the encryption module S-3 of the security authentication device S may generate a second digital digest based on the identity and the device information of the power terminal device D and the second encryption algorithm (step S311); the encryption module S-3 of the security authentication apparatus S may generate a first string combination based on the first digital digest and the security authentication apparatus id and generate a first encryption ciphertext based on the third encryption algorithm, the encryption module S-3 of the security authentication apparatus S may generate a second string combination based on the second digital digest and the security authentication apparatus id and generate a second encryption ciphertext based on the fourth encryption algorithm (step S312), the encryption module S-3 of the security authentication apparatus S may generate a target ciphertext combination based on the first encryption ciphertext and the second encryption ciphertext (step S313), and the security authentication apparatus S may combine the target ciphertext in the block chain (step S314).
In step S311, as described above, the encryption module S-3 of the security authentication device S may generate a first digital digest based on the identity identifier in the registration information of the power terminal device D and the first encryption algorithm, and the security authentication device S may generate a second digital digest based on the identity identifier and the stored device information and the second encryption algorithm.
In some examples, the encryption module S-3 of the secure authentication device S may generate the first digital digest based on the identity and the first encryption algorithm. In some examples, the first encryption algorithm may be a SHA-256 encryption algorithm or an SM3 algorithm, among others. Thereby, the first digital digest can be obtained easily.
In some examples, the cryptographic module S-3 of the secure authentication device S may generate the second digital digest based on the identity and the device information and a second cryptographic algorithm. In some examples, the secure authentication device S may generate an identity digital digest based on the second encryption algorithm and the identity. In some examples, the cryptographic module S-3 of the secure authentication device S may generate a device information digital digest based on the second cryptographic algorithm and the device information. In some examples, the secure authentication device S may concatenate the identity digital digest and the device information digital digest combination into a string to generate the second digital digest. In some examples, the second encryption algorithm may be a SHA-256 encryption algorithm or an SM3 algorithm, among others. Thereby, the obtaining of the second digital digest can be facilitated.
In step S312, as described above, the encryption module S-3 of the security authentication device S may generate a first character string combination based on the first digital digest and the security authentication device identification and generate a first encrypted ciphertext based on the third encryption algorithm, and the encryption module S-3 of the security authentication device S may generate a second character string combination based on the second digital digest and the security authentication device identification and generate a second encrypted ciphertext based on the fourth encryption algorithm.
In some examples, the secure authentication device identification may be a secure authentication device number corresponding to the cryptographic module S-3 of the secure authentication device S. In this case, the security authentication device number may be used to distinguish the security authentication devices S of different power distribution areas. In some examples, the secure authentication device identification may be generated when the secure authentication device S is registered on the cloud gateway.
In some examples, as described above, the encryption module S-3 of the secure authentication device S may generate the first string combination based on the first digital digest and the secure authentication device identification. In some examples, the cryptographic module S-3 of the secure authentication device S may concatenate the first digital digest with the secure authentication device identification to generate the first string combination.
In some examples, the encryption module S-3 of the secure authentication device S may generate a first encryption ciphertext based on the third encryption algorithm and the first string combination. In some examples, the third encryption algorithm may be the SM2 algorithm or the RSA algorithm. Thereby, the first encrypted ciphertext can be obtained conveniently. In some examples, the encryption module S-3 of the secure authentication device S may use the public key of the power terminal device D and apply a third encryption algorithm to asymmetrically encrypt the first string combination to form a first encrypted ciphertext.
In some examples, the cryptographic module S-3 of the secure authentication device S may generate a second combination of strings based on the second digital digest and the secure authentication device identification. In some examples, the security authentication device S may concatenate the second digital digest with the security authentication device identification to generate a second string combination.
In some examples, the encryption module S-3 of the secure authentication device S may generate a second encryption ciphertext based on a fourth encryption algorithm and the second string combination. In some examples, the fourth encryption algorithm may be the SM2 algorithm or the RSA algorithm. Thereby, the second encrypted ciphertext can be obtained conveniently. In some examples, the encryption module S-3 of the secure authentication device S may use the public key of the secure authentication device S and apply a fourth encryption algorithm to asymmetrically encrypt the second combination of strings to form a second encrypted ciphertext.
In some examples, the secure authentication device S public key may be generated upon registration on the cloud gateway.
In step S313, the receiving module S-1 may receive the first encrypted ciphertext and generate a target ciphertext combination based on the second encrypted ciphertext.
In some examples, the encryption module S-3 may segment the first encrypted ciphertext and the second encrypted ciphertext according to a certain rule, and then connect them together to form a complete ciphertext, i.e., a target ciphertext combination. In some examples, the secure authentication device S may combine the first encrypted ciphertext and the second encrypted ciphertext using a pound sign ("#") to obtain the target ciphertext combination.
In step S314, the security authentication apparatus S may combine the target cipher text on the blockchain as described above.
In some examples, the sending module S-4 may write the target ciphertext combination into a padding field for uplink in the blockchain to complete writing the target information into the blockchain. In some examples, the padding field may be a field that records uplink information. This enables the secure authentication device S to write the target ciphertext combination into the blockchain. In some examples, the target information may include identification, device information, and the like.
The utility model relates to an among the embodiment, before carrying out data transmission between the power terminal equipment D, need safety certification equipment S to carry out authentication to power terminal equipment D. For example, before the first power terminal device D1 transmits data to the second power terminal device D2, the security authentication device S may authenticate whether the first power terminal device D1 is legitimate.
The utility model relates to an among the embodiment, safety certification equipment S carries out authentication to power terminal equipment D and can include following step: the power terminal device D may transmit authentication information to the security authentication device S (step S321), the security authentication device S implementing authentication of the power terminal device D based on the authentication information and the encrypted device information obtained from the blockchain (step S322); after the authentication is successful, the power terminal device D transmits request content to the security authentication device S to realize the security authentication of the power terminal device D by the security authentication device S (step S323).
In step S321, as described above, the power terminal device D may transmit the authentication information to the security authentication device S.
In some examples, the power terminal device D may encrypt the authentication data and the like through the encryption module S-3 to obtain authentication information and transmit to the secure authentication device S through the transmission module S-4. In some examples, the authentication data may include identification and device information, among others. In this case, the security authentication device S can be made to effectively identify and distinguish the power terminal devices D.
In some examples, prior to step S321, the power terminal device D may negotiate a session key with the secure authentication device S. In some examples, the power terminal device D and the security authentication device S may encrypt and decrypt through a session key when performing data interaction. In some examples, the power terminal device D may encrypt the authentication data by the session key to obtain authentication information to transmit to the secure authentication device S. Therefore, the safe data interaction between the power terminal equipment D and the safety certification equipment S can be facilitated, and the identity certification of the power terminal equipment D by the subsequent safety certification equipment S can be facilitated.
In step S322, as described above, the secure authentication device S can achieve authentication of the power terminal device D based on the authentication information and the encrypted device information obtained from the blockchain.
In some examples, the secure authentication device S may receive authentication information and obtain authentication data therefrom. In some examples, the secure authentication device S may decrypt the authentication information to obtain authentication data therefrom and request content. In some examples, the secure authentication device S may decrypt the authentication information by a session key. Therefore, the authentication data can be obtained, and the safety authentication device S can conveniently perform identity authentication on the power terminal device D.
In some examples, the secure authentication device S may obtain identity data from the authentication data. In some examples, the identity data may refer to device information, i.e., area number, type number, and the like.
In some examples, the cryptographic module S-3 may obtain the first authentication data digest based on the authentication data. In some examples, the encryption module S-3 may generate the first authentication data digest based on the identity and device information in the authentication data and the second encryption algorithm.
In some examples, the cryptographic module S-3 may extract cryptographic device information from the blockchain based on the identity in the authentication data. In some examples, the encrypted device information may be a second digital digest, or the like.
In some examples, the security authentication device S may enable authentication of the identity of the power terminal device D by the security authentication device S by matching the first authentication data digest and the second digital digest.
In step S323, as described above, after the authentication is successful, the power terminal device D transmits the request content to the security authentication device S to realize data transmission between the power terminal devices D. In some examples, the request content may include an identification of other power terminal devices D to be transmitted by the power terminal device D, or the like. In this case, the security authentication device S may identify the power terminal devices D to be transmitted based on the identification to realize data transmission between the power terminal devices D.
In some examples, the power terminal device D may send the request content to the secure authentication device S encrypted with the session key. In some examples, the secure authentication device S may decrypt the request content with the session key and store it in its own database to enable data transmission between the power terminal devices D.
The utility model relates to an in the embodiment, in distribution thing networking 1, can carry out the safe transmission of data between the power terminal equipment D. For example, data transmission may be performed between the first power terminal device D1 and the second power terminal device D2. In some examples, the first power terminal device D1 may transmit the transmitted data to the security authentication device S, and the security authentication device S may verify the data transmitted by the first power terminal device D1 and, if the verification is passed, may transmit the data to the second power terminal device D2. The following describes in detail the procedure of data secure transmission between the power terminal devices D.
In this embodiment, the process of data transmission between the first power terminal device D1 and the second power terminal device D2 may include the following steps: the first power terminal device D1 may generate a target data packet from the target transmission data, encrypt the target data packet by using a fifth encryption algorithm to obtain a digital digest of the transmission data, and sign the digital digest of the transmission data by using a private key thereof to obtain a transmission data ciphertext (step S41); the first power terminal device D1 transmits the target data packet, the signed transmission data cipher text, and the data generation time stamp to the security authentication device S, and performs signature authentication (step S42); if the verification is passed, the security authentication device S may transmit the encrypted transmission data to the second power terminal device D2, and the second power terminal device D2 may decrypt the encrypted transmission data to obtain the target transmission data (step S43).
In some examples, in step S41, the first power terminal device D1 may generate the target transmission data into a target data packet based on the network communication protocol. In some examples, the target transmission data may include data information that the first power terminal device D1 wants to transfer to the second power terminal device D2. In some examples, the destination data packet may include identification of the first power terminal device D1, device information, and the like. Thereby, the subsequent verification by the security authentication device S can be facilitated. In some examples, the destination data packet may also contain relevant identity information (e.g., identification, device information, etc.) of the power terminal device D (the second power terminal device D2) that the first power terminal device D1 wants to transmit data. For example, the destination data packet may further include information such as an identification and device information of the second power terminal device D2. Thereby, it is possible to facilitate the subsequent security authentication device S to accurately transmit information to the second power terminal device D2.
In some examples, the first power terminal device D1 may encrypt the target data packet using a fifth encryption algorithm to obtain a digital digest of the transmission data. In some examples, the fifth encryption algorithm may be a SHA-2 encryption algorithm. In some examples, the first power terminal device D1 may sign a digital digest of the transmission data with its private key, resulting in a transmission data cipher text.
In some examples, in step S42, the first power terminal device D1 may send the target data packet, the signed transmission data cipher, and the data generation timestamp to the secure authentication device S. In some examples, the data generation timestamp may be generated by the first power terminal device D1 according to the time of data transmission. In some examples, the first power terminal device D1 may send information such as a destination data packet, a signed transmission data cipher, and a data generation time stamp to the security authentication device S in the same power distribution area.
In some examples, the secure authentication device S may broadcast information such as the received target data packet, the signed transmission data cipher text, and the data generation timestamp to other secure authentication devices S in the power distribution internet of things 1. In this case, any one of the security authentication devices S in the power distribution internet of things 1 may perform signature verification on information such as the target data packet, the transmission data ciphertext after signature, and the data generation timestamp sent by the first power terminal device D1. This can effectively improve the efficiency of verification. In some examples, the signature verification may refer to that the secure authentication device S decrypts the signed transmission data ciphertext based on the public key of the first power terminal device D1 to obtain a third digital digest of the transmission data, and compares the third digital digest with a fourth digital digest of the transmission data calculated by the secure authentication device S using a fifth encryption algorithm on the target data packet, and if the two digests are equal, it indicates that the data is not tampered (i.e., the data passes the verification). In some examples, if a certain security authentication device S obtains a verification result of signature verification, the security authentication device S may broadcast the obtained verification result to other security authentication devices S in the power distribution internet of things 1. In this case, the other security authentication device S can obtain the verification result.
In some examples, in step S43, the secure authentication device S may confirm whether to transmit the encrypted transmission data to the second power terminal device D2 according to the verification result. In some examples, if the verification passes, the secure authentication device S may transmit the encrypted transmission data to the second power terminal device D2. In some examples, the security authentication device S may obtain information such as an identity of the second power terminal device D2 from the target data packet. In this case, the encrypted transmission data may be obtained by encrypting the target data packet by the security authentication device S located in the same power distribution area as the second power terminal device D2 to the second power terminal device D2. In some examples, the second power terminal device D2 may decrypt the encrypted transmission data to obtain the target transmission data. In some examples, the encryption and decryption of the secure authentication device S and the power terminal device D is based on a session key negotiated therebetween. Thereby, information transmission between the power terminal devices D can be realized.
While the present invention has been described in detail in connection with the drawings and examples, it is to be understood that the above description is not intended to limit the invention in any way. The present invention may be modified and varied as necessary by those skilled in the art without departing from the true spirit and scope of the invention, and all such modifications and variations are intended to be included within the scope of the invention.