CN100568664C - Power monitoring information security access device - Google Patents
Power monitoring information security access device Download PDFInfo
- Publication number
- CN100568664C CN100568664C CNB2006101124539A CN200610112453A CN100568664C CN 100568664 C CN100568664 C CN 100568664C CN B2006101124539 A CNB2006101124539 A CN B2006101124539A CN 200610112453 A CN200610112453 A CN 200610112453A CN 100568664 C CN100568664 C CN 100568664C
- Authority
- CN
- China
- Prior art keywords
- access device
- power monitoring
- safe access
- data
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 117
- 230000005540 biological transmission Effects 0.000 claims abstract description 25
- 238000012545 processing Methods 0.000 claims abstract description 11
- 230000006835 compression Effects 0.000 claims abstract description 10
- 238000007906 compression Methods 0.000 claims abstract description 10
- 238000006243 chemical reaction Methods 0.000 claims abstract description 8
- 230000006870 function Effects 0.000 claims description 25
- 238000000034 method Methods 0.000 claims description 6
- 230000003044 adaptive effect Effects 0.000 claims description 4
- 230000007246 mechanism Effects 0.000 abstract description 7
- 238000004519 manufacturing process Methods 0.000 abstract description 4
- 238000004458 analytical method Methods 0.000 abstract description 3
- 230000005611 electricity Effects 0.000 description 22
- 238000004891 communication Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 230000004044 response Effects 0.000 description 5
- 238000010276 construction Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 4
- 230000001105 regulatory effect Effects 0.000 description 4
- 238000012546 transfer Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 2
- 239000003795 chemical substances by application Substances 0.000 description 2
- 238000013480 data collection Methods 0.000 description 2
- 238000013508 migration Methods 0.000 description 2
- 230000005012 migration Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 235000007926 Craterellus fallax Nutrition 0.000 description 1
- 240000007175 Datura inoxia Species 0.000 description 1
- 241000196324 Embryophyta Species 0.000 description 1
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 1
- 241001441724 Tetraodontidae Species 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000009514 concussion Effects 0.000 description 1
- 238000007596 consolidation process Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 230000007087 memory ability Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000007639 printing Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
- 238000010977 unit operation Methods 0.000 description 1
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The power monitoring information gathering that the present invention relates to a kind of power monitoring information security access device and comprise this safe access device with report and submit system, this safe access device is connected between electric power enterprise information system and the power monitoring information system, comprise the data acquisition interface system, core subsystem and data transmission interface system, the data of gathering are sent into the core subsystem by the data acquisition interface system, through data integrity check, buffer memory, format conversion, encrypt, after the compression and the processing of digital signature by data transmission interface system via Network Transmission to the power monitoring information system.By the present invention, electric power enterprise and power scheduling mechanism of exchange will be relevant with power monitoring production, management data safety in time be transferred in the power monitoring information system reliably, power supply power regulator realizes inquiry, statistics, the analysis and decision of each place electric power relevant information, thereby realizes in time, non-at-scene supervision efficiently.
Description
Technical field
The present invention relates to information gathering, transmission field, be specifically related to a kind of information gathering and the safe access device of reporting and submitting in the system that can realize the power information supervision.
Background technology
Along with China's rapid economy development, imbalance between power supply and demand obviously aggravates, and in order further to deepen power system reform, strengthens power construction and management, guarantees supply of electric power safety, need improve the construction of power monitoring system in a hurry.
Then variation and a large amount of newly-built generating set to the power supply and demand situation puts into operation in succession, and electric power safety production will be faced with new challenges.According to " State Council is about printing and distributing the notice of power system reform scheme " ([2002] No. 5 literary compositions of promulgated by the State Council) spirit, cancel former State Power Corporation, set up two big grid company (State Grid Corporation of China and China Nanfang Grid Co., Ltd) and five companies of big electricity power group, set up State Electricity Regulatory Commission, as the Institutions Directly under the State Council, be responsible for national power monitoring work, exercise the electric power administrative law-enforcing function.In order to exercise the power monitoring function conscientiously, improve supervision level and supervisory efficiency, the power monitoring means must adapt with the power industry IT application level, therefore, build the power monitoring information system information of nationwide integrated power grid company, company of electricity power group and Electricity Monitoring Commission is carried out unified management, become a requisite selection of horn of plenty power monitoring means, reinforcement power monitoring dynamics.
Along with China transferring electricity from the west to the east, north and south mutually for the deepening continuously of, on national network strategy implementation, new electric power project is constantly gone into operation, the contact between each province and the regional power grid is tight day by day.In network configuration under the weak and new unsettled situation of operation unit operation of part, in case problems such as big unit fault trip or net factory be inharmonious occur, cause big power grid accident easily, bring massive losses to national economy.
Because its basic and shared property characteristics, power industry is huge to the influence of national economy.The small adjustment of electricity price just may cause the jumbo concussion of high power consumption industrial enterprise economic benefit; The power outage of burst may bring enormous economic loss to industrial enterprise; Even the sudden change of voltage, electric current, also might damage the high precision instrument and equipment, cause economic loss.
Therefore, build the power monitoring information system, the guarantee electric power safety is produced, help guaranteeing people's normal life, help safeguarding the normal operation of national industry and government utility, help guaranteeing the national economy sustainable development, help safeguarding national security, maintain social stability unity is significant for building a Harmonious Society.
The power monitoring cause be one have no precedent to go by, work that novelty is high, information gathering of the present invention with report and submit system under the demand background, to propose.In following statement, information gathering with report and submit system also to be known as the power monitoring information system.
Summary of the invention
(1) technical problem that will solve
The purpose of this invention is to provide a kind of power monitoring information security access device, be connected between electric power enterprise information system and the power monitoring information system, make each electric power enterprise information to integrate, break through the technical bottleneck of building the power monitoring information system.Application of the present invention can be a core with the power monitoring business, obtain and be treated to the basis with power monitoring information, information security is for ensureing, constructing function is perfect, rational in infrastructure, advanced technology, management regulation, safe and reliable, flexible practicality, cover the whole nation, relate to generating, each important step of transmitting electricity, power, support for regulator of State Grid provides decision support and business function, for electric power enterprise and the public provide the supervision information service.
(2) technical scheme
The invention provides a kind of safe access device, be connected between electric power enterprise information system and the power monitoring information system, described power monitoring information system has information collecting server, this safe access device comprises the data acquisition interface system, core subsystem and data transmission interface system, the data of gathering are sent into the core subsystem by the data acquisition interface system, through data integrity check, buffer memory, format conversion, encrypt, after the compression and the processing of digital signature by data transmission interface system via Network Transmission to power monitoring information system information collecting server.
Wherein, this safe access device the various adaptive collection agencies of described electric power enterprise information system deploy, is delivered to described safe access device by described collection agency with the data of gathering based on agency-host computer pattern.
Wherein, this safe access device possesses the function of information gathering policy configurations, security strategy configuration, routing policy configuration, ipsec security transmission tunnel, facility registration authentication, daily record and equipment state report.
In addition, the present invention also provides a kind of and comprises the power monitoring information gathering of aforementioned safe access device and report and submit system, this system also comprises the electric power enterprise information system, the power monitoring information system, management and watch-dog, wherein said power monitoring information system has information collecting server, described power monitoring information system information collecting server is used for receiving the information that safe access device is gathered from the electric power enterprise information system, management and watch-dog are used for the information gathering of unified management safety access device, safety, network router strategy based thereon realizes the unification of safety access device running status is monitored in real time simultaneously.
(3) beneficial effect
By the present invention, electric power enterprise and power scheduling mechanism of exchange will be relevant with power monitoring production, management data safety in time be transferred in the power monitoring information system reliably, power supply power regulator can realize inquiry, statistics, the analysis and decision of each place electric power relevant information, thereby realizes in time, non-at-scene supervision efficiently.
Description of drawings
Fig. 1 is information gathering of the present invention and reports and submits system architecture figure;
Fig. 2 is the fundamental diagram of the safe access device of system of the present invention;
Fig. 3 is the general frame figure of safe access device in the power monitoring information system;
Fig. 4 is the system construction drawing of safe access device of the present invention;
Fig. 5 is a system assumption diagram of using Access Layer;
Fig. 6 is the XML data exchange mode;
Fig. 7 is based on the structure chart of the information envelope in the packet that XML describes;
Fig. 8 is the workflow diagram of system of the present invention.
Embodiment
Following examples only are used to illustrate the present invention, are not used for limiting protection scope of the present invention.
Information gathering of the present invention and the system assumption diagram of reporting and submitting system are as shown in Figure 1.
In Fig. 1, from laterally, according to supervised entities' type and the supervision information attribute that obtains, can be the power monitoring information gathering be divided into two aspects on the system architecture architecture logic with reporting and submitting: the upper strata mainly is that the credible interconnection layer of unifying door by power monitoring between our department of Electricity Monitoring Commission and each general headquarters of Utilities Electric Group Co. then is the safe access between agency of Electricity Monitoring Commission and all kinds of electric power enterprise.Require the regulation of all kinds of electric power enterprises according to " power monitoring regulations " and auxiliary law thereof, the information system that enterprise is relevant with power monitoring inserts the power monitoring information system, realizes the non-at-scene supervision of power monitoring mechanism to electric power enterprise.
From vertically, the power monitoring data acquisition with report and submit system of systems can be divided into three grades: power monitoring data collection layer, electricity prison office data branch center, zone and data center of our department of Electricity Monitoring Commission.Deployment secure access device in electric power enterprise realizes that the safety of power monitoring information is gathered; Electric prison office sets up data sub-central in the zone, realizes the centralized stores of regional power monitoring information; Set up data center in our department of State Electricity Regulatory Commission, the power monitoring information that each regional power monitoring mechanism is gathered transfers to data center of Electricity Monitoring Commission after treatment, thereby realizes the centralized stores of power monitoring data and share.
From the above, can be divided into safe access device, collection server and types such as management and watch-dog with the power monitoring information gathering with reporting and submitting the relevant capital equipment of system.Wherein, safe access device is used for the information system security relevant with power monitoring of electric power enterprise is linked into the power monitoring information system, gathers the required various information of power monitoring work in good time; Collect department server and be deployed in agency of Electricity Monitoring Commission and our department of Electricity Monitoring Commission, be used to receive the power monitoring information that peace people access device is gathered; Management and watch-dog are deployed in our department of Electricity Monitoring Commission or the agency, and the unification that is used for unified management safety access device running status is monitored in real time.
In the said equipment, safe access device is used for directly and the electric power enterprise information system is joined, and amount is wide, be power monitoring information gathering and the key of reporting and submitting system's construction, therefore, the operation principle of the safe access device of following foundation proposes the parameters and the requirement of this equipment, in order to the research and development of this equipment of standard.
The operation principle of safe access device as shown in Figure 2.
Safe access device the various adaptive collection agencies of the information system database server deploy relevant with power monitoring of electric power enterprise, is delivered to safe access device to data by gathering the agency based on agency's----main frame computation schema.
Safe access device is at first the power monitoring information cache that is received, after finishing the integrity check of institute's image data according to power monitoring information gathering index, converting unified power monitoring information coding and transformat to, digital signature is carried out to it in the compression back, delivers to network at last and once is transferred to backstage collection server from escape way.Functional modules such as the configuration of the configuration of power monitoring information gathering strategy, the configuration of security strategy, routing policy, IPSEC safe transmission tunnel, facility registration authentication, daily record and equipment state report have constituted the function support system of safe access device together.
Network security inserts part
The network security access device is one of major function of safe access device, is to realize power monitoring information gathering and the basis of reporting and submitting system's access and data acquisition.
Utilize safe access device can realize the access of multiple network form, as private network access, public network access etc.
System provides the safety guarantee function of high reliability, and information security all is very necessary for evading the supervision risk, safeguarding by the supervision holding of a unit.The safety guarantee of safe access device requires to be mainly reflected in aspects such as authentication, data encrypting and deciphering, integrity check, and has the characteristics with the existing safety supports platform compatibility of State Electricity Regulatory Commission.
In addition, the power monitoring information gathering is a nationwide network service system with reporting and submitting system, system's operational management scale has the advantages that scope is wide, the access device amount is big, therefore, one efficiently whole network equipment centralized operation maintenance system be a major function requirement of system.For this reason, the power monitoring information gathering with report and submit system that patterned plant maintenance and the whole network state dynamic monitoring are provided, to the maintenance of network, the instrument that system upgrade upgrades and maintenance provides dress to liquefy of equipment, to guaranteeing the continual and steady operation of safe access device, to whole power monitoring information gathering with report and submit the efficient organic management of system that specialized basic platform is provided.
Part of data acquisition
This part mainly refers to obtain production, the management information relevant with power monitoring from the information system relevant with power monitoring, simultaneously acquired information is imported data center.Bring potential safety hazard for quilt supervision unit information system for avoiding because the supervisor directly visits by supervision unit information system database, require to obtain information needed by the indirect safety of this equipment by supervision unit deployment secure access device.
The data acquisition function of safe access device mainly comprises data migration and processing, transfer of data, data centralization three parts.
Data migration and processing, it mainly is requirement according to power monitoring data-interface standard, from being obtained the business datum relevant the supervision unit information system with power monitoring, and the data that get access to are delivered in the data buffer area of safe access device, and then these data are carried out operations such as data encryption, compression, integrity check.
Transfer of data, mainly be meant based on suitable network connection, host-host protocol and data format (as XML etc.), safe access device by being deployed in electric power enterprise and be deployed in the collection server of regional power monitoring mechanism, the packet through processing such as encryption, compression and integrality mark in the data acquisition reconciled data buffer area is sent to regional power monitoring mechanism, and accordingly it is carried out depositing each regional power monitoring organization data center in behind decompress(ion), data decryption, the integrity check.
Data centralization, mainly be meant based on the power monitoring network infrastructure, with suitable host-host protocol, data format, under the situation that guarantees the transmission data security, in the heart data in each regional power monitoring organization data are sent to the power monitoring data center of our department of State Electricity Regulatory Commission, realizing concentrating of power monitoring data, at first statistics, analysis, decision-making work on national aspect provides the support of comprehensive power monitoring information.
The power monitoring information system will be supervised the electric power enterprise that is distributed in the whole nation, because the independence of each electric power enterprise system, all there be a sets of data storehouse and the data format of oneself in possible each system, this has just caused the data between system to share, data silo appears, we have and the system of each electric power enterprise can not be unified, therefore safe access device is when solving each electric power enterprise supervision information implementation data access, must carry out data fusion efficiently, solve the reunification and the data sharing problem of data in the heterogeneous system.
In solving heterogeneous system aspect the problem of uniform data and data sharing, safe access device system adopts based on the XML message-switching technique, realizes the unified information access and the information exchange of isomery information system.
Safety guarantee
Because power information is the key message that is related to national economy, so information security all is very necessary for evading the supervision risk, safeguarding by the supervision holding of a unit.The safety guarantee of safe access device requires to be mainly reflected in aspects such as identification authentication authentication, data encrypting and deciphering, integrity check, and compatible mutually with Electricity Monitoring Commission existing safety supports platform.
Safe access device is positioned on the border of electric power enterprise information network and power monitoring Access Network, in order to realize the credible interconnection of power monitoring private network and electric power enterprise information network, require safe access device to have and to prevent the security network management function that illegal network connects, possess the network address translation function of difference between the shielding different IP addresses coding scheme.
Safe access device possesses the static routing function, support at least simultaneously 0SPF (OpenShortest Path First, RFC2328), RIP (Routing InformationProtocol, RFC1058) two kinds of dynamic routing protocol.
Aspect network carrying business expansion ability, safe access device possesses the ability that various network services is supported in expansion, possesses QoS (Ouality of ServiceRFC2676,2386) function.
Aspect the physical security standard, safe access device has the physical locks function, and electromagnetic exposure meets the relative national standards standard.
Aspect Network Transmission channel security standard, based on IPSec (IP Security, RFC1829,2406,1828,2402,2401,2104,2085,2410,2411,2412,2451,2403,2404,2405,2406,2407,2408,2409,2857,3526,3554,3566,3602,3664,3686,3706,3715,3947,3948) safe practice realizes that safe access device and power monitoring insert the fail safe of the network connection of setting up for transferring electric power supervision information between the data collection server, the existing safety supports system compatibility of implementation and power monitoring information system, cryptographic system adopts the approval of national password committee, cryptographic algorithm with independent intellectual property right, possess the ability that is configured according to demand for security, make the security path can the passing through NAT gateway simultaneously.
Aspect facility registration authentication standard, safe access device adopts the device certificate system to verify its legitimacy, and the facility registration process is compatible mutually with the Electricity Monitoring Commission security infrastructure.
Aspect digital signature and daily record standard, the power monitoring information of being gathered through the safety access device adopts diploma system that information is signed, and this digital signature of daily record.
According to above-mentioned systemic-function, the system configuration of safe access device as shown in Figure 4.Wherein hardware platform partly provides the application system of technical grade, adopts the chip series based on Intel or AMD.Operating system adopts popular mainstream operation system at present, comprises Windows series, Linus series and FreeBSD and OS/2 etc.IPSec VPN layer is the core key stratum of safe access device, network VPN application foundation based on IPSec is provided, system provides the support of all IPSec at present, provides based on the data encryption technology of DES, 3DES, AES, BlowFish, NULL-ESP scheduling algorithm with based on the data detection technology of MD5, SHA1 algorithm.
The application Access Layer of being responsible for the XML information exchange is to realize all and power monitoring information gathering and the access key of reporting and submitting the relevant isomeric data of system, and the architecture of this application Access Layer as shown in Figure 5.
Based on the information service layer message-switching technique of XML, meet the international standard that ecommerce is generally acknowledged, simplified the hierarchical structure of application protocol, the condition of unified access, unified application and unified management is provided for the safety access device.Information exchange principle wherein is: with different user, use different system, service request and response message by different communication circuit and service provider that communication protocol sends to are converted into unified information format, request and response message with service end also is converted to unified information format simultaneously, like this, if service request between user terminal and the service provider and response message are realized user and service end coupling by an information exchange mechanism, under the prerequisite that does not directly provide user terminal to arrive complicated network connection of service end and communication protocol, can realize that user side visits different service ends by uniline, service end also provides service by uniline for different user, realizes the transparent service of user to the Any-to-Any of service provider.
The XML data exchange mode as shown in Figure 6.As can be seen from Figure 6, the Design Mode of exchanges data has increased IAD and gateway, thereby the whole application system pattern is expanded to five-layer structure by three-decker, it is client, terminal inserts, information exchange, application proxy and service layer, make that each service system does not need to be used for different application and to require to set up various communication systems for satisfying difference, the information processing system of agreement, and only need insert Data Exchange Platform according to a kind of uniform communication agreement by a unified circuit, just can be for various terminal systems provide the types of applications service, response user's various requests.Same, terminal system does not need the communication system by special use in order to obtain certain service yet, only need insert switching plane, the service that the service system that just can meet with a response easily provides according to common communication system easily.Really accomplish the notion of " some access, the whole network service " of the user's request of power monitoring information system.
The data that are described by XML can form general form and unified interface and exchange and represent: the data of homology are not packaged in the XML packet, these data are surrounded by unified data packet head, and they have comprised a lot of processing parameters and in order to carry out the description of the special field that safety and transaction prepare.The structure of the packet of describing based on XML (iSML) of Data Exchange Platform is as follows:
| The information envelope | Business datum |
Wherein information envelope (Envelop) data cell is the information head that all comprises in all iSML packets, is referred to as the information envelope.It represents the attribute of the information that each transmits in information exchange platform.The information exchange of information exchange platform mainly is to determine the source and the purpose of information according to the information envelope in the iSML packet, and carries out information exchange and handle.
The structure of information envelope as shown in Figure 7.Information attribute when the information exchange platform envelope is illustrated in information and number changes platform and carry out message transmission.It comprises the following information content:
Information type (ActivityType)---information type is divided three classes: administrative class (Administration), inquiry class (Inquery), transaction thunder (Transaction) information.Information exchange platform is handled according to different information types when information is handled.
Source service ID (SourceID)---SourceID is ID number of platform of solicited message transmit leg.
Place service ID (DestinationID)---DestinationID is platform ID number of final reciever of solicited message.
Service serial number (TransmissionID)---service serial number is used to indicate the request of a service and reply.In a pair of service request with in replying, the service serial number should be identical.That is to say that service end should be replied according to requesting party's service serial number when the answer service request.
Version number (Version)---version of presently used data definition (DTD) file represented.
Session number (SessionID)---be illustrated in the session sign in the service processing of session-oriented.
The date (DateOfServICE) is initiated in service--and-expression service produces the date.
Service initiation time (TimeOfServICE)---expression service generation time.
Service type (ServICEType)--the type of-expression service comprises exchange of management service, alert service, information service, management, system information etc.
Different business function in certain class service of functional category (CommandType)---expression, for example locating information, SMS notification, GIS inquiry etc.
When carrying out integrated information service in electric power enterprise information monitoring information system, different service systems is different with the needed business datum of service object, and different applied business has different Service Data Units in XML.Different business datum and the Envelope among the XML are arranged side by side, Envelope and concrete independent of service, and different business datums is just relevant with concrete business.Can define different business datum marks (TAG) as required, according to the increase of business, only needing increases the corresponding business tag definitions, can expand the traffic handing capacity of switching plane system easily.
The general frame of safe access device in the power monitoring information system as shown in Figure 3, as shown in Figure 3, safe access device system can be divided into following subsystem: core subsystem, data acquisition interface system, data transmission interface system and operating system, wherein operating system comprises that (SuSE) Linux OS and IPSec VPN support.
IPSec VPN development platform provides the enterprise and the application platform of Virtual Private Network service, and platform provides various management interfaces, secure processing interface, runnable interface.The safe handling assembly that while develops according to the interface standard of system on this platform, we are referred to as security engine SE (Security Engine).IPSec VPN development platform also includes FW (fire compartment wall), PF (packet filtering), AUTH SE such as (authentications) simultaneously, and perfect, comprehensive network insertion service and safety guarantee are provided.
In addition, safe access device is also supported gui management.The function that the gui management device that is adopted can provide configuration operation and state to show to every function of system platform and its support has good stable.The all settings of system can be finished under the graphical interfaces intuitively, and the user can carry out brand-new visualized management and configuration.
★ supports keeper's classification
Gui management person user: adm
GUI auditor user: admview
Situ configuration administrator: sadm
Situ configuration auditor user: sadmview
Wherein situ configuration keeper sadm and interface management person adm can not login simultaneously, and when adm user signed in on the gui management interface, situ configuration keeper can only check configuration with sadmview user, and sadmview can not revise configuration.
★ supports centralized management
Safe access device has the function of the centralized management supported, has dual mode to realize.A kind of mode is by management software in the centralized manager and the agent software communication in the equipment, realizes centralized configuration and operation to a plurality of safe access devices.All be also must set up the tunnel under the situation of dynamic IP addressing at the VPN that sets up the tunnel both sides by centralized manager.Can also realize issuing and exchanging of safety certificate by centralized manager.
Another kind of mode be by the VPN centralized manager set up with a plurality of safe access devices that need management between be connected, realization is to the centralized configuration and the operation of a plurality of safe access devices.VPN centralized manager software available chart is the operating state of the safe access device of reflection in real time, and supports telemanagement.
★ two-node cluster hot backup function
Safe access device can provide the two-node cluster hot backup function, when in running order safe access device breaks down, Status of Backups safety access device will automatically switch to operating state, replace the failure safe access device and will carry out work, to guarantee the normal use of network.Handoff procedure does not need manual operation, need be except that the participation of other system two safe access devices yet.
★ supports the QOS Bandwidth Management
Webmaster is according to the situation of utilizing of Internet resources, and the Internet resources of the LAN network segment of equipment protection are carried out up, downlink transfer control, realizes allotment and management on the macroscopic view.
Safe access device is implemented the current operating state of circular collecting device and is given the power monitoring management platform after operate as normal, thereby assurance power monitoring platform can implement to monitor the present running status of collecting device.
In order to realize the manageability of safe access device, equipment should possess the unified configuration feature of network strategy, security strategy, data acquisition strategy.
The data acquisition standard mainly shows following 7 aspects:
1, gathers the agency
Be deployed in power monitoring relevant information system in collection agency should meet following standard:
1) type of database of the adaptation data server of disposing;
2) do not endanger the stability and the fail safe of the information system relevant with power monitoring;
3) according to the relevant data acquisition strategies in the safe access device, the data content that comes concrete decision to gather;
4) data acquisition strategy decision agent acquisition content;
5) performance impact to institute's connecting system should not surpass 10%.
2, metadata cache
Safe access device should have the buffer memory ability, and its standard is as follows:
1) should possess the storage capacity that the Information Monitoring of at least 24 hours institutes is all measured;
2) data in the buffer memory have the recovery capability after equipment restarts.
3, completeness check
The completeness check standard of institute's image data is as follows:
The data of being gathered must satisfy each other index integrity constrains of level.
4, format conversion
The standard of format conversion is as follows:
Use XML (Extensible Markup Language, RFC1766) technology;
2) adapt to the data type of the data acquisition standard defined of holding power;
3) possesses the ability of numerous types of data being carried out extended description.
5, compression
All image data are all compressed processing after being converted to consolidation form, standard is as follows:
1) has configurable compression efficiency;
2) compressed file format should be compatible mutually with the Digital Signature Algorithm that this equipment is adopted.
6, digital signature
The digital signature standard is as follows:
1) signature algorithm that is adopted is the algorithm of the relevant authorities of house keeper identification;
2) generation of signature key, selection and use pattern meet relative national standards and regulation;
3) signature algorithm should have security infrastructure compatibility mutually now with Electricity Monitoring Commission.
7, transmission
Power monitoring information must adopt the security path transmission that is made of this equipment and back-end data reception server, seals safety and network route request that the dress form meets transmission channel.
The workflow of power monitoring information system as shown in Figure 8.
Step S1, the Agent that is installed in the power information system gathers supervision information, the information after the format, subsidiary CRC check sign indicating number sends to safe access device in real time by local area network (LAN);
Step S2, safe access device is received information, and carries out validity check, and error correction;
Step S3, safe access device is with the metadata cache local hard drive;
Step S4, safe access device format the data that receive simultaneously according to power monitoring systematic unity data format;
Step S5 adopts compression algorithm to compress formatted data;
Step S6 adopts the PKI technology to carry out digital signature;
Step S7 sends to the data after handling the power monitoring information system of supervision center.
In the present embodiment, be applicable to that Utilities Electric Group Co., large regional grid control centre, regional electricity market, popularity company, provincial control centre insert in the relevant information system of power monitoring, its main hardware index is as follows:
CPU:1~2 intel is to strong or AMD Opteron
Internal memory: 1024~2048M
Hard disk: 73.4~146.8G SCSI hard disk
Network interface card: 3 100Mbps Ethernet cards
Power supply: duplicate supply, 1+1 redundancy
Be applicable to that the single electric power enterprise information system relevant with power monitoring inserts, its main hardware index is as follows:
CPU:1~2 an intel P4 or AMD Opteron
Internal memory: 1024M
Hard disk: 73.4SCSI hard disk
Network interface card: 3 100Mbps Ethernet cards
Though the present embodiment statement is power monitoring information system and safe access device wherein; but those skilled in the art can apply it to other field solving data acquisition, transmission requirement, so all relevant expansions of carrying out on the basis of present embodiment of those skilled in the art and use the protection range that all should fall into the application.
Claims (10)
1, a kind of safe access device is connected between electric power enterprise information system and the power monitoring information system, and described power monitoring information system has information collecting server, it is characterized in that.
This safe access device comprises data acquisition interface system, core subsystem and data transmission interface system, the data of gathering are sent into the core subsystem from described electric power enterprise information system by the data acquisition interface system, through after the processing of data integrity check, buffer memory, format conversion, encryption, compression and digital signature by data transmission interface system via the information collecting server of Network Transmission to described power monitoring information system.
2, safe access device as claimed in claim 1, it is characterized in that: this safe access device is based on agency-host computer pattern, the various adaptive collection agencies of described electric power enterprise information system deploy, the data of gathering are delivered to described safe access device by described collection agency.
3, safe access device as claimed in claim 1 is characterized in that: this safe access device possesses the function of information gathering policy configurations, security strategy configuration, routing policy configuration, ipsec security transmission tunnel, facility registration authentication, daily record and equipment state report.
4, safe access device as claimed in claim 1 is characterized in that: this safe access device adopts the message-switching technique based on XML to realize described format conversion.
5, as the described safe access device of one of claim 1 to 4, it is characterized in that: this safe access device is supported gui management, the two-node cluster hot backup function can be provided and support the QOS Bandwidth Management.
6, a kind of power monitoring information gathering with report and submit system, comprise the electric power enterprise information system, safe access device, the power monitoring information system, management and watch-dog, wherein said power monitoring information system has information collecting server, described information collecting server is used to receive the information that safe access device is gathered from described electric power enterprise information system, management and watch-dog are used for the information gathering of unified management safety access device, safety, network router strategy based thereon, realize simultaneously the unification of safety access device running status is monitored in real time, it is characterized in that:
Described safe access device comprises data acquisition interface system, core subsystem and data transmission interface system, the data of gathering are sent into the core subsystem from described electric power enterprise information system by the data acquisition interface system, through after the processing of data integrity check, buffer memory, format conversion, encryption, compression and digital signature by data transmission interface system via Network Transmission to described information collecting server.
7, power monitoring information gathering as claimed in claim 6 with report and submit system, it is characterized in that: described safe access device is based on agency-host computer pattern, the various adaptive collection agencies of described electric power enterprise information system deploy, the data of gathering are delivered to described safe access device by described collection agency.
8, power monitoring information gathering as claimed in claim 6 with report and submit system, it is characterized in that: described safe access device possesses the function of the configuration of information gathering policy configurations, security strategy, routing policy configuration, ipsec security transmission tunnel, facility registration authentication, daily record and equipment state report.
9, power monitoring information gathering as claimed in claim 6 with report and submit system, it is characterized in that: described safe access device adopts the message-switching technique based on XML to realize described format conversion.
10, as the described power monitoring information gathering of one of claim 6 to 9 with report and submit system, it is characterized in that: described safe access device is supported gui management, the two-node cluster hot backup function can be provided and support the QOS Bandwidth Management.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101124539A CN100568664C (en) | 2006-08-18 | 2006-08-18 | Power monitoring information security access device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101124539A CN100568664C (en) | 2006-08-18 | 2006-08-18 | Power monitoring information security access device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101127454A CN101127454A (en) | 2008-02-20 |
| CN100568664C true CN100568664C (en) | 2009-12-09 |
Family
ID=39095415
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006101124539A Expired - Fee Related CN100568664C (en) | 2006-08-18 | 2006-08-18 | Power monitoring information security access device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100568664C (en) |
Families Citing this family (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102148827B (en) * | 2011-02-11 | 2013-12-18 | 华为数字技术(成都)有限公司 | Security event management method, device and security management platform |
| CN102158381A (en) * | 2011-02-25 | 2011-08-17 | 上海许继电气有限公司 | Dual-mode network data acquisition device in smart grid and network data acquisition system |
| CN102289851A (en) * | 2011-09-08 | 2011-12-21 | 长沙中联重工科技发展股份有限公司 | Method and device for processing production process data information |
| CN103051054A (en) * | 2011-10-14 | 2013-04-17 | 无锡天鸿信息技术有限公司 | Control system for centralized management of urban public electric terminals |
| CN103051055B (en) * | 2012-10-31 | 2014-12-31 | 国网电力科学研究院 | Convergence controller |
| CN103020157A (en) * | 2012-11-23 | 2013-04-03 | 山东电力集团公司 | High-reliability real-time file generation method spanning physical isolation |
| CN103532700A (en) * | 2013-09-25 | 2014-01-22 | 国家电网公司 | Communication message encryption and decryption model of electricity consumption information collecting system |
| CN103763301B (en) * | 2013-10-31 | 2017-06-13 | 广东电网公司电力科学研究院 | A kind of system and method for use ppp protocol encapsulations IPsec frame structures |
| CN104135475B (en) * | 2014-07-18 | 2017-05-24 | 国家电网公司 | Safety protection method of electric power information for mobile Internet |
| CN104468310A (en) * | 2014-11-14 | 2015-03-25 | 国家电网公司 | Power communication system and method |
| US10216742B2 (en) * | 2015-08-28 | 2019-02-26 | Honeywell International Inc. | Converting data sets in a shared communication environment |
| CN105046157A (en) * | 2015-09-24 | 2015-11-11 | 国家电网公司 | Information safety system of smart power grid |
| CN105373891A (en) * | 2015-11-17 | 2016-03-02 | 国家电网公司 | Smart grid data management and transmission system |
| CN105574201B (en) * | 2016-01-05 | 2019-05-31 | 卡斯柯信号有限公司 | Data format and file memory method based on real-time data collection feature |
| CN106649032A (en) * | 2016-10-21 | 2017-05-10 | 郑州云海信息技术有限公司 | Monitoring data processing scheme of privatized cloud platform |
| CN107370762A (en) * | 2017-09-04 | 2017-11-21 | 安徽爱她有果电子商务有限公司 | A kind of network information security supervisory systems based on computer communication |
| CN108304529B (en) * | 2018-01-26 | 2022-03-15 | 贵州联科卫信科技有限公司 | Cloud mode-based data decoding method for medical inspection equipment |
| CN108683549A (en) * | 2018-06-08 | 2018-10-19 | 湖北鑫英泰***技术股份有限公司 | A kind of network security applied in electric power monitoring system monitors system |
| CN110278127B (en) * | 2019-07-02 | 2020-12-01 | 成都安恒信息技术有限公司 | Agent deployment method and system based on secure transmission protocol |
| CN111556093A (en) * | 2020-03-27 | 2020-08-18 | 天津市普迅电力信息技术有限公司 | Multifunctional edge Internet of things agent device for power grid information acquisition |
| CN112887265B (en) * | 2020-12-31 | 2024-03-26 | 浙江远望信息股份有限公司 | Access method for preventing unregistered terminal from being falsified into legal communication under NAT |
| CN114598492A (en) * | 2021-12-22 | 2022-06-07 | 航天信息股份有限公司 | System and method for co-acquiring and sharing data |
| CN116827488B (en) * | 2023-08-30 | 2024-01-05 | 广东电网有限责任公司东莞供电局 | Power data transmission control method and device based on block chain and storage medium |
-
2006
- 2006-08-18 CN CNB2006101124539A patent/CN100568664C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN101127454A (en) | 2008-02-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100568664C (en) | Power monitoring information security access device | |
| WO2021203733A1 (en) | Power edge gateway device and device-based sensor data uplink storage method | |
| CN110445827B (en) | Security management method and security system of sensor network based on distributed account book technology | |
| CN112600892B (en) | Block chain equipment and system for Internet of things and working method | |
| Yang et al. | Virtual private cloud based power-dispatching automation system—Architecture and application | |
| US9967235B2 (en) | Systems and methods for managing advanced metering infrastructure | |
| CN103227797A (en) | Distributive management system of information network security for power enterprises | |
| CN109660340A (en) | A kind of application system and its application method based on quantum key | |
| CN114281790B (en) | Multi-type load resource aggregator access system and method | |
| CN116389105B (en) | Remote access management platform and management method | |
| CN114357473A (en) | Virtual power plant aggregation and distributed regulation and control system and method based on block chain | |
| Qiang et al. | Mine consortium blockchain: the application research of coal mine safety production based on blockchain | |
| CN106992916A (en) | A kind of electric power dispatching system and implementation method based on virtual private cloud | |
| Zhao et al. | Research on data security model of environmental monitoring based on blockchain | |
| CN202353815U (en) | GIS short message power grid service system | |
| Malik et al. | An approach to secure mobile agents in automatic meter reading | |
| CN108712291A (en) | One kind being based on the encrypted power communication signal transmission systems of TLS | |
| Litvinov et al. | A cloud-hosted synchrophasor data sharing platform | |
| CN110428215B (en) | Intelligent robot data information mutual interaction safe and reliable transmission handling method and system | |
| Durgvanshi et al. | Byzantine fault tolerance for real time price in hierarchical smart grid communication infrastructure | |
| Sidhartha et al. | Secure and Fault-tolerant Advanced Metering Infrastructure | |
| Li et al. | A novel electricity marketing model integrating intelligent disaster-recovery system | |
| Yan et al. | Blockchain-based reliable collection mechanism for smart meter quality data | |
| Liu et al. | Power log partition collection and storage system based on alliance blockchain | |
| Dang et al. | Power Business Data Sharing System Based on Blockchain and Cryptography Technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: BEIJING GUOZHIHENG POWER MANAGEMENT TECHNOLOGY GRO Free format text: FORMER NAME: BEIJING GUOZHIHENG POWER CONTROL TECHNOLOGY CO., LTD. |
|
| CP03 | Change of name, title or address |
Address after: 100192 Beijing City, Haidian District Bao Sheng Qing Fang end Park 8 Building 4 layer 401 and 5 layer 501 Patentee after: BEIJING GUOZHIHENG POWER MANAGEMENT TECHNOLOGY GROUP Co.,Ltd. Address before: 100088 Beijing City, Haidian District Zhichun Road Jinqiu International Building 8 Patentee before: Beijing Guozhiheng Power Management Technology Co.,Ltd. |
|
| CP03 | Change of name, title or address |
Address after: 100192 A606, 6th Floor, B-2 Floor, Dongsheng Science Park, Zhongguancun, 66 Xixiaokou Road, Haidian District, Beijing Patentee after: GZH BEIDOU TECHNOLOGY GROUP Co.,Ltd. Address before: 100192 No. 8 Building, Baosheng Lifang Qingyuan, Haidian District, Beijing, 401 and 501 floors on the 4th and 5th floors Patentee before: BEIJING GUOZHIHENG POWER MANAGEMENT TECHNOLOGY GROUP Co.,Ltd. |
|
| CP03 | Change of name, title or address | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20190620 Address after: 100089 A606, 6th Floor, B-2 Floor, Dongsheng Science Park, Zhongguancun, 66 Xixiaokou Road, Haidian District, Beijing Co-patentee after: Hainan Guozhiheng Beidou Technology Co.,Ltd. Patentee after: GZH BEIDOU TECHNOLOGY GROUP Co.,Ltd. Address before: 100192 A606, 6th Floor, B-2 Floor, Dongsheng Science Park, Zhongguancun, 66 Xixiaokou Road, Haidian District, Beijing Patentee before: GZH BEIDOU TECHNOLOGY GROUP Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091209 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |