CN104363098B - A kind of distributed monitoring end message safety protecting method based on digital encryption - Google Patents
A kind of distributed monitoring end message safety protecting method based on digital encryption Download PDFInfo
- Publication number
- CN104363098B CN104363098B CN201410682997.3A CN201410682997A CN104363098B CN 104363098 B CN104363098 B CN 104363098B CN 201410682997 A CN201410682997 A CN 201410682997A CN 104363098 B CN104363098 B CN 104363098B
- Authority
- CN
- China
- Prior art keywords
- distributed monitoring
- monitoring terminal
- main website
- message
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 84
- 238000000034 method Methods 0.000 title claims abstract description 45
- 230000006854 communication Effects 0.000 claims abstract description 39
- 238000004891 communication Methods 0.000 claims abstract description 34
- 238000001514 detection method Methods 0.000 claims abstract description 8
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000006073 displacement reaction Methods 0.000 claims description 3
- 230000008676 import Effects 0.000 claims description 3
- 230000008520 organization Effects 0.000 claims description 3
- 238000012360 testing method Methods 0.000 claims description 3
- 238000012790 confirmation Methods 0.000 claims description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
Landscapes
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a kind of distributed monitoring end message safety protecting method based on digital encryption, includes the following steps:Step 1:Initialize the distributed monitoring terminal with encryption chip;Step 2, distributed monitoring terminal power on, and circuit sequentially detection Ethernet and GPRS wireless network, if detection has Ethernet connection, carry out original message communication, otherwise enter coded communication.The present invention realizes the reliable communication between distributed monitoring terminal and main website, private key negotiation is first carried out before a communication, communication is established on the basis of negotiating successfully, it effectively prevent unauthorized user to steal electric network data or destroys the normal operation of power grid using power grid control function, ensure that the balance of safety and real-time.
Description
Technical field
The present invention relates to a kind of distributed monitoring end message safety protecting method based on digital encryption, belongs to micro-capacitance sensor
Field.
Background technique
Distributed energy monitor terminal is that the user side distributed energy resource system of access utility network is monitored and is controlled
The information collection to bidirectional electric energy measuring equipment, electric energy quality monitoring, and acceptable main website order pair may be implemented in the equipment of system
Distributed energy resource system access utility network is controlled.
It can be seen that the information transmission of distributed energy monitor terminal directly influences the reliable of distributed energy resource system
Property, or even certain influence can all be generated to the normal operation of entire bulk power grid.Therefore the protection of distributed monitoring end message
It is very important, therefore be badly in need of a kind of method now unauthorized user can be effectively prevent to steal electric network data or utilize power grid control
Function processed destroys the normal operation of power grid, and ensure that the balance of safety and real-time.
Summary of the invention
In order to solve the above-mentioned technical problems, the present invention provides a kind of distributed monitoring end message based on digital encryption
Safety protecting method can effectively prevent unauthorized user to steal electric network data or destroy power grid using power grid control function
It operates normally, ensure that the balance of safety and real-time.
In order to achieve the above object, the technical scheme adopted by the invention is that:
A kind of distributed monitoring end message safety protecting method based on digital encryption, includes the following steps:
Step 1:Initialize the distributed monitoring terminal with encryption chip;
Step 2, distributed monitoring terminal power on, and circuit sequentially detection Ethernet and GPRS wireless network, if detection have with
Too net connection, then carry out plaintext communication, otherwise enters coded communication.
In step 1, the distributed monitoring terminal with encryption chip is initialized, detailed process is,
A1) distributed monitoring terminal encryption chip generates the key pair of displacement, and the key pair includes the first code key and the
Two code keys;
A2) distributed monitoring terminal generates demand file, and the demand file includes the theme of the distributed monitoring terminal
Information;
A3) main website is according to demand file grant a certificate;
A4 it) imports the certificate and public key of main website, the certificate and key pair correspond.
The subject information includes the sequence number of distributed monitoring terminal, location, saves name, is country origin, organization name, first secret
Key and the second code key.
The coded communication process is,
B1) between distributed monitoring terminal and main website carry out code key negotiation, if success if go to step A2, if not at
Function renegotiates;
B2) data message is encrypted using public key in distributed monitoring terminal side, and by encrypted data message
It is sent to main website;
B3) main website receives encrypted data message, and by secret key pair, it is decrypted.
It is described communication code key negotiate process be,
C1) distributed monitoring terminal test random number x1, make A=ECertN (x1)||ESkeyN(H(x1)), then A is sent out
Give main website;Wherein CertN is the first code key of distributed monitoring terminal N, and SkeyN is the second secret of distributed monitoring terminal N
Key, ECertN (x1) it is with the first secret key pair x1It is cryptographic calculation, ESkeyN (H (x1)) it is with the second secret key pair H (x1) encrypt
Operation, H (x1) it is to x1Hash operations are done, | | indicate connection;
C2) main website is decrypted and verifies the signature of distributed monitoring terminal, simultaneous transmission random number x after receiving A2, right
It makees B=ECertN (x2)||ESkeyN(H(x2)), B is sent back into distributed monitoring terminal;Wherein, main website to A be decrypted for
Reverse procedure in step C1, ECertN (x2) it is with the first secret key pair x2It is cryptographic calculation, ESkeyN (H (x2)) it is with second
Secret key pair H (x2) it is cryptographic calculation, H (x2) it is to x2Do hash operations;
C3) distributed monitoring terminal is decrypted and verifies the signature of main website after receiving B, synthesizes private key,Then makeC is issued into main website, distributed monitoring terminal carries out B
Decryption is the reverse procedure in step C2, for doing hash operations;
C4 after) main website receives C, makeWhether identical compare C and D, if identical, both sides
Negotiate successfully, communication private key isIf it is different, main website is unsuccessfully accused to the sending of distributed monitoring terminal
Alert information, distributed monitoring terminal re-emit negotiation.
The process of the encryption is,
D1 message) is filled in the tail portion of data message, makes the integer the length is 16;If the original length of data message
For 16 multiple, then 16 byte messages are filled;
D2 header information and initial vector) are added to filled data message;
D3) the above-mentioned data message handled well is encrypted using public key.
The decrypting process is the inverse process of ciphering process.
During coded communication, no matter there is any failure, will all turn to plaintext communication.
The beneficial effects obtained by the present invention are as follows:The present invention realizes reliable logical between distributed monitoring terminal and main website
Letter first carries out private key negotiation before a communication, and communication is established on the basis of negotiating successfully, unauthorized user is effectively prevent to steal
Electric network data or the normal operation that power grid is destroyed using power grid control function, ensure that the balance of safety and real-time;Together
When the present invention break down when turn to plaintext communication, ensure that the information exchange between distributed monitoring terminal and main website.
Specific embodiment
The following examples are only intended to illustrate the technical solution of the present invention more clearly, and cannot be used as a limitation the limitation present invention
Protection scope.
A kind of distributed monitoring end message safety protecting method based on digital encryption, includes the following steps:
Step 1:Initialize the distributed monitoring terminal with encryption chip.Distributed monitoring only by initialization is whole
End just can be used normally.
Detailed process is:
A1) distributed monitoring terminal encryption chip generates the key pair of displacement, and the key pair includes the first code key and the
Two code keys.
A2) distributed monitoring terminal generates demand file, and the demand file includes the theme of the distributed monitoring terminal
Information.
Here subject information is as shown in Table 1, sequence number, location including distributed monitoring terminal, save name, country origin,
Organization name, the first code key and second code key etc..
A3) main website is according to demand file grant a certificate.
A4 it) imports the certificate and public key of main website, the certificate and key pair correspond.
Step 2, distributed monitoring terminal power on, and circuit sequentially detection Ethernet and GPRS wireless network, if detection have with
Too net connection then carries out original message communication, otherwise enters coded communication.
Coded communication process is:
B1) between distributed monitoring terminal and main website carry out code key negotiation, if success if go to step A2, if not at
Function renegotiates.
Communicating the process that code key is negotiated is:
C1) distributed monitoring terminal test random number x1, make A=ECertN (x1)||ESkeyN(H(x1)), then A is sent out
Give main website;Wherein CertN is the first code key of distributed monitoring terminal N, and SkeyN is the second secret of distributed monitoring terminal N
Key, ECertN (x1) it is with the first secret key pair x1It is cryptographic calculation, ESkeyN (H (x1)) it is with the second secret key pair H (x1) encrypt
Operation, H (x1) it is to x1Hash operations are done, | | indicate connection;
C2) main website is decrypted and verifies the signature of distributed monitoring terminal, simultaneous transmission random number x after receiving A2, right
It makees B=ECertN (x2)||ESkeyN(H(x2)), B is sent back into distributed monitoring terminal;Wherein, main website to A be decrypted for
Reverse procedure in step C1, ECertN (x2) it is with the first secret key pair x2It is cryptographic calculation, ESkeyN (H (x2)) it is with second
Secret key pair H (x2) it is cryptographic calculation, H (x2) it is to x2Do hash operations;
C3) distributed monitoring terminal is decrypted and verifies the signature of main website after receiving B, synthesizes private key,Then makeC is issued into main website, distributed monitoring terminal carries out B
Decryption is the reverse procedure in step C2, for doing hash operations;
C4 after) main website receives C, makeWhether identical compare C and D, if identical, both sides
Negotiate successfully, communication private key isIf it is different, main website is unsuccessfully accused to the sending of distributed monitoring terminal
Alert information, distributed monitoring terminal re-emit negotiation.
B2) data message is encrypted using public key in distributed monitoring terminal side, and by encrypted data message
It is sent to main website.
The process of encryption is:
D1 message) is filled in the tail portion of data message, makes the integer the length is 16;If the original length of data message
For 16 multiple, then 16 byte messages are filled;
D2 header information and initial vector) are added to filled data message;
In the present embodiment, initial vector IV is 16 byte random numbers, is generated by encryption side;Here header information is 2
Byte length, content are respectively 0x05 and 19+n, and 0x05 indicates encrypted packet, and 18+n indicates message total length.
D3) the above-mentioned data message handled well is encrypted using public key.
B3) main website receives encrypted data message, and by secret key pair, it is decrypted;Decrypting process is ciphering process
Inverse process, needed after decryption check filling message correctness.
During coded communication, no matter there is any failure, will all turn to plaintext communication.Here plaintext communication is general
It is also required to carry out plaintext negotiation, is without any transmission before negotiating in plain text successfully.
Plaintext negotiations process is:
E1 message of negotiation request) is initiated by distributed monitoring terminal, includes distributed monitoring end in the message of negotiation request
The sequence number at end.
In the present embodiment, which fixes, and is 42 bytes, and head is followed successively by 0x01,0x04, respectively
It indicates negotiations process and initiates plaintext communication request.
E2) main website receives message of negotiation request, parses to it, replys negotiation confirmation after verifying sequence number therein,
Otherwise it replys and negotiates failure information.
E3) distributed monitoring terminal receives negotiation successful information, then starts to initiate plaintext communication, unsuccessfully believes if receiving negotiation
Breath then re-initiates negotiation request.
Above-mentioned plaintext communication process:
F1) original message is filled, its length is made to reach 16 multiple, if the original length of original message is 16
Multiple, then fill 16 byte messages;
F2 header information) is added to filled original message;
In the present embodiment, header information is 2 byte lengths, and content is respectively 0x06 and 2+n, and 0x06 indicates plaintext communication
Data packet, 2+n indicate message total length;
F3), main website side is sent by above-mentioned assembled message.
Distributed monitoring terminal receives the process of master information in contrast.
The above-mentioned distributed monitoring end message safety protecting method based on digital encryption first carries out private before a communication
Key is negotiated, and communication is established on the basis of negotiating successfully, effectively prevent unauthorized user to steal electric network data or utilizes power grid
Control function destroys the normal operation of power grid, ensure that the balance of safety and real-time.The present invention is when breaking down simultaneously
Plaintext communication is turned to, ensure that the information exchange between distributed monitoring terminal and main website.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the technical principles of the invention, several improvement and deformations can also be made, these improvement and deformations
Also it should be regarded as protection scope of the present invention.
Claims (6)
1. a kind of distributed monitoring end message safety protecting method based on digital encryption, it is characterised in that:Including following step
Suddenly:
Step 1:Initialize the distributed monitoring terminal with encryption chip;
Step 2, distributed monitoring terminal power on, and circuit sequentially detection Ethernet and GPRS wireless network, if detection has Ethernet
Connection then carries out original message communication, otherwise enters coded communication;
During coded communication, no matter there is any failure, will all turn to plaintext communication, plaintext communication is also required to carry out in plain text
Negotiate, is without any transmission before negotiating in plain text successfully;
Plaintext negotiations process is:
E1 message of negotiation request) is initiated by distributed monitoring terminal, includes distributed monitoring terminal in the message of negotiation request
Sequence number;
E2) main website receives message of negotiation request, parses to it, replys negotiation confirmation after verifying sequence number therein, otherwise
It replys and negotiates failure information;
E3) distributed monitoring terminal receives negotiation successful information, then starts to initiate plaintext communication, if receiving negotiation failure information,
Then re-initiate negotiation request;
Plaintext communication process:
F1) original message is filled, its length is made to reach 16 multiple, if times that the original length of original message is 16
Number then fills 16 byte messages;
F2 header information) is added to filled original message;
F3), main website side is sent by above-mentioned assembled message;
Distributed monitoring terminal receives the process of master information in contrast.
2. a kind of distributed monitoring end message safety protecting method based on digital encryption according to claim 1,
It is characterized in that:In step 1, the distributed monitoring terminal with encryption chip is initialized, detailed process is,
A1) distributed monitoring terminal encryption chip generates the key pair of displacement, and the key pair includes that the first code key and second are secret
Key;
A2) distributed monitoring terminal generates demand file, and the demand file includes the subject information of the distributed monitoring terminal;
A3) main website is according to demand file grant a certificate;
A4 it) imports the certificate and public key of main website, the certificate and key pair correspond.
3. a kind of distributed monitoring end message safety protecting method based on digital encryption according to claim 2,
It is characterized in that:The subject information includes the sequence number of distributed monitoring terminal, location, saves name, country origin, organization name, first
Code key and the second code key.
4. a kind of distributed monitoring end message safety protecting method based on digital encryption according to claim 1,
It is characterized in that:The coded communication process is,
B1 code key negotiation) is carried out between distributed monitoring terminal and main website, goes to step A2 if success, if it fails,
It renegotiates;
B2) data message is encrypted using public key in distributed monitoring terminal side, and encrypted data message is sent
To main website;
B3) main website receives encrypted data message, and by secret key pair, it is decrypted.
5. a kind of distributed monitoring end message safety protecting method based on digital encryption according to claim 4,
It is characterized in that:It is described communication code key negotiate process be,
C1) distributed monitoring terminal test random number x1, make A=ECertN (x1)||ESkeyN(H(x1)), then A is sent to
Main website;Wherein CertN is the first code key of distributed monitoring terminal N, and SkeyN is the second code key of distributed monitoring terminal N,
ECertN(x1) it is with the first secret key pair x1It is cryptographic calculation, ESkeyN (H (x1)) it is with the second secret key pair H (x1) do encryption fortune
It calculates, H (x1) it is to x1Hash operations are done, | | indicate connection;
C2) main website is decrypted and verifies the signature of distributed monitoring terminal, simultaneous transmission random number x after receiving A2, B is made to it
=ECertN (x2)||ESkeyN(H(x2)), B is sent back into distributed monitoring terminal;Wherein, A is decrypted as step C1 in main website
In reverse procedure, ECertN (x2) it is with the first secret key pair x2It is cryptographic calculation, ESkeyN (H (x2)) it is with the second secret key pair H
(x2) it is cryptographic calculation, H (x2) it is to x2Do hash operations;
C3) distributed monitoring terminal is decrypted and verifies the signature of main website after receiving B, synthesizes private key,Then makeC is issued into main website, distributed monitoring terminal carries out B
Decryption is the reverse procedure in step C2,It is rightDo hash operations;
C4 after) main website receives C, makeWhether identical compare C and D, if identical, both sides negotiate
Success, communication private key areIf it is different, main website issues unsuccessfully alarm letter to distributed monitoring terminal
Breath, distributed monitoring terminal re-emit negotiation.
6. a kind of distributed monitoring end message safety protecting method based on digital encryption according to claim 4,
It is characterized in that:The process of the encryption is,
D1 message) is filled in the tail portion of data message, makes the integer the length is 16;If the original length of data message is 16
Multiple, then fill 16 byte messages;
D2 header information and initial vector IV) are added to filled data message;
D3) the above-mentioned data message handled well is encrypted using public key;
The decrypting process is the inverse process of ciphering process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410682997.3A CN104363098B (en) | 2014-11-24 | 2014-11-24 | A kind of distributed monitoring end message safety protecting method based on digital encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410682997.3A CN104363098B (en) | 2014-11-24 | 2014-11-24 | A kind of distributed monitoring end message safety protecting method based on digital encryption |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104363098A CN104363098A (en) | 2015-02-18 |
| CN104363098B true CN104363098B (en) | 2018-11-30 |
Family
ID=52530326
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410682997.3A Active CN104363098B (en) | 2014-11-24 | 2014-11-24 | A kind of distributed monitoring end message safety protecting method based on digital encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104363098B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109257327B (en) * | 2017-07-14 | 2021-01-08 | 中国电力科学研究院 | Communication message safety interaction method and device for power distribution automation system |
| CN110889122B (en) * | 2019-10-29 | 2023-01-03 | 深圳供电局有限公司 | Communication method of energy gateway |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101753312A (en) * | 2010-02-03 | 2010-06-23 | 北京融通高科科技发展有限公司 | Security certification method and security certification device for power grid equipment and negative control terminal |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7475244B2 (en) * | 2002-11-05 | 2009-01-06 | Kabushiki Kaisha Toshiba | Wireless communication device, portable terminal, communication control program and communication system |
| CN103475464B (en) * | 2013-08-20 | 2018-11-27 | 国家电网公司 | A kind of power special quantum encryption gateway system |
| CN103679062B (en) * | 2013-12-23 | 2017-02-08 | 上海贝岭股份有限公司 | Intelligent electric meter main control chip and security encryption method |
-
2014
- 2014-11-24 CN CN201410682997.3A patent/CN104363098B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101753312A (en) * | 2010-02-03 | 2010-06-23 | 北京融通高科科技发展有限公司 | Security certification method and security certification device for power grid equipment and negative control terminal |
Non-Patent Citations (1)
| Title |
|---|
| 配电安全防护***;赵银春;《中国优秀硕士学位论文全文数据库 工程科技II辑》;20140515(第5期);第二章2.2节、第三章3.1-3.4节、第四章4.1节、图4-1、表4-1 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104363098A (en) | 2015-02-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109194656A (en) | A kind of method of distribution wireless terminal secure accessing | |
| CN106357690B (en) | data transmission method, data sending device and data receiving device | |
| CN104168267B (en) | A kind of identity identifying method of access SIP security protection video monitoring systems | |
| CN107294937B (en) | Data transmission method based on network communication, client and server | |
| CN104158653A (en) | Method of secure communication based on commercial cipher algorithm | |
| CN104811427B (en) | A kind of safe industrial control system communication means | |
| CN106656510A (en) | Encryption key acquisition method and system | |
| CN107172056A (en) | A kind of channel safety determines method, device, system, client and server | |
| CN109714360B (en) | Intelligent gateway and gateway communication processing method | |
| CN107888381A (en) | A kind of implementation method of key importing, apparatus and system | |
| CN113806772A (en) | Information encryption transmission method and device based on block chain | |
| CN109150526A (en) | Cryptographic key negotiation method, equipment, terminal, storage medium and system | |
| CN106911663A (en) | One kind sells bank's full message encryption system and method for mixed mode directly to households | |
| CN111756627A (en) | Cloud platform security access gateway of electric power monitored control system | |
| CN103428204A (en) | Data security implementation method capable of resisting timing attacks and devices | |
| CN103441983A (en) | Information protection method and device based on link layer discovery protocol | |
| CN105791258A (en) | Data transmission method, terminal and open platform | |
| CN111600829A (en) | Secure communication method and system for Internet of things equipment | |
| CN108900540A (en) | A kind of business data processing method of the distribution terminal based on double-encryption | |
| CN113572766A (en) | Power data transmission method and system | |
| CN107249002B (en) | Method, system and device for improving safety of intelligent electric energy meter | |
| CN109274663A (en) | Communication means based on SM2 dynamic key exchange and SM4 data encryption | |
| CN102857503A (en) | Secure wireless transmission method for fingerprint data | |
| CN109005151A (en) | A kind of encryption of information, decryption processing method and processing terminal | |
| CN101141278B (en) | Data transmission system, data transmission method, data processing method and corresponding device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |