CN109150528A - A kind of ammeter data access method, device, equipment and readable storage medium storing program for executing - Google Patents

A kind of ammeter data access method, device, equipment and readable storage medium storing program for executing Download PDF

Info

Publication number
CN109150528A
CN109150528A CN201811320238.7A CN201811320238A CN109150528A CN 109150528 A CN109150528 A CN 109150528A CN 201811320238 A CN201811320238 A CN 201811320238A CN 109150528 A CN109150528 A CN 109150528A
Authority
CN
China
Prior art keywords
key
public
access token
access
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811320238.7A
Other languages
Chinese (zh)
Inventor
陈沙
李云
李双全
姚青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Haixing Power Grid Technology Co Ltd
Hangzhou Hexing Electrical Co Ltd
Ningbo Henglida Technology Co Ltd
Original Assignee
Nanjing Haixing Power Grid Technology Co Ltd
Hangzhou Hexing Electrical Co Ltd
Ningbo Henglida Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Haixing Power Grid Technology Co Ltd, Hangzhou Hexing Electrical Co Ltd, Ningbo Henglida Technology Co Ltd filed Critical Nanjing Haixing Power Grid Technology Co Ltd
Priority to CN201811320238.7A priority Critical patent/CN109150528A/en
Publication of CN109150528A publication Critical patent/CN109150528A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F15/00Coin-freed apparatus with meter-controlled dispensing of liquid, gas or electricity
    • G07F15/06Coin-freed apparatus with meter-controlled dispensing of liquid, gas or electricity with means for prepaying basic charges, e.g. rent for meters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of ammeter data access methods, method includes the following steps: receiving the access token after being encrypted or signed by first key generates request;Request is generated using the second key pair access token prestored and carries out corresponding decryption or sign test, obtains verification result;When verification result is to be proved to be successful, then access token is generated, so that request end carries out data access to target ammeter using access token;When verification result is authentication failed, then access token is not generated.Using technical solution provided by the embodiment of the present invention, the safety of ammeter data is significantly improved, it is possible to prevente effectively from third party illegally obtains access token, to ensure that public interest.The invention also discloses a kind of ammeter data access mechanism, equipment and storage mediums, have relevant art effect.

Description

A kind of ammeter data access method, device, equipment and readable storage medium storing program for executing
Technical field
The present invention relates to technical field of power systems, more particularly to a kind of ammeter data access method, device, equipment and Computer readable storage medium.
Background technique
Standard transmission specification (Standard Transfer Specification, abbreviation STS) is sold as pre-payment Important technology in system is used to sell the information transmission between system and ammeter, is global unique general electric power prepaid access Token TOKEN transmission specification.The agreement is organized to use by International Electrotechnical Commission IEC at present.
Regulation access token is encrypted using public encryption algorithm in standard transmission specification.System is sold according to open STS standard " STS600-8-X " STS encryption box is accessed using application programming interfaces API mode directly acquire and supplement with money, manage visit Ask token.STS encrypts box and is divided into serial ports type and network-type by communication media, once the stolen access third party system of serial ports type encryption box System or network-type encryption box IP address leakage, third party system illegally can supplement and manage access with money for live ammeter generation and enable Board accesses to ammeter data, and the safety of ammeter data is low, and the legal system that sells is pretended to be to be peddled, and greatly damages Public interest.
In conclusion how to efficiently solve third party illegally is that access token is supplemented and managed in live ammeter generation with money, it is right The problems such as ammeter data accesses, and the legal system that sells is pretended to be to be peddled, and damages public interest, is current art technology Personnel's urgent problem.
Summary of the invention
The object of the present invention is to provide a kind of ammeter data access method, this method significantly improves the peace of ammeter data Quan Xing, it is possible to prevente effectively from third party illegally obtains access token, to ensure that public interest.
In order to solve the above technical problems, the invention provides the following technical scheme:
A kind of ammeter data access method, which comprises
It receives the access token after being encrypted or signed by first key and generates request;
Request is generated using access token described in the second key pair prestored and carries out corresponding decryption or sign test, is verified As a result;
When the verification result is to be proved to be successful, then access token is generated, so that request end utilizes the access token Data access is carried out to target ammeter;
When the verification result is authentication failed, then the access token is not generated.
In a kind of specific embodiment of the invention, the first key and second key are to be added by asymmetric The key that close algorithm generates.
In a kind of specific embodiment of the invention, the first key and second key are using elliptic curve The public private key pair that algorithm generates;Wherein, the first key is the private key in the public private key pair, and second key is described Public key in public private key pair.
In a kind of specific embodiment of the invention, further includes:
The public private key pair is updated.
In a kind of specific embodiment of the invention, the public private key pair is updated, comprising:
Receive Key Management Center transmission passes through the encrypted importing public key of the first ECDH arranging key;
Verifying is decrypted to the importing public key by the 2nd ECDH arranging key;
When the authentication succeeds, then the former public key prestored is updated using the importing public key, to utilize public key after updating The private key of the request end is verified.
A kind of ammeter data access mechanism, described device include:
Request receiving module generates request for receiving the access token after being encrypted or signed by first key;
As a result module is obtained, is verified, is obtained for generating request using access token described in the second key pair prestored Obtain verification result;
Token generation module, for when the verification result is to be proved to be successful, then access token being generated, so that request end Data access is carried out to target ammeter using the access token;When the verification result is authentication failed, then institute is not generated State access token.
In a kind of specific embodiment of the invention, comprising:
Key production module, for generating the first key and second key by rivest, shamir, adelman.
In a kind of specific embodiment of the invention, comprising:
Public private key pair generation module is made of for being generated using elliptic curve first key and second key Public private key pair;Wherein, the first key is the private key in the public private key pair, and second key is the public private key pair In public key.
A kind of ammeter data access equipment, comprising:
Memory, for storing computer program;
Processor, the step of ammeter data access method as previously described is realized when for executing the computer program.
A kind of computer readable storage medium is stored with computer program on the computer readable storage medium, described The step of ammeter data access method as previously described is realized when computer program is executed by processor.
Using method provided by the embodiment of the present invention, receives the access after being encrypted or signed by first key and enable Board generates request;Request is generated using the second key pair access token prestored and carries out corresponding decryption or sign test, is verified As a result;When verification result be proved to be successful when, then generate access token so that request end using access token to target ammeter into Row data access;When verification result is authentication failed, then access token is not generated.It is stored in advance by being encrypted in box in STS Have the second key, using the second key pair request end send encrypted or signed using first key after access token It generates request to be verified, only can just generate access token when the authentication succeeds, significantly improve the safety of ammeter data, It is possible to prevente effectively from third party illegally obtains access token, to ensure that public interest.
Correspondingly, the embodiment of the invention also provides ammeter data corresponding with above-mentioned ammeter data access method access Device, equipment and computer readable storage medium, have above-mentioned technique effect, and details are not described herein.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is a kind of implementation flow chart of ammeter data access method in the embodiment of the present invention;
Fig. 2 is a kind of structural block diagram of ammeter data access mechanism in the embodiment of the present invention;
Fig. 3 is a kind of structural block diagram of ammeter data access equipment in the embodiment of the present invention.
Specific embodiment
In order to enable those skilled in the art to better understand the solution of the present invention, with reference to the accompanying drawings and detailed description The present invention is described in further detail.Obviously, described embodiments are only a part of the embodiments of the present invention, rather than Whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise Under every other embodiment obtained, shall fall within the protection scope of the present invention.
Embodiment one:
Referring to Fig. 1, Fig. 1 is a kind of implementation flow chart of ammeter data access method in the embodiment of the present invention, and this method can With the following steps are included:
S101: it receives the access token after being encrypted or signed by first key and generates request.
It sells system to access to the ammeter data of target ammeter, needs to encrypt from the access tool STS of ammeter data The access token TOKEN for accessing corresponding ammeter data is obtained in box.Therefore access target ammeter is needed when selling system Ammeter data when, box can be encrypted to STS send access token and generate request, and can use preset first key pair Access token generates request and is encrypted or signed.
Sell system access to the ammeter data of target ammeter can be to ammeter data carry out parameter check, parameter Setting etc., such as supplements parameter with money.
S102: request is generated using the second key pair access token prestored and carries out corresponding decryption or sign test, is tested Demonstrate,prove result.
It can be previously stored with the second key matched with first key in STS encryption box, sell system hair when receiving When the encrypted access token of the use first key sent generates request, it is raw to can use the second key pair access token prestored Be decrypted at request, when receive sell system transmission signed using first key after access token generate request when, It can use the second key pair access token prestored and generate request progress sign test, obtain the verification result whether being verified.
Access token generation is asked using symmetric encipherment algorithm it should be noted that first key and the second key can be The cipher mode verified is sought, symmetric encipherment algorithm has many advantages, such as that calculation amount is small, enciphering rate is fast, encryption efficiency is high, asks It asks end that can generate request to access token quickly to be encrypted, STS encryption box, which can generate encrypted access token, asks Carry out fast decryption is sought, to improve the response speed for generating request to access token.First key and the second key can also To be to generate the cipher mode that request is verified to access token using rivest, shamir, adelman, confidentiality more preferably, is improved The safety of ammeter data.As long as can play corresponding preventive effect in a word, it is not limited in the embodiment of the present invention.
Explanation is needed further exist for, first and second in first key and the second key are merely to encrypt STS Pre-stored key is distinguish with the key that the system of selling uses in box, without successive point.
S103: when verification result is to be proved to be successful, then access token is generated, so that request end is using access token to mesh It marks ammeter and carries out data access.
When obtained verification result is to be proved to be successful, the request end for illustrating that access token generates request is legal sells System, such as power office.In such a case, it is possible to generate access token, request end can use access token to target ammeter Carry out data access.
S104: when verification result is authentication failed, then access token is not generated.
When obtained verification result be authentication failed when, explanation be most likely the third party of unauthorized access want to pretend to be it is legal It sells system to access to the ammeter data of target ammeter, in this case, does not then generate access token, even if STS adds Close box is stolen or the leakage of STS encryption box IP address can also the third party effectively to unauthorized access ammeter data intercept, The safety for significantly improving ammeter data, ensure that public interest.
Using method provided by the embodiment of the present invention, receives the access after being encrypted or signed by first key and enable Board generates request;Request is generated using the second key pair access token prestored and carries out corresponding decryption or sign test, is verified As a result;When verification result be proved to be successful when, then generate access token so that request end using access token to target ammeter into Row data access;When verification result is authentication failed, then access token is not generated.It is stored in advance by being encrypted in box in STS Have the second key, using the second key pair request end send encrypted or signed using first key after access token It generates request to be verified, only can just generate access token when the authentication succeeds, significantly improve the safety of ammeter data, It is possible to prevente effectively from third party illegally obtains access token, to ensure that public interest.
In a kind of specific embodiment of the invention, first key and the second key are raw by rivest, shamir, adelman At key.
First key and the second key can be the key generated by rivest, shamir, adelman, and the system that sells utilizes privately owned Private key to access token generate request encrypted or signed, STS encrypt box using disclosed public key to encrypted access Token generates request and carries out corresponding decryption or sign test, only sells the public affairs prestored in the private key and STS encryption box that system has Key is pairs of, can be proved to be successful, and confidentiality more preferably, improves the safety of ammeter data.
In a kind of specific embodiment of the invention, first key and the second key are to be generated using elliptic curve Public private key pair;Wherein, first key is the private key in public private key pair, and the second key is the public key in public private key pair.
First key and the second key can also be the public private key pair that is generated using elliptic curve, and first key For the private key in public private key pair, the second key is the public key in public private key pair.Elliptic curve is a kind of calculation of asymmetric encryption The advantages such as method has security performance higher, and calculation amount is small, and processing speed is fast, and memory space occupancy is small, and bandwidth requirement is low.
In a kind of specific embodiment of the invention, this method can also include:
Public private key pair is updated.
Based on the above embodiment, when being verified using rivest, shamir, adelman to access token generation request, Public private key pair can also be updated.It such as can be when selling the private key leakage in system, triggering updates operation sequence, right Public private key pair is updated, and is also possible to preset the time interval that operation is updated to public private key pair, default when reaching Time interval when, triggering updates operation sequence, is updated to public private key pair, specifically which kind of mode to carry out public private key pair using Update the embodiment of the present invention without limitation.
In a kind of specific embodiment of the invention, public private key pair is updated, may comprise steps of:
Step 1: receive Key Management Center transmission passes through the encrypted importing public key of the first ECDH arranging key;
Step 2: verifying is decrypted to public key is imported by the 2nd ECDH arranging key;
Step 3: when the authentication succeeds, then using the former public key prestored of public key update is imported, to utilize public key pair after updating The private key of request end is verified.
For convenience of description, above three step can be combined and be illustrated.
Based on the above embodiment, access token can be deployed in Key Management Center, and use disclosed Encryption Algorithm Carry out encryption storage.When needing to update public private key pair, box application can be encrypted to STS and imports public key, STS encrypts box and returns to public affairs Key imports request command, and the public key that STS encryption box returns is imported request command and is sent to Key Management Center, legal sells New public private key pair can be generated in system, and sends Key Management Center for new public key, and Key Management Center can be using logical It crosses the first ECDH arranging key that ECDH arranging key negotiating algorithm goes out to encrypt the public key in public private key pair, be encrypted Importing public key afterwards, and the importing public key is sent to STS encryption box.STS encryption box receives the importing public key, and uses and pass through The twoth ECDH arranging key pairs of with the first ECDH arranging key that ECDH arranging key negotiating algorithm goes out to import public key into Row decryption verification.When the authentication succeeds, illustrate that this public private key pair updates and belong to legal update operation, then utilize importing public key The former public key prestored is updated, to verify using private key of the public key after update to request end.If authentication failed illustrates this Public private key pair, which updates, probably belongs to illegal update operation, then the public key not prestored to original is updated, to ensure that pair Public private key pair is updated safety, legitimacy and the confidentiality of operation.
The public key in public private key pair is encrypted using ECDH cipher key agreement algorithm the specific can be that, in key management Key-encrypting key KEK is obtained using ECDH cipher key agreement algorithm between the heart and STS encryption box, Key Management Center is with KEK Encryption key, AES-CCM-192 are that Encryption Algorithm encrypts the public key in new public private key pair.
Corresponding to above method embodiment, the embodiment of the invention also provides a kind of ammeter data access mechanisms, hereafter The ammeter data access mechanism of description can correspond to each other reference with above-described ammeter data access mechanism method.
Referring to fig. 2, Fig. 2 is a kind of structural block diagram of ammeter data access mechanism in the embodiment of the present invention, which can be with Include:
Request receiving module 21 is asked for receiving the generation of the access token after being encrypted or signed by first key It asks;
As a result module 22 is obtained, is verified, is obtained for generating request using the second key pair access token prestored Verification result;
Token generation module 23, for when verification result is to be proved to be successful, then access token being generated, so that request end is sharp Data access is carried out to target ammeter with access token;When verification result is authentication failed, then access token is not generated.
Using method provided by the embodiment of the present invention, receives and encrypted access token generation is carried out by first key Request;Request is generated using the second key pair access token prestored to be verified, and verification result is obtained;When verification result is to test When demonstrate,proving successfully, then access token is generated, so that request end carries out data access to target ammeter using access token;When verifying is tied When fruit is authentication failed, then access token is not generated.Be previously stored with the second key by encrypting in box in STS, using this The use first key that two key pair request ends are sent carries out encrypted access token generation request and is verified, and only works as verifying Access token can be just generated when success, the safety of ammeter data is significantly improved, it is possible to prevente effectively from third party illegally obtains Access token is taken, to ensure that public interest.
In a kind of specific embodiment of the invention, comprising:
Key production module, for generating first key and the second key by rivest, shamir, adelman.
In a kind of specific embodiment of the invention, comprising:
Public private key pair generation module, for generating the public affairs being made of first key and the second key using elliptic curve Private key pair;Wherein, first key is the private key in public private key pair, and the second key is the public key in public private key pair.
In a kind of specific embodiment of the invention, which can also include:
Public private key pair update module, for being updated to public private key pair.
In a kind of specific embodiment of the invention, public private key pair update module may include:
Public key receiving submodule, for receive Key Management Center transmission by the encrypted importing of ECDH arranging key Public key;
Decryption verification submodule, for verifying to be decrypted to importing public key;
Public key updates submodule, for when the authentication succeeds, then updating the former public key prestored using importing public key, to utilize Public key verifies the private key of request end after update.
Corresponding to above method embodiment, referring to Fig. 3, Fig. 3 is ammeter data access equipment provided by the present invention Schematic diagram, the equipment may include:
Memory 31, for storing computer program;
Processor 32 can realize following steps when for executing the computer program of the above-mentioned storage of memory 31:
It receives and encrypted access token generation request is carried out by first key;It is accessed using the second key pair prestored Token generates request and is verified, and obtains verification result;When verification result is to be proved to be successful, then access token is generated, so that Request end carries out data access to target ammeter using access token;When verification result is authentication failed, then access is not generated Token.
Above method embodiment is please referred to for the introduction of equipment provided by the invention, this will not be repeated here by the present invention.
It is computer-readable the present invention also provides a kind of computer readable storage medium corresponding to above method embodiment It is stored with computer program on storage medium, can realize following steps when computer program is executed by processor:
It receives the access token after being encrypted or signed by first key and generates request;Utilize the second key prestored Request is generated to access token to verify, and obtains verification result;When verification result is to be proved to be successful, then generates access and enable Board, so that request end carries out data access to target ammeter using access token;When verification result is authentication failed, then do not give birth to At access token.
The computer readable storage medium may include: USB flash disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. is various to deposit Store up the medium of program code.
Above method embodiment is please referred to for the introduction of computer readable storage medium provided by the invention, the present invention exists This is not repeated them here.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with it is other The difference of embodiment, same or similar part may refer to each other between each embodiment.For being filled disclosed in embodiment It sets, for equipment and computer readable storage medium, since it is corresponded to the methods disclosed in the examples, so the comparison of description Simply, reference may be made to the description of the method.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered Think beyond the scope of this invention.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology In any other form of storage medium well known in field.
Used herein a specific example illustrates the principle and implementation of the invention, and above embodiments are said It is bright to be merely used to help understand technical solution of the present invention and its core concept.It should be pointed out that for the common of the art , without departing from the principle of the present invention, can be with several improvements and modifications are made to the present invention for technical staff, these Improvement and modification are also fallen within the protection scope of the claims of the present invention.

Claims (10)

1. a kind of ammeter data access method, which is characterized in that the described method includes:
It receives the access token after being encrypted or signed by first key and generates request;
Request is generated using access token described in the second key pair prestored and carries out corresponding decryption or sign test, obtains verifying knot Fruit;
When the verification result is to be proved to be successful, then access token is generated, so that request end is using the access token to mesh It marks ammeter and carries out data access;
When the verification result is authentication failed, then the access token is not generated.
2. the method according to claim 1, wherein the first key and second key are by non-right The key for claiming Encryption Algorithm to generate.
3. the method according to claim 1, wherein the first key and second key are using oval The public private key pair that curved line arithmetic generates;Wherein, the first key is the private key in the public private key pair, and second key is Public key in the public private key pair.
4. according to the method described in claim 3, it is characterized by further comprising:
The public private key pair is updated.
5. according to the method described in claim 4, it is characterized in that, being updated to the public private key pair, comprising:
Receive Key Management Center transmission passes through the encrypted importing public key of the first ECDH arranging key;
Verifying is decrypted to the importing public key by the 2nd ECDH arranging key;
When the authentication succeeds, then update the former public key prestored using the importing public key, with using public key after updating to institute The private key for stating request end is verified.
6. a kind of ammeter data access mechanism, which is characterized in that described device includes:
Request receiving module generates request for receiving the access token after being encrypted or signed by first key;
As a result obtain module, for using access token described in the second key pair prestored generate request carry out it is corresponding decryption or Sign test obtains verification result;
Token generation module, for when the verification result is to be proved to be successful, then generating access token, so that request end utilizes The access token carries out data access to target ammeter;When the verification result is authentication failed, then the visit is not generated Ask token.
7. device according to claim 6 characterized by comprising
Key production module, for generating the first key and second key by rivest, shamir, adelman.
8. device according to claim 6 characterized by comprising
Public private key pair generation module, for generating the public affairs being made of first key and second key using elliptic curve Private key pair;Wherein, the first key is the private key in the public private key pair, and second key is in the public private key pair Public key.
9. a kind of ammeter data access equipment characterized by comprising
Memory, for storing computer program;
Processor realizes the ammeter data access side as described in any one of claim 1 to 5 when for executing the computer program The step of method.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium Program realizes the ammeter data access method as described in any one of claim 1 to 5 when the computer program is executed by processor The step of.
CN201811320238.7A 2018-11-07 2018-11-07 A kind of ammeter data access method, device, equipment and readable storage medium storing program for executing Pending CN109150528A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811320238.7A CN109150528A (en) 2018-11-07 2018-11-07 A kind of ammeter data access method, device, equipment and readable storage medium storing program for executing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811320238.7A CN109150528A (en) 2018-11-07 2018-11-07 A kind of ammeter data access method, device, equipment and readable storage medium storing program for executing

Publications (1)

Publication Number Publication Date
CN109150528A true CN109150528A (en) 2019-01-04

Family

ID=64807940

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811320238.7A Pending CN109150528A (en) 2018-11-07 2018-11-07 A kind of ammeter data access method, device, equipment and readable storage medium storing program for executing

Country Status (1)

Country Link
CN (1) CN109150528A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110414248A (en) * 2019-07-11 2019-11-05 珠海格力电器股份有限公司 Method for debugging microprocessor and microprocessor
WO2020173019A1 (en) * 2019-02-27 2020-09-03 平安科技(深圳)有限公司 Access certificate verification method and device, computer equipment and storage medium
CN111756701A (en) * 2020-05-29 2020-10-09 苏州浪潮智能科技有限公司 Method and system for acquiring equipment token access Rest interface by management platform
CN113345139A (en) * 2021-06-03 2021-09-03 珠海优特物联科技有限公司 Unlocking method, intelligent lock cylinder and intelligent lock system
CN114501373A (en) * 2022-04-14 2022-05-13 济南瑞泉电子有限公司 Intelligent water meter recharging anti-cheating method

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008135768A2 (en) * 2007-05-08 2008-11-13 First Ondemand Limited Authorisation of signatures on documents
CN102457378A (en) * 2010-10-15 2012-05-16 洛克威尔自动控制技术股份有限公司 Security model for industrial devices
CN102546532A (en) * 2010-12-07 2012-07-04 ***通信集团公司 Capacity calling method, capacity calling request device, capacity calling platform and capacity calling system
CN103220261A (en) * 2012-01-21 2013-07-24 华为技术有限公司 Proxy method, device and system of open authentication application program interface
CN104270383A (en) * 2014-10-17 2015-01-07 国家电网公司 Cross-subnet access control method of electric power mobile terminal
CN104899741A (en) * 2014-03-05 2015-09-09 ***股份有限公司 Online payment method and online payment system based on IC bank card
CN108471395A (en) * 2017-02-23 2018-08-31 华为技术有限公司 Realize method, apparatus, cloud computing system and the computer system of certification/mandate
CN108471432A (en) * 2018-07-11 2018-08-31 北京智芯微电子科技有限公司 Prevent web application interface by the method for malicious attack

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008135768A2 (en) * 2007-05-08 2008-11-13 First Ondemand Limited Authorisation of signatures on documents
CN102457378A (en) * 2010-10-15 2012-05-16 洛克威尔自动控制技术股份有限公司 Security model for industrial devices
CN102546532A (en) * 2010-12-07 2012-07-04 ***通信集团公司 Capacity calling method, capacity calling request device, capacity calling platform and capacity calling system
CN103220261A (en) * 2012-01-21 2013-07-24 华为技术有限公司 Proxy method, device and system of open authentication application program interface
CN104899741A (en) * 2014-03-05 2015-09-09 ***股份有限公司 Online payment method and online payment system based on IC bank card
CN104270383A (en) * 2014-10-17 2015-01-07 国家电网公司 Cross-subnet access control method of electric power mobile terminal
CN108471395A (en) * 2017-02-23 2018-08-31 华为技术有限公司 Realize method, apparatus, cloud computing system and the computer system of certification/mandate
CN108471432A (en) * 2018-07-11 2018-08-31 北京智芯微电子科技有限公司 Prevent web application interface by the method for malicious attack

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020173019A1 (en) * 2019-02-27 2020-09-03 平安科技(深圳)有限公司 Access certificate verification method and device, computer equipment and storage medium
CN110414248A (en) * 2019-07-11 2019-11-05 珠海格力电器股份有限公司 Method for debugging microprocessor and microprocessor
CN111756701A (en) * 2020-05-29 2020-10-09 苏州浪潮智能科技有限公司 Method and system for acquiring equipment token access Rest interface by management platform
CN111756701B (en) * 2020-05-29 2022-12-27 苏州浪潮智能科技有限公司 Method and system for acquiring equipment token access Rest interface by management platform
CN113345139A (en) * 2021-06-03 2021-09-03 珠海优特物联科技有限公司 Unlocking method, intelligent lock cylinder and intelligent lock system
CN114501373A (en) * 2022-04-14 2022-05-13 济南瑞泉电子有限公司 Intelligent water meter recharging anti-cheating method

Similar Documents

Publication Publication Date Title
CN109040090B (en) A kind of data ciphering method and device
CN109150528A (en) A kind of ammeter data access method, device, equipment and readable storage medium storing program for executing
CN108377189A (en) User's communication encrypting method, device, terminal device and storage medium on block chain
TWI715537B (en) Encryption machine key injection system, method and device based on cloud environment
US10454674B1 (en) System, method, and device of authenticated encryption of messages
CA3164765A1 (en) Secure communication method and device based on identity authentication
CN104170312B (en) For using the method and apparatus that hardware security engine is securely communicated by network
CN103684766B (en) A kind of private key protection method of terminal use and system
CN100468438C (en) Encryption and decryption method for realizing hardware and software binding
US8171306B2 (en) Universal secure token for obfuscation and tamper resistance
CN109740384A (en) Data based on block chain deposit card method and apparatus
US10880100B2 (en) Apparatus and method for certificate enrollment
CN105553654B (en) Key information processing method and device, key information management system
CN110050437A (en) The device and method of distributed certificate registration
TW201010370A (en) Integrated cryptographic security module for a network node
CN108964922A (en) mobile terminal token activation method, terminal device and server
CN110401615A (en) A kind of identity identifying method, device, equipment, system and readable storage medium storing program for executing
CN101409619A (en) Flash memory card and method for implementing virtual special network key exchange
CN110601855B (en) Root certificate management method and device, electronic equipment and storage medium
CN110855667B (en) Block chain encryption method, device and system
CN109816383A (en) A kind of block chain endorsement method, block chain wallet and block chain
CN109600224A (en) A kind of SM2 key generation, endorsement method, terminal, server and storage medium
CN108696518A (en) User's communication encrypting method, device, terminal device and storage medium on block chain
CN111211905A (en) Identity management method for Fabric alliance chain members based on certificate-free authentication
CN110177001A (en) A kind of NFC circle deposit method, system and storage medium based on soft certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190104

RJ01 Rejection of invention patent application after publication