CN113904792B - Power grid regulation information encryption transmission method based on national encryption algorithm - Google Patents
Power grid regulation information encryption transmission method based on national encryption algorithm Download PDFInfo
- Publication number
- CN113904792B CN113904792B CN202110981746.5A CN202110981746A CN113904792B CN 113904792 B CN113904792 B CN 113904792B CN 202110981746 A CN202110981746 A CN 202110981746A CN 113904792 B CN113904792 B CN 113904792B
- Authority
- CN
- China
- Prior art keywords
- key
- intelligent
- scheduling
- intelligent terminal
- intelligent scheduling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/067—Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a power grid regulation information encryption transmission method based on a national encryption algorithm, which comprises the following steps: updating the intelligent dispatching symmetric key and the intelligent dispatching asymmetric key through a secret management system; the communication key is generated by intelligent scheduling through the identification code of the intelligent terminal; the intelligent scheduling and the intelligent terminal use the communication key to encrypt and decrypt data in the data transmission process; the invention realizes that the communication key of each terminal is secret, and ensures the confidentiality of transmission data strictly.
Description
Technical Field
The invention relates to the field of power grid information safety, in particular to a power grid regulation information encryption transmission method based on a national encryption algorithm.
Background
With the proposal and development of intelligent power grids, data interaction among components such as intelligent substations, intelligent interaction terminals, intelligent scheduling and the like in the power grids is more frequent. This presents new challenges to the reliability, safety, and efficiency of the grid.
The cryptographic algorithm is a set of data encryption and decryption processing series algorithm which is independently researched and developed and innovated in China. The symmetric, asymmetric and digest algorithm functions are realized from SM1-SM3 respectively. The method is particularly suitable for being applied to the related fields such as the embedded Internet of things and the like to finish the functions of identity authentication, data encryption and decryption and the like. For example, the SM1 algorithm is a block cipher algorithm, the block length is 128 bits, the key length is 128 bits, the algorithm is not disclosed, and the algorithm exists in the chip only in the form of an IP core. The core of using SM1 is to protect the key; the SM2 algorithm is an ECC elliptic curve cryptography mechanism, is different from international standards such as ECDSA, ECDH and the like in terms of signature and key exchange, and adopts a safer mechanism. The digital signature algorithm, the key exchange protocol and the public key encryption algorithm both use an SM3 password hash algorithm approved by the national bureau of security and a random number generator; SM3 is a cryptographic hash (hash ) algorithm, is suitable for digital signature and verification in commercial cryptographic applications, and can meet the security requirements of various cryptographic applications by generating and verifying message authentication codes and generating random numbers.
At present, with the rapid development of the internet of things technology, the safety requirements of the intelligent terminals and intelligent scheduling related to the power grid regulation and control information transmission are increasingly obvious, and the confidentiality requirements of data are further improved.
Disclosure of Invention
The invention aims to overcome the defects of the prior art, and provides a power grid regulation information encryption transmission method based on a national encryption algorithm, which realizes that the communication key of each terminal is secret, and strictly ensures the confidentiality of transmission data.
The invention aims at realizing the following scheme:
the method for encrypting and transmitting the power grid regulation information based on the national encryption algorithm comprises the following steps:
updating the intelligent dispatching symmetric key and the intelligent dispatching asymmetric key through a secret management system;
the communication key is generated by intelligent scheduling through the identification code of the intelligent terminal;
and the intelligent scheduling and the intelligent terminal use the communication key to encrypt and decrypt data in the data transmission process.
Further, the method comprises the following substeps:
s1, updating an intelligent dispatching protection key by a secret management system;
s2, the secret management system guides the formal secret key into intelligent scheduling;
s3, the intelligent terminal generates a certificate request, issues a certificate through a CA, and guides the certificate into intelligent scheduling;
s4, the intelligent scheduling generates a certificate request, issues a certificate through the CA, and guides the certificate into the intelligent terminal;
s5, after the intelligent scheduling and the intelligent terminal pass through the two-way identity authentication, the intelligent scheduling updates the communication key of the intelligent terminal.
Further, in step S1, the protection key comprises an SM1 key, and step S1 comprises the sub-steps of:
s11, generating a temporary SM2 key by intelligent scheduling, and deriving an SM2 public key;
s12, the encryption management system generates a protection key, encrypts by using an SM2 public key derived by intelligent scheduling, and generates ciphertext data;
s13, the ciphertext data is transmitted to the intelligent scheduling, the intelligent scheduling uses the SM2 private key to decrypt and stores the SM1 key.
Further, in step S2, the formal key includes an SM1 symmetric key and an SM2 asymmetric key, and step S2 includes the sub-steps of:
s21, the encryption management system generates a formal key, encrypts the formal key by using the protection key and generates ciphertext data;
s22, transmitting the ciphertext data to intelligent scheduling;
s23, the intelligent scheduling decrypts the ciphertext data by using the protection key and stores the formal key.
Further, in step S5, the communication key comprises an SM1 key, and step S5 comprises the sub-steps of:
s51, intelligent scheduling and intelligent terminal bidirectional authentication;
s52, after the authentication is passed, the intelligent terminal sends an SN code;
s53, the intelligent scheduling encrypts the SN code sent by the intelligent terminal by using the SM1 key to generate a communication key;
s54, the intelligent scheduling encrypts a communication key by using an SM2 public key in the intelligent terminal certificate and sends the communication key to the intelligent terminal;
s55, the intelligent terminal decrypts by using the SM2 private key and stores the decryption.
Further, the identification code includes an SN code.
Further, the intelligent scheduling and the intelligent terminal communicate through an Ethernet or a GPRS private network.
Further, the step S1 includes the steps of: the cryptographic system initializes the intelligently scheduled symmetric key and asymmetric key.
The beneficial effects of the invention include:
and distributing a data encryption and decryption key for each intelligent terminal in operation, wherein the key generation is generated by the combined action of the intelligent scheduling and the intelligent terminal, so that the communication key of each terminal is kept secret, and the confidentiality of transmitted data is ensured.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only some embodiments of the invention, and that other drawings can be obtained according to these drawings without inventive faculty for a person skilled in the art.
FIG. 1 is a schematic diagram of a protection key update flow according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a formal key (including SM1 symmetric key and SM2 asymmetric key) update according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of certificate generation according to an embodiment of the present invention;
fig. 4 is a schematic diagram of communication key generation according to an embodiment of the present invention.
Detailed Description
All of the features disclosed in all of the embodiments of this specification, or all of the steps in any method or process disclosed implicitly, except for the mutually exclusive features and/or steps, may be combined and/or expanded and substituted in any way.
Example 1
The method for encrypting and transmitting the power grid regulation information based on the national encryption algorithm comprises the following steps:
updating the intelligent dispatching symmetric key and the intelligent dispatching asymmetric key through a secret management system;
the communication key is generated by intelligent scheduling through the identification code of the intelligent terminal;
and the intelligent scheduling and the intelligent terminal use the communication key to encrypt and decrypt data in the data transmission process.
Example 2
On the basis of example 1, the method comprises the following substeps:
s1, updating an intelligent dispatching protection key by a secret management system;
s2, the secret management system guides the formal secret key into intelligent scheduling;
s3, the intelligent terminal generates a certificate request, issues a certificate through a CA, and guides the certificate into intelligent scheduling;
s4, the intelligent scheduling generates a certificate request, issues a certificate through the CA, and guides the certificate into the intelligent terminal;
s5, after the intelligent scheduling and the intelligent terminal pass through the two-way identity authentication, the intelligent scheduling updates the communication key of the intelligent terminal.
Example 3
On the basis of embodiment 2, in step S1, the protection key includes an SM1 key, and step S1 includes the sub-steps of:
s11, generating a temporary SM2 key by intelligent scheduling, and deriving an SM2 public key;
s12, the encryption management system generates a protection key, encrypts by using an SM2 public key derived by intelligent scheduling, and generates ciphertext data;
s13, the ciphertext data is transmitted to the intelligent scheduling, the intelligent scheduling uses the SM2 private key to decrypt and stores the SM1 key.
Example 4
On the basis of embodiment 3, in step S2, the formal key includes an SM1 symmetric key and an SM2 asymmetric key, and step S2 includes the sub-steps of:
s21, the encryption management system generates a formal key, encrypts the formal key by using the protection key and generates ciphertext data;
s22, transmitting the ciphertext data to intelligent scheduling;
s23, the intelligent scheduling decrypts the ciphertext data by using the protection key and stores the formal key.
Example 5
On the basis of embodiment 4, in step S5, the communication key includes an SM1 key, and step S5 includes the sub-steps of:
s51, intelligent scheduling and intelligent terminal bidirectional authentication;
s52, after the authentication is passed, the intelligent terminal sends an SN code;
s53, the intelligent scheduling encrypts the SN code sent by the intelligent terminal by using the SM1 key to generate a communication key;
s54, the intelligent scheduling encrypts a communication key by using an SM2 public key in the intelligent terminal certificate and sends the communication key to the intelligent terminal;
s55, the intelligent terminal decrypts by using the SM2 private key and stores the decryption.
Example 6
Fig. 1, fig. 2, fig. 3, and fig. 4 show schematic diagrams of protection schemes of symmetric keys and asymmetric keys provided in this embodiment, where a cryptographic management system is responsible for key generation and protection, a CA is responsible for issuing a certificate, and after intelligent scheduling and intelligent terminal identity authentication, a transmission key is jointly generated, and specifically includes the following steps:
firstly, intelligently dispatching cipher equipment with built-in SM1 and SM2 algorithms, and deriving a public key from the intelligent dispatching;
step two, importing an SM2 public key generated by intelligent scheduling into a secret management system, and encrypting a protection key generated by the secret management system;
step three, the protection key ciphertext is imported into the intelligent scheduling, the intelligent scheduling uses the SM2 private key to decrypt, and the decryption is stored;
generating SM1 and SM2 keys by the secret management system, and encrypting by using the protection keys; the ciphertext data is transmitted to the intelligent scheduling, the intelligent scheduling uses the protection key to decrypt, and the key is stored after decryption;
step five, intelligent scheduling and intelligent terminal importing opposite side certificate;
and step six, after the intelligent terminal is online, the equipment SN number is sent, the intelligent scheduling encrypts the equipment SN by using the SM1 key, the encrypted data is a communication key, and the intelligent scheduling encrypts the communication key by using the SM2 public key in the intelligent terminal certificate to generate a ciphertext. And sending the ciphertext to the intelligent terminal in a message form, decrypting by the intelligent terminal by using the SM2 private key, and storing the communication key.
And step seven, the intelligent scheduling and the intelligent terminal use the communication key to encrypt and decrypt data in the data transmission process.
In the embodiment, a data encryption and decryption key is distributed to each intelligent terminal in operation, and the generation of the key is generated by the combined action of the intelligent scheduling and the intelligent terminal, so that the communication key of each terminal is kept secret, and the confidentiality of transmitted data is ensured.
In other embodiments of the invention based on embodiment 1, the identification code comprises an SN code.
In other embodiments of the invention based on embodiment 1, the intelligent scheduling and the intelligent terminal communicate via an ethernet or GPRS private network.
In other embodiments of the present invention based on embodiment 2, step S1 includes the steps of: the cryptographic system initializes the intelligently scheduled symmetric key and asymmetric key.
The invention is not related in part to the same as or can be practiced with the prior art.
In addition to the foregoing examples, those skilled in the art will recognize from the foregoing disclosure that other embodiments can be made and in which various features of the embodiments can be interchanged or substituted, and that such modifications and changes can be made without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (7)
1. The power grid regulation information encryption transmission method based on the national encryption algorithm is characterized by comprising the following steps of:
updating the intelligent dispatching symmetric key and the intelligent dispatching asymmetric key through a secret management system;
the communication key is generated by intelligent scheduling through the identification code of the intelligent terminal;
the intelligent scheduling and the intelligent terminal use the communication key to encrypt and decrypt data in the data transmission process;
the method comprises the following substeps:
s1, updating an intelligent dispatching protection key by a secret management system;
s2, the secret management system imports a formal key comprising an SM1 symmetric key and an SM2 asymmetric key into the intelligent scheduling;
s3, the intelligent terminal generates a certificate request, issues a certificate through a CA, and guides the certificate into intelligent scheduling;
s4, the intelligent scheduling generates a certificate request, issues a certificate through the CA, and guides the certificate into the intelligent terminal;
s5, after the intelligent scheduling and the intelligent terminal pass through the two-way identity authentication, the intelligent scheduling updates the communication key of the intelligent terminal.
2. The method for encrypted transmission of grid regulation information based on the cryptographic algorithm of claim 1, wherein in step S1, the protection key is an SM1 key, and step S1 includes the sub-steps of:
s11, generating a temporary SM2 key by intelligent scheduling, and deriving an SM2 public key;
s12, the encryption management system generates a protection key, encrypts by using an SM2 public key derived by intelligent scheduling, and generates ciphertext data;
s13, the ciphertext data is transmitted to the intelligent scheduling, the intelligent scheduling uses the SM2 private key to decrypt and stores the SM1 key.
3. The method for encrypted transmission of grid regulation information based on the cryptographic algorithm according to claim 2, wherein in step S2, the formal key includes an SM1 symmetric key and an SM2 asymmetric key, and step S2 includes the sub-steps of:
s21, the encryption management system generates a formal key, encrypts the formal key by using the protection key and generates ciphertext data;
s22, transmitting the ciphertext data to intelligent scheduling;
s23, the intelligent scheduling decrypts the ciphertext data by using the protection key and stores the formal key.
4. A method for encrypting transmission of grid regulation information based on a cryptographic algorithm according to claim 3, wherein in step S5, the method comprises the sub-steps of:
s51, intelligent scheduling and intelligent terminal bidirectional authentication;
s52, after the authentication is passed, the intelligent terminal sends an SN code;
s53, the intelligent scheduling encrypts the SN code sent by the intelligent terminal by using the SM1 key to generate a communication key;
s54, the intelligent scheduling encrypts a communication key by using an SM2 public key in the intelligent terminal certificate and sends the communication key to the intelligent terminal;
s55, the intelligent terminal decrypts by using the SM2 private key and stores the decryption.
5. The method for encrypting and transmitting power grid regulation information based on the cryptographic algorithm according to claim 1, wherein the identification code comprises an SN code.
6. The method for encrypting and transmitting the power grid regulation information based on the cryptographic algorithm according to claim 1, wherein the intelligent scheduling and the intelligent terminal communicate through an Ethernet or a GPRS private network.
7. The method for encrypting and transmitting power grid regulation information based on the cryptographic algorithm according to claim 1, wherein the step S1 comprises the steps of: the cryptographic system initializes the intelligently scheduled symmetric key and asymmetric key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110981746.5A CN113904792B (en) | 2021-08-25 | 2021-08-25 | Power grid regulation information encryption transmission method based on national encryption algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110981746.5A CN113904792B (en) | 2021-08-25 | 2021-08-25 | Power grid regulation information encryption transmission method based on national encryption algorithm |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113904792A CN113904792A (en) | 2022-01-07 |
CN113904792B true CN113904792B (en) | 2023-08-15 |
Family
ID=79187934
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110981746.5A Active CN113904792B (en) | 2021-08-25 | 2021-08-25 | Power grid regulation information encryption transmission method based on national encryption algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113904792B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102111265A (en) * | 2011-01-13 | 2011-06-29 | 中国电力科学研究院 | Method for encrypting embedded secure access module (ESAM) of power system acquisition terminal |
CN104253813A (en) * | 2014-09-05 | 2014-12-31 | 国电南瑞科技股份有限公司 | Modulation integrated system remote maintenance-based safety protection method |
CN105763542A (en) * | 2016-02-02 | 2016-07-13 | 国家电网公司 | Device and method of encryption and authentication for distribution terminal serial port communication |
CN107046531A (en) * | 2017-03-06 | 2017-08-15 | 国网湖南省电力公司 | The data processing method and system of the data access Power Information Network of monitoring terminal |
CN112019552A (en) * | 2020-08-31 | 2020-12-01 | 公安部第三研究所 | Internet of things secure communication method |
CN112202721A (en) * | 2020-09-08 | 2021-01-08 | 辽宁丰沃新能源有限公司 | Intelligent safety system of power enterprise internet of things terminal |
-
2021
- 2021-08-25 CN CN202110981746.5A patent/CN113904792B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102111265A (en) * | 2011-01-13 | 2011-06-29 | 中国电力科学研究院 | Method for encrypting embedded secure access module (ESAM) of power system acquisition terminal |
CN104253813A (en) * | 2014-09-05 | 2014-12-31 | 国电南瑞科技股份有限公司 | Modulation integrated system remote maintenance-based safety protection method |
CN105763542A (en) * | 2016-02-02 | 2016-07-13 | 国家电网公司 | Device and method of encryption and authentication for distribution terminal serial port communication |
CN107046531A (en) * | 2017-03-06 | 2017-08-15 | 国网湖南省电力公司 | The data processing method and system of the data access Power Information Network of monitoring terminal |
CN112019552A (en) * | 2020-08-31 | 2020-12-01 | 公安部第三研究所 | Internet of things secure communication method |
CN112202721A (en) * | 2020-09-08 | 2021-01-08 | 辽宁丰沃新能源有限公司 | Intelligent safety system of power enterprise internet of things terminal |
Also Published As
Publication number | Publication date |
---|---|
CN113904792A (en) | 2022-01-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11233639B2 (en) | Method and device for quantum key fusion-based virtual power plant security communication and medium | |
CN101442522B (en) | Identification authentication method for communication entity based on combined public key | |
CN101262341A (en) | A mixed encryption method in session system | |
CN113114460B (en) | Quantum encryption-based power distribution network information secure transmission method | |
CN108809636B (en) | Communication system for realizing message authentication between members based on group type quantum key card | |
CN105871918A (en) | Household appliance, communication system and method between household appliance and cloud server as well as cloud server | |
CN101409619A (en) | Flash memory card and method for implementing virtual special network key exchange | |
CN109194474A (en) | A kind of data transmission method and device | |
CN113572607B (en) | Secure communication method adopting unbalanced SM2 key exchange algorithm | |
CN113312608B (en) | Electric power metering terminal identity authentication method and system based on time stamp | |
CN113285959A (en) | Mail encryption method, decryption method and encryption and decryption system | |
CN116132043B (en) | Session key negotiation method, device and equipment | |
CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
CN109218251B (en) | Anti-replay authentication method and system | |
CN110225028B (en) | Distributed anti-counterfeiting system and method thereof | |
CN113676448B (en) | Offline equipment bidirectional authentication method and system based on symmetric key | |
CN107659405B (en) | The encrypting and decrypting method of data communication between a kind of substation boss station | |
CN102916810A (en) | Method, system and apparatus for authenticating sensor | |
CN113904792B (en) | Power grid regulation information encryption transmission method based on national encryption algorithm | |
CN100566239C (en) | The key transmission method of multi-stage intelligent key apparatus and system | |
CN101877849A (en) | Communication method between wireless module and external equipment | |
CN114363086A (en) | Industrial internet data encryption transmission method based on stream cipher | |
CN113746627A (en) | Terminal and back clip communication encryption method based on national cryptographic algorithm | |
CN112039663A (en) | Data transmission method and system | |
CN110932847A (en) | User revocation method for identity identification cryptosystem with ciphertext homomorphism |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |