CN114845298A - Aerial optical cable monitoring and transmitting system based on trusted WLAN - Google Patents
Aerial optical cable monitoring and transmitting system based on trusted WLAN Download PDFInfo
- Publication number
- CN114845298A CN114845298A CN202210318769.2A CN202210318769A CN114845298A CN 114845298 A CN114845298 A CN 114845298A CN 202210318769 A CN202210318769 A CN 202210318769A CN 114845298 A CN114845298 A CN 114845298A
- Authority
- CN
- China
- Prior art keywords
- optical cable
- cable monitoring
- information
- monitoring terminal
- digital certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000003287 optical effect Effects 0.000 title claims abstract description 214
- 238000012544 monitoring process Methods 0.000 title claims abstract description 111
- 230000005540 biological transmission Effects 0.000 claims abstract description 30
- 230000002457 bidirectional effect Effects 0.000 claims abstract description 11
- 238000012795 verification Methods 0.000 claims description 54
- 238000004891 communication Methods 0.000 claims description 14
- 239000000835 fiber Substances 0.000 claims 8
- 230000002265 prevention Effects 0.000 description 5
- GELKBWJHTRAYNV-UHFFFAOYSA-K lithium iron phosphate Chemical compound [Li+].[Fe+2].[O-]P([O-])([O-])=O GELKBWJHTRAYNV-UHFFFAOYSA-K 0.000 description 4
- 238000000034 method Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000001914 filtration Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000032683 aging Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000002360 explosive Substances 0.000 description 1
- 239000011152 fibreglass Substances 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J13/00—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
- H02J13/00002—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by monitoring
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J13/00—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
- H02J13/00006—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by information or instructions transport means between the monitoring, controlling or managing units and monitored, controlled or operated power network element or electrical equipment
- H02J13/00016—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by information or instructions transport means between the monitoring, controlling or managing units and monitored, controlled or operated power network element or electrical equipment using a wired telecommunication network or a data transmission bus
- H02J13/00017—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by information or instructions transport means between the monitoring, controlling or managing units and monitored, controlled or operated power network element or electrical equipment using a wired telecommunication network or a data transmission bus using optical fiber
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J13/00—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
- H02J13/00006—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by information or instructions transport means between the monitoring, controlling or managing units and monitored, controlled or operated power network element or electrical equipment
- H02J13/00022—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network characterised by information or instructions transport means between the monitoring, controlling or managing units and monitored, controlled or operated power network element or electrical equipment using wireless data transmission
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J7/00—Circuit arrangements for charging or depolarising batteries or for supplying loads from batteries
- H02J7/34—Parallel operation in networks using both storage and other dc sources, e.g. providing buffering
- H02J7/35—Parallel operation in networks using both storage and other dc sources, e.g. providing buffering with light sensitive cells
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q9/00—Arrangements in telecontrol or telemetry systems for selectively calling a substation from a main station, in which substation desired apparatus is selected for applying a control signal thereto or for obtaining measured values therefrom
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/009—Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q2209/00—Arrangements in telecontrol or telemetry systems
- H04Q2209/40—Arrangements in telecontrol or telemetry systems using a wireless architecture
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides an aerial optical cable monitoring and transmitting system based on a trusted WLAN, which comprises: the optical cable connector box is used for receiving optical cable monitoring information of the optical cable monitoring terminal after sequentially passing through first security certification and second security certification and forwarding the optical cable monitoring information of the received optical cable monitoring terminal to the background server; the first safety certification is hardware safety starting certification of the optical cable joint box based on the internal encryption module, the second safety certification is ternary equal bidirectional certification performed among the optical cable joint box, the optical cable monitoring terminal and the background server, and safety of data transmission between the aerial optical cable power monitoring terminal and the background monitoring center is effectively improved.
Description
Technical Field
The invention relates to the field of aerial optical cables in the power industry, in particular to an aerial optical cable monitoring and transmitting system based on a trusted WLAN.
Background
With the high-speed development of national economy, the demand of various industries on electric power is increasingly large, and the requirements on the quality (stability, non-continuity and accompanying services) of the electric power supply provided by power supply departments are also increasingly high, so that the operation safety of the power grid of a long-distance high-voltage transmission line is particularly important. The system is characterized in that geological disasters, tower inclination, hardware aging, line icing, windage yaw vibration and other states need to be monitored, the service totality presents the characteristics of large bandwidth, mobility and large connection, various terminals and sensors in the novel energy Internet construction process are increased in an explosive manner, the cable or optical cable and other wired communication modes are adopted, the installation and maintenance workload is large, the wiring mode is complicated, the hidden line danger is large, the integration degree and the intelligence degree are low, the signal coverage is difficult, the manual inspection is difficult, and the development requirement of a power grid cannot be met.
In the prior art, the original wireless access mode of the local area network at the tail end of the power grid equipment is a WiFi binary access architecture based on WPA2-PSK, and the security risk caused by password leakage or low password strength has potential safety hazards, so that the security of data transmission between the aerial optical cable power monitoring terminal and the background monitoring center is not improved.
Disclosure of Invention
The invention aims to solve the problems in the prior art, innovatively provides an aerial optical cable monitoring and transmitting system based on a trusted WLAN, effectively solves the problem of low safety of data transmission between an aerial optical cable power monitoring terminal and a background monitoring center in the prior art, and effectively improves the safety of data transmission between the aerial optical cable power monitoring terminal and the background monitoring center.
The invention provides an aerial optical cable monitoring and transmitting system based on a trusted WLAN, which comprises: the optical cable connector box is internally provided with a trusted WLAN wireless module and an encryption module and is respectively in communication connection with the optical cable monitoring terminal and the background server through the trusted WLAN wireless module, receives optical cable monitoring information of the optical cable monitoring terminal after sequentially passing through first security certification and second security certification and forwards the optical cable monitoring information of the received optical cable monitoring terminal to the background server; the first safety certification is hardware safety starting certification of the optical cable joint box based on the internal encryption module, and the second safety certification is ternary equal bidirectional certification performed among the optical cable joint box, the optical cable monitoring terminal and the background server.
Optionally, the hardware security starting certification of the optical cable joint box based on the internal encryption module specifically includes:
the controller in the optical cable joint box respectively acquires the current equipment first attribute information of the optical cable joint box and the trusted WLAN wireless module, generates a trust root and a digital signature based on the current equipment first attribute information of the optical cable joint box and the trusted WLAN wireless module, compares the generated trust root and the generated digital signature with the trust root and the digital signature stored in the encryption module in advance, and performs safe starting on the optical cable joint box and the trusted WLAN wireless module after the comparison and verification are passed.
Further, the current device first attribute information includes ID information of the current device and/or a product serial number of the current device.
Optionally, the ternary peer-to-peer bidirectional authentication performed among the optical cable joint box, the optical cable monitoring terminal, and the background server specifically includes:
the optical cable joint box sends a first digital certificate generated according to second attribute information and third attribute information of self equipment to the optical cable monitoring terminal;
acquiring a second digital certificate generated by the optical cable monitoring terminal according to second attribute information and third attribute information of the optical cable monitoring terminal, first public key information generated by a first digital certificate and a second digital certificate of an optical cable joint box, access request time information of the optical cable monitoring terminal and second public key information generated by first attribute information of optical cable monitoring terminal equipment, and sending the second digital certificate and the first public key information to a background server for verification;
and acquiring the verification results of the background server on the first digital certificate, the second digital certificate, the first public key information and the second public key information, sending the verification results to the optical cable monitoring terminal, and after the verification is passed, carrying out data transmission among the optical cable joint box, the optical cable monitoring terminal and the background server.
Further, the second attribute information of the device is MAC address information of the device, and the third attribute information of the device is an IP address of the device.
Optionally, the verifying, by the background server, the first digital certificate, the second digital certificate, the first public key information, and the second public key information specifically includes:
the background server verifies the acquired first digital certificate, the acquired second digital certificate, the acquired first public key information and the acquired second public key information with pre-stored information to be verified respectively, if at least one item of verification fails, the verification fails, and if all verification passes, the verification passes.
Further, if the verification fails, verification failure prompt information is sent to the optical cable connector box, and data transmission cannot be carried out among the optical cable connector box, the optical cable monitoring terminal and the background server.
Optionally, the optical cable splice closure signs and encrypts the first digital certificate, the second digital certificate, the first public key information and the second public key information, and then sends the first digital certificate, the second digital certificate, the first public key information and the second public key information after signature and encryption to the background server.
Further, the background server carries out signature encryption on the verification result information returned to the optical cable joint box.
Optionally, the optical cable joint box further comprises a power module for providing power for the optical cable joint box, the power module comprises a solar panel and a rechargeable battery, a power output end of the solar panel is connected with a charging end of the rechargeable battery, and the rechargeable battery provides power for the optical cable joint box.
The technical scheme adopted by the invention comprises the following technical effects:
1. according to the technical scheme, after the optical cable connector box sequentially passes through the first safety certification and the second safety certification, optical cable monitoring information of the optical cable monitoring terminal is received, and the optical cable monitoring information of the received optical cable monitoring terminal is forwarded to the background server; the first safety certification is hardware safety starting certification of the optical cable joint box based on the internal encryption module, the second safety certification is ternary equal bidirectional certification carried out among the optical cable joint box, the optical cable monitoring terminal and the background server, the problem that in the prior art, data transmission safety between the aerial optical cable electric power monitoring terminal and the background monitoring center is not high is effectively solved, and data transmission safety between the aerial optical cable electric power monitoring terminal and the background monitoring center is effectively improved.
2. According to the technical scheme, a controller in an optical cable joint box respectively acquires first attribute information of current equipment of the optical cable joint box and a trusted WLAN wireless module, a trust root and a digital signature are generated based on the first attribute information of the current equipment of the optical cable joint box and the trusted WLAN wireless module, the generated trust root and the digital signature are compared and verified with a trust root and a digital signature stored in an encryption module in advance, after the comparison and verification are passed, the optical cable joint box and the trusted WLAN wireless module are started safely, and the safety of data transmission between an overhead optical cable electric power monitoring terminal and a background monitoring center is further ensured in the aspect of hardware of the optical cable joint box.
3. According to the technical scheme, the verification information of the background server comprises a first digital certificate, a second digital certificate and first public key information, and also comprises optical cable monitoring terminal access request time information and second public key information generated by optical cable monitoring terminal equipment first attribute information.
4. According to the technical scheme, the optical cable joint box further comprises a power supply module used for providing power for the optical cable joint box, the power supply module comprises a solar panel and a rechargeable battery, solar energy is converted into electric energy through the cooperation of the solar panel and the rechargeable battery and stored in the lithium iron phosphate battery to supply power for the optical cable joint box, and the reliability of power supply of the power supply is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present invention, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without any creative effort.
FIG. 1 is a schematic diagram of a system according to an embodiment of the present invention;
fig. 2 is a schematic communication diagram of ternary peer-to-peer bidirectional authentication performed among the optical cable joint box, the optical cable monitoring terminal, and the background server in the system according to the embodiment of the present invention.
Detailed Description
In order to clearly explain the technical features of the present invention, the following detailed description of the present invention is provided with reference to the accompanying drawings. The following disclosure provides many different embodiments, or examples, for implementing different features of the invention. To simplify the disclosure of the present invention, the components and arrangements of specific examples are described below. Furthermore, the present invention may repeat reference numerals and/or letters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or configurations discussed. It should be noted that the components illustrated in the figures are not necessarily drawn to scale. Descriptions of well-known components and processing techniques and procedures are omitted so as to not unnecessarily limit the invention.
Example one
As shown in fig. 1, the present invention provides an overhead optical cable monitoring and transmission system based on a trusted WLAN, including: the optical cable connector box comprises an optical cable connector box 1, an optical cable monitoring terminal 2 and a background server 3, wherein a trusted WLAN wireless module 11 and an encryption module 12 are arranged inside the optical cable connector box 1, the optical cable connector box 1 is used for being respectively in communication connection with the optical cable monitoring terminal 2 and the background server 3 through the trusted WLAN wireless module 11, receiving optical cable monitoring information of the optical cable monitoring terminal 2 after sequentially passing through first security certification and second security certification, and transmitting the optical cable monitoring information of the received optical cable monitoring terminal 2 to the background server 3; the first safety certification is hardware safety starting certification of the optical cable joint box 1 based on the internal encryption module 12, and the second safety certification is ternary equal bidirectional certification performed among the optical cable joint box 1, the optical cable monitoring terminal 2 and the background server 3.
In the first security certification, the hardware security starting certification of the optical cable joint box based on the internal encryption module specifically comprises:
the controller 13 inside the optical cable joint box 1 respectively obtains the first attribute information of the current devices of the optical cable joint box 1 and the trusted WLAN wireless module 11, generates a trust root and a digital signature based on the first attribute information of the current devices of the optical cable joint box 1 and the trusted WLAN wireless module 11, compares the generated trust root and the generated digital signature with the trust root and the digital signature stored in the encryption module 12 in advance, and after the comparison and the verification are passed, the optical cable joint box 1 and the trusted WLAN wireless module 11 are safely started.
Specifically, the current device first attribute information includes ID information of the current device and/or a product serial number of the current device. The number of the generated trust roots may be two, that is, a first trust root generated correspondingly based on the first attribute information of the current device of the optical cable joint box 1 and a second trust root generated correspondingly based on the first attribute information of the current device of the trusted WLAN wireless module 11 inside the optical cable joint box 1, then, when verification is performed, the controller 13 respectively performs verification of the first trust root and the second trust root, and after the verification of both the first trust root and the second trust root is passed, performs authentication of the digital signature; the number of the generated trust roots may also be two, that is, a third trust root (which may be a permutation and combination of the first trust root and the second trust root, or a permutation and combination after the first trust root and the second trust root are deformed (for example, reversed)) is correspondingly generated based on the current device first attribute information of the optical cable joint box 1 and the current device first attribute information of the trusted WLAN wireless module 11 inside the optical cable joint box 1, and then, the controller 13 performs verification of the third trust root during verification, and performs authentication of the digital signature after the verification is passed. Similarly, the generated digital signatures may be two, that is, a first digital signature generated based on the first attribute information of the current device of the optical cable joint box 1 and a second digital signature generated based on the first attribute information of the current device of the trusted WLAN wireless module 11 inside the optical cable joint box 1, then, the controller 13 verifies the first digital signature and the second digital signature respectively, after both are verified, the authentication is passed, the optical cable joint box 1 and the trusted WLAN wireless module 11 are started safely, and each authentication is passed, so that the security of data transmission is improved; the generated digital signatures may be two, that is, a third digital signature (which may be a permutation and combination of the first digital signature and the second digital signature, or a permutation and combination after (for example, reversing) the first digital signature and the second digital signature) is correspondingly generated based on the current device first attribute information of the optical cable joint box 1 and the current device first attribute information of the trusted WLAN wireless module 11 inside the optical cable joint box 1, and then the controller 13 performs verification of the third digital signature during verification, and after the verification is passed, the optical cable joint box 1 and the trusted WLAN wireless module 11 are securely started; through respectively authenticating the third digital signature or the third digital certificate formed by the optical cable joint box 1 and the trusted WLAN wireless module 11, not only the safety of data transmission is improved, but also the authentication efficiency is improved. If any verification fails, the optical cable joint box 1 and the trusted WLAN wireless module 11 are not started safely. Preferably, the optical cable monitoring terminal 2 may also be provided with an encryption module, based on the current device first attribute information of the optical cable monitoring terminal 2 and based on the current device first attribute information of the optical cable monitoring terminal 2, a root of trust and a digital signature are generated, the generated root of trust and digital signature are compared with a root of trust and a digital signature stored in the encryption module in advance for verification, and after the comparison verification passes, the optical cable monitoring terminal 2 is started safely.
As shown in fig. 2, in the second security authentication, the ternary peer-to-peer bidirectional authentication performed among the optical cable joint box 1, the optical cable monitoring terminal 2, and the background server 3 specifically includes:
the optical cable joint box 1 sends a first digital certificate generated according to second attribute information and third attribute information of self equipment to the optical cable monitoring terminal 2;
acquiring a second digital certificate generated by the optical cable monitoring terminal 2 according to second attribute information and third attribute information of the device per se, first public key information generated by a first digital certificate and a second digital certificate of the optical cable joint box 1, access request time information of the optical cable monitoring terminal 2 and second public key information generated by first attribute information of the device of the optical cable monitoring terminal 2, and sending the second public key information to the background server 3 for verification;
and acquiring the verification results of the background server 3 on the first digital certificate, the second digital certificate, the first public key information and the second public key information, sending the verification results to the optical cable monitoring terminal 2, and after the verification is passed, carrying out data transmission among the optical cable joint box 1, the optical cable monitoring terminal 2 and the background server 3.
Specifically, the second attribute information of the device is MAC address information of the device, and the third attribute information of the device is an IP address of the device. The optical cable joint box 1, as an AP (Access Point) device in a ternary security architecture, trusts an identity of an ASU (application server), that is, a first digital certificate, public key information in the first digital certificate (that is, the AP certificate) may be generated based on an IP address of the optical cable joint box 1 (for example, including an IP address and other information), and private key information in the first digital certificate may be generated based on MAC address information of the optical cable joint box 1 (for example, including MAC address information and other information); the public key information in the second digital certificate (i.e., the STA certificate) may be generated based on the IP address of the optical cable monitoring terminal 2 (e.g., contains the IP address and other information), and the private key information in the second digital certificate may be generated based on the MAC address information of the optical cable monitoring terminal 2 (e.g., contains the MAC address information and other information); the optical cable monitoring terminal 2 functions as an STA (terminal each connected to a wireless network) terminal; the background server 3 (a certificate and authentication server AS deployed in a data center machine room) is responsible for issuing, managing, authenticating and authenticating the certificate of the WAPI (a security access technology standard in the field of computer broadband wireless network communication, which is a security mechanism in the mandatory standard of China wireless local area network). The first public key information (ECDH identity, key seed, AP device public key + STA terminal public key, that is, AP device public key in the first digital certificate + STA terminal public key in the second digital certificate) generated by the first digital certificate and the second public key information (temporary public key) generated by the access request time information of the optical cable monitoring terminal 2 and the first attribute information of the optical cable monitoring terminal 2 device, which not only include the access request time information of the optical cable monitoring terminal 2, but also include the public key information generated by the first attribute information of the optical cable monitoring terminal 2 device, form the second public key information together, so as to ensure that the access of the optical cable monitoring terminal 2 to the optical cable joint box 1 is in the set working time period, and the non-working time period is not accessed.
The verifying of the first digital certificate, the second digital certificate, the first public key information and the second public key information by the background server 3 specifically includes:
the background server 3 verifies the acquired first digital certificate, second digital certificate, first public key information and second public key information with pre-stored information to be verified respectively, if at least one verification fails, the verification fails, and if all verifications pass, the verification passes. If the verification fails, verification failure prompt information is sent to the optical cable connector box 1, and data transmission cannot be carried out among the optical cable connector box 1, the optical cable monitoring terminal 2 and the background server 3.
Three physical entities in the ternary security architecture, namely the optical cable joint box 1, the optical cable monitoring terminal 2 and the background server 3 have independent identities (WAPI certificates which are generated by public keys and private keys), ternary equal bidirectional authentication is achieved, and security is effectively guaranteed.
The first digital certificate and the second digital certificate are both V3 version x.509 digital certificates.
The technical scheme of the invention specifically comprises network side safety (namely between the AP equipment and the AS system), air interface safety (namely between the AP equipment and the STA terminal) and body safety (safe starting of the optical cable joint box).
In the aspect of network side security, the background server 3 includes not only a certificate and Authentication System (AS): the certificate system mainly comprises a WAPI certificate issuing and managing function and an authentication and identification function, and can identify the legality of the certificate (a first digital certificate, a second digital certificate, first public key information and second public key information); further comprising a wireless controller system (AC): the wireless controller system realizes centralized control and management of WAPIAP (optical cable splice closure) and WAPI terminal (optical cable monitoring terminal) and other equipment, and realizes authentication and monitoring management of terminal access.
The optical cable joint box 1 and a wireless controller system (AC) in the background server 3 can be matched to provide access control capability, message filtering capability, DOS attack prevention capability, port scanning prevention capability, illegal message attack prevention capability and the like, and provide local network logs. Specifically, the access control may support access control based on MAC addresses (including LAN and WLAN), or based on IP addresses and IP address ranges, and may also support access control based on URL provided in the form of black and white lists, which cannot be enabled simultaneously, and may support up to 100 records. The message filtering supports the IP layer protocol message filtering function and supports the application layer message passing. The DOS attack prevention can provide certain DOS attack prevention capability, for example, the types of attacks such as LAND, Ping of Death, SYN Flooding, ICMP Redirection, Smurf, Winnuke and the like can be prevented by setting a firewall; has the function of preventing port scanning.
In the air interface side safety aspect, each optical cable joint box 1 is configured with different SSIDs (service set identifiers) to distinguish the isolation between virtual APs (multiple SSIDs) supported by a network and support the SSID broadcast on/off function; the WAPI security mechanism is supported, the standard of GB 15629.11-2003 and GB 15629.11-2003/XG 1-2006 is met, and the algorithm for the wireless local area network approved by the national code administration is supported; the key updating function is supported, and comprises unicast key updating, multicast key updating and base key updating; the support certificate private key data is stored in a protected manner, namely, stored in the encryption module 12; and the forced STA terminal offline function is supported, and the network connection of an illegal STA terminal is cut off.
Further, the optical cable joint box 1 performs signature encryption on the first digital certificate, the second digital certificate, the first public key information and the second public key information, and then sends the first digital certificate, the second digital certificate, the first public key information and the second public key information after signature encryption to the background server 3. And the background server 3 carries out signature encryption on the verification result information returned to the optical cable joint box 1. Preferably, the optical cable joint box 1 also needs to perform signature encryption when returning the verification result information sent by the background server 3 to the optical cable monitoring terminal 2, the digital signature algorithm may be ECDSA-192, and the hash algorithm is SHA-256. The elliptic curve parameter field identifies a curve parameter approved by the national crypto-authority and dedicated to the wireless local area network by using an OID (object identifier) value 1.2.156.11235.1.1.2.1, and the elliptic curve parameter field + the first digital certificate or the second digital certificate or the first public key information or the second public key information can generate the encrypted digital certificate or the encrypted public key information.
Preferably, the optical cable joint box 1 further comprises a power module 14 for supplying power to the optical cable joint box 1, the power module 14 comprises a solar panel 141 and a rechargeable battery 142, a power output end of the solar panel 141 is connected with a charging end of the rechargeable battery 142, and the rechargeable battery 142 supplies power to the optical cable joint box 1.
The optical cable joint box 1 supports a cascade network and a local Mesh networking, the communication delay of a single device is less than 20ms, the network architecture can be continuously expanded, any two devices can be wirelessly interconnected, and the optical cable joint box has the outstanding characteristics of dynamic self-organization, self-configuration, self-maintenance and the like; the method can realize rapid deployment, is flexible and portable, the point-to-point communication distance can reach 1 kilometer, and the communication bandwidth is not lower than 200Mbps when the distance is 500 meters.
The rechargeable battery 142 can be a lithium iron phosphate battery, converts solar energy into electric energy to be stored in the lithium iron phosphate battery, and supplies power to the outdoor optical cable connector box 1; the three-frequency technology is adopted as a wireless access point, so that wireless communication with other optical cable joint boxes 1 can be realized while signal coverage is realized; the trusted WLAN wireless module 11 in the optical cable joint box 1 uses a glass fiber reinforced plastic omnidirectional antenna as a service access antenna of outdoor wireless communication equipment to ensure full-angle signal coverage; the trusted WLAN wireless module 11 in the optical cable joint box 1 may also use a high-gain directional antenna as an AirCable (triple-band technology) antenna of the outdoor wireless communication device, so as to implement smooth wireless communication between triple-band APs.
According to the technical scheme, after the optical cable connector box sequentially passes through the first safety certification and the second safety certification, optical cable monitoring information of the optical cable monitoring terminal is received, and the optical cable monitoring information of the received optical cable monitoring terminal is forwarded to the background server; the first safety certification is hardware safety starting certification of the optical cable joint box based on the internal encryption module, the second safety certification is ternary equal bidirectional certification carried out among the optical cable joint box, the optical cable monitoring terminal and the background server, the problem that in the prior art, data transmission safety between the aerial optical cable electric power monitoring terminal and the background monitoring center is not high is effectively solved, and data transmission safety between the aerial optical cable electric power monitoring terminal and the background monitoring center is effectively improved.
According to the technical scheme, a controller in an optical cable joint box respectively acquires first attribute information of current equipment of the optical cable joint box and a trusted WLAN wireless module, a trust root and a digital signature are generated based on the first attribute information of the current equipment of the optical cable joint box and the trusted WLAN wireless module, the generated trust root and the digital signature are compared and verified with a trust root and a digital signature stored in an encryption module in advance, after the comparison and verification are passed, the optical cable joint box and the trusted WLAN wireless module are started safely, and the safety of data transmission between an overhead optical cable electric power monitoring terminal and a background monitoring center is further ensured in the aspect of hardware of the optical cable joint box.
According to the technical scheme, the background server verifies information including the first digital certificate, the second digital certificate and the first public key information and also includes optical cable monitoring terminal access request time information and second public key information generated by the first attribute information of optical cable monitoring terminal equipment, and through verification of the access time of the optical cable monitoring terminal and the optical cable joint box, access communication between the optical cable monitoring terminal and the optical cable joint box only during working is ensured, and the safety of data transmission between the aerial optical cable electric power monitoring terminal and the background monitoring center is further improved.
According to the technical scheme, the optical cable joint box further comprises a power supply module used for providing power for the optical cable joint box, the power supply module comprises a solar panel and a rechargeable battery, solar energy is converted into electric energy through the cooperation of the solar panel and the rechargeable battery and stored in the lithium iron phosphate battery to supply power for the optical cable joint box, and the reliability of power supply of the power supply is improved.
Although the embodiments of the present invention have been described with reference to the accompanying drawings, it is not intended to limit the scope of the present invention, and it should be understood by those skilled in the art that various modifications and variations can be made without inventive efforts by those skilled in the art based on the technical solution of the present invention.
Claims (10)
1. An aerial optical cable monitoring and transmitting system based on a trusted WLAN is characterized by comprising: the optical cable connector box is internally provided with a trusted WLAN wireless module and an encryption module and is respectively in communication connection with the optical cable monitoring terminal and the background server through the trusted WLAN wireless module, receives optical cable monitoring information of the optical cable monitoring terminal after sequentially passing through first security certification and second security certification and forwards the optical cable monitoring information of the received optical cable monitoring terminal to the background server; the first safety certification is hardware safety starting certification of the optical cable joint box based on the internal encryption module, and the second safety certification is ternary equal bidirectional certification performed among the optical cable joint box, the optical cable monitoring terminal and the background server.
2. The overhead cable monitoring and transmission system based on trusted WLAN according to claim 1, wherein the hardware security boot authentication of the cable closure based on the internal encryption module specifically comprises:
the controller in the optical cable joint box respectively acquires the current equipment first attribute information of the optical cable joint box and the trusted WLAN wireless module, generates a trust root and a digital signature based on the current equipment first attribute information of the optical cable joint box and the trusted WLAN wireless module, compares the generated trust root and the generated digital signature with the trust root and the digital signature stored in the encryption module in advance, and performs safe starting on the optical cable joint box and the trusted WLAN wireless module after the comparison and verification are passed.
3. The trusted WLAN based aerial fiber cable monitoring transmission system of claim 2, wherein the current device first attribute information includes ID information of the current device and/or a product serial number of the current device.
4. The overhead optical cable monitoring and transmission system based on the trusted WLAN according to claim 1, wherein the ternary peer-to-peer bidirectional authentication performed among the optical cable connector box, the optical cable monitoring terminal, and the background server specifically includes:
the optical cable joint box sends a first digital certificate generated according to second attribute information and third attribute information of self equipment to the optical cable monitoring terminal;
acquiring a second digital certificate generated by the optical cable monitoring terminal according to second attribute information and third attribute information of the optical cable monitoring terminal, first public key information generated by a first digital certificate and a second digital certificate of an optical cable joint box, access request time information of the optical cable monitoring terminal and second public key information generated by first attribute information of optical cable monitoring terminal equipment, and sending the second digital certificate and the first public key information to a background server for verification;
and acquiring the verification results of the background server on the first digital certificate, the second digital certificate, the first public key information and the second public key information, sending the verification results to the optical cable monitoring terminal, and after the verification is passed, carrying out data transmission among the optical cable joint box, the optical cable monitoring terminal and the background server.
5. The trusted WLAN based aerial fiber cable monitoring and transmission system of claim 4, wherein the device second attribute information is device MAC address information, and the device third attribute information is a device IP address.
6. The overhead optical cable monitoring and transmission system based on the trusted WLAN according to claim 4, wherein the verification of the first digital certificate, the second digital certificate, the first public key information, and the second public key information by the background server specifically includes:
the background server verifies the acquired first digital certificate, the acquired second digital certificate, the acquired first public key information and the acquired second public key information with pre-stored information to be verified respectively, if at least one item of verification fails, the verification fails, and if all verification passes, the verification passes.
7. The trusted WLAN based aerial fiber cable monitoring and transmission system according to claim 6, wherein if the verification fails, a verification failure prompt is sent to the fiber cable splice closure, and data transmission between the fiber cable splice closure, the fiber cable monitoring terminal, and the background server is disabled.
8. The overhead optical cable monitoring and transmission system based on the trusted WLAN according to any one of claims 4 to 7, wherein the optical cable joint box performs signature encryption on the first digital certificate, the second digital certificate, the first public key information and the second public key information, and then sends the first digital certificate, the second digital certificate, the first public key information and the second public key information after signature encryption to the background server.
9. The trusted WLAN based aerial fiber cable monitoring and transmission system of claim 8 wherein the backend server signs and encrypts the verification result information returned to the cable closure.
10. The trusted WLAN based aerial fiber cable monitoring and transmission system of claim 1, wherein the cable closure further comprises a power module for providing power to the cable closure, the power module comprising a solar panel and a rechargeable battery, a power output of the solar panel being connected to a charging terminal of the rechargeable battery, and the rechargeable battery providing power to the cable closure.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210318769.2A CN114845298B (en) | 2022-03-29 | 2022-03-29 | Overhead optical cable monitoring and transmitting system based on trusted WLAN |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210318769.2A CN114845298B (en) | 2022-03-29 | 2022-03-29 | Overhead optical cable monitoring and transmitting system based on trusted WLAN |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114845298A true CN114845298A (en) | 2022-08-02 |
| CN114845298B CN114845298B (en) | 2023-11-28 |
Family
ID=82564324
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210318769.2A Active CN114845298B (en) | 2022-03-29 | 2022-03-29 | Overhead optical cable monitoring and transmitting system based on trusted WLAN |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114845298B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050132202A1 (en) * | 2003-12-11 | 2005-06-16 | Dillaway Blair B. | Attesting to establish trust between computer entities |
| CN102355467A (en) * | 2011-10-18 | 2012-02-15 | 国网电力科学研究院 | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission |
| CN105554760A (en) * | 2016-01-29 | 2016-05-04 | 腾讯科技(深圳)有限公司 | Wireless access point authentication method, device and system |
| CN106230784A (en) * | 2016-07-20 | 2016-12-14 | 杭州华三通信技术有限公司 | A kind of device authentication method and device |
| CN107360124A (en) * | 2016-05-10 | 2017-11-17 | 普天信息技术有限公司 | Access authentication method and device, WAP and user terminal |
| CN107438001A (en) * | 2016-05-26 | 2017-12-05 | 北京博文广成信息安全技术有限公司 | Dynamic CFL certificate verification algorithms |
| CN111149334A (en) * | 2017-11-23 | 2020-05-12 | 阿姆有限公司 | Remote device control |
| CN111372247A (en) * | 2019-12-23 | 2020-07-03 | 国网天津市电力公司 | Terminal secure access method and terminal secure access system based on narrowband Internet of things |
| CN112784278A (en) * | 2020-12-31 | 2021-05-11 | 科东(广州)软件科技有限公司 | Trusted starting method, device and equipment of computer system |
| CN113591109A (en) * | 2021-07-23 | 2021-11-02 | 上海瓶钵信息科技有限公司 | Method and system for communication between trusted execution environment and cloud |
-
2022
- 2022-03-29 CN CN202210318769.2A patent/CN114845298B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050132202A1 (en) * | 2003-12-11 | 2005-06-16 | Dillaway Blair B. | Attesting to establish trust between computer entities |
| CN102355467A (en) * | 2011-10-18 | 2012-02-15 | 国网电力科学研究院 | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission |
| CN105554760A (en) * | 2016-01-29 | 2016-05-04 | 腾讯科技(深圳)有限公司 | Wireless access point authentication method, device and system |
| CN107360124A (en) * | 2016-05-10 | 2017-11-17 | 普天信息技术有限公司 | Access authentication method and device, WAP and user terminal |
| CN107438001A (en) * | 2016-05-26 | 2017-12-05 | 北京博文广成信息安全技术有限公司 | Dynamic CFL certificate verification algorithms |
| CN106230784A (en) * | 2016-07-20 | 2016-12-14 | 杭州华三通信技术有限公司 | A kind of device authentication method and device |
| CN111149334A (en) * | 2017-11-23 | 2020-05-12 | 阿姆有限公司 | Remote device control |
| CN111372247A (en) * | 2019-12-23 | 2020-07-03 | 国网天津市电力公司 | Terminal secure access method and terminal secure access system based on narrowband Internet of things |
| CN112784278A (en) * | 2020-12-31 | 2021-05-11 | 科东(广州)软件科技有限公司 | Trusted starting method, device and equipment of computer system |
| CN113591109A (en) * | 2021-07-23 | 2021-11-02 | 上海瓶钵信息科技有限公司 | Method and system for communication between trusted execution environment and cloud |
Non-Patent Citations (3)
| Title |
|---|
| MAHESWARA RAO VALLURI: "Digital signature scheme based on truncated polynomial over finite fields", 2016 14TH ANNUAL CONFERENCE ON PRIVACY, SECURITY AND TRUST (PST) * |
| 林璟锵等: "PKI技术的近年研究综述", 密码学报 * |
| 莫楚栋;梁伯勤;: "嵌入式可信平台设计及在信息防泄露中的应用", 教育信息技术, no. 2 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114845298B (en) | 2023-11-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1268093C (en) | Distribution method of wireless local area network encrypted keys | |
| CA2744972C (en) | Native wi-fi architecture for 802.11 networks | |
| US7339915B2 (en) | Virtual LAN override in a multiple BSSID mode of operation | |
| US8964634B2 (en) | Wireless home mesh network bridging adaptor | |
| JP4611289B2 (en) | Wireless service point network | |
| US9071968B2 (en) | Method, apparatus, and system for centralized 802.1X authentication in wireless local area network | |
| US20090016529A1 (en) | Method and system for prevention of unauthorized communication over 802.11w and related wireless protocols | |
| US20090019539A1 (en) | Method and system for wireless communications characterized by ieee 802.11w and related protocols | |
| US11388590B2 (en) | Cryptographic security in multi-access point networks | |
| US20050201342A1 (en) | Wireless access point network and management protocol | |
| Zhou et al. | Efficient application of GPRS and CDMA networks in SCADA system | |
| CN111711625A (en) | Power system information security encryption system based on power distribution terminal | |
| US20140181279A1 (en) | Virtual Console-Port Management | |
| Singh et al. | Analysis of security issues and their solutions in wireless LAN | |
| CN114845298B (en) | Overhead optical cable monitoring and transmitting system based on trusted WLAN | |
| US11432138B1 (en) | Secure communications among access points | |
| CN102883265B (en) | The positional information method of sending and receiving of access user, equipment and system | |
| JP2004207965A (en) | High speed authentication system and method for wireless lan | |
| US20130191635A1 (en) | Wireless authentication terminal | |
| CN113613205B (en) | Network access mechanism suitable for wireless avionics internal communication network | |
| CN115378578A (en) | SD-WAN (secure digital-to-Wide area network) implementation method and system based on SM4 cryptographic key | |
| US20210282013A1 (en) | Connecting access point to wireless multi-hop network | |
| CA3205828A1 (en) | Monitoring secured network using network tap devices | |
| CN110995562A (en) | Distributed wind power plant wireless networking system | |
| Zhao et al. | The Cooperative Authentication Mechanism and Performance Evaluation for Unmanned Systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |