CN116346423A - Client data multiple encryption system and method in intelligent Internet of things energy system - Google Patents
Client data multiple encryption system and method in intelligent Internet of things energy system Download PDFInfo
- Publication number
- CN116346423A CN116346423A CN202310172936.1A CN202310172936A CN116346423A CN 116346423 A CN116346423 A CN 116346423A CN 202310172936 A CN202310172936 A CN 202310172936A CN 116346423 A CN116346423 A CN 116346423A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- terminal equipment
- edge gateway
- decryption
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000012795 verification Methods 0.000 claims abstract description 44
- 238000004891 communication Methods 0.000 claims description 9
- 238000005516 engineering process Methods 0.000 description 5
- 238000007405 data analysis Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005265 energy consumption Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000009499 grossing Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a client data multiple encryption system and method in an intelligent Internet of things energy system. The method comprises the following steps: the terminal equipment registers to the verification server according to the identity information of the terminal equipment, and after the registration is successful, the terminal equipment interacts key information with the verification server; the terminal equipment encrypts the type of the client data, the client data and the identity information by adopting a public key to generate a first ciphertext; encrypting the first ciphertext according to a first encryption rule agreed with the edge gateway in advance to obtain a second ciphertext; encrypting the second ciphertext according to a second encryption rule agreed with the edge gateway in advance to obtain a third ciphertext; transmitting the third ciphertext to the edge gateway; the edge gateway searches a second decryption rule and a first decryption rule corresponding to the terminal equipment to gradually decrypt the third ciphertext, and sends a decryption result to the verification server. The invention improves the safety of the client data in the field of intelligent Internet of things energy.
Description
Technical Field
The embodiment of the invention relates to the technical field of intelligent energy, in particular to a client data multiple encryption system and method in an intelligent Internet of things energy system.
Background
The internet of energy (IoT) is one of the important support technologies for the evolution of the smart energy internet (EoI), and the low power wide area network (LPWA) internet of things technology will play a key role in the smart energy internet field. The small data in the energy power field are numerous, and the small data comprise user side data, power system edge data, intelligent energy new technology, new business data and the like.
With the increasing depth of application of the internet of things technology in intelligent energy, the problem of data security brought by the internet of things also appears in an intelligent energy system. The current intelligent internet of things energy system mainly focuses on data acquisition, analysis and energy prediction, and rarely focuses on the condition that an illegal terminal transmits false data. False data directly affects the accuracy of later data analysis and energy prediction.
In view of this, the present invention has been made.
Disclosure of Invention
The invention provides a client data multiple encryption system and method in an intelligent Internet of things energy system, which are used for improving the safety of client data in the field of intelligent Internet of things energy.
The invention provides a client data multiple encryption method in an intelligent Internet of things energy system, which is suitable for the intelligent Internet of things energy system, wherein the intelligent Internet of things energy system comprises a plurality of terminal devices, and a verification server and an edge gateway which are in communication connection with each terminal device;
the method comprises the following steps:
the terminal equipment registers to the verification server according to the identity information of the terminal equipment, and after the registration is successful, the terminal equipment interacts key information with the verification server;
the terminal equipment encrypts the type of the client data, the client data and the identity information by adopting a public key to generate a first ciphertext; encrypting the first ciphertext according to a first encryption rule agreed with an edge gateway in advance to obtain a second ciphertext; encrypting the second ciphertext according to a second encryption rule agreed with the edge gateway in advance to obtain a third ciphertext; transmitting the third ciphertext to an edge gateway;
the edge gateway searches a second decryption rule and a first decryption rule corresponding to the terminal equipment to gradually decrypt the third ciphertext, so as to obtain a decryption result;
the edge gateway sends the decryption result to a verification server;
and the verification server decrypts the decryption result according to the private key corresponding to the terminal equipment to obtain the data uploaded by the terminal equipment.
Preferably, after the registration is successful, the terminal device interacts key information with the verification server, including:
after successful registration, the verification server generates a public key and a private key, and binds the public key and the private key with the identity information of the terminal equipment;
the verification server sends the public key to the terminal device.
Preferably, after the authentication server transmits the public key to the terminal device, the authentication server further includes:
the terminal equipment sends the first encryption rule and the second encryption rule to the verification server;
the authentication server forwards the first encryption rule and the second encryption rule to the edge gateway.
Preferably, the first encryption rule includes deleting a second number of characters after every first number of characters in the first ciphertext to obtain a second ciphertext, and sequentially forming the deleted characters into a codebook, and the first decryption rule includes adding a second number of characters after every first number of characters in the second ciphertext according to the codebook;
the second encryption rule comprises adding a fourth number of characters after every third number of characters in the second secret to obtain a third ciphertext, and the second decryption rule comprises deleting the fourth number of characters after every third number of characters in the third secret;
the edge gateway searches a second decryption rule and a first decryption rule corresponding to the terminal equipment to gradually decrypt the third ciphertext to obtain a decryption result, and the method comprises the following steps:
the edge gateway searches a second decryption rule corresponding to the terminal equipment to decrypt the third ciphertext to obtain a second ciphertext; transmitting the second ciphertext to the terminal equipment;
the terminal equipment verifies the second ciphertext and then sends a codebook to the edge gateway;
and the edge gateway decrypts the second ciphertext according to the codebook and the first decryption rule to obtain a decryption result.
Preferably, the edge gateway sends the second ciphertext to the terminal device, including:
the edge gateway sends the second ciphertext and other character strings to the terminal equipment;
the terminal device sends the codebook to the edge gateway after verifying the second ciphertext, and the method comprises the following steps:
and the terminal equipment determines that the edge gateway sending data comprises a second ciphertext obtained by local encryption and sends a codebook sending value to the edge gateway.
Preferably, the customer data includes at least data of the energy generating device, data of the energy consuming customer, and energy configuration data.
Preferably, the sending, by the terminal device, the third ciphertext to an edge gateway includes:
the terminal equipment sends the message stored with the third ciphertext to the value edge gateway according to the network protocol agreed with the edge gateway;
and the edge gateway analyzes the third ciphertext from the message according to a network protocol, searches a second decryption rule and a first decryption rule corresponding to the terminal equipment, and gradually decrypts the third ciphertext to obtain a decryption result.
The invention also provides a client data multiple encryption system in the intelligent internet of things energy system, which comprises: a plurality of terminal devices, and an authentication server and an edge gateway which are in communication connection with each terminal device;
the terminal equipment registers to the verification server according to the identity information of the terminal equipment, and after the registration is successful, the terminal equipment interacts key information with the verification server;
the terminal equipment encrypts the type of the client data, the client data and the identity information by adopting a public key to generate a first ciphertext; encrypting the first ciphertext according to a first encryption rule agreed with an edge gateway in advance to obtain a second ciphertext; encrypting the second ciphertext according to a second encryption rule agreed with the edge gateway in advance to obtain a third ciphertext; transmitting the third ciphertext to an edge gateway;
the edge gateway searches a second decryption rule and a first decryption rule corresponding to the terminal equipment to gradually decrypt the third ciphertext, so as to obtain a decryption result;
the edge gateway sends the decryption result to a verification server;
the verification server decrypts the decryption result according to the private key corresponding to the terminal equipment to obtain data uploaded by the terminal equipment;
preferably, the system further comprises an energy management server;
the verification server sends the data uploaded by the terminal equipment to an energy management server;
and the energy management server analyzes the received data and generates a management strategy, and the management strategy is sent to the terminal equipment through a gateway.
Preferably, the energy management server is provided with a man-machine interaction interface, and receives the management policy input by an administrator.
The method provided by the invention is applied to an intelligent Internet of things energy system and is used for encrypting the data uploaded by the terminal equipment so as to protect the safety of the data. The terminal equipment firstly adopts the public key to encrypt the data again, then adopts the first encryption rule to encrypt the data again, and finally adopts the second encryption rule to encrypt the data again, thereby greatly ensuring that the data is fully encrypted and not cracked; the identity of the terminal equipment is verified through joint decryption by the edge gateway and the verification server, and the condition of illegal terminal equipment can be found, so that the reality and effectiveness of data and the accuracy of later data analysis and energy prediction are further ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a client data multiple encryption system in an intelligent Internet of things energy system according to an embodiment of the present invention;
fig. 2 is a flowchart of a client data multiple encryption method in an intelligent internet of things energy system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below. It will be apparent that the described embodiments are only some, but not all, embodiments of the invention. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the invention, are within the scope of the invention.
In the description of the present invention, it should be noted that the directions or positional relationships indicated by the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc. are based on the directions or positional relationships shown in the drawings, are merely for convenience of describing the present invention and simplifying the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it should also be noted that, unless explicitly specified and limited otherwise, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be either fixedly connected, detachably connected, or integrally connected, for example; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present invention will be understood in specific cases by those of ordinary skill in the art.
The embodiment of the invention provides a multiple encryption method for client data in an intelligent Internet of things energy system, which is suitable for encrypting the client data in the intelligent Internet of things energy system. The method is suitable for an intelligent Internet of things energy system. For convenience in describing the method provided in this embodiment, a system to which the present embodiment is applied is preferably introduced. Fig. 1 is a schematic structural diagram of a client data multiple encryption system in an intelligent internet of things energy system, a plurality of terminal devices, and an authentication server and an edge gateway which are in communication connection with each terminal device.
The present embodiment is not limited to the type of the terminal device, and may be a capacity device terminal, an energy consumption device terminal, and an energy configuration terminal, for example, a terminal device of a distribution company. Accordingly, the client data generated by the different types of terminal devices are different and are not exemplified herein. Each terminal device is communicatively connected to the authentication server and the edge gateway. The authentication server may be a single server or a cluster of servers for registration and data decryption of the terminal device.
Fig. 2 is a flowchart of a client data multiple encryption method in an intelligent internet of things energy system, which is provided in an embodiment of the present invention, and is used for encrypting and decrypting client data, and specifically includes the following operations:
s110, the terminal equipment registers to the verification server according to the identity information of the terminal equipment, and after the registration is successful, the terminal equipment interacts key information with the verification server.
The identity information of the terminal device includes software and hardware information of the terminal device and identity information of the logged-in client (such as company unified social credit code or resident identification card). The terminal equipment sends the identity information to the verification server, and registration can be completed after the relevant registration terms are met. After successful registration, the verification server generates a public key and a private key, and binds the public key and the private key with the identity information of the terminal equipment; and the verification server sends the public key to the terminal equipment for asymmetrically encrypting the data.
S120, the terminal equipment encrypts the type of the client data, the client data and the identity information by adopting a public key to generate a first ciphertext; encrypting the first ciphertext according to a first encryption rule agreed with an edge gateway in advance to obtain a second ciphertext; encrypting the second ciphertext according to a second encryption rule agreed with the edge gateway in advance to obtain a third ciphertext; and sending the third ciphertext to an edge gateway.
Types of customer data include, but are not limited to, numbers, character strings, pictures, text, and the like. The operation of encrypting with public keys is referred to in the prior art and will not be described in detail here.
The asymmetric encryption method is an encryption method commonly used in the industry, and once a public key or a private key is lost, the security of data cannot be guaranteed. Therefore, the present embodiment performs triple encryption using the first encryption rule and the second encryption rule on the basis of public key encryption.
Specifically, after the verification server sends the public key to the terminal device, the terminal device sends the first encryption rule and the second encryption rule to the verification server, and the verification server forwards the first encryption rule and the second encryption rule to the edge gateway. The authentication server is a trusted server, so in this embodiment, the terminal device needs to obtain the public key from the authentication server, and the edge gateway also needs to obtain the first/second encryption rule from the authentication server, and is not allowed to obtain the information from other nodes, so as to ensure security.
The first encryption rule and the second encryption rule may be defined by the terminal device, which is not limited in this embodiment. The following provides a preferred embodiment: the first encryption rule comprises deleting a second number of characters after every first number of characters in the first ciphertext to obtain a second ciphertext, and sequentially forming the deleted characters into a codebook, and the first decryption rule comprises adding a second number of characters after every first number of characters in the second ciphertext according to the codebook; the second encryption rule comprises adding a fourth number of characters to the second secret after every third number of characters to obtain a third ciphertext, and the second decryption rule comprises deleting the fourth number of characters after every third number of characters in the third secret.
Wherein the first number, the second number, the third number, and the fourth number may be customized. For example, the first ciphertext is ABCDEFGHIJK, first deleting 1 character after every 4 characters to obtain a second ciphertext abcdefghik, and storing the deleted EJ in the codebook; and adding 2 random characters after every 3 characters in the second ciphertext ABCDFGHIK, wherein the random characters added each time can be the same or different, and finally obtaining a third ciphertext ABC33DFGAAHIKBB.
The second decryption rule is opposite to the second encryption rule, and the first decryption rule is opposite to the first encryption rule, which is not described here again.
According to the invention, the Internet of things technology is integrated into an intelligent energy system, and the terminal equipment sends the message stored with the third ciphertext to the value edge gateway according to the network protocol agreed with the edge gateway. The network protocol may be a XMPP (Extensible Messaging and Presence Protocol) extensible communication and presentation protocol, an open source type of organization generated network instant messaging protocol. The application range is as follows: the application program of instant messaging can also be used for network management, games, remote system monitoring and the like. The characteristics are as follows: (1) a client/server communication mode; (2) a distributed network; (3) A simple client side, which puts most of the work on a server side; (4) Data format of a subset XML of standard generic markup language.
S130, the edge gateway searches a second decryption rule and a first decryption rule corresponding to the terminal equipment to gradually decrypt the third ciphertext, and a decryption result is obtained.
The edge gateway analyzes the third ciphertext from the message according to the network protocol, and searches a second decryption rule corresponding to the terminal equipment to decrypt the third ciphertext to obtain a second ciphertext; and then decrypting the second ciphertext according to the first decryption rule and the codebook to obtain a decryption result. The codebook is extracted from the second ciphertext, so that the probability of the codebook of each transmitted data is different, and the codebook needs to be acquired from the terminal equipment. Thus, at S120, the terminal device may send the third ciphertext to the edge gateway along with the codebook.
Preferably, the present embodiment considers the situation that the edge gateway is hijacked, and needs to be verified. Therefore, the edge gateway searches a second decryption rule corresponding to the terminal equipment to decrypt the third ciphertext to obtain a second ciphertext; transmitting the second ciphertext to the terminal equipment; the terminal equipment verifies the second ciphertext, namely, the received second ciphertext is compared with the second ciphertext locally generated in the S120, if the comparison is consistent, the verification is passed, the edge gateway is considered to be safe, and then the codebook is sent to the edge gateway; and the edge gateway decrypts the second ciphertext according to the codebook and the first decryption rule to obtain a decryption result.
Preferably, in this embodiment, the possibility that the link between the edge gateway and the terminal device may be hijacked and the second ciphertext may be compromised and tampered is considered. Therefore, the edge gateway sends the second ciphertext and other character strings to the terminal device; other strings play an interfering role. When the link is hijacked, the outside does not know that only part of the link is the second ciphertext, and the real information is not obtained. And then, the terminal equipment determines that the edge gateway sending data comprises a second ciphertext obtained by local encryption and sends the codebook to the edge gateway.
Illustratively, the edge gateway receives a third ciphertext ABC33DFGAAHIKBB sent by the terminal device, and decrypts the third ciphertext based on the second decryption rule to obtain abcdbghik. And sending the ABCDFGHIK and other character strings ABCDRTIH and 12rhtyERC back to the terminal equipment, and sending the codebook comprising EJ to the edge gateway if the terminal equipment judges that the ABCDFGHIK is consistent with the second ciphertext. The edge gateway decrypts the second ciphertext abcdefghik based on the first decryption rule to obtain ABCDEFGHIJK, which is consistent with the first ciphertext as a decryption result.
And S140, the edge gateway sends the decryption result to the verification server.
And S150, the verification server decrypts the decryption result according to the private key corresponding to the terminal equipment to obtain data uploaded by the terminal equipment.
Since the data uploaded by the terminal device includes the identity information, and the terminal device is registered in the authentication server in advance, whether the result of the authentication server is correct can be verified by comparing the identity information.
The method provided by the invention is applied to an intelligent Internet of things energy system and is used for encrypting the data uploaded by the terminal equipment so as to protect the safety of the data. The terminal equipment firstly adopts the public key to encrypt the data again, then adopts the first encryption rule to encrypt the data again, and finally adopts the second encryption rule to encrypt the data again, thereby greatly ensuring that the data is fully encrypted and not cracked; the identity of the terminal equipment is verified through joint decryption by the edge gateway and the verification server, and the condition of illegal terminal equipment can be found, so that the reality and effectiveness of data and the accuracy of later data analysis and energy prediction are further ensured.
With continued reference to fig. 1, the system provided by the embodiment of the present invention further includes an energy management server in communication with the gateway. The verification server sends the data uploaded by the terminal equipment to the energy management server; the energy management server analyzes the received data and generates a management strategy, and the management strategy is sent to the terminal equipment through the gateway. The energy management server performs denoising, smoothing and other processing on the data, then analyzes and predicts the data, and generates a management strategy, such as predicting the recent energy consumption peak value, so as to give the target energy of each energy production device. And sending the target energy to the corresponding energy production equipment through the gateway. The present embodiment does not limit the data analysis method and the generation method of the management policy.
Preferably, the energy management server is provided with a man-machine interaction interface, and receives the management policy input by an administrator. An administrator can develop a high-precision energy management model and input the energy management model into an energy management server through a human-computer interaction interface so as to meet personalized management requirements.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the essence of the corresponding technical solutions from the technical solutions of the embodiments of the present invention.
Claims (10)
1. The client data multiple encryption method in the intelligent Internet of things energy system is characterized by being suitable for the intelligent Internet of things energy system, wherein the intelligent Internet of things energy system comprises a plurality of terminal devices, and a verification server and an edge gateway which are in communication connection with each terminal device;
the method comprises the following steps:
the terminal equipment registers to the verification server according to the identity information of the terminal equipment, and after the registration is successful, the terminal equipment interacts key information with the verification server;
the terminal equipment encrypts the type of the client data, the client data and the identity information by adopting a public key to generate a first ciphertext; encrypting the first ciphertext according to a first encryption rule agreed with an edge gateway in advance to obtain a second ciphertext; encrypting the second ciphertext according to a second encryption rule agreed with the edge gateway in advance to obtain a third ciphertext; transmitting the third ciphertext to an edge gateway;
the edge gateway searches a second decryption rule and a first decryption rule corresponding to the terminal equipment to gradually decrypt the third ciphertext, so as to obtain a decryption result;
the edge gateway sends the decryption result to a verification server;
and the verification server decrypts the decryption result according to the private key corresponding to the terminal equipment to obtain the data uploaded by the terminal equipment.
2. The method according to claim 1, wherein the terminal device interacts key information with the authentication server after the registration is successful, comprising:
after successful registration, the verification server generates a public key and a private key, and binds the public key and the private key with the identity information of the terminal equipment;
the verification server sends the public key to the terminal device.
3. The method of claim 2, wherein after the authentication server sends the public key to the terminal device, further comprising:
the terminal equipment sends the first encryption rule and the second encryption rule to the verification server;
the authentication server forwards the first encryption rule and the second encryption rule to the edge gateway.
4. The method of claim 1, wherein the first encryption rule includes deleting a second number of characters after each first number of characters in the first ciphertext to obtain a second ciphertext, and sequentially forming the deleted characters into a codebook, and wherein the first decryption rule includes adding a second number of characters after each first number of characters in the second ciphertext according to the codebook;
the second encryption rule comprises adding a fourth number of characters after every third number of characters in the second secret to obtain a third ciphertext, and the second decryption rule comprises deleting the fourth number of characters after every third number of characters in the third secret;
the edge gateway searches a second decryption rule and a first decryption rule corresponding to the terminal equipment to gradually decrypt the third ciphertext to obtain a decryption result, and the method comprises the following steps:
the edge gateway searches a second decryption rule corresponding to the terminal equipment to decrypt the third ciphertext to obtain a second ciphertext; transmitting the second ciphertext to the terminal equipment;
the terminal equipment verifies the second ciphertext and then sends a codebook to the edge gateway;
and the edge gateway decrypts the second ciphertext according to the codebook and the first decryption rule to obtain a decryption result.
5. The method of claim 4, wherein the edge gateway sending the second ciphertext to the terminal device comprises:
the edge gateway sends the second ciphertext and other character strings to the terminal equipment;
the terminal device sends the codebook to the edge gateway after verifying the second ciphertext, and the method comprises the following steps:
and the terminal equipment determines that the edge gateway sending data comprises a second ciphertext obtained by local encryption and sends a codebook to the edge gateway.
6. The method of claim 1, wherein the customer data includes at least data of a capacity plant, data of an energy consuming customer, and energy configuration data.
7. The method of claim 1, wherein the terminal device sending the third ciphertext to an edge gateway comprises:
the terminal equipment sends the message stored with the third ciphertext to the value edge gateway according to the network protocol agreed with the edge gateway;
the edge gateway searches a second decryption rule and a first decryption rule corresponding to the terminal equipment to gradually decrypt the third ciphertext to obtain a decryption result, and the method comprises the following steps:
and the edge gateway analyzes the third ciphertext from the message according to a network protocol, searches a second decryption rule and a first decryption rule corresponding to the terminal equipment, and gradually decrypts the third ciphertext to obtain a decryption result.
8. A multiple encryption system for client data in an intelligent internet of things energy system, comprising: a plurality of terminal devices, and an authentication server and an edge gateway which are in communication connection with each terminal device;
the terminal equipment registers to the verification server according to the identity information of the terminal equipment, and after the registration is successful, the terminal equipment interacts key information with the verification server;
the terminal equipment encrypts the type of the client data, the client data and the identity information by adopting a public key to generate a first ciphertext; encrypting the first ciphertext according to a first encryption rule agreed with an edge gateway in advance to obtain a second ciphertext; encrypting the second ciphertext according to a second encryption rule agreed with the edge gateway in advance to obtain a third ciphertext; transmitting the third ciphertext to an edge gateway;
the edge gateway searches a second decryption rule and a first decryption rule corresponding to the terminal equipment to gradually decrypt the third ciphertext, so as to obtain a decryption result;
the edge gateway sends the decryption result to a verification server;
and the verification server decrypts the decryption result according to the private key corresponding to the terminal equipment to obtain the data uploaded by the terminal equipment.
9. The system of claim 8, further comprising an energy management server;
the verification server sends the data uploaded by the terminal equipment to an energy management server;
and the energy management server analyzes the received data and generates a management strategy, and the management strategy is sent to the terminal equipment through a gateway.
10. The system of claim 9, wherein the energy management server has a human-machine interface that receives management policies entered by an administrator.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310172936.1A CN116346423A (en) | 2023-02-28 | 2023-02-28 | Client data multiple encryption system and method in intelligent Internet of things energy system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310172936.1A CN116346423A (en) | 2023-02-28 | 2023-02-28 | Client data multiple encryption system and method in intelligent Internet of things energy system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116346423A true CN116346423A (en) | 2023-06-27 |
Family
ID=86886833
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310172936.1A Pending CN116346423A (en) | 2023-02-28 | 2023-02-28 | Client data multiple encryption system and method in intelligent Internet of things energy system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116346423A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116668200A (en) * | 2023-07-31 | 2023-08-29 | 深圳市联新移动医疗科技有限公司 | Internet of things data security transmission method and system |
-
2023
- 2023-02-28 CN CN202310172936.1A patent/CN116346423A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116668200A (en) * | 2023-07-31 | 2023-08-29 | 深圳市联新移动医疗科技有限公司 | Internet of things data security transmission method and system |
| CN116668200B (en) * | 2023-07-31 | 2023-10-17 | 深圳市联新移动医疗科技有限公司 | Internet of things data security transmission method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Mandal et al. | Certificateless-signcryption-based three-factor user access control scheme for IoT environment | |
| US20220191016A1 (en) | Methods, apparatuses, and computer program products for frictionless electronic signature management | |
| CN103685282B (en) | A kind of identity identifying method based on single-sign-on | |
| CN109618326A (en) | User's dynamic identifier generation method and service registration method, login validation method | |
| US8141142B2 (en) | Secure authentication of service users of a remote service interface to a storage media | |
| CN108880822A (en) | A kind of identity identifying method, device, system and a kind of intelligent wireless device | |
| CN101815091A (en) | Cipher providing equipment, cipher authentication system and cipher authentication method | |
| CN111130798B (en) | Request authentication method and related equipment | |
| CN112565265B (en) | Authentication method, authentication system and communication method between terminal devices of Internet of things | |
| US9954853B2 (en) | Network security | |
| CN110380859B (en) | Quantum communication service station identity authentication method and system based on asymmetric key pool pair and DH protocol | |
| US20150328119A1 (en) | Method of treating hair | |
| CN112383401B (en) | User name generation method and system for providing identity authentication service | |
| CN113886771A (en) | Software authorization authentication method | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN116346423A (en) | Client data multiple encryption system and method in intelligent Internet of things energy system | |
| CN114070568A (en) | Data processing method and device, electronic equipment and storage medium | |
| KR20200067987A (en) | Method of login control | |
| CN201717885U (en) | Code providing equipment and code identification system | |
| CN108632295B (en) | Method for preventing terminal from repeatedly attacking server | |
| Sagar et al. | Measuring the security and reliability of authentication of social networking sites | |
| CN112035820B (en) | Data analysis method used in Kerberos encryption environment | |
| CN210745178U (en) | Identity authentication system | |
| CN114170709A (en) | Money box management method and system based on Internet of things | |
| US10305898B1 (en) | System and method to improve message security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |