[go: up one dir, main page]

CN111343164A - Data encryption method and device applied to electric energy meter and storage medium - Google Patents

Data encryption method and device applied to electric energy meter and storage medium Download PDF

Info

Publication number
CN111343164A
CN111343164A CN202010093609.3A CN202010093609A CN111343164A CN 111343164 A CN111343164 A CN 111343164A CN 202010093609 A CN202010093609 A CN 202010093609A CN 111343164 A CN111343164 A CN 111343164A
Authority
CN
China
Prior art keywords
public key
management module
random number
ciphertext
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010093609.3A
Other languages
Chinese (zh)
Other versions
CN111343164B (en
Inventor
张敏
王柯童
李双全
朱程鹏
王宏飞
舒元康
陈昌首
史少岩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Haixing Power Grid Technology Co Ltd
Hangzhou Hexing Electrical Co Ltd
Ningbo Henglida Technology Co Ltd
Original Assignee
Nanjing Haixing Power Grid Technology Co Ltd
Hangzhou Hexing Electrical Co Ltd
Ningbo Henglida Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Haixing Power Grid Technology Co Ltd, Hangzhou Hexing Electrical Co Ltd, Ningbo Henglida Technology Co Ltd filed Critical Nanjing Haixing Power Grid Technology Co Ltd
Priority to CN202010093609.3A priority Critical patent/CN111343164B/en
Publication of CN111343164A publication Critical patent/CN111343164A/en
Application granted granted Critical
Publication of CN111343164B publication Critical patent/CN111343164B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本申请公开了一种应用于电能表的数据加密方法、装置及存储介质,包括:获取公钥密文,并用认证公钥对公钥密文解密以得到管理模组的公钥。再通过该公钥对随机数生成器生成的随机数进行加密得到随机数密文,并发送至管理模组,使得管理模组可以通过自己的私钥对随机数密文解密得到随机数实现加密密钥的同步。最后,通过随机数作为加密密钥对通信数据进行加密或解密。由此可见,管理模组的公钥和随机数的数据量较小,故对其进行了非对称加密,能够克服计算量大的问题,且安全性较高;而通信数据的数据量较大,故对其进行了对称加密,并且所使用的加密密钥是随机数,故不需要密钥管理大数据库,能够克服电力公司需要额外增加密钥管理大数据库的问题。

Figure 202010093609

The present application discloses a data encryption method, device and storage medium applied to an electric energy meter, including: obtaining a public key ciphertext, and decrypting the public key ciphertext with an authentication public key to obtain a public key of a management module. Then use the public key to encrypt the random number generated by the random number generator to obtain a random number ciphertext, and send it to the management module, so that the management module can decrypt the random number ciphertext with its own private key to obtain a random number for encryption. Synchronization of keys. Finally, the communication data is encrypted or decrypted by using the random number as the encryption key. It can be seen that the data volume of the public key and random number of the management module is small, so they are asymmetrically encrypted, which can overcome the problem of large amount of calculation, and has high security; while the data volume of communication data is large , so it is symmetrically encrypted, and the encryption key used is a random number, so it does not need a large database for key management, which can overcome the problem that the power company needs to add a large database for key management.

Figure 202010093609

Description

一种应用于电能表的数据加密方法、装置及存储介质A data encryption method, device and storage medium applied to an electric energy meter

技术领域technical field

本申请涉及电力技术领域,特别是涉及一种应用于电能表的数据加密方法、装置及存储介质。The present application relates to the field of electric power technology, and in particular, to a data encryption method, device and storage medium applied to an electric energy meter.

背景技术Background technique

本申请中的电能表主要是指多芯多模组智能电能表,可以包括但不限于IR46电能表,其中,电能表是由计量模组、管理模组、通讯模组和扩展模组等部分组成,以实现电能计量、数据处理、实时监测、自动控制和信息交互等功能的电能表。The electric energy meter in this application mainly refers to multi-core and multi-module smart electric energy meters, which may include but are not limited to IR46 electric energy meters. It is composed of electric energy meters to realize functions such as electric energy measurement, data processing, real-time monitoring, automatic control and information interaction.

IR46标准将软件部分划分为法制计量部分软件与非法制计量部分软件,明确提出电能表应能够对法制计量信息予以保护,并将计量部分与非计量部分相互隔离。如果计量部分需要同非计量部分进行通信,应设定特定的通信接口,所有的信息均应通过该接口进行传递。因此,当前电能表的计量模组与管理模组采用物理分离。图1为现有技术提供的一种IR46多芯多模组智能电能表的结构图。如图1所示,该电能表包通信模组、计量模组和管理模组。其中,计量模组中具有计量MCU,计量模组用于提供基础电能量、电能瞬时量、时钟等法制数据,每分钟保存基础总电能;管理模组中具有管理MCU,管理模组的总电量(包含:正向有功、反向有功、Ⅰ/Ⅱ/Ⅲ/Ⅳ象限无功总电能等)、时钟以计量模组为基准,并实时同步。为了申请文件的简洁,图1中关于通信模组、管理模组以及计量模组中的具体结构不再赘述,可参见现有技术。The IR46 standard divides the software into legal measurement software and illegal measurement software. It clearly states that the electric energy meter should be able to protect legal measurement information and isolate the measurement and non-measurement parts from each other. If the metering part needs to communicate with the non-metering part, a specific communication interface should be set, and all information should be transmitted through this interface. Therefore, the metering module and the management module of the current electric energy meter are physically separated. FIG. 1 is a structural diagram of an IR46 multi-core and multi-module smart energy meter provided in the prior art. As shown in Figure 1, the electric energy meter includes a communication module, a metering module and a management module. Among them, the metering module has a metering MCU, which is used to provide legal data such as basic electric energy, instantaneous electric energy, clock, etc., and save the basic total electric energy every minute; the management module has a management MCU to manage the total electric energy of the module (including: forward active power, reverse active power, I/II/III/IV quadrant reactive total energy, etc.), the clock is based on the metering module and is synchronized in real time. For the brevity of the application documents, the specific structures of the communication module, the management module and the metering module in FIG. 1 will not be repeated, and reference may be made to the prior art.

物理分离方案更利于测试及问题追溯,但带来的风险是双芯(计量MCU和管理MCU)间传输数据更容易被截获、篡改,因此电能表的双芯间需要一套数据安全保密算法。The physical separation scheme is more conducive to testing and problem tracing, but the risk is that the data transmitted between the dual cores (the metering MCU and the management MCU) is more likely to be intercepted and tampered with. Therefore, a set of data security and confidentiality algorithms is required between the dual cores of the electric energy meter.

现有技术中,具有如下三种方案:In the prior art, there are the following three schemes:

方案1:双芯间数据采用明文传输,接收端(管理模组和计量模组都可以作为接收端,则另一方就是发送端)以接收到的数据通信协议链路协议格式验证通过作为数据合法性判断依据,若接收端接收到的数据帧符合链路协议格式,则认为数据有效,反之,数据无效。图2为现有技术中提供的一种中间人攻击过程示意图。其中,发送端向接收端发送明文数据,被截获,篡改截获到的明文数据后,再将得到的数据重新组包发送给接收端。但是接收端并不知道所获得的数据是被过篡改的,所以按照正常处理流程进行处理,造成安全隐患。Scheme 1: The data between the two cores is transmitted in plain text, and the receiving end (the management module and the metering module can both be used as the receiving end, and the other party is the sending end) is verified by the received data communication protocol link protocol format as the legal data. If the data frame received by the receiving end conforms to the link protocol format, the data is considered valid; otherwise, the data is invalid. FIG. 2 is a schematic diagram of a man-in-the-middle attack process provided in the prior art. Among them, the sender sends plaintext data to the receiver, which is intercepted. After tampering with the intercepted plaintext data, the obtained data is repackaged and sent to the receiver. However, the receiving end does not know that the obtained data has been tampered with, so it is processed according to the normal processing flow, resulting in security risks.

方案2:双芯间采用对称加解密算法进行通信数据传输保护,管理模组与计量模组分别保存对称加密算法密钥,双芯间的通信数据全部采用对称加密算法后传输给对方。Option 2: The symmetric encryption and decryption algorithm is used to protect the communication data transmission between the dual cores. The management module and the metering module save the symmetric encryption algorithm key respectively.

方案3:双芯间采用非对称加解密算法进行通信数据传输保护,管理模组与计量模组分别保存非对称加密算法加解密公钥及私钥,双芯间的通信数据全部采用非对称加密算法后传输。Option 3: Asymmetric encryption and decryption algorithm is used to protect communication data transmission between the dual cores. The management module and the metering module respectively store the encryption and decryption public key and private key of the asymmetric encryption algorithm. All communication data between the dual cores adopts asymmetric encryption. Post-algorithm transmission.

虽然以上三种方案可以在一定程度上保证通信数据的安全性,但是均存在一定的缺点,具体缺点如下:Although the above three schemes can ensure the security of communication data to a certain extent, they all have certain shortcomings. The specific shortcomings are as follows:

方案1的缺点:由于采用双芯物理分离方案,且双芯间链路通信协议公开,因此,若第三方非法中间人采用非法手段截获通讯数据并作以修改后重新使用双芯间链路通信协议格式组合后下发给接收端,则接收端无法知道此数据来源是否合法,一旦将此数据以合法数据处理,则极有可能导致电能表数据、操作异常,影响法制计量、测量数据错误失效。Disadvantage of scheme 1: Since the dual-core physical separation scheme is adopted, and the communication protocol between the dual-core links is open, therefore, if the third-party illegal intermediary intercepts the communication data by illegal means and makes modifications, the communication protocol between the dual-core links is reused. After the format is combined and sent to the receiving end, the receiving end cannot know whether the data source is legal or not. Once the data is processed as legal data, it is very likely to cause abnormal energy meter data and operation, affecting legal measurement, and measuring data error failure.

方案2的缺点:需要电力公司对电能表加密密钥进行大数据库管理,当现场发生管理模组损坏需要更换时,电力公司需要通过获取该电能表资产信息得到该电能表双芯间的加密密钥后设置给新管理模组,此后方可使用新管理模组更换故障管理模组。由于密钥数据库管理较为复杂且一旦现场需要更换管理模组,运维工作量巨大,操作不便。Disadvantage of scheme 2: The power company needs to manage the encryption key of the electric energy meter in a large database. When the management module is damaged and needs to be replaced, the electric power company needs to obtain the encryption key between the two cores of the electric energy meter by obtaining the asset information of the electric energy meter. After the key is set to the new management module, the new management module can be used to replace the fault management module. Because the key database management is complex and once the management module needs to be replaced on site, the operation and maintenance workload is huge and the operation is inconvenient.

方案3的缺点:首先非对称加解密非常耗时,不宜传输数据量较大数据,影响双芯间通讯传输效率;另外,非对称加解密也需要电力公司对电能表密钥进行大数据库管理,当现场发生管理模组损坏需要更换时,电力公司需要通过获取该电能表资产信息得到该电能表管理模组密钥后设置给新管理模组,此后方可使用新管理模组更换故障管理模组。由于密钥数据库管理较为复杂且一旦现场需要更换管理模组,运维工作量巨大,操作不便。Disadvantages of scheme 3: First of all, asymmetric encryption and decryption is very time-consuming, and it is not suitable to transmit a large amount of data, which affects the transmission efficiency of communication between two cores; When the on-site management module is damaged and needs to be replaced, the power company needs to obtain the energy meter management module key by obtaining the energy meter asset information and then set it to the new management module. After that, the new management module can be used to replace the fault management module. Group. Because the key database management is complex and once the management module needs to be replaced on site, the operation and maintenance workload is huge and the operation is inconvenient.

由此可见,以上三种数据安全保密算法在现场实施过程中均有缺陷,不能从根本上解决数据传输安全问题,故如何保证电能表的双芯间的通信数据的安全性是本领域技术人员亟待解决的问题。It can be seen that the above three data security and confidentiality algorithms have defects in the field implementation process, and cannot fundamentally solve the data transmission security problem. Therefore, how to ensure the security of the communication data between the two cores of the electric energy meter is a matter for those skilled in the art. Problems to be solved.

发明内容SUMMARY OF THE INVENTION

本申请的目的是提供一种应用于电能表的数据加密方法、装置及存储介质,用于保证双芯间的通信数据安全传输,并且不需要对称加密算法所需的大数据库管理,也避免了非对称加密算法所带来的计算量大的问题。The purpose of this application is to provide a data encryption method, device and storage medium applied to an electric energy meter, which are used to ensure the secure transmission of communication data between two cores, and do not require the large database management required by the symmetric encryption algorithm, and also avoid the need for The problem of large amount of calculation caused by asymmetric encryption algorithm.

为解决上述技术问题,本申请提供一种应用于电能表的数据加密方法,应用于计量模组,该方法包括:In order to solve the above-mentioned technical problems, the present application provides a data encryption method applied to an electric energy meter, applied to a metering module, and the method includes:

向管理模组发起获取请求,以获取所述管理模组的公钥密文;其中,所述公钥密文通过认证终端的认证私钥对所述管理模组的公钥加密得到;Initiating an acquisition request to the management module to obtain the public key ciphertext of the management module; wherein the public key ciphertext is obtained by encrypting the public key of the management module with the authentication private key of the authentication terminal;

用所述认证终端的认证公钥对所述公钥密文解密以得到所述管理模组的公钥;Decrypting the public key ciphertext with the authentication public key of the authentication terminal to obtain the public key of the management module;

触发随机数生成器生成随机数;Trigger the random number generator to generate random numbers;

将所述随机数通过所述管理模组的公钥进行加密以得到随机数密文,并发送至所述管理模组以便所述管理模组通过所述管理模组的私钥对所述随机数密文解密得到所述随机数;The random number is encrypted by the public key of the management module to obtain a random number ciphertext, and sent to the management module so that the management module can use the private key of the management module to encrypt the random number. Decrypt the ciphertext to obtain the random number;

当产生通信数据传输请求时,通过所述随机数作为加密密钥对通信数据进行加密或解密。When a communication data transmission request is generated, the communication data is encrypted or decrypted by using the random number as an encryption key.

优选地,在获取所述管理模组的公钥密文时,还包括:Preferably, when acquiring the public key ciphertext of the management module, the method further includes:

获取所述管理模组的数字签名证书;其中,所述数字签名证书由所述认证终端生成,并发送至所述管理模组;Obtain the digital signature certificate of the management module; wherein, the digital signature certificate is generated by the authentication terminal and sent to the management module;

根据所述认证公钥对所述数字签名证书进行验签,并判断是否验签通过;Perform signature verification on the digital signature certificate according to the authentication public key, and determine whether the signature verification is passed;

如果是,则进入所述用所述认证终端的认证公钥对所述公钥密文解密以得到所述管理模组的公钥的步骤。If yes, enter the step of decrypting the public key ciphertext with the authentication public key of the authentication terminal to obtain the public key of the management module.

优选地,所述公钥密文通过认证终端的认证私钥对所述管理模组的公钥加密得到具体包括:Preferably, the public key ciphertext obtained by encrypting the public key of the management module with the authentication private key of the authentication terminal specifically includes:

所述认证终端获取所述管理模组的公钥;obtaining, by the authentication terminal, the public key of the management module;

所述认证终端通过所述认证私钥对所述管理模组的公钥进行加密得到所述公钥密文;The authentication terminal encrypts the public key of the management module through the authentication private key to obtain the public key ciphertext;

所述认证终端生成所述数字签名证书具体包括:The generation of the digital signature certificate by the authentication terminal specifically includes:

将所述公钥密文进行哈希运算以得到公钥密文摘要;performing a hash operation on the public key ciphertext to obtain a public key ciphertext digest;

通过所述认证私钥对所述公钥密文摘要加密以得到所述数字签名;Encrypt the public key ciphertext digest with the authentication private key to obtain the digital signature;

通过所述公钥密文及所述数字签名组成数字签名证书。A digital signature certificate is formed by the public key ciphertext and the digital signature.

优选地,当所述通信数据传输请求为发送数据时,还包括:Preferably, when the communication data transmission request is to send data, it further includes:

对通信数据进行累加和校验。Accumulate and check the communication data.

优选地,向所述管理模组发起所述获取请求具体为:在所述计量模组检测到上电或检测到所述管理模组更换时发起所述获取请求。Preferably, initiating the acquisition request to the management module is specifically: initiating the acquisition request when the metering module detects power-on or detects that the management module is replaced.

为解决上述技术问题,本申请提供一种应用于电能表的数据加密方法,应用于管理模组,该方法包括:In order to solve the above-mentioned technical problems, the present application provides a data encryption method applied to an electric energy meter, applied to a management module, and the method includes:

根据计量模组发起的获取请求向所述计量模组发送所述管理模组的公钥密文;其中,所述公钥密文通过认证终端的认证私钥对所述管理模组的公钥加密得到;Send the public key ciphertext of the management module to the metering module according to the acquisition request initiated by the metering module; wherein, the public key ciphertext is paired with the public key of the management module through the authentication private key of the authentication terminal encrypted;

接收所述计量模组发送的随机数密文;其中,所述随机数密文为所述计量模组用所述管理模组的公钥对随机数生成器生成的随机数进行加密得到,所述管理模组的公钥为所述计量模组用所述认证终端的认证公钥对所述公钥密文解密得到;Receive the random number ciphertext sent by the metering module; wherein, the random number ciphertext is obtained by the metering module encrypting the random number generated by the random number generator with the public key of the management module, so The public key of the management module is obtained by the metering module decrypting the public key ciphertext with the authentication public key of the authentication terminal;

通过所述管理模组的私钥对所述随机数密文解密得到所述随机数;Decrypt the random number ciphertext through the private key of the management module to obtain the random number;

当产生通信数据传输请求时,通过所述随机数作为加密密钥对通信数据进行加密或解密。When a communication data transmission request is generated, the communication data is encrypted or decrypted by using the random number as an encryption key.

优选地,当所述管理模组的私钥和所述管理模组的公钥存储于片外存储器时,还包括:Preferably, when the private key of the management module and the public key of the management module are stored in the off-chip memory, it also includes:

对所述管理模组的私钥和所述管理模组的公钥进行加密。The private key of the management module and the public key of the management module are encrypted.

为解决上述技术问题,本申请提供一种应用于电能表的数据加密装置,应用于计量模组,该装置包括:In order to solve the above-mentioned technical problems, the present application provides a data encryption device applied to an electric energy meter, applied to a metering module, and the device includes:

请求模块,用于向管理模组发起获取请求,以获取所述管理模组的公钥密文;其中,所述公钥密文通过认证终端的认证私钥对所述管理模组的公钥加密得到;a request module, configured to initiate an acquisition request to the management module to obtain the public key ciphertext of the management module; wherein, the public key ciphertext is paired with the public key of the management module through the authentication private key of the authentication terminal encrypted;

解密模块,用于用所述认证终端的认证公钥对所述公钥密文解密以得到所述管理模组的公钥;a decryption module for decrypting the public key ciphertext with the authentication public key of the authentication terminal to obtain the public key of the management module;

触发模块,用于触发随机数生成器生成随机数;The trigger module is used to trigger the random number generator to generate random numbers;

加密模块,用于将所述随机数通过所述管理模组的公钥进行加密以得到随机数密文,并发送至所述管理模组以便所述管理模组通过所述管理模组的私钥对所述随机数密文解密得到所述随机数;The encryption module is used to encrypt the random number through the public key of the management module to obtain a random number ciphertext, and send it to the management module so that the management module can pass the private key of the management module. decrypting the random number ciphertext with the key to obtain the random number;

收发模块,用于当产生通信数据传输请求时,通过所述随机数作为加密密钥对通信数据进行加密或解密。The transceiver module is used for encrypting or decrypting the communication data by using the random number as an encryption key when a communication data transmission request is generated.

为解决上述技术问题,本申请提供一种应用于电能表的数据加密装置,应用于管理模组,该装置包括:In order to solve the above technical problems, the present application provides a data encryption device applied to an electric energy meter, applied to a management module, and the device includes:

发送模块,用于根据计量模组发起的获取请求向所述计量模组发送所述管理模组的公钥密文;其中,所述公钥密文通过认证终端的认证私钥对所述管理模组的公钥加密得到;A sending module, configured to send the public key ciphertext of the management module to the metrology module according to an acquisition request initiated by the metering module; wherein, the public key ciphertext is used for the management of the management module through the authentication private key of the authentication terminal. The public key of the module is encrypted;

接收模块,用于接收所述计量模组发送的随机数密文;其中,所述随机数密文为所述计量模组用所述管理模组的公钥对随机数生成器生成的随机数进行加密得到,所述管理模组的公钥为所述计量模组用所述认证终端的认证公钥对所述公钥密文解密得到;A receiving module, configured to receive the random number ciphertext sent by the metering module; wherein, the random number ciphertext is a random number generated by the metering module using the public key of the management module to the random number generator Encrypted to obtain, the public key of the management module is obtained by the metering module decrypting the public key ciphertext with the authentication public key of the authentication terminal;

解密模块,用于通过所述管理模组的私钥对所述随机数密文解密得到所述随机数;a decryption module, configured to decrypt the random number ciphertext through the private key of the management module to obtain the random number;

收发模块,用于当产生通信数据传输请求时,通过所述随机数作为加密密钥对通信数据进行加密或解密。The transceiver module is used for encrypting or decrypting the communication data by using the random number as an encryption key when a communication data transmission request is generated.

为解决上述技术问题,本申请提供一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如所述的应用于电能表的数据加密方法的步骤。In order to solve the above technical problems, the present application provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the data applied to the electric energy meter as described above is realized. The steps of the encryption method.

本申请所提供的应用于电能表的数据加密方法,由计量模组实现,具体包括:向管理模组发起获取请求,以获取管理模组的公钥密文;在得到公钥密文后,用认证终端的认证公钥对公钥密文解密以得到管理模组的公钥。再通过管理模组的公钥对随机数生成器生成的随机数进行加密得到随机数密文,并发送至管理模组,使得管理模组可以通过管理模组的私钥对随机数密文解密得到随机数实现加密密钥的同步。最后,当产生通信数据传输请求时,通过随机数作为加密密钥对通信数据进行加密或解密。由此可见,本技术方案中,管理模组的公钥和随机数的数据量较小,故对其进行了非对称加密,能够克服非对称加密带来的计算量大的问题,且安全性较高;而通信数据的数据量较大,故对其进行了对称加密,并且对称加密所使用的加密密钥是随机数,是随机生成的,故不需要管理大数据库,因此,能够克服对称加密算法需要管理大数据库的问题。The data encryption method applied to the electric energy meter provided by this application is realized by the metering module, and specifically includes: initiating an acquisition request to the management module to acquire the public key ciphertext of the management module; after obtaining the public key ciphertext, Decrypt the public key ciphertext with the authentication public key of the authentication terminal to obtain the public key of the management module. Then encrypt the random number generated by the random number generator with the public key of the management module to obtain the random number ciphertext, and send it to the management module, so that the management module can decrypt the random number ciphertext through the private key of the management module Obtain random numbers to synchronize encryption keys. Finally, when a communication data transmission request is generated, the communication data is encrypted or decrypted by using the random number as an encryption key. It can be seen that in this technical solution, the data volume of the public key and random number of the management module is small, so asymmetric encryption is performed on them, which can overcome the problem of large amount of calculation caused by asymmetric encryption, and is more secure. The communication data has a large amount of data, so it is symmetrically encrypted, and the encryption key used in the symmetrical encryption is a random number, which is randomly generated, so there is no need to manage a large database, so it can overcome the symmetry Encryption algorithms need to manage the problem of large databases.

附图说明Description of drawings

为了更清楚地说明本申请实施例,下面将对实施例中所需要使用的附图做简单的介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to describe the embodiments of the present application more clearly, the following will briefly introduce the drawings that are used in the embodiments. Obviously, the drawings in the following description are only some embodiments of the present application, which are not relevant to ordinary skills in the art. As far as personnel are concerned, other drawings can also be obtained from these drawings on the premise of no creative work.

图1为现有技术提供的一种IR46多芯多模组智能电能表的结构图;Fig. 1 is the structure diagram of a kind of IR46 multi-core multi-module smart electric energy meter provided by the prior art;

图2为现有技术中提供的一种中间人攻击过程示意图;2 is a schematic diagram of a man-in-the-middle attack process provided in the prior art;

图3为本申请实施例提供的一种应用于电能表的数据加密方法的流程图;3 is a flowchart of a data encryption method applied to an electric energy meter provided by an embodiment of the present application;

图4为本申请实施例提供的一种算法封装库的示意图;4 is a schematic diagram of an algorithm encapsulation library provided by an embodiment of the present application;

图5为本申请实施例提供的一种MCU的片外存储器存储非对称加密密钥的示意图;5 is a schematic diagram of an off-chip memory of an MCU storing an asymmetric encryption key according to an embodiment of the present application;

图6为本申请实施例提供的一种数字签名证书生成的示意图;6 is a schematic diagram of generating a digital signature certificate according to an embodiment of the present application;

图7为本申请实施例提供的一种计量模组进行数字验签的示意图;7 is a schematic diagram of digital signature verification performed by a metering module provided in an embodiment of the present application;

图8为本申请实施例提供的另一种应用于电能表的数据加密方法的流程图;8 is a flowchart of another data encryption method applied to an electric energy meter provided by an embodiment of the present application;

图9为本申请实施例提供的一种计量模组和管理模组之间的交互示意图;9 is a schematic diagram of interaction between a metering module and a management module according to an embodiment of the present application;

图10为本申请实施例提供的一种应用于电能表的数据加密装置的结构图;10 is a structural diagram of a data encryption device applied to an electric energy meter provided by an embodiment of the application;

图11为本申请实施例提供的另一种应用于电能表的数据加密装置的结构图。FIG. 11 is a structural diagram of another data encryption device applied to an electric energy meter provided by an embodiment of the present application.

具体实施方式Detailed ways

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下,所获得的所有其他实施例,都属于本申请保护范围。The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments are only a part of the embodiments of the present application, but not all of the embodiments. All other embodiments obtained by those of ordinary skill in the art based on the embodiments in the present application without creative work fall within the protection scope of the present application.

本申请的核心是提供一种应用于电能表的数据加密方法、装置及存储介质。The core of the present application is to provide a data encryption method, device and storage medium applied to an electric energy meter.

为了使本技术领域的人员更好地理解本申请方案,下面结合附图和具体实施方式对本申请作进一步的详细说明。In order to make those skilled in the art better understand the solution of the present application, the present application will be further described in detail below with reference to the accompanying drawings and specific embodiments.

本申请中涉及到两种加密算法,一种是对称加密算法,另一种是非对称加密算法。This application involves two encryption algorithms, one is a symmetric encryption algorithm and the other is an asymmetric encryption algorithm.

对称加密是指:加密和解密使用相同密钥的算法。它要求发送端和接收方在安全通信之前,商定一个对称密钥。对称算法的安全性完全依赖于密钥,密钥泄漏就意味着任何人都可以对他们发送或接收的消息解密,所以密钥的保密性对通信至关重要。Symmetric encryption refers to an algorithm that uses the same key for encryption and decryption. It requires the sender and receiver to agree on a symmetric key before securely communicating. The security of symmetric algorithms is completely dependent on the key, and the leakage of the key means that anyone can decrypt the messages they send or receive, so the secrecy of the key is critical to communication.

对称加密又分为两种模式:流加密和分组加密。流加密是将消息作为字节流对待,并且使用数学函数分别作用在每一个字节位上。使用流加密时,每加密一次,相同的明文位会转换成不同的密文位。流加密使用了密钥流生成器,它生成的字节流与明文字节流进行异或,从而生成密文。分组加密是将消息划分为若干个分组,这些分组随后会通过数学函数进行处理,每次一个分组。假设使用64位的分组密码,此时如果消息长度为640位,就会被划分成10个64位的分组(如果最后一个分组长度不到64,则用0补齐之后加到64位),每个分组都用一系列数学公式进行处理,最后得到10个加密文本分组。然后,将这条密文消息发送给对端。对端必须拥有相同的分组密码,以相反的顺序对10个密文分组使用前面的算法解密,最终得到明文消息。比较常用的分组加密算法有DES、3DES、AES。其中DES是比较老的加密算法,现在已经被证明不安全。而3DES是一个过渡的加密算法,相当于在DES基础上进行三重运算来提高安全性,但其本质上还是和DES算法一致。而AES是DES算法的替代算法,是现在最安全的对称加密算法之一Symmetric encryption is further divided into two modes: stream encryption and block encryption. Stream encryption treats a message as a stream of bytes and uses mathematical functions to act on each byte individually. When using stream encryption, the same plaintext bits are converted into different ciphertext bits each time it is encrypted. Stream encryption uses a keystream generator, which generates a stream of bytes that is XORed with the plaintext throttle to generate ciphertext. Block encryption divides a message into several blocks, which are then processed through a mathematical function, one block at a time. Assuming that a 64-bit block cipher is used, if the message length is 640 bits, it will be divided into 10 64-bit blocks (if the length of the last block is less than 64 bits, it will be added to 64 bits after padded with 0s), Each packet is processed with a series of mathematical formulas, resulting in 10 encrypted text packets. Then, send the ciphertext message to the peer. The opposite end must have the same block cipher, decrypt the 10 ciphertext blocks in reverse order using the previous algorithm, and finally obtain the plaintext message. The more commonly used block encryption algorithms are DES, 3DES, and AES. Among them, DES is an older encryption algorithm that has now been proven to be insecure. 3DES is a transitional encryption algorithm, which is equivalent to performing triple operations on the basis of DES to improve security, but it is essentially the same as the DES algorithm. AES is an alternative to the DES algorithm and is one of the most secure symmetric encryption algorithms.

对称加密算法的优点:计算量小、加密速度快、加密效率高;对称加密算法的缺点:(1)交易双方都使用同样密钥,安全性得不到保证;(2)每次使用对称加密算法时,都需要使用其他人不知道的惟一密钥,这会使得发收信息双方所拥有的钥匙数量呈几何级数增长,密钥管理成为负担。Advantages of symmetric encryption algorithm: small amount of calculation, fast encryption speed, high encryption efficiency; disadvantages of symmetric encryption algorithm: (1) both parties use the same key, and the security cannot be guaranteed; (2) every time symmetric encryption is used When performing an algorithm, it is necessary to use a unique key that others do not know, which will make the number of keys possessed by both parties to send and receive information increase exponentially, and key management becomes a burden.

非对称加密算法Asymmetric encryption algorithm

在非对称密钥交换算法出现以前,对称加密的最主要缺陷就是不知道如何在通信双方之间传输对称密钥,而又不让中间人窃取。非对称密钥交换算法诞生之后,专门针对对称密钥传输做加解密,使得对称密钥的交互传输变得非常安全了。Before the advent of asymmetric key exchange algorithms, the main drawback of symmetric encryption was that it did not know how to transmit the symmetric key between the two communicating parties without allowing the middleman to steal it. After the birth of the asymmetric key exchange algorithm, the encryption and decryption of the symmetric key transmission is specially performed, which makes the interactive transmission of the symmetric key very secure.

非对称密钥交换算法本身非常复杂,密钥交换过程涉及到随机数生成,模指数运算,空白补齐,加密,签名等等一系列极其复杂的过程,常见的密钥交换算法有RSA,ECDHE,DH,DHE等算法。涉及到比较复杂的数学问题。其中,最经典也是最常用的是RSA算法。The asymmetric key exchange algorithm itself is very complex. The key exchange process involves a series of extremely complex processes such as random number generation, modular exponentiation, blank filling, encryption, signature, etc. Common key exchange algorithms include RSA, ECDHE , DH, DHE and other algorithms. involves more complex mathematical problems. Among them, the most classic and the most commonly used is the RSA algorithm.

RSA:诞生于1977年,经过了长时间的破解测试,算法安全性很高,最重要的是,算法实现非常简单。缺点就是需要比较大的质数(目前常用的是2048位)来保证安全强度,极其消耗CPU运算资源。RSA是目前唯一一个既能用于密钥交换又能用于证书签名的算法,RSA是最经典,同时也是最常用的是非对称加解密算法。RSA: Born in 1977, after a long period of crack testing, the algorithm is very secure, and most importantly, the algorithm implementation is very simple. The disadvantage is that a relatively large prime number (2048 bits is commonly used at present) is required to ensure the security strength, which consumes CPU computing resources extremely. RSA is currently the only algorithm that can be used for both key exchange and certificate signing. RSA is the most classic and the most commonly used asymmetric encryption and decryption algorithm.

非对称加密相比对称加密更加安全,但也存在两个致命的缺点:Asymmetric encryption is more secure than symmetric encryption, but it also has two fatal shortcomings:

(1)CPU计算资源消耗非常大。而对称加密的计算量只相当于非对称加密的0.1%。如果后续的应用层数据传输过程也使用非对称加解密,那么CPU性能开销太庞大,服务器是根本无法承受的。赛门铁克给出的实验数据显示,加解密同等数量的文件,非对称算法消耗的CPU资源是对称算法的1000倍以上。(1) The consumption of CPU computing resources is very large. The computational complexity of symmetric encryption is only 0.1% of that of asymmetric encryption. If the subsequent application layer data transmission process also uses asymmetric encryption and decryption, the CPU performance overhead is too large, and the server cannot bear it at all. The experimental data given by Symantec shows that the CPU resources consumed by the asymmetric algorithm are more than 1000 times that of the symmetric algorithm when encrypting and decrypting the same number of files.

(2)非对称加密算法对加密内容的长度有限制,不能超过公钥长度。比如现在常用的公钥长度是2048位,意味着待加密内容不能超过256个字节。(2) The asymmetric encryption algorithm has restrictions on the length of the encrypted content, which cannot exceed the length of the public key. For example, the length of the commonly used public key is 2048 bits, which means that the content to be encrypted cannot exceed 256 bytes.

所以非对称加解密(极端消耗CPU资源)目前只能用来作对称密钥交换或者EPCA签名,不适合用来做应用层内容传输的加解密Therefore, asymmetric encryption and decryption (extremely consuming CPU resources) can only be used for symmetric key exchange or EPCA signature at present, and is not suitable for encryption and decryption of application layer content transmission.

需要说明的是,本申请中的技术方案既用到了对称加密算法,例如,通过随机数作为加密密钥对通信数据进行加密或解密,又用到了非对称加密算法,例如,通过认证私钥对管理模组的公钥加密,再通过认证公钥对管理模组的公钥密文进行解密。It should be noted that the technical solution in this application uses both a symmetric encryption algorithm, such as encrypting or decrypting communication data by using a random number as an encryption key, and an asymmetric encryption algorithm, for example, by authenticating the private key pair. The public key of the management module is encrypted, and then the ciphertext of the public key of the management module is decrypted through the authentication public key.

本申请从两个不同的执行主体描述应用于电能表的数据加密方法的实施例,一个是以计量模组为执行主体,另一个是以管理模组为执行主体。二者的过程是相互对应的。This application describes an embodiment of a data encryption method applied to an electric energy meter from two different execution bodies, one with a metering module as the execution body, and the other with a management module as the execution body. The two processes correspond to each other.

图3为本申请实施例提供的一种应用于电能表的数据加密方法的流程图。如图3所示,该方法应用于计量模组,具体包括以下步骤:FIG. 3 is a flowchart of a data encryption method applied to an electric energy meter according to an embodiment of the present application. As shown in Figure 3, the method is applied to a metering module, and specifically includes the following steps:

S10:向管理模组发起获取请求,以获取管理模组的公钥密文;其中,公钥密文通过认证终端的认证私钥对管理模组的公钥加密得到。S10: Initiating an acquisition request to the management module to acquire the public key ciphertext of the management module; wherein, the public key ciphertext is obtained by encrypting the public key of the management module with the authentication private key of the authentication terminal.

S11:用认证终端的认证公钥对公钥密文解密以得到管理模组的公钥。S11: Decrypt the public key ciphertext with the authentication public key of the authentication terminal to obtain the public key of the management module.

S12:触发随机数生成器生成随机数。S12: Trigger the random number generator to generate random numbers.

S13:将随机数通过管理模组的公钥进行加密以得到随机数密文,并发送至管理模组以便管理模组通过管理模组的私钥对随机数密文解密得到随机数。S13: Encrypt the random number with the public key of the management module to obtain the random number ciphertext, and send it to the management module so that the management module decrypts the random number ciphertext through the private key of the management module to obtain the random number.

S14:当产生通信数据传输请求时,通过随机数作为加密密钥对通信数据进行加密或解密。S14: When a communication data transmission request is generated, use a random number as an encryption key to encrypt or decrypt the communication data.

图4为本申请实施例提供的一种算法封装库的示意图。需要说明的是,本申请文件中涉及到的各种程序及相关算法均可以由LIB库来实现,具体的,LIB库中的相关算法为EPCA(电力公司数字签名证书颁发机构:ElectricPower Certificate Authority,简称EPCA)私有并做防反编译混淆处理后封装为LIB库,EPCA提供LIB库给电能表生产厂家并提供API接口说明文件;分步步骤如下所示:FIG. 4 is a schematic diagram of an algorithm packaging library provided by an embodiment of the present application. It should be noted that the various programs and related algorithms involved in this application document can be implemented by the LIB library. Specifically, the related algorithms in the LIB library are EPCA (Electric Power Company Digital Signature Certificate Authority: Electric Power Certificate Authority, EPCA for short) is private and is encapsulated as a LIB library after anti-decompilation and obfuscation treatment. EPCA provides the LIB library to electric energy meter manufacturers and provides API interface description files; the step-by-step steps are as follows:

1)库函数生成;1) Library function generation;

2)库函数防反编译混淆设计处理;2) Anti-decompilation and obfuscation design processing of library functions;

3)库函数封装,形成.lib文件(全文中LIB库即为.lib文件);3) The library function is encapsulated to form a .lib file (the LIB library in the full text is the .lib file);

4)LIB库由EPCA发布给各电能表生产厂商。4) The LIB library is released by EPCA to various electric energy meter manufacturers.

管理模组供货生产厂家在管理模组的主控芯片(MCU)或安全芯片内嵌入LIB库,当双芯间进行加密密钥同步及数据加解密操作时,若采用管理模组的MCU嵌入LIB库时,由管理模组的MCU直接调用LIB库中API函数;若采用管理模组内部的安全芯片嵌入LIB库时,由管理模组MCU通过物理数据总线与安全芯片通讯后调用安全芯片内嵌LIB库中API函数。The management module supply manufacturer embeds the LIB library in the main control chip (MCU) or security chip of the management module. When the LIB library is used, the MCU of the management module directly calls the API functions in the LIB library; if the security chip inside the management module is used to embed the LIB library, the MCU of the management module communicates with the security chip through the physical data bus and calls the functions in the security chip. Embed API functions in the LIB library.

图5为本申请实施例提供的一种MCU的片外存储器存储非对称加密密钥的示意图。管理模组内嵌一对非对称加密密钥,分别为管理模组的公钥KEY_M和管理模组的私钥KEY_M′,由管理模组生产厂家调用LIB库中非对称加密算法密钥生成,管理模组的公钥KEY_M,管理模组的私钥KEY_M′在生产时下发至管理模组,管理模组可将非对称加密密钥存放至管理模组MCU的片内存储器内或MCU的片外存储器中,且满足以下三点:FIG. 5 is a schematic diagram of storing an asymmetric encryption key in an off-chip memory of an MCU according to an embodiment of the present application. A pair of asymmetric encryption keys are embedded in the management module, which are the public key KEY_M of the management module and the private key KEY_M' of the management module, which are generated by the management module manufacturer calling the asymmetric encryption algorithm key in the LIB library. The public key KEY_M of the management module and the private key KEY_M' of the management module are delivered to the management module during production, and the management module can store the asymmetric encryption key in the on-chip memory of the management module MCU or the on-chip of the MCU. In the external memory, and meet the following three points:

1)若将非对称加密密钥保存在MCU的片外存储器中,由MCU调用LIB库中乱序算法对待保存密钥执行乱序算法后保存至MCU的片外存储器中。例如,若执行乱序算法前管理模组的公钥为X、管理模组的私钥为X′,执行乱序算法操作后,片外存储器中管理模组的公钥变为Y,管理模组的私钥变为Y′。若Y和Y′被非法截获,通过Y′加密或产生数字签名后,通过Y无法正确解密或验签成功;通过Y加密后,通过Y′无法正确解密。当需要使用时,MCU通过总线获取到片外存储器中Y和Y′后,通过正序算法可反算出得到X和X′。1) If the asymmetric encryption key is stored in the off-chip memory of the MCU, the MCU calls the out-of-order algorithm in the LIB library to execute the out-of-order algorithm for the key to be saved and saves it in the off-chip memory of the MCU. For example, if the public key of the management module is X and the private key of the management module is X' before the out-of-order algorithm is executed, after the out-of-order algorithm is executed, the public key of the management module in the off-chip memory becomes Y, and the management module The private key of the group becomes Y'. If Y and Y' are illegally intercepted, after Y' is encrypted or a digital signature is generated, Y cannot be decrypted correctly or the signature is verified successfully; after Y encryption, Y' cannot be decrypted correctly. When it needs to be used, after the MCU obtains Y and Y' in the off-chip memory through the bus, X and X' can be inversely calculated through the positive sequence algorithm.

2)若将非对称加密密钥保存在MCU的片外存储器中,由MCU调用LIB库中混淆算法对待保存密钥执行混淆算法后保存至MCU的片外存储器中。例如,若执行混淆算法操作前公钥为X、私钥为X′,执行混淆算法后,存储器中公钥变为Y,私钥变为Y′。若Y和Y′被非法截获,通过Y′加密或产生数字签名后,通过Y无法正确解密或验签成功;通过Y加密后,通过Y′无法正确解密。当需要使用时,MCU通过总线获取到片外存储器中Y和Y′后,通过混淆还原算法操作可得到X和X′。2) If the asymmetric encryption key is stored in the off-chip memory of the MCU, the MCU calls the obfuscation algorithm in the LIB library to execute the obfuscation algorithm for the key to be saved and then saves it to the off-chip memory of the MCU. For example, if the public key is X and the private key is X' before the obfuscation algorithm is executed, after the obfuscation algorithm is executed, the public key in the memory becomes Y, and the private key becomes Y'. If Y and Y' are illegally intercepted, after Y' is encrypted or a digital signature is generated, Y cannot be decrypted correctly or the signature is verified successfully; after Y encryption, Y' cannot be decrypted correctly. When it needs to be used, after the MCU obtains Y and Y' in the off-chip memory through the bus, X and X' can be obtained through the operation of the obfuscation reduction algorithm.

3)若将非对称加密密钥保存在MCU的片内存储器中,则该密钥仅能通过MCU片内程序或数据总线访问,不支持MCU的片外设备通过IO、外设总线读取密钥。3) If the asymmetric encryption key is stored in the on-chip memory of the MCU, the key can only be accessed through the MCU on-chip program or data bus, and the off-chip devices that do not support the MCU can read the encryption key through IO and peripheral bus. key.

计量模组供货生产厂家在计量模组主控芯片或计量芯片、SOC等计量模组附属芯片内嵌入LIB库,当双芯间进行加密密钥同步及数据加解密操作时,若采用计量模组的MCU嵌入LIB库时,由MCU直接调用LIB库中API函数;若采用计量模组内部计量芯片、SOC等计量模组附属芯片嵌入LIB库时,由MCU通过物理数据总线与计量芯片或SOC等附属芯片通讯后调用附属芯片内嵌LIB库中API函数。The metering module supply manufacturer embeds the LIB library in the metering module main control chip or metering chip, SOC and other metering module accessory chips. When the encryption key synchronization and data encryption and decryption operations are performed between the two cores, if the metering module is used When the group's MCU is embedded in the LIB library, the MCU directly calls the API functions in the LIB library; if the measurement module's internal measurement chip, SOC and other measurement module accessory chips are used to embed the LIB library, the MCU communicates with the measurement chip or SOC through the physical data bus. After the accessory chip communicates, call the API function in the embedded LIB library of the accessory chip.

认证终端是指EPCA用于与计量模组或管理模组直接通信的设备,可以是计量中心密码机、检表台体或电力主站设备等。认证公钥是由认证终端传输的,故本申请中称之为认证终端的认证公钥,其代表的是EPCA,认证公钥预先存储于计量模组内,计量模组内的认证公钥有初始化赋值操作分两步骤,分别为:The authentication terminal refers to the device used by EPCA to communicate directly with the metering module or management module, which can be the encryption machine of the metering center, the meter inspection table, or the power main station equipment. The authentication public key is transmitted by the authentication terminal, so it is called the authentication public key of the authentication terminal in this application, which represents EPCA. The authentication public key is pre-stored in the metering module, and the authentication public key in the metering module includes: The initialization assignment operation is divided into two steps, namely:

1)计量模组供货生产厂家在计量模组生产过程中,初始化的认证公钥为EPCA公开的测试密钥,供电能表检定过程中密钥配对使用;1) During the production process of the metering module, the initial certification public key is the test key published by EPCA, and the key pairing is used in the verification process of the power supply energy meter;

2)计量模组供货检定完成后,认证公钥将被设置为现场运行时的正式密钥,出厂后,IR46电能表计量模组生命周期中认证公钥仅能设置一次,由EPCA在检定室等安全环境下设置。2) After the supply verification of the metering module is completed, the authentication public key will be set as the official key during on-site operation. After leaving the factory, the authentication public key can only be set once in the life cycle of the IR46 electric energy meter metering module, which will be verified by EPCA. Set up in a safe environment such as a room.

以上步骤中对于管理模组、计量模组以及认证终端的基本功能进行了说明,下文中,将对数据加密过程中的各步骤再详细说明。The basic functions of the management module, the metering module and the authentication terminal are described in the above steps, and each step in the data encryption process will be described in detail below.

上文中提到计量模组已经存储有认证公钥,认证终端通过认证私钥对管理模组的公钥进行了加密得到了公钥密文,并传输至管理模组,因为进行了加密,所以该公钥是安全的。管理模组中存储有其公钥对应的公钥密文,计量模组要通过管理模组的公钥进行后续的加密密钥的生成,所以计量模组需要知道管理模组的公钥,并且计量模组具有认证公钥,公钥密文是通过认证私钥加密的,所以计量模组只需要获取公钥密文就可以得到管理模组的公钥。具体是,计量模组主动向管理模组发起获取请求,该请求对应的内容就是要获取公钥密文,在得到公钥密文后再用预先存储的认证终端的认证公钥对该密文进行非对称解密,就得到了公钥本身。可以理解的是,由于第三方是无法获取认证终端的认证公钥的,所以即使被第三方截获,也无法得到管理模组的公钥,从而保证了管理模组的公钥的安全性。并且,在这一过程中,采用的是非对称加密方法,安全性能较高,而公钥相对于通信数据来说,数据量小的多,所以在加密和解密过程中,所消耗的时间是有限的,不会明显影响通信的效率。可以理解的是,为了减少不必要的通信,计量模组向管理模组发起获取请求具体为:在计量模组检测到上电或检测到管理模组更换时发起获取请求。As mentioned above, the metering module has stored the authentication public key. The authentication terminal encrypts the public key of the management module through the authentication private key to obtain the public key ciphertext, and transmits it to the management module. This public key is secure. The management module stores the public key ciphertext corresponding to its public key. The metering module needs to generate subsequent encryption keys through the public key of the management module. Therefore, the metering module needs to know the public key of the management module, and The metering module has the authentication public key, and the public key ciphertext is encrypted by the authentication private key, so the metering module only needs to obtain the public key ciphertext to obtain the public key of the management module. Specifically, the metering module actively initiates an acquisition request to the management module. The corresponding content of the request is to acquire the public key ciphertext. After obtaining the public key ciphertext, the pre-stored authentication public key of the authentication terminal is used to obtain the ciphertext. After asymmetric decryption, the public key itself is obtained. It is understandable that since the third party cannot obtain the authentication public key of the authentication terminal, even if intercepted by the third party, the public key of the management module cannot be obtained, thus ensuring the security of the public key of the management module. Moreover, in this process, the asymmetric encryption method is used, which has high security performance, and the public key is much smaller than the communication data, so the time consumed in the encryption and decryption process is limited. , it will not significantly affect the efficiency of communication. It can be understood that, in order to reduce unnecessary communication, the metering module initiating an acquisition request to the management module is specifically: initiating an acquisition request when the metering module detects that it is powered on or detects that the management module is replaced.

计量模组中添加有随机数生成器,随机数生成器的作用是生成随机数,之所以选择生成随机数而不是一个固定的数,是考虑到后续在对称加密过程中,可以保证通信数据的安全性。因为后续要用随机数作为对称加密算法中的加密密钥,对通信数据进行对称加密,所以随机数在传输给管理模组的过程中,也需要保证其安全性。故在得到随机数后,计量模组用得到的管理模组的公钥对随机数进行非对称加密得到随机数密文。通过传输随机数密文要比直接传输随机数的安全性更高。管理模组在得到随机数密文后,通过其私钥对随机数密文进行非对称解密,从而得到了随机数,至此,管理模组和计量模组实现了加密密钥的同步。当管理模组和计量模组之间产生通信数据传输请求时,二者可以通过随机数作为加密密钥对通信数据进行加密或解密。在一种场景中,管理模组作为发送端,计量模组作为接收端,则管理模组将通信数据通过随机数进行加密,得到通信数据密文,然后发送至计量模组。计量模组在得到通信数据密文后,用随机数进行解密,得到通信数据明文。可以理解的是,对于管理模组和计量模组来说,都可以作为发送端,也都可以作为接收端,那么对应的,也都可以对通信数据加密,也都可以对通信数据解密。A random number generator is added to the metering module. The function of the random number generator is to generate random numbers. The reason why we choose to generate random numbers instead of a fixed number is to consider that in the subsequent symmetric encryption process, the communication data can be guaranteed. safety. Because the random number is used as the encryption key in the symmetric encryption algorithm to encrypt the communication data symmetrically, the security of the random number needs to be ensured when it is transmitted to the management module. Therefore, after obtaining the random number, the metering module performs asymmetric encryption on the random number with the obtained public key of the management module to obtain the random number ciphertext. It is more secure to transmit random number ciphertext than to transmit random number directly. After the management module obtains the random number ciphertext, it asymmetrically decrypts the random number ciphertext through its private key, thereby obtaining the random number. So far, the management module and the metering module have realized the synchronization of the encryption keys. When a communication data transmission request is generated between the management module and the metering module, the two can encrypt or decrypt the communication data by using a random number as an encryption key. In one scenario, the management module is used as the sender and the metering module is used as the receiver. The management module encrypts the communication data with random numbers to obtain the ciphertext of the communication data, and then sends it to the measurement module. After obtaining the ciphertext of the communication data, the metering module decrypts it with a random number to obtain the plaintext of the communication data. It can be understood that, for the management module and the metering module, both can be used as a sender and a receiver, so correspondingly, both can encrypt and decrypt the communication data.

本实施例提供的应用于电能表的数据加密方法,由计量模组实现,具体包括:向管理模组发起获取请求,以获取管理模组的公钥密文;在得到公钥密文后,用认证终端的认证公钥对公钥密文解密以得到管理模组的公钥。再通过管理模组的公钥对随机数生成器生成的随机数进行加密得到随机数密文,并发送至管理模组,使得管理模组可以通过管理模组的私钥对随机数密文解密得到随机数实现加密密钥的同步。最后,当产生通信数据传输请求时,通过随机数作为加密密钥对通信数据进行加密或解密。由此可见,本技术方案中,管理模组的公钥和随机数的数据量较小,故对其进行了非对称加密,能够克服非对称加密带来的计算量大的问题,且安全性较高;而通信数据的数据量较大,故对其进行了对称加密,并且对称加密所使用的加密密钥是随机数,是随机生成的,故不需要管理大数据库,因此,能够克服对称加密算法需要管理大数据库的问题。The data encryption method applied to the electric energy meter provided in this embodiment is implemented by the metering module, and specifically includes: initiating an acquisition request to the management module to acquire the public key ciphertext of the management module; after obtaining the public key ciphertext, Decrypt the public key ciphertext with the authentication public key of the authentication terminal to obtain the public key of the management module. Then encrypt the random number generated by the random number generator with the public key of the management module to obtain the random number ciphertext, and send it to the management module, so that the management module can decrypt the random number ciphertext through the private key of the management module Obtain random numbers to synchronize encryption keys. Finally, when a communication data transmission request is generated, the communication data is encrypted or decrypted by using the random number as an encryption key. It can be seen that in this technical solution, the data volume of the public key and random number of the management module is small, so asymmetric encryption is performed on them, which can overcome the problem of large amount of calculation caused by asymmetric encryption, and is more secure. The communication data has a large amount of data, so it is symmetrically encrypted, and the encryption key used in the symmetrical encryption is a random number, which is randomly generated, so there is no need to manage a large database, so it can overcome the symmetry Encryption algorithms need to manage the problem of large databases.

在上述实施例的基础上,作为优选地实施方式,计量模组在获取管理模组的公钥密文时,还包括:On the basis of the above embodiment, as a preferred implementation manner, when the metering module acquires the public key ciphertext of the management module, it further includes:

获取管理模组的数字签名证书;Obtain the digital signature certificate of the management module;

根据认证公钥对数字签名证书进行验签,并判断是否验签通过,如果是,则进入步骤S11。The digital signature certificate is verified according to the authentication public key, and it is judged whether the verification is passed, and if yes, the process goes to step S11.

本实施中,计量模组在发起获取请求时,获取管理模组的公钥数字签名证书。数字签名证书的作用是验证管理模组的合法性。具体的,数字签名证书由认证终端生成,并发送至管理模组。In this implementation, the metering module obtains the public key digital signature certificate of the management module when initiating the obtaining request. The role of the digital signature certificate is to verify the legitimacy of the management module. Specifically, the digital signature certificate is generated by the authentication terminal and sent to the management module.

通过本实施例中,数字签名证书的使用,可以进一步提高双芯间通信数据传输的安全性。Through the use of the digital signature certificate in this embodiment, the security of data transmission between the two-core communication can be further improved.

为了让本领域技术人员更加清楚本方案,将对数字签名证书的生成和颁发过程进行说明。图6为本申请实施例提供的一种数字签名证书生成的示意图。In order to make the solution more clear to those skilled in the art, the generation and issuance process of the digital signature certificate will be described. FIG. 6 is a schematic diagram of generating a digital signature certificate according to an embodiment of the present application.

1)数字签名证书的生成过程1) The generation process of the digital signature certificate

IR46电能表管理模组在供货检定过程中,EPCA在检定室等安全环境下进行以下步骤:During the supply verification process of the IR46 energy meter management module, EPCA performs the following steps in a safe environment such as the verification room:

S100:认证终端获取管理模组的公钥(KEY_M);S100: The authentication terminal obtains the public key (KEY_M) of the management module;

S101:认证终端使用认证私钥加密管理模组的公钥(KEY_M)得到公钥密文C_KEY_M;S101: The authentication terminal uses the authentication private key to encrypt the public key (KEY_M) of the management module to obtain the public key ciphertext C_KEY_M;

S102:认证终端使用哈希函数对公钥密文C_KEY_M进行哈希运算,产生公钥密文摘要;S102: The authentication terminal uses a hash function to perform a hash operation on the public key ciphertext C_KEY_M to generate a public key ciphertext digest;

S103:认证终端再使用认证私钥对公钥密文摘要调用数字签名算法实现对公钥密文摘要加密以得到数字签名。S103: The authentication terminal then uses the authentication private key to invoke a digital signature algorithm on the public key ciphertext digest to encrypt the public key ciphertext digest to obtain a digital signature.

S104:认证终端通过所述公钥密文及所述数字签名组成数字签名证书。S104: The authentication terminal composes a digital signature certificate by using the public key ciphertext and the digital signature.

2)数字签名证书的颁发过程2) Issuing process of digital signature certificate

数字签名证书颁发由EPCA机构唯一执行,EPCA通过认证终端与管理模组进行嵌入式安全控制模块(ESAM)进行安全认证;The issuance of the digital signature certificate is exclusively performed by the EPCA organization, and EPCA conducts security certification through the embedded security control module (ESAM) through the authentication terminal and the management module;

认证终端将生成的管理模组的数字签名证书通过ESAM密文加MAC方式进行加密签名后下发给管理模组;The authentication terminal sends the generated digital signature certificate of the management module to the management module after encrypting and signing by ESAM ciphertext and MAC;

管理模组接收密文及MAC数据后进行ESAM解密及验签;The management module performs ESAM decryption and signature verification after receiving the ciphertext and MAC data;

若管理模组解密及验签成功,则接收当前数字签名证书并保存在非易失性存储器中;否则,丢弃并报错。If the decryption and signature verification of the management module is successful, the current digital signature certificate is received and stored in the non-volatile memory; otherwise, it is discarded and an error is reported.

图7为本申请实施例提供的一种计量模组进行数字验签的示意图。在计量模组侧,数字签名证书的验签需要由计量模组预先存储的认证公钥进行验签,包括如下步骤:FIG. 7 is a schematic diagram of digital signature verification performed by a metering module according to an embodiment of the present application. On the metering module side, the verification of the digital signature certificate needs to be verified by the authentication public key pre-stored by the metering module, including the following steps:

S110:计量模组是否检测到上电或管理模组更换,如果是,则进入S111;S110: Whether the metering module detects power-on or replacement of the management module, if so, enter S111;

S111:获取数字签名证书;S111: Obtain a digital signature certificate;

S112:利用认证公钥对数字签名证书验签,并判断是否验签通过,如果是,则进入S113,否则,进入S114;S112: Use the authentication public key to verify the digital signature certificate, and determine whether the verification is passed, if so, go to S113, otherwise, go to S114;

S113:接收数字签名证书。S113: Receive a digital signature certificate.

S114:报错。S114: An error is reported.

可以理解的是,如果能够验签通过,则表明一同获取的公钥密文也是合法的,如果验签不通过,则说明一同获取的公钥密文也是不合法的,直接丢弃处理。可以理解的是,如果验签通过后,则继续执行S11及后续步骤即可,本实施例不再赘述。It is understandable that if the signature verification can be passed, it means that the public key ciphertext obtained together is also valid, and if the signature verification fails, it means that the public key ciphertext acquired together is also invalid, and is directly discarded. It can be understood that, if the signature verification is passed, it is sufficient to continue to perform S11 and subsequent steps, which will not be repeated in this embodiment.

在上述实施例的基础上,当通信数据传输请求为发送数据时,还包括:On the basis of the above embodiment, when the communication data transmission request is to send data, it also includes:

对通信数据进行累加和校验。Accumulate and check the communication data.

需要说明的是,对通信数据先进行累加和校验或者对通信数据线进行加密都是可以的,不影响本申请方案的实现。It should be noted that it is possible to perform accumulation and verification on the communication data first or to encrypt the communication data line, which does not affect the implementation of the solution of the present application.

针对双芯间关键交互数据,通信数据的类型包含:运行参数、电能量、时钟、瞬时量、运行状态量等关键参数。举例说明:假设发送端通信数据为X,通过对称加密后变成了Y,但Y在传输过程中因总线干扰发生了某些数据位的变位,导致接收端接收到的密文数据变成了Z,当接收端使用与发送端同一对称加密算法及加密密钥解密后,将不能得到正确数据X。For the key interactive data between the two cores, the types of communication data include: key parameters such as operating parameters, electrical energy, clock, instantaneous quantity, and operating state quantity. For example: Assume that the communication data of the sender is X, which becomes Y after symmetric encryption, but some data bits of Y are shifted due to bus interference during the transmission process, resulting in the ciphertext data received by the receiver. If Z is entered, when the receiver uses the same symmetric encryption algorithm and encryption key as the sender to decrypt, the correct data X cannot be obtained.

为了解决这个问题,我们使用通信数据计算累加和SUM,将通信数据及SUM一起加密后进行传输,当服务器收到密文数据后,解密后使用明文通信数据重新计算校验和CHECK_SUM,并比对SUM与CHECK_SUM是否一致,若一致,则接收数据,否则做丢弃处理。在其他实施例中,若不一致时,还可以异常应答发送端,发送端收到异常应答帧后做容错重发处理。以下给出一种具体实现方式,步骤包括如下:In order to solve this problem, we use the communication data to calculate the cumulative sum SUM, encrypt the communication data and SUM together and transmit it. When the server receives the ciphertext data, it decrypts and uses the plaintext communication data to recalculate the checksum CHECK_SUM, and compares Whether the SUM and CHECK_SUM are consistent, if they are consistent, receive the data, otherwise discard the data. In other embodiments, if there is an inconsistency, the sending end may also respond abnormally, and the sending end performs error-tolerant retransmission processing after receiving the abnormal response frame. A specific implementation is given below, and the steps include the following:

1)发送端计算通信数据(DATA)累加和(SUM),累加和为DATA的所有各字节的模256的和,即各字节二进制算术和,不计超过256的溢出值;1) The sender calculates the cumulative sum (SUM) of the communication data (DATA), and the cumulative sum is the sum of the modulo 256 of all the bytes of the DATA, that is, the binary arithmetic sum of each byte, excluding the overflow value exceeding 256;

2)发送端调用LIB库中对称加密算法及双芯同步后的对称加密算法的加密密钥加密DATA及累加和SUM;2) The sender calls the symmetric encryption algorithm in the LIB library and the encryption key encryption DATA and accumulated sum SUM of the symmetric encryption algorithm after dual-core synchronization;

3)发送端发送加密后密文给接收端;3) The sender sends the encrypted ciphertext to the receiver;

4)接收端接收到密文后,调用LIB库中对称加密算法及双芯同步后的对称加密算法的加密密钥对接收到的密文进行解密操作;4) After receiving the ciphertext, the receiving end invokes the encryption key of the symmetric encryption algorithm in the LIB library and the symmetric encryption algorithm after dual-core synchronization to decrypt the received ciphertext;

5)接收端使用解密后数据DATA重新计算累加和(CHECK_SUM);5) The receiver uses the decrypted data DATA to recalculate the accumulated sum (CHECK_SUM);

6)接收端比对解密后的SUM与CHECK_SUM是否一致;6) The receiving end compares whether the decrypted SUM is consistent with CHECK_SUM;

7)若SUM与CHECK_SUM一致,接收端接收DATA,并正常应答发送端;7) If the SUM is consistent with CHECK_SUM, the receiver receives the DATA and responds to the sender normally;

8)若SUM与CHECK_SUM不一致,接收端丢弃DATA,并异常应答发送端。8) If the SUM and CHECK_SUM are inconsistent, the receiver discards the DATA and abnormally replies to the sender.

在其他实施例中,当发送端收到接收端异常应答后,重新发起上一帧数据重发机制,重发次数可以根据实际情况而定,例如,可以为3次。In other embodiments, after the sender receives the abnormal response from the receiver, it re-initiates the data retransmission mechanism of the previous frame, and the number of retransmissions may be determined according to the actual situation, for example, it may be 3 times.

由此可见,通过对通信数据进行累加和校验可以防止通信数据在传输过程中出错而无法知悉的问题,提高了数据传输的准确性。It can be seen that, by accumulating and verifying the communication data, the problem that the communication data cannot be known due to errors in the transmission process can be prevented, and the accuracy of the data transmission can be improved.

以上实施例中对于计量模组侧的实施例进行了详细说明,本申请还提供对于管理模组侧的实施例。图8为本申请实施例提供的另一种应用于电能表的数据加密方法的流程图。如图8所示,该方法应用于管理模组,包括:The embodiments on the metering module side are described in detail in the above embodiments, and the present application also provides embodiments on the management module side. FIG. 8 is a flowchart of another data encryption method applied to an electric energy meter according to an embodiment of the present application. As shown in Figure 8, the method is applied to the management module, including:

S20:根据计量模组发起的获取请求向计量模组发送管理模组的公钥密文;其中,公钥密文通过认证终端的认证私钥对管理模组的公钥加密得到;S20: Send the public key ciphertext of the management module to the metering module according to the acquisition request initiated by the metering module; wherein, the public key ciphertext is obtained by encrypting the public key of the management module with the authentication private key of the authentication terminal;

S21:接收计量模组发送的随机数密文;其中,随机数密文为计量模组用管理模组的公钥对随机数生成器生成的随机数进行加密得到,管理模组的公钥为计量模组用认证终端的认证公钥对公钥密文解密得到;S21: Receive the random number ciphertext sent by the metering module; wherein, the random number ciphertext is obtained by the metering module encrypting the random number generated by the random number generator with the public key of the management module, and the public key of the management module is The metering module decrypts the public key ciphertext with the authentication public key of the authentication terminal;

S22:通过管理模组的私钥对随机数密文解密得到随机数;S22: Decrypt the random number ciphertext through the private key of the management module to obtain a random number;

S23:当产生通信数据传输请求时,通过随机数作为加密密钥对通信数据进行加密或解密。S23: When a communication data transmission request is generated, use a random number as an encryption key to encrypt or decrypt the communication data.

可以理解的是,管理模组的私钥和管理模组的公钥既可以存储于片内存储器,也可以存储在片外存储器,作为优选地实施方式,当管理模组的私钥和管理模组的公钥存储于片外存储器时,还包括:It can be understood that the private key of the management module and the public key of the management module can be stored in either the on-chip memory or the off-chip memory. As a preferred implementation, when the private key of the management module and the public key of the management module When the group's public key is stored in off-chip memory, it also includes:

对管理模组的私钥和管理模组的公钥进行加密。Encrypt the private key of the management module and the public key of the management module.

由于以上实施例中,将涉及到的管理模组、认证终端等均进行了说明,故本实施例不再赘述。Since in the above embodiment, the management module, the authentication terminal, etc. involved are all described, so the description is not repeated in this embodiment.

本实施例提供的应用于电能表的数据加密方法,由管理模组实现,具体包括:向计量模组发送其公钥密文,然后接收计量模组发送的随机数密文,其中,随机数密文为计量模组用管理模组的公钥对随机数生成器生成的随机数进行加密得到,管理模组的公钥为计量模组用认证终端的认证公钥对公钥密文解密得到。最后通过管理模组的私钥对随机数密文解密得到随机数,将随机数作为加密密钥对通信数据进行加密或解密。由此可见,本技术方案中,管理模组的公钥和随机数的数据量较小,故对其进行了非对称加密,能够克服非对称加密带来的计算量大的问题,且安全性较高;而通信数据的数据量较大,故对其进行了对称加密,并且对称加密所使用的加密密钥是随机数,是随机生成的,故不需要管理大数据库,因此,能够克服对称加密算法需要管理大数据库的问题。The data encryption method applied to the electric energy meter provided in this embodiment is implemented by the management module, and specifically includes: sending the ciphertext of its public key to the metering module, and then receiving the random number ciphertext sent by the metering module, wherein the random number The ciphertext is obtained by encrypting the random number generated by the random number generator with the public key of the management module, and the public key of the management module is obtained by decrypting the ciphertext of the public key with the authentication public key of the authentication terminal by the metering module. . Finally, the random number ciphertext is decrypted by the private key of the management module to obtain a random number, and the random number is used as an encryption key to encrypt or decrypt the communication data. It can be seen that in this technical solution, the data volume of the public key and random number of the management module is small, so asymmetric encryption is performed on them, which can overcome the problem of large amount of calculation caused by asymmetric encryption, and is more secure. The communication data has a large amount of data, so it is symmetrically encrypted, and the encryption key used in the symmetrical encryption is a random number, which is randomly generated, so there is no need to manage a large database, so it can overcome the symmetry Encryption algorithms need to manage the problem of large databases.

图9为本申请实施例提供的一种计量模组和管理模组之间的交互示意图。其中,二者都采用LIB库保持所用到的算法,程序等。存储器方面,计量模组存储有认证公钥,管理模组存储有管理模组的公钥、管理模组的私钥以及数字签名证书。在密钥同步过程中,计量模组一方面生成随机数,一方面获取管理模组的数字签名证书,使用认证公钥验签,验签通过后,使用管理模组的公钥对随机数加密得到随机数密文,管理模组获取随机数密文,通过管理模组的私钥解密,解密成功,则说明该随机数的来源合法,将随机数缓存为加密密钥,并正确应答计量模组,计量模组收到管理模组正确应答帧后,计量模组也将当前随机数缓存为加密密钥;如果不成功,则说明该随机数的来源不合法,则警告提示。数据传输方面,计量模组作为发送端,管理模组作为接收端,进行通信数据传输。FIG. 9 is a schematic diagram of interaction between a metering module and a management module according to an embodiment of the present application. Among them, both use the LIB library to keep the algorithms, programs, etc. used. In terms of memory, the metering module stores the authentication public key, and the management module stores the management module's public key, the management module's private key, and a digital signature certificate. During the key synchronization process, the metering module generates random numbers on the one hand, and on the other hand, obtains the digital signature certificate of the management module, and uses the authentication public key to verify the signature. After the verification is passed, the random number is encrypted using the public key of the management module. Obtain the random number ciphertext, the management module obtains the random number ciphertext, and decrypts it through the private key of the management module. If the decryption is successful, it means that the source of the random number is legitimate, cache the random number as the encryption key, and correctly respond to the metering module. After the metering module receives the correct response frame from the management module, the metering module also caches the current random number as an encryption key; if it is unsuccessful, it means that the source of the random number is invalid, and a warning will be prompted. In terms of data transmission, the metering module acts as the sender, and the management module acts as the receiver for communication data transmission.

图10为本申请实施例提供的一种应用于电能表的数据加密装置的结构图。如图10所示,该装置应用于计量模组,该装置包括:FIG. 10 is a structural diagram of a data encryption device applied to an electric energy meter according to an embodiment of the present application. As shown in Figure 10, the device is applied to a metering module, and the device includes:

请求模块10,用于向管理模组发起获取请求,以获取管理模组的公钥密文;其中,公钥密文通过认证终端的认证私钥对管理模组的公钥加密得到;The request module 10 is used to initiate an acquisition request to the management module to obtain the public key ciphertext of the management module; wherein, the public key ciphertext is obtained by encrypting the public key of the management module with the authentication private key of the authentication terminal;

解密模块11,用于用认证终端的认证公钥对公钥密文解密以得到管理模组的公钥;The decryption module 11 is used to decrypt the public key ciphertext with the authentication public key of the authentication terminal to obtain the public key of the management module;

触发模块12,用于触发随机数生成器生成随机数;triggering module 12, used for triggering the random number generator to generate random numbers;

加密模块13,用于将随机数通过管理模组的公钥进行加密以得到随机数密文,并发送至管理模组以便管理模组通过管理模组的私钥对随机数密文解密得到随机数;The encryption module 13 is used to encrypt the random number through the public key of the management module to obtain the random number ciphertext, and send it to the management module so that the management module decrypts the random number ciphertext through the private key of the management module to obtain a random number. number;

收发模块14,用于当产生通信数据传输请求时,通过随机数作为加密密钥对通信数据进行加密或解密。The transceiver module 14 is used for encrypting or decrypting the communication data by using a random number as an encryption key when a communication data transmission request is generated.

由于装置部分的实施例与方法部分的实施例相互对应,因此装置部分的实施例请参见方法部分的实施例的描述,这里暂不赘述。Since the embodiment of the apparatus part corresponds to the embodiment of the method part, for the embodiment of the apparatus part, please refer to the description of the embodiment of the method part, which will not be repeated here.

本实施例提供的应用于电能表的数据加密装置,由计量模组实现,具体包括:向管理模组发起获取请求,以获取管理模组的公钥密文;在得到公钥密文后,用认证终端的认证公钥对公钥密文解密以得到管理模组的公钥。再通过管理模组的公钥对随机数生成器生成的随机数进行加密得到随机数密文,并发送至管理模组,使得管理模组可以通过管理模组的私钥对随机数密文解密得到随机数实现加密密钥的同步。最后,当产生通信数据传输请求时,通过随机数作为加密密钥对通信数据进行加密或解密。由此可见,本技术方案中,管理模组的公钥和随机数的数据量较小,故对其进行了非对称加密,能够克服非对称加密带来的计算量大的问题,且安全性较高;而通信数据的数据量较大,故对其进行了对称加密,并且对称加密所使用的加密密钥是随机数,是随机生成的,故不需要管理大数据库,因此,能够克服对称加密算法需要管理大数据库的问题。The data encryption device applied to the electric energy meter provided in this embodiment is realized by the metering module, and specifically includes: initiating an acquisition request to the management module to acquire the public key ciphertext of the management module; after obtaining the public key ciphertext, Decrypt the public key ciphertext with the authentication public key of the authentication terminal to obtain the public key of the management module. Then encrypt the random number generated by the random number generator with the public key of the management module to obtain the random number ciphertext, and send it to the management module, so that the management module can decrypt the random number ciphertext through the private key of the management module Obtain random numbers to synchronize encryption keys. Finally, when a communication data transmission request is generated, the communication data is encrypted or decrypted by using the random number as an encryption key. It can be seen that in this technical solution, the data volume of the public key and random number of the management module is small, so asymmetric encryption is performed on them, which can overcome the problem of large amount of calculation caused by asymmetric encryption, and is more secure. The communication data has a large amount of data, so it is symmetrically encrypted, and the encryption key used in the symmetrical encryption is a random number, which is randomly generated, so there is no need to manage a large database, so it can overcome the symmetry Encryption algorithms need to manage the problem of large databases.

图11为本申请实施例提供的另一种应用于电能表的数据加密装置的结构图。如图11所示,该装置应用于管理模组,该装置包括:FIG. 11 is a structural diagram of another data encryption device applied to an electric energy meter provided by an embodiment of the present application. As shown in Figure 11, the device is applied to a management module, and the device includes:

发送模块20,用于根据计量模组发起的获取请求向计量模组发送管理模组的公钥密文;其中,公钥密文通过认证终端的认证私钥对管理模组的公钥加密得到;The sending module 20 is configured to send the public key ciphertext of the management module to the metering module according to the acquisition request initiated by the metering module; wherein, the public key ciphertext is obtained by encrypting the public key of the management module with the authentication private key of the authentication terminal ;

接收模块21,用于接收计量模组发送的随机数密文;其中,随机数密文为计量模组用管理模组的公钥对随机数生成器生成的随机数进行加密得到,管理模组的公钥为计量模组用认证终端的认证公钥对公钥密文解密得到;The receiving module 21 is used for receiving the random number ciphertext sent by the metering module; wherein, the random number ciphertext is obtained by encrypting the random number generated by the random number generator with the public key of the management module by the metering module, and the management module The public key is obtained by the metering module decrypting the public key ciphertext with the authentication public key of the authentication terminal;

解密模块22,用于通过管理模组的私钥对随机数密文解密得到随机数;The decryption module 22 is used for decrypting the random number ciphertext through the private key of the management module to obtain a random number;

收发模块23,用于当产生通信数据传输请求时,通过随机数作为加密密钥对通信数据进行加密或解密。The transceiver module 23 is configured to encrypt or decrypt the communication data by using a random number as an encryption key when a communication data transmission request is generated.

由于装置部分的实施例与方法部分的实施例相互对应,因此装置部分的实施例请参见方法部分的实施例的描述,这里暂不赘述。Since the embodiment of the apparatus part corresponds to the embodiment of the method part, for the embodiment of the apparatus part, please refer to the description of the embodiment of the method part, which will not be repeated here.

本实施例提供的应用于电能表的数据加密装置,由管理模组实现,具体包括:向计量模组发送其公钥密文,然后接收计量模组发送的随机数密文,其中,随机数密文为计量模组用管理模组的公钥对随机数生成器生成的随机数进行加密得到,管理模组的公钥为计量模组用认证终端的认证公钥对公钥密文解密得到。最后通过管理模组的私钥对随机数密文解密得到随机数,将随机数作为加密密钥对通信数据进行加密或解密。由此可见,本技术方案中,管理模组的公钥和随机数的数据量较小,故对其进行了非对称加密,能够克服非对称加密带来的计算量大的问题,且安全性较高;而通信数据的数据量较大,故对其进行了对称加密,并且对称加密所使用的加密密钥是随机数,是随机生成的,故不需要管理大数据库,因此,能够克服对称加密算法需要管理大数据库的问题。The data encryption device applied to the electric energy meter provided in this embodiment is implemented by the management module, and specifically includes: sending its public key ciphertext to the metering module, and then receiving the random number ciphertext sent by the metering module, wherein the random number The ciphertext is obtained by encrypting the random number generated by the random number generator with the public key of the management module, and the public key of the management module is obtained by decrypting the ciphertext of the public key with the authentication public key of the authentication terminal by the metering module. . Finally, the random number ciphertext is decrypted by the private key of the management module to obtain a random number, and the random number is used as an encryption key to encrypt or decrypt the communication data. It can be seen that in this technical solution, the data volume of the public key and random number of the management module is small, so asymmetric encryption is performed on them, which can overcome the problem of large amount of calculation caused by asymmetric encryption, and is more secure. The communication data has a large amount of data, so it is symmetrically encrypted, and the encryption key used in the symmetrical encryption is a random number, which is randomly generated, so there is no need to manage a large database, so it can overcome the symmetry Encryption algorithms need to manage the problem of large databases.

最后,本申请还提供一种计算机可读存储介质对应的实施例。计算机可读存储介质上存储有计算机程序,计算机程序被处理器执行时实现如上述方法实施例(可以是管理模组侧对应的方法、也可以是计量模组侧对应的方法,还可以是管理模组侧和计量模组侧对应的方法)中记载的步骤。Finally, the present application also provides an embodiment corresponding to a computer-readable storage medium. A computer program is stored on the computer-readable storage medium, and when the computer program is executed by the processor, the above-mentioned method embodiments (may be the method corresponding to the management module side, the method corresponding to the metering module side, or the management module side) are implemented. The steps described in the corresponding method on the module side and the metering module side).

可以理解的是,如果上述实施例中的方法以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。It can be understood that, if the methods in the above embodiments are implemented in the form of software functional units and sold or used as independent products, they may be stored in a computer-readable storage medium. Based on this understanding, the technical solutions of the present application can be embodied in the form of software products in essence, or the parts that contribute to the prior art, or all or part of the technical solutions, and the computer software products are stored in a storage medium , execute all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other media that can store program codes .

以上对本申请所提供的应用于电能表的数据加密方法、装置及存储介质进行了详细介绍。说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似部分互相参见即可。对于实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。应当指出,对于本技术领域的普通技术人员来说,在不脱离本申请原理的前提下,还可以对本申请进行若干改进和修饰,这些改进和修饰也落入本申请权利要求的保护范围内。The data encryption method, device and storage medium provided in the present application and applied to an electric energy meter are described in detail above. The various embodiments in the specification are described in a progressive manner, and each embodiment focuses on the differences from other embodiments, and the same and similar parts between the various embodiments can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant part can be referred to the description of the method. It should be pointed out that for those of ordinary skill in the art, without departing from the principles of the present application, several improvements and modifications can also be made to the present application, and these improvements and modifications also fall within the protection scope of the claims of the present application.

还需要说明的是,在本说明书中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should also be noted that, in this specification, relational terms such as first and second, etc. are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply these entities or operations. There is no such actual relationship or sequence between operations. Moreover, the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that a process, method, article or device that includes a list of elements includes not only those elements, but also includes not explicitly listed or other elements inherent to such a process, method, article or apparatus. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in a process, method, article or apparatus that includes the element.

Claims (10)

1. A data encryption method applied to an electric energy meter is characterized in that the method is applied to a metering module and comprises the following steps:
initiating an acquisition request to a management module to acquire a public key ciphertext of the management module; the public key ciphertext is obtained by encrypting the public key of the management module through an authentication private key of an authentication terminal;
decrypting the public key ciphertext by using the authentication public key of the authentication terminal to obtain a public key of the management module;
triggering a random number generator to generate a random number;
encrypting the random number through a public key of the management module to obtain a random number ciphertext, and sending the random number ciphertext to the management module so that the management module decrypts the random number ciphertext through a private key of the management module to obtain the random number;
when a communication data transmission request is generated, communication data is encrypted or decrypted by using the random number as an encryption key.
2. The data encryption method according to claim 1, when obtaining the public key cryptograph of the management module, further comprising:
acquiring a digital signature certificate of the management module; the digital signature certificate is generated by the authentication terminal and is sent to the management module;
checking the digital signature certificate according to the authentication public key, and judging whether the digital signature certificate passes the checking;
if so, the step of decrypting the public key ciphertext by using the authentication public key of the authentication terminal to obtain the public key of the management module is carried out.
3. The data encryption method according to claim 2, wherein the encrypting the public key of the management module by the public key cryptograph through the authentication private key of the authentication terminal specifically comprises:
the authentication terminal acquires a public key of the management module;
the authentication terminal encrypts the public key of the management module through the authentication private key to obtain the public key ciphertext;
the generating, by the authentication terminal, the digital signature certificate specifically includes:
performing Hash operation on the public key ciphertext to obtain a public key ciphertext abstract;
encrypting the public key ciphertext abstract through the authentication private key to obtain the digital signature;
and forming a digital signature certificate through the public key ciphertext and the digital signature.
4. The data encryption method according to any one of claims 1 to 3, wherein when the communication data transmission request is transmission data, further comprising:
and accumulating and checking the communication data.
5. The data encryption method according to claim 1, wherein the sending the acquisition request to the management module specifically comprises: and initiating the acquisition request when the metering module detects power-on or detects replacement of the management module.
6. A data encryption method applied to an electric energy meter is characterized by being applied to a management module, and the method comprises the following steps:
sending the public key ciphertext of the management module to the metering module according to an acquisition request initiated by the metering module; the public key ciphertext is obtained by encrypting the public key of the management module through an authentication private key of an authentication terminal;
receiving a random number ciphertext sent by the metering module; the random number ciphertext is obtained by encrypting the random number generated by the random number generator by the metering module through the public key of the management module, and the public key of the management module is obtained by decrypting the public key ciphertext through the authentication public key of the authentication terminal by the metering module;
decrypting the random number ciphertext through a private key of the management module to obtain the random number;
when a communication data transmission request is generated, communication data is encrypted or decrypted by using the random number as an encryption key.
7. The data encryption method of claim 6, wherein when the private key of the management module and the public key of the management module are stored in an off-chip memory, further comprising:
and encrypting the private key of the management module and the public key of the management module.
8. The utility model provides a be applied to data encryption device of electric energy meter which characterized in that is applied to the measurement module, and the device includes:
the request module is used for initiating an acquisition request to the management module so as to acquire the public key ciphertext of the management module; the public key ciphertext is obtained by encrypting the public key of the management module through an authentication private key of an authentication terminal;
the decryption module is used for decrypting the public key ciphertext by using the authentication public key of the authentication terminal to obtain the public key of the management module;
the trigger module is used for triggering the random number generator to generate a random number;
the encryption module is used for encrypting the random number through the public key of the management module to obtain a random number ciphertext and sending the random number ciphertext to the management module so that the management module can decrypt the random number ciphertext through the private key of the management module to obtain the random number;
and the transceiving module is used for encrypting or decrypting the communication data by using the random number as an encryption key when the communication data transmission request is generated.
9. The utility model provides a be applied to data encryption device of electric energy meter which characterized in that is applied to the management module, and the device includes:
the sending module is used for sending the public key ciphertext of the management module to the metering module according to the acquisition request initiated by the metering module; the public key ciphertext is obtained by encrypting the public key of the management module through an authentication private key of an authentication terminal;
the receiving module is used for receiving the random number ciphertext sent by the metering module; the random number ciphertext is obtained by encrypting the random number generated by the random number generator by the metering module through the public key of the management module, and the public key of the management module is obtained by decrypting the public key ciphertext through the authentication public key of the authentication terminal by the metering module;
the decryption module is used for decrypting the random number ciphertext through a private key of the management module to obtain the random number;
and the transceiving module is used for encrypting or decrypting the communication data by using the random number as an encryption key when the communication data transmission request is generated.
10. A computer-readable storage medium, characterized in that a computer program is stored thereon, which, when being executed by a processor, carries out the steps of the data encryption method applied to an electric energy meter according to any one of claims 1 to 7.
CN202010093609.3A 2020-02-14 2020-02-14 Data encryption method and device applied to electric energy meter and storage medium Active CN111343164B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010093609.3A CN111343164B (en) 2020-02-14 2020-02-14 Data encryption method and device applied to electric energy meter and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010093609.3A CN111343164B (en) 2020-02-14 2020-02-14 Data encryption method and device applied to electric energy meter and storage medium

Publications (2)

Publication Number Publication Date
CN111343164A true CN111343164A (en) 2020-06-26
CN111343164B CN111343164B (en) 2022-07-01

Family

ID=71186907

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010093609.3A Active CN111343164B (en) 2020-02-14 2020-02-14 Data encryption method and device applied to electric energy meter and storage medium

Country Status (1)

Country Link
CN (1) CN111343164B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111768608A (en) * 2020-07-16 2020-10-13 南方电网数字电网研究院有限公司 Data transmission method and device based on double-core intelligent electric meter and computer equipment
CN112202549A (en) * 2020-09-02 2021-01-08 深圳市车电网络有限公司 Charging management method, charging terminal data processing method and charging management platform data processing method
CN112395353A (en) * 2020-10-27 2021-02-23 中国电力科学研究院有限公司 Intelligent electric energy meter quality data sharing method and system based on alliance chain
CN112507359A (en) * 2020-12-08 2021-03-16 湖南炬神电子有限公司 Shared charger encryption and decryption method and system
CN112769764A (en) * 2020-12-23 2021-05-07 南方电网电力科技股份有限公司 Metering data transmission key storage method of instrument and transmission method and device thereof
CN115114673A (en) * 2022-06-23 2022-09-27 北谷电子有限公司 Permission management and control system and method of Lib library
CN115201561A (en) * 2021-04-09 2022-10-18 浙江正泰仪器仪表有限责任公司 Electric energy meter data transmission system, control method and electric energy meter
CN115290970A (en) * 2022-07-15 2022-11-04 威胜集团有限公司 Modular multifunctional circuit and intelligent electric energy meter

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060206433A1 (en) * 2005-03-11 2006-09-14 Elster Electricity, Llc. Secure and authenticated delivery of data from an automated meter reading system
CN103201979A (en) * 2010-09-07 2013-07-10 费伯普恩特有限公司 A modular combined optical data network and independent DC power distribution system
CN103679062A (en) * 2013-12-23 2014-03-26 上海贝岭股份有限公司 Intelligent electric meter main control chip and security encryption method
CN106501599A (en) * 2016-10-17 2017-03-15 国家电网公司 Twin-core electric energy meter data exchange validity determines method and system and twin-core electric energy meter

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060206433A1 (en) * 2005-03-11 2006-09-14 Elster Electricity, Llc. Secure and authenticated delivery of data from an automated meter reading system
CN103201979A (en) * 2010-09-07 2013-07-10 费伯普恩特有限公司 A modular combined optical data network and independent DC power distribution system
CN103679062A (en) * 2013-12-23 2014-03-26 上海贝岭股份有限公司 Intelligent electric meter main control chip and security encryption method
CN106501599A (en) * 2016-10-17 2017-03-15 国家电网公司 Twin-core electric energy meter data exchange validity determines method and system and twin-core electric energy meter

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111768608A (en) * 2020-07-16 2020-10-13 南方电网数字电网研究院有限公司 Data transmission method and device based on double-core intelligent electric meter and computer equipment
CN111768608B (en) * 2020-07-16 2021-06-04 南方电网数字电网研究院有限公司 Data transmission method and device based on double-core intelligent electric meter and computer equipment
CN112202549A (en) * 2020-09-02 2021-01-08 深圳市车电网络有限公司 Charging management method, charging terminal data processing method and charging management platform data processing method
CN112395353A (en) * 2020-10-27 2021-02-23 中国电力科学研究院有限公司 Intelligent electric energy meter quality data sharing method and system based on alliance chain
CN112507359A (en) * 2020-12-08 2021-03-16 湖南炬神电子有限公司 Shared charger encryption and decryption method and system
CN112507359B (en) * 2020-12-08 2021-09-07 湖南炬神电子有限公司 Shared charger encryption and decryption method and system
CN112769764A (en) * 2020-12-23 2021-05-07 南方电网电力科技股份有限公司 Metering data transmission key storage method of instrument and transmission method and device thereof
CN115201561A (en) * 2021-04-09 2022-10-18 浙江正泰仪器仪表有限责任公司 Electric energy meter data transmission system, control method and electric energy meter
CN115201561B (en) * 2021-04-09 2023-10-24 浙江正泰仪器仪表有限责任公司 Electric energy meter data transmission system, control method and electric energy meter
CN115114673A (en) * 2022-06-23 2022-09-27 北谷电子有限公司 Permission management and control system and method of Lib library
CN115290970A (en) * 2022-07-15 2022-11-04 威胜集团有限公司 Modular multifunctional circuit and intelligent electric energy meter

Also Published As

Publication number Publication date
CN111343164B (en) 2022-07-01

Similar Documents

Publication Publication Date Title
CN111343164A (en) Data encryption method and device applied to electric energy meter and storage medium
CN111131278B (en) Data processing method and device, computer storage medium and electronic equipment
US20070257813A1 (en) Secure network bootstrap of devices in an automatic meter reading network
CN107678763A (en) Electric energy meter upgrade method and system based on digital signature technology
CN101977193A (en) Method and system for safely downloading certificate
CN107046531A (en) The data processing method and system of the data access Power Information Network of monitoring terminal
CN113312608B (en) A time stamp-based power metering terminal identity authentication method and system
CN105991569A (en) Safe transmission method of TLS communication data
CN111435390B (en) A safety protection method for power distribution terminal operation and maintenance tools
CN102970676B (en) A kind of method handled initial data, Internet of things system and terminal
CN109450854A (en) A kind of distribution terminal communication security protection method and system
CN104579679A (en) Wireless public network data forwarding method for rural power distribution network communication equipment
CN110110534A (en) A kind of FPGA safe operation system and method
CN111711625A (en) A power system information security encryption system based on distribution terminal
CN111783078A (en) Android platform security chip control system
CN104009842A (en) Communication data encryption and decryption method based on DES encryption algorithm, RSA encryption algorithm and fragile digital watermarking
CN112217635A (en) Information encryption transmission method and system based on block chain and high-speed password card
CN115037474B (en) USB PD protocol chip and identity authentication method
BR102019005184B1 (en) METHOD AND SYSTEM FOR PROVISIONING A SAFE TERMINAL
CN111435389B (en) A safety protection system for power distribution terminal operation and maintenance tools
CN113591109B (en) Method and system for communication between trusted execution environment and cloud
CN120956504A (en) Methods, devices, storage media, and program products for secure communication between host computer and ECU
CN110830413B (en) Communication method, client, server, communication device and system
CN102594564A (en) Equipment for traffic guidance information security management
CN114866307A (en) Power distribution terminal security encryption method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant