CN113645623B

CN113645623B - A remote fee control system, security authentication method and fee control device

Info

Publication number: CN113645623B
Application number: CN202111057241.6A
Authority: CN
Inventors: 巨汉基; 王杰; 崔文武; 祝恩国; 刘晓天; 郭皎; 杜跃; 燕凯; 郭磊; 王亚超; 李文文; 赵思翔; 张旭; 刘译聪; 妙红英; 杨虎岳; 何光; 张晶
Original assignee: Beijing Tenhe Electronic Technology Co ltd; State Grid Corp of China SGCC; State Grid Jibei Electric Power Co Ltd
Current assignee: Beijing Tenhe Electronic Technology Co ltd; State Grid Corp of China SGCC; State Grid Jibei Electric Power Co Ltd
Priority date: 2021-09-09
Filing date: 2021-09-09
Publication date: 2023-08-01
Anticipated expiration: 2041-09-09
Also published as: CN113645623A

Abstract

The application provides a remote fee control system, a security authentication method and a fee control device. The remote fee control system includes a master station and a smart meter, and also includes an application agent and a fee control device. The application agent is located in the grid intranet, and the fee control device is located in the user terminal; among them: a two-way authentication security channel is established between the application agent and the fee control device , the cost control device and the smart meter establish a link through a local communication mechanism; the master station generates an authorization code for the smart meter, and sends the authorization code to the cost control device through a secure channel; the cost control device sends the authorization code to the smart meter through a local communication mechanism; The smart meter verifies the authorization code, opens the corresponding authorization after the verification is successful, and trusts and receives the data sent from the fee control device. The embodiment of the present invention deploys the application agent on the power grid side, provides the user with a fee control device on the user side, and realizes the secure transparent transmission of the fee control information from the main station to the smart meter, thereby solving the problem of manual on-site maintenance when a carrier line failure occurs question.

Description

A remote fee control system, security authentication method and fee control device

技术领域technical field

本申请涉及电力通讯领域，具体是一种远程费控系统、安全认证方法及费控装置。The application relates to the field of electric power communication, in particular to a remote fee control system, a security authentication method and a fee control device.

背景技术Background technique

在目前市场上的用电信息采集系统中，居民电表的费控方式越来越多的采用远程费控，当用户完成电费充值后，主站下发费控信息给集中器，集中器通过载波或无线等通信方式将费控信息下发至电表中，整个过程不需要人为干预，为用户带来了极好的使用体验。In the current electricity consumption information collection system on the market, the cost control method of residents’ electric meters is increasingly using remote cost control. The fee control information is sent to the electric meter through communication methods such as wireless or wireless, and the whole process does not require human intervention, which brings an excellent user experience to users.

但是，在实际运行中，载波通信或无线通信会受各种不确定因素的影响，存在着通信线路暂时失效的情况，此时费控信息无法及时从集中器下发至居民电表，一旦发生这种问题，就需要维护人员即时到达现场处理，如此会带来耗费人力物力、提高时间成本、降低服务质量等一系列问题。However, in actual operation, carrier communication or wireless communication will be affected by various uncertain factors, and there may be a situation where the communication line fails temporarily. This kind of problem requires maintenance personnel to arrive at the scene immediately to deal with it, which will lead to a series of problems such as consuming manpower and material resources, increasing time cost, and reducing service quality.

发明内容Contents of the invention

针对现有技术中的问题，本申请提出一种远程费控系统、安全认证方法及费控装置。Aiming at the problems in the prior art, this application proposes a remote fee control system, a security authentication method and a fee control device.

第一方面，本发明实施例提出一种远程费控系统，包括主站和智能电表，所述系统还包括应用代理和费控装置，所述应用代理位于电网内网，所述费控装置位于用户终端；其中：所述应用代理与所述费控装置之间建立双向认证的安全通道，所述费控装置与所述智能电表通过本地通信机制建立链接；所述主站生成所述智能电表的授权码，并将授权码通过所述安全通道发送给所述费控装置；所述费控装置通过所述本地通信机制向所述智能电表发送所述授权码；所述智能电表验证所述授权码，验证成功后打开对应授权，信任并接收从所述费控装置发送过来的数据。In the first aspect, the embodiment of the present invention proposes a remote fee control system, including a master station and a smart meter. The system also includes an application agent and a fee control device. The application agent is located in the grid intranet, and the fee control device is located in User terminal; wherein: a two-way authenticated security channel is established between the application agent and the fee control device, and the fee control device and the smart meter establish a link through a local communication mechanism; the master station generates the smart meter authorization code, and send the authorization code to the fee control device through the secure channel; the fee control device sends the authorization code to the smart meter through the local communication mechanism; the smart meter verifies the Authorization code, open the corresponding authorization after successful verification, trust and receive the data sent from the fee control device.

第二方面，本发明实施例还提出一种远程费控系统的安全认证方法，所述系统包括主站、智能电表、应用代理和费控装置，所述应用代理位于电网内网，所述费控装置位于用户终端，该远程费控系统的安全认证方法包括所述费控装置与所述应用代理之间的双向认证，以及所述费控装置与所述智能电表的双向认证；其中：所述费控装置与所述智能电表的双向认证，包括：所述主站生成所述智能电表的授权码，并将授权码通过所述安全通道发送给所述费控装置；所述费控装置通过所述本地通信机制向所述智能电表发送所述授权码；所述智能电表验证所述授权码，验证成功后打开对应授权，信任并接收从所述费控装置发送过来的数据。In the second aspect, the embodiment of the present invention also proposes a security authentication method for a remote fee control system. The system includes a master station, a smart meter, an application agent, and a fee control device. The control device is located at the user terminal, and the security authentication method of the remote charge control system includes two-way authentication between the charge control device and the application agent, and two-way authentication between the charge control device and the smart meter; wherein: The two-way authentication between the fee control device and the smart meter includes: the master station generates an authorization code for the smart meter, and sends the authorization code to the fee control device through the secure channel; the fee control device Send the authorization code to the smart meter through the local communication mechanism; the smart meter verifies the authorization code, opens the corresponding authorization after the verification is successful, and trusts and receives the data sent from the fee control device.

第三方面，本发明实施例还提出一种费控装置，所述费控装置位于用户终端，与位于电网内网的应用代理建立连接并完成安全认证，所述费控装置包括：TLS连接建立模块，用于向所述应用代理发起TLS连接，在TLS握手过程中，使用预置的应用代理证书验证其签名，建立单向认证的TLS通道；信息收集模块，用于收集当前手机号、表ID和/或用户编号和/或交易编号，通过所述TLS通道发送给所述应用代理；验证码接收模块，用于接收所述应用代理通过运营商短信网络返回的验证码，其中，所述验证码通过以下方式生成：所述应用代理在电网系统内验证该用户合法且有有效充值操作，并且该充值对应的费控信息尚未成功下发至智能电表，验证成功后，为所述费控装置生成本次会话的验证码；验证码发送模块，用于通过所述TLS通道将所述验证码回送给所述应用代理。In the third aspect, the embodiment of the present invention also proposes a fee control device. The fee control device is located at the user terminal, establishes a connection with an application agent located on the grid intranet and completes security authentication. The fee control device includes: TLS connection establishment module, for initiating a TLS connection to the application agent, during the TLS handshake process, use the preset application agent certificate to verify its signature, and establish a TLS channel for one-way authentication; the information collection module is used to collect the current mobile phone number, form ID and/or user number and/or transaction number are sent to the application agent through the TLS channel; the verification code receiving module is used to receive the verification code returned by the application agent through the operator's short message network, wherein the The verification code is generated in the following way: the application agent verifies that the user is legal and has a valid recharge operation in the power grid system, and the charge control information corresponding to the recharge has not been successfully sent to the smart meter. The device generates a verification code for this session; the verification code sending module is configured to send the verification code back to the application agent through the TLS channel.

本发明实施例公开的远程费控系统、费控装置及安全认证方法，在电网侧的电网内网增加应用代理，在用户侧为用户提供费控装置，应用代理和费控装置实现费控信息从主站到电表间的安全透传，从而解决载波线路故障，需要人工下发费控信息的问题。本方案作为电表与主站间费控信息交互的辅助方案，可以进一步降低电力服务成本并提升用户体验。并且，本方案通过引入应用代理，并在费控装置与应用代理间建立TLS通道，实现费控装置在主站侧的安全接入；主站为特定电表生成有时效要求的授权码，发放给相应手机的费控装置，费控装置使用该授权码完成电表对费控装置的认证与授权，从而实现了用户手机费控装置在通信链路两侧的安全接入，解决了引入用户设备对电网系统带来的安全问题。In the remote fee control system, fee control device and security authentication method disclosed in the embodiments of the present invention, an application agent is added to the grid intranet on the grid side, and a fee control device is provided for the user on the user side, and the application agent and the fee control device realize fee control information Secure transparent transmission from the main station to the meter, so as to solve the problem of carrier line failure and the need to manually issue fee control information. This solution is an auxiliary solution for the exchange of fee control information between the meter and the main station, which can further reduce the cost of power services and improve user experience. In addition, this solution introduces the application agent and establishes a TLS channel between the fee control device and the application agent to realize the secure access of the fee control device on the master station side; the master station generates a time-sensitive authorization code for a specific meter and issues it to Corresponding to the charge control device of the mobile phone, the charge control device uses the authorization code to complete the authentication and authorization of the meter to the charge control device, thereby realizing the safe access of the user mobile phone charge control device on both sides of the communication link, and solving the problem of introducing user equipment to the charge control device. Security issues brought about by the grid system.

附图说明Description of drawings

图1为本发明实施例的远程费控系统的结构示意图。FIG. 1 is a schematic structural diagram of a remote fee control system according to an embodiment of the present invention.

图2为本发明实施例的实现费控App与应用代理之间的安全认证的处理流程图。Fig. 2 is a flow chart of implementing security authentication between the fee control App and the application agent according to the embodiment of the present invention.

图3为本发明实施例的智能电表本地连接的两种状态的示意图。Fig. 3 is a schematic diagram of two states of the local connection of the smart meter according to the embodiment of the present invention.

图4为本发明实施例的智能电表对费控App的安全认证的处理流程图。Fig. 4 is a flow chart of the security authentication of the fee control App by the smart meter according to the embodiment of the present invention.

图5为本发明实施例的授权码的示意图。Fig. 5 is a schematic diagram of an authorization code according to an embodiment of the present invention.

图6为本发明实施例的费控装置的结构示意图。Fig. 6 is a schematic structural diagram of a fee control device according to an embodiment of the present invention.

图7为本发明另一实施例的费控装置的结构示意图。Fig. 7 is a schematic structural diagram of a fee control device according to another embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本申请实施例中的附图，对本申请实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例仅是本申请一部分实施例，而不是全部的实施例。基于本申请中的实施例，本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例，都属于本申请保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some, not all, embodiments of the application. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

图1为本发明实施例的远程费控系统的结构示意图。如图1所示，本实施例的远程费控系统包括四个节点(子系统)，主站1、应用代理2、费控装置3和智能电表4。其中，主站1和应用代理2部署于电网内网，费控装置3安装于用户终端(例如用户手机)，智能电表4部署于用户家庭入口。FIG. 1 is a schematic structural diagram of a remote fee control system according to an embodiment of the present invention. As shown in FIG. 1 , the remote fee control system of this embodiment includes four nodes (subsystems), a master station 1 , an application agent 2 , a fee control device 3 and a smart meter 4 . Among them, the main station 1 and the application agent 2 are deployed on the grid intranet, the cost control device 3 is installed on the user terminal (such as the user's mobile phone), and the smart meter 4 is deployed at the entrance of the user's home.

主站1是部署于电网内网的电力负荷管理系统，是电网的核心管理系统之一。主站的主要功能包括抄表、负控控制、电网监测等，用户在购电后，费控信息可以从主站经集中器自动下发到智能电表。Master station 1 is a power load management system deployed on the grid intranet, and is one of the core management systems of the grid. The main functions of the main station include meter reading, load control, grid monitoring, etc. After the user purchases electricity, the cost control information can be automatically sent from the main station to the smart meter through the concentrator.

应用代理2通过电网防火墙的端口映射功能，映射为一个具有公网IP和特定端口的服务，手机App通过公网可以访问该应用代理。应用代理一方面可以透传主站和智能电表间的数据，另一方面应用代理也是一个应用层(级)的防火墙，避免主站直接暴露用户的费控装置前，避免主站受到额外的攻击，可以设置用户的黑白名单，可以提供日志、审计功能。应用代理可以部署于电网内网已有的一台服务器上，也可以独立部署于一台新的服务器上。The application proxy 2 is mapped to a service with a public network IP and a specific port through the port mapping function of the power grid firewall, and the mobile phone App can access the application proxy through the public network. On the one hand, the application agent can transparently transmit the data between the main station and the smart meter. On the other hand, the application agent is also an application layer (level) firewall, which prevents the main station from directly exposing the user's fee control device and avoids additional attacks on the main station. , you can set the black and white list of users, and provide log and audit functions. The application agent can be deployed on an existing server in the grid intranet, or independently deployed on a new server.

费控装置3可以是电网提供的获取费控信息的手机App，也可以是据通信功能的服务器设备，其上行与应用代理通信，本地与智能电表通信，费控装置3与应用代理共同完成费控信息从主站到智能电表间的安全透传。事实上，费控装置3与安全代理可以进一步扩展，承载电网与用户间的其他数据交互。本发明中，需要说明的是，费控装置，费控APP，手机费控APP是在不同实施例的不同表述方式，实则指代同一概念。The tariff control device 3 can be a mobile app provided by the power grid to obtain tariff control information, or it can be a server device with a data communication function, which communicates with the application agent in the uplink and communicates with the smart meter locally. The tariff control device 3 and the application agent jointly complete the billing Secure transparent transmission of control information from the master station to the smart meter. In fact, the fee control device 3 and the security agent can be further expanded to carry other data interactions between the power grid and users. In the present invention, it should be noted that the fee control device, the fee control APP, and the mobile phone fee control APP are different expressions in different embodiments, but actually refer to the same concept.

智能电表4是用户电能数据采集、计量和传输的设备，具备与用户终端(例如手机)进行本地通信的功能，通信方式可以是NFC、蓝牙或者红外等等，本发明不对这种本地通信方式做出具体要求。The smart meter 4 is a device for collecting, measuring and transmitting user electric energy data, and has the function of performing local communication with a user terminal (such as a mobile phone). Make specific requirements.

本发明实施例通过在电网侧部署应用代理，在用户侧为用户提供费控装置(例如手机费控App)，应用代理和费控装置实现费控信息从主站到智能电表间的安全透传，从而解决了出现载波线路故障需要人工现场维护的问题。The embodiment of the present invention deploys the application agent on the power grid side, and provides the user with a charge control device (such as a mobile phone charge control App) on the user side. The application agent and the charge control device realize the secure transparent transmission of charge control information from the main station to the smart meter. , thereby solving the problem of manual on-site maintenance required for carrier line failures.

当前的费控远程系统中，主站与智能电表间的通信链路包含三个节点，主站、集中器和智能电表，以集中器的角度来看，整个链路可以分为集中器与主站之间的上行链路和集中器与智能电表之间的本地链路，其中，上行链路以电信运营商提供的无线虚拟专网为主，本地链路以电力线载波网络为主。主站、集中器和智能电表都是电网设备，无线虚拟专网和电力线载波网络是相对封闭的网络，同时为保证数据的机密性与完整性，其上传输的敏感数据会被加密和校验，因此基于这条链路的数据传输是相对安全的。In the current fare control remote system, the communication link between the master station and the smart meter includes three nodes, the master station, the concentrator and the smart meter. From the perspective of the concentrator, the entire link can be divided into the concentrator and the master The uplink between the stations and the local link between the concentrator and the smart meter, in which the uplink is mainly based on the wireless virtual private network provided by the telecom operator, and the local link is mainly based on the power line carrier network. The master station, concentrator and smart meter are all grid equipment. The wireless virtual private network and the power line carrier network are relatively closed networks. At the same time, in order to ensure the confidentiality and integrity of the data, the sensitive data transmitted on it will be encrypted and verified. , so the data transmission based on this link is relatively safe.

本发明实施例公开的费控远程方案，将原有的三节点链路改为四节点链路，四个节点分别是主站、应用代理、位于用户终端的费控装置和智能电表。其中，主站、应用代理和智能电表是电网设备，费控装置位于用户终端，是用户设备，并且，费控装置与应用代理之间使用的是电信运营商公网，因此，怎样将用户设备(费控装置)安全接入到电网系统中，是本发明需要解决的其中一个技术问题。In the remote fee control scheme disclosed in the embodiment of the present invention, the original three-node link is changed into a four-node link, and the four nodes are respectively a main station, an application agent, a fee control device located at a user terminal, and a smart meter. Among them, the main station, the application agent and the smart meter are grid equipment, and the fee control device is located at the user terminal, which is the user equipment, and the public network of the telecom operator is used between the fee control device and the application agent. Therefore, how to connect the user equipment It is one of the technical problems to be solved by the present invention that the (fee control device) is safely connected to the power grid system.

本发明中，由于费控装置一方面通过电信运营商公网与应用代理通信，一方面通过本地连接方式与智能电表通信，因此本发明实施例的费控装置的安全接入包括费控装置与应用代理之间的安全，以及费控装置与智能电表之间的安全。In the present invention, since the fee control device communicates with the application agent through the public network of the telecom operator on the one hand, and communicates with the smart meter through a local connection on the other hand, the secure access of the fee control device in the embodiment of the present invention includes the fee control device and the smart meter. Security between application agents, and security between tariff control devices and smart meters.

费控装置与应用代理之间的安全Security between fee control device and application agent

费控装置与应用代理之间的安全，包括双方的认证和安全通道的建立，即，费控装置要对对端的应用代理做身份认证，应用代理要对费控装置做身份认证，认证成功后，建立起费控装置到应用代理之间的安全通道，该安全通道保障其上所传输数据的机密性与完整性。本实施例中，费控装置也可以是安装在用户手机中的费控APP，通过如图2所示的安全认证方法建立费控App与应用代理之间的安全通道。The security between the fee control device and the application agent includes the authentication of both parties and the establishment of a secure channel, that is, the fee control device must authenticate the application agent on the opposite end, and the application agent must perform identity authentication on the fee control device. After the authentication is successful , establishing a secure channel between the fee control device and the application agent, and the secure channel ensures the confidentiality and integrity of the data transmitted thereon. In this embodiment, the fee control device may also be a fee control APP installed in the user's mobile phone, and a secure channel between the fee control App and the application agent is established through the security authentication method shown in FIG. 2 .

步骤S201，费控App向应用代理发起TLS(Transport Layer Security，传输层安全性协议)连接，在TLS握手过程中，费控App使用预置的应用代理证书验证其签名，建立单向认证的TLS连接，其中，应用代理证书为CA签发并且预置在手机费控APP中。这个过程中完成了手机费控App对应用代理的认证，同时建立起手机费控App与应用代理间的加密通道(TLS通道)。后续手机费控App与应用代理间的所有数据传输受此加密通道保护。Step S201, the fee control App initiates a TLS (Transport Layer Security, transport layer security protocol) connection to the application proxy. During the TLS handshake process, the fee control App uses the preset application proxy certificate to verify its signature and establish a one-way authentication TLS Connection, wherein the application proxy certificate is issued by a CA and pre-installed in the mobile phone fee control APP. In this process, the authentication of the mobile phone fee control App to the application agent is completed, and an encrypted channel (TLS channel) between the mobile phone fee control App and the application agent is established at the same time. All subsequent data transmissions between the mobile phone fee control App and the application agent are protected by this encrypted channel.

步骤S202，手机费控App收集当前手机号、智能电表ID和/或用户编号和/或交易编号等信息，通过TLS通道发送给应用代理。Step S202, the mobile phone fee control App collects information such as the current mobile phone number, smart meter ID and/or user number and/or transaction number, and sends them to the application agent through a TLS channel.

步骤S203，应用代理在电网系统内验证该用户合法并且有有效充值操作，并且该充值对应的费控信息尚未成功下发至智能电表，验证成功后，为手机费控App生成本次会话的验证码。Step S203, the application agent verifies that the user is legal and has a valid recharge operation in the power grid system, and the charge control information corresponding to the recharge has not been successfully delivered to the smart meter. After the verification is successful, generate a verification of this session for the mobile phone charge control app code.

步骤S204，应用代理将验证码通过运营商短信网络发送给手机费控App。Step S204, the application agent sends the verification code to the mobile phone fee control App through the operator's SMS network.

步骤S205，手机费控App通过TLS通道将验证码回送给应用代理，完成应用代理对手机费控App的认证。至此，手机费控App与应用代理间的双向认证的安全通道建立成功。In step S205, the mobile phone fee control App sends the verification code back to the application agent through the TLS channel, and the application agent completes the authentication of the mobile phone fee control App. So far, the two-way authentication security channel between the mobile phone fee control App and the application agent has been successfully established.

费控装置与智能电表之间的安全Security between tariff control device and smart meter

费控装置与智能电表之间的安全，包括双方的安全认证和数据传输的安全。The security between the fee control device and the smart meter includes the security authentication of both parties and the security of data transmission.

费控App与智能电表之间，可以通过NFC、蓝牙、红外等方式进行通信，对于NFC和红外来说，其通信设备之间存在着非常苛刻的相对位置要求，因而其数据传输具备天然的安全性；对于蓝牙来说，其底层机制已经包括了对数据传输的安全性的保护，因此，费控App与智能电表之间的安全主要是二者之间的身份安全认证。The fee control app and the smart meter can communicate through NFC, Bluetooth, infrared, etc. For NFC and infrared, there are very strict relative position requirements between the communication devices, so the data transmission is naturally safe For Bluetooth, its underlying mechanism already includes the protection of the security of data transmission. Therefore, the security between the fee control App and the smart meter is mainly the identity security authentication between the two.

一、智能电表本地连接的接入安全1. Access security for local connections of smart meters

智能电表是一个权威的计量设备，直接关系到电网的电费收入和用户的电费支出，通常情况下不允许用户的设备或者其他第三方设备直接接入访问，以免出现对电表计量数据、计量软件的篡改。智能电表的NFC/蓝牙/红外等通信模块提供了一种本地通信方式，使得掌机、手机等移动设备可以与智能电表进行通信，但这种通信方式同时也带来了一定的安全隐患。The smart meter is an authoritative metering device, which is directly related to the electricity fee income of the grid and the electricity fee expenditure of the user. Usually, the user's equipment or other third-party equipment is not allowed to directly access to avoid the metering data and metering software. tamper. The NFC/Bluetooth/infrared communication module of the smart meter provides a local communication method, so that mobile devices such as handhelds and mobile phones can communicate with the smart meter, but this communication method also brings certain security risks.

如图3所示，本发明实施例将智能电表的本地连接分为预连接和连接两个状态，以解决上述的安全隐患问题。As shown in FIG. 3 , the embodiment of the present invention divides the local connection of the smart meter into two states of pre-connection and connection, so as to solve the aforementioned potential safety hazard.

在预连接状态，智能电表的本地连接可以与移动设备交互授权验证消息，智能电表的本地连接丢弃其他消息。In the pre-connection state, the local connection of the smart meter can exchange authorization verification messages with the mobile device, and the local connection of the smart meter discards other messages.

智能电表在预连接状态接收到授权验证消息，完成授权验证后，开启得到授权的服务，并进入到连接状态。The smart meter receives the authorization verification message in the pre-connection state, and after completing the authorization verification, starts the authorized service and enters the connection state.

在连接状态，智能电表的本地连接可以与移动设备交互已获得授权的消息并可以交互进一步的授权验证消息，智能电表的本地连接丢弃其他消息。In the connected state, the local connection of the smart meter can exchange authorized messages with the mobile device and further authorization verification messages, and the local connection of the smart meter discards other messages.

在授权结束后，智能电表关闭相关授权，电表的本地连接进入预连接状态。After the authorization ends, the smart meter closes the relevant authorization, and the local connection of the meter enters the pre-connection state.

通过以上实现方式，可以避免智能电表在本地通信方式下的安全隐患问题。Through the above implementation manner, the potential safety hazard of the smart electric meter in the local communication mode can be avoided.

二、智能电表对费控App的认证2. Smart meter authentication of fee control app

费控App只有得到主站的授权，才能通过NFC/蓝牙/红外等本地连接有效接入相应的电表，同时费控App只有在载波网络故障时才被用户使用，此时智能电表已处于离线状态无法接收主站授权，这就带来了一个难题，即离线电表怎样验证费控App的授权。The fee control app can only be effectively connected to the corresponding electric meter through local connections such as NFC/Bluetooth/infrared if it is authorized by the master station. At the same time, the charge control app is only used by the user when the carrier network fails, and the smart meter is already offline. Unable to receive the master station authorization, this brings a problem, that is, how to verify the authorization of the fee control app by the offline meter.

本发明实施例中，主站对费控App访问特定智能电表发放授权码，其中规定了费控App对该智能电表的访问权限，即，获得该授权码的费控App可以在什么时间段以什么权限访问智能电表。同时，由于费控App得到授权码，就意味着已经得到了主站的认证，所以如果费控App的授权码被智能电表验证合法，也意味着费控App自身的身份被智能电表验证合法。In the embodiment of the present invention, the main station issues an authorization code for the fee control App to access a specific smart meter, which stipulates the access authority of the fee control App to the smart meter, that is, in what time period the fee control App can obtain the authorization code. What permission to access the smart meter. At the same time, since the fee control app has obtained the authorization code, it means that it has been authenticated by the master station, so if the fee control app's authorization code is verified by the smart meter, it also means that the fee control app's own identity is verified by the smart meter.

本发明实施例建立在用采系统已有的信任链的基础上，如图4所示，通过主站为特定电表生成有时效要求的授权码，发放给相应手机的费控App，费控App使用该授权码完成该智能电表对其授权的验证，从而解决了离线智能电表怎样验证费控App授权的问题。The embodiment of the present invention is based on the existing trust chain of the mining system. As shown in Figure 4, the master station generates an authorization code with time-limited requirements for a specific meter, and issues it to the fee control App of the corresponding mobile phone. Use the authorization code to complete the verification of the authorization of the smart meter, thereby solving the problem of how to verify the authorization of the fee control App by the offline smart meter.

步骤S401，主站生成所述智能电表的授权码Step S401, the master station generates the authorization code of the smart meter

如图5所示，主站为特定电表生成的有时效要求的授权码由授权部分、授权类型、授权生命期和随机部分构成。其中：As shown in Figure 5, the time-limited authorization code generated by the master station for a specific meter consists of an authorization part, an authorization type, an authorization lifetime and a random part. in:

授权类型，即本次授权的类型，可以是费控信息下发的授权或者其他授权，授权类型为1个字节。授权类型由主站确定，以明文的形式拼接于授权码，同时，授权类型也用于计算授权码的授权部分，授权类型的完整性通过授权码的授权部分得到保护。Authorization type, that is, the type of this authorization, can be the authorization issued by the fee control information or other authorizations, and the authorization type is 1 byte. The authorization type is determined by the master station and spliced into the authorization code in plain text. At the same time, the authorization type is also used to calculate the authorization part of the authorization code. The integrity of the authorization type is protected through the authorization part of the authorization code.

授权生命周期，即本次授权的生命期时长，智能电表从授权验证成功开始计时，单位为分钟，生命期到则智能电表关闭授权。授权的生命周期由主站设定，以明文的形式拼接于授权码，同时，生命期也用于计算授权码的授权部分，生命期的完整性通过授权码的授权部分得到保护。Authorization life cycle, that is, the life time of this authorization. The smart meter starts counting when the authorization verification is successful, and the unit is minutes. When the life time expires, the smart meter closes the authorization. The life cycle of authorization is set by the master station and spliced into the authorization code in plain text. At the same time, the life cycle is also used to calculate the authorization part of the authorization code, and the integrity of the life cycle is protected through the authorization part of the authorization code.

随机部分，由主站产生，以明文的形式拼接于授权码，同时，随机部分也用于计算授权码的授权部分，其完整性通过授权码的授权部分得到保护。引入随机部分可以增强对密钥材料的保护，随机部分可以以累加的形式递增，以实现授权码的抗重放。The random part is generated by the master station and spliced into the authorization code in the form of plain text. At the same time, the random part is also used to calculate the authorization part of the authorization code, and its integrity is protected through the authorization part of the authorization code. The introduction of a random part can enhance the protection of the key material, and the random part can be incremented in the form of accumulation to realize the anti-replay of the authorization code.

授权部分，由主站计算生成，拼接成授权码后，经费控App下发给智能电表，智能电表使用授权码的授权部分进行授权验证，验证成功后，打开相应授权。The authorization part is calculated and generated by the master station. After being spliced into an authorization code, the expense control app is issued to the smart meter. The smart meter uses the authorization part of the authorization code to perform authorization verification. After the verification is successful, the corresponding authorization is opened.

本发明实施例中，授权码可通过下述的三个阶段来实现。In the embodiment of the present invention, the authorization code can be realized through the following three stages.

1)拼接授权信息1) Splicing authorization information

授权信息＝表ID||当前日级时间戳||授权类型||授权生命期||随机部分Authorization Information = Table ID||Current Date Timestamp||Authorization Type||Authorization Lifetime||Random Part

其中：in:

√||为字符串拼接操作符√|| is a string concatenation operator

√表ID指定授权码对那只电表生效。√ The authorization code specified by the meter ID is valid for that meter.

√当前日级时间戳，如20210128，即2021年1月28日，用于保障授权码时效性。主站从系统中取出当前日级时间戳，计算授权码的授权部分，电表使用自己当前的日级时间戳验证授权部分，如果验证不成功，则授权码无效。√The current day-level timestamp, such as 20210128, that is, January 28, 2021, is used to ensure the timeliness of the authorization code. The master station takes out the current day-level time stamp from the system and calculates the authorization part of the authorization code. The meter uses its own current day-level time stamp to verify the authorization part. If the verification is unsuccessful, the authorization code is invalid.

2)计算授权码的授权部分2) Calculate the authorization part of the authorization code

a)方案一，直接通过HASH计算出授权码，a) Option 1, calculate the authorization code directly through HASH,

授权部分＝HASH(密钥材料||授权信息)的前x个字节Authorization part = first x bytes of HASH(key material||authorization information)

其中：in:

HASH为单向散列(哈希)算法，在本方案中用于计算授权码，算法可选ESAM内置哈希算法，或者选择SHA1、SHA256、DM5等通用算法。HASH is a one-way hash (hash) algorithm, which is used to calculate the authorization code in this solution. The algorithm can choose ESAM built-in hash algorithm, or choose general algorithms such as SHA1, SHA256, and DM5.

密钥材料，主站与智能电表之间的共享密钥，可以是ESAM系统中的共享密钥，也可以是ESAM系统之外，主站侧维护的主站与智能电表之间其他共享密钥。The key material, the shared key between the master station and the smart meter, can be the shared key in the ESAM system, or other shared keys between the master station and the smart meter maintained by the master station side outside the ESAM system .

b)方案二，先对授权信息计算完整性摘要(MAC)，再对摘要进行HASHb) Scheme 2, first calculate the integrity summary (MAC) of the authorization information, and then perform HASH on the summary

对于共享密钥内置于ESAM并且系统不能直接访问的情况，使用方案二。For situations where the shared key is built into the ESAM and cannot be directly accessed by the system, use option two.

先将授权信息送入ESAM，计算出授权信息的完整性摘要，再对摘要进行HASH。First send the authorization information to ESAM, calculate the integrity summary of the authorization information, and then perform HASH on the summary.

授权部分＝HASH(MAC(授权信息))的前x个字节Authorization part = the first x bytes of HASH (MAC (authorization information))

ESAM中的完整性校验算法(MAC)，使用内置于ESAM中的共享密钥，计算授权信息的摘要。方案二使用ESAM计算完整性摘要再计算其HASH，以此来替代方案一中的直接计算共享密钥材料拼接授权信息的HASH。The Integrity Check Algorithm (MAC) in ESAM calculates a digest of the authorization information using the shared secret key built into ESAM. Scheme 2 uses ESAM to calculate the integrity digest and then calculates its HASH, which replaces the direct calculation of the HASH of the shared key material splicing authorization information in scheme 1.

3)拼接授权部分、授权类型、授权生命期和随机部分，生成授权码。3) Concatenate the authorization part, authorization type, authorization lifetime and random part to generate an authorization code.

举例说明：for example:

授权码中的x、y、z分别为20、4、8，即授权部分、授权生命期和随机部分分别为20个字节、4个字节和8个字节。HASH算法为MD5，采用方案一计算授权部分。The x, y, and z in the authorization code are 20, 4, and 8 respectively, that is, the authorization part, authorization lifetime, and random part are 20 bytes, 4 bytes, and 8 bytes, respectively. The HASH algorithm is MD5, and scheme 1 is used to calculate the authorization part.

主站要给电表(表ID：000000000012)发布授权，主站与该电表共享的密钥材料为3288AC56U8，当前的日级时间戳为20210128，授权类型为1(费控信息下发)，授权生命周期为60(即1小时)，随机部分为00000088。The master station needs to issue authorization to the meter (table ID: 000000000012). The key material shared by the master station and the meter is 3288AC56U8, the current day-level timestamp is 20210128, and the authorization type is 1 (delivery of fee control information). The period is 60 (ie 1 hour) and the random part is 00000088.

使用方案一进行计算，则：Using scheme one for calculation, then:

1)计算授权信息1) Calculate authorization information

授权信息＝表ID||当前日级时间戳||授权类型||授权生命期||随机部分，即000000000012||20210128||1||0060||00000088，结果即“000000000012202101281006000000088”。Authorization information = table ID||current day-level timestamp||authorization type||authorization lifetime||random part, that is, 000000000012||20210128||1||0060||00000088, and the result is "000000000012202101281006000000088".

2)将密钥材料与授权信息拼接，计算其HASH，得到授权码的授权部分：2) Splice the key material and authorization information, calculate its HASH, and obtain the authorization part of the authorization code:

MD5(“3288AC56U8000000000012202101281006000000088”)＝0x5e9ef7f960ad440da4d54188d7fdc5e4。MD5("3288AC56U8000000000012202101281006000000088") = 0x5e9ef7f960ad440da4d54188d7fdc5e4.

授权码的授权部分取哈希值的前20个字节，即5e9ef7f960ad440da4d5，The authorization part of the authorization code takes the first 20 bytes of the hash value, that is, 5e9ef7f960ad440da4d5,

3)拼接授权部分、授权类型、授权生命期和随机部分，生成授权码，3) Concatenate the authorization part, authorization type, authorization life cycle and random part to generate an authorization code,

完整授权码为5e9ef7f960ad440da4d51006000000088。The full authorization code is 5e9ef7f960ad440da4d51006000000088.

步骤S402，主站将授权码通过安全通道发送给费控装置；步骤S403，所述费控装置通过所述本地通信机制向所述智能电表发送所述授权码；Step S402, the master station sends the authorization code to the fee control device through a secure channel; Step S403, the fee control device sends the authorization code to the smart meter through the local communication mechanism;

主站生成授权码后，通过TLS通道向费控App发放该访问特定智能电表的授权码，费控App通过NFC/蓝牙/红外等本地通信机制向智能电表发送该授权码，智能电表验证该授权码。After the master station generates the authorization code, it issues the authorization code for accessing the specific smart meter to the fee control app through the TLS channel. The fee control app sends the authorization code to the smart meter through local communication mechanisms such as NFC/Bluetooth/infrared, and the smart meter verifies the authorization. code.

步骤S404，所述智能电表验证所述授权码，验证成功后打开对应授权，信任并接收从所述费控装置发送过来的数据。Step S404, the smart meter verifies the authorization code, opens the corresponding authorization after the verification is successful, trusts and receives the data sent from the fee control device.

智能电表得到待验证授权码后，通过以下步骤验证该授权码是否合法。After the smart meter obtains the authorization code to be verified, it verifies whether the authorization code is legal through the following steps.

1)拼接授权信息1) Splicing authorization information

智能电表从自己的系统中取出当前的日级时间戳、表ID，拼接待验证授权码中的授权类型、授权生命期和随机部分，得到授权信息。The smart meter takes out the current day-level time stamp and meter ID from its own system, and combines the authorization type, authorization lifetime and random part in the authorization code to be verified to obtain the authorization information.

2)使用上一步得出的授权信息，计算授权码的授权部分2) Use the authorization information obtained in the previous step to calculate the authorization part of the authorization code

a)如果待验证授权码使用方案一，则直接通过HASH计算出授权码的授权部分，a) If the authorization code to be verified uses Scheme 1, directly calculate the authorization part of the authorization code through HASH,

授权部分＝HASH(密钥材料||授权信息)的前x个字节。Authorization part = first x bytes of HASH(key material||authorization info).

b)如果待验证授权码使用方案二，则先将授权信息送入ESAM，计算出授权信息的完整性摘要，再对摘要进行HASH。b) If scheme 2 is used for the authorization code to be verified, first send the authorization information to the ESAM, calculate the integrity digest of the authorization information, and then perform HASH on the digest.

3)授权验证3) Authorization Verification

比较计算出来的授权码的授权部分和待验证授权码的授权部分，如果二者相同，则该待验证授权码合法。Comparing the calculated authorization part of the authorization code with the authorization part of the authorization code to be verified, if the two are the same, the authorization code to be verified is legal.

接续上面的例子，如果电表(表ID是000000000012，共享密钥材料是3288AC56U8)，在日级时间戳20210128接收到待验证授权码，则：Continuing the above example, if the electric meter (the meter ID is 000000000012, and the shared key material is 3288AC56U8) receives the authorization code to be verified at the day-level timestamp 20210128, then:

1)使用电表自己的数据，拼接授权信息1) Use the meter's own data to splice authorization information

授权信息＝表ID||当前日级时间戳||待验证授权码的授权类型||待验证授权码的授权生命期||待验证授权码的随机部分，即000000000012||20210128||1||0060||00000088，结果即“000000000012202101281006000000088”。Authorization information = table ID||current day-level timestamp||authorization type of authorization code to be verified||authorization lifetime of authorization code to be verified||random part of authorization code to be verified, namely 000000000012||20210128||1| |0060||00000088, the result is "000000000012202101281006000000088".

2)按方案一，计算授权码的授权部分2) According to scheme 1, calculate the authorization part of the authorization code

MD5(“3288AC56U8000000000012202101281006000000088”)＝0x5e9ef7f960ad440da4d54188d7fdc5e4MD5("3288AC56U8000000000012202101281006000000088") = 0x5e9ef7f960ad440da4d54188d7fdc5e4

授权码的授权部分取哈希值的前20个字节，即5e9ef7f960ad440da4d5。The authorization part of the authorization code takes the first 20 bytes of the hash value, that is, 5e9ef7f960ad440da4d5.

3)授权验证3) Authorization Verification

比较计算出来的授权码的授权部分和待验证授权码的授权部分，二者相同，则验证授权成功。Compare the authorization part of the calculated authorization code with the authorization part of the authorization code to be verified, and if the two are the same, the authorization verification is successful.

智能电表授权成功后，则在授权生命期内打开相应权限，在授权生命期结束后关闭相应权限。对于费控信息下发的授权，授权成功后，智能电表可以通过费控App与主站交互费控信息。After the smart meter is authorized successfully, the corresponding authority is opened within the authorized life period, and the corresponding authority is closed after the authorized life period ends. For the authorization of fee control information distribution, after the authorization is successful, the smart meter can exchange fee control information with the main station through the fee control App.

本发明实施例中，授权码设计简单，具有灵活、安全的特点，同时兼顾了授权的粒度和时效。In the embodiment of the present invention, the authorization code is simple in design, flexible and safe, and at the same time takes into account the granularity and timeliness of authorization.

1)主站生成授权码的过程中使用了被授权电表的共享密钥材料和表ID，因此，授权码的授权粒度可以精确到单个电表。1) The master station uses the shared key material and meter ID of the authorized meter in the process of generating the authorization code. Therefore, the authorization granularity of the authorization code can be accurate to a single meter.

2)主站生成授权码的过程中使用了当前的日级时间戳，日级时间戳保障了授权码的时效性。2) The master station uses the current day-level timestamp in the process of generating the authorization code, which ensures the timeliness of the authorization code.

3)主站生成授权码的过程中使用了授权生命期，授权生命期进一步保障了授权的时效性。3) The authorization lifetime is used in the process of generating the authorization code by the master station, which further ensures the timeliness of the authorization.

4)授权码中包括授权类型，可以对授权权限进行扩展，应用于费控信息下发以外的其他场景。4) The authorization code includes the authorization type, which can extend the authorization authority and apply to other scenarios other than the issuance of fee control information.

5)被授权对象可以扩展为能源控制器、边缘物联代理等其他设备。5) The authorized objects can be extended to other devices such as energy controllers and edge IoT agents.

6)通过授权码，可以实现主站对授权的统一管理，避免出现授权能力外溢的情况。6) Through the authorization code, the unified management of authorization by the master station can be realized to avoid the overflow of authorization capabilities.

7)授权码设计简单，对于安全要求高，并且具备液晶按键或触摸屏的设备，可以通过按键或者触屏手工录入授权码，验证成功后，该设备再开启相应授权。7) The design of the authorization code is simple. For devices with high security requirements and equipped with LCD buttons or touch screens, the authorization code can be manually entered through the buttons or touch screen. After the verification is successful, the device will then enable the corresponding authorization.

三、费控App对智能电表的认证3. Authentication of Smart Meter by Fee Control App

费控App从智能电表读出表ID，如果与自己的表ID相同，则智能电表验证成功。The fee control App reads the meter ID from the smart meter. If it is the same as its own meter ID, the smart meter verification is successful.

本发明实施例的远程费控系统，在电网侧的电网内网增加应用代理，在用户侧为用户提供费控装置，应用代理和费控装置实现费控信息从主站到智能电表间的安全透传，从而解决载波线路故障，需要人工下发费控信息的问题。In the remote fee control system of the embodiment of the present invention, an application agent is added to the grid intranet on the grid side, and a fee control device is provided for the user on the user side, and the application agent and the fee control device realize the security of the fee control information from the main station to the smart meter Transparent transmission, so as to solve the problem of carrier line failure and the need to manually issue fee control information.

本方案作为智能电表与主站间费控信息交互的辅助方案，可以进一步降低电力服务成本并提升用户体验。并且，本方案通过引入应用代理，并在费控装置与应用代理间建立TLS通道，实现费控装置在主站侧的安全接入；主站为特定智能电表生成有时效要求的授权码，发放给相应手机的费控装置，费控装置使用该授权码完成智能电表对费控装置的认证与授权，从而实现了用户手机费控装置在通信链路两侧的安全接入，解决了引入用户设备对电网系统带来的安全问题。This solution is an auxiliary solution for the exchange of fee control information between the smart meter and the main station, which can further reduce the cost of power services and improve user experience. In addition, this solution introduces the application agent and establishes a TLS channel between the fee control device and the application agent to realize the secure access of the fee control device on the master station side; the master station generates a time-limited authorization code for a specific smart meter and issues To the charge control device of the corresponding mobile phone, the charge control device uses the authorization code to complete the authentication and authorization of the smart meter to the charge control device, thereby realizing the safe access of the user's mobile phone charge control device on both sides of the communication link, and solving the problem of introducing user Safety issues brought by equipment to the power grid system.

基于同一发明构思，本申请实施例还提供了一种费控装置，可以用于实现上述实施例所描述的方法，如下面的实施例所述。由于费控装置解决问题的原理与远程费控方法相似，因此费控装置的实施可以参见基于软件性能基准确定方法的实施，重复之处不再赘述。以下所使用的，术语“单元”或者“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的系统较佳地以软件来实现，但是硬件，或者软件和硬件的组合的实现也是可能并被构想的。Based on the same inventive concept, an embodiment of the present application further provides a fee control device, which can be used to implement the method described in the above embodiment, as described in the following embodiment. Since the problem-solving principle of the fee control device is similar to the remote fee control method, the implementation of the fee control device can refer to the implementation of the method based on software performance benchmark determination, and the repetition will not be repeated. As used below, the term "unit" or "module" may be a combination of software and/or hardware that realizes a predetermined function. Although the systems described in the following embodiments are preferably implemented in software, implementations in hardware, or a combination of software and hardware are also possible and contemplated.

图6为本发明实施例的费控装置的结构示意图。如图6所示，所述费控装置位于用户终端，与位于电网内网的应用代理建立连接并完成安全认证，所述费控装置包括：Fig. 6 is a schematic structural diagram of a fee control device according to an embodiment of the present invention. As shown in Figure 6, the fee control device is located at the user terminal, establishes a connection with the application agent located in the grid intranet and completes security authentication, and the fee control device includes:

TLS连接建立模块601，用于向所述应用代理发起TLS连接，在TLS握手过程中，使用预置的应用代理证书验证其签名，建立单向认证的TLS通道；The TLS connection establishment module 601 is used for initiating a TLS connection to the application agent, during the TLS handshake process, using the preset application agent certificate to verify its signature, and establishing a one-way authenticated TLS channel;

信息收集模块602，用于收集当前手机号、表ID和/或用户编号和/或交易编号，通过所述TLS通道发送给所述应用代理；An information collection module 602, configured to collect the current mobile phone number, table ID and/or user number and/or transaction number, and send them to the application agent through the TLS channel;

验证码接收模块603，用于接收所述应用代理通过运营商短信网络返回的验证码，其中，所述验证码通过以下方式生成：所述应用代理在电网系统内验证该用户合法且有有效充值操作，并且该充值对应的费控信息尚未成功下发至智能电表，验证成功后，为所述费控装置生成本次会话的验证码；The verification code receiving module 603 is used to receive the verification code returned by the application agent through the operator's SMS network, wherein the verification code is generated in the following manner: the application agent verifies that the user is legal and has valid recharge in the power grid system operation, and the fee control information corresponding to the recharge has not been successfully sent to the smart meter, after the verification is successful, generate a verification code for this session for the fee control device;

验证码发送模块604，用于通过所述TLS通道将所述验证码回送给所述应用代理。A verification code sending module 604, configured to send back the verification code to the application agent through the TLS channel.

在另一实施例中，如图7所示，所述费控装置与智能电表通过本地通信机制建立链接并进行安全身份验证，所述费控装置还包括：In another embodiment, as shown in Figure 7, the fee control device establishes a link with the smart meter through a local communication mechanism and performs security identity verification, and the fee control device further includes:

授权码接收模块605，用于接收所述主站发送的智能电表的授权码；An authorization code receiving module 605, configured to receive the authorization code of the smart meter sent by the master station;

授权码发送模块606，通过所述本地通信机制向所述智能电表发送所述授权码，所述智能电表验证所述授权码，验证成功后打开对应授权，信任并接收从所述费控装置发送过来的数据；The authorization code sending module 606 sends the authorization code to the smart meter through the local communication mechanism, the smart meter verifies the authorization code, opens the corresponding authorization after the verification is successful, and trusts and receives the authorization code sent from the fee control device. incoming data;

电表认证模块607，用于读取所述智能电表的电表ID，如果与所述费控装置中存储的电表ID相同，则该智能电表验证成功。The meter authentication module 607 is configured to read the meter ID of the smart meter. If it is the same as the meter ID stored in the cost control device, the verification of the smart meter is successful.

在一些实施例中，费控装置可以为安装在用户终端中的App软件，也可以是具有移动网络和本地通信功能的服务器，本发明不对费控装置的实现形式做任何限定。可以理解的是，上述的用户终端可以包括智能手机、平板电子设备、网络机顶盒、便携式计算机、台式电脑、个人数字助理(PDA)、车载设备、智能穿戴设备等。其中，所述智能穿戴设备可以包括智能眼镜、智能手表、智能手环等。上述的用户终端还具有通讯模块(即通讯单元)，可以与远程的服务器进行通讯连接，实现与所述服务器的数据传输。所述服务器可以包括任务调度中心一侧的服务器，其他的实施场景中也可以包括中间平台的服务器，例如与任务调度中心服务器有通讯链接的第三方服务器平台的服务器。所述的服务器可以包括单台计算机设备，也可包括多个服务器组成的服务器集群，或者分布式装置的服务器结构。In some embodiments, the fee control device can be App software installed in the user terminal, or a server with mobile network and local communication functions. The present invention does not limit the implementation form of the fee control device. It can be understood that the above-mentioned user terminals may include smart phones, tablet electronic devices, network set-top boxes, portable computers, desktop computers, personal digital assistants (PDAs), vehicle-mounted devices, smart wearable devices, and the like. Wherein, the smart wearable device may include smart glasses, smart watches, smart bracelets and the like. The above-mentioned user terminal also has a communication module (that is, a communication unit), which can communicate with a remote server to realize data transmission with the server. The server may include a server on the side of the task scheduling center, and may also include a server of an intermediate platform in other implementation scenarios, such as a server of a third-party server platform that has a communication link with the server of the task scheduling center. The server may include a single computer device, or a server cluster composed of multiple servers, or a server structure of a distributed device.

综上所述，本发明上述实施例所公开的远程费控系统以及费控装置，可以解决载波线路故障，需要人工下发费控信息的问题，并可以通过一系列安全认证解决引入用户设备对电网系统带来的安全问题。To sum up, the remote fee control system and the fee control device disclosed in the above embodiments of the present invention can solve the problem of carrier line failure and the need to manually issue fee control information, and can solve the problem of introducing user equipment through a series of security authentications. Security issues brought about by the grid system.

以下为利用本发明实施例的远程费控系统实现费控信息从主站下发到智能电表的整体方案部署。The following is the deployment of the overall solution for realizing the delivery of the fee control information from the main station to the smart meter by using the remote fee control system of the embodiment of the present invention.

1)电网内网增加一个应用代理的软件服务，用户的手机通过电信运营商公网可以访问该应用代理。应用代理从CA申请证书，并代理电网主站与用户手机通信。1) An application proxy software service is added to the grid intranet, and the user's mobile phone can access the application proxy through the telecom operator's public network. The application agent applies for a certificate from the CA, and communicates with the user mobile phone on behalf of the grid master station.

2)用户在手机上安装费控App，费控App预置应用代理的证书。2) The user installs the fee control app on the mobile phone, and the fee control app presets the certificate of the application agent.

3)建立费控App与应用代理间的双向认证的安全通道，具体步骤为：3) Establish a two-way authentication security channel between the fee control App and the application agent, the specific steps are:

a)费控App向应用代理发起TLS连接，在TLS握手过程中，费控App使用预置的应用代理证书验证其签名，建立单向认证的TLS连接，这个过程中完成了费控App对应用代理的认证，同时建立起费控App与应用代理间的加密通道(TLS通道)，后续费控App与应用代理间的所有数据传输受此加密通道保护；a) The fee control app initiates a TLS connection to the application proxy. During the TLS handshake process, the fee control app uses the preset application proxy certificate to verify its signature and establish a one-way authenticated TLS connection. The authentication of the agent, at the same time establishes an encrypted channel (TLS channel) between the fee control App and the application agent, and all subsequent data transmissions between the fee control App and the application agent are protected by this encrypted channel;

b)费控App收集当前手机号、表ID和/或用户编号和/或交易编号等信息，通过TLS通道发送给应用代理；b) The fee control app collects information such as the current mobile phone number, table ID and/or user number and/or transaction number, and sends it to the application agent through the TLS channel;

c)应用代理在电网系统内验证该用户合法并且有有效充值操作，并且该充值对应的费控信息尚未成功下发至智能电表，验证成功后，为费控App生成本次会话的验证码；c) The application agent verifies that the user is legal and has a valid recharge operation in the power grid system, and the fee control information corresponding to the recharge has not been successfully delivered to the smart meter. After the verification is successful, a verification code for this session is generated for the fee control App;

d)应用代理将验证码通过运营商短信网络发送给费控App；d) The application agent sends the verification code to the fee control App through the operator's SMS network;

e)费控App通过TLS通道将验证码回送给应用代理，完成应用代理对费控App的认证。至此费控App与应用代理间的双向认证的安全通道建立成功；e) The fee control app sends the verification code back to the application agent through the TLS channel to complete the authentication of the fee control app by the application agent. So far, the two-way authentication security channel between the fee control App and the application agent has been successfully established;

4)主站生成用户电表的授权码，并将授权码通过TLS通道发送给费控App。4) The master station generates the authorization code of the user's electric meter, and sends the authorization code to the fee control App through the TLS channel.

5)费控App通过NFC/蓝牙/红外等本地通信机制向智能电表发送授权码。5) The fee control App sends the authorization code to the smart meter through local communication mechanisms such as NFC/Bluetooth/Infrared.

6)智能电表验证授权码，验证成功后打开对应授权，信任并接收从费控App发送过来的相应数据。至此，通过用户的费控App，基于电信运营商公网，构建出一条从主站到电表的安全通信链路。6) The smart meter verifies the authorization code. After the verification is successful, open the corresponding authorization, trust and receive the corresponding data sent from the fee control App. So far, through the user's fee control app, based on the telecom operator's public network, a secure communication link from the master station to the meter is constructed.

7)主站与智能电表基于本条通信链路，完成费控信息的下发。7) Based on this communication link, the master station and the smart meter complete the distribution of fee control information.

8)费控信息下发完成后，智能电表关闭授权。8) After the fee control information is issued, the smart meter closes the authorization.

综上所述，本发明实施例公开的远程费控系统、费控装置及安全认证方法，在电网侧的电网内网增加应用代理，在用户侧为用户提供费控装置，应用代理和费控装置实现费控信息从主站到电表间的安全透传，从而解决载波线路故障，需要人工下发费控信息的问题。本方案作为电表与主站间费控信息交互的辅助方案，可以进一步降低电力服务成本并提升用户体验。并且，本方案通过引入应用代理，并在费控装置与应用代理间建立TLS通道，实现费控装置在主站侧的安全接入；主站为特定电表生成有时效要求的授权码，发放给相应手机的费控装置，费控装置使用该授权码完成电表对费控装置的认证与授权，从而实现了用户手机费控装置在通信链路两侧的安全接入，解决了引入用户设备对电网系统带来的安全问题。In summary, the remote fee control system, fee control device and security authentication method disclosed in the embodiments of the present invention add application agents to the grid intranet on the grid side, and provide users with fee control devices, application agents and fee control devices on the user side. The device realizes the secure transparent transmission of fee control information from the main station to the meter, thereby solving the problem of carrier line failure requiring manual delivery of fee control information. This solution is an auxiliary solution for the exchange of fee control information between the meter and the main station, which can further reduce the cost of power services and improve user experience. In addition, this solution introduces the application agent and establishes a TLS channel between the fee control device and the application agent to realize the secure access of the fee control device on the master station side; the master station generates a time-sensitive authorization code for a specific meter and issues it to Corresponding to the charge control device of the mobile phone, the charge control device uses the authorization code to complete the authentication and authorization of the meter to the charge control device, thereby realizing the safe access of the user mobile phone charge control device on both sides of the communication link, and solving the problem of introducing user equipment to the charge control device. Security issues brought about by the grid system.

本领域内的技术人员应明白，本发明的实施例可提供为方法、装置、或计算机程序产品。因此，本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且，本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, apparatuses, or computer program products. Accordingly, the present invention can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

本发明是参照根据本发明实施例的方法、设备(装置)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器，使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (apparatus), and computer program products according to embodiments of the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中，使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品，该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上，使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理，从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.

本发明中应用了具体实施例对本发明的原理及实施方式进行了阐述，以上实施例的说明只是用于帮助理解本发明的方法及其核心思想；同时，对于本领域的一般技术人员，依据本发明的思想，在具体实施方式及应用范围上均会有改变之处，综上所述，本说明书内容不应理解为对本发明的限制。In the present invention, specific examples have been applied to explain the principles and implementation methods of the present invention, and the descriptions of the above examples are only used to help understand the method of the present invention and its core idea; meanwhile, for those of ordinary skill in the art, according to this The idea of the invention will have changes in the specific implementation and scope of application. To sum up, the contents of this specification should not be construed as limiting the present invention.

Claims

1. The remote fee control system comprises a master station and a smart electric meter, and is characterized by further comprising an application agent and a fee control device, wherein the application agent is positioned in an electric network, and the fee control device is positioned in a user terminal; wherein:

a bidirectional authentication safety channel is established between the application agent and the fee control device, and the fee control device and the intelligent ammeter establish a link through a local communication mechanism;

the master station generates an authorization code of the intelligent ammeter and sends the authorization code to the charge control device through the safety channel;

the fee control device sends the authorization code to the intelligent ammeter through the local communication mechanism;

the intelligent ammeter verifies the authorization code, opens corresponding authorization after verification is successful, trusts and receives data sent from the fee control device;

establishing a secure channel of bidirectional authentication between the application proxy and the fee control device, comprising:

the bidirectional authentication security channel established between the application proxy and the fee control device is an encrypted TLS channel;

establishing a bidirectional authenticated TLS channel between the application proxy and the fee control device by:

1) The charge control device initiates TLS connection to the application agent, and in the TLS handshake process, the charge control device verifies the signature by using a preset application agent certificate and establishes a unidirectional authentication TLS connection;

2) The charge control device collects the current mobile phone number, the table ID and/or the user number and/or the transaction number and sends the current mobile phone number, the table ID and/or the user number and/or the transaction number to the application agent through the TLS channel;

3) The application agent verifies that the user is legal and effective in recharging operation in the power grid system, and the charging corresponding fee control information is not successfully issued to the intelligent ammeter, and after verification is successful, a verification code of the session is generated for the fee control device;

4) The application agent sends the verification code to the fee control device through an operator short message network;

5) And the cost control device returns the verification code to the application agent through the TLS channel to finish the authentication of the application agent to the cost control device.

2. The remote fee control system of claim 1, wherein the fee control device establishes a link with the smart meter via a local communication mechanism comprising:

the local communication mechanism includes, but is not limited to, NFC, bluetooth links, infrared links.

3. The remote fee control system of claim 1, wherein the master station generates an authorization code for the smart meter comprising:

the authorization code comprises an authorization part, an authorization type, an authorization life cycle and a random part; wherein,,

the authorization part mixes the authorization ammeter ID, the current day time stamp, the authorization type, the authorization life cycle, the random part and the key material, and then generates the mixed data through a hash algorithm.

4. The remote fee control system of claim 1, wherein the fee control device reads a meter ID of the smart meter, and if the same as the meter ID stored in the fee control device, the smart meter verification is successful.

5. The safety authentication method of the remote fee control system is characterized in that the system comprises a master station, a smart meter, an application agent and a fee control device, wherein the application agent is positioned in a power grid intranet, the fee control device is positioned in a user terminal, and the safety authentication method of the remote fee control system comprises bidirectional authentication between the fee control device and the application agent and bidirectional authentication between the fee control device and the smart meter; wherein:

the bidirectional authentication of the fee control device and the intelligent ammeter comprises the following steps:

the master station generates an authorization code of the intelligent ammeter and sends the authorization code to the charge control device through a safety channel;

the fee control device sends the authorization code to the intelligent ammeter through a local communication mechanism;

the intelligent ammeter verifies the authorization code, and the authentication of the fee control device is completed after the verification is successful, and meanwhile, corresponding authorization is opened, and data sent from the fee control device are trusted and received;

a method of mutual authentication between the fee control device and the application proxy, comprising:

1) The charge control device initiates TLS connection to the application proxy server, and in the TLS handshake process, the charge control device verifies the signature by using a preset application proxy certificate and establishes a unidirectional authentication TLS connection;

2) The charge control device collects the current mobile phone number, the table ID and/or the user number and/or the transaction number and sends the current mobile phone number, the table ID and/or the user number and/or the transaction number to the application proxy server through a TLS channel;

3) The application proxy server verifies legal and effective recharging operation of the user in the power grid system, and the charging corresponding fee control information is not successfully issued to the intelligent ammeter, and after verification is successful, a verification code of the session is generated for the fee control device;

4) The application proxy server sends the verification code to the fee control device through an operator short message network;

5) And the cost control device returns the verification code to the application proxy server through the TLS channel to finish the authentication of the application proxy server on the cost control device.

6. The cost control device is characterized in that the cost control device is positioned at a user terminal, establishes connection with an application agent positioned in an electric network and completes security authentication, and comprises:

the TLS connection establishment module is used for initiating TLS connection to the application proxy, verifying the signature of the TLS connection by using a preset application proxy certificate in the TLS handshake process, and establishing a TLS channel of one-way authentication;

the information collection module is used for collecting the current mobile phone number, the table ID and/or the user number and/or the transaction number and sending the current mobile phone number, the table ID and/or the user number and/or the transaction number to the application agent through the TLS channel;

the verification code receiving module is used for receiving the verification code returned by the application agent through the short message network of the operator, wherein the verification code is generated by the following modes: the application agent verifies that the user is legal and effective in recharging operation in the power grid system, and the charging corresponding fee control information is not successfully issued to the intelligent ammeter, and after verification is successful, a verification code of the session is generated for the fee control device;

the verification code sending module is used for sending the verification code back to the application agent through the TLS channel;

the fee control device establishes a link with the intelligent ammeter through a local communication mechanism, and the fee control device further comprises:

the authorization code receiving module is used for receiving the authorization code of the intelligent ammeter sent by the master station;

the authorization code sending module is used for sending the authorization code to the intelligent electric meter through the local communication mechanism, the intelligent electric meter verifies the authorization code, opens corresponding authorization after verification is successful, trusts and receives data sent from the fee control device;

and the ammeter authentication module is used for reading the ammeter ID of the intelligent ammeter, and if the ammeter ID is the same as the ammeter ID stored in the fee control device, the intelligent ammeter is successfully authenticated.