[go: up one dir, main page]

CN118764200B - Electric power secondary system business safety protection system and method - Google Patents

Electric power secondary system business safety protection system and method Download PDF

Info

Publication number
CN118764200B
CN118764200B CN202411254905.1A CN202411254905A CN118764200B CN 118764200 B CN118764200 B CN 118764200B CN 202411254905 A CN202411254905 A CN 202411254905A CN 118764200 B CN118764200 B CN 118764200B
Authority
CN
China
Prior art keywords
key
quantum
master station
session
session key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202411254905.1A
Other languages
Chinese (zh)
Other versions
CN118764200A (en
Inventor
亢超群
李玉凌
李二霞
杨红磊
朱克琪
梁英
吕广宪
李欣格
孙国齐
许保平
周振华
王利
韩子龙
孙智涛
刘芸杉
樊勇华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Online Shanghai Energy Internet Research Institute Co ltd
Original Assignee
China Online Shanghai Energy Internet Research Institute Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Online Shanghai Energy Internet Research Institute Co ltd filed Critical China Online Shanghai Energy Internet Research Institute Co ltd
Priority to CN202411254905.1A priority Critical patent/CN118764200B/en
Publication of CN118764200A publication Critical patent/CN118764200A/en
Application granted granted Critical
Publication of CN118764200B publication Critical patent/CN118764200B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Remote Monitoring And Control Of Power-Distribution Networks (AREA)

Abstract

The invention relates to a service safety protection system and method of an electric power secondary system, wherein the system comprises a cloud side and a side, communication interaction is carried out between the cloud side and the side through an information safety channel, the cloud side comprises a service master station and an encryption authentication device, a quantum key generation and distribution system is used for generating a first quantum session key, a quantum key transmission service module is used for transmitting the first quantum session key to the service master station and the encryption authentication device, the encryption authentication device is used for encrypting the first quantum session key, the service master station is used for transmitting the encrypted first quantum session key to the side, the side comprises side equipment, a first safety chip is arranged, the first safety chip is used for decrypting the encrypted first quantum session key to obtain the first quantum session key, and the side equipment of the cloud side are used for transmitting service data based on the first quantum session key. The invention can effectively improve the data security transmission capacity of the electric power secondary system.

Description

Electric power secondary system business safety protection system and method
Technical Field
The invention relates to the technical field of network safety protection of electric power secondary systems, in particular to an electric power secondary system business safety protection system and method.
Background
At present, typical secondary power systems such as dispatching automation systems, distribution automation systems, electricity consumption information acquisition systems, load management systems and the like all adopt public infrastructures (Public Key Infrastructure, PKI for short) and symmetric crypto infrastructures as key sources for encrypting service data, and keys are generally generated based on physical noise sources. The key update period generated by the PKI and the existing symmetric cipher infrastructure is longer, for example, public keys and private keys corresponding to PKI digital certificates often use 10-20 years, session symmetric key master keys generated by the symmetric cipher infrastructure and session symmetric keys generated by further participating in negotiation by factors such as random numbers are usually the same as the identity authentication period, namely, the identity authentication state is valid as long as the terminal is connected with the master station continuously, and the session keys are not updated.
According to Ke Kehuo's principle-even if any details of the cryptographic system are known, it should be a secure cipher as long as the key is not compromised-it can be seen that in the cryptographic system the generation, use and management of the key is critical. A loss of control of the key will lead to a failure of the cryptographic system, so the key must be tightly protected. However, quantum computing is being widely focused on domestic and foreign scientific research, industry, government and other fields, and IBM, google, microsoft and other companies are actively developing research on quantum computers, and one quantum computer of IBM company currently realizes computing of 53 quantum bits, and google company realizes computing of 72 quantum bits. Along with commercialization of quantum computers, the difficulty that a traditional key generated based on a physical noise source is cracked is reduced, and the safety of a power secondary system is threatened. Meanwhile, the novel power system is rapidly developed, novel resources such as distributed photovoltaic, energy storage devices and electric vehicles are accessed into the power system in a large scale, and access control devices of various types of resources are characterized by scattered deployment, obvious difference in computing capacity, uneven safety protection capacity, multiple property attribution main bodies and the like, so that network attack intrusion paths of the power secondary system are suddenly increased, attack thresholds are reduced, and the safety transmission risk of business data is aggravated.
The prior patent CN115589283A discloses a quantum secret communication interaction system and a method for distribution automation service, wherein the method adopts a nested and overlapped channel encryption idea, and can cause extra flow cost and time delay cost to a power secondary system. Meanwhile, the quantum key at the terminal side in the method adopts an application-distribution using mechanism, and besides a uniformly deployed quantum key generation and distribution network, a quantum key mobile storage device is arranged at the terminal side, so that the method has larger economic investment compared with power distribution terminal equipment with sensitive economic cost and wide points and multiple sides. In the method, the quantum key is transmitted frequently, and the protective measures do not cover the transmission process of the quantum key comprehensively, so that the safety problems such as leakage and the like still exist.
Disclosure of Invention
The invention aims to solve the technical problem of providing a service safety protection system and a service safety protection method for a power secondary system, which can effectively improve the data safety transmission capacity of the power secondary system.
The technical scheme adopted by the invention for solving the technical problems is to provide a service safety protection system of an electric power secondary system, which comprises a cloud side and an edge side, wherein communication interaction is carried out between the cloud side and the edge side through an information safety channel,
The cloud side includes:
a power secondary service master station and an encryption authentication device;
the quantum key generation and distribution system is used for generating a first quantum session key;
The quantum key transmission service module is used for transmitting the first quantum session key to the electric power secondary service master station and the encryption authentication device;
the encryption authentication device is used for encrypting the first quantum session key, and the electric power secondary service master station is used for transmitting the encrypted first quantum session key to the side;
the side includes:
The side equipment is provided with a first security chip, and the first security chip is used for decrypting the encrypted first quantum session key to obtain the first quantum session key;
And the electric power secondary service master station at the cloud side and the side equipment at the side perform service data transmission based on the first quantum session key.
And the quantum key transmission service module encrypts the first quantum session key by adopting a master station protection key when transmitting the first quantum session key.
The quantum key transfer service module includes:
The first judging unit is used for judging whether the session period of the current power secondary service master station and the side equipment is the first session period or not;
the first encryption unit is used for taking a symmetric key generated by the password infrastructure as an initial master station protection key when the session period of the current power secondary service master station and the side equipment is the first session period, and encrypting the first quantum session key by adopting the initial master station protection key;
and the second encryption unit is used for taking a first quantum session key of the last session period of the power secondary service master station and the side equipment as a master station protection key when the session period of the current power secondary service master station and the side equipment is not the first session period, and encrypting the first quantum session key by adopting the master station protection key.
The service safety protection system of the electric power secondary system further comprises an end side, and communication interaction is carried out between the end side and the side;
The side device is also used for generating a second quantum session key based on the quantum random number, encrypting the second quantum session key through the first security chip and transmitting the second quantum session key to the end side;
The terminal side comprises terminal equipment and is provided with a second security chip, and the second security chip is used for decrypting the encrypted second quantum session key to obtain the second quantum session key;
And the terminal equipment at the terminal side and the side equipment at the side transmit service data based on the second quantum session key.
And when the first security chip encrypts the second quantum session key, an end device protection key is adopted to encrypt the second quantum session key.
The first security chip includes:
The second judging unit is used for judging whether the session period of the current side equipment and the terminal equipment is the first session period or not;
the third encryption unit is used for taking the symmetric key generated by the password infrastructure as an initial end equipment protection key when the session period of the current side equipment and the end equipment is the first session period, and encrypting the second quantum session key by adopting the initial end equipment protection key;
And the fourth encryption unit is used for taking the second quantum session key of the previous session period of the side equipment and the end equipment as an end equipment protection key when the session period of the side equipment and the end equipment is not the first session period, and encrypting the second quantum session key by adopting the end equipment protection key.
The technical scheme adopted for solving the technical problems is that the invention provides a service safety protection method of an electric power secondary system, adopts the service safety protection system of the electric power secondary system, and comprises the following steps:
the electric power secondary service master station or the encryption authentication device sends a quantum session key application request to the quantum key transfer service module;
After receiving the request of the quantum session key application, the quantum key transfer service module requests the first quantum session key from the quantum key generation and distribution system;
the quantum key generation and distribution system generates a first quantum session key and transmits the first quantum session key to the quantum key transmission service module;
The quantum key transfer service module encrypts the first quantum session key by adopting a master station protection key to obtain a first encryption key, and the first encryption key is sent to the encryption authentication device through the master station;
The encryption authentication device adopts the master station protection key to decrypt the first encryption key to obtain the first quantum session key, adopts the side equipment protection key to encrypt the first quantum session key to obtain a second encryption key, and transmits the second encryption key to the side equipment;
and decrypting the second encryption key by the first security chip of the side device by adopting the side device protection key to obtain the first quantum session key.
Before the master station or the encryption authentication device sends a quantum session key application request to the quantum key transfer service module, the method further comprises a digital certificate bidirectional authentication step, and specifically comprises the following steps:
the power secondary service master station generates a first random number and sends the first random number to the side equipment;
The side equipment generates a second random number, combines the first random number with the second random number, signs the combined result to obtain a first signature result, and sends the first signature result, the second random number and the digital certificate group of the side equipment to the master station after packaging;
the electric power secondary service master station verifies the first signature result by adopting the digital certificate of the side equipment, signs the second random number after the verification is passed, obtains a second signature result, and packages the second signature result and the digital certificate of the master station and sends the second signature result and the digital certificate of the master station to the side equipment;
and the side equipment adopts the master station digital certificate to verify the second signature result, and returns authentication confirmation information after the verification is passed.
The quantum key transfer service module encrypts the first quantum session key by adopting a master station protection key, and specifically comprises the following steps:
judging whether the current session period of the power secondary service master station and the side equipment is the first session period or not;
When the current session period of the electric power secondary service master station and the side equipment is the first session period, taking a symmetric key generated by a password infrastructure as an initial master station protection key, and encrypting the first quantum session key by adopting the initial master station protection key;
And if the session period of the current power secondary service master station and the side equipment is not the first session period, taking a first quantum session key of the last session period of the power secondary service master station and the side equipment as a master station protection key, and encrypting the first quantum session key by adopting the master station protection key.
The service safety protection method of the electric power secondary system further comprises the following steps:
The first security chip is provided with a light quantum random number generator, the light quantum random number generator generates a quantum random number, the first security chip of the side device generates a second quantum session key based on the quantum random number, the second quantum session key is encrypted through an end device protection key to obtain a third encryption key, and the side device transmits the third encryption key to the end device;
and the second security chip of the terminal equipment decrypts the third encryption key by adopting the terminal equipment protection key to obtain the second quantum session key.
Before the quantum random number generator generates the quantum random number, the digital certificate bidirectional authentication step specifically comprises the following steps:
The terminal equipment sends a terminal equipment digital certificate to the side equipment when the terminal equipment is accessed to the side equipment;
The side equipment verifies the digital certificate of the end equipment, generates a third random number after the verification is passed, and sends the third random number to the end equipment;
The terminal equipment generates a fourth random number, combines the third random number with the fourth random number, signs the combined result to obtain a third signature result, and sends the third signature result and the fourth random number to the side equipment after packaging;
And the side equipment adopts the digital certificate of the end equipment to verify the third signature result, and returns authentication confirmation information after the verification is passed.
The first security chip of the side device encrypts the second quantum session key through an end device protection key, and specifically includes:
Judging whether the current session period of the side equipment and the end equipment is the first session period or not;
When the current session period of the side equipment and the end equipment is the first session period, the symmetric key generated by the password infrastructure is used as an initial end equipment protection key, and the second quantum session key is encrypted by adopting the initial end equipment protection key;
And if the current session period of the side equipment and the end equipment is not the first session period, taking a second quantum session key of the side equipment and the end equipment in the last session period as an end equipment protection key, and encrypting the second quantum session key by adopting the end equipment protection key.
The initial master station protection key is issued in the encryption authentication device in advance, and is subjected to decentralized processing through a preset rule, so that an initial side equipment protection key is obtained after decentralized processing, and the initial side equipment protection key is issued in the first security chip in advance, is subjected to decentralized processing through the preset rule, and is obtained after decentralized processing.
Advantageous effects
Compared with the prior art, the invention has the advantages and positive effects that based on the existing electric secondary system safety protection system architecture, the invention performs quantization substitution on symmetric keys for collecting, remote controlling, remote adjusting and other service data encryption aiming at a main station, a terminal or cloud, side and end interaction processes, and improves the safety level of service data protection under a quantum attack view angle through a quantum key short period updating mechanism of 'one-time service interaction replacing one-time session key' or 'one-time data transmission one-time session key', and simultaneously avoids the communication flow overhead and huge economic investment brought by the traditional quantum encryption scheme (devices such as a quantum key generation and distribution platform, a quantum key mobile storage device and the like are respectively deployed at the main station, a channel and a terminal side) based on IPsec or SSL mode encryption.
Drawings
FIG. 1 is a diagram of a security protection architecture of a distribution automation system incorporating quantum keys;
FIG. 2 is a diagram of a security protection architecture of the power distribution Internet of things incorporating quantum keys;
FIG. 3 is a schematic diagram of a first cloud-edge quantum session key generation and transmission;
FIG. 4 is a schematic diagram of a second cloud-edge quantum session key generation and transmission;
Fig. 5 is a schematic diagram of cloud-edge data transmission protection;
Fig. 6 is a schematic diagram of edge-end quantum session key generation and transmission.
Detailed Description
The application will be further illustrated with reference to specific examples. It is to be understood that these examples are illustrative of the present application and are not intended to limit the scope of the present application. Furthermore, it should be understood that various changes and modifications can be made by one skilled in the art after reading the teachings of the present application, and such equivalents are intended to fall within the scope of the application as defined in the appended claims.
The embodiment of the invention relates to a service safety protection system of a power secondary system, which integrates quantum key generation and distribution technology on the basis of the existing authentication encryption system architecture of the power secondary system, realizes quantum substitution of a session key and improves confidentiality and integrity protection level of interaction data. The present embodiment can be applied to a power secondary system such as a power distribution automation system, a power distribution internet of things, a scheduling automation system, a power consumption information acquisition system, and a load management system, and is described in detail below by taking the power distribution automation system and the power distribution internet of things as examples.
Since 2017, the distribution automation system constructs a protection system of 'master station-gateway (channel) -terminal' hierarchical authentication and hierarchical encryption based on domestic commercial cryptographic algorithm and digital certificate technology, and is widely applied to more than 300 distribution automation systems of national network companies. In 2019, distribution automation systems deployed in management information areas start to develop to internet of things, and evolve into a "cloud-pipe-side-end" distribution internet of things architecture, and authentication encryption systems are further expanded to cover lightweight authentication encryption systems for safe interaction of side and end devices. The service safety protection system of the electric power secondary system of the embodiment can be set based on the two architectures.
For the distribution automation system, the quantum key generation and distribution system and the quantum key transmission service module are deployed at the master station, and the security chip is integrated in the terminal, so that a quantum security encryption channel of the master station-communication-terminal is constructed (see fig. 1).
The power distribution automation system comprises a main station and a terminal, wherein the main station comprises a power secondary service main station, an encryption authentication device, a quantum key generation and distribution system and a quantum key transmission service module, the power secondary service main station comprises a power distribution main station application and a main station front-end processor, the quantum key generation and distribution system is used for generating a first quantum session key, the quantum key transmission service module is used for transmitting the first quantum session key to the main station and the encryption authentication device, the encryption authentication device is used for encrypting the first quantum session key, and the main station is used for transmitting the encrypted first quantum session key to the terminal. The terminal is provided with a first security chip, and the first security chip is used for decrypting the encrypted first quantum session key to obtain the first quantum session key.
For the architecture of the power distribution internet of things, the embodiment integrates a security chip in side equipment and also integrates a security chip in intelligent circuit breakers, photovoltaic grid-connected circuit breakers, LTUs and other end equipment to construct a quantum security encryption channel of a cloud-tube-side-end (see figure 2).
The power distribution Internet of things framework in the embodiment comprises a cloud side, an edge side and an end side, wherein communication interaction is carried out between the cloud side and the edge side through an information security channel, and communication interaction is carried out between the edge side and the end side. The cloud side comprises a power secondary service master station and an encryption authentication device, wherein the power secondary service master station comprises a power distribution master station application and a secure access server, a quantum key generation and distribution system is used for generating a first quantum session key, a quantum key transmission service module is used for transmitting the first quantum session key to the master station and the encryption authentication device, the encryption authentication device is used for encrypting the first quantum session key, and the master station is used for transmitting the encrypted first quantum session key to the side. The side comprises side equipment, and a first security chip is arranged, and is used for decrypting the encrypted first quantum session key to obtain the first quantum session key. The first security chip is provided with a light quantum random number generator, the light quantum random number generator is used for generating quantum random numbers, the side device is further used for generating a second quantum session key based on the quantum random numbers, the second quantum session key is encrypted through the first security chip and transmitted to the end side, the end side comprises end devices, a second security chip is arranged on the end side, and the second security chip is used for decrypting the encrypted second quantum session key to obtain the second quantum session key.
Therefore, the quantum key is combined with the password application system (comprising PKI public key infrastructure and symmetric key management infrastructure) of the existing power professional mature application, and the quantum security encryption channel is constructed on the basis of the authentication encryption architecture without changing the interaction process among the cloud, the side and the end (or the master station and the terminal) of the power secondary systems such as dispatching automation, distribution automation, power consumption information acquisition systems, load management systems and the like. The embodiment also carries out quantum upgrading on the existing security chip of the power terminal equipment to form the security chip with the optical quantum random number generator, thereby avoiding the economic investment caused by additionally configuring the quantum key mobile storage equipment.
The ' master station-terminal ' (cloud-side ') business security interaction flow integrating the quantum key is as follows:
(1) Bidirectional identity authentication based on PKI digital certificate
After a link is established between a master station (cloud) and a terminal (side), and before service data transmission, bidirectional identity authentication is required. The identity authentication is initiated by the master station, the terminal responds passively, and the two parties complete the bidirectional identity authentication by signing and checking the random number of the other party. One party fails to authenticate the other party, returns authentication failure information, and does not respond to the data of the other party.
The bidirectional identity authentication flow based on PKI digital certificates is as follows:
1) The master station generates a random number R1 and transmits the random number R1 to a power distribution terminal (or side equipment);
2) The power distribution terminal (or side equipment) generates a random number R2, adds the random number R1 and the random number R2 and signs the random number R2 to obtain a first signature result, and then sends the random number R2, the first signature result and the PKI digital certificate group package of the power distribution terminal (or side equipment) to the master station;
3) The master station verifies the first signature result by using the PKI digital certificate of the power distribution terminal (or the side equipment), and the identity authentication of the power distribution terminal (or the side equipment) is completed through the master station after the verification;
4) And the distribution terminal (or the side equipment) adopts the master station PKI digital certificate to verify the second signature result, and the verification is performed by completing the identity authentication of the distribution terminal (or the side equipment) to the master station and returning authentication confirmation information.
(2) Quantum session key generation and transmission
The session key between the master station and the terminal (cloud-side) is uniformly generated and issued by a quantum key generation and distribution system, the application of the session key is carried out by an interactive service initiator, taking the case that the master station initiates a total call request to the terminal, before the total call, the master station initiates the quantum session key application to a vector subkey transfer service, and the flow is shown in figure 3 and specifically comprises the following steps:
1) The power distribution encryption authentication device at the power distribution master station side transmits a quantum session key application request to the vector subkey transfer service module;
2) After receiving the quantum session key application request, the quantum key transmission service module requests a quantum session key from the quantum key generation and distribution system, the quantum key generation and distribution system generates a quantum session key Ks and transmits the quantum session key Ks to the quantum key transmission service module, the quantum key transmission service module encrypts the quantum session key Ks through a master station protection key Kp to obtain a first encryption key Kp (Ks), and the first encryption key Kp (Ks) is sent to a distribution encryption authentication device through the master station; in this step, when the sub-key transmission service module encrypts the quantum session key Ks through the master station protection key Kp, it is first determined whether the session period of the current master station and the power distribution terminal (or the side device) is the first session period, if the session period of the current master station and the power distribution terminal (or the side device) is the first session period, the symmetric key generated by the cryptographic infrastructure applied by the current power distribution system is used as the initial master station protection key, the initial master station protection key is used to encrypt the first quantum session key, and if the session period of the current master station and the side device is not the first session period, the first quantum session key of the last session period of the master station and the side device is used as the master station protection key, and the master station protection key is used to encrypt the first quantum session key. The initial master station protection key is sent to the power distribution encryption authentication device and the quantum key transmission service module in an offline mode;
3) The distribution encryption authentication device adopts a master station protection key Kp to decrypt a first encryption key Kp (Ks) to obtain a quantum session key Ks, then utilizes a protection key Kp ' of a distribution terminal (or side equipment) to encrypt the quantum session key Ks to obtain a second encryption key Kp ' (Ks), and forwards the second encryption key Kp ' (Ks) to the distribution terminal (or side equipment);
4) The security chip of the distribution terminal (or the side equipment) decrypts the second encryption key Kp '(Ks) by using the protection key Kp' to obtain the quantum session key Ks.
(3) Traffic data transmission protection based on quantum session keys, as shown in fig. 5, includes:
1) The power distribution encryption authentication device encrypts the DATA DATA by using the quantum session key Ks and sends the encrypted DATA Ks (DATA) to a power distribution terminal (or side equipment);
2) The distribution terminal (or edge device) decrypts the DATA using the quantum session key Ks.
In addition, when events such as remote signaling deflection, current/voltage dead zone out-of-limit and the like of the terminal are met and data need to be actively transmitted to the master station, the terminal initiates a quantum session key application to the master station, and the master station initiates a session key application to the quantum key generation and distribution system through the quantum key transmission service, wherein the follow-up procedures are the same, and the specific flow is shown in fig. 4.
In the embodiment, the update period of the quantum session key can be bound with the service interaction period, namely, before each service interaction, the service interaction initiator is required to apply for the quantum session key again, and the update period of the quantum session key can also be bound with each service data transmission, namely, the session key is required to be applied again for each data transmission. The update period of the quantum session key may also be updated periodically depending on the time of use, system security status, etc.
It is difficult to find that the present embodiment uses the bidirectional identity authentication result of the master station and the terminal of the existing electric secondary system as the characteristic information of the initial protection key of the active quantum key, so as to realize the encrypted transmission of the quantum key between the master station and the terminal with trusted identity, and through the iterative use mechanism of the protection key, the low cost ensures that the protection keys of the quantum session key are different each time, and simultaneously solves the problems of key safety and economy. Meanwhile, the method enables the update period of the quantum session key to be bound with the service interaction period, namely, before each service interaction, the service interaction initiator is required to apply for the quantum session key once again, and the service data safety interaction of replacing the session key once for one service interaction is realized by carrying out quantum substitution on the session key in the service interaction process, so that the high flow expense caused by the nested encryption mode is avoided.
The 'side-end' business security interaction flow integrating the quantum key is as follows:
(1) Bidirectional identity authentication based on PKI digital certificate
Because the connection relation between the edge and the end equipment cannot be determined before formal operation, when the end equipment is accessed to the edge computing terminal, the end equipment firstly sends the digital certificate to the edge equipment, and after the edge equipment verifies the validity of the certificate, the identity registration is completed. The following two-party identity authentication flow is the same as the two-party identity authentication flow in the ' master station-terminal ' (cloud-side ') business security interaction flow, and specifically comprises the following steps:
1) When the terminal equipment is accessed to the side equipment, the terminal equipment digital certificate is sent to the side equipment;
2) The side equipment opposite terminal equipment digital certificate verifies, generates a random number R3 after the verification is passed, and sends the random number R3 to the terminal equipment;
3) The terminal equipment generates a random number R4, adds the random number R3 and the random number R4, signs the random number R4 to obtain a third signature result, and sends the third signature result and the random number R4 to the side equipment after being packaged;
4) And the side equipment adopts the end equipment digital certificate to verify the third signature result, and returns authentication confirmation information after the verification is passed.
(2) Quantum session key generation and transmission
After the identity authentication is passed, the session key between the side and the end is generated by a quantum random number built in the side security chip and sent to the end device, and the side device is responsible for maintenance and management of the session key of the opposite end device, as shown in fig. 6, and specifically includes:
1) The first security chip of the side device generates a quantum random number through an optical quantum random number generator, generates a quantum session key Ks 'through the quantum random number and a terminal device security module ID, encrypts the quantum session key Ks' through a protection key Kpn to obtain a third encryption key Es ', and sends the third encryption key Es' to the terminal device. In the step, when the quantum session key Ks' is encrypted by using the protection key Kpn, firstly judging whether the session period of the current side equipment and the end equipment is the first session period, if the session period of the current side equipment and the end equipment is the first session period, using a symmetric key generated by a password infrastructure as an initial end equipment protection key, and encrypting a second quantum session key by adopting the initial end equipment protection key;
2) After receiving the third encryption key Es ', the terminal device decrypts the third encryption key Es ' by using the protection key Kpn to obtain the quantum session key Ks '.
(3) Quantum session key based service data transmission protection
The side and end devices utilize the quantum session key Ks 'to encrypt and transmit the service data, and the mode is the same as the service data transmission protection based on the quantum session key in the' master station-terminal '(cloud-side') service security interaction flow, and is not repeated here.
It should be noted that, in this embodiment, the initial master station protection key is issued in advance in the encryption authentication device, and is subjected to a dispersion process by a preset rule (for example, based on a security chip serial number of the terminal/side device), and then an initial side device protection key is obtained after the dispersion process, where the initial side device protection key is issued in advance in the first security chip, and is subjected to a dispersion process by a preset rule (for example, based on a security chip serial number of the side device), and then the initial side device protection key is obtained after the dispersion process.
In addition, the embodiment also sets a test and a formal version of the initial protection key of the test quantum key, the test key is preset in the master station side distribution encryption authentication device and the terminal side safety special chip in advance, meanwhile, the master station side distribution encryption authentication device is also preset with a formal key, and after the terminal is online and passes identity authentication with the master station, the master station updates the terminal side test key into the formal key according to a preset rule.
It is easy to find that the security of the master station-terminal (cloud-side) and side-end service data encryption keys and the security of the service data encryption transmission process of the electric power secondary system are greatly improved through the cross iterative application of the symmetric key and the quantum session key generated by the existing password infrastructure and the quantum initial protection key activation mechanism based on the PKI digital certificate bidirectional identity authentication result. Meanwhile, the high economic investment and large-scale traffic cost caused by conventional encryption of service data by adopting quantum keys to encrypt SSL, IPsec and other protocols on a communication layer are avoided, namely the transmission certificate chain is required in the processes of SSL, IPsec identity authentication and key negotiation, the interaction time delay is long, the communication traffic consumption is large (wherein the length of an IPsec message is increased by 150% -200%), and the length is increased by about 15% -20% when 200-byte data are encrypted by adopting encryption of an application layer.

Claims (12)

1.一种电力二次系统业务安全防护系统,其特征在于,包括云侧、边侧和端侧,所述云侧与边侧之间通过信息安全通道进行通信交互,所述端侧与所述边侧之间进行通信交互;其中,1. A power secondary system business security protection system, characterized in that it includes a cloud side, an edge side and a terminal side, wherein the cloud side and the edge side communicate and interact through an information security channel, and the terminal side and the edge side communicate and interact; wherein, 所述云侧包括:The cloud side includes: 电力二次业务主站和加密认证装置;Power secondary business master station and encryption authentication device; 量子密钥生成及分发系统,用于生成第一量子会话密钥;A quantum key generation and distribution system for generating a first quantum session key; 量子密钥传递服务模块,用于将所述第一量子会话密钥向所述电力二次业务主站和所述加密认证装置传递;A quantum key transfer service module, used to transfer the first quantum session key to the power secondary business master station and the encryption authentication device; 所述加密认证装置用于采用边设备保护密钥对所述第一量子会话密钥进行加密,所述电力二次业务主站用于将加密后的所述第一量子会话密钥传递至所述边侧;The encryption authentication device is used to encrypt the first quantum session key using the edge device protection key, and the power secondary business master station is used to transmit the encrypted first quantum session key to the edge side; 所述边侧包括:The side includes: 边设备,设置有第一安全芯片,所述第一安全芯片用于对加密后的所述第一量子会话密钥进行解密,得到所述第一量子会话密钥;The edge device is provided with a first security chip, and the first security chip is used to decrypt the encrypted first quantum session key to obtain the first quantum session key; 所述云侧的电力二次业务主站与所述边侧的边设备基于所述第一量子会话密钥进行业务数据的传输;The power secondary business master station on the cloud side and the edge device on the edge side transmit business data based on the first quantum session key; 所述第一安全芯片具有光量子随机数发生器;所述光量子随机数发生器用于产生量子随机数;所述边设备还用于基于所述量子随机数产生第二量子会话密钥,并通过所述第一安全芯片对所述第二量子会话密钥进行加密并传递至所述端侧;The first security chip has an optical quantum random number generator; the optical quantum random number generator is used to generate quantum random numbers; the edge device is also used to generate a second quantum session key based on the quantum random number, and encrypt the second quantum session key through the first security chip and transmit it to the end side; 所述端侧包括;The end side includes: 端设备,设置有第二安全芯片,所述第二安全芯片用于对加密后的所述第二量子会话密钥进行解密,得到所述第二量子会话密钥;The terminal device is provided with a second security chip, and the second security chip is used to decrypt the encrypted second quantum session key to obtain the second quantum session key; 所述端侧的端设备与所述边侧的边设备基于所述第二量子会话密钥进行业务数据的传输;The end device on the end side and the edge device on the edge side transmit service data based on the second quantum session key; 初始主站保护密钥预先发行在所述加密认证装置中,并通过基于边设备的安全芯片序列号进行分散处理,分散处理后得到初始边设备保护密钥;所述初始边设备保护密钥预先发行在所述第一安全芯片中,并通过基于端设备的安全芯片序列号进行分散处理,分散处理后得到初始端设备保护密钥。The initial master station protection key is pre-issued in the encryption authentication device and is dispersed through the security chip serial number based on the edge device, and the initial edge device protection key is obtained after the dispersion processing; the initial edge device protection key is pre-issued in the first security chip and is dispersed through the security chip serial number based on the end device, and the initial end device protection key is obtained after the dispersion processing. 2.根据权利要求1所述的电力二次系统业务安全防护系统,其特征在于,所述量子密钥传递服务模块在传递所述第一量子会话密钥时,采用主站保护密钥对所述第一量子会话密钥进行加密。2. The power secondary system business security protection system according to claim 1 is characterized in that when the quantum key transfer service module transfers the first quantum session key, it uses the master station protection key to encrypt the first quantum session key. 3.根据权利要求2所述的电力二次系统业务安全防护系统,其特征在于,所述量子密钥传递服务模块包括:3. The power secondary system business security protection system according to claim 2, characterized in that the quantum key transfer service module comprises: 第一判断单元,用于判断当前电力二次业务主站与边设备的会话周期是否为首个会话周期;The first judgment unit is used to judge whether the current session cycle between the power secondary service master station and the edge device is the first session cycle; 第一加密单元,用于在当前电力二次业务主站与边设备的会话周期是首个会话周期时,将密码基础设施产生的对称密钥作为初始主站保护密钥,并采用所述初始主站保护密钥对所述第一量子会话密钥进行加密;A first encryption unit is used to use the symmetric key generated by the cryptographic infrastructure as an initial master station protection key when the current session cycle between the power secondary business master station and the edge device is the first session cycle, and to encrypt the first quantum session key using the initial master station protection key; 第二加密单元,用于在当前电力二次业务主站与边设备的会话周期不是首个会话周期时,将电力二次业务主站与边设备的上一个会话周期的第一量子会话密钥作为主站保护密钥,并采用所述主站保护密钥对所述第一量子会话密钥进行加密。The second encryption unit is used to use the first quantum session key of the previous session cycle between the power secondary business master station and the edge device as the master station protection key when the current session cycle between the power secondary business master station and the edge device is not the first session cycle, and use the master station protection key to encrypt the first quantum session key. 4.根据权利要求1所述的电力二次系统业务安全防护系统,其特征在于,所述第一安全芯片对所述第二量子会话密钥进行加密时,采用端设备保护密钥对所述第二量子会话密钥进行加密。4. The power secondary system business security protection system according to claim 1 is characterized in that when the first security chip encrypts the second quantum session key, the end device protection key is used to encrypt the second quantum session key. 5.根据权利要求4所述的电力二次系统业务安全防护系统,其特征在于,所述第一安全芯片包括:5. The power secondary system service security protection system according to claim 4, characterized in that the first security chip comprises: 第二判断单元,用于判断当前边设备与端设备的会话周期是否为首个会话周期;The second judgment unit is used to judge whether the current session period between the edge device and the end device is the first session period; 第三加密单元,用于在当前边设备与端设备的会话周期是首个会话周期时,将密码基础设施产生的对称密钥作为初始端设备保护密钥,并采用所述初始端设备保护密钥对所述第二量子会话密钥进行加密;A third encryption unit is used to use the symmetric key generated by the cryptographic infrastructure as the initial end device protection key when the session cycle between the current edge device and the end device is the first session cycle, and to encrypt the second quantum session key with the initial end device protection key; 第四加密单元,用于在当前边设备与端设备的会话周期不是首个会话周期时,将边设备与端设备的上一个会话周期时的第二量子会话密钥作为端设备保护密钥,并采用所述端设备保护密钥对所述第二量子会话密钥进行加密。The fourth encryption unit is used to use the second quantum session key in the previous session cycle between the edge device and the end device as the end device protection key when the current session cycle between the edge device and the end device is not the first session cycle, and use the end device protection key to encrypt the second quantum session key. 6.一种电力二次系统业务安全防护方法,其特征在于,采用如权利要求1-5中任一所述电力二次系统业务安全防护系统,包括以下步骤:6. A method for protecting the business security of a secondary power system, characterized in that the secondary power system business security protection system as described in any one of claims 1 to 5 is adopted, comprising the following steps: 所述电力二次业务主站或所述加密认证装置向所述量子密钥传递服务模块发送量子会话密钥申请请求;The power secondary business master station or the encryption authentication device sends a quantum session key application request to the quantum key transfer service module; 所述量子密钥传递服务模块在收到所述量子会话密钥申请请求后,向所述量子密钥生成及分发系统请求所述第一量子会话密钥;After receiving the quantum session key application request, the quantum key transfer service module requests the first quantum session key from the quantum key generation and distribution system; 所述量子密钥生成及分发系统生成第一量子会话密钥,并传输给所述量子密钥传递服务模块;The quantum key generation and distribution system generates a first quantum session key and transmits it to the quantum key transfer service module; 所述量子密钥传递服务模块采用主站保护密钥对所述第一量子会话密钥进行加密,得到第一加密密钥,并所述第一加密密钥经过所述主站发送给所述加密认证装置;The quantum key transfer service module encrypts the first quantum session key using the master station protection key to obtain a first encryption key, and sends the first encryption key to the encryption authentication device through the master station; 所述加密认证装置采用所述主站保护密钥对所述第一加密密钥进行解密,得到所述第一量子会话密钥,并采用边设备保护密钥对所述第一量子会话密钥进行加密,得到第二加密密钥,并将所述第二加密密钥传输至边设备;The encryption authentication device uses the master station protection key to decrypt the first encryption key to obtain the first quantum session key, and uses the edge device protection key to encrypt the first quantum session key to obtain a second encryption key, and transmits the second encryption key to the edge device; 所述边设备的第一安全芯片采用边设备保护密钥对所述第二加密密钥进行解密,得到所述第一量子会话密钥。The first security chip of the edge device uses the edge device protection key to decrypt the second encryption key to obtain the first quantum session key. 7.根据权利要求6所述的电力二次系统业务安全防护方法,其特征在于,所述电力二次业务主站或所述加密认证装置向所述量子密钥传递服务模块发送量子会话密钥申请请求之前,还包括数字证书双向认证步骤,具体包括:7. The power secondary system service security protection method according to claim 6 is characterized in that before the power secondary service master station or the encryption authentication device sends a quantum session key application request to the quantum key transfer service module, it also includes a digital certificate two-way authentication step, specifically including: 所述电力二次业务主站生成第一随机数,并将所述第一随机数发送给所述边设备;The power secondary service master station generates a first random number and sends the first random number to the edge device; 所述边设备生成第二随机数,并将所述第一随机数和所述第二随机数进行结合,并对结合结果进行签名,得到第一签名结果,将所述第一签名结果、所述第二随机数和边设备数字证书组包后发送给所述主站;The edge device generates a second random number, combines the first random number with the second random number, signs the combination result to obtain a first signature result, and packages the first signature result, the second random number and the edge device digital certificate and sends them to the main station; 所述电力二次业务主站采用所述边设备数字证书对所述第一签名结果进行验证,并在验证通过后对所述第二随机数进行签名,得到第二签名结果,并将所述第二签名结果和主站数字证书组包后发送给所述边设备;The power secondary business master station verifies the first signature result using the edge device digital certificate, and signs the second random number after the verification is passed to obtain a second signature result, and packages the second signature result and the master station digital certificate and sends them to the edge device; 所述边设备采用主站数字证书对所述第二签名结果进行验证,并在验证通过后返回认证确认信息。The edge device verifies the second signature result using the master station digital certificate, and returns authentication confirmation information after the verification is successful. 8.根据权利要求6所述的电力二次系统业务安全防护方法,其特征在于,所述量子密钥传递服务模块采用主站保护密钥对所述第一量子会话密钥进行加密,具体包括:8. The power secondary system service security protection method according to claim 6 is characterized in that the quantum key transfer service module uses the master station protection key to encrypt the first quantum session key, specifically comprising: 判断当前所述电力二次业务主站与边设备的会话周期是否为首个会话周期;Determine whether the current session cycle between the power secondary service master station and the edge device is the first session cycle; 当前所述电力二次业务主站与边设备的会话周期是首个会话周期,则将密码基础设施产生的对称密钥作为初始主站保护密钥,并采用所述初始主站保护密钥对所述第一量子会话密钥进行加密;The current session cycle between the power secondary business master station and the edge device is the first session cycle, the symmetric key generated by the cryptographic infrastructure is used as the initial master station protection key, and the initial master station protection key is used to encrypt the first quantum session key; 所述当前电力二次业务主站与边设备的会话周期不是首个会话周期,则将电力二次业务主站与边设备的上一个会话周期的第一量子会话密钥作为主站保护密钥,并采用所述主站保护密钥对所述第一量子会话密钥进行加密。If the current session cycle between the power secondary business master station and the edge device is not the first session cycle, the first quantum session key of the previous session cycle between the power secondary business master station and the edge device is used as the master station protection key, and the first quantum session key is encrypted using the master station protection key. 9.根据权利要求8所述的电力二次系统业务安全防护方法,其特征在于,还包括:9. The power secondary system service security protection method according to claim 8, characterized in that it also includes: 所述第一安全芯片具有光量子随机数发生器,所述光量子随机数发生器产生量子随机数,所述边设备的第一安全芯片基于所述量子随机数产生第二量子会话密钥,并通过端设备保护密钥对所述第二量子会话密钥进行加密,得到第三加密密钥,所述边设备将所述第三加密密钥传输给端设备;The first security chip has an optical quantum random number generator, which generates a quantum random number. The first security chip of the edge device generates a second quantum session key based on the quantum random number, and encrypts the second quantum session key through the end device protection key to obtain a third encryption key. The edge device transmits the third encryption key to the end device. 所述端设备的第二安全芯片采用所述端设备保护密钥对所述第三加密密钥进行解密,得到所述第二量子会话密钥。The second security chip of the end device uses the end device protection key to decrypt the third encryption key to obtain the second quantum session key. 10.根据权利要求9所述的电力二次系统业务安全防护方法,其特征在于,所述光量子随机数发生器产生量子随机数之前,数字证书双向认证步骤,具体包括:10. The power secondary system service security protection method according to claim 9 is characterized in that before the optical quantum random number generator generates quantum random numbers, a digital certificate two-way authentication step specifically includes: 所述端设备在接入所述边设备时,将端设备数字证书发送至所述边设备;When the end device accesses the edge device, the end device digital certificate is sent to the edge device; 所述边设备对所述端设备数字证书进行验证,并在验证通过后生成第三随机数,并将第三随机数发送给所述端设备;The edge device verifies the digital certificate of the end device, generates a third random number after the verification is passed, and sends the third random number to the end device; 所述端设备生成第四随机数,并将第三随机数和第四随机数进行结合,对结合结果进行签名,得到第三签名结果,将第三签名结果和第四随机数组包后发送给所述边设备;The end device generates a fourth random number, combines the third random number with the fourth random number, signs the combination result to obtain a third signature result, and packages the third signature result and the fourth random number and sends them to the edge device; 所述边设备采用所述端设备数字证书对所述第三签名结果进行验证,并在验证通过后返回认证确认信息。The edge device verifies the third signature result using the end device digital certificate, and returns authentication confirmation information after the verification is successful. 11.根据权利要求9所述的电力二次系统业务安全防护方法,其特征在于,所述边设备的第一安全芯片通过端设备保护密钥对所述第二量子会话密钥进行加密,具体包括:11. The power secondary system service security protection method according to claim 9 is characterized in that the first security chip of the edge device encrypts the second quantum session key through the end device protection key, specifically comprising: 判断当前所述边设备与端设备的会话周期是否为首个会话周期;Determine whether the current session cycle between the edge device and the end device is the first session cycle; 当前所述边设备与端设备的会话周期是首个会话周期,则将密码基础设施产生的对称密钥作为初始端设备保护密钥,并采用所述初始端设备保护密钥对所述第二量子会话密钥进行加密;The current session cycle between the edge device and the end device is the first session cycle, the symmetric key generated by the cryptographic infrastructure is used as the initial end device protection key, and the initial end device protection key is used to encrypt the second quantum session key; 当前所述边设备与端设备的会话周期不是首个会话周期,则将所述边设备与端设备的上一个会话周期时的第二量子会话密钥作为端设备保护密钥,并采用所述端设备保护密钥对所述第二量子会话密钥进行加密。If the current session cycle between the edge device and the end device is not the first session cycle, the second quantum session key during the previous session cycle between the edge device and the end device is used as the end device protection key, and the end device protection key is used to encrypt the second quantum session key. 12.根据权利要求11所述的电力二次系统业务安全防护方法,其特征在于,所述初始主站保护密钥预先发行在所述加密认证装置中,并通过预设规则进行分散处理,分散处理后得到初始边设备保护密钥;所述初始边设备保护密钥预先发行在所述第一安全芯片中,并通过预设规则进行分散处理,分散处理后得到初始端设备保护密钥。12. The power secondary system business security protection method according to claim 11 is characterized in that the initial master station protection key is pre-issued in the encryption authentication device and is decentralized through preset rules to obtain the initial edge device protection key after decentralized processing; the initial edge device protection key is pre-issued in the first security chip and is decentralized through preset rules to obtain the initial end device protection key after decentralized processing.
CN202411254905.1A 2024-09-09 2024-09-09 Electric power secondary system business safety protection system and method Active CN118764200B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411254905.1A CN118764200B (en) 2024-09-09 2024-09-09 Electric power secondary system business safety protection system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411254905.1A CN118764200B (en) 2024-09-09 2024-09-09 Electric power secondary system business safety protection system and method

Publications (2)

Publication Number Publication Date
CN118764200A CN118764200A (en) 2024-10-11
CN118764200B true CN118764200B (en) 2024-12-31

Family

ID=92951831

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411254905.1A Active CN118764200B (en) 2024-09-09 2024-09-09 Electric power secondary system business safety protection system and method

Country Status (1)

Country Link
CN (1) CN118764200B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103490891A (en) * 2013-08-23 2014-01-01 中国科学技术大学 Method for updating and using secret key in power grid SSL VPN
CN117527208A (en) * 2023-10-27 2024-02-06 梵迩佳智能科技有限公司 Application method and device of low-voltage station quantum encryption communication technology

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5768381A (en) * 1993-09-14 1998-06-16 Chantilley Corporation Limited Apparatus for key distribution in an encryption system
CN105871538B (en) * 2015-01-22 2019-04-12 阿里巴巴集团控股有限公司 Quantum key distribution system, quantum key delivering method and device
CN108667607A (en) * 2018-05-18 2018-10-16 国网信息通信产业集团有限公司 A Quantum Key Synchronization Method for Distribution and Utilization Terminals
CN111314074A (en) * 2020-02-25 2020-06-19 南京如般量子科技有限公司 Secret sharing and timestamp based quantum secret communication key distribution and negotiation system
CN112737781B (en) * 2021-03-29 2021-06-18 南京易科腾信息技术有限公司 Quantum key management service method, system and storage medium
CN113965319A (en) * 2021-09-18 2022-01-21 郑州信大捷安信息技术股份有限公司 Key management system and method based on quantum key distribution system
JP7612557B2 (en) * 2021-11-11 2025-01-14 株式会社東芝 Quantum cryptography storage system, distributed control device and program
CN115085943B (en) * 2022-08-18 2023-01-20 南方电网数字电网研究院有限公司 Edge computing method and platform for safe encryption of electric power Internet of things in north and south directions
CN115589283A (en) * 2022-08-31 2023-01-10 国网北京市电力公司 Quantum secret communication interaction system and method for distribution automation service
WO2024073843A1 (en) * 2022-10-03 2024-04-11 QDS Holdings Inc. Systems and methods for establishing a secure digital network environment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103490891A (en) * 2013-08-23 2014-01-01 中国科学技术大学 Method for updating and using secret key in power grid SSL VPN
CN117527208A (en) * 2023-10-27 2024-02-06 梵迩佳智能科技有限公司 Application method and device of low-voltage station quantum encryption communication technology

Also Published As

Publication number Publication date
CN118764200A (en) 2024-10-11

Similar Documents

Publication Publication Date Title
CN111475796B (en) Anti-quantum computation identity authentication method and system based on secret sharing and quantum communication service station
CN111447067A (en) Encryption authentication method for power sensing equipment
CN113726733B (en) Encryption intelligent contract privacy protection method based on trusted execution environment
CN116663075B (en) Industrial control programming platform safety communication method and system based on cryptographic algorithm
CN116865966B (en) Encryption method, device and storage medium for generating working key based on quantum key
CN115459912A (en) Communication encryption method and system based on quantum key centralized management
CN105099699A (en) Safe and high-efficiency communication method based on equipment of Internet of things and system
Zhang et al. Cerberus: Privacy-preserving computation in edge computing
CN108964898A (en) It is a kind of that electricity consumption cryptographic communication system and method are matched based on Quantum Secure Communication
CN115835194A (en) NB-IOT (network B-Internet of things) terminal security access system and access method
CN114095168A (en) Communication method based on quantum key and encryption communication terminal thereof
CN118764200B (en) Electric power secondary system business safety protection system and method
CN118540163A (en) Quantum security enhancement method for national security SSL VPN protocol
CN105656623A (en) Device for enhancing security of intelligent substation IED
CN117014139A (en) Virtual power plant business fusion system and method based on quantum encryption
CN115694922A (en) File transfer encryption method and device under domestic CPU and OS
CN114915456A (en) A communication method between PMU and PDC in a power monitoring system
CN114679262A (en) Quantum key distribution system and method fusing asymmetric system
CN116800455B (en) A secure communication method and system for power Internet of Things based on identification cryptographic algorithm
Lv et al. A highly reliable lightweight distribution network communication encryption scheme
CN118694528B (en) Anti-quantum security enhancement method for on-line certificate issuing and key pair distribution
CN115037490B (en) A cross-network communication system for malicious code detection in substations
CN118694529B (en) Quantum-resistant security enhancement method for secure channel protocol of password equipment
CN115913528B (en) Quantum key management method based on security chip and cloud cooperation
Scholar et al. Easy and Secure Smart SMS Protocol on M-Health Environment in Mobile Computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant