CN121000528B

CN121000528B - Methods and Systems for Security Protection of Power Data Communication in Intelligent Marketing Terminals

Info

Publication number: CN121000528B
Application number: CN202511518194.9A
Authority: CN
Inventors: 孙竹君; 顾永生; 王全强; 程伟华; 郝翠萍; 周红林; 韩家雄
Original assignee: Jiangsu Electric Power Information Technology Co Ltd
Current assignee: Jiangsu Electric Power Information Technology Co Ltd
Filing date: 2025-10-23
Publication date: 2026-02-13
Anticipated expiration: 2045-10-23

Abstract

This invention discloses a method and system for secure protection of power data communication in intelligent marketing terminals, belonging to the field of power data security. The method includes: collecting electromagnetic noise spectrum data through the terminal's built-in environmental electromagnetic sensing module, extracting electromagnetic feature factors and constructing a correlation model between these factors and the complexity of elliptic curve cryptography; building a terminal twin mirror image, combining a long short-term memory neural network to predict communication command sequences and calculate deviation coefficients; classifying and filtering the power data collected by the terminal, de-identifying privacy-related data, and integrating a hash fragment containing the terminal device's unique identifier to generate a de-identified power data packet containing the terminal's identity identifier; generating a data digest based on encryption parameters determined by the correlation model and verifying access permissions; converting the data collection timestamp into a binary encoded sequence and embedding it into the data digest; generating an encrypted data packet with a time-series traceability watermark and uploading it to the blockchain for evidence storage. This invention achieves full-process secure management of power data, improving communication security and data credibility.

Description

Intelligent marketing terminal power data communication safety protection method and system

Technical Field

The invention belongs to the field of electric power data safety, and particularly relates to an intelligent marketing terminal electric power data communication safety protection method and system.

Background

With the deep promotion of smart power grid construction, the smart marketing terminal is used as a key node for connecting a user and a power grid, needs to collect and transmit a large amount of power data, including sensitive contents such as user power information and identity information, and the data face security threats such as electromagnetic interference attack, instruction tampering, privacy disclosure, data tampering and the like in the communication process. In the prior art, a fixed encryption strategy, static authority control and single-dimension anomaly detection method are mainly adopted in power data communication security management, and the defects that encryption parameters cannot be dynamically adjusted according to environments, so that anti-attack capability is insufficient, anomaly instruction detection accuracy is low, a novel attack mode is difficult to identify, effective restoration in an authorization scene cannot be realized after privacy data are desensitized, and data storage certificate lacks integrity guarantee of a full life cycle are overcome. Therefore, an intelligent marketing terminal power data communication safety protection method capable of realizing dynamic encryption adaptation, accurate anomaly detection, safety privacy protection and full-flow trusted memory card is needed.

Disclosure of Invention

Aiming at the defects of the prior art, the invention provides an intelligent marketing terminal power data communication safety protection method and system, which are characterized in that electromagnetic noise spectrum data is collected through a terminal built-in environment electromagnetic sensing module, electromagnetic characteristic factors are extracted, a correlation model of the electromagnetic characteristic factors and the complexity of an elliptic curve cryptosystem is constructed, a terminal twin mirror image is built, a long-period memory neural network is combined to predict a communication instruction sequence and calculate a deviation coefficient, power data collected by the terminal is classified and screened, desensitized privacy data are merged into a hash segment uniquely identified by terminal equipment to generate a desensitized power data packet containing a terminal identity, a data abstract is generated according to encryption parameters determined by the correlation model, access rights are verified, a data collection timestamp is converted into a binary coding sequence and is embedded into the data abstract, and an encrypted data packet uploading block chain memory card with a time sequence traceability watermark is generated.

In order to achieve the above purpose, the present invention provides the following technical solutions:

The intelligent marketing terminal power data communication safety protection method comprises the following steps:

The terminal collects electromagnetic noise spectrum data through a built-in environment electromagnetic sensing module, extracts electromagnetic characteristic factors and constructs a correlation model of electromagnetic characteristic factors and elliptic curve cryptosystem complexity;

Constructing a terminal twin image, predicting a communication instruction sequence based on a long-term memory neural network and combining the terminal operation state synchronized with the terminal twin image, and calculating a deviation coefficient of a communication instruction actually generated by the terminal and the predicted communication instruction sequence;

Judging whether the terminal behavior is abnormal or not according to a comparison result of the deviation coefficient and a preset threshold value;

Classifying and screening the power data collected by the terminal which is judged to be normal, extracting privacy data in the power data, performing desensitization treatment to obtain desensitized power data, extracting a hash segment of a unique identifier of terminal equipment as a reversible analysis factor, and adopting a preset embedding algorithm to integrate the reversible analysis factor into the desensitized power data to generate a desensitized power data packet containing a terminal identity identifier;

Determining encryption parameters according to the association model, generating a data abstract for the desensitized power data packet by using the encryption parameters, and completing access authority verification according to the terminal identity in the desensitized power data packet;

and acquiring a data acquisition time stamp corresponding to the desensitized power data packet subjected to access authority verification, converting the data acquisition time stamp into a binary code sequence, embedding the binary code sequence into the least significant bit of the data abstract, generating an encrypted data packet with a time sequence tracing watermark, and uploading the encrypted data packet to a blockchain for verification.

Specifically, the original private data is restored by a reversible parsing algorithm if and only if the terminal device identification requesting access matches the hashed fragment in the desensitized power data packet.

Specifically, the terminal collects electromagnetic noise spectrum data through a built-in environment electromagnetic sensing module, extracts electromagnetic characteristic factors, and comprises:

Through the environment electromagnetic sensing module, when the terminal executes elliptic curve cryptography operation, original electromagnetic signals in a preset frequency band are monitored and collected in real time;

preprocessing the original electromagnetic signals to obtain digitized electromagnetic noise spectrum data;

performing fast Fourier transform on the digitized electromagnetic noise spectrum data, and converting the digitized electromagnetic noise spectrum data from a time domain to a frequency domain to obtain a noise spectrum;

The electromagnetic characteristic factors are extracted from the noise spectrum, the electromagnetic characteristic factors comprise noise amplitude values, spectrum distribution forms and dynamic change rates, the noise amplitude values are signal intensity values of preset frequency points or frequency bands in the noise spectrum, the spectrum distribution forms are determined through calculating skewness, kurtosis and energy entropy quantification of the spectrum, and the dynamic change rates are difference values of spectrum energy between adjacent sampling periods.

Specifically, the constructing a correlation model of electromagnetic feature factors and elliptic curve cryptosystem complexity includes:

establishing a multidimensional feature vector, and taking the electromagnetic feature factor as a vector element;

deploying elliptic curve cryptosystems with different complexity at the terminal, wherein the complexity is determined by the domain size, the base point order and the point multiplication algorithm of the selected elliptic curve;

under different environment electromagnetic noise, executing a plurality of elliptic curve cryptography operations, and recording the operation time, the power consumption and the error rate of the elliptic curve cryptography operations as complexity response indexes;

And training to obtain a correlation model by using a machine learning regression algorithm and taking the multidimensional feature vector as input and the complexity response index as output, wherein the correlation model predicts the optimal encryption complexity level in the current environment according to the electromagnetic feature factors extracted in real time.

Specifically, the building of the terminal twin mirror image, based on the long-short-period memory neural network, predicts a communication instruction sequence in combination with the terminal running operation state synchronized by the terminal twin mirror image, calculates a deviation coefficient of a communication instruction actually generated by the terminal and the predicted communication instruction sequence, and comprises the following steps:

Constructing a terminal twin mirror image corresponding to the physical terminals one by one at a local or edge security node, wherein the twin mirror image is synchronous with the running operation state through the system call, the process list and the network connection state information of the receiving terminal;

Training a historical communication instruction sequence of the terminal in a preset service scene by using a long-short-term memory neural network to generate a prediction model;

Executing the prediction model by the terminal twin mirror image when communication occurs, and outputting a predicted communication instruction sequence;

And comparing the similarity of the communication instruction actually generated by the terminal with the predicted communication instruction sequence to obtain a deviation coefficient.

Specifically, the extracting the hash segment of the unique identifier of the terminal device as the reversible analysis factor, and adopting a preset embedding algorithm to integrate the reversible analysis factor into the desensitized power data comprises the following steps:

Acquiring a hardware unique identifier of a terminal;

calculating the unique hardware identifier by using an SM3 hash algorithm to obtain a hash abstract;

Intercepting the first N bits of the hash abstract to generate a hash fragment, and taking the hash fragment as a reversible analysis factor;

Converting the reversible resolution factor into a binary stream;

selecting reserved bits or extension bits of fields in the desensitized power data packet as an embedded area;

and embedding the binary stream into the embedded area by using a least significant bit replacement algorithm to generate the desensitized power data packet containing the terminal identity.

Specifically, the determining encryption parameters according to the association model, generating a data digest for the desensitized power data packet using the encryption parameters includes:

inputting electromagnetic characteristic factors extracted in real time into the association model;

the encryption parameters of an elliptic curve cryptosystem which is output by the association model and matched with the complexity of the current electromagnetic environment are obtained, wherein the encryption parameters comprise elliptic curve types, domain parameters and key lengths;

And performing digital signature operation on the desensitized power data packet containing the terminal identity by using an elliptic curve digital signature algorithm determined by the encryption parameters, and generating a digital signature value as the data digest.

Specifically, the acquiring the data acquisition time stamp corresponding to the desensitized power data packet after the access authority verification and converting the data acquisition time stamp into a binary coding sequence, and embedding the binary coding sequence into the least significant bit of the data abstract comprises the following steps:

extracting a data acquisition time stamp from metadata of the desensitized power data packet;

Converting the data acquisition time stamp of the UTC time format into a binary coding sequence;

acquiring a binary representation of the data summary;

And replacing original data on least significant bits in the binary representation of the data abstract by bits according to the binary coding sequence to generate the data abstract containing the watermark.

Specifically, when uploading to the blockchain for certification, the method includes:

the encrypted data packet with the time sequence tracing watermark and the deviation coefficient are packaged together into a transaction;

invoking a blockchain intelligent contract to submit the transaction to a blockchain network;

after the block chain link points are identified, a new block containing the transaction is added to the chain to finish the evidence storage.

The intelligent marketing terminal power data communication safety protection system comprises an electromagnetic feature sensing module, a state monitoring module, an identity identification embedding module, a right management module and a blockchain certification storage module;

the electromagnetic feature sensing module is used for establishing association with the encryption system by sensing the electromagnetic features of the environment of the terminal;

the state monitoring module is used for synchronizing the running operation state of the terminal through the twin mirror image of the terminal and predicting a communication instruction sequence to monitor whether the running of the terminal is abnormal;

The identity identification embedding module is used for carrying out privacy protection processing on the power data and embedding terminal identity information;

the authority management module is used for encrypting the desensitized power data and checking the access authority based on the identity of the terminal;

The block chain certification module is used for adding time sequence tracing watermarks for the encrypted data and uploading the block chains.

Compared with the prior art, the invention has the beneficial effects that:

1. The invention provides an intelligent marketing terminal power data communication safety protection system, which is optimized and improved in terms of architecture, operation steps and flow, and has the advantages of simple flow, low investment and operation cost and low production and working costs.

2. The invention provides an intelligent marketing terminal power data communication safety protection method, which comprises the steps of constructing an encryption system association model through environmental electromagnetic perception, enabling encryption parameters to dynamically adapt to electromagnetic environments, improving anti-interference and anti-attack capabilities, simultaneously predicting communication instruction sequences by means of terminal twin mirror images and a neural network, accurately identifying abnormal operation of a terminal, preventing and controlling communication instruction tampering risks in advance, and doubly guaranteeing terminal data transmission safety from a communication source and an operation process.

3. The invention provides a power data communication safety protection method of an intelligent marketing terminal, which is characterized in that desensitized power privacy data are classified and integrated into a terminal identification hash segment, so that the user privacy is protected, the access authority can be checked by means of the identification, and then the whole process from acquisition, processing and storage of the power data can be traced and tampered by combining with associated model encryption, timestamp watermarking and blockchain storage.

Drawings

FIG. 1 is a schematic diagram of a method for protecting safety of electric power data communication of an intelligent marketing terminal;

FIG. 2 is a schematic flow chart of a method for protecting the safety of electric power data communication of an intelligent marketing terminal;

fig. 3 is a schematic diagram of a power data communication safety protection system of an intelligent marketing terminal.

Detailed Description

Example 1:

Referring to fig. 1 and 2, in one embodiment of the present invention, a method for protecting power data communication security of an intelligent marketing terminal includes steps S1 to S5, including the following steps:

S1, a terminal collects electromagnetic noise spectrum data through a built-in environment electromagnetic sensing module, extracts electromagnetic characteristic factors and constructs an associated model of electromagnetic characteristic factors and elliptic curve cryptosystem complexity;

It should be noted that, the encryption scheme of the traditional intelligent marketing terminal mostly adopts an elliptic curve cryptosystem with fixed complexity, the encryption parameters are unchanged all the time no matter how the electromagnetic environment where the terminal is located changes, when the electromagnetic noise of the environment is strong, the fixed low-complexity encryption is easy to be attacked and cracked by the electromagnetic side channel, the operation error rate is increased due to the electromagnetic interference when the fixed high-complexity encryption is caused, and when the electromagnetic noise of the environment is weak, the fixed high-complexity encryption causes the terminal to waste calculation power and reduces the data communication efficiency. The method is characterized in that a dynamic matching mechanism of environment electromagnetic states and encryption complexity is established, and specifically comprises the steps of extracting electromagnetic characteristic factors capable of accurately reflecting the severe degree of an electromagnetic environment through sensing electromagnetic noise around a terminal, such as radiation of transformer substation equipment and industrial interference signals, binding the electromagnetic characteristic factors with the complexity of an elliptic curve cryptosystem, such as domain size, base point order and dot multiplication algorithm, through a correlation model, enabling the terminal to automatically adjust encryption parameters according to the real-time electromagnetic environment, for example, when the electromagnetic noise is strong and the side channel attack risk is high, automatically selecting a high-complexity encryption system by the correlation model, improving the anti-attack capability, and automatically selecting an adaptive medium-low complexity encryption system when the electromagnetic noise is weak and the communication efficiency is high, balancing safety and efficiency, wherein the traditional fixed encryption scheme cannot realize the environment self-adaptive adjustment and cannot simultaneously meet the requirements of anti-interference, anti-attack and high efficiency.

S2, constructing a terminal twin image, predicting a communication instruction sequence based on a long-period memory neural network and combining the terminal operation state synchronous with the terminal twin image, and calculating a deviation coefficient of a communication instruction actually generated by the terminal and the predicted communication instruction sequence;

Further, the terminal twin image continuously receives the operation log, the system call sequence and the resource occupation state from the physical terminal through the secure communication link so as to keep synchronization.

It should be noted that, once the intelligent marketing terminal is maliciously tampered, for example, a malicious program is implanted and a core chip is replaced, an attacker may falsify electric power data, for example, virtual power consumption is increased and falsified user power consumption records are generated, and false communication instructions are generated, while the traditional security scheme can only verify the legitimacy of the terminal through identity authentication, and cannot identify the terminal, a real-time comparison mechanism of a physical terminal and a twin mirror image is established, wherein the terminal twin mirror image is not a simple terminal copy, but can synchronize terminal system call, a process list and a digital proxy of a network connection state, the learning of the terminal historical communication instructions through a long-short-term memory neural network can accurately predict an instruction sequence which should be generated when the terminal is tampered in a specific service scene, for example, the user power consumption is purchased and the electric power consumption is uploaded, and the actually generated instruction sequence deviates from the instruction sequence predicted by the terminal twin mirror image when the physical terminal is tampered, and the terminal abnormality can be identified at first time, for example, when the normal terminal is uploading electric power consumption data, the instruction sequence should be read, checked, encrypted and sent, and the tampered terminal system can be inserted into data, the false data can be generated, the false data can be prevented from exceeding the format, the false authentication coefficient, the risk can be immediately predicted, and the risk of the terminal is prevented from the invention, and the false security system is prevented from being based on the false data, and the false security system, and the risk is prevented from being immediately, and the false command data, and the false security system is prevented from being immediately from being tampered.

S3, judging whether the terminal behavior is abnormal or not according to a comparison result of the deviation coefficient and a preset threshold value;

further, if the deviation coefficient is lower than a preset early warning threshold value, judging that the terminal is normal in behavior, executing a subsequent flow;

If the deviation coefficient is higher than a preset early warning threshold value but lower than a preset fusing threshold value, judging that the terminal behavior is suspicious, generating a safety alarm log and associating a mark with the desensitized power data packet;

If the deviation coefficient is higher than the preset fusing threshold, the terminal behavior is judged to be abnormal, the current communication flow is terminated, and a safety isolation mechanism is triggered.

Further, the early warning threshold is used for triggering observation and marking, the fusing threshold is used for triggering interruption and isolation, and the early warning threshold and the fusing threshold are set based on a comprehensive engineering method of historical behavior baseline analysis, statistical modeling and business risk tolerance assessment.

S4, classifying and screening the power data collected by the terminal which is judged to be normal, extracting privacy data in the power data, performing desensitization treatment to obtain desensitized power data, extracting a hash segment of a unique identifier of the terminal equipment as a reversible analysis factor, and adopting a preset embedding algorithm to integrate the reversible analysis factor into the desensitized power data to generate a desensitized power data packet containing the terminal identity identifier;

further, the classifying and screening the power data collected by the terminal judged to be normal includes:

(1) The method comprises the steps of presetting a data classification rule base, wherein the data classification rule base defines which data fields belong to user privacy class data, equipment operation class data and public metering class data;

(2) And matching the original power data flow acquired by the terminal which is judged to be normal with the data classification rule base, and identifying and screening privacy data containing user identity, electricity utilization habit and accurate geographic position information.

Further, the extracting the privacy class data therein for desensitization processing includes:

(1) Desensitizing the screened privacy data by adopting a hash encryption mode;

(2) And recombining the desensitized data with the original non-privacy equipment operation data and public metering data to obtain desensitized power data.

It should be noted that, the electric power data collected by the intelligent marketing terminal contains a large amount of user privacy information, including but not limited to user name, address and electricity consumption habit, and the traditional desensitization scheme can protect privacy, but can lead to that the desensitized data can not trace back the home terminal, when the data is wrong, which terminal is collected can not be determined, and responsibility is difficult to be pursued, and meanwhile, the traditional scheme can not prevent the desensitized data from being accessed by unauthorized terminals, so that the risk of secondary leakage of privacy exists. In the method, the accurate positioning privacy data are classified, screened and screened, the excessive desensitization of non-privacy data such as public power grid voltage data is avoided, the usability of the data is ensured, the embedded reversible analysis factor is not a direct terminal ID, but is a segment subjected to SM3 hash operation, so that the leakage of terminal identity information is avoided, the terminal identity can be restored through an algorithm, the problem of data attribution traceability is solved, finally, a desensitization data packet is bound with the terminal identity mark, a basis is provided for the subsequent authority verification, and only the terminal matched with the mark can access the data, thereby preventing an unauthorized terminal from acquiring the desensitization data. The irreplaceable design is characterized in that the contradiction between privacy protection and data tracing is broken through, the traditional scheme can give up tracing for protecting privacy or reserve private information for tracing, and the method realizes perfect balance of the privacy protection and the data tracing through embedding the reversible analysis factors, and simultaneously provides accurate identity basis for rights management.

S5, determining encryption parameters according to the association model, generating a data abstract for the desensitized power data packet by using the encryption parameters, and completing access authority verification according to the terminal identity in the desensitized power data packet;

further, the verifying the access right according to the terminal identity in the desensitized power data packet includes:

(1) Resolving and restoring a hardware unique identifier of the terminal from the reversible resolving factor embedded in the desensitization power data packet;

(2) Inquiring a preset authority mapping table, wherein the authority mapping table stores data access authority levels corresponding to different terminal identifiers;

(3) Judging whether the authority of the entity which currently requests to access the data packet is matched with the data access authority level, if so, checking to pass, and if not, ending the flow and recording a security event.

It should be noted that once the encryption parameters of the traditional intelligent marketing terminal are determined, the encryption parameters are unchanged for a long time, an attacker can crack through analyzing the loopholes of the fixed encryption parameters, meanwhile, the traditional authority verification is mostly based on role authorization, if an administrator can access all data, the problem of excessive authority distribution exists, and even if the administrator does not need to access the data of a certain terminal, the administrator also has access authorities, so that the risk of data leakage is increased. On one hand, encryption parameters are not fixed, but are dynamically determined according to real-time electromagnetic characteristics through a correlation model constructed in the first step, for example, when a terminal is near a transformer substation and electromagnetic noise is strong, an elliptic curve of a 256-bit domain is selected by the model to generate high-strength encryption parameters, when the terminal is in a residential area and electromagnetic noise is weak, an elliptic curve of a 192-bit domain is selected to generate adaptive encryption parameters, an attacker cannot crack through the fixed parameters, encryption safety is improved, on the other hand, authority verification is not based on roles, but based on terminal identity identification in a desensitization power data packet, only the terminal identity requiring access is matched with the identity in the data packet, and only the accurate authorization that the terminal can only access data acquired by the terminal can be realized through verification, so that the problem of excessive authority allocation of traditional role authorization is avoided.

And S6, acquiring a data acquisition time stamp corresponding to the desensitized power data packet subjected to access authority verification, converting the data acquisition time stamp into a binary coding sequence, embedding the binary coding sequence into the least significant bit of the data abstract, generating an encrypted data packet with a time sequence tracing watermark, and uploading the encrypted data packet to a blockchain for verification.

Further, the embedding process ensures that the overall length and encryption strength of the data digest are not changed.

The original private data is restored by a reversible parsing algorithm if and only if the terminal device identification requesting access matches the hashed fragment in the desensitized power data packet.

Further, generating an encrypted data packet with a time sequence traceability watermark comprises:

(1) Re-associating and packaging the data digest embedded with the timestamp watermark with the original desensitized power data packet;

(2) And generating a final encrypted data packet with the time sequence traceability watermark which can be used for uploading, wherein the data abstract is used as an integrity check and identity verification evidence, and the least significant bit of the data abstract conceals the data generation time information.

Further, before uploading to the blockchain, the method further comprises the step of performing integrity verification on the encrypted data packet:

(1) Separating a data abstract from the encrypted data packet with the time sequence tracing watermark;

(2) Extracting a binary coding sequence embedded in the least significant bit of the data abstract and restoring the binary coding sequence into a time stamp;

(3) Recalculating the data digest for the desensitized power data packet portion using the same encryption parameters and algorithms;

(4) The newly calculated data digest is compared with the original data digest, which is separated from the desensitized power data packet and has the watermark embedded, and if the data digests are consistent within the allowable error range, the verification is passed.

Further, before uploading to a blockchain, the method further comprises the step of carrying out lightweight encryption packaging on the encrypted data packet with the time sequence traceability watermark, wherein a packaging key is dynamically derived from the deviation coefficient and the reversible resolution factor.

Furthermore, the blockchain is a power data security certification platform based on a alliance chain architecture, only the authorized node can access the data on the chain, and the integrity and the generation time of the data packet can be verified and traced by utilizing the data abstract and the embedded time sequence watermark.

It is to be noted that in the method, a dual tracing and certification mechanism of a time sequence watermark-blockchain is established, namely, firstly, the time sequence watermark is not simply added with a time stamp, but is converted into a binary coding sequence, the least significant bit of a data abstract is embedded, the data abstract corresponds to a desensitized power data packet one by one, if the data is tampered, the data abstract is changed, the watermark is damaged, whether the data is tampered or not can be judged directly by verifying the integrity of the watermark, secondly, the encrypted data packet with the watermark is uploaded to the blockchain, the data tamper-proof certification is realized by utilizing a distributed accounting and consensus mechanism of the blockchain, any node tries to modify the data packet, all the nodes need to be tampered, the difficulty is extremely high, the whole flow guarantee of traceability of the data acquisition time, verifiable data integrity and tamper-proof data storage is realized, and the whole life cycle safety of the power data from acquisition to certification is ensured.

The terminal collects electromagnetic noise spectrum data through a built-in environment electromagnetic sensing module, extracts electromagnetic characteristic factors, and comprises:

A1, monitoring and collecting original electromagnetic signals in a preset frequency band in real time when a terminal executes elliptic curve cryptography operation through the environment electromagnetic sensing module;

It should be understood that, before the elliptic curve cryptography operation is about to be executed, the main processor or the dedicated security coprocessor in the terminal device will send an accurate synchronization trigger signal to the environmental electromagnetic sensing module, where the synchronization trigger signal marks that a cryptography operation is about to start, and requires the environmental electromagnetic sensing module to enter the highest preparation state.

Further, the core of the environmental electromagnetic sensing module is a highly miniaturized and highly sensitive electromagnetic sensing probe. The probe is usually composed of a specially designed loop antenna or magnetic field effect transistor, and its physical characteristics are precisely calibrated to respond to very weak electromagnetic field changes in a specific spatial range.

Further, the specific steps of A1 include:

(1) The primary task of the analog front-end circuit is to primarily amplify the original analog electromagnetic signal captured by the probe, simultaneously suppress inherent thermal noise and shot noise of the circuit as far as possible and ensure the fidelity of the signal;

(2) The primary amplified original analog electromagnetic signal is sent into an anti-aliasing filter, wherein the anti-aliasing filter is a sharp cut-off low-pass filter, the cut-off frequency of the anti-aliasing filter is strictly set according to the requirement of a sampling theorem, and the core is to thoroughly filter out all frequency components which are higher than half of the preset sampling frequency in the original analog electromagnetic signal, wherein the working principle of the low-pass filter is the prior art content in the field and is not an inventive scheme of the application and is not repeated herein;

Further, in the invention, the original analog electromagnetic signals amplified preliminarily are sent to the anti-aliasing filter, so that distortion of high-frequency components in the subsequent sampling process can be prevented, the high-frequency components are mapped to a low-frequency band in an error manner, and the confusion and the distortion of signal spectrums are caused, thereby ensuring the authenticity and the effectiveness of acquired data.

(3) After passing through the anti-aliasing filter, the analog signal enters an analog-to-digital conversion link, and the analog-to-digital converter works at a preset fixed sampling frequency to obtain an original digital signal sequence, wherein the fixed sampling frequency is at least more than twice of the highest frequency of a preset monitoring frequency band so as to meet the Nyquist sampling law;

Further, the analog-to-digital converter operates by measuring the analog voltage signal in continuous, instantaneous fashion at each equally spaced point in time and converting it to a long series of discrete digital quantized values, the accuracy of which is determined by the resolution of the analog-to-digital converter.

(4) The method comprises the steps of sending an original digital signal sequence into a digital down-conversion processing unit, wherein the digital down-conversion processing unit consists of a digital control oscillator and a digital filter;

The digital down-conversion processing unit comprises the working steps of firstly, generating a sine wave and cosine wave digital reference signal with the same central frequency as a preset frequency band by a digital control oscillator, then, multiplying the original digital signal sequence with the two reference signals respectively, translating the whole frequency spectrum in a frequency domain, and moving the central frequency of the preset frequency band to be near zero frequency, and finally, only preserving a low-frequency component which is near zero frequency after translation by a high-performance low-pass digital filter, wherein the low-frequency component corresponds to the preset frequency band in the original digital signal, and the output of the filter is called as a baseband signal.

(5) And outputting a plurality of original electromagnetic signal digital samples subjected to preprocessing and frequency band screening.

A2, preprocessing the original electromagnetic signals to obtain digitized electromagnetic noise spectrum data;

Further, the preprocessing includes signal amplification, filtering and analog-to-digital conversion.

A3, performing fast Fourier transform on the digitized electromagnetic noise spectrum data, and converting the digitized electromagnetic noise spectrum data from a time domain to a frequency domain to obtain a noise spectrum, wherein the fast Fourier transform is the prior art content in the field and is not an inventive scheme of the application and is not repeated herein;

A4, extracting the electromagnetic characteristic factors from the noise spectrum, wherein the electromagnetic characteristic factors comprise noise amplitude values, spectrum distribution forms and dynamic change rates, the noise amplitude values are signal intensity values of preset frequency points or frequency bands in the noise spectrum, the spectrum distribution forms are determined through calculating skewness, kurtosis and energy entropy quantification of the spectrum, and the dynamic change rates are difference values of spectrum energy between adjacent sampling periods.

The construction of the correlation model of electromagnetic characteristic factors and elliptic curve cryptosystem complexity comprises the following steps:

B1, establishing a multidimensional feature vector, and taking the electromagnetic feature factor as a vector element;

B2, deploying elliptic curve cryptosystems with different complexity at the terminal, wherein the complexity is determined by the domain size, the base point order and the point multiplication algorithm of the elliptic curve;

further, before B2 is executed, the terminal needs to integrate a tightly tested and verified cryptographic parameter set in advance, where the cryptographic parameter set includes multiple sets of different elliptic curve domain names and all corresponding parameters, and the parameters must be from the international cryptographic standard.

Further, complexity is an overall evaluation index, and is determined by three core dimensions, wherein the first dimension is algorithm complexity and is directly determined by the size of a selected elliptic curve domain, the size bit number of the domain is a most visual measurement standard, the second dimension is calculation complexity which is reflected in executing a complete password operation such as digital signature generation or verification, the required actual calculation time and consumed processor resources are required to be obtained through actual measurement, the third dimension is error rate complexity which refers to the probability of calculation errors in the algorithm operation process under the interference of severe electromagnetic noise, and the three dimensions jointly form a three-dimensional model for evaluating the complexity of a set of password systems.

Further, the process of deploying elliptic curve cryptosystems with different complexity at the terminal comprises the following steps:

(1) Constructing a preset elliptic curve password parameter library;

(2) Defining and quantifying a complexity index of the cryptosystem;

(3) The method comprises the steps of establishing a test benchmark and performance acquisition environment, specifically, developing an automatic test framework, wherein the test framework loads each group of curve configuration in a preset elliptic curve password parameter library in sequence, simulates a real service scene for each group of curve configuration, generates test data samples, drives a password coprocessor to execute thousands of password operations, such as repeated data signature and verification, and in the process, closely monitors and records the accurate time consumed by each operation, the occupancy rate of a central processing unit, the frequency of memory access and other data by using a performance counter and a high-precision timer of a terminal by the test framework;

(4) For each group of curve configuration, the system performs aggregation analysis on all test operation results, calculates the average value and variance of all operation time of the curve configuration to measure the calculation efficiency and stability of the curve configuration, counts the verification error times of the curve configuration in all test operation, calculates the error occurrence rate, finally performs weighted synthesis on the quantized results of the three dimensions according to preset rules, and distributes a final and single complexity level label for each group of curve configuration, for example, a 256-bit curve shows high efficiency and low error rate under low noise and can be marked as standard complexity, and a 521-ten-thousand-bit curve is marked as high complexity due to huge calculation amount and possibly higher error rate;

(5) When the interface is called, the internal logic can quickly search and select all curve configuration sets matched with the level and consistent with the label in the parameter library according to the input recommended complexity level, if a plurality of matched configurations are provided, a curve and a matched algorithm thereof can be finally determined in a polling mode, once the configuration is selected, the interface can load all parameters of the configuration and initialize a corresponding cipher algorithm engine to enter a ready state so as to be ready for executing an actual data encryption or signature task.

B3, executing a plurality of elliptic curve cryptography operations under different environment electromagnetic noise, and recording operation time, power consumption and error rate as complexity response indexes, wherein the elliptic curve cryptography operations are also called elliptic curve cryptography systems, belong to the prior art content in the field, are not inventive schemes of the application, and are not repeated herein;

And B4, using a machine learning regression algorithm, taking the multidimensional feature vector as input, taking the complexity response index as output, and training to obtain a correlation model, wherein the correlation model predicts the optimal encryption complexity level in the current environment according to the electromagnetic feature factors extracted in real time, and the machine learning regression algorithm is the prior art content in the field and is not an inventive scheme of the application and is not repeated here.

The construction of the terminal twin mirror image, based on the long-short-period memory neural network, and in combination with the terminal operation state prediction communication instruction sequence of the terminal twin mirror image synchronization, the deviation coefficient of the communication instruction actually generated by the terminal and the predicted communication instruction sequence is calculated, and the method comprises the following steps:

s2.1, constructing a terminal twin mirror image corresponding to a physical terminal one by one at a local or edge security node, wherein the twin mirror image is synchronous with a running operation state through system call, a process list and network connection state information of a receiving terminal;

further, prior to constructing the terminal twin image, the physical terminal must first be uniquely identified and registered at the edge security node by generating a unique terminal asset fingerprint.

Further, constructing a terminal twin image corresponding to the physical terminals one by one at the local or edge security node, including:

(1) Starting an agent program on a physical terminal, collecting inherent information of multidimensional hardware and software which are difficult to tamper, wherein the inherent information comprises a hardware identifier, a software identifier and an environment configuration, the hardware identifier comprises a central processing unit serial number, a main board serial number, a network card media access control address and a hard disk serial number, the software identifier comprises an operating system installation identifier, a firmware version number and a preset security certificate identifier, and the environment configuration comprises an installed application program list, a version of the application program list and a hash value of a key configuration file;

(2) The agent program uses SHA-256 algorithm to normalize and calculate the collected hardware and software inherent information, and generates hash value, namely terminal asset fingerprint;

(3) Transmitting the terminal asset fingerprint, the basic model of the terminal and the belonging organization metadata to a designated local or edge security node for registration through a certificate-based bidirectional authentication channel, and storing the terminal asset fingerprint into a trusted terminal asset library by the local or edge security node, thereby completing the initial trust establishment of the terminal identity;

(4) After receiving the registration information, the edge security node initializes a corresponding twin mirror image for the physical terminal, including template selection, mirror image instantiation and identity identification injection;

Selecting a best matched basic template from a preset mirror image template library according to metadata reported by a physical terminal, wherein the basic template is a clean and minimized virtual machine or container mirror image and comprises an operating system and a basic software environment which are common to the terminal of the model;

Mirror image instantiation, namely creating a new virtual machine or container instance based on the selected basic template to obtain a mirror image instance;

injecting an identity mark, namely taking the terminal asset fingerprint generated in the first step as a unique identifier of the mirror image instance, writing the unique identifier into an internal configuration file of the terminal asset fingerprint to generate a newly created twin mirror image instance;

(5) Deploying the same agent program as the physical terminal into the newly created twin image instance;

(6) Configuring the agent to inform its corresponding network address of the physical terminal and the credentials required to establish a secure connection, such as using a key derived based on the terminal asset fingerprint;

(7) The agent on the physical terminal actively establishes a secure communication link with the agent in the twinning mirror image instance on the edge security node, generally adopts a transmission layer security protocol encryption, and performs two-way authentication based on the certificate registered in the first step;

(8) After the connection is established, the physical terminal agent sends the complete state snapshot of the current system to the mirror image agent. This includes:

a process list, namely, current process information in all running processes;

system service state, which is to start and run all services;

network connection status, namely all active network connections;

user session information, namely a currently logged-in user;

key system configuration, namely the latest system configuration and strategy;

(9) The mirror image agent receives the complete state of the current system, and completely resets the internal state of the mirror image according to the complete state, so that the internal state of the mirror image is consistent with the physical terminal, and the synchronous terminal twin mirror image is obtained.

S2.2, training a historical communication instruction sequence of the terminal in a preset service scene by using a long-short-period memory neural network to generate a prediction model, wherein the long-short-period memory neural network is the prior art content in the field and is not an inventive scheme of the application and is not repeated herein;

S2.3, when communication occurs, executing the prediction model by the terminal twin mirror image, and outputting a predicted communication instruction sequence;

Further, the method for predicting the communication instruction sequence based on the long-term and short-term memory neural network specifically comprises the following steps:

(1) Collecting a historical communication instruction sequence obtained by synchronization of the twin mirror images of the terminal to form a training data set;

(2) Taking the first A instructions in the historical communication instruction sequence as input and the subsequent B instructions as output, and performing supervised learning training on the long-short-period memory neural network, wherein the long-short-period memory neural network is the prior art content in the field and is not an inventive scheme of the application, and details are not repeated here;

(3) And predicting the most probable generated communication instruction sequence in the next period by using the trained long-period and short-period memory neural network and taking the communication instructions of the current and the historical periods of the terminal as input.

S2.4, comparing the similarity between the communication instruction actually generated by the terminal and the predicted communication instruction sequence to obtain a deviation coefficient.

Further, the method includes the steps of obtaining a communication instruction actually generated by a terminal, building a transparent data monitoring and analyzing pipeline in the terminal, arranging an acquisition agent at the bottom layer of an operating system of the terminal, and understanding that a high-definition camera is arranged at all network outlets, each time any software on the terminal wants to send data through a network, the acquisition agent can instantly capture a copy of original data and record which program is, at what time and send the data, then analyzing the original data according to a communication protocol such as an MQTT commonly used in the electric industry, solving the actual intention in the original data, for example, identifying whether the instruction is an instruction for reporting voltage readings or an instruction responding to equipment inquiry, and after analysis, arranging the analyzed instructions in a queue according to the time sequence to form a complete and ordered actual instruction sequence.

Further, the specific step of S2.4 includes:

(1) Carrying out alignment comparison on a communication instruction sequence actually generated by a terminal and the predicted communication instruction sequence;

(2) Calculating the difference degree between the two sequences by adopting a cosine similarity algorithm, wherein the cosine similarity algorithm is the prior art content in the field and is not an inventive scheme of the application and is not described in detail herein;

(3) And mapping the difference degree to the [0,1] interval to obtain a deviation coefficient, wherein the closer the deviation coefficient is to 1, the greater the deviation is, and the higher the possibility of terminal behavior abnormality is.

The method for extracting the hash segment of the unique identifier of the terminal equipment as the reversible analysis factor, and adopting a preset embedding algorithm to integrate the reversible analysis factor into the desensitized power data comprises the following steps:

S4.1, acquiring a hardware unique identifier of a terminal;

S4.2, calculating the unique hardware identifier by using an SM3 hash algorithm to obtain a hash abstract, wherein the SM3 hash algorithm is the prior art content in the field and is not an inventive scheme of the application and is not repeated here;

s4.3, intercepting the first N bits of the hash abstract to generate a hash fragment, and taking the hash fragment as a reversible analysis factor;

S4.4, converting the reversible resolution factor into a binary stream;

S4.5, selecting reserved bits or extension bits of a specific field in the desensitized power data packet as an embedded area;

and S4.6, embedding the binary stream into the embedded area by using a least significant bit replacement algorithm to generate the desensitized power data packet containing the terminal identity, wherein the least significant bit replacement algorithm is the prior art content in the field and is not an inventive scheme of the application and is not repeated here.

The method for determining encryption parameters according to the association model, generating a data summary for the desensitized power data packet by using the encryption parameters comprises the following steps:

S5.1, inputting electromagnetic characteristic factors extracted in real time into the correlation model;

s5.2, obtaining encryption parameters of an elliptic curve cryptosystem which are output by the association model and matched with the complexity of the current electromagnetic environment, wherein the encryption parameters comprise elliptic curve types, domain parameters and key lengths;

And S5.3, performing digital signature operation on the desensitized power data packet containing the terminal identity by using an elliptic curve digital signature algorithm determined by the encryption parameters, and generating a digital signature value as the data digest.

Further, the specific step of S5.3 includes:

(1) Obtaining encryption parameters and initializing a password environment;

(2) Searching a static private key of the terminal, decrypting the private key of the terminal from a safe nonvolatile memory after passing identity verification, and loading the private key into a safe memory area of a password operation module, wherein the private key is a very large secret integer which is randomly generated within a range determined by the order of an elliptic curve base point defined by encryption parameters and is matched with a public key;

(3) Acquiring a desensitized power data packet containing a terminal identity, and calculating a hash value of the desensitized power data packet by using an SM3 hash algorithm to obtain a message abstract;

(4) Generating a random number with high cryptographic strength, and then performing elliptic curve point multiplication operation, wherein the operation comprises the steps of multiplying a public base point on an elliptic curve with the random number, obtaining the coordinate of another point on the elliptic curve as the point multiplication result, taking the abscissa value of the result point, and performing modular operation taking the order of the elliptic curve base point as a module on the result point to finally obtain a numerical value, namely a promised value;

(5) Multiplying the terminal private key with the generated promise value to obtain a first intermediate product, multiplying the random number with the message abstract to obtain a second intermediate product, adding the message abstract with the first intermediate product to obtain a first sum value, subtracting the first sum value from the value of the second intermediate product to obtain a final result, and calculating the modulo inversion operation taking the elliptic curve base point order as a modulus to obtain a proving value;

(6) The promise value and the proof value are combined into a complete digital signature value, namely the data abstract after being connected in sequence.

The method for acquiring the data acquisition time stamp corresponding to the desensitized power data packet subjected to access authority verification and converting the data acquisition time stamp into a binary coding sequence, and embedding the binary coding sequence into the least significant bit of the data abstract comprises the following steps:

c1, extracting a data acquisition time stamp from metadata of the desensitized power data packet;

C2, converting the data acquisition time stamp of the UTC time format into a continuous binary sequence, namely a binary coding sequence;

c3, acquiring a binary representation of the data abstract;

And C4, replacing original data on the least significant bit in the binary representation of the data abstract by the binary coding sequence according to the bit to generate the data abstract containing the watermark.

When uploading to the blockchain for evidence storage, the method comprises the following steps:

D1, packaging an encrypted data packet with a time sequence traceability watermark and the deviation coefficient together into a transaction;

d2, invoking a blockchain intelligent contract and submitting the transaction to a blockchain network;

And D3, after the block chain link points are commonly identified, adding a new block containing the transaction to the chain to finish the certification.

Further, the blockchain intelligence is configured to perform, at about the time of being invoked:

(1) Reading a terminal identity mark and a time sequence tracing watermark in the certificate storage data;

(2) Verifying whether the terminal identity is a legal member in the alliance chain;

(3) Cross-verifying the time stamp and the block-out time on the block chain to ensure the authenticity of the data acquisition time;

(4) And comparing the deviation coefficient with a preset threshold value, automatically generating a terminal behavior abnormality warning event if the deviation coefficient exceeds the threshold value, and recording the terminal behavior abnormality warning event on the blockchain.

Example 2:

Referring to fig. 3, in another embodiment of the present invention, an intelligent marketing terminal power data communication security protection system includes:

The system comprises an electromagnetic feature sensing module, a state monitoring module, an identification embedding module, a right management module and a blockchain certification storage module;

The electromagnetic feature sensing module is used for establishing association with the encryption system by sensing the electromagnetic features of the terminal environment;

the state monitoring module is used for synchronizing the running operation state of the terminal through the twin mirror image of the terminal and predicting a communication instruction sequence, monitoring whether the running of the terminal is abnormal or not, and guaranteeing the safety of a data acquisition source;

The identity identification embedding module is used for carrying out privacy protection processing on the power data and embedding terminal identity information at the same time, so as to provide basis for authority management;

the authority management module is used for carrying out encryption processing on the desensitized power data, carrying out access authority verification based on the terminal identity and ensuring data transmission and access safety;

And the blockchain certification module is used for adding a time sequence traceability watermark to the encrypted data and uploading the blockchain to realize traceability and non-tamperable certification of the full life cycle of the data.

The electromagnetic feature perception module comprises an electromagnetic noise acquisition unit, a feature extraction unit and an encryption association modeling unit;

The electromagnetic noise acquisition unit is used for acquiring electromagnetic noise spectrum data in the running environment of the terminal in real time by depending on an environment electromagnetic sensing module built in the terminal;

The characteristic extraction unit is used for extracting electromagnetic characteristic factors comprising noise amplitude, spectrum distribution form and dynamic change rate from the acquired electromagnetic noise spectrum data;

And the encryption association modeling unit is used for constructing an association model of electromagnetic characteristic factors and the complexity of the elliptic curve cryptosystem and realizing the function of dynamically determining encryption parameters according to real-time electromagnetic characteristics.

The state monitoring module comprises a twin mirror image construction unit, a communication instruction prediction unit and an abnormality judgment unit;

the twin image construction unit synchronizes the running operation states of the terminal in real time through the constructed terminal twin image, wherein the running operation states comprise hardware loads, software processes and communication behaviors;

the communication instruction prediction unit is used for predicting a communication instruction sequence to be generated by the terminal based on the long-term memory neural network and combining the terminal state data of twin mirror synchronization;

The abnormality judgment unit is used for calculating a deviation coefficient of a communication instruction actually generated by the terminal and a predicted communication instruction sequence, and judging that the terminal is abnormal and triggering early warning when the deviation coefficient exceeds a preset threshold value.

The identification embedding module comprises a classification screening unit, a privacy data desensitization unit, a factor generation unit and an identification embedding unit;

The classifying and screening unit is used for classifying the original power data acquired by the terminal and screening out user privacy data including power consumption details and personal identity associated data;

the privacy data desensitization unit is used for carrying out desensitization processing, such as anonymization and data deformation, on the screened privacy data to generate desensitized power data, so that privacy disclosure is avoided;

The factor generation unit is used for extracting a hash fragment of the unique identifier of the terminal equipment as a reversible analysis factor, wherein the unique identifier of the terminal equipment comprises a hardware serial number and an equipment code;

the identity identification embedding unit is used for integrating the reversible analysis factor into the desensitized power data by adopting a preset embedding algorithm to generate a desensitized power data packet containing the terminal identity identification.

The rights management module comprises an encryption parameter determining unit, a data abstract generating unit and a rights verification unit;

The encryption parameter determining unit is used for determining encryption parameters of the elliptic curve cryptosystem by calling an association model generated by the electromagnetic feature perception and encryption parameter association module and combining the current electromagnetic feature factors;

A data digest generation unit that generates a unique corresponding data digest by performing an encryption operation on the desensitized power data packet using the determined encryption parameter;

and the permission verification unit is used for verifying whether the permission of the access subject is matched according to the terminal identity identifier embedded in the desensitized power data packet.

The block chain memory verification module comprises a time stamp coding unit, a traceability watermark embedding unit and a block chain memory verification unit;

The time stamp coding unit is used for acquiring a data acquisition time stamp corresponding to the desensitized power data packet subjected to authority verification and converting the data acquisition time stamp into a binary coding sequence;

The tracing watermark embedding unit is used for embedding the binary coding sequence into the least significant bit of the data abstract to generate an encrypted data packet with a time sequence tracing watermark;

and the blockchain storage and certification unit is used for uploading the encrypted data packet with the time sequence traceability watermark to the blockchain, and realizing the safe storage and the full-flow traceability of the data by utilizing the distributed accounting and non-tamperable characteristics of the blockchain.

The embodiments of the present invention have been described above with reference to the accompanying drawings, but the present invention is not limited to the above-described embodiments, which are merely illustrative and not restrictive, and variations, modifications, substitutions and alterations can be made to the above-described embodiments by those having ordinary skill in the art without departing from the spirit and scope of the present invention, and these are all within the protection of the present invention.

If the technical scheme of the disclosure relates to personal information, the product applying the technical scheme of the disclosure clearly informs the personal information processing rule before processing the personal information, and obtains personal autonomous consent. If the technical scheme of the disclosure relates to sensitive personal information, the product applying the technical scheme of the disclosure obtains individual consent before processing the sensitive personal information, and simultaneously meets the requirement of 'explicit consent'. For example, a clear and obvious mark is set at a personal information acquisition device such as a camera to inform that the personal information acquisition range is entered, personal information is acquired, if the personal voluntarily enters the acquisition range, the personal information is considered as consent to acquire the personal information, or if a clear mark/information is used on a personal information processing device to inform that the personal information processing rule is used, personal authorization is obtained through popup information or a mode of requesting the personal information to upload the personal information by the personal, wherein the personal information processing rule can comprise information such as a personal information processor, a personal information processing purpose, a processing mode, a processed personal information type and the like.

Claims

1. The intelligent marketing terminal power data communication safety protection method is characterized by comprising the following steps:

Acquiring a data acquisition time stamp corresponding to the desensitized power data packet subjected to access authority verification, converting the data acquisition time stamp into a binary code sequence, embedding the binary code sequence into the least significant bit of a data abstract, generating an encrypted data packet with a time sequence tracing watermark, and uploading the encrypted data packet to a blockchain for verification;

The electromagnetic characteristic factors are extracted from the noise spectrum, the electromagnetic characteristic factors comprise noise amplitude values, spectrum distribution forms and dynamic change rates, the noise amplitude values are signal intensity values of preset frequency points or frequency bands in the noise spectrum, the spectrum distribution forms are determined through calculating skewness, kurtosis and energy entropy quantization of the spectrum, and the dynamic change rates are difference values of spectrum energy between adjacent sampling periods;

2. The intelligent marketing terminal power data communication security protection method of claim 1, wherein the original privacy data is restored by a reversible parsing algorithm if and only if the terminal device identification requesting access matches the hashed fragment in the desensitized power data packet.

3. The intelligent marketing terminal power data communication safety protection method according to claim 2, wherein the constructing a terminal twin image, based on a long-short-term memory neural network, predicting a communication instruction sequence in combination with a terminal running operation state synchronized by the terminal twin image, calculating a deviation coefficient of a communication instruction actually generated by the terminal and the predicted communication instruction sequence, comprises:

4. The intelligent marketing terminal power data communication safety protection method of claim 3, wherein the extracting the hash segment of the unique identifier of the terminal device as the reversible resolution factor, and integrating the reversible resolution factor into the desensitized power data by adopting a preset embedding algorithm comprises:

Acquiring a hardware unique identifier of a terminal;

Converting the reversible resolution factor into a binary stream;

5. The intelligent marketing terminal power data communication security method of claim 4, wherein the determining encryption parameters based on the correlation model, generating a data digest for the desensitized power data packet using the encryption parameters comprises:

6. The method for protecting the power data communication security of the intelligent marketing terminal according to claim 5, wherein the steps of obtaining the data acquisition time stamp corresponding to the desensitized power data packet after the access authority verification, converting the data acquisition time stamp into a binary code sequence, and embedding the binary code sequence into the least significant bit of the data abstract comprise the steps of:

acquiring a binary representation of the data summary;

7. The intelligent marketing terminal power data communication security protection method of claim 6, wherein the uploading to a blockchain for certification comprises:

8. The intelligent marketing terminal power data communication safety protection system is used for realizing the intelligent marketing terminal power data communication safety protection method according to any one of claims 1-7, and is characterized by comprising an electromagnetic feature sensing module, a state monitoring module, an identification embedding module, a permission management module and a blockchain certification module;