CN119011289B - Data access control method and system based on multi-user smart meter - Google Patents
Data access control method and system based on multi-user smart meter Download PDFInfo
- Publication number
- CN119011289B CN119011289B CN202411464401.2A CN202411464401A CN119011289B CN 119011289 B CN119011289 B CN 119011289B CN 202411464401 A CN202411464401 A CN 202411464401A CN 119011289 B CN119011289 B CN 119011289B
- Authority
- CN
- China
- Prior art keywords
- data
- access
- network address
- access request
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000004891 communication Methods 0.000 claims abstract description 26
- 238000012795 verification Methods 0.000 claims abstract description 17
- 230000006870 function Effects 0.000 claims description 34
- 230000003993 interaction Effects 0.000 claims description 16
- 238000013524 data verification Methods 0.000 claims description 10
- 238000007405 data analysis Methods 0.000 claims description 3
- 238000013461 design Methods 0.000 description 6
- 238000007726 management method Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000005612 types of electricity Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J13/00—Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
- H02J13/00032—Systems characterised by the controlled or operated power network elements or equipment, the power network elements or equipment not otherwise provided for
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a data access control method and a system based on a multi-user intelligent ammeter, which relate to the technical field of data access control of the intelligent ammeter, and the invention firstly checks whether the data format of access request data meets the standard data format, adopts communication with a central server to exchange access terminal network address data, judges whether the access terminal network address data belongs to the mode of a network address in a safe address database at the central server terminal to judge, and a request control module needs to check whether complete access target number data is self number data or not, thereby preventing the situation that feedback data and request data are not in accordance with error number, and finally judges that the verification of key data based on access time is carried out; if all the three steps of verification are passed, the access request terminal is considered legal, the data access safety of the intelligent ammeter is greatly improved, the safety of the power system is ensured, and the data access accuracy of the access request terminal is ensured.
Description
Technical Field
The invention relates to the technical field of data access control of intelligent electric meters, in particular to a data access control method and system based on a multi-user intelligent electric meter.
Background
The data access control of the multi-user intelligent ammeter is of great importance to a modern power system, and the significance of the multi-user intelligent ammeter is mainly represented in the following aspects:
the intelligent power system and the intelligent power system have the advantages of ensuring that user power utilization data are not acquired by an unauthorized third party, protecting user privacy, preventing malicious attackers from invading a power grid through an ammeter system, guaranteeing stable operation of the power system, enhancing trust of users to the intelligent power grid system through effective control of data access, ensuring that the data are not tampered in the transmission process, guaranteeing authenticity and accuracy of the data, and providing more personalized power service for the users through access control of the user data.
The following are some of the data access control techniques commonly used in multi-user smart meters:
The data is protected by symmetric encryption (such as AES) or asymmetric encryption (such as RSA), the identity of the user is verified by the techniques of user name/password, digital certificate, biological identification and the like, the rights are allocated according to the role of the user, and the access rights such as SSL/TLS are determined according to the attributes of the user, the resource and the environment and are used for establishing a safe communication channel.
While the prior art provides various solutions for data access control of multi-user smart meters, they suffer from a number of drawbacks:
user identity information may be stolen or compromised, especially in cases of weak passwords or poor certificate management.
Role-based access control (RBAC) may not meet complex rights requirements and rights boundaries between roles may not be clear.
The data access control of the multi-user intelligent ammeter is crucial to guaranteeing the safety, user privacy and system reliability of the power system. While the prior art provides a number of solutions, they still suffer from certain drawbacks in terms of implementation, management and maintenance. With the development of technology, there is a continuous need to optimize and improve these technologies to better adapt to the requirements of smart grids.
Therefore, designing a data access control method and system based on a multi-user intelligent electric meter, and performing safety protection on data of the intelligent electric meter is a technical problem to be solved.
Disclosure of Invention
In order to solve the technical problem of data access control of the multi-user intelligent ammeter, the invention provides a data access control method and a data access control system based on the multi-user intelligent ammeter. The following technical scheme is adopted:
The data access control method based on the multi-user intelligent ammeter comprises the following steps:
Step 1, numbering a plurality of intelligent electric meters installed by a plurality of users respectively;
step 2, when the intelligent ammeter receives a remote data access request sent by an access request end, the access request control module analyzes a remote data access request data packet to obtain access request data;
Step 3, the access request control module checks whether the data format of the access request data meets the standard data format, wherein the standard data format comprises complete access terminal network address data, complete access target number data, key data based on access time and request interaction data;
Step 4, if the access request control module judges that the access request data in the step 3 meets the standard format, the access request data is communicated with the central server to exchange the network address data of the access terminal, the central server judges whether the network address data of the access terminal belongs to the network address in the security address database, and if so, a success signal of checking the network address of the access terminal is fed back to the access request control module;
step 5, if the access request control module receives a feedback access terminal network address verification success signal, continuing to carry out access target number data verification, judging whether the access target number data is a self number, if so, carrying out key data verification, and if not, forwarding the access request data to the intelligent ammeter with the corresponding number based on the ad hoc network, and continuing to carry out key data verification by the intelligent ammeter with the corresponding number;
and step 6, if the key data is successfully checked, judging that the access request is qualified, calling the corresponding request interaction data stored in the intelligent ammeter memory, and sending the corresponding request interaction data to the network address data of the access terminal.
By adopting the technical scheme, the access request terminal can be a mobile terminal APP or a computer for transacting business, and when the intelligent ammeter with the corresponding number of the designated network address receives the remote data access request sent by the access request terminal, the self-contained access request control module firstly analyzes the remote data access request data packet to obtain access request data;
for an access request, it is necessary to determine whether the access is secure through the following logic:
Firstly, checking whether the data format of access request data meets the standard data format or not, wherein the standard data format comprises complete access terminal network address data, complete access target number data, key data based on access time and request interaction data, and if the access data cannot completely comprise the standard data format, the access request terminal is considered to be illegal;
In case the data format of the access request data meets the standard data format, a second step of checking if the access address is secure is required, which check is not local, because the local information update is limited, the interactive access terminal network address data is used for communication with the central server,
Judging whether the network address data of the access terminal belongs to the network address mode in the safe address database or not at the central server terminal, wherein the judgment is realized based on the continuously updated safe address database, and if so, a successful signal of the network address verification of the access terminal is fed back to the access request control module;
if the central server feeds back a network address verification success signal of the access terminal, the access request control module 1 needs to verify whether the complete access target number data is self number data or not, so as to prevent the situation that the feedback data and the request data are not in conformity due to error number, if the data are not self number data, the remote data access request data packet according to the logic access request terminal can be successfully transmitted, the corresponding number is an intelligent ammeter in the ad hoc network, at the moment, the access request data can be forwarded to the intelligent ammeter with the corresponding number based on the ad hoc network, and the intelligent ammeter with the corresponding number continues to carry out key data verification;
the last step of judgment is verification of the key data based on the access time, verification time synchronization of the key data based on the access time is critical, and time deviation of the participating devices needs to be ensured to be within an acceptable range. The base key K _ base must be securely stored and transferred without revealing. The accuracy of the time stamp (e.g., on the order of seconds or milliseconds) will affect the update frequency of the key. The key length should be determined according to the requirements of the encryption algorithm and security requirements. The risk of key leakage should be taken into account and a mechanism should be provided to replace the base key. Through the design, a dynamic key data system based on access time can be realized, and the security of data access is improved.
Through the three steps of verification, if all the data passes, the access request end is considered legal, and the access request control module can call the data in the intelligent ammeter memory based on the request interaction data and send the data to the access request end, for example, the intelligent ammeter operation data of a time point or a time interval designated by the request interaction data.
The security of smart electric meter data access is promoted by a wide margin, the security of electric power system is ensured, and the accuracy of access request end access data is ensured.
Optionally, in step 1, a plurality of smart meters are numbered based on an ad hoc network, and in the same ad hoc network, the number format of the smart meters is ABC, wherein A is an area code, B is a device type code, and C is a serial number;
In step 5, if the access request control module compares the C value in the number ABC with the C value of the own number, the access request control module determines that the access request control module is the own number if the C value is the same as the C value of the own number.
By adopting the technical scheme, in the ad hoc network of a plurality of intelligent electric meters, the intelligent electric meters need to have a unique identifier so as to be convenient for mutual identification and communication. The design of the numbering format needs to take the scale of the network, the expandability of the electric meter, and the convenience of management and maintenance into consideration.
The area code A is generally two-digit letters or numbers and is used for identifying the geographical area or the management area where the ammeter is located;
The device type code B is typically a four-digit letter or number for identifying the type or function type of the electric meter, for example, ELEC stands for smart electric meter.
The serial number C is typically a four digit number, as the case may be, for identifying different individuals of the same type of electricity meter in the same area, incremented from 0001.
Optionally, in step 3, the key data generating method based on access time includes that an access request control module and an access request terminal perform time synchronization based on NTP, and convert a current time stamp into a character string or a numerical value with a fixed length;
The base key k_base is combined with the timestamp t_now, a hash function is applied to generate a hash value, and the substring of the required length is extracted from the hash value as the dynamic key.
Optionally, the key data generation formula based on the access time is:
Setting a basic key as K_base, a current timestamp as T_now, a key generation function as F_ keygen, and a dynamic key based on access time as K_dynamic;
;
;
;
wherein SHA-256 is a widely used cryptographic hash function; Is the number of combinations of the base key and the time stamp, Is to apply SHA-256 hash function; is a function of extracting the substring, Is the start position of the character string index,Is the string length.
Alternatively, the key data based on the access time is generated every one minute.
By adopting the above technical scheme, assuming that the base key k_base is secretkey and the current timestamp t_now is 2024-08-21t14:00:00z, combining the base key and the timestamp k_combined= "secretkey1232024-08-21t14:00:00z" applies the SHA-256 Hash function, hash_combined=sha-256 ("secretkey 1232024-08-21t14:00:00 z") assuming the first 32 characters of the Hash value as the dynamic key k_dynamic= Substring (hash_combined, 0, 32), and a new dynamic key is generated according to the new timestamp every time interval, such as one minute. Time synchronization is critical and it is necessary to ensure that the time offset of the participating devices is within acceptable limits.
The base key K _ base must be securely stored and transferred without revealing. The accuracy of the time stamp (e.g., on the order of seconds or milliseconds) will affect the update frequency of the key. The key length should be determined according to the requirements of the encryption algorithm and security requirements. The risk of key leakage should be taken into account and a mechanism should be provided to replace the base key. Through the design, a dynamic key data system based on access time can be realized, and the security of data access of the intelligent ammeter is improved.
Optionally, in step 4, the method for determining whether the network address data of the access terminal belongs to the network address in the secure address database by the central server is:
The secure address database comprises a plurality of groups of trusted secure network address data and associated information data;
and comparing the network address data of the access terminal with the security network address data in the security address database by adopting a network address matching algorithm, and judging whether the access terminal belongs to the security address database according to a matching result.
Optionally, the secure network address data and associated information data are IP address ranges, subnet masks, and network prefixes.
Optionally, the access terminal network address is set as a_ip, the address entry in the secure network address database is set as db_ip, each entry includes a network address net_ip and a subnet Mask, the address matching function is f_match, and the formula for judging whether the access terminal network address belongs to the network address in the secure address database is:
;
Wherein the method comprises the steps of Is a boolean value, which indicates whether the access terminal network address data belongs to the security address data;
the address matching function f_match is defined by the following equation:
;
where AND represents a bitwise AND operation for combining an IP address with a subnet mask to determine a network address.
By adopting the technical scheme, the security network address database needs to be updated and maintained regularly so as to reflect the latest security policy. The collection of the network addresses of the access terminals should ensure accuracy. The address matching algorithm should be able to run efficiently to handle a large number of access requests. For IPv6 addresses, the matching algorithm needs to be adjusted accordingly. By the method, the central server can effectively judge whether the network address of the access terminal belongs to the network address in the security address database, thereby determining whether to allow the access.
The data access control system comprises a plurality of intelligent electric meters, an electric meter communication module and a central server, wherein the intelligent electric meters are respectively connected with the central server through the electric meter communication module in an ad hoc communication mode, an access request end is connected with the intelligent electric meters through the electric meter communication module in a communication mode, remote data access request data are interacted, the intelligent electric meters are provided with access request control modules based on data analysis chips, and the access request control modules are connected with the central server through the electric meter communication modules in a communication mode.
In summary, the invention has at least one of the following advantages that for the access request, firstly, whether the data format of the access request data meets the standard data format is checked, if the data format of the access request data meets the standard data format, the second step of the security check of the access address is needed, the network address data of the access terminal is interacted with the communication of the central server, the judgment is carried out by judging whether the network address data of the access terminal belongs to the network address mode in the security address database at the central server, the judgment is realized based on the continuously updated security address database, if the central server feeds back the success signal of the network address check of the access terminal, the request control module needs to check whether the complete access target number data is self number data, the situation that the feedback data does not meet the request data is prevented, if the judgment is not self number data, the access request data can be forwarded to the intelligent ammeter with the corresponding number based on the self-organizing network, and the verification of the key data is continued, and the last step of the verification of the key data based on the access time is carried out;
if all the three steps of verification are passed, the access request terminal is considered legal, and the access request control module calls the data in the intelligent ammeter memory based on the request interaction data and sends the data to the access request terminal, so that the safety of the intelligent ammeter data access is greatly improved, the safety of the electric power system is ensured, and the accuracy of the access data of the access request terminal is ensured.
Drawings
FIG. 1 is a flow chart of a data access control method based on a multi-user smart meter of the invention;
Fig. 2 is a schematic diagram of the component connection principle of the data access control system based on the multi-user smart meter.
The reference numerals indicate 1, an access request control module, 100, a smart meter, 101, a central server, 102, an access request end, 103 and a meter communication module.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
The embodiment of the invention discloses a data access control method and a data access control system based on a multi-user intelligent ammeter.
Referring to fig. 1 and 2, embodiment 1 is a data access control method based on a multi-user smart meter, including the steps of:
step 1, numbering a plurality of intelligent electric meters 100 installed by a plurality of users respectively;
Step 2, when the smart meter 100 receives a remote data access request sent by the access request terminal 102, the access request control module 1 analyzes the remote data access request data packet to obtain access request data;
Step 3, the access request control module 1 checks whether the data format of the access request data meets the standard data format, wherein the standard data format comprises complete access terminal network address data, complete access target number data, key data based on access time and request interaction data;
step 4, if the access request control module 1 judges that the access request data in step 3 meets the standard format, the access request data is communicated with the central server 101 to exchange the network address data of the access terminal, the central server 101 judges whether the network address data of the access terminal belongs to the network address in the security address database, and if so, a successful signal of checking the network address of the access terminal is fed back to the access request control module 1;
Step 5, if the access request control module 1 receives a feedback access terminal network address verification success signal, continuing to perform access target number data verification, judging whether the access target number data is a self number, if yes, performing key data verification, and if not, forwarding the access request data to the intelligent ammeter 100 with the corresponding number based on the ad hoc network, and continuing to perform key data verification on the intelligent ammeter 100 with the corresponding number;
And step 6, if the key data is successfully checked, judging that the access request is qualified, and calling the corresponding request interaction data stored in the memory of the intelligent ammeter 100 to send the corresponding request interaction data to the network address data of the access terminal.
The access request end 102 may be a mobile terminal APP or a computer handling a service, and when the smart meter 100 with a corresponding number of a designated network address receives a remote data access request sent by the access request end 102, its own access request control module 1 first analyzes a remote data access request packet to obtain access request data;
for an access request, it is necessary to determine whether the access is secure through the following logic:
firstly, checking whether the data format of access request data meets the standard data format, wherein the standard data format comprises complete access terminal network address data, complete access target number data, key data based on access time and request interaction data, and if the access data cannot completely comprise the standard data format, the access request terminal 102 is considered to be illegal;
In case the data format of the access request data satisfies the standard data format, a second step of checking whether the access address is secure is required, which is not local, because the local information update is limited, the interactive access side network address data is used for communication with the central server 101,
Judging whether the network address data of the access terminal belongs to the network address mode in the safe address database or not at the central server 101 end, wherein the judgment is realized based on the safe address database which is continuously updated, and if so, feeding back a success signal of the network address verification of the access terminal to the access request control module 1;
If the central server 101 feeds back a success signal of checking the network address of the access terminal, the access request control module 1 needs to check whether the complete access target number data is self number data or not, so as to prevent the situation that the feedback data and the request data are not in conformity due to error number, if the data are not self number data, the remote data access request data packet according to the logic access request terminal 102 can be successfully sent, the corresponding number is the intelligent ammeter 100 in the ad hoc network, at the moment, the access request data can be forwarded to the intelligent ammeter 100 of the corresponding number based on the ad hoc network, and the intelligent ammeter 100 of the corresponding number continues to check the key data;
the last step of judgment is verification of the key data based on the access time, verification time synchronization of the key data based on the access time is critical, and time deviation of the participating devices needs to be ensured to be within an acceptable range. The base key K _ base must be securely stored and transferred without revealing. The accuracy of the time stamp (e.g., on the order of seconds or milliseconds) will affect the update frequency of the key. The key length should be determined according to the requirements of the encryption algorithm and security requirements. The risk of key leakage should be taken into account and a mechanism should be provided to replace the base key. Through the design, a dynamic key data system based on access time can be realized, and the security of data access is improved.
Through the three steps of verification, if all the data passes, the access request end 102 is considered legal, and the access request control module 1 can call the data in the memory of the smart meter 100 based on the request interaction data to send the data to the access request end 102, for example, the smart meter 100 operation data of a time point or a time interval designated by the request interaction data.
The security of the smart meter 100 data access is greatly improved, the security of the power system is ensured, and the accuracy of the access request terminal 102 for accessing the data is ensured.
In the embodiment 2, in step 1, a plurality of smart meters 100 are numbered based on an ad hoc network, and in the same ad hoc network, the number format of the smart meters 100 is ABC, wherein a is an area code, B is a device type code, and C is a serial number;
In embodiment 3, in step 5, if the access request control module 1 compares the C value in the number ABC with the C value of the own number, it determines that the number is the own number.
In the ad hoc network of the plurality of smart meters 100, the plurality of smart meters 100 need to have a unique identifier in order to recognize and communicate with each other. The design of the numbering format needs to take the scale of the network, the expandability of the electric meter, and the convenience of management and maintenance into consideration.
The area code A is generally two-digit letters or numbers and is used for identifying the geographical area or the management area where the ammeter is located;
The device type code B is typically a four-digit letter or number for identifying the type or function type of the electric meter, for example, ELEC stands for smart electric meter.
The serial number C is typically a four digit number, as the case may be, for identifying different individuals of the same type of electricity meter in the same area, incremented from 0001.
In the embodiment 4, in step 3, the key data generation method based on access time is that the access request control module 1 and the access request terminal 102 perform time synchronization based on NTP, and convert the current timestamp into a fixed-length character string or a numerical value;
The base key k_base is combined with the timestamp t_now, a hash function is applied to generate a hash value, and the substring of the required length is extracted from the hash value as the dynamic key.
Embodiment 5, the key data generation formula based on access time is:
Setting a basic key as K_base, a current timestamp as T_now, a key generation function as F_ keygen, and a dynamic key based on access time as K_dynamic;
;
;
;
wherein SHA-256 is a widely used cryptographic hash function; Is the number of combinations of the base key and the time stamp, Is to apply SHA-256 hash function;
is a function of extracting the substring, Is the start position of the character string index,Is the string length.
This is the result of a function call, i.e., a substring extracted by Substring functions. K_dynamic generally represents a dynamically generated key or key value that may have particular use in a program, such as for encryption, authentication, etc.
This is a function name that indicates that the operation is to extract a substring from a longer string.
Hash_combined, which is the first parameter passed to Substring functions, represents a Hash value that has been calculated (typically a string that has been processed by a Hash function). This hash value may be generated by a hash function after combining a plurality of data.
Start, which is the second parameter passed to Substring function, defines the start position of the extracted substring. This position is the index position starting from the left side of the hash_combined string.
Length, which is the third parameter passed to the Substring function, defines the length of the substring to be extracted. From the start position, length characters are extracted. The meaning of the whole function call is that a substring with length of length is extracted from the hash_combined Hash value from the start index position, and assigned to K_dynamic. This operation is typically used to obtain a fixed length key that is based on a certain hash value, but contains only a portion of the hash value.
Embodiment 6, the key data based on the access time is generated every one minute.
Assuming that the base key k_base is secretkey123,123 and the current timestamp t_now is 2024-08-21T14:00:00z, combining the base key and the timestamp k_combined= "secretkey1232024-08-21T14:00:00z" applies the SHA-256 Hash function hash_combined=sha-256 ("secretkey 1232024-08-21T14:00:00 z") assuming the first 32 characters of the Hash value as the dynamic key k_dynamic= Substring (hash_combined, 0, 32) such that every one time interval, e.g., one minute, a new dynamic key is generated from the new timestamp. Time synchronization is critical and it is necessary to ensure that the time offset of the participating devices is within acceptable limits.
The base key K _ base must be securely stored and transferred without revealing. The accuracy of the time stamp (e.g., on the order of seconds or milliseconds) will affect the update frequency of the key. The key length should be determined according to the requirements of the encryption algorithm and security requirements. The risk of key leakage should be taken into account and a mechanism should be provided to replace the base key. Through the design, a dynamic key data system based on access time can be realized, and the security of data access of the intelligent ammeter is improved.
In embodiment 7, in step 4, the method for determining whether the access terminal network address data belongs to the network address in the secure address database by the central server 101 is:
The secure address database comprises a plurality of groups of trusted secure network address data and associated information data;
and comparing the network address data of the access terminal with the security network address data in the security address database by adopting a network address matching algorithm, and judging whether the access terminal belongs to the security address database according to a matching result.
Embodiment 8, the secure network address data and associated information data are IP address ranges, subnet masks, and network prefixes.
Setting the network address of the access terminal as A_ip, setting the address entry in the secure network address database as DB_ip, wherein each entry comprises a network address Net_ip and a subnet Mask, the address matching function is F_match, and judging whether the network address belongs to the network address in the secure address database or not by the formula:
;
Wherein the method comprises the steps of Is a boolean value, which indicates whether the access terminal network address data belongs to the security address data;
the address matching function f_match is defined by the following equation:
;
where AND represents a bitwise AND operation for combining an IP address with a subnet mask to determine a network address.
The secure network address database needs to be updated and maintained periodically to reflect the latest security policies. The collection of the network addresses of the access terminals should ensure accuracy. The address matching algorithm should be able to run efficiently to handle a large number of access requests. For IPv6 addresses, the matching algorithm needs to be adjusted accordingly. By the above method, the central server 101 can effectively determine whether the access terminal network address belongs to the network address in the secure address database, thereby determining whether to allow the access.
Embodiment 9, a data access control system based on a multi-user smart meter is used to implement a data access control method based on a multi-user smart meter, where the data access control system includes a plurality of smart meters 100, a meter communication module 103 and a central server 101, the plurality of smart meters 100 are respectively connected with the central server 101 through the meter communication module 103 and are connected with each other through an ad hoc network based on the meter communication module 103, an access request terminal 102 is connected with the plurality of smart meters 100 through the meter communication module 103 and interacts remote data access request, the smart meters 100 are provided with an access request control module 1 based on a data analysis chip, and the access request control module 1 is connected with the central server 101 through the meter communication module 103.
The above embodiments are not intended to limit the scope of the invention, so that the equivalent changes according to the structure, shape and principle of the invention are covered by the scope of the invention.
Claims (7)
1. The data access control method based on the multi-user intelligent ammeter is characterized by comprising the following steps of:
Step 1, numbering a plurality of intelligent electric meters (100) installed by a plurality of users respectively;
Step 2, when the intelligent ammeter (100) receives a remote data access request sent by the access request end (102), the access request control module (1) analyzes a remote data access request data packet to obtain access request data;
Step 3, the access request control module (1) checks whether the data format of the access request data meets the standard data format, wherein the standard data format comprises complete access terminal network address data, complete access target number data, key data based on access time and request interaction data;
The key data generation formula based on the access time is:
Setting a basic key as K_base, a current timestamp as T_now, a key generation function as F_ keygen, and a dynamic key based on access time as K_dynamic;
wherein SHA-256 is a widely used cryptographic hash function; Is the number of combinations of the base key and the time stamp, Is to apply SHA-256 hash function;
is a function of extracting the substring, Is the start position of the character string index,Is the string length;
Step 4, if the access request control module (1) judges that the access request data in the step 3 meets the standard format, the access request control module communicates with the central server (101) to exchange the network address data of the access terminal, the central server (101) judges whether the network address data of the access terminal belongs to the network address in the security address database, and if so, the access request control module (1) feeds back a success signal of checking the network address of the access terminal;
setting the network address of the access terminal as A_ip, setting the address entry in the secure network address database as DB_ip, wherein each entry comprises a network address Net_ip and a subnet Mask, the address matching function is F_match, and judging whether the network address belongs to the network address in the secure address database or not by the formula:
Wherein the method comprises the steps of Is a boolean value, which indicates whether the access terminal network address data belongs to the security address data;
the address matching function f_match is defined by the following equation:
wherein AND represents a bitwise AND operation for combining the IP address with the subnet mask to determine the network address;
Step 5, if the access request control module (1) receives a feedback access terminal network address verification success signal, continuing to perform access target number data verification, judging whether the access target number data is a self number, if yes, performing key data verification, and if not, forwarding the access request data to the intelligent ammeter (100) with the corresponding number based on the ad hoc network, and continuing to perform key data verification by the intelligent ammeter (100) with the corresponding number;
And step 6, if the key data is successfully checked, judging that the access request is qualified, and calling the corresponding request interaction data stored in the memory of the intelligent electric meter (100) to send the corresponding request interaction data to the network address data of the access terminal.
2. The method for controlling data access based on multi-user smart meter according to claim 1, wherein in step 1, a plurality of smart meters (100) are numbered based on an ad hoc network, and in the same ad hoc network, the number format of the smart meters (100) is ABC, wherein A is a region code, B is a device type code, and C is a serial number;
In step 5, if the access request control module (1) compares the C value in the number ABC with the C value of the own number, the access request control module judges that the access request control module is the own number if the C value is the same as the C value of the own number.
3. The method for controlling data access based on the multi-user smart meter according to claim 2, wherein in step 3, the method for generating key data based on access time is that the access request control module (1) and the access request terminal (102) perform time synchronization based on NTP, and convert the current time stamp into a character string or a numerical value with a fixed length;
The base key k_base is combined with the timestamp t_now, a hash function is applied to generate a hash value, and the substring of the required length is extracted from the hash value as the dynamic key.
4. The method for data access control based on a multi-user smart meter of claim 3, wherein the key data based on the access time is generated every one minute.
5. The method for controlling data access based on multi-user smart meter according to claim 3, wherein in step 4, the method for determining whether the access terminal network address data belongs to the network address in the secure address database by the central server (101) is:
The secure address database comprises a plurality of groups of trusted secure network address data and associated information data;
and comparing the network address data of the access terminal with the security network address data in the security address database by adopting a network address matching algorithm, and judging whether the access terminal belongs to the security address database according to a matching result.
6. The method for data access control based on a multi-user smart meter of claim 5, wherein the secure network address data and the associated information data are an IP address range, a subnet mask, and a network prefix.
7. The data access control system based on the multi-user intelligent ammeter is characterized by being used for realizing the data access control method based on the multi-user intelligent ammeter according to claim 6, the data access control system comprises a plurality of intelligent ammeters (100), ammeter communication modules (103) and a central server (101), the plurality of intelligent ammeters (100) are respectively connected with the central server (101) through the ammeter communication modules (103) in an ad hoc network communication mode, an access request end (102) is connected with the plurality of intelligent ammeters (100) in a communication mode through the ammeter communication modules (103), remote data access request data are interacted, the intelligent ammeters (100) are provided with an access request control module (1) based on a data analysis chip, and the access request control module (1) is connected with the central server (101) in a communication mode through the ammeter communication modules (103).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411464401.2A CN119011289B (en) | 2024-10-21 | 2024-10-21 | Data access control method and system based on multi-user smart meter |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411464401.2A CN119011289B (en) | 2024-10-21 | 2024-10-21 | Data access control method and system based on multi-user smart meter |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN119011289A CN119011289A (en) | 2024-11-22 |
| CN119011289B true CN119011289B (en) | 2025-01-24 |
Family
ID=93481919
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202411464401.2A Active CN119011289B (en) | 2024-10-21 | 2024-10-21 | Data access control method and system based on multi-user smart meter |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN119011289B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114423004A (en) * | 2021-12-24 | 2022-04-29 | 深圳市丰鑫科技服务有限公司 | A method for realizing virtual connection and secure transmission between bluetooth devices based on data link |
| CN118764306A (en) * | 2024-08-16 | 2024-10-11 | 四川中威能电力科技有限公司 | Data security protection method and system for smart electric meter |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117668920B (en) * | 2024-02-02 | 2024-05-03 | 杭州高特电子设备股份有限公司 | Secure access method, system, equipment and medium based on internal energy storage system |
| CN118018333B (en) * | 2024-04-10 | 2024-06-25 | 国网浙江省电力有限公司杭州市富阳区供电公司 | Network port lock unlocking control method, system, equipment and storage medium |
| CN118660242A (en) * | 2024-04-23 | 2024-09-17 | 威胜集团有限公司 | Multi-core module operating system electric energy meter system management method, medium and terminal |
| CN118509168B (en) * | 2024-07-22 | 2024-09-10 | 四川中威能电力科技有限公司 | Communication control method and system based on intelligent ammeter data transmission |
-
2024
- 2024-10-21 CN CN202411464401.2A patent/CN119011289B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114423004A (en) * | 2021-12-24 | 2022-04-29 | 深圳市丰鑫科技服务有限公司 | A method for realizing virtual connection and secure transmission between bluetooth devices based on data link |
| CN118764306A (en) * | 2024-08-16 | 2024-10-11 | 四川中威能电力科技有限公司 | Data security protection method and system for smart electric meter |
Also Published As
| Publication number | Publication date |
|---|---|
| CN119011289A (en) | 2024-11-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111447214B (en) | Method for centralized service of public key and cipher based on fingerprint identification | |
| KR0181566B1 (en) | Efficient real-time user identification and encryption method of communication system and device therefor | |
| CN104798083B (en) | For the method and system of authentication-access request | |
| EP1502467B1 (en) | Paired sim card function | |
| CN112597481A (en) | Sensitive data access method and device, computer equipment and storage medium | |
| CN110310392B (en) | Vehicle unlocking method and device, computer equipment and storage medium | |
| CN111512608A (en) | Trusted execution environment based authentication protocol | |
| CN107592308A (en) | A kind of two server multiple-factor authentication method towards mobile payment scene | |
| CN110401530A (en) | A kind of safety communicating method of gas meter, flow meter, system, equipment and storage medium | |
| CN118433704A (en) | A mobile office data security access system based on encrypted mirror transmission | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN112533202A (en) | Identity authentication method and device | |
| CN113051540B (en) | Application program interface safety grading treatment method | |
| CN112202773B (en) | Computer network information security monitoring and protection system based on internet | |
| CN113434882A (en) | Communication protection method and device of application program, computer equipment and storage medium | |
| CN111586023A (en) | Authentication method, authentication equipment and storage medium | |
| CN113872986A (en) | Power distribution terminal authentication method, system, device, computer equipment and storage medium | |
| CN112039857B (en) | Calling method and device of public basic module | |
| CN117118759B (en) | Method for reliable use of user control server terminal key | |
| CN119011289B (en) | Data access control method and system based on multi-user smart meter | |
| CN115334505B (en) | Multi-mode intelligent terminal secure communication method and system for 5G+Beidou | |
| CN113676446B (en) | Communication network safety error-proof control method, system, electronic equipment and medium | |
| Yoon et al. | Security enhancement scheme for mobile device using H/W cryptographic module | |
| Kim et al. | A secure channel establishment method on a hardware security module | |
| CN111586024A (en) | Authentication method, authentication equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |