[go: up one dir, main page]

CN104038931B - Adapted electrical communication system and its communication means based on LTE network - Google Patents

Adapted electrical communication system and its communication means based on LTE network Download PDF

Info

Publication number
CN104038931B
CN104038931B CN201410220554.2A CN201410220554A CN104038931B CN 104038931 B CN104038931 B CN 104038931B CN 201410220554 A CN201410220554 A CN 201410220554A CN 104038931 B CN104038931 B CN 104038931B
Authority
CN
China
Prior art keywords
tunnel
access point
key
tunnel configuration
network access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410220554.2A
Other languages
Chinese (zh)
Other versions
CN104038931A (en
Inventor
李信
李慕峰
毛先
毛一先
李朝峰
于然
邢宁哲
马跃
化存卿
吴新玲
吴越
聂正璞
芦博
田宇
纪雨彤
赵阳
吴文昭
韩子铮
江然
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Guodiantong Network Technology Co Ltd
Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd
Shanghai Jiao Tong University
State Grid Corp of China SGCC
Original Assignee
Beijing Guodiantong Network Technology Co Ltd
Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd
Shanghai Jiao Tong University
State Grid Corp of China SGCC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Guodiantong Network Technology Co Ltd, Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd, Shanghai Jiao Tong University, State Grid Corp of China SGCC filed Critical Beijing Guodiantong Network Technology Co Ltd
Priority to CN201410220554.2A priority Critical patent/CN104038931B/en
Publication of CN104038931A publication Critical patent/CN104038931A/en
Application granted granted Critical
Publication of CN104038931B publication Critical patent/CN104038931B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

本发明公开了一种基于LTE网络的配用电通信系统及其通信方法,该方法包括:配用电终端将经会话密钥加密的通信数据发送至网络接入点设备;网络接入点设备利用会话密钥解密出通信数据,并根据L2TP隧道配置协商结果,对解密出的通信数据进行L2TP封装,并将封装生成的L2TP数据包发送至主站服务器;主站服务器根据L2TP隧道配置协商结果,从接收的L2TP数据包中解析出通信数据。其中,会话密钥是由网络接入点设备根据公钥、私钥以及密钥协商参数生成的;L2TP隧道配置协商结果是由网络接入点设备根据分别由配用电终端和主站服务器分别发送的第一和第三隧道配置参数生成的。应用本发明,可提高配用电通信系统的安全可靠性。

The invention discloses a power distribution and utilization communication system based on an LTE network and a communication method thereof. The method comprises: a power distribution and utilization terminal sends communication data encrypted by a session key to a network access point device; the network access point device Use the session key to decrypt the communication data, and perform L2TP encapsulation on the decrypted communication data according to the L2TP tunnel configuration negotiation result, and send the L2TP data packet generated by the encapsulation to the master server; the master server configures the negotiation result according to the L2TP tunnel , and parse out the communication data from the received L2TP data packet. Among them, the session key is generated by the network access point device according to the public key, private key and key negotiation parameters; the L2TP tunnel configuration negotiation result is generated by the network access point device according to Sent first and third tunnel configuration parameters generated. The application of the invention can improve the safety and reliability of the power distribution communication system.

Description

基于LTE网络的配用电通信系统及其通信方法Power distribution and utilization communication system and communication method based on LTE network

技术领域technical field

本发明涉及智能电网技术领域,尤其涉及一种基于LTE网络的配用电通信系统及其通信方法。The invention relates to the technical field of smart grids, in particular to an LTE network-based power distribution communication system and a communication method thereof.

背景技术Background technique

智能电网作为未来电网发展的方向,它是建立在集成的、高速双向通信网络的基础上实现电网的可靠、安全、经济、高效、环境友好和使用安全的目标。实际应用中,智能电网中主要包括配电业务和智能用电服务体系,可以统称为智能电网的配用电业务。其中,配电业务主要涉及电力系统中的主站对电力系统中的变电站、柱上开关、配电变压器等配电终端进行实时监测和控制;而智能用电服务体系的主要业务是电力系统中的主站对电力系统中的位于用户侧的用电终端进行业务数据采集、监测和发布;配电终端与用电终端可统称为配用电终端,配用电终端与主站之间的双向通信,对通信的实时性和可靠安全性具有很高的要求。As the development direction of the future power grid, the smart grid is based on an integrated, high-speed two-way communication network to achieve the goals of reliability, safety, economy, high efficiency, environmental friendliness and safe use of the power grid. In practical application, the smart grid mainly includes the power distribution business and the smart power service system, which can be collectively referred to as the power distribution business of the smart grid. Among them, the power distribution business mainly involves the real-time monitoring and control of power distribution terminals such as substations, pole-mounted switches, and distribution transformers in the power system by the main station in the power system; The master station of the power system collects, monitors and releases business data on the power consumption terminals located on the user side in the power system; power distribution terminals and power consumption terminals can be collectively referred to as power distribution terminals, and the bidirectional Communication has high requirements for real-time and reliable security of communication.

现有可以通过在配用电终端与主站之间部署电力系统自有的有线网络形成配用电通信系统,来实现配用电终端与主站之间的双向通信。然而,由于用电终端随低压用电线路走向分布在整个配电网络中,节点数量远大于配电终端节点数,而且还存在节点分散、部分节点难以部署有线网络的情况,导致上述配用电通信系统存在网络建设成本高、网络建设复杂度高的不足。At present, the two-way communication between the power distribution terminal and the main station can be realized by deploying the power system's own wired network between the power distribution terminal and the main station to form a power distribution communication system. However, since power consumption terminals are distributed in the entire power distribution network along the direction of low-voltage power lines, the number of nodes is far greater than the number of power distribution terminal nodes, and there are still scattered nodes, and some nodes are difficult to deploy wired networks. The communication system has the disadvantages of high network construction cost and high network construction complexity.

为了降低网络建设成本和复杂度,现有还提出了一种通过引入非电力系统自有网络的配用电通信系统,其主要包括:配用电终端、无线接入网基站、以及主站;其中,无线接入网基站主要是指2G(the second-generation wireless telephone technology,第二代手机通信技术)、3G(the3rd generation elecommunication,第3代移动通信技术)、LTE(long term evolution,长期演进)等无线接入网的基站。实际应用中,上述配用电通信系统的通信过程主要包括:配用电终端与无线接入网基站建立连接后,通过基站接入无线接入网,并与主站建立连接,进而,可以通过基站、无线接入网实现与主站之间的数据通信。然而,上述通信过程中存在无线接入网的安全问题,例如,2G网络的密钥算法易被破解,导致通信可能被窃听;3G网络由于缺少对基站的认证,可能被伪造的基站欺骗;而LTE虽有双层加密体制,即可以对基站、基站与主站之间的传输协议进行双层加密,但是,其对非接入层的基站的加密可选,实际中可能不启用,导致配用电终端容易受到入侵、以及无线接入网共同的强制转换攻击威胁。也就是说,现有通过引入非电力系统自有网络的配用电通信系统的安全性面临很多的风险、可靠性低。In order to reduce the cost and complexity of network construction, a power distribution and utilization communication system by introducing a non-power system own network is proposed, which mainly includes: power distribution and utilization terminals, wireless access network base stations, and master stations; Among them, the wireless access network base station mainly refers to 2G (the second-generation wireless telephone technology, second-generation mobile communication technology), 3G (the3rd generation telecommunication, third-generation mobile communication technology), LTE (long term evolution, long-term evolution ) and other wireless access network base stations. In practical applications, the communication process of the above-mentioned power distribution communication system mainly includes: after the power distribution terminal establishes a connection with the wireless access network base station, it accesses the wireless access network through the base station and establishes a connection with the main station. The base station and the wireless access network realize the data communication with the main station. However, there are wireless access network security issues in the above-mentioned communication process. For example, the key algorithm of the 2G network is easily cracked, resulting in the possibility of eavesdropping on the communication; due to the lack of authentication of the base station, the 3G network may be deceived by a fake base station; and Although LTE has a double-layer encryption system, that is, it can perform double-layer encryption on the base station, the transmission protocol between the base station and the master station, but the encryption for the base station at the non-access layer is optional, and it may not be enabled in practice, resulting in configuration Power-consuming terminals are vulnerable to intrusion and mandatory conversion attacks common to radio access networks. That is to say, the security of the existing power distribution and consumption communication system introduced by the non-power system's own network faces many risks and low reliability.

综上所述,现有的配用电通信系统存在网络建设成本高、复杂度高、以及安全性低等不足,因此,有必要提供一种能够提高电力系统中的配用电终端与主站之间的双向通信的安全可靠性的配用电通信系统。To sum up, the existing power distribution communication system has the disadvantages of high network construction cost, high complexity, and low security. Therefore, it is necessary to provide an Two-way communication between safe and reliable power distribution communication system.

发明内容Contents of the invention

本发明实施例提供了一种基于LTE网络的配用电通信系统及其通信方法,用以提高配用电通信系统的安全可靠性。Embodiments of the present invention provide an LTE network-based power distribution and utilization communication system and a communication method thereof, which are used to improve the safety and reliability of the power distribution and utilization communication system.

根据本发明的一个方面,提供了一种基于LTE网络的配用电通信系统的通信方法,包括:According to one aspect of the present invention, a communication method of an LTE network-based power distribution communication system is provided, including:

配用电终端向网络接入点设备发送携带有密钥协商参数的会话请求;The power distribution terminal sends a session request carrying key negotiation parameters to the network access point device;

网络接入点设备接收到所述会话请求后,根据公钥、预先存储的私钥以及所述密钥协商参数,生成会话密钥向所述配用电终端返回;After receiving the session request, the network access point device generates a session key according to the public key, the pre-stored private key, and the key negotiation parameters and returns it to the power distribution terminal;

配用电终端接收到所述会话密钥后,向所述网络接入点设备发送携带有经所述会话密钥加密的第一隧道配置参数的第2层隧道协议L2TP隧道建立请求;After receiving the session key, the power distribution terminal sends a Layer 2 Tunneling Protocol L2TP tunnel establishment request carrying the first tunnel configuration parameters encrypted by the session key to the network access point device;

网络接入点设备接收到所述L2TP隧道建立请求,从中解析、解密出第一隧道配置参数,并从主站服务器获取第二隧道配置参数;根据第一隧道配置参数、以及第二隧道配置参数,生成L2TP隧道配置协商结果向所述主站服务器发送,并向所述配用电终端返回隧道建立成功的响应信息;The network access point device receives the L2TP tunnel establishment request, parses and decrypts the first tunnel configuration parameter from it, and obtains the second tunnel configuration parameter from the master station server; according to the first tunnel configuration parameter and the second tunnel configuration parameter , generating an L2TP tunnel configuration negotiation result and sending it to the master station server, and returning a response message that the tunnel is established successfully to the power distribution terminal;

配用电终端接收到所述隧道建立成功的响应信息后,将经会话密钥加密的通信数据发送至网络接入点设备;After receiving the response information that the tunnel is successfully established, the power distribution terminal sends the communication data encrypted by the session key to the network access point device;

网络接入点设备利用所述会话密钥解密出通信数据,并根据所述L2TP隧道配置协商结果,对解密出的通信数据进行L2TP封装后发送至所述主站服务器;The network access point device uses the session key to decrypt the communication data, and according to the L2TP tunnel configuration negotiation result, L2TP-encapsulates the decrypted communication data and sends it to the master station server;

主站服务器根据所述L2TP隧道配置协商结果,从接收的L2TP数据包中解析出所述通信数据。The master station server parses the communication data from the received L2TP data packet according to the L2TP tunnel configuration negotiation result.

较佳地,所述配用电终端向网络接入点设备发送携带有密钥协商参数的会话请求,具体包括:Preferably, the power distribution terminal sends a session request carrying key negotiation parameters to the network access point device, specifically including:

配用电终端将携带有经公钥加密的密钥协商参数的会话请求发送至网络接入点设备;以及The power distribution terminal sends the session request carrying the key negotiation parameters encrypted by the public key to the network access point device; and

所述网络接入点设备接收到所述会话请求后,根据公钥、预先存储的私钥以及所述密钥协商参数,生成会话密钥,具体包括:After receiving the session request, the network access point device generates a session key according to the public key, the pre-stored private key, and the key negotiation parameters, specifically including:

网络接入点设备从所述会话请求中解析出经公钥加密的密钥协商参数,并利用预先存储的私钥对所述经公钥加密的密钥协商参数进行解密,得到密钥协商参数;根据所述公钥、所述私钥以及所述密钥协商参数,按照预设的长期演进LTE加密算法,生成会话密钥。The network access point device parses the key negotiation parameters encrypted by the public key from the session request, and uses the pre-stored private key to decrypt the key negotiation parameters encrypted by the public key to obtain the key negotiation parameters ; Generate a session key according to the public key, the private key, and the key negotiation parameters according to a preset Long Term Evolution LTE encryption algorithm.

较佳地,所述公钥具体为所述网络接入点设备的标识信息;以及Preferably, the public key is specifically identification information of the network access point device; and

在所述根据公钥、预先存储的私钥以及所述密钥协商参数,生成会话密钥之前,还包括:Before generating the session key according to the public key, the pre-stored private key and the key negotiation parameters, it further includes:

网络接入点设备接收到所述会话请求后,将其自身的标识信息发送至私钥生成器;After receiving the session request, the network access point device sends its own identification information to the private key generator;

私钥生成器接收网络接入点设备发送的标识信息,并从存储有LTE网络各接入点的标识信息的私钥库中,查找出与接收的标识信息相对应的私钥,并将查找出的私钥发送至网络接入点设备。The private key generator receives the identification information sent by the network access point device, and finds out the private key corresponding to the received identification information from the private key library storing the identification information of each access point of the LTE network, and searches The obtained private key is sent to the network access point device.

较佳地,所述网络接入点设备接收到所述L2TP隧道建立请求,从中解析、解密出第一隧道配置参数,并从主站服务器获取第二隧道配置参数,具体包括:Preferably, the network access point device receives the L2TP tunnel establishment request, parses and decrypts the first tunnel configuration parameters from it, and obtains the second tunnel configuration parameters from the main station server, specifically including:

网络接入点设备从所述L2TP隧道建立请求中解析出经所述会话密钥加密的第一隧道配置参数后,利用所述会话密钥解密出第一隧道配置参数,并将解密出的第一隧道配置参数封装于L2TP隧道连接请求中后发送至主站服务器;After analyzing the first tunnel configuration parameter encrypted by the session key from the L2TP tunnel establishment request, the network access point device uses the session key to decrypt the first tunnel configuration parameter, and decrypts the decrypted second tunnel configuration parameter A tunnel configuration parameter is encapsulated in the L2TP tunnel connection request and sent to the master station server;

主站服务器从所述L2TP隧道连接请求中解析出第一隧道配置参数,并向网络接入点设备发送携带有与所述第一隧道配置参数相对应的第二隧道配置参数的L2TP隧道连接响应信息;The master station server parses out the first tunnel configuration parameter from the L2TP tunnel connection request, and sends an L2TP tunnel connection response carrying the second tunnel configuration parameter corresponding to the first tunnel configuration parameter to the network access point device information;

网络接入点设备从所述L2TP隧道连接响应信息中解析出第二隧道配置参数。The network access point device parses out the second tunnel configuration parameters from the L2TP tunnel connection response information.

较佳地,所述配用电终端接收到所述会话密钥后,在所述向所述配用电终端返回隧道建立成功的响应信息之前,还包括:Preferably, after the power distribution terminal receives the session key, before returning the response information that the tunnel establishment is successful to the power distribution terminal, it further includes:

配用电终端向所述网络接入点设备发送携带有经所述会话密钥加密的第三隧道配置参数的互联网安全协议IPSec隧道建立请求;The power distribution terminal sends an Internet security protocol IPSec tunnel establishment request carrying the third tunnel configuration parameters encrypted by the session key to the network access point device;

网络接入点设备接收到所述IPSec隧道建立请求,从中解析、解密出第三隧道配置参数,并从主站服务器获取第四隧道配置参数;根据第三隧道配置参数、以及第四隧道配置参数,生成IPSec隧道配置协商结果向所述主站服务器发送;并The network access point device receives the IPSec tunnel establishment request, parses and decrypts the third tunnel configuration parameter therefrom, and obtains the fourth tunnel configuration parameter from the main station server; according to the third tunnel configuration parameter and the fourth tunnel configuration parameter , generating an IPSec tunnel configuration negotiation result and sending it to the master station server; and

在将所述L2TP隧道配置协商结果、所述IPSec隧道配置协商结果发送至所述主站服务器后,向所述配用电终端返回隧道建立成功的响应信息;以及After sending the L2TP tunnel configuration negotiation result and the IPSec tunnel configuration negotiation result to the master station server, return a response message indicating that the tunnel is established successfully to the power distribution terminal; and

所述根据所述L2TP隧道配置协商结果,对解密出的通信数据进行L2TP封装后发送至所述主站服务器,具体包括:According to the L2TP tunnel configuration negotiation result, the decrypted communication data is L2TP encapsulated and then sent to the master station server, specifically including:

网络接入点设备根据所述L2TP隧道配置协商结果、所述IPSec隧道配置协商结果,对解密出的通信数据进行L2TP封装以及IPSec封装,并将封装生成的L2TP/IPSec数据包发送至主站服务器;以及The network access point device performs L2TP encapsulation and IPSec encapsulation on the decrypted communication data according to the L2TP tunnel configuration negotiation result and the IPSec tunnel configuration negotiation result, and sends the L2TP/IPSec data packet generated by the encapsulation to the main station server ;as well as

所述主站服务器根据所述L2TP隧道配置协商结果,从接收的L2TP数据包中解析出所述通信数据,具体包括:The master station server parses the communication data from the received L2TP data packet according to the L2TP tunnel configuration negotiation result, specifically including:

主站服务器根据所述L2TP隧道配置协商结果和所述IPSec隧道配置协商结果,从接收的L2TP/IPSec数据包中解析出所述通信数据。The master server parses the communication data from the received L2TP/IPSec data packet according to the L2TP tunnel configuration negotiation result and the IPSec tunnel configuration negotiation result.

较佳地,所述网络接入点设备接收到所述IPSec隧道建立请求,从中解析、解密出第三隧道配置参数,并从主站服务器获取第四隧道配置参数,具体包括:Preferably, the network access point device receives the IPSec tunnel establishment request, parses and decrypts the third tunnel configuration parameter therefrom, and acquires the fourth tunnel configuration parameter from the main station server, specifically including:

网络接入点设备从所述IPSec隧道建立请求中解析出经所述会话密钥加密的第三隧道配置参数后,利用所述会话密钥解密出第三隧道配置参数,并将解密出的第三隧道配置参数封装于IPSec隧道连接请求中后发送至主站服务器;After analyzing the third tunnel configuration parameter encrypted by the session key from the IPSec tunnel establishment request, the network access point device uses the session key to decrypt the third tunnel configuration parameter, and decrypts the decrypted third tunnel configuration parameter. The three tunnel configuration parameters are encapsulated in the IPSec tunnel connection request and sent to the master server;

主站服务器从所述IPSec隧道连接请求中解析出第三隧道配置参数,并向网络接入点设备发送携带有与所述第三隧道配置参数相对应的第四隧道配置参数的IPSec隧道连接响应信息;The master station server parses the third tunnel configuration parameter from the IPSec tunnel connection request, and sends an IPSec tunnel connection response carrying the fourth tunnel configuration parameter corresponding to the third tunnel configuration parameter to the network access point device information;

网络接入点设备从所述IPSec隧道连接响应信息中解析出第四隧道配置参数。The network access point device parses out the fourth tunnel configuration parameter from the IPSec tunnel connection response information.

根据本发明的另一个方面,还提供了一种基于LTE网络的配用电通信系统,包括:配用电终端、网络接入点设备、主站服务器;其中,According to another aspect of the present invention, there is also provided a power distribution and utilization communication system based on an LTE network, including: a power distribution and utilization terminal, a network access point device, and a master station server; wherein,

所述配用电终端用于向所述网络接入点设备发送携带有密钥协商参数的会话请求;从所述网络接入点设备接收到会话密钥后,向所述网络接入点设备发送携带有经所述会话密钥加密的第一隧道配置参数的L2TP隧道建立请求;从所述网络接入点设备接收到隧道建立成功的响应信息后,将经会话密钥加密的通信数据发送至所述网络接入点设备;The power distribution terminal is used to send a session request carrying key negotiation parameters to the network access point device; after receiving the session key from the network access point device, send the session key to the network access point device Send an L2TP tunnel establishment request carrying the first tunnel configuration parameters encrypted by the session key; after receiving a response message that the tunnel is successfully established from the network access point device, send the communication data encrypted by the session key to to the network access point device;

网络接入点设备用于从所述配用电终端接收到所述会话请求后,根据公钥、预先存储的私钥以及所述密钥协商参数,生成会话密钥并向所述配用电终端返回;从所述配用电终端接收到所述L2TP隧道建立请求,从中解析、解密出第一隧道配置参数,并从所述主站服务器获取第二隧道配置参数;根据第一隧道配置参数、以及第二隧道配置参数,生成L2TP隧道配置协商结果向所述主站服务器发送,并向所述配用电终端返回隧道建立成功的响应信息;接收到所述配用电终端发送的经会话密钥加密的通信数据后,利用所述会话密钥解密出通信数据,并根据所述L2TP隧道配置协商结果,对解密出的通信数据进行L2TP封装后发送至所述主站服务器;The network access point device is configured to, after receiving the session request from the power distribution terminal, generate a session key according to the public key, the pre-stored private key, and the key negotiation parameters, and send the session key to the power distribution terminal. The terminal returns; receiving the L2TP tunnel establishment request from the power distribution terminal, parsing and decrypting the first tunnel configuration parameter, and obtaining the second tunnel configuration parameter from the master station server; according to the first tunnel configuration parameter , and the second tunnel configuration parameters, generate an L2TP tunnel configuration negotiation result and send it to the master station server, and return a response message that the tunnel is successfully established to the power distribution terminal; receive the session information sent by the power distribution terminal After the key-encrypted communication data, use the session key to decrypt the communication data, and according to the L2TP tunnel configuration negotiation result, perform L2TP encapsulation on the decrypted communication data and send it to the master station server;

主站服务器用于根据所述L2TP隧道配置协商结果,从接收的L2TP数据包中解析出所述通信数据。The master station server is configured to parse out the communication data from the received L2TP data packet according to the L2TP tunnel configuration negotiation result.

较佳地,所述系统还包括:私钥生成器;以及Preferably, the system further includes: a private key generator; and

所述公钥具体为所述网络接入点设备的标识信息;以及The public key is specifically identification information of the network access point device; and

所述配用电终端具体用于将携带有经公钥加密的密钥协商参数的会话请求发送至网络接入点设备;以及The power distribution terminal is specifically configured to send the session request carrying the key negotiation parameters encrypted by the public key to the network access point device; and

所述网络接入点设备具体用于在从所述配用电终端接收到所述会话请求后,将其自身的标识信息发送至所述私钥生成器,并从所述私钥生成器接收与所述标识信息相对应的私钥;从所述会话请求中解析出经公钥加密的密钥协商参数,并利用从所述私钥生成器接收与所述标识信息相对应的私钥对所述经公钥加密的密钥协商参数进行解密,得到密钥协商参数;根据所述公钥、所述私钥以及所述密钥协商参数,按照预设的长期演进LTE加密算法,生成会话密钥;以及The network access point device is specifically configured to, after receiving the session request from the power distribution terminal, send its own identification information to the private key generator, and receive from the private key generator a private key corresponding to the identification information; parsing the key negotiation parameters encrypted by the public key from the session request, and using the private key pair corresponding to the identification information received from the private key generator The key negotiation parameters encrypted by the public key are decrypted to obtain the key negotiation parameters; according to the public key, the private key and the key negotiation parameters, according to the preset long-term evolution LTE encryption algorithm, a session is generated key; and

所述私钥生成器用于在接收到所述网络接入点设备发送的标识信息后,从存储有LTE网络各接入点的标识信息的私钥库中,查找出与接收的标识信息相对应的私钥,并将查找出的私钥发送至所述网络接入点设备。The private key generator is configured to, after receiving the identification information sent by the network access point device, find out the key corresponding to the received identification information from the private key library storing the identification information of each access point of the LTE network. private key, and send the found private key to the network access point device.

较佳地,所述网络接入点设备具体用于从所述配用电终端接收到L2TP隧道建立请求后,从所述L2TP隧道建立请求中解析出经所述会话密钥加密的第一隧道配置参数,利用所述会话密钥解密出第一隧道配置参数,并将解密出的第一隧道配置参数封装于L2TP隧道连接请求中后发送至主站服务器;从所述主站服务器接收到L2TP隧道连接响应信息后,从所述L2TP隧道连接响应信息中解析出第二隧道配置参数;以及Preferably, the network access point device is specifically configured to parse out the first tunnel encrypted by the session key from the L2TP tunnel establishment request after receiving the L2TP tunnel establishment request from the power distribution terminal. Configure parameters, use the session key to decrypt the first tunnel configuration parameters, and encapsulate the decrypted first tunnel configuration parameters in the L2TP tunnel connection request and send them to the main station server; receive the L2TP from the main station server After the tunnel connection response information, parse out the second tunnel configuration parameters from the L2TP tunnel connection response information; and

所述主站服务器具体用于从所述网络接入点设备接收到L2TP隧道连接请求后,从所述L2TP隧道连接请求中解析出第一隧道配置参数,并向网络接入点设备发送携带有与所述第一隧道配置参数相对应的第二隧道配置参数的L2TP隧道连接响应信息。The master station server is specifically configured to, after receiving the L2TP tunnel connection request from the network access point device, parse the first tunnel configuration parameter from the L2TP tunnel connection request, and send the first tunnel configuration parameter to the network access point device with L2TP tunnel connection response information of the second tunnel configuration parameter corresponding to the first tunnel configuration parameter.

较佳地,所述配用电终端还用于向所述网络接入点设备发送携带有经所述会话密钥加密的第三隧道配置参数的IPSec隧道建立请求;以及Preferably, the power distribution terminal is further configured to send an IPSec tunnel establishment request carrying third tunnel configuration parameters encrypted by the session key to the network access point device; and

所述网络接入点设备还用于接收到所述配用电终端发送的所述IPSec隧道建立请求后,从中解析、解密出第三隧道配置参数,并从主站服务器获取第四隧道配置参数;根据第三隧道配置参数、以及第四隧道配置参数,生成IPSec隧道配置协商结果向所述主站服务器发送;并在将所述L2TP隧道配置协商结果、所述IPSec隧道配置协商结果发送至所述主站服务器后,向所述配用电终端返回隧道建立成功的响应信息;利用所述会话密钥对从所述配用电终端接收的经会话密钥加密的通信数据进行解密;根据所述L2TP隧道配置协商结果、所述IPSec隧道配置协商结果,对解密出的通信数据进行L2TP封装以及IPSec封装,并将封装生成的L2TP/IPSec数据包发送至主站服务器;以及The network access point device is further configured to parse and decrypt the third tunnel configuration parameter from the IPSec tunnel establishment request sent by the power distribution terminal, and obtain the fourth tunnel configuration parameter from the main station server ; According to the third tunnel configuration parameter and the fourth tunnel configuration parameter, generate an IPSec tunnel configuration negotiation result and send it to the master station server; and send the L2TP tunnel configuration negotiation result and the IPSec tunnel configuration negotiation result to the master station server After the main station server, return the response information that the tunnel is successfully established to the power distribution terminal; use the session key to decrypt the communication data encrypted by the session key received from the power distribution terminal; according to the The L2TP tunnel configuration negotiation result, the IPSec tunnel configuration negotiation result, perform L2TP encapsulation and IPSec encapsulation on the decrypted communication data, and send the L2TP/IPSec data packet generated by the encapsulation to the master station server; and

主站服务器还用于根据所述L2TP隧道配置协商结果和所述IPSec隧道配置协商结果,从接收的L2TP/IPSec数据包中解析出所述通信数据。The master station server is further configured to parse out the communication data from the received L2TP/IPSec data packet according to the L2TP tunnel configuration negotiation result and the IPSec tunnel configuration negotiation result.

本发明实施例的技术方案中,预先在配用电终端与网络接入点设备之间设置共享的会话密钥,保证配用电终端与网络接入点设备之间的通信安全;同时,在网络接入点设备与主站服务器之间设置L2TP隧道和IPSec隧道,对网络接入点设备与主站服务器之间传输的通信数据进行传输方式和内容上的双重加密保护,保证了网络接入点设备与主站服务器之间的通信安全。相比现有的配用电通信系统,本发明提供的通过经会话密钥加密、经L2TP隧道和IPSec隧道保护的通信数据传输通道进行通信的配用电终端系统,具有更高的安全可靠性。In the technical solution of the embodiment of the present invention, a shared session key is set between the power distribution terminal and the network access point device in advance to ensure the communication security between the power distribution terminal and the network access point device; at the same time, the The L2TP tunnel and IPSec tunnel are set up between the network access point device and the main station server, and the transmission mode and content of the communication data transmitted between the network access point device and the main station server are protected by double encryption to ensure network access communication security between the point device and the master server. Compared with the existing power distribution and utilization communication system, the power distribution and utilization terminal system provided by the present invention communicates through the communication data transmission channel encrypted by the session key and protected by the L2TP tunnel and the IPSec tunnel, which has higher security and reliability .

附图说明Description of drawings

图1为本发明实施例的配用电通信系统的结构示意图;FIG. 1 is a schematic structural diagram of a power distribution communication system according to an embodiment of the present invention;

图2为本发明实施例的共享会话密钥的方法流程示意图;FIG. 2 is a schematic flowchart of a method for sharing a session key according to an embodiment of the present invention;

图3为本发明实施例的建立数据传输隧道的方法流程示意图;FIG. 3 is a schematic flowchart of a method for establishing a data transmission tunnel according to an embodiment of the present invention;

图4为本发明实施例的配用电通信系统的通信方法流程示意图。FIG. 4 is a schematic flow chart of a communication method of the power distribution communication system according to an embodiment of the present invention.

具体实施方式detailed description

为使本发明的目的、技术方案及优点更加清楚明白,以下参照附图并举出优选实施例,对本发明进一步详细说明。然而,需要说明的是,说明书中列出的许多细节仅仅是为了使读者对本发明的一个或多个方面有一个透彻的理解,即便没有这些特定的细节也可以实现本发明的这些方面。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be described in further detail below with reference to the accompanying drawings and preferred embodiments. However, it should be noted that many of the details listed in the specification are only for readers to have a thorough understanding of one or more aspects of the present invention, and these aspects of the present invention can be implemented even without these specific details.

本申请使用的“模块”、“系统”等术语旨在包括与计算机相关的实体,例如但不限于硬件、固件、软硬件组合、软件或者执行中的软件。例如,模块可以是,但并不仅限于:处理器上运行的进程、处理器、对象、可执行程序、执行的线程、程序和/或计算机。举例来说,计算设备上运行的应用程序和此计算设备都可以是模块。一个或多个模块可以位于执行中的一个进程和/或线程内。As used herein, terms such as "module" and "system" are intended to include computer-related entities such as, but not limited to, hardware, firmware, a combination of hardware and software, software, or software in execution. For example, a module may be, but is not limited to being limited to being, a process running on a processor, a processor, an object, an executable, a thread of execution, a program, and/or a computer. For example, both an application running on a computing device and the computing device could be modules. One or more modules can reside within a process and/or thread of execution.

本发明的发明人发现,导致现有配用电通信系统的安全可靠性低的主要在于缺少对基站、无线接入网的空中接口的认证和加密。因此,本发明的发明人考虑,可以在配用电终端与主站之间增设LTE网络的接入点基站,通过对接入点基站的认证、对配用电终端与该接入点基站之间的认证传输、以及在接入点基站与主站服务器之间的通过L2TP(Layer2Tunneling Protocol,第2层隧道协议)隧道配置和IPSec(Internet ProtocolSecurity,互联网安全协议)隧道配置对传输的通信数据的传输方式和内容进行双层加密传输,以此提高配用电通信系统中配用电终端与主站之间的通信安全可靠性。The inventors of the present invention found that the low security and reliability of the existing power distribution and utilization communication system mainly lies in the lack of authentication and encryption of the base station and the air interface of the wireless access network. Therefore, the inventors of the present invention consider that an access point base station of the LTE network can be added between the power distribution terminal and the main station, and through the authentication of the access point base station, the connection between the power distribution terminal and the access point base station authentication transmission between the access point base station and the main station server through L2TP (Layer2Tunneling Protocol, Layer 2 Tunneling Protocol) tunnel configuration and IPSec (Internet Protocol Security, Internet Security Protocol) tunnel configuration for the communication data transmitted The transmission mode and content are double-layer encrypted transmission, so as to improve the security and reliability of the communication between the power distribution terminal and the main station in the power distribution communication system.

下面结合附图详细说明本发明的技术方案。The technical scheme of the present invention will be described in detail below in conjunction with the accompanying drawings.

本发明实施例提供了一种基于LTE网络的配用电通信系统,如图1所示,具体可以包括:配用电终端101、网络接入点设备102、主站服务器103。An embodiment of the present invention provides a power distribution and utilization communication system based on an LTE network, as shown in FIG.

其中,配用电终端101可以向网络接入点设备102发送携带有密钥协商参数的会话请求;网络接入点设备102接收到会话请求后,可以根据公钥、预先存储的私钥以及密钥协商参数,生成会话密钥,并将生成的会话密钥向配用电终端101返回。具体地,配用电终端101可以将携带有经公钥加密的密钥协商参数的会话请求发送至网络接入点设备102。继而,网络接入点设备102可以从会话请求中解析出经公钥加密的密钥协商参数,并利用预先存储的私钥对从配用电终端101接收的经公钥加密的密钥协商参数进行解密,得到密钥协商参数;并根据公钥、私钥以及密钥协商参数,按照预设的LTE加密算法,生成会话密钥并发送至配用电终端101。其中,公钥具体为网络接入点设备102的标识信息;网络接入点设备102中的私钥是预先存储的、与其自身的标识信息相对应的信息。这样,配用电终端101与网络接入点设备102之间就完成了密钥协商,后续配用电终端101可以通过共享的会话密钥对预上传的通信数据进行加密,保证了配用电终端101与网络接入点设备102之间的数据传输的安全性。而且,配用电终端101与网络接入点设备102之间完成密钥协商的同时,也就完成了配用电终端101与网络接入点设备102之间的认证连接,使得配用电终端101可以通过网络接入点设备102接入LTE网络;继而通过LTE网络将待上传的通信数据发送给主站服务器103。其中,LTE加密算法具体可以从LTE网络系统所允许的多个算法中自行选择。Among them, the power distribution terminal 101 can send a session request carrying key negotiation parameters to the network access point device 102; after receiving the session request, the network access point device 102 can key negotiation parameters, generate a session key, and return the generated session key to the power distribution terminal 101. Specifically, the power distribution terminal 101 may send the session request carrying the key negotiation parameters encrypted by the public key to the network access point device 102 . Then, the network access point device 102 can parse out the key negotiation parameters encrypted by the public key from the session request, and use the pre-stored private key to pair the key negotiation parameters encrypted by the public key received from the power distribution terminal 101 Decrypt to obtain the key negotiation parameters; and according to the public key, private key and key negotiation parameters, according to the preset LTE encryption algorithm, generate a session key and send it to the power distribution terminal 101 . Wherein, the public key is specifically the identification information of the network access point device 102; the private key in the network access point device 102 is pre-stored information corresponding to its own identification information. In this way, the key negotiation between the power distribution terminal 101 and the network access point device 102 is completed, and the subsequent power distribution terminal 101 can encrypt the pre-uploaded communication data through the shared session key, ensuring the power distribution Security of data transmission between the terminal 101 and the network access point device 102 . Moreover, when the key negotiation is completed between the power distribution terminal 101 and the network access point device 102, the authentication connection between the power distribution terminal 101 and the network access point device 102 is also completed, so that the power distribution terminal 101 and the network access point device 102 101 can access the LTE network through the network access point device 102; and then send the communication data to be uploaded to the main station server 103 through the LTE network. Specifically, the LTE encryption algorithm may be selected from multiple algorithms allowed by the LTE network system.

更优地,本发明实施例的配用电通信系统中还包括:私钥生成器104。More preferably, the power distribution communication system in the embodiment of the present invention further includes: a private key generator 104 .

其中,私钥生成器104用于存储LTE网络各接入点的标识信息、以及分别与各标识信息相对应的私钥。具体地,网络接入点设备102在接收到配用电终端101发送的会话请求后,将其自身的标识信息发送至私钥生成器104。这样,私钥生成器104可以在接收到网络接入点设备102发送的标识信息后,从存储有LTE网络各接入点的标识信息的私钥库中,查找出与接收的标识信息相对应的私钥,并将查找出的私钥发送至网络接入点设备102。Wherein, the private key generator 104 is used for storing identification information of each access point of the LTE network, and private keys respectively corresponding to each identification information. Specifically, after receiving the session request sent by the power distribution terminal 101 , the network access point device 102 sends its own identification information to the private key generator 104 . In this way, after receiving the identification information sent by the network access point device 102, the private key generator 104 can find out the key corresponding to the received identification information from the private key library storing the identification information of each access point of the LTE network. private key, and send the found private key to the network access point device 102.

进一步地,配用电终端101从网络接入点设备102接收到其返回的会话密钥后,向网络接入点设备102发送携带有经会话密钥加密的第一隧道配置参数的L2TP隧道建立请求。继而,网络接入点设备102可以在接收到L2TP隧道建立请求后,从中解析、解密出第一隧道配置参数,并从主站服务器103获取第二隧道配置参数;根据第一隧道配置参数、以及第二隧道配置参数,生成L2TP隧道配置协商结果向主站服务器103发送,并向配用电终端101返回隧道建立成功的响应信息。具体地,网络接入点设备102在接收到配用电终端101发送的L2TP隧道建立请求后,可以从L2TP隧道建立请求中解析出经所述会话密钥加密的第一隧道配置参数;利用会话密钥解密出第一隧道配置参数,并将解密出的第一隧道配置参数封装于L2TP隧道连接请求中后发送至主站服务器103。主站服务器103接收网络接入点设备102发送的L2TP隧道连接请求后,从中解析出第一隧道配置参数,并根据接收的第一隧道配置参数,向网络接入点设备102发送携带有与第一隧道配置参数相对应的第二隧道配置参数的L2TP隧道连接响应信息。网络接入点设备102接收到主站服务器103发送的L2TP隧道连接响应信息后,可以从中解析出第二隧道配置参数;根据第一隧道配置参数、第二隧道配置参数,生成L2TP隧道配置协商结果;将生成的L2TP隧道配置协商结果发送至主站服务器103后,并向所述配用电终端返回隧道建立成功的响应信息。这样,就完成在LTE网络中建立网络接入点设备102与主站服务器103之间的L2TP隧道连接。其中,第一和第二隧道配置参数具体用于对传输带宽、传输速率等参数进行限定,使得根据第一和第二隧道配置参数生成的L2TP隧道配置协商结果能够对配用电终端101与网络接入点设备102之间的数据传输方式进行控制。例如,可以将L2TP隧道配置协商结果设定为第一隧道配置参数和第二隧道配置参数中对于同一参数限定值的最小值、或最大值、或平均值。Further, after receiving the returned session key from the network access point device 102, the power distribution and utilization terminal 101 sends to the network access point device 102 an L2TP tunnel establishment message carrying the first tunnel configuration parameters encrypted by the session key. ask. Then, after receiving the L2TP tunnel establishment request, the network access point device 102 can parse and decrypt the first tunnel configuration parameter therefrom, and obtain the second tunnel configuration parameter from the master station server 103; according to the first tunnel configuration parameter, and The second tunnel configuration parameter generates an L2TP tunnel configuration negotiation result and sends it to the master station server 103 , and returns a response message indicating that the tunnel is established successfully to the power distribution terminal 101 . Specifically, after receiving the L2TP tunnel establishment request sent by the power distribution terminal 101, the network access point device 102 can parse out the first tunnel configuration parameter encrypted by the session key from the L2TP tunnel establishment request; The key decrypts the first tunnel configuration parameters, and encapsulates the decrypted first tunnel configuration parameters in the L2TP tunnel connection request and sends it to the main station server 103 . After receiving the L2TP tunnel connection request sent by the network access point device 102, the master station server 103 parses out the first tunnel configuration parameter, and sends to the network access point device 102 the information carrying the first tunnel configuration parameter and the first tunnel configuration parameter. The L2TP tunnel connection response information of the second tunnel configuration parameter corresponding to the first tunnel configuration parameter. After receiving the L2TP tunnel connection response information sent by the main station server 103, the network access point device 102 can parse out the second tunnel configuration parameters; generate the L2TP tunnel configuration negotiation result according to the first tunnel configuration parameters and the second tunnel configuration parameters ; After sending the generated L2TP tunnel configuration negotiation result to the master station server 103, and returning a response message indicating that the tunnel is established successfully to the power distribution terminal. In this way, the establishment of the L2TP tunnel connection between the network access point device 102 and the main station server 103 in the LTE network is completed. Wherein, the first and second tunnel configuration parameters are specifically used to limit the transmission bandwidth, transmission rate and other parameters, so that the L2TP tunnel configuration negotiation result generated according to the first and second tunnel configuration parameters can be used for power distribution terminal 101 and the network The data transmission mode between the access point devices 102 is controlled. For example, the L2TP tunnel configuration negotiation result may be set as the minimum value, or maximum value, or average value of the limit values for the same parameter in the first tunnel configuration parameter and the second tunnel configuration parameter.

这样,后续可以通过LTE网络中的L2TP隧道将从配用电终端101接收的通信数据按照L2TP隧道配置协商结果上传至主站服务器103。具体地,配用电通信系统中的配用电终端101从网络接入点设备102接收到其返回的隧道建立成功的响应信息后,可以将经会话密钥加密的通信数据发送至网络接入点设备102。网络接入点设备102可以在接收配用电终端101发送的经会话密钥加密的通信数据后,利用会话密钥对从配用电终端101接收的经会话密钥加密的通信数据进行解密,解密出通信数据;根据L2TP隧道配置协商结果,对解密出的通信数据进行L2TP封装,并将封装生成的L2TP数据包发送至主站服务器103。这样,主站服务器103可以根据L2TP隧道配置协商结果,对接收的L2TP数据包进行解析,从中解析出配用电终端101预上传的通信数据。In this way, the communication data received from the power distribution terminal 101 can be subsequently uploaded to the main station server 103 through the L2TP tunnel in the LTE network according to the L2TP tunnel configuration negotiation result. Specifically, after the power distribution terminal 101 in the power distribution communication system receives the response information returned by the network access point device 102 indicating that the tunnel is successfully established, it can send the communication data encrypted by the session key to the network access point device 102. point device 102 . After receiving the communication data encrypted by the session key sent by the power distribution terminal 101, the network access point device 102 may use the session key to decrypt the communication data encrypted by the session key received from the power distribution terminal 101, Decrypt the communication data; perform L2TP encapsulation on the decrypted communication data according to the L2TP tunnel configuration negotiation result, and send the L2TP data packet generated by encapsulation to the master server 103 . In this way, the master station server 103 can analyze the received L2TP data packet according to the L2TP tunnel configuration negotiation result, and analyze the communication data pre-uploaded by the power distribution terminal 101 therefrom.

基于上述配用电通信系统,可以看出,本发明实施例中的基于LTE网络的配用电通信系统在进行通信之前,需要预先实现配用电终端与网络接入点设备之间共享会话密钥,其具体流程,如图2所示,可以包括如下步骤:Based on the above-mentioned power distribution communication system, it can be seen that before the power distribution communication system based on the LTE network in the embodiment of the present invention communicates, it is necessary to realize in advance that the power distribution terminal and the network access point device share the session key. Key, its specific process, as shown in Figure 2, can include the following steps:

S201:配用电终端向网络接入点设备发送携带有密钥协商参数的会话请求。S201: The power distribution terminal sends a session request carrying key negotiation parameters to the network access point device.

具体地,配用电通信系统中的配用电终端101在通过网络接入点设备102接入LTE网络之前,可以将网络接入点设备102的标识信息作为公钥,利用公钥加密密钥协商参数,并将携带有经公钥加密的密钥协商参数的会话请求发送至网络接入点设备102。其中,网络接入点设备102具体为LTE网络的接入点;公钥具体为网络接入点设备102的标识信息。Specifically, before the power distribution terminal 101 in the power distribution communication system accesses the LTE network through the network access point device 102, it can use the identification information of the network access point device 102 as a public key, and use the public key to encrypt the key Negotiate parameters, and send the session request carrying the key negotiation parameters encrypted by the public key to the network access point device 102. Wherein, the network access point device 102 is specifically an access point of the LTE network; the public key is specifically identification information of the network access point device 102 .

S202:网络接入点设备接收到会话请求后,将其自身的标识信息发送至私钥生成器。S202: After receiving the session request, the network access point device sends its own identification information to the private key generator.

具体地,配用电通信系统中的网络接入点设备102在接收到由该系统中的配用电终端101发送的携带有经公钥加密的密钥协商参数的会话请求之后,为了解密出会话请求中的密钥协商参数,可以将自身的标识信息发送至私钥生成器104以获取私钥。Specifically, after the network access point device 102 in the power distribution communication system receives the session request carrying the key negotiation parameters encrypted by the public key sent by the power distribution terminal 101 in the system, in order to decrypt the The key negotiation parameter in the session request may send its own identification information to the private key generator 104 to obtain the private key.

S203:私钥生成器接收网络接入点设备发送的标识信息,并从存储有LTE网络各接入点的标识信息的私钥库中,查找出与网络接入点设备的标识信息相对应的私钥并发送至网络接入点设备。S203: The private key generator receives the identification information sent by the network access point device, and finds the key corresponding to the identification information of the network access point device from the private key library storing the identification information of each access point of the LTE network. The private key is sent to the network access point device.

继而,配用电通信系统中的私钥生成器104可以接收网络接入点设备发送的标识信息,并从存储有LTE网络各接入点的标识信息的私钥库中,查找出与从网络接入点设备102接收的标识信息相对应的私钥,并将查找出的私钥发送至网络接入点设备102。具体地,私钥生成器104将接收的标识信息与私钥库中LTE网络各接入点的标识信息进行比较查找,从私钥库中查找出与接收的标识信息相同的标识信息,并将与该标识信息相对应的私钥发送至网络接入点设备102。其中,私钥生成器104预先针对LTE网络中的每个接入点,将该接入点的标识信息作为公钥,并为该公钥设置相应的私钥。而私钥生成器104设置一对相对应的公钥和私钥的具体实现方法,可以采用本领域技术人员所公知的技术手段,在此不再赘述。Then, the private key generator 104 in the power distribution and utilization communication system can receive the identification information sent by the network access point device, and find out from the private key library that stores the identification information of each access point of the LTE network. The access point device 102 receives the private key corresponding to the identification information, and sends the found private key to the network access point device 102 . Specifically, the private key generator 104 compares the received identification information with the identification information of each access point of the LTE network in the private key storehouse, finds out the same identification information as the received identification information from the private key storehouse, and sends The private key corresponding to the identification information is sent to the network access point device 102 . Wherein, the private key generator 104 preliminarily uses the identification information of the access point as a public key for each access point in the LTE network, and sets a corresponding private key for the public key. The specific implementation method for the private key generator 104 to set a pair of corresponding public key and private key can adopt technical means known to those skilled in the art, and will not be repeated here.

事实上,若从私钥库中查找到与接收的标识信息相同的标识信息,则表明与该标识信息对应的网络接入点设备为LTE网络的接入点,也就是说,配用电终端101可以通过该网络接入点设备102接入LTE网络。相应地,若从私钥库中查找不到与接收的标识信息相同的标识信息,则表明网络接入点设备不是LTE网络的接入点,那么,配用电终端101可以选择其他的、属于LTE网络的接入点的网络接入点设备实现LTE网络的接入。In fact, if the same identification information as the received identification information is found from the private key store, it indicates that the network access point device corresponding to the identification information is an access point of the LTE network, that is, the power distribution terminal 101 can access the LTE network through the network access point device 102 . Correspondingly, if the identification information identical to the received identification information cannot be found from the private key store, it indicates that the network access point device is not an access point of the LTE network, then the power distribution and utilization terminal 101 can select other The network access point device of the access point of the LTE network realizes the access of the LTE network.

S204:网络接入点设备从会话请求中解析出经公钥加密的密钥协商参数,并利用私钥对经公钥加密的密钥协商参数进行解密,得到密钥协商参数;根据公钥、私钥以及密钥协商参数,生成会话密钥后发送至配用电终端。S204: The network access point device parses the key negotiation parameters encrypted by the public key from the session request, and uses the private key to decrypt the key negotiation parameters encrypted by the public key to obtain the key negotiation parameters; according to the public key, The private key and key negotiation parameters are generated and sent to the power distribution terminal after the session key is generated.

具体地,配用电通信系统中的网络接入点设备102可以利用从私钥生成器104接收的私钥,对从配用电终端101接收的经公钥加密的密钥协商参数进行解密,得到密钥协商参数;并根据公钥(即网络接入点设备102的标识信息)、私钥以及密钥协商参数,按照预设的LTE加密算法,生成会话密钥,并将生成的会话密钥发送至从配用电终端101。例如,网络接入点设备102可以利用私钥加密产生的会话密钥,并将加密的会话密钥发送至配用电终端101;继而,配用电终端101可以利用公钥(即网络接入点设备102的标识信息)解密得到会话密钥,实现配用电终端101与网络接入点设备102之间共享会话密钥。这样,后续配用电终端101与网络接入点设备102之间的传输的数据可以利用该会话密钥进行加密解密,保证配用电终端101与网络接入点设备102之间的通信安全。其中,LTE加密算法具体可以从LTE网络系统所允许的算法中自行选择。Specifically, the network access point device 102 in the power distribution communication system may use the private key received from the private key generator 104 to decrypt the key negotiation parameters encrypted by the public key received from the power distribution terminal 101, Obtain the key negotiation parameters; and according to the public key (ie, the identification information of the network access point device 102), the private key and the key negotiation parameters, according to the preset LTE encryption algorithm, generate a session key, and use the generated session key The key is sent to the slave power distribution terminal 101. For example, the network access point device 102 can use the private key to encrypt the generated session key, and send the encrypted session key to the power distribution terminal 101; then, the power distribution terminal 101 can use the public key (that is, the network access The identification information of the point device 102) is decrypted to obtain the session key, and the session key is shared between the power distribution terminal 101 and the network access point device 102. In this way, the subsequent data transmitted between the power distribution terminal 101 and the network access point device 102 can be encrypted and decrypted using the session key, so as to ensure the communication security between the power distribution terminal 101 and the network access point device 102 . Wherein, the LTE encryption algorithm may specifically be selected from algorithms allowed by the LTE network system.

基于上述配用电通信系统,还可以看出,本发明实施例中的基于LTE网络的配用电通信系统在进行通信之前,还需要预先建立网络接入点设备与主站服务器之间的数据传输隧道,其具体流程,如图3所示,可以包括如下步骤:Based on the above power distribution communication system, it can also be seen that the LTE network-based power distribution communication system in the embodiment of the present invention needs to pre-establish the data between the network access point device and the master station server before performing communication. The specific flow of the transmission tunnel, as shown in Figure 3, may include the following steps:

S301:配用电终端接收到会话密钥后,向网络接入点设备发送携带有经会话密钥加密的第一隧道配置参数的L2TP隧道建立请求。S301: After receiving the session key, the power distribution terminal sends an L2TP tunnel establishment request carrying the first tunnel configuration parameters encrypted by the session key to the network access point device.

具体地,为了能够通过网络接入点设备102,建立与主站服务器103之间的安全通信通道,配用电终端101可以对网络接入点设备与主站服务器之间待建立的数据传输隧道进行参数限定。具体地,在确定出与网络接入点设备102之间共享的会话密钥后,配用电终端101可以利用会话密钥对用于对待建立的数据传输隧道进行参数限定的第一隧道配置参数进行加密,并将携带有经会话密钥加密的第一隧道配置参数的L2TP隧道建立请求发送至网络接入点设备102。Specifically, in order to establish a secure communication channel with the main station server 103 through the network access point device 102, the power distribution terminal 101 can configure the data transmission tunnel to be established between the network access point device and the main station server Limit the parameters. Specifically, after determining the session key shared with the network access point device 102, the power distribution terminal 101 can use the session key to define the parameters of the first tunnel configuration parameter for the data transmission tunnel to be established. Encryption is performed, and the L2TP tunnel establishment request carrying the first tunnel configuration parameters encrypted by the session key is sent to the network access point device 102 .

S302:网络接入点设备从L2TP隧道建立请求中解析出经会话密钥加密的第一隧道配置参数后,利用会话密钥解密出第一隧道配置参数,并将解密出的第一隧道配置参数封装于L2TP隧道连接请求中后发送至主站服务器。S302: After analyzing the first tunnel configuration parameter encrypted by the session key from the L2TP tunnel establishment request, the network access point device decrypts the first tunnel configuration parameter by using the session key, and decrypts the decrypted first tunnel configuration parameter It is encapsulated in the L2TP tunnel connection request and sent to the master server.

具体地,网络接入点设备102接收到配用电终端101发送的L2TP隧道建立请求后,从中解析出经会话密钥加密的第一隧道配置参数,并利用共享的会话密钥解密出第一隧道配置参数,将解密出的第一隧道配置参数封装于L2TP隧道连接请求中,并发送至主站服务器103。Specifically, after receiving the L2TP tunnel establishment request sent by the power distribution terminal 101, the network access point device 102 parses out the first tunnel configuration parameter encrypted by the session key, and uses the shared session key to decrypt the first tunnel configuration parameter. For tunnel configuration parameters, the decrypted first tunnel configuration parameters are encapsulated in the L2TP tunnel connection request and sent to the master server 103 .

S303:主站服务器从L2TP隧道连接请求中解析出第一隧道配置参数,并向网络接入点设备发送携带有与所述第一隧道配置参数相对应的第二隧道配置参数的L2TP隧道连接响应信息。S303: The master station server parses out the first tunnel configuration parameter from the L2TP tunnel connection request, and sends an L2TP tunnel connection response carrying the second tunnel configuration parameter corresponding to the first tunnel configuration parameter to the network access point device information.

具体地,主站服务器103接收网络接入点设备102发送的L2TP隧道连接请求,从中解析出第一隧道配置参数;根据第一隧道配置参数,确定出与第一隧道配置参数相对应的第二隧道配置参数,并将确定出的第二隧道配置参数封装于L2TP隧道连接响应信息中后发送至网络接入点设备102。Specifically, the main station server 103 receives the L2TP tunnel connection request sent by the network access point device 102, and parses out the first tunnel configuration parameter; according to the first tunnel configuration parameter, determines the second tunnel configuration parameter corresponding to the first tunnel configuration parameter Tunnel configuration parameters, and the determined second tunnel configuration parameters are encapsulated in the L2TP tunnel connection response information and sent to the network access point device 102.

S304:网络接入点设备从L2TP隧道连接响应信息中解析出第二隧道配置参数,并根据第一隧道配置参数、第二隧道配置参数,生成L2TP隧道配置协商结果后发送至主站服务器,并向配用电终端返回隧道建立成功的响应信息。S304: The network access point device parses out the second tunnel configuration parameter from the L2TP tunnel connection response information, generates the L2TP tunnel configuration negotiation result according to the first tunnel configuration parameter and the second tunnel configuration parameter, and sends it to the main station server, and Return the response information that the tunnel is established successfully to the power distribution terminal.

具体地,网络接入点设备102接收到主站服务器103发送的L2TP隧道连接响应信息后,根据解密出的第一隧道配置参数、以及从L2TP隧道连接响应信息中解析出的第二隧道配置参数,生成L2TP隧道配置协商结果,并将生成的L2TP隧道配置协商结果发送给主站服务器103。这样,就完成了在LTE网络中建立网络接入点设备102与主站服务器103之间的L2TP隧道连接,继而,配用电终端101可以依序通过网络接入点设备102、LTE网络、主站服务器103访问电力系统的内网。其中,根据第一和第二隧道配置参数建立L2TP隧道的具体实现方法,可以将L2TP隧道配置协商结果设定为第一隧道配置参数和第二隧道配置参数中对于同一参数限定值的最小值、或最大值、或平均值,也可以采用本领域技术人员所公知的技术手段,在此不再详述。这样,可以按照L2TP隧道配置协商结果对经过L2TP隧道传输的通信数据进行加密传输,保证了传输过程的安全可靠性。Specifically, after receiving the L2TP tunnel connection response information sent by the master server 103, the network access point device 102, according to the decrypted first tunnel configuration parameters and the second tunnel configuration parameters parsed from the L2TP tunnel connection response information, , generating an L2TP tunnel configuration negotiation result, and sending the generated L2TP tunnel configuration negotiation result to the master server 103 . In this way, the establishment of the L2TP tunnel connection between the network access point device 102 and the main station server 103 in the LTE network is completed. Then, the power distribution terminal 101 can pass through the network access point device 102, the LTE network, and the main station server in sequence. The station server 103 accesses the intranet of the power system. Among them, according to the specific implementation method of establishing the L2TP tunnel according to the first and second tunnel configuration parameters, the L2TP tunnel configuration negotiation result can be set as the minimum value of the same parameter limit value among the first tunnel configuration parameter and the second tunnel configuration parameter, Or the maximum value, or the average value, can also adopt technical means known to those skilled in the art, and will not be described in detail here. In this way, the communication data transmitted through the L2TP tunnel can be encrypted and transmitted according to the L2TP tunnel configuration negotiation result, thereby ensuring the security and reliability of the transmission process.

实际应用中,在配用电通信系统中的配用电终端101将携带有经会话密钥加密的第一隧道配置参数的L2TP隧道建立请求发送至网络接入点设备102之前,还可以通过网络接入点设备102、LTE网络,将包括配用电终端的用户名和认证密码的用户认证信息发送至设置于电力系统主站的认证服务器。继而,认证服务器对接收的用户认证信息进行认证,若通过认证,则将主站服务器103的服务器地址通过LTE网络,返回至网络接入点设备102。这样,网络接入点设备102可以根据接收的地址,将携带有第一隧道配置参数的L2TP隧道连接请求发送至配用电通信系统中的主站服务器103。继而,主站服务器103对接收的L2TP隧道连接请求进行响应。In practical applications, before the power distribution terminal 101 in the power distribution communication system sends the L2TP tunnel establishment request carrying the first tunnel configuration parameters encrypted by the session key to the network access point device 102, it may also pass the network The access point device 102 and the LTE network send user authentication information including the user name and authentication password of the power distribution terminal to the authentication server set at the main station of the power system. Then, the authentication server authenticates the received user authentication information, and if the authentication is passed, returns the server address of the master server 103 to the network access point device 102 through the LTE network. In this way, the network access point device 102 can send the L2TP tunnel connection request carrying the first tunnel configuration parameters to the master station server 103 in the power distribution communication system according to the received address. Then, the master server 103 responds to the received L2TP tunnel connection request.

本发明的发明人发现,L2TP隧道配置协商结果本质上是一种隧道传输协议,即对网络接入点设备102与主站服务器103之间消息传输方式进行定义控制,但并没有对传输的数据进行加密保护。The inventors of the present invention found that the negotiation result of the L2TP tunnel configuration is essentially a tunnel transmission protocol, which defines and controls the message transmission mode between the network access point device 102 and the main station server 103, but does not control the transmitted data Encryption protection.

因此,作为一种更优的实施方式,本发明的发明人考虑可以通过搭配其他安全协议实现传输数据的加密。例如,网络接入点设备102可以根据由配用电终端101发送的第三隧道配置参数、以及由主站服务器103发送的第四隧道配置参数,生成IPSec隧道配置协商结果,并将生成的IPSec隧道配置协商结果发送至主站服务器103。其中,第三隧道配置参数具体可以包括配用电终端101的用户名和密码、配用电终端101与网络接入点设备102之间共享的会话密钥;第四隧道配置参数具体可以包括主站服务器103的服务器地址、以及主站服务器103根据配用电终端101的用户名和密码为配用电终端101分配的内网地址等。这样,通过根据第三和第四隧道配置参数所生成的IPSec隧道配置协商结果,可以对IPSec隧道两端的配用电终端101和主站服务器103进行身份验证的同时,还可以对两者之间传输的数据进行加密,保证了传输数据的私有性,大大提高了传输数据的安全性。Therefore, as a more optimal implementation manner, the inventors of the present invention consider that the encryption of transmitted data can be realized by collaborating with other security protocols. For example, the network access point device 102 can generate an IPSec tunnel configuration negotiation result according to the third tunnel configuration parameter sent by the power distribution terminal 101 and the fourth tunnel configuration parameter sent by the master station server 103, and transfer the generated IPSec tunnel configuration The tunnel configuration negotiation result is sent to the master station server 103 . Wherein, the third tunnel configuration parameter may specifically include the user name and password of the power distribution terminal 101, the session key shared between the power distribution terminal 101 and the network access point device 102; the fourth tunnel configuration parameter may specifically include the master station The server address of the server 103 and the intranet address assigned by the main station server 103 to the power distribution terminal 101 according to the user name and password of the power distribution terminal 101 . In this way, through the IPSec tunnel configuration negotiation results generated according to the third and fourth tunnel configuration parameters, the power distribution terminal 101 and the main station server 103 at both ends of the IPSec tunnel can be authenticated, and the communication between the two can also be verified. The transmitted data is encrypted to ensure the privacy of the transmitted data and greatly improve the security of the transmitted data.

具体地,配用电终端101接收到网络接入点设备102返回的会话密钥后,除了向网络接入点设备102发送携带有经会话密钥加密的第一隧道配置参数的L2TP隧道建立请求外,还可以向网络接入点设备102发送携带有经会话密钥加密的第三隧道配置参数的IPSec隧道建立请求;网络接入点设备102接收到配用电终端101发送的IPSec隧道建立请求后,从中解析经会话密钥加密的第三隧道配置参数,并利用会话密钥解密出第三隧道配置参数,将解密出的第三隧道配置参数封装于IPSec隧道连接请求中,并将IPSec隧道连接请求发送至主站服务器103。继而,主站服务器103接收到网络接入点设备102发送的IPSec隧道连接请求后,可以从IPSec隧道连接请求中解析出第三隧道配置参数,确定出与第三隧道配置参数相对应的第四隧道配置参数;并向网络接入点设备102发送携带有第四隧道配置参数的IPSec隧道连接响应信息。这样,网络接入点设备102可以接收主站服务器103发送的IPSec隧道连接响应信息,并从IPSec隧道连接响应信息中解析出第四隧道配置参数;继而,可以根据第三隧道配置参数、以及第四隧道配置参数,生成IPSec隧道配置协商结果向主站服务器103发送。Specifically, after receiving the session key returned by the network access point device 102, the power distribution and utilization terminal 101, in addition to sending to the network access point device 102 an L2TP tunnel establishment request carrying the first tunnel configuration parameters encrypted by the session key In addition, an IPSec tunnel establishment request carrying the third tunnel configuration parameters encrypted by the session key may also be sent to the network access point device 102; the network access point device 102 receives the IPSec tunnel establishment request sent by the power distribution terminal 101 Finally, parse the third tunnel configuration parameters encrypted by the session key, and use the session key to decrypt the third tunnel configuration parameters, encapsulate the decrypted third tunnel configuration parameters in the IPSec tunnel connection request, and send the IPSec tunnel The connection request is sent to the master station server 103 . Then, after receiving the IPSec tunnel connection request sent by the network access point device 102, the main station server 103 can parse out the third tunnel configuration parameter from the IPSec tunnel connection request, and determine the fourth tunnel configuration parameter corresponding to the third tunnel configuration parameter. Tunnel configuration parameters; and sending IPSec tunnel connection response information carrying fourth tunnel configuration parameters to the network access point device 102 . In this way, the network access point device 102 can receive the IPSec tunnel connection response information sent by the master station server 103, and parse out the fourth tunnel configuration parameter from the IPSec tunnel connection response information; Four tunnel configuration parameters, generate an IPSec tunnel configuration negotiation result and send it to the master station server 103 .

这样,在将生成的L2TP隧道配置协商结果和IPSec隧道配置协商结果都发送至主站服务器103后,网络接入点设备102可以向配用电终端101返回隧道建立成功的响应信息。继而,配用电终端101接收到隧道建立成功的响应消息后,将经会话密钥加密的通信数据发送至网络接入点设备102。网络接入点设备102利用会话密钥对从配用电终端101接收的经会话密钥加密的通信数据进行解密,解密出通信数据;并根据L2TP隧道配置协商结果、IPSec隧道配置协商结果,对解密出的通信数据进行L2TP封装以及IPSec封装,并将封装生成的L2TP/IPSec数据包发送至主站服务器103。这样,主站服务器103可以根据L2TP隧道配置协商结果和IPSec隧道配置协商结果,从接收的L2TP/IPSec数据包中解析出所述通信数据。这样,通过L2TP隧道配置协商结果和IPSec隧道配置协商结果,可以实现对该通信数据进行加密的同时还控制了通信数据的传输方式,大大增强了网络接入点设备102与主站服务器103之间的通信安全。In this way, after sending both the generated L2TP tunnel configuration negotiation result and the IPSec tunnel configuration negotiation result to the master station server 103 , the network access point device 102 can return a response message indicating that the tunnel is established successfully to the power distribution terminal 101 . Then, after receiving the response message that the tunnel is established successfully, the power distribution terminal 101 sends the communication data encrypted by the session key to the network access point device 102 . The network access point device 102 uses the session key to decrypt the communication data encrypted by the session key received from the power distribution terminal 101, and decrypts the communication data; and according to the L2TP tunnel configuration negotiation result and the IPSec tunnel configuration negotiation result, the The decrypted communication data is encapsulated by L2TP and IPSec, and the L2TP/IPSec data packet generated by encapsulation is sent to the master server 103 . In this way, the main station server 103 can analyze the communication data from the received L2TP/IPSec data packet according to the L2TP tunnel configuration negotiation result and the IPSec tunnel configuration negotiation result. In this way, through the L2TP tunnel configuration negotiation result and the IPSec tunnel configuration negotiation result, the communication data can be encrypted while also controlling the transmission mode of the communication data, which greatly enhances the connection between the network access point device 102 and the main station server 103. communication security.

基于上述配用电通信系统、预先确定出的会话密钥、L2TP隧道配置协商结果和IPSec隧道配置协商结果,本发明实施例还提供了一种基于LTE网络的配用电通信系统的通信方法,其具体流程,如图4所示,可以包括如下步骤:Based on the above power distribution communication system, the predetermined session key, the L2TP tunnel configuration negotiation result and the IPSec tunnel configuration negotiation result, the embodiment of the present invention also provides a communication method for a power distribution communication system based on an LTE network, Its specific process, as shown in Figure 4, may include the following steps:

S401:配用电终端向网络接入点设备发送携带有密钥协商参数的会话请求。S401: The power distribution terminal sends a session request carrying key negotiation parameters to the network access point device.

具体地,配用电终端101可以将携带有经公钥加密的密钥协商参数的会话请求发送至网络接入点设备102。Specifically, the power distribution terminal 101 may send the session request carrying the key negotiation parameters encrypted by the public key to the network access point device 102 .

S402:网络接入点设备接收到会话请求后,根据公钥、预先存储的私钥以及所述密钥协商参数,生成会话密钥向配用电终端返回。S402: After receiving the session request, the network access point device generates a session key according to the public key, the pre-stored private key, and the key negotiation parameters and returns it to the power distribution terminal.

具体地,网络接入点设备102从会话请求中解析出经公钥加密的密钥协商参数,并利用预先存储的私钥对经公钥加密的密钥协商参数进行解密,得到密钥协商参数;根据公钥、私钥以及密钥协商参数,按照预设的长期演进LTE加密算法,生成会话密钥后发送至配用电终端101。关于网络接入点设备102生成会话密钥的具体实现方法,可以参照上述步骤S201-S204。Specifically, the network access point device 102 parses the key negotiation parameters encrypted by the public key from the session request, and uses the pre-stored private key to decrypt the key negotiation parameters encrypted by the public key to obtain the key negotiation parameters ; According to the public key, private key and key negotiation parameters, according to the preset long-term evolution LTE encryption algorithm, generate a session key and send it to the power distribution terminal 101 ; For the specific implementation method of generating the session key by the network access point device 102, reference may be made to the above steps S201-S204.

S403:配用电终端接收到会话密钥后,向网络接入点设备发送携带有经会话密钥加密的第一隧道配置参数的L2TP隧道建立请求。S403: After receiving the session key, the power distribution terminal sends an L2TP tunnel establishment request carrying the first tunnel configuration parameters encrypted by the session key to the network access point device.

具体地,配用电终端101接收到网络接入点设备102返回的会话密钥后,向网络接入点设备102发送携带有经会话密钥加密的第一隧道配置参数的L2TP隧道建立请求。Specifically, after receiving the session key returned by the network access point device 102, the power distribution terminal 101 sends to the network access point device 102 an L2TP tunnel establishment request carrying the first tunnel configuration parameters encrypted by the session key.

更优地,配用电终端101还可以向网络接入点设备102发送携带有经会话密钥加密的第三隧道配置参数的IPSec隧道建立请求。More preferably, the power distribution terminal 101 may also send an IPSec tunnel establishment request carrying the third tunnel configuration parameters encrypted with the session key to the network access point device 102 .

S404:网络接入点设备接收到L2TP隧道建立请求,从中解析、解密出第一隧道配置参数,并从主站服务器获取第二隧道配置参数;根据第一隧道配置参数、以及第二隧道配置参数,生成L2TP隧道配置协商结果向主站服务器发送,并向配用电终端返回隧道建立成功的响应信息。S404: The network access point device receives the L2TP tunnel establishment request, parses and decrypts the first tunnel configuration parameter from it, and obtains the second tunnel configuration parameter from the master station server; according to the first tunnel configuration parameter and the second tunnel configuration parameter , generate an L2TP tunnel configuration negotiation result and send it to the master server, and return a response message indicating that the tunnel is established successfully to the power distribution terminal.

具体地,网络接入点设备102生成L2TP隧道配置协商结果的具体实现方法,可以参照上述步骤S301-S304。Specifically, for a specific implementation method for the network access point device 102 to generate the L2TP tunnel configuration negotiation result, reference may be made to the above steps S301-S304.

更优地,网络接入点设备102接收到配用电终端101发送的IPSec隧道建立请求,从中解析、解密出第三隧道配置参数,并从主站服务器获取第四隧道配置参数;根据第三隧道配置参数、以及第四隧道配置参数,生成IPSec隧道配置协商结果向主站服务器发送;并在将L2TP隧道配置协商结果、IPSec隧道配置协商结果发送至主站服务器103后,向配用电终端101返回隧道建立成功的响应信息。关于网络接入点设备生成IPSec隧道配置协商结果的具体实现方法,可以参照上述步骤S301-S304。More preferably, the network access point device 102 receives the IPSec tunnel establishment request sent by the power distribution terminal 101, parses and decrypts the third tunnel configuration parameter from it, and obtains the fourth tunnel configuration parameter from the main station server; according to the third The tunnel configuration parameter and the fourth tunnel configuration parameter generate the IPSec tunnel configuration negotiation result and send it to the main station server; 101 returns the response information that the tunnel is established successfully. For the specific implementation method of generating the IPSec tunnel configuration negotiation result by the network access point device, reference may be made to the above steps S301-S304.

S405:配用电终端接收到隧道建立成功的响应信息后,将经会话密钥加密的通信数据发送至网络接入点设备。S405: After receiving the response information that the tunnel is established successfully, the power distribution terminal sends the communication data encrypted by the session key to the network access point device.

具体地,配用电通信系统中的配用电终端101在接收到网络接入点设备102返回的隧道建立成功的响应信息后,可以将经会话密钥加密的通信数据发送至配用电通信系统中的网络接入点设备102。其中,会话密钥是配用电终端101与网络接入点设备102之间共享的会话密钥。Specifically, after receiving the response information returned by the network access point device 102 indicating that the tunnel is successfully established, the power distribution terminal 101 in the power distribution communication system can send the communication data encrypted by the session key to the power distribution communication system. A network access point device 102 in the system. Wherein, the session key is a session key shared between the power distribution terminal 101 and the network access point device 102 .

S406:网络接入点设备利用会话密钥解密出通信数据,并根据L2TP隧道配置协商结果,对解密出的通信数据进行L2TP封装后,将封装生成的L2TP数据包发送至主站服务器。S406: The network access point device decrypts the communication data by using the session key, performs L2TP encapsulation on the decrypted communication data according to the L2TP tunnel configuration negotiation result, and sends the L2TP data packet generated by encapsulation to the main station server.

具体地,配用电通信系统中的网络接入点设备102接收由配用电终端101发送的经会话密钥加密的通信数据后,利用会话密钥解密出通信数据,并根据L2TP隧道配置协商结果,对解密出的通信数据进行L2TP封装,生成L2TP数据包,并通过LTE网络将生成的L2TP数据包发送至主站服务器103。Specifically, after the network access point device 102 in the power distribution communication system receives the communication data encrypted by the session key sent by the power distribution terminal 101, it uses the session key to decrypt the communication data, and negotiates according to the L2TP tunnel configuration. As a result, L2TP encapsulation is performed on the decrypted communication data to generate an L2TP packet, and the generated L2TP packet is sent to the master server 103 through the LTE network.

更优地,网络接入点设备102与主站服务器之间除了共享L2TP隧道配置协商结果外,还可以共享IPSec隧道配置协商结果,因此,网络接入点设备102还可以根据L2TP隧道配置协商结果和IPSec隧道配置协商结果,对利用所述会话密钥解密出的通信数据进行L2TP封装以及IPSec封装,生成L2TP/IPSec数据包,并将封装生成的L2TP/IPSec数据包发送至主站服务器103。More preferably, in addition to sharing the L2TP tunnel configuration negotiation result, the network access point device 102 and the main station server can also share the IPSec tunnel configuration negotiation result. Therefore, the network access point device 102 can also configure the negotiation result according to the L2TP tunnel configuration. According to the negotiation result of the IPSec tunnel configuration, L2TP encapsulation and IPSec encapsulation are performed on the communication data decrypted by the session key to generate an L2TP/IPSec data packet, and the L2TP/IPSec data packet generated by encapsulation is sent to the main station server 103.

S407:主站服务器根据L2TP隧道配置协商结果,从接收的L2TP数据包中解析出通信数据。S407: The master station server parses the communication data from the received L2TP data packet according to the L2TP tunnel configuration negotiation result.

具体地,主站服务器103通过LTE网络接收到网络接入点设备102发送的L2TP数据包后,可以根据预先从网络接入点设备102接收的L2TP隧道配置协商结果,对接收的L2TP数据包进行解析,得到配用电终端101预上传的通信数据。Specifically, after the master station server 103 receives the L2TP data packet sent by the network access point device 102 through the LTE network, it can perform the L2TP data packet received according to the L2TP tunnel configuration negotiation result received from the network access point device 102 in advance. By analyzing, the communication data pre-uploaded by the power distribution terminal 101 is obtained.

更优地,主站服务器103还可以接收网络接入点设备102发送的L2TP/IPSec数据包,根据L2TP隧道配置协商结果和IPSec隧道配置协商结果,对接收的L2TP/IPSec数据包进行解析,从中解析出配用电终端101上传的通信数据More preferably, the main station server 103 can also receive the L2TP/IPSec data packet sent by the network access point device 102, and analyze the received L2TP/IPSec data packet according to the L2TP tunnel configuration negotiation result and the IPSec tunnel configuration negotiation result, from which Analyze the communication data uploaded by the power distribution terminal 101

本发明的技术方案中,可以预先在配用电终端与网络接入点设备之间设置共享的会话密钥,保证配用电终端与网络接入点设备之间的通信安全;继而,在网络接入点设备与主站服务器之间设置L2TP隧道和IPSec隧道,对网络接入点设备与主站服务器之间传输的通信数据进行传输方式和内容上的双重加密保护,保证了网络接入点设备与主站服务器之间的通信安全。这样,本发明提供的通过经会话密钥加密、经L2TP隧道和IPSec隧道保护的通信数据传输通道进行通信的配用电终端系统,相比现有的配用电通信系统,具有更高的安全可靠性。In the technical solution of the present invention, a shared session key can be set between the power distribution terminal and the network access point device in advance to ensure the communication security between the power distribution terminal and the network access point device; The L2TP tunnel and IPSec tunnel are set up between the access point device and the main station server, and the transmission mode and content of the communication data transmitted between the network access point device and the main station server are protected by double encryption, ensuring that the network access point The communication between the device and the master server is secured. In this way, the power distribution terminal system provided by the present invention communicates through the communication data transmission channel encrypted by the session key and protected by the L2TP tunnel and the IPSec tunnel. Compared with the existing power distribution communication system, it has higher security. reliability.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序可以存储于一计算机可读取存储介质中,如:ROM/RAM、磁碟、光盘等。Those of ordinary skill in the art can understand that all or part of the steps in the method of the above-mentioned embodiments can be completed by instructing related hardware through a program, and the program can be stored in a computer-readable storage medium, such as: ROM/RAM, Diskettes, CDs, etc.

以上所述仅是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以作出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。The above is only a preferred embodiment of the present invention, it should be pointed out that for those of ordinary skill in the art, without departing from the principle of the present invention, some improvements and modifications can also be made, and these improvements and modifications should also be It is regarded as the protection scope of the present invention.

Claims (10)

1.一种基于LTE网络的配用电通信系统的通信方法,其特征在于,包括:1. A communication method of a distribution and utilization communication system based on an LTE network, characterized in that, comprising: 配用电终端向网络接入点设备发送携带有密钥协商参数的会话请求;The power distribution terminal sends a session request carrying key negotiation parameters to the network access point device; 网络接入点设备接收到所述会话请求后,根据公钥、预先存储的私钥以及所述密钥协商参数,生成会话密钥向所述配用电终端返回;After receiving the session request, the network access point device generates a session key according to the public key, the pre-stored private key, and the key negotiation parameters and returns it to the power distribution terminal; 配用电终端接收到所述会话密钥后,向所述网络接入点设备发送携带有经所述会话密钥加密的第一隧道配置参数的第2层隧道协议L2TP隧道建立请求;After receiving the session key, the power distribution terminal sends a Layer 2 Tunneling Protocol L2TP tunnel establishment request carrying the first tunnel configuration parameters encrypted by the session key to the network access point device; 网络接入点设备接收到所述L2TP隧道建立请求,从中解析、解密出第一隧道配置参数,并从主站服务器获取第二隧道配置参数;根据第一隧道配置参数、以及第二隧道配置参数,生成L2TP隧道配置协商结果向所述主站服务器发送,并向所述配用电终端返回隧道建立成功的响应信息;The network access point device receives the L2TP tunnel establishment request, parses and decrypts the first tunnel configuration parameter from it, and obtains the second tunnel configuration parameter from the master station server; according to the first tunnel configuration parameter and the second tunnel configuration parameter , generating an L2TP tunnel configuration negotiation result and sending it to the master station server, and returning a response message that the tunnel is established successfully to the power distribution terminal; 配用电终端接收到所述隧道建立成功的响应信息后,将经会话密钥加密的通信数据发送至网络接入点设备;After receiving the response information that the tunnel is successfully established, the power distribution terminal sends the communication data encrypted by the session key to the network access point device; 网络接入点设备利用所述会话密钥解密出通信数据,并根据所述L2TP隧道配置协商结果,对解密出的通信数据进行L2TP封装后发送至所述主站服务器;The network access point device uses the session key to decrypt the communication data, and according to the L2TP tunnel configuration negotiation result, L2TP-encapsulates the decrypted communication data and sends it to the master station server; 主站服务器根据所述L2TP隧道配置协商结果,从接收的L2TP数据包中解析出所述通信数据。The master station server parses the communication data from the received L2TP data packet according to the L2TP tunnel configuration negotiation result. 2.如权利要求1所述的方法,其特征在于,所述配用电终端向网络接入点设备发送携带有密钥协商参数的会话请求,具体包括:2. The method according to claim 1, wherein the power distribution terminal sends a session request carrying key negotiation parameters to the network access point device, specifically comprising: 配用电终端将携带有经公钥加密的密钥协商参数的会话请求发送至网络接入点设备;以及The power distribution terminal sends the session request carrying the key negotiation parameters encrypted by the public key to the network access point device; and 所述网络接入点设备接收到所述会话请求后,根据公钥、预先存储的私钥以及所述密钥协商参数,生成会话密钥,具体包括:After receiving the session request, the network access point device generates a session key according to the public key, the pre-stored private key, and the key negotiation parameters, specifically including: 网络接入点设备从所述会话请求中解析出经公钥加密的密钥协商参数,并利用预先存储的私钥对所述经公钥加密的密钥协商参数进行解密,得到密钥协商参数;根据所述公钥、所述私钥以及所述密钥协商参数,按照预设的长期演进LTE加密算法,生成会话密钥。The network access point device parses the key negotiation parameters encrypted by the public key from the session request, and uses the pre-stored private key to decrypt the key negotiation parameters encrypted by the public key to obtain the key negotiation parameters ; Generate a session key according to the public key, the private key, and the key negotiation parameters according to a preset Long Term Evolution LTE encryption algorithm. 3.如权利要求1所述的方法,其特征在于,所述公钥具体为所述网络接入点设备的标识信息;以及3. The method according to claim 1, wherein the public key is specifically identification information of the network access point device; and 在所述根据公钥、预先存储的私钥以及所述密钥协商参数,生成会话密钥之前,还包括:Before generating the session key according to the public key, the pre-stored private key and the key negotiation parameters, it further includes: 网络接入点设备接收到所述会话请求后,将其自身的标识信息发送至私钥生成器;After receiving the session request, the network access point device sends its own identification information to the private key generator; 私钥生成器接收网络接入点设备发送的标识信息,并从存储有LTE网络各接入点的标识信息的私钥库中,查找出与接收的标识信息相对应的私钥,并将查找出的私钥发送至网络接入点设备。The private key generator receives the identification information sent by the network access point device, and finds out the private key corresponding to the received identification information from the private key library storing the identification information of each access point of the LTE network, and searches The obtained private key is sent to the network access point device. 4.如权利要求1所述的方法,其特征在于,所述网络接入点设备接收到所述L2TP隧道建立请求,从中解析、解密出第一隧道配置参数,并从主站服务器获取第二隧道配置参数,具体包括:4. The method according to claim 1, wherein the network access point device receives the L2TP tunnel establishment request, parses and decrypts the first tunnel configuration parameter therefrom, and obtains the second tunnel configuration parameter from the master station server. Tunnel configuration parameters, including: 网络接入点设备从所述L2TP隧道建立请求中解析出经所述会话密钥加密的第一隧道配置参数后,利用所述会话密钥解密出第一隧道配置参数,并将解密出的第一隧道配置参数封装于L2TP隧道连接请求中后发送至主站服务器;After analyzing the first tunnel configuration parameter encrypted by the session key from the L2TP tunnel establishment request, the network access point device uses the session key to decrypt the first tunnel configuration parameter, and decrypts the decrypted second tunnel configuration parameter A tunnel configuration parameter is encapsulated in the L2TP tunnel connection request and sent to the master station server; 主站服务器从所述L2TP隧道连接请求中解析出第一隧道配置参数,并向网络接入点设备发送携带有与所述第一隧道配置参数相对应的第二隧道配置参数的L2TP隧道连接响应信息;The master station server parses out the first tunnel configuration parameter from the L2TP tunnel connection request, and sends an L2TP tunnel connection response carrying the second tunnel configuration parameter corresponding to the first tunnel configuration parameter to the network access point device information; 网络接入点设备从所述L2TP隧道连接响应信息中解析出第二隧道配置参数。The network access point device parses out the second tunnel configuration parameters from the L2TP tunnel connection response information. 5.如权利要求1所述的方法,其特征在于,所述配用电终端接收到所述会话密钥后,在所述向所述配用电终端返回隧道建立成功的响应信息之前,还包括:5. The method according to claim 1, wherein after the power distribution terminal receives the session key, before returning the response information that the tunnel is established successfully to the power distribution terminal, further include: 配用电终端向所述网络接入点设备发送携带有经所述会话密钥加密的第三隧道配置参数的互联网安全协议IPSec隧道建立请求;The power distribution terminal sends an Internet security protocol IPSec tunnel establishment request carrying the third tunnel configuration parameters encrypted by the session key to the network access point device; 网络接入点设备接收到所述IPSec隧道建立请求,从中解析、解密出第三隧道配置参数,并从主站服务器获取第四隧道配置参数;根据第三隧道配置参数、以及第四隧道配置参数,生成IPSec隧道配置协商结果向所述主站服务器发送;并The network access point device receives the IPSec tunnel establishment request, parses and decrypts the third tunnel configuration parameter therefrom, and obtains the fourth tunnel configuration parameter from the main station server; according to the third tunnel configuration parameter and the fourth tunnel configuration parameter , generating an IPSec tunnel configuration negotiation result and sending it to the master station server; and 在将所述L2TP隧道配置协商结果、所述IPSec隧道配置协商结果发送至所述主站服务器后,向所述配用电终端返回隧道建立成功的响应信息;以及After sending the L2TP tunnel configuration negotiation result and the IPSec tunnel configuration negotiation result to the master station server, return a response message indicating that the tunnel is established successfully to the power distribution terminal; and 所述根据所述L2TP隧道配置协商结果,对解密出的通信数据进行L2TP封装后发送至所述主站服务器,具体包括:According to the L2TP tunnel configuration negotiation result, the decrypted communication data is L2TP encapsulated and then sent to the master station server, specifically including: 网络接入点设备根据所述L2TP隧道配置协商结果、所述IPSec隧道配置协商结果,对解密出的通信数据进行L2TP封装以及IPSec封装,并将封装生成的L2TP/IPSec数据包发送至主站服务器;以及The network access point device performs L2TP encapsulation and IPSec encapsulation on the decrypted communication data according to the L2TP tunnel configuration negotiation result and the IPSec tunnel configuration negotiation result, and sends the L2TP/IPSec data packet generated by the encapsulation to the main station server ;as well as 所述主站服务器根据所述L2TP隧道配置协商结果,从接收的L2TP数据包中解析出所述通信数据,具体包括:The master station server parses the communication data from the received L2TP data packet according to the L2TP tunnel configuration negotiation result, specifically including: 主站服务器根据所述L2TP隧道配置协商结果和所述IPSec隧道配置协商结果,从接收的L2TP/IPSec数据包中解析出所述通信数据。The master server parses the communication data from the received L2TP/IPSec data packet according to the L2TP tunnel configuration negotiation result and the IPSec tunnel configuration negotiation result. 6.如权利要求5所述的方法,其特征在于,所述网络接入点设备接收到所述IPSec隧道建立请求,从中解析、解密出第三隧道配置参数,并从主站服务器获取第四隧道配置参数,具体包括:6. The method according to claim 5, wherein the network access point device receives the IPSec tunnel establishment request, parses and decrypts the third tunnel configuration parameter therefrom, and obtains the fourth tunnel configuration parameter from the main station server. Tunnel configuration parameters, including: 网络接入点设备从所述IPSec隧道建立请求中解析出经所述会话密钥加密的第三隧道配置参数后,利用所述会话密钥解密出第三隧道配置参数,并将解密出的第三隧道配置参数封装于IPSec隧道连接请求中后发送至主站服务器;After analyzing the third tunnel configuration parameter encrypted by the session key from the IPSec tunnel establishment request, the network access point device uses the session key to decrypt the third tunnel configuration parameter, and decrypts the decrypted third tunnel configuration parameter. The three tunnel configuration parameters are encapsulated in the IPSec tunnel connection request and sent to the master server; 主站服务器从所述IPSec隧道连接请求中解析出第三隧道配置参数,并向网络接入点设备发送携带有与所述第三隧道配置参数相对应的第四隧道配置参数的IPSec隧道连接响应信息;The master station server parses the third tunnel configuration parameter from the IPSec tunnel connection request, and sends an IPSec tunnel connection response carrying the fourth tunnel configuration parameter corresponding to the third tunnel configuration parameter to the network access point device information; 网络接入点设备从所述IPSec隧道连接响应信息中解析出第四隧道配置参数。The network access point device parses out the fourth tunnel configuration parameter from the IPSec tunnel connection response information. 7.一种基于LTE网络的配用电通信系统,其特征在于,包括:配用电终端、网络接入点设备、主站服务器;其中,7. A power distribution and utilization communication system based on an LTE network, comprising: a power distribution terminal, a network access point device, and a master server; wherein, 所述配用电终端用于向所述网络接入点设备发送携带有密钥协商参数的会话请求;从所述网络接入点设备接收到会话密钥后,向所述网络接入点设备发送携带有经所述会话密钥加密的第一隧道配置参数的L2TP隧道建立请求;从所述网络接入点设备接收到隧道建立成功的响应信息后,将经会话密钥加密的通信数据发送至所述网络接入点设备;The power distribution terminal is used to send a session request carrying key negotiation parameters to the network access point device; after receiving the session key from the network access point device, send the session key to the network access point device Send an L2TP tunnel establishment request carrying the first tunnel configuration parameters encrypted by the session key; after receiving a response message that the tunnel is successfully established from the network access point device, send the communication data encrypted by the session key to to the network access point device; 网络接入点设备用于从所述配用电终端接收到所述会话请求后,根据公钥、预先存储的私钥以及所述密钥协商参数,生成会话密钥并向所述配用电终端返回;从所述配用电终端接收到所述L2TP隧道建立请求,从中解析、解密出第一隧道配置参数,并从所述主站服务器获取第二隧道配置参数;根据第一隧道配置参数、以及第二隧道配置参数,生成L2TP隧道配置协商结果向所述主站服务器发送,并向所述配用电终端返回隧道建立成功的响应信息;接收到所述配用电终端发送的经会话密钥加密的通信数据后,利用所述会话密钥解密出通信数据,并根据所述L2TP隧道配置协商结果,对解密出的通信数据进行L2TP封装后发送至所述主站服务器;The network access point device is configured to, after receiving the session request from the power distribution terminal, generate a session key according to the public key, the pre-stored private key, and the key negotiation parameters, and send the session key to the power distribution terminal. The terminal returns; receiving the L2TP tunnel establishment request from the power distribution terminal, parsing and decrypting the first tunnel configuration parameter, and obtaining the second tunnel configuration parameter from the master station server; according to the first tunnel configuration parameter , and the second tunnel configuration parameters, generate an L2TP tunnel configuration negotiation result and send it to the master station server, and return a response message that the tunnel is successfully established to the power distribution terminal; receive the session information sent by the power distribution terminal After the key-encrypted communication data, use the session key to decrypt the communication data, and according to the L2TP tunnel configuration negotiation result, perform L2TP encapsulation on the decrypted communication data and send it to the master station server; 主站服务器用于根据所述L2TP隧道配置协商结果,从接收的L2TP数据包中解析出所述通信数据。The master station server is configured to parse out the communication data from the received L2TP data packet according to the L2TP tunnel configuration negotiation result. 8.如权利要求7所述的系统,其特征在于,所述系统还包括:私钥生成器;以及8. The system of claim 7, further comprising: a private key generator; and 所述公钥具体为所述网络接入点设备的标识信息;以及The public key is specifically identification information of the network access point device; and 所述配用电终端具体用于将携带有经公钥加密的密钥协商参数的会话请求发送至网络接入点设备;以及The power distribution terminal is specifically configured to send the session request carrying the key negotiation parameters encrypted by the public key to the network access point device; and 所述网络接入点设备具体用于在从所述配用电终端接收到所述会话请求后,将其自身的标识信息发送至所述私钥生成器,并从所述私钥生成器接收与所述标识信息相对应的私钥;从所述会话请求中解析出经公钥加密的密钥协商参数,并利用从所述私钥生成器接收与所述标识信息相对应的私钥对所述经公钥加密的密钥协商参数进行解密,得到密钥协商参数;根据所述公钥、所述私钥以及所述密钥协商参数,按照预设的长期演进LTE加密算法,生成会话密钥;以及The network access point device is specifically configured to, after receiving the session request from the power distribution terminal, send its own identification information to the private key generator, and receive from the private key generator a private key corresponding to the identification information; parsing the key negotiation parameters encrypted by the public key from the session request, and using the private key pair corresponding to the identification information received from the private key generator The key negotiation parameters encrypted by the public key are decrypted to obtain the key negotiation parameters; according to the public key, the private key and the key negotiation parameters, according to the preset long-term evolution LTE encryption algorithm, a session is generated key; and 所述私钥生成器用于在接收到所述网络接入点设备发送的标识信息后,从存储有LTE网络各接入点的标识信息的私钥库中,查找出与接收的标识信息相对应的私钥,并将查找出的私钥发送至所述网络接入点设备。The private key generator is configured to, after receiving the identification information sent by the network access point device, find out the key corresponding to the received identification information from the private key library storing the identification information of each access point of the LTE network. private key, and send the found private key to the network access point device. 9.如权利要求7所述的系统,其特征在于,所述网络接入点设备具体用于从所述配用电终端接收到L2TP隧道建立请求后,从所述L2TP隧道建立请求中解析出经所述会话密钥加密的第一隧道配置参数,利用所述会话密钥解密出第一隧道配置参数,并将解密出的第一隧道配置参数封装于L2TP隧道连接请求中后发送至主站服务器;从所述主站服务器接收到L2TP隧道连接响应信息后,从所述L2TP隧道连接响应信息中解析出第二隧道配置参数;以及9. The system according to claim 7, wherein the network access point device is specifically configured to parse out the L2TP tunnel establishment request from the L2TP tunnel establishment request after receiving the L2TP tunnel establishment request from the power distribution terminal The first tunnel configuration parameter encrypted by the session key is decrypted by the session key to obtain the first tunnel configuration parameter, and the decrypted first tunnel configuration parameter is encapsulated in an L2TP tunnel connection request and sent to the master station The server; after receiving the L2TP tunnel connection response information from the main station server, parse the second tunnel configuration parameter from the L2TP tunnel connection response information; and 所述主站服务器具体用于从所述网络接入点设备接收到L2TP隧道连接请求后,从所述L2TP隧道连接请求中解析出第一隧道配置参数,并向网络接入点设备发送携带有与所述第一隧道配置参数相对应的第二隧道配置参数的L2TP隧道连接响应信息。The master station server is specifically configured to, after receiving the L2TP tunnel connection request from the network access point device, parse the first tunnel configuration parameter from the L2TP tunnel connection request, and send the first tunnel configuration parameter to the network access point device with L2TP tunnel connection response information of the second tunnel configuration parameter corresponding to the first tunnel configuration parameter. 10.如权利要求7所述的系统,其特征在于,所述配用电终端还用于向所述网络接入点设备发送携带有经所述会话密钥加密的第三隧道配置参数的IPSec隧道建立请求;以及10. The system according to claim 7, wherein the power distribution terminal is further configured to send an IPSec packet carrying the third tunnel configuration parameters encrypted by the session key to the network access point device. a tunnel establishment request; and 所述网络接入点设备还用于接收到所述配用电终端发送的所述IPSec隧道建立请求后,从中解析、解密出第三隧道配置参数,并从主站服务器获取第四隧道配置参数;根据第三隧道配置参数、以及第四隧道配置参数,生成IPSec隧道配置协商结果向所述主站服务器发送;并在将所述L2TP隧道配置协商结果、所述IPSec隧道配置协商结果发送至所述主站服务器后,向所述配用电终端返回隧道建立成功的响应信息;利用所述会话密钥对从所述配用电终端接收的经会话密钥加密的通信数据进行解密;根据所述L2TP隧道配置协商结果、所述IPSec隧道配置协商结果,对解密出的通信数据进行L2TP封装以及IPSec封装,并将封装生成的L2TP/IPSec数据包发送至主站服务器;以及The network access point device is further configured to parse and decrypt the third tunnel configuration parameter from the IPSec tunnel establishment request sent by the power distribution terminal, and obtain the fourth tunnel configuration parameter from the main station server ; According to the third tunnel configuration parameter and the fourth tunnel configuration parameter, generate an IPSec tunnel configuration negotiation result and send it to the master station server; and send the L2TP tunnel configuration negotiation result and the IPSec tunnel configuration negotiation result to the master station server After the main station server, return the response information that the tunnel is successfully established to the power distribution terminal; use the session key to decrypt the communication data encrypted by the session key received from the power distribution terminal; according to the The L2TP tunnel configuration negotiation result, the IPSec tunnel configuration negotiation result, perform L2TP encapsulation and IPSec encapsulation on the decrypted communication data, and send the L2TP/IPSec data packet generated by the encapsulation to the master station server; and 主站服务器还用于根据所述L2TP隧道配置协商结果和所述IPSec隧道配置协商结果,从接收的L2TP/IPSec数据包中解析出所述通信数据。The master station server is further configured to parse out the communication data from the received L2TP/IPSec data packet according to the L2TP tunnel configuration negotiation result and the IPSec tunnel configuration negotiation result.
CN201410220554.2A 2014-05-23 2014-05-23 Adapted electrical communication system and its communication means based on LTE network Active CN104038931B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410220554.2A CN104038931B (en) 2014-05-23 2014-05-23 Adapted electrical communication system and its communication means based on LTE network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410220554.2A CN104038931B (en) 2014-05-23 2014-05-23 Adapted electrical communication system and its communication means based on LTE network

Publications (2)

Publication Number Publication Date
CN104038931A CN104038931A (en) 2014-09-10
CN104038931B true CN104038931B (en) 2017-09-12

Family

ID=51469489

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410220554.2A Active CN104038931B (en) 2014-05-23 2014-05-23 Adapted electrical communication system and its communication means based on LTE network

Country Status (1)

Country Link
CN (1) CN104038931B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106385676A (en) * 2016-08-31 2017-02-08 国网河南省电力公司开封供电公司 Safety encryption electric power wireless communication system
CN108810023A (en) * 2018-07-19 2018-11-13 北京智芯微电子科技有限公司 Safe encryption method, key sharing method and safety encryption isolation gateway
CN108900540B (en) * 2018-08-10 2021-09-03 南方电网科学研究院有限责任公司 Service data processing method of power distribution terminal based on double encryption
CN114531225B (en) * 2020-11-02 2024-09-17 深圳Tcl新技术有限公司 End-to-end communication encryption method and device, storage medium and terminal equipment
CN115052050B (en) * 2022-04-26 2024-06-28 深圳市云伽智能技术有限公司 ICAP protocol-based session negotiation method, device and controller

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101983517A (en) * 2008-04-02 2011-03-02 诺基亚西门子通信公司 Security for a non-3gpp access to an evolved packet system
CN103269326A (en) * 2012-12-22 2013-08-28 潘铁军 Safety equipment, multi-application system and safety method for ubiquitous networks

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9578041B2 (en) * 2010-10-25 2017-02-21 Nokia Technologies Oy Verification of peer-to-peer multimedia content

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101983517A (en) * 2008-04-02 2011-03-02 诺基亚西门子通信公司 Security for a non-3gpp access to an evolved packet system
CN103269326A (en) * 2012-12-22 2013-08-28 潘铁军 Safety equipment, multi-application system and safety method for ubiquitous networks

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
配电网信息采集系统数据通路复用及安全加密的研究;徐显秋;《重庆科技学院学报》;20131031;全文 *

Also Published As

Publication number Publication date
CN104038931A (en) 2014-09-10

Similar Documents

Publication Publication Date Title
US10129031B2 (en) End-to-end service layer authentication
US11864263B2 (en) Wireless connection establishing methods and wireless connection establishing apparatuses
US9668230B2 (en) Security integration between a wireless and a wired network using a wireless gateway proxy
US20190068591A1 (en) Key Distribution And Authentication Method And System, And Apparatus
CN105723648B (en) A key configuration method, system and device
US10305684B2 (en) Secure connection method for network device, related apparatus, and system
EP3057351B1 (en) Access method, system, and device of terminal, and computer storage medium
CN102695168B (en) Terminal equipment, encrypted gateway and method and system for wireless network safety communication
US20200228977A1 (en) Parameter Protection Method And Device, And System
CN104038931B (en) Adapted electrical communication system and its communication means based on LTE network
US20160261414A1 (en) Secure authentication of remote equipment
CN116368833A (en) Method and system for establishment and authentication of secure connections for edge computing services
CN108900540B (en) Service data processing method of power distribution terminal based on double encryption
KR20180130203A (en) APPARATUS FOR AUTHENTICATING IoT DEVICE AND METHOD FOR USING THE SAME
CN104619040A (en) Method and system for quickly connecting WIFI equipment
CN106790086A (en) A kind of safety access method and device of electric power VoLTE business
CN105577365A (en) A key negotiation method and device for user access to WLAN
CN110943835A (en) Distribution network encryption method and system for sending wireless local area network information
CN108966217B (en) Secret communication method, mobile terminal and secret gateway
CN105591748B (en) A kind of authentication method and device
CN108966214B (en) Authentication method of wireless network, and secure communication method and system of wireless network
CN111064752B (en) Preset secret key sharing system and method based on public network
CN114007282A (en) Wireless safety access gateway
CN104243416B (en) Encryption communication method, system and relevant device
CN210578645U (en) Encryption communication device and terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant