CN113378189A

Movatterモバイル変換

Info

Publication number: CN113378189A
Application number: CN202110601381.9A
Authority: CN
Inventors: 刘兴奇; 刘宣; 唐悦; 赵兵; 林繁涛; 陈昊; 祝恩国; 邹和平; 巫钟兴; 窦健; 张宇鹏; 朱子旭; 郄爽; 韩月
Original assignee: China Electric Power Research Institute Co Ltd CEPRI; State Grid Corp of China SGCC
Current assignee: China Electric Power Research Institute Co Ltd CEPRI; State Grid Corp of China SGCC
Priority date: 2021-05-31
Filing date: 2021-05-31
Publication date: 2021-09-10

Abstract

Translated fromChinese

本发明公开了一种用于负荷辨识模组的认证校验方法及系统，包括：校验方发送查询模组的软件标识查询报文至目标负荷辨识模组，并接收目标负荷辨识模组反馈的软件标识数据；校验方发送查询模组的动态校验码查询报文至所述目标负荷辨识模组，并接收目标负荷辨识模组根据所述软件标识数据和当前的时间戳数据按照预设的加密方式进行加密计算得到并反馈的第一动态校验码；校验方根据接收到的软件标识数据和当前的时间戳数据按照预设的加密方式进行加密计算，以获取第二动态校验码；校验方将第一动态校验码和第二动态校验码进行比对，并当比对结果指示所述第一动态校验码和第二动态校验码一致时，确定所述目标负荷辨识模组通过合法性的认证校验。

The invention discloses an authentication verification method and system for a load identification module, comprising: a verification party sends a software identification query message of a query module to a target load identification module, and receives feedback from the target load identification module software identification data; the verification party sends the dynamic check code query message of the query module to the target load identification module, and receives the target load identification module according to the software identification data and the current time stamp data according to the preset The first dynamic verification code obtained by performing encryption calculation and feedback in the set encryption method; the verification party performs encryption calculation according to the preset encryption method according to the received software identification data and the current time stamp data, so as to obtain the second dynamic verification code. verification code; the verification party compares the first dynamic verification code and the second dynamic verification code, and when the comparison result indicates that the first dynamic verification code and the second dynamic verification code are consistent, determine the The target load identification module has passed the legality verification.

Description

Authentication and verification method and system for load identification module

Technical Field

The present invention relates to the field of authentication and verification technologies, and in particular, to an authentication and verification method and system for a load identification module.

Background

The new generation of the IOT table supports a plurality of module slots, wherein one module is used for identifying load characteristics so as to optimize user experience and electricity utilization safety. In order to enhance the universality and stability of hardware, a unified hardware platform is provided for a power grid, products with the same hardware specification are used by various manufacturers, the universality of the hardware is ensured, and load identification software and algorithms are developed on the basis of the hardware. At present, hardware access equipment needs to be managed and controlled, and unauthorized hardware equipment is prevented from accessing the network, so that the running stability of the whole power grid equipment is influenced.

Therefore, an authentication and verification method for a load identification module is needed.

Disclosure of Invention

The invention provides an authentication and verification method and system for a load identification module, which aim to solve the problem of accurately and efficiently authenticating and verifying the load identification module.

In order to solve the above problem, according to an aspect of the present invention, there is provided an authentication verification method for a load identification module, the method including:

the checking party sends a software identification query message of the query module to the target load identification module and receives software identification data fed back by the target load identification module according to the software identification query message;

the checking party sends a dynamic check code inquiry message of the inquiry module to the target load identification module, and receives a first dynamic check code which is obtained and fed back by the target load identification module through encryption calculation according to the software identification data and the current timestamp data in a preset encryption mode;

the verifier carries out encryption calculation according to the received software identification data and the current timestamp data in a preset encryption mode to obtain a second dynamic check code;

and the verifier compares the first dynamic check code with the second dynamic check code and determines that the target load identification module passes the legal authentication check when the comparison result indicates that the first dynamic check code is consistent with the second dynamic check code.

Preferably, the software identification data comprises: software production number, software delivery version number and serial number.

Preferably, the performing encryption calculation according to the software identification data and the current timestamp data in a preset encryption manner includes:

connecting the software identification data with the current timestamp data to determine plaintext data;

multiplying each byte code in the plaintext data with a byte code of a corresponding byte in the private key respectively according to a byte sequence to obtain first encrypted data;

adding each byte code in the first encrypted data to obtain second encrypted data;

and taking the last but one bit of the second encrypted data as a dynamic check code obtained through encryption calculation.

Preferably, wherein the method further comprises:

and if the penultimate bit of the second encrypted data is null, determining that the dynamic check code is 0.

Preferably, wherein the method further comprises:

before authentication and verification, a verifier distributes a private key to a load identification module so that the load identification module receives and stores the private key; the load identification module and the private key are in one-to-one correspondence.

According to another aspect of the present invention, there is provided an authentication verification system for a load identification module, the system comprising:

the first query message sending unit is used for enabling the checking party to send a software identification query message of the query module to the target load identification module and receiving software identification data fed back by the target load identification module according to the software identification query message;

the second query message sending unit is used for enabling the verifier to send a dynamic check code query message of the query module to the target load identification module and receiving a first dynamic check code which is obtained and fed back by the target load identification module through encryption calculation according to the software identification data and the current timestamp data in a preset encryption mode;

the second dynamic check code calculating unit is used for enabling the checking party to carry out encryption calculation according to the received software identification data and the current timestamp data in a preset encryption mode so as to obtain a second dynamic check code;

and the authentication and verification unit is used for enabling a verifier to compare the first dynamic verification code with the second dynamic verification code and determining that the target load identification module passes the authentication and verification of the legality when the comparison result indicates that the first dynamic verification code is consistent with the second dynamic verification code.

Preferably, the target load identification module and the second dynamic verification code calculation unit perform encryption calculation according to the software identification data and the current timestamp data in a preset encryption manner, and include:

Preferably, wherein the system further comprises:

the private key distribution unit is used for enabling the verifier to distribute the private key to the load identification module before authentication and verification so that the load identification module receives and stores the private key; the load identification module and the private key are in one-to-one correspondence.

The invention provides an authentication and verification method and system for a load identification module, which comprises the following steps: the verifier and the load identification module respectively carry out encryption calculation according to the software identification data and the timestamp data of the load identification module to obtain a dynamic check code, and the dynamic check codes of the verifier and the load identification module are compared with the second dynamic check code to carry out authentication and check on the legality of the load identification module; the encryption algorithm of the invention is complex, and illegal hardware can not encrypt under the condition that software identification data or private key can not be known, so legal network access can not be carried out, and the safety coefficient of authentication and verification is increased.

Drawings

A more complete understanding of exemplary embodiments of the present invention may be had by reference to the following drawings in which:

FIG. 1 is a flowchart of anauthentication verification method 100 for a load identification module according to an embodiment of the present invention;

fig. 2 is a schematic structural diagram of anauthentication verification system 200 for load identification modules according to an embodiment of the present invention.

Detailed Description

The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the embodiments described herein, which are provided for complete and complete disclosure of the present invention and to fully convey the scope of the present invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, the same units/elements are denoted by the same reference numerals.

Unless otherwise defined, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Further, it will be understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.

Fig. 1 is a flowchart of anauthentication verification method 100 for a load identification module according to an embodiment of the invention. As shown in fig. 1, the authentication and verification method for a load identification module according to the embodiment of the present invention has a complex encryption algorithm, and when an illegal hardware cannot obtain software identification data or a private key, the illegal hardware cannot perform encryption, so that legal network access cannot be performed, and the security coefficient of authentication and verification is increased. In the authentication andverification method 100 for a load identification module according to the embodiment of the present invention, starting fromstep 101, a verifying party sends a software identifier query message of a query module to a target load identification module instep 101, and receives software identifier data fed back by the target load identification module according to the software identifier query message.

In the invention, the checking party can be a system master station or an electric energy meter, and the checking party initiates a software identification query message for querying the load identification module to the target load identification module and receives software identification data fed back by the target load identification module.

In the present invention, the software identification data includes: the software production number, the software factory version number and the serial number are 16 bits in total. The modules of each legal module manufacturer have unique software production numbers, and unique software identifiers are formed by adding software version numbers and production serial numbers, wherein the software identifiers are shown in table 1.

TABLE 1 software identification composition table

Instep 102, the verifier sends a dynamic check code query message of the query module to the target load identification module, and receives a first dynamic check code which is obtained and fed back by the target load identification module through encryption calculation according to the software identification data and the current timestamp data in a preset encryption manner.

Instep 103, the verifier performs encryption calculation according to the received software identification data and the current timestamp data in a preset encryption manner to obtain a second dynamic check code.

Preferably, wherein the method further comprises:

In the invention, the checking party initiates a dynamic check code query message of the query module and receives a first dynamic check code fed back by the target load identification module. The first dynamic check code is obtained by encrypting and calculating the target load identification module according to the software identification data of the target load identification module and the current timestamp data in a preset encryption mode.

Specifically, the process that the target load identification module carries out encryption calculation according to software identification data and current timestamp data of the target load identification module and a preset encryption mode to obtain a first dynamic check code comprises the following steps: connecting the software identification data with the current timestamp data to determine plaintext data; multiplying each byte code in the plaintext data with a byte code of a corresponding byte in the private key respectively according to a byte sequence to obtain first encrypted data; adding each byte code in the first encrypted data to obtain second encrypted data; and taking the last but one bit of the second encrypted data as a dynamic check code obtained through encryption calculation. And if the penultimate bit of the second encrypted data is null, determining that the dynamic check code is 0. In addition, before the authentication and the verification, the verifier distributes the private key to the load identification module so that the load identification module receives and stores the private key; the load identification module and the private key are in one-to-one correspondence.

For example, the software identification of a company's module is: 0001001000000001, the private key is: 1111111111111111, when the current time is 12 months, 21 days 09. The whole calculation flow is shown in table 2.

TABLE 2 dynamic check code calculation process table

Wherein, the partial data in table 1 mean: number of bytes (16 software identifiers, 6 times); software identification + time (0001001000000001+ 122109); a private key (1111111111111111111111); first encrypted data (software identification + time multiplied by the private encryption code corresponding bit); second encrypted data (all first encrypted data results added); dynamic check code (take the second last digit of the second encrypted data, if the second encrypted data <10, then the dynamic check code is 0). The private key is a unique key possessed by each load identification algorithm, is distributed for the verifier, is only public for the verifier and the user, and is unknown to other third parties. The generation of the dynamic check code is divided into 3 steps, including: the first step is as follows: multiplying 22 bytes of data consisting of the software identification of 16 bytes and the time stamp of 6 bytes by corresponding byte bits of the private key of 22 bytes; the second step is that: adding 22 data generated by the first encrypted data to obtain a result; the third step: and taking the ten digits of the second encrypted data as the dynamic check code. Wherein, if the result obtained in the second step is less than 10, the tens number is 0.

Specifically, the table includes a first action of total number of bytes, 16-byte software identifier, 6-byte time, and a second action of 16-byte software identifier 0001001000000001 and 6-byte time 122109, i.e., light green part and blue part, respectively, which will be referred to as identification codes hereinafter. The third behavior is a 16 byte factory private password 1111111111111111111. The first step of encryption is to multiply the 16-byte identifier of the second row by the corresponding bit of the vendor private key of the third row, i.e., the 1 st byte identifier by the 1 st byte private key, until the 16 th byte identifier by the 16 th byte private key, the result is 0001001000000001122109 in the fourth row of the table. The second step of encryption is to sum the 16 byte results obtained in the first step, i.e. the 1 st bit plus the 2 nd bit plus the 3 rd bit until the 16 th bit, to obtain a sum result of 18. The final step of encryption is to take the ten digits of the 10-system sum result of the last step, namely 1 in 18, which is the result of the verification algorithm.

In the invention, the byte check result generated by the load identification module is the first dynamic check code, and the first dynamic check code is replied to the checking party (the system master station or the electric energy meter), so that the checking party (the system master station or the electric energy meter) compares the result with the second dynamic check code calculated by the checking party (the system master station or the electric energy meter) for checking.

The following description is required in the process: the software identification is plaintext and can be read by any equipment; the private key is a cipher text, the device layer stores the unique encryption code, and the verifying party stores all distributed private encryption codes so as to ensure the correct identification of one encryption code; in the interaction process of the detection party, the detection party records the unique software identifier of the hardware while removing the legality of the authentication hardware. Therefore, the legality and uniqueness of the modular combination in the detection system are verified; the time identification can be expanded to 3 months and 30 days in 2021 as 08: 34: 37 can be converted into 20210330083437 to increase the dynamicity and complexity of the encryption code by customizing options of time format, length, number of bits and the like; the calculation method of the first encrypted data and the second encrypted data may also be customized.

In the invention, the verifier carries out encryption calculation according to the received software identification data and the current timestamp data in a preset encryption mode at the same time so as to obtain the second dynamic verification code. Specifically, the manner of acquiring the second dynamic check code is the same as the manner of acquiring the first dynamic check code by the target load identification module, and is not described herein again.

Instep 104, the verifier compares the first dynamic verification code with the second dynamic verification code, and determines that the target load identification module passes the authentication verification of validity when the comparison result indicates that the first dynamic verification code is consistent with the second dynamic verification code.

In the invention, when a verifier calculates to obtain a second dynamic check code and receives a first dynamic check code, the first dynamic check code and the second dynamic check code are compared, and when a comparison result indicates that the first dynamic check code and the second dynamic check code are consistent, the target load identification module is determined to pass the legal authentication check. After the dynamic verification method is used, if the target load identification module is determined to be illegal hardware equipment, the illegal hardware equipment cannot carry out normal service communication with a verifier (a system master station or an electric energy meter).

The dynamic verification encryption algorithm performs encryption calculation by combining a plurality of elements such as company private passwords, company manufacturer codes, hardware delivery serial numbers and software version numbers, so that the encryption complexity is extremely high, and illegal hardware cannot perform encryption and cannot perform legal network access under the condition that any one element cannot be known. By the dynamic verification mode, the safety factor of the verification is greatly increased. Making it more difficult to break the password.

Fig. 2 is a schematic structural diagram of anauthentication verification system 200 for load identification modules according to an embodiment of the present invention. As shown in fig. 2, anauthentication verification system 200 for load identification modules according to an embodiment of the present invention includes: a first query message sending unit 201, a second query message sending unit 202, a second dynamic check code calculating unit 203 and an authentication checking unit 204.

Preferably, the first query packet sending unit 201 is configured to enable the verifier to send a software identifier query packet of the query module to the target load identification module, and receive software identifier data fed back by the target load identification module according to the software identifier query packet.

Preferably, the second query message sending unit 202 is configured to enable the verifier to send a dynamic check code query message of the query module to the target load identification module, and receive the first dynamic check code obtained and fed back by the target load identification module through encryption calculation according to the software identification data and the current timestamp data in a preset encryption manner.

Preferably, the second dynamic check code calculating unit 203 is configured to enable the verifier to perform encryption calculation according to the received software identification data and the current timestamp data in a preset encryption manner, so as to obtain the second dynamic check code.

Preferably, the target load identification module and the second dynamic verification code calculation unit 203 perform encryption calculation according to the software identification data and the current timestamp data in a preset encryption manner, including:

Preferably, wherein the system further comprises:

Preferably, the authentication and verification unit 204 is configured to enable a verifier to compare the first dynamic verification code with the second dynamic verification code, and determine that the target load identification module passes the legal authentication and verification when the comparison result indicates that the first dynamic verification code is consistent with the second dynamic verification code.

Theauthentication verification system 200 for load identification module according to the embodiment of the present invention corresponds to theauthentication verification method 100 for load identification module according to another embodiment of the present invention, and is not described herein again.

The invention has been described with reference to a few embodiments. However, other embodiments of the invention than the one disclosed above are equally possible within the scope of the invention, as would be apparent to a person skilled in the art from the appended patent claims.

Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein. All references to "a/an/the [ device, component, etc ]" are to be interpreted openly as referring to at least one instance of said device, component, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.