Search

CN-122027215-A - Plaintext-ciphertext data communication method, plaintext-ciphertext data communication device, electronic equipment and storage medium

CN122027215ACN 122027215 ACN122027215 ACN 122027215ACN-122027215-A

Abstract

The application relates to a plaintext-ciphertext data communication method, a device, electronic equipment and a storage medium, which relate to the technical field of industrial data communication and comprise the steps of acquiring an industrial message from a machine set domain or a public domain, carrying out protocol identification on the industrial message, determining that the industrial message is a plaintext message or a ciphertext message, carrying out encryption processing on the identified industrial message which is the plaintext message Wen Duiming message so as to convert the plaintext message into the ciphertext message conforming to the protocol format of the machine set domain, carrying out decryption processing on the ciphertext message so as to convert the ciphertext message into the plaintext message conforming to the protocol format of the public domain, forwarding the converted ciphertext message to the machine set domain, and adopting the technical scheme, seamless butt joint of messages with different protocol formats is realized, protocol island phenomenon is eliminated, communication can be directly carried out between two domains, and the stability and reliability of a system are improved.

Inventors

  • WANG CHAOHUI
  • YANG LIYE
  • LIANG HUALIN
  • LIU LI
  • ZHAO XIAOYAN
  • HAN FENG
  • BAI WEIMING

Assignees

  • 国能智深控制技术有限公司

Dates

Publication Date
20260512
Application Date
20260105

Claims (10)

  1. 1. A method of plaintext-ciphertext data communication, the method comprising: acquiring an industrial message from a unit domain or a public domain in real time; Carrying out protocol identification on the industrial message, and determining that the industrial message is a plaintext message from the public domain or a ciphertext message from the unit domain; if the industrial message is identified as a plaintext message, encrypting the plaintext message to convert the plaintext message into a ciphertext message conforming to a protocol format of the machine set domain, and if the industrial message is identified as the ciphertext message, decrypting the ciphertext message to convert the ciphertext message into a plaintext message conforming to a protocol format of the public domain; And forwarding the converted ciphertext message to the machine set domain, and/or forwarding the converted plaintext message to the public domain.
  2. 2. The method of claim 1, wherein the obtaining, in real time, the industrial message from the plant domain or the public domain comprises: Capturing industrial messages from the unit domain or the public domain from a direct memory access annular buffer area of the network card in a preset batch packet number through a polling mode; and carrying out message aggregation treatment on the industrial messages, and carrying out cyclic redundancy check on the aggregated industrial messages.
  3. 3. The method according to claim 2, wherein the performing protocol identification on the industrial message, determining that the industrial message is a plaintext message from the public domain or a ciphertext message from the machine set domain, includes: The hardware acceleration module is utilized to carry out parallel feature comparison on the industrial message which is successfully checked according to the preset encrypted frame feature code and the preset plaintext frame feature code; If the message characteristics of the industrial message are matched with the preset encrypted frame characteristic codes, judging that the industrial message is a ciphertext message from the unit domain; And if the message characteristics of the industrial message are matched with the preset plaintext frame feature codes, judging that the industrial message is a plaintext message from the public domain.
  4. 4. A method according to any one of claims 1-3, wherein after said protocol identification of said industrial message, determining that said industrial message is a plaintext message from said public domain or a ciphertext message from said machine set domain, said method further comprises: Determining the message type of the industrial message; dividing the industrial message into different priority queues according to the message type; and scheduling each priority queue by adopting a weighted polling mechanism, and preferentially processing the industrial messages with high priority.
  5. 5. The method of claim 4, wherein the message types include control frames, diagnostic frames, data frames, and log frames; the dividing the industrial message into different priority queues according to the message type includes: If the message type is a control frame, dividing the industrial message into a first priority queue; if the message type is a diagnosis frame, dividing the industrial message into a second priority queue; If the message type is a data frame, dividing the industrial message into a third priority queue; And if the message type is a log frame, dividing the industrial message into a fourth priority queue, wherein the priorities of the first priority queue, the second priority queue, the third priority queue and the fourth priority queue are sequentially reduced.
  6. 6. The method according to claim 1, wherein before said forwarding the converted ciphertext message to the machine domain and/or forwarding the converted plaintext message to the public domain, the method further comprises: performing first protocol format reorganization processing on the encrypted ciphertext message, and/or performing second protocol format reorganization processing on the decrypted plaintext message; the forwarding the converted ciphertext message to the unit domain and/or forwarding the converted plaintext message to the public domain includes: and forwarding the recombined ciphertext message to the unit domain, and/or forwarding the recombined plaintext message to the public domain.
  7. 7. The method of claim 6, wherein the first protocol format reassembly process is configured to preserve an original DCS protocol header, perform encryption only on the data field, and wherein the second protocol format reassembly process is configured to recover the plain text message to a standard DCS protocol format and supplement protocol header information.
  8. 8. A plaintext-ciphertext data communication apparatus, comprising: The acquisition module is used for acquiring the industrial message from the unit domain or the public domain in real time; The identification module is used for carrying out protocol identification on the industrial message and determining that the industrial message is a plaintext message from the public domain or a ciphertext message from the unit domain; The conversion module is used for carrying out encryption processing on the plaintext message to convert the plaintext message into a ciphertext message conforming to the protocol format of the machine set domain if the industrial message is identified as the plaintext message, and carrying out decryption processing on the ciphertext message to convert the ciphertext message into a plaintext message conforming to the protocol format of the public domain if the industrial message is identified as the ciphertext message; And the forwarding module is used for forwarding the converted ciphertext message to the machine set domain and/or forwarding the converted plaintext message to the public domain.
  9. 9. An electronic device comprising a storage medium, a processor and a computer program stored on the storage medium and executable on the processor, characterized in that the processor implements the method of any one of claims 1 to 7 when executing the computer program.
  10. 10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the method of any of claims 1 to 7.

Description

Plaintext-ciphertext data communication method, plaintext-ciphertext data communication device, electronic equipment and storage medium Technical Field The present application relates to the field of industrial data communications technologies, and in particular, to a plaintext-ciphertext data communication method, apparatus, electronic device, and storage medium. Background As a core facility for power generation, a design mode of "two units-one for common use" is generally adopted. Under this architecture, the control system is divided into two unit domains and one common domain. The unit domains are mainly responsible for controlling and monitoring the corresponding generator sets respectively, and the public domain is responsible for coordination management of two unit sharing devices. To meet increasingly stringent security standards and compliance requirements, the control systems of the unit domains are gradually upgraded to employ encrypted communication protocols. However, for various reasons, the public domain cannot be upgraded synchronously with the unit domain, and still the plain text protocol of the old version is still used, so that serious incompatibility problems occur in communication between the unit domain and the public domain. Because the two protocols have obvious differences in the aspects of data frame structures, verification modes, instruction sets and the like, the existing scheme cannot complete the conversion between the two different protocol formats, so that the machine set domain and the public domain cannot directly communicate, a protocol island phenomenon is formed, and the stability and the reliability of the system are reduced. Disclosure of Invention In view of this, the present application provides a plaintext-ciphertext data communication method, apparatus, electronic device and storage medium, and mainly aims to solve the technical problems that the existing scheme cannot complete the conversion between two different protocol formats of an encrypted communication protocol and a plaintext protocol, so that the unit domain and the public domain cannot directly communicate with each other, a protocol island phenomenon is formed, and the stability and reliability of the system are reduced. In a first aspect, the present application provides a plaintext-ciphertext data communication method, comprising: acquiring an industrial message from a unit domain or a public domain in real time; Carrying out protocol identification on the industrial message, and determining that the industrial message is a plaintext message from the public domain or a ciphertext message from the unit domain; if the industrial message is identified as a plaintext message, encrypting the plaintext message to convert the plaintext message into a ciphertext message conforming to a protocol format of the machine set domain, and if the industrial message is identified as the ciphertext message, decrypting the ciphertext message to convert the ciphertext message into a plaintext message conforming to a protocol format of the public domain; And forwarding the converted ciphertext message to the machine set domain, and/or forwarding the converted plaintext message to the public domain. In a second aspect, the present application provides a plaintext-ciphertext data communication apparatus, comprising: The acquisition module is used for acquiring the industrial message from the unit domain or the public domain in real time; The identification module is used for carrying out protocol identification on the industrial message and determining that the industrial message is a plaintext message from the public domain or a ciphertext message from the unit domain; The conversion module is used for carrying out encryption processing on the plaintext message to convert the plaintext message into a ciphertext message conforming to the protocol format of the machine set domain if the industrial message is identified as the plaintext message, and carrying out decryption processing on the ciphertext message to convert the ciphertext message into a plaintext message conforming to the protocol format of the public domain if the industrial message is identified as the ciphertext message; And the forwarding module is used for forwarding the converted ciphertext message to the machine set domain and/or forwarding the converted plaintext message to the public domain. In a third aspect, the present application provides an electronic device, including a storage medium, a processor, and a computer program stored on the storage medium and executable on the processor, the processor implementing the plaintext-ciphertext data communication method of the first aspect when the computer program is executed. In a fourth aspect, the present application provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the plaintext-ciphertext data communication method of th