Access Security Management of Substation Automation Systems Based on PKI/PMI

Along with the development of information technology, the information security of power industry is becoming an important problem in the stability of power systems. The proposition of IEC 61850 makes new claims on the substation communication system and network. To ensure the access security of an intelligent electronic device (IED), there should be an appropriate authentication and authorization method. The IEC 61850 employs a concept called virtual access view to protect IED data object, and the PKI/PMI architecture is being popularized in power system corporations. To integrate the two parts into an organic whole, a special authentication and access process module that can meet the needs of multi-users and multi-roles based on RBAC has been designed. The method is capable of fulfilling the access security requirement and real-time control of IED. The design of this system is closely associated with the virtual access view and the multi-application management requirements of the electric power automation system. The interrelated cryptography abides by the Commercial Cryptography Management Statute of National Cipher Management Office.