1
Q/GDW 1377 — 2013
3. 6 明文 plain text 待加密的数据。
3. 7 密文 ciphertest 加密后的数据。
3. 8 加密 encryption 对数据进行密码变换以产生密文的过程。
3. 9 解密 decryption 加密过程对应的逆过程。
3. 10 密钥 Key 控制密码变换操作的关键信息或参数。
4.1 总体要求 ·················································································································································· 3 4.2 安全防护框架············································································································································ 5 4.3 边界防护 ·················································································································································· 5 4.4 网络环境安全防护 ····································································································································· 8 4.5 主机系统安全防护 ····································································································································· 8 4.6 应用安全防护············································································································································ 9 编制说明 ························································································································································· 13
3. 14 公钥基础设施 Public Key Infrastructure（PKI） 用公钥密码技术建立的普遍适用的基础设施，为用户提供证书管理和密钥管理等安全服务。
3. 15 认证机构 Certification Authority（CA） 产生、签发和注销数字证书的第三方机构，也可以为用户生成密钥。
3. 11 消息鉴别码 Message Authentication Code（MAC） 为鉴别消息数据的完整，由密钥参与对其进行运算后产生的代码。
3. 12 分散因子 diffusion factor 与本级特征有关的业务代码。
3. 13 密钥信息 Key Information 与密钥相关的一些信息标识。
II
Q/GDW 1377 — 2013
电力用户用电信息采集系统 安全防护技术规范
1 范围
本标准规定了电力用户用电信息采集系统的信息安全防护技术要求，主要从边界、主站、采集信道、 采集设备、应用和密钥管理方面规范了电力用户用电信息采集系统安全防护技术和设备功能性能要求。
本标准适用于电力用户用电信息采集系统建设中各环节的安全防护、信息传输和身份认证。
ICS 29.020 K 41 备案号：36400-2012
Q/GDW 212 — 2008
Q/GDW
国家电网公司企业标准
Q / GDW 1377 — 2013
代替 Q / GDW 377 — 2009
电力用户用电信息采集系统 安全防护技术规范
power user electric energy data acquire system safety protection specification
与原标准相比，本次修订做了如下重大调整和修订： ——公开密钥密码技术采用的非对称密钥加密算法推荐选用国密 SM2 算法。 Q/GDW 377—2012 实施后代替 Q/GDW 377—2009。 本标准是《电力用户用电信息采集系统》系列标准之一，本标准规定了系统的安全防护技术规范。 本标准由国家电网公司营销部提出并负责解释； 本标准由国家电网公司科技部归口。 本标准起草单位：中国电力科学研究院、国网电力科学研究院、江西省电力公司、福建省电力有限 公司、北京市电力公司 本标准主要起草人：赵兵、翟峰、杜蜀薇、杜新纲、葛得辉、彭楚宁、郑安刚、吕英杰、陈刚、王 一蓉、李建新、李连兴、张松 Q/GDW 377 于 2009 年 12 月 7 日首次发布，本次为第一次修订。
3 术语与定义
下列术语和定义适用于本标准。 3. 1
ESAM 模块 ESAM module 嵌入在设备内，实现安全存储、数据加/解密、双向身份认证、存取权限控制、线路加密传输等安全 控制功能的硬件电路模块。 3. 2 密码机 cryptography machine 能够独立完成加/解密和密钥管理功能的设备。 3. 3 密码算法 cryptographic algorithm 描述密码处理过程的一组运算规则或规程。 3. 4 国密 SM1 算法 SM1 cryptographic algorithm 经国家密码管理局审批的一个商用密码分组算法。 3. 5 认证 certification 验证一个称谓的系统实体身份的过程。
3. 16 证书注册中心 Registration Authority（RA） 接收公钥证书的申请、注销和查验申请材料的机构。
3. 17 数字证书（或证书） Digital Certificate 经一个权威的、可信赖的、公正的第三方机构证书认证中心（CA）数字签名的包含公开密钥拥有
者信息以及公开密钥的文件。
GB/T 17903.3—2008 信息技术−安全技术−抗抵赖 第 3 部分：使用非对称技术的机制（ISO/IEC 13888−3）
GB/T 22239—2008 信息安全技术 信息系统安全等级保护基本要求 Q/GDW 365—2012 智能电能表信息交换安全认证技术规范 Q/GDW 376.1—2012 电力用户用电信息采集系统通信协议 第 1 部分：主站与采集终端通信协议 《电力二次系统安全防护总体方案》 《电力行业信息系统安全等级保护定级工作指导意见》（电监信息［2007］44 号） 《国家电网公司信息化“SG186”工程安全防护总体方案（试行）》
I
Q/GDW 1377 — 2013
前言
Q/GDW 377—2012《电力用户用电信息采集系统安全防护技术规范》是根据国家电网公安排，对 Q/GDW 377—2009《电力用户用 电信息采集系统安全防护技术规范》的修订。
3. 24 对称密码算法 Symmetric Cryptographic 加/解密使用相同密钥的密码算法。
3. 25 非对称密码算法 asymmetric cryptographic algorithm 加解密使用不同密钥的算法。其中一个密钥（公钥）可以公开，另一个密钥（私钥）必须保密，且
由公钥求解私钥是计算不可行的。 3. 26
2
Q/GDW 1377 — 2013
3. 20 公钥 Public Key 非对称密码算法中可以公开的密钥。
3. 21 私钥 Private Key 非对称密码算法中只能由拥有者使用的密钥。
3. 22 随机数 Random Number 不可预测的时变参数。
3. 23 椭圆曲线密码算法 Elliptic Curve Cryptography（ECC）Alogrithm 基于有限域上的椭圆曲线离散对数问题密码算法。
2013-03-21 发布
国家电网公司 发 布
2013-03-21 实施
Q/GDW 1377 — 2013
目次
前言 ··································································································································································Ⅱ 1 范围 ····························································································································································· 1 2 规范性引用文件·········································································································································· 1 3 术语和定义·················································································································································· 1 4 安全技术要求·············································································································································· 3