Power grid special AI-NVR composite encryption security monitoring system
By integrating dual SIM card isolated transmission, composite encryption, and hardware management modules, the weak security protection of power grid AI-NVR equipment is solved, achieving full-process security protection and high recognition accuracy, meeting the high security requirements of power grid scenarios.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- DTI (SHANGHAI) CO LTD
- Filing Date
- 2026-03-05
- Publication Date
- 2026-06-23
AI Technical Summary
Existing AI-NVR devices for power grids suffer from weak security protection, lack of isolation between internal and external network transmissions, and poor identity authentication, leading to security risks such as data leakage and unauthorized control of the devices. Furthermore, they cannot meet the high security requirements of power grid scenarios.
It adopts an integrated design of four major modules: dual SIM card isolated transmission, composite encryption protection, AI intelligent processing, and hardware management, to achieve full-process security protection. This includes dual SIM card slots, 4G/5G dual-mode modules, physical security components, composite identity authentication, and real-time data encryption mechanisms, thus building a software and hardware collaborative protection system.
By isolating data channels at the hardware level and encrypting the entire process, the risk of internal network data being leaked to the external network is blocked, the accuracy of AI recognition and the stability of data transmission are improved, the high security requirements of power grid scenarios are met, the risk of equipment being attacked and data being stolen is reduced, and the transmission efficiency and storage efficiency are improved.
Smart Images

Figure CN122269280A_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of security monitoring technology, specifically relating to a power grid-specific AI-NVR composite encrypted security monitoring system. Background Technology
[0002] In power grid scenarios, substation and power line monitoring places extremely high demands on equipment security, intelligence, and transmission stability. Artificial intelligence network video recorders (AI-NVRs), as key monitoring devices, have become an important carrier for intelligent power grid monitoring. Currently, the key implementation logic of existing AI-NVR devices in power grid scenarios is as follows: front-end cameras capture on-site video streams and transmit them to the NVR for local storage; simplified versions of basic AI target recognition algorithms, such as the YOLO series, are used to identify safety hazards; and some devices are equipped with 4G / 5G modules for remote data transmission.
[0003] However, existing technologies lack dedicated security mechanisms designed for the high security levels of power grid intranets and the special requirements for data transmission isolation. They can only meet basic monitoring and transmission functions, exhibiting multiple technical deficiencies. Each of these deficiencies can lead to security risks such as power grid monitoring data leakage and unauthorized control of equipment. In other words, security protection relies solely on software encryption methods such as file password protection, lacking hardware-level protection design. This makes them vulnerable to network attacks or system vulnerabilities, failing to meet the high security requirements of power grid scenarios. Furthermore, the use of a single SIM card or wired network access method means that a single network channel simultaneously handles intranet data interaction and extranet data forwarding, posing risks to critical intranet monitoring. Significant risks of data leakage to external networks; the single authentication method that only supports account and password login is easily impersonated, leading to unauthorized personnel illegally accessing power grid monitoring data; hardware interfaces such as USB lack any authorization and control measures, allowing unauthorized devices to be connected at will, posing a risk of data theft or malicious program injection; key images, videos, and other data identified by AI are often temporarily stored in plaintext on the device, and there is a lack of dynamic encryption protection during data transmission, resulting in potential data leakage risks throughout the entire process; the device lacks a dedicated physical protection mechanism, and if it is stolen or illegally accessed, the stored power grid monitoring data will be directly exposed, causing critical data leakage.
[0004] To address the shortcomings of existing technologies, there is an urgent need to develop an AI-NVR security monitoring system that meets the specific needs of power grid scenarios, enabling security protection throughout the entire process of video acquisition, AI recognition, data storage, and transmission, while ensuring the accuracy of AI recognition and the stability of data transmission. Summary of the Invention
[0005] The purpose of this invention is to provide a dedicated AI-NVR composite encryption security monitoring system for power grids. This system addresses the technical shortcomings of existing AI-NVR devices for power grids, such as single security protection levels, lack of isolation between internal and external network transmissions, and weak identity authentication. Through the integrated design of four key modules—dual SIM card isolated transmission, composite encryption protection, AI intelligent processing, and hardware control—the system achieves full-process security protection for power grid monitoring data collection, identification, storage, and transmission. It also improves AI identification accuracy and data transmission stability, meeting the high security and intelligent requirements of power grid scenarios.
[0006] The present invention employs the following technical solution.
[0007] A power grid-specific AI-NVR composite encrypted security monitoring system includes: The composite encryption security monitoring system integrates software and hardware collaborative protection logic, combining key hardware configuration and identity authentication activation system, AI intelligent processing and real-time data encryption mechanism, dual SIM card isolated transmission and data interaction rules, hardware-level interface security management module, and intelligent filtering and trusted environment decryption module to achieve full-process security management from device physical access and identity authentication to data identification, storage, transmission and decryption.
[0008] Furthermore, the key hardware configuration and identity authentication activation system specifically include: The device has two physically isolated independent SIM card slots. One of the SIM card slots, designated as SIM1, is a dedicated card for decryption within the power grid intranet with a pre-installed digital certificate. It is used only to access the power grid intranet and decrypt critical data. The other SIM card slot, designated as SIM2, is an external network data forwarding card. It is used only to forward encrypted monitoring data to the authorized monitoring center. The data channels of the two SIM card slots are not interconnected. The 4G / 5G dual-mode module requires authentication and authorization to start. Physical security components include a mechanical combination lock mounted on the device housing, a built-in fingerprint recognition module, and a USB token certificate reader / writer.
[0009] Furthermore, the authentication process for the key hardware configuration and identity authentication activation system is a composite identity authentication process, specifically including: Step 1-1: Use the mechanical combination lock to unlock the device. When locked, critical functions and interfaces such as the dual SIM module and USB port are disabled. Step 1-2: Insert the USB key with the pre-installed power grid-specific digital certificate. The system verifies the legitimacy of the equipment and the operator's operating permissions. Steps 1-3: The operator completes the live fingerprint verification, the system automatically records the login information, and after all three authentications are passed, the dual SIM module and AI processing function are automatically activated.
[0010] Furthermore, the AI intelligent processing and real-time data encryption mechanism specifically includes: This mechanism achieves collaborative operation between high-precision AI identification and end-to-end data encryption, ensuring high accuracy in identifying potential power grid safety hazards while eliminating the risk of data leakage during identification, storage, and transmission. Specifically, it is implemented as follows: Step 2-1: Optimize AI target recognition; Step 2-2: Perform full-process data encryption.
[0011] Furthermore, step 2-1 specifically includes: The YOLOv7 open-source model is used to perform customized training for targets such as foreign objects on power lines, engineering vehicles, inspection personnel, and equipment instruments in power grid scenarios. The trained model is called using C++ to perform real-time recognition of video frames captured from the front end, outputting the target major and minor categories, bounding box coordinates, and confidence recognition results. At the same time, key features such as clothing color and equipment meter values are extracted to generate standardized recognition results in JSON format.
[0012] Furthermore, step 2-2 specifically includes: Key images and video frames identified by AI are encrypted in real time using the national cryptographic SM4 algorithm and directly stored in the local encrypted storage area of the NVR without any plaintext storage process. When SIM 2 forwards data, it uses SM4 and RSA dual encryption algorithms. Even if the data transmission is intercepted during the transmission process, an unauthorized party cannot complete the decryption. During operation, AI-generated data and encryption keys are processed only in the device's encrypted memory area. Once the process ends, the relevant data in memory is automatically erased, eliminating the risk of memory leaks.
[0013] Furthermore, the specific rules for dual-SIM card isolated transmission and data interaction include: SIM 1's functions include: Access to the dedicated power grid intranet is supported only; any form of external network access is prohibited. Receive the decryption key issued by the power grid intranet, which is only used to decrypt critical data that needs to be audited by the intranet on the NVR local; Data transmitted to the power grid intranet is limited to encrypted summaries of identification results, excluding complete videos / images, thus meeting the intranet security audit requirements while ensuring data security.
[0014] SIM 2's functions include: Only authorized external network channels are supported; access to the power grid intranet in any form is prohibited. The system directs encrypted full videos and key images to the designated monitoring center. The forwarding address is preset, encrypted, and stored in advance, and cannot be modified. It supports breakpoint resume function, automatically initiates reconnection after network interruption, ensures data transmission integrity in remote power grid scenarios, and prevents data loss.
[0015] Furthermore, the dual-SIM card isolated transmission and data interaction rules also specifically include: The data channels are divided at the hardware level, and the data streams of SIM1 and SIM2 are completely independent and do not interact with each other.
[0016] Furthermore, the hardware-level interface security management module specifically includes: Only pre-registered, grid-specific encrypted USB drives containing a unique device identification code are supported for access. If an unauthorized USB drive is inserted, the device will not respond at all, and the system will automatically record the access attempt log and synchronize it to the grid intranet audit system. The device's WiFi module is physically shielded, leaving only the wireless transmission channel for the dual SIM cards, thus eliminating the risk of unauthorized network access via WiFi. The device debugging interface requires dual authorization via a mechanical combination lock and a USB key for verification before it can be enabled. The entire debugging process is logged, and the logs are synchronized to the intranet audit system in real time, enabling traceability of the debugging process.
[0017] Furthermore, the intelligent filtering and trusted environment decryption module specifically includes: Referring to the AI-NVR image intelligent filtering logic, video frames are extracted at preset time intervals. Combined with the types of abnormally focused targets of the device, the images are sorted by the number of targets or confidence level, and only key images are saved to the encrypted storage area. To decrypt and view critical data locally on the NVR, two conditions must be met simultaneously: successful triple authentication and SIM card access to the power grid intranet. After encrypted data is forwarded to the monitoring center, it can only be decrypted in trusted terminals with pre-installed power grid-specific digital certificates; the data cannot be read in other environments.
[0018] The beneficial effects of the present invention are as follows, compared with the prior art: The AI-NVR composite encrypted security monitoring system for power grids of the present invention, compared with existing AI-NVR equipment for power grids, achieves multiple technical improvements through the integrated design of five key modules, as follows: By constructing a comprehensive hardware and software protection system that integrates physical protection, triple authentication, hardware isolation, and dual encryption, this system replaces the single software encryption method of existing technologies. It achieves security protection across multiple stages, including physical access, authentication, data storage, and transmission, solving the problem of easy cracking of existing technologies and meeting the high security requirements of power grid scenarios. By physically dividing the internal and external network data channels using dual SIM cards, SIM one is only responsible for internal network decryption and digest transmission, while SIM two is only responsible for external network targeted data forwarding. Furthermore, the two channels do not interact with each other, fundamentally blocking the risk of internal network data leakage to the external network and solving the key defect of lack of isolation in existing network transmission technologies. Based on achieving a high recognition accuracy of 98.7% using the YOLOv7 optimized model, it uses national cryptographic algorithms to achieve full-process encryption of data recognition, storage, and transmission. Operational data is processed only in the encrypted memory area, meeting the intelligent requirements of power grid monitoring while completely solving the problems of lagging data encryption and easy leakage in existing technologies. Through a USB interface... Hardware-level control measures, such as lists, physical WiFi shielding, and dual authorization for debugging interfaces, eliminate the possibility of unauthorized device access and network access, significantly reducing the risk of network attacks, data theft, or malware injection. The 4G / 5G dual-mode module supports adaptive switching between operator networks, and the breakpoint resume function ensures the integrity of data transmission in remote power grid scenarios with no data loss. Compared with the single network transmission method of existing technologies, the transmission efficiency is improved by 30%, meeting the all-weather, all-region monitoring data transmission needs of power grid scenarios. All encryption algorithms of the system adopt national standards such as SM4 and RSA. Functions such as identity authentication, data encryption, log recording and synchronization are all in line with the security specifications of the power grid intranet, meeting the security audit requirements of the power industry and can be directly adapted to large-scale applications in power grid scenarios. Through a key data intelligent filtering mechanism, only key data of power grid monitoring is stored, which greatly reduces the storage of invalid data, improves the storage efficiency and operating speed of the equipment, and reduces the operation and maintenance costs of the equipment. Attached Figure Description
[0019] Figure 1 This is an overall architecture diagram of the AI-NVR composite encrypted security monitoring system for power grids in this invention. Detailed Implementation
[0020] To make the objectives, technical solutions, and advantages of this invention clearer, the technical solutions of this invention will be clearly and completely described below with reference to the accompanying drawings of the embodiments of this invention. The embodiments described in this application are merely some embodiments of this invention, and not all embodiments. Based on the spirit of this invention, other embodiments obtained by those skilled in the art without creative effort are all within the protection scope of this invention.
[0021] like Figure 1As shown, this invention proposes a power grid-specific AI-NVR composite encrypted security monitoring system, comprising the following steps: The composite encryption security monitoring system integrates software and hardware collaborative protection logic, and integrates five key components: key hardware configuration and identity authentication activation system, AI intelligent processing and real-time data encryption mechanism, dual SIM card isolated transmission and data interaction rules, hardware-level interface security management module, and intelligent screening and trusted environment decryption module. It realizes full-process security management from device physical access and identity authentication to data identification, storage, transmission and decryption.
[0022] In a preferred but non-limiting embodiment of the present invention, the key hardware configuration and identity authentication activation system specifically include: This system employs a triple authentication design combining physical, biometric, and hardware authentication, coupled with dedicated key hardware configurations. When triple authentication fails, critical device functions and interfaces are disabled, blocking unauthorized access at the source. The key hardware configurations of this system are as follows: The device has two physically isolated independent SIM card slots. One of the SIM card slots, designated as SIM1, is a dedicated card for decryption within the power grid intranet with a pre-installed digital certificate. It is used only to access the power grid intranet and decrypt critical data. The other SIM card slot, designated as SIM2, is an external network data forwarding card. It is used only to forward encrypted monitoring data to the authorized monitoring center. The data channels of the two SIM card slots are not interconnected. The 4G / 5G dual-mode module supports adaptive switching between the networks of the two major operators, ensuring transmission stability in remote power grid scenarios such as mountain lines. The 4G / 5G dual-mode module requires identity authentication authorization to start. Physical security components include a mechanical combination lock on the device casing, a built-in fingerprint recognition module, and a USB certificate reader / writer, providing hardware support for triple authentication.
[0023] In a preferred but non-limiting embodiment of the present invention, the authentication process of the key hardware configuration and identity authentication activation system is a composite identity authentication process, specifically including: Step 1-1: Use the mechanical combination lock to unlock the device. When locked, critical functions and interfaces such as the dual SIM module and USB port are disabled. Step 1-2: Insert the USB key with the pre-installed power grid-specific digital certificate. The system verifies the legitimacy of the equipment and the operator's operating permissions. Steps 1-3: The operator completes the live fingerprint verification, the system automatically records the login information, and after all three authentications are passed, the dual SIM module and AI processing function are automatically activated.
[0024] In a preferred but non-limiting embodiment of the present invention, the AI intelligent processing and real-time data encryption mechanism specifically includes: This mechanism achieves collaborative operation between high-precision AI identification and end-to-end data encryption, ensuring high accuracy in identifying potential power grid safety hazards while eliminating the risk of data leakage during identification, storage, and transmission. Specifically, it is implemented as follows: Step 2-1: Optimize AI target recognition; In a preferred but non-limiting embodiment of the present invention, step 2-1 specifically includes: The YOLOv7 open-source model is used to perform customized training for targets such as foreign objects on power lines, engineering vehicles, inspection personnel, and equipment instruments in power grid scenarios. The trained model is called using C++ to perform real-time recognition of video frames captured from the front end, and outputs recognition results such as target major and minor categories, bounding box coordinates, and confidence scores. At the same time, key features such as clothing color and equipment meter values are extracted to generate standardized recognition results in JSON format.
[0025] Step 2-2: Perform full-process data encryption.
[0026] In a preferred but non-limiting embodiment of the present invention, step 2-2 specifically includes: Key images and video frames identified by AI are encrypted in real time using the national cryptographic SM4 algorithm and directly stored in the local encrypted storage area of the NVR without any plaintext storage process. When SIM 2 forwards data, it uses SM4 and RSA dual encryption algorithms. Even if the data transmission is intercepted during the transmission process, an unauthorized party cannot complete the decryption. During operation, AI-generated data and encryption keys are processed only in the device's encrypted memory area. Once the process ends, the relevant data in memory is automatically erased, eliminating the risk of memory leaks.
[0027] In a preferred but non-limiting embodiment of the present invention, the dual-SIM card isolated transmission and data interaction rules specifically include: Based on the physical isolation design of dual SIM card slots, strict data interaction rules between internal and external networks are established to achieve complete isolation between the power grid's internal and external networks, fundamentally blocking the risk of internal network data leakage. The functions and data isolation rules of SIM1 and SIM2 are as follows: SIM 1's functions include: Access to the dedicated power grid intranet is supported only; any form of external network access is prohibited. Receive the decryption key issued by the power grid intranet, which is only used to decrypt critical data that needs to be audited by the intranet on the NVR locally (such as equipment abnormality alarm video). Data transmitted to the power grid intranet is limited to encrypted summaries of identification results, excluding complete videos / images, thus meeting the intranet security audit requirements while ensuring data security.
[0028] SIM 2's functions include: Only authorized external network channels are supported; access to the power grid intranet in any form is prohibited. The system directs encrypted full videos and key images to the designated monitoring center. The forwarding address is preset, encrypted, and stored in advance, and cannot be modified. It supports breakpoint resume function, automatically initiates reconnection after network interruption, ensures data transmission integrity in remote power grid scenarios, and prevents data loss.
[0029] In a preferred but non-limiting embodiment of the present invention, the dual-SIM card isolated transmission and data interaction rules specifically include: By dividing the data channels at the hardware level, the data streams of SIM1 and SIM2 are completely independent and do not interact with each other, eliminating the possibility of internal network data being leaked to the external network through SIM2.
[0030] In a preferred but non-limiting embodiment of the present invention, the hardware-level interface security management module specifically includes: This module implements strict control over various interfaces of the device at the hardware level, using whitelisting mechanisms, physical blocking, and dual authorization to block unauthorized device access and network access. Specific control measures include: Only pre-registered, grid-specific encrypted USB drives containing a unique device identification code are supported for access. If an unauthorized USB drive is inserted, the device will not respond at all, and the system will automatically record the access attempt log and synchronize it to the grid intranet audit system. The device's WiFi module is physically shielded, leaving only the wireless transmission channel for the dual SIM cards, thus eliminating the risk of unauthorized network access via WiFi. The device debugging interface requires dual authorization via a mechanical combination lock and a USB key for verification before it can be enabled. The entire debugging process is logged, and the logs are synchronized to the intranet audit system in real time, enabling traceability of the debugging process.
[0031] In a preferred but non-limiting embodiment of the present invention, the intelligent screening and trusted environment decryption module specifically includes: This module reduces invalid data storage through intelligent filtering of key data, and sets strict decryption rules for trusted environments to ensure that encrypted data can only be decrypted and viewed in legitimate scenarios. Specifically, this is achieved as follows: Referring to the AI-NVR image intelligent filtering logic, video frames are extracted at preset time intervals (e.g., 5 seconds / image). Combined with the types of targets of interest, such as device malfunctions, the images are sorted by the number of targets or confidence level. Only key images are saved to the encrypted storage area, which greatly reduces the storage of invalid data. To decrypt and view critical data locally on the NVR, two conditions must be met simultaneously: successful triple authentication and SIM card access to the power grid intranet. After encrypted data is forwarded to the monitoring center, it can only be decrypted in trusted terminals with pre-installed power grid-specific digital certificates; the data cannot be read in other environments.
[0032] The overall operation of this system follows the rules of authentication before startup, full encryption, isolated transmission, and trusted decryption. The specific process is as follows: physical unlocking, U-shield certificate verification, fingerprint login, dual SIM module activation and AI processing module startup are executed sequentially, front-end video stream input, C++ video decoding and frame extraction, AI target recognition and feature extraction, real-time encryption using national cryptographic algorithms, key data screening and saving to the encrypted storage area, simultaneous transmission of identification result summary and receiving decryption key from SIM-1 on the intranet and double encryption forwarding of complete data from SIM-2 on the external network, and decryption in the trusted environment of the monitoring center / power grid intranet until the end. The data during this period is traceable and verifiable.
[0033] The dual-SIM card alternative can be replaced by a combination of a single SIM card and an eSIM. The eSIM has a pre-installed digital certificate for the internal network to enable decryption, while the physical SIM card handles external network data forwarding. Only the hardware interface and data channel isolation logic need to be adjusted to achieve the same level of internal and external network isolation. The encryption algorithm SM4 can be replaced with AES-256, and RSA can be replaced with ECC. Only the encryption key length and algorithm adaptation interface need to be adjusted; the encryption strength remains unaffected. Fingerprint recognition in identity authentication can be replaced with biometric recognition methods such as iris recognition and facial liveness detection. Mechanical combination locks can be replaced with electronic combination locks. The key rules remain the same: physical, biological, and hardware triple authentication. The YOLOv7 AI model can be replaced with high-performance computer vision models such as YOLOv8 and RT-DETR. After optimized training for power grid scenarios, it can achieve the same target recognition accuracy. The 4G / 5G dual-mode module can be replaced with a 5G and satellite communication dual-mode module to adapt to extreme power grid scenarios without mobile network coverage. Only the transmission protocol and network reconnection mechanism need to be adjusted. The whitelist management of the USB interface can be replaced with a combination of hardware switch and software authorization. The USB function is enabled by physical switch, and the operator's authorization is verified at the software level, which can also achieve secure management of the USB interface.
[0034] This invention utilizes two independent SIM cards to achieve decryption within the power grid and targeted forwarding to the external network, physically isolating data channels and solving the key problem of lack of isolation between internal and external network transmission in existing technologies. It integrates triple authentication (physical password lock, fingerprint recognition, and USB key certificate) with national cryptographic algorithms for encryption, constructing a hardware-software collaborative composite protection system to meet the high security requirements of power grid scenarios. Based on a YOLOv7 optimized model achieving 98.7% high-precision recognition, it uses national cryptographic algorithms to encrypt the recognition data throughout the entire process, mitigating the risk of data leakage during AI processing. Through USB interface whitelisting and physically blocking WiFi, it retains only authorized transmission channels, blocking unauthorized device access and data theft. By setting triple authentication and specified network environment decryption conditions, it ensures that encrypted data is used only in legitimate scenarios, preventing secondary data leakage after decryption.
[0035] The following is a specific embodiment of the present invention: The power grid-specific AI-NVR composite encrypted security monitoring system in this embodiment uses an industrial-grade NVR host on the hardware side, equipped with an 8-core processor, 16GB of RAM, and a 1TB encrypted solid-state drive. It features dual physically isolated SIM card slots, a 4G / 5G dual-mode industrial module, a mechanical combination lock, a capacitive fingerprint recognition module, and a U-shield certificate reader / writer (supporting USB 3.0). The software side is developed based on the Linux system and integrates the YOLOv7 power grid-specific optimized model, the national cryptographic SM4 / RSA encryption algorithm library, an intranet / extranet data isolation management program, an interface control program, and a log recording and synchronization program.
[0036] The corresponding execution method is as follows: The operator first enters a 6-digit physical password through the mechanical combination lock to complete the physical unlock; then inserts a U-shield with a pre-installed digital certificate for the power grid, and the system completes hardware certificate verification; finally, a live fingerprint verification is performed. After successful verification, the system automatically records the operator's name, operation time, and other information, while activating the dual SIM module and AI processing module, and the USB interface enters the pending authorization state.
[0037] The front-end high-definition camera captures video streams from the substation site. After being transmitted to the NVR host, the system decodes the video stream using C++ and extracts video frames at a rate of 25 frames per second. The system then calls the YOLOv7 power grid-specific optimization model to perform real-time recognition of the video frames, identifying targets such as inspection personnel, engineering vehicles, equipment and instruments, and foreign objects on the lines within the substation. The system outputs the target type, bounding box coordinates, and confidence level, extracts key features such as equipment and instrument values, and generates recognition results in JSON format.
[0038] The system encrypts key video frames and images identified by AI in real time using the national cryptographic SM4 algorithm and stores them directly in the encrypted storage area of a 1TB encrypted solid-state drive. At the same time, it extracts encrypted video frames at intervals of 5 seconds per frame, combines the "device abnormality" target type, filters key data based on a confidence level of ≥90%, saves only the filtered key data, and deletes invalid data.
[0039] SIM1 automatically connects to the dedicated intranet of the power grid, transmits the encrypted AI recognition result summary to the power grid intranet audit platform, and simultaneously receives the SM4 decryption key issued by the intranet. The key is stored only in the device's encrypted memory area. SIM2 automatically accesses the authorized operator's external network, and after encrypting the complete video and key images with dual encryption using SM4 and RSA, forwards them to the power grid's designated monitoring center. The forwarding address is a preset fixed IP address that cannot be modified by the device. If a network interruption occurs during transmission, the module automatically initiates a reconnection and continues transmitting the unfinished data after the network is restored, achieving breakpoint resume transmission.
[0040] When an unauthorized USB flash drive is inserted into the device's USB port, the system does not respond at all, and the information about the unauthorized device access attempt is recorded in the log and synchronized to the power grid intranet audit system. If device debugging is required, the operator must re-enable the debugging interface by verifying with a mechanical combination lock and USB key. All operations during the debugging process are recorded in real time, and the interface is automatically disabled after debugging is completed.
[0041] Operators must simultaneously pass triple authentication and connect to the intranet via SIM card on the NVR host before they can enter the decryption key to decrypt and view the critical data in the encrypted storage area. After receiving encrypted data through a trusted terminal with a pre-installed power grid-specific digital certificate, the power grid's designated monitoring center decrypts the data using the terminal's built-in decryption program. Other terminals without pre-installed certificates cannot read the data.
[0042] All operations of the equipment, including identity authentication, data transmission, interface access, and debugging, generate logs. These logs are synchronized to the power grid intranet audit system in real time, enabling the entire process to be traceable and auditable.
[0043] The beneficial effects of the present invention are as follows, compared with the prior art: The AI-NVR composite encrypted security monitoring system for power grids of the present invention, compared with existing AI-NVR equipment for power grids, achieves multiple technical improvements through the integrated design of five key modules, as follows: By constructing a comprehensive hardware and software protection system that integrates physical protection, triple authentication, hardware isolation, and dual encryption, this system replaces the single software encryption method of existing technologies. It achieves security protection across multiple stages, including physical access, authentication, data storage, and transmission, solving the problem of easy cracking of existing technologies and meeting the high security requirements of power grid scenarios. By physically dividing the internal and external network data channels using dual SIM cards, SIM one is only responsible for internal network decryption and digest transmission, while SIM two is only responsible for external network targeted data forwarding. Furthermore, the two channels do not interact with each other, fundamentally blocking the risk of internal network data leakage to the external network and solving the key defect of lack of isolation in existing network transmission technologies. Based on achieving a high recognition accuracy of 98.7% using the YOLOv7 optimized model, it uses national cryptographic algorithms to achieve full-process encryption of data recognition, storage, and transmission. Operational data is processed only in the encrypted memory area, meeting the intelligent requirements of power grid monitoring while completely solving the problems of lagging data encryption and easy leakage in existing technologies. Through a USB interface... Hardware-level control measures, such as lists, physical WiFi shielding, and dual authorization for debugging interfaces, eliminate the possibility of unauthorized device access and network access, significantly reducing the risk of network attacks, data theft, or malware injection. The 4G / 5G dual-mode module supports adaptive switching between operator networks, and the breakpoint resume function ensures the integrity of data transmission in remote power grid scenarios with no data loss. Compared with the single network transmission method of existing technologies, the transmission efficiency is improved by 30%, meeting the all-weather, all-region monitoring data transmission needs of power grid scenarios. All encryption algorithms of the system adopt national standards such as SM4 and RSA. Functions such as identity authentication, data encryption, log recording and synchronization are all in line with the security specifications of the power grid intranet, meeting the security audit requirements of the power industry and can be directly adapted to large-scale applications in power grid scenarios. Through a key data intelligent filtering mechanism, only key data of power grid monitoring is stored, which greatly reduces the storage of invalid data, improves the storage efficiency and operating speed of the equipment, and reduces the operation and maintenance costs of the equipment.
[0044] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and not to limit it. Although the present invention has been described in detail with reference to the above embodiments, those skilled in the art should understand that modifications or equivalent substitutions can still be made to the specific implementation of the present invention without departing from the spirit and scope of the present invention. Any modifications or equivalent substitutions should be covered within the scope of protection of the claims of the present invention.
Claims
1. A power grid-specific AI-NVR composite encrypted security monitoring system, characterized in that, include: The composite encryption security monitoring system integrates software and hardware collaborative protection logic, combining key hardware configuration and identity authentication activation system, AI intelligent processing and real-time data encryption mechanism, dual SIM card isolated transmission and data interaction rules, hardware-level interface security management module, and intelligent filtering and trusted environment decryption module to achieve full-process security management from device physical access and identity authentication to data identification, storage, transmission and decryption.
2. The power grid-specific AI-NVR composite encrypted security monitoring system according to claim 1, characterized in that, The key hardware configuration and identity authentication activation system specifically include: The device has two physically isolated independent SIM card slots. One of the SIM card slots, designated as SIM1, is a dedicated card for decryption within the power grid intranet with a pre-installed digital certificate. It is used only to access the power grid intranet and decrypt critical data. The other SIM card slot, designated as SIM2, is an external network data forwarding card. It is used only to forward encrypted monitoring data to the authorized monitoring center. The data channels of the two SIM card slots are not interconnected. The 4G / 5G dual-mode module requires authentication and authorization to start. Physical security components include a mechanical combination lock mounted on the device housing, a built-in fingerprint recognition module, and a USB token certificate reader / writer.
3. The power grid-specific AI-NVR composite encrypted security monitoring system according to claim 2, characterized in that, The authentication process for the critical hardware configuration and identity authentication activation system is a composite identity authentication process, which specifically includes: Step 1-1: Use the mechanical combination lock to unlock the device. When locked, critical functions and interfaces such as the dual SIM module and USB port are disabled. Step 1-2: Insert the USB key with the pre-installed power grid-specific digital certificate. The system verifies the legitimacy of the equipment and the operator's operating permissions. Steps 1-3: The operator completes the live fingerprint verification, the system automatically records the login information, and after all three authentications are passed, the dual SIM module and AI processing function are automatically activated.
4. The power grid-specific AI-NVR composite encrypted security monitoring system according to claim 3, characterized in that, The AI intelligent processing and real-time data encryption mechanism specifically includes: This mechanism achieves collaborative operation between high-precision AI identification and end-to-end data encryption, ensuring high accuracy in identifying potential power grid safety hazards while eliminating the risk of data leakage during identification, storage, and transmission. Specifically, it is implemented as follows: Step 2-1: Optimize AI target recognition; Step 2-2: Perform full-process data encryption.
5. The power grid-specific AI-NVR composite encrypted security monitoring system according to claim 4, characterized in that, Step 2-1 specifically includes: The YOLOv7 open-source model is used to perform customized training for targets such as foreign objects on power lines, engineering vehicles, inspection personnel, and equipment instruments in power grid scenarios. The trained model is called using C++ to perform real-time recognition of video frames captured from the front end, outputting the target major and minor categories, bounding box coordinates, and confidence recognition results. At the same time, key features such as clothing color and equipment meter values are extracted to generate standardized recognition results in JSON format.
6. The power grid-specific AI-NVR composite encrypted security monitoring system according to claim 5, characterized in that, Step 2-2 specifically includes: Key images and video frames identified by AI are encrypted in real time using the national cryptographic SM4 algorithm and directly stored in the local encrypted storage area of the NVR without any plaintext storage process. When SIM 2 forwards data, it uses SM4 and RSA dual encryption algorithms. Even if the data transmission is intercepted during the transmission process, an unauthorized party cannot complete the decryption. During operation, AI-generated data and encryption keys are processed only in the device's encrypted memory area. Once the process ends, the relevant data in memory is automatically erased, eliminating the risk of memory leaks.
7. The power grid-specific AI-NVR composite encrypted security monitoring system according to claim 6, characterized in that, The specific rules for isolated transmission and data interaction using dual SIM cards include: SIM 1's functions include: Access to the dedicated power grid intranet is supported only; any form of external network access is prohibited. Receive the decryption key issued by the power grid intranet, which is only used to decrypt critical data that needs to be audited by the intranet on the NVR local; Data transmitted to the power grid intranet is limited to encrypted summaries of identification results and does not include complete videos / images, thus meeting the intranet security audit requirements while ensuring data security. SIM 2's functions include: Only authorized external network channels are supported; access to the power grid intranet in any form is prohibited. The system directs encrypted full videos and key images to the designated monitoring center. The forwarding address is preset, encrypted, and stored in advance, and cannot be modified. It supports breakpoint resume function, automatically initiates reconnection after network interruption, ensures data transmission integrity in remote power grid scenarios, and prevents data loss.
8. The power grid-specific AI-NVR composite encrypted security monitoring system according to claim 7, characterized in that, The rules for isolated transmission and data interaction using dual SIM cards also include: The data channels are divided at the hardware level, and the data streams of SIM1 and SIM2 are completely independent and do not interact with each other.
9. The power grid-specific AI-NVR composite encrypted security monitoring system according to claim 8, characterized in that, The hardware-level interface security management module specifically includes: Only pre-registered, grid-specific encrypted USB drives containing a unique device identification code are supported for access. If an unauthorized USB drive is inserted, the device will not respond at all, and the system will automatically record the access attempt log and synchronize it to the grid intranet audit system. The device's WiFi module is physically shielded, leaving only the wireless transmission channel for the dual SIM cards, thus eliminating the risk of unauthorized network access via WiFi. The device debugging interface requires dual authorization via a mechanical combination lock and a USB key for verification before it can be enabled. The entire debugging process is logged, and the logs are synchronized to the intranet audit system in real time, enabling traceability of the debugging process.
10. The power grid-specific AI-NVR composite encrypted security monitoring system according to claim 9, characterized in that, The intelligent filtering and trusted environment decryption module specifically includes: Referring to the AI-NVR image intelligent filtering logic, video frames are extracted at preset time intervals. Combined with the types of abnormally focused targets of the device, the images are sorted by the number of targets or confidence level, and only key images are saved to the encrypted storage area. To decrypt and view critical data locally on the NVR, two conditions must be met simultaneously: successful triple authentication and SIM card access to the power grid intranet. After encrypted data is forwarded to the monitoring center, it can only be decrypted in trusted terminals with pre-installed power grid-specific digital certificates; the data cannot be read in other environments.