A dynamic password security verification system and method for a battery management system

By combining a multi-layered mapping dynamic perturbation algorithm with an asymmetric encryption authentication mechanism, and generating authentication data blocks using unique device identifiers and system time, the problems of static password leakage and insufficient device identifier binding in the battery management system are solved. This achieves a high level of dynamic anti-attack capability and improves the operational security and reliability of the system.

CN120567417BActive Publication Date: 2026-07-03HEFEI SHUYI TECHNOLOGY CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
HEFEI SHUYI TECHNOLOGY CO LTD
Filing Date
2025-06-24
Publication Date
2026-07-03

AI Technical Summary

Technical Problem

The existing local authentication mechanism of battery management system has the risk of static password leakage and lacks dynamic updates and time correlation of device identifier binding, making it difficult to achieve a high level of dynamic anti-attack security, which increases the risk of illegal operation and data tampering.

Method used

It adopts a multi-layer mapping dynamic perturbation algorithm and an asymmetric encryption authentication mechanism, and generates authentication data blocks by combining the device's unique identifier and system time. It achieves authentication verification consistency through digital signature and perturbation path restoration, and has the advantages of unforgeable authentication process, fine access control and traceable authentication results.

Benefits of technology

It significantly improves the operational security and reliability of the battery management system in offline or semi-networked environments, effectively prevents unauthorized access and tampering, and meets the technical requirements for high-level access control of critical equipment.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN120567417B_ABST
    Figure CN120567417B_ABST
Patent Text Reader

Abstract

The application discloses a dynamic password security verification system and method for a battery management system, and comprises the following steps: S1, deploying dynamic authentication, and uniquely configuring a pair of asymmetric key pairs for each control board; S2, collecting a unique serial number and a current system time to generate an authentication data block; S3, performing a digital signature operation; S4, the control board displays the remaining valid time of the current authentication record in real time through a local display screen; S5, after the upper computer software is started, a static password is prompted to be input, read-only permission is granted after verification, and a high-level authentication request for initiating access to the control board is allowed; S6, a dynamic password is generated by using a dynamic password generation program; and S7, the signature consistency is verified, and high-level permission is granted after successful verification. The application adopts a dynamic disturbance algorithm and an asymmetric encryption technology, realizes high-security authentication verification of the battery management system, and has the advantages of strong anti-fake, fine permission and traceability.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of battery management system technology, and in particular to a dynamic password security verification system and method for battery management systems. Background Technology

[0002] Against the backdrop of the rapid development of new energy technologies, battery management systems (BMS), as a key component ensuring the safe operation and stable performance of battery packs, are being widely used in various scenarios such as electric vehicles, energy storage systems, and industrial power platforms. To ensure the reliability of system operation and the standardization of maintenance, BMS typically has a complete set of remote or local operation and maintenance interfaces for engineers to perform operations such as parameter configuration, status monitoring, firmware upgrades, and anomaly handling. However, with the increasing connectivity of devices and the extension of their service life, security issues of BMS are gradually emerging. In particular, during local operation and maintenance, risks such as illegal operations, data tampering, and firmware replacement caused by weak authentication mechanisms or improper key management are becoming increasingly prominent, and have become a major bottleneck restricting the stable operation and widespread application of the system.

[0003] In existing technologies, some battery management systems use static passwords, fixed hardware fingerprint binding, or simple password mechanisms for local authentication and access control. These methods have significant security risks: on the one hand, once a static password is leaked or guessed, the system will be exposed to unauthorized access risks for a long time; on the other hand, traditional binding methods based on device identifiers lack dynamic updates and time correlation, making it difficult to implement accurate time management and traceability analysis of authentication behavior. In addition, since most existing methods do not perform perturbation and obfuscation processing on the authentication data structure itself, the authentication process is easily reverse-engineered, and authentication data blocks may be replayed or spoofed during transmission or reconstruction, which cannot meet the dynamic anti-attack requirements of high-security application scenarios.

[0004] Based on this need, there is an urgent need for a local authentication mechanism that takes into account the uniqueness of devices, the dynamism of time, and the polymorphism of data structures. This mechanism should be able to achieve multi-factor joint authentication based on dynamic passwords in non-networked or weakly networked environments, and ensure the non-forgeability of authentication data and the traceability of operation records through an asymmetric key system. This would enhance the proactive defense capabilities of the entire battery management system against malicious operations, illegal intrusions, and data tampering. Summary of the Invention

[0005] One objective of this invention is to propose a dynamic cryptographic security verification system and method for battery management systems. This invention employs a multi-layer mapping dynamic perturbation algorithm and an asymmetric encryption authentication mechanism, integrates the device's unique identifier and system time to generate authentication data blocks, and achieves authentication verification consistency through digital signatures and perturbation path restoration. It has the advantages of an unforgeable authentication process, fine-grained access control, and traceable authentication results, significantly improving the operational security and reliability of battery management systems in offline or semi-networked environments. It can effectively prevent unauthorized access and tampering, and meet the technical requirements for high-level access control of critical equipment.

[0006] A dynamic password security verification method for a battery management system according to an embodiment of the present invention includes the following steps:

[0007] S1. Deploy dynamic authentication in the battery management system control board and uniquely configure an asymmetric key pair for each control board;

[0008] S2. Collect the unique serial number of the acquisition control board and the current system time, input the multi-layer mapping dynamic disturbance algorithm, and generate authentication data blocks;

[0009] S3. The control board calls the private key to perform digital signature operation on the authentication data block to obtain the signature value. The signature value and the corresponding timestamp are used as a set of authentication records, which are stored in the local security chip in an encrypted manner, and the validity period is set for the authentication record.

[0010] S4. The control board displays the remaining validity period of the current authentication record in real time on the local display screen;

[0011] S5. After the host computer software starts, it prompts for a static password. After successful verification, read-only access is granted, and advanced authentication requests to access the control board are allowed.

[0012] S6. When maintenance personnel initiate an advanced authentication request through the host computer software, the host computer software sends the unique serial number of the control board and the current system time to the administrator. The administrator then uses the dynamic password generation program to generate a dynamic password.

[0013] S7. After receiving the dynamic password, the host computer verifies the signature consistency by combining the authentication record with the control board's public key. If the verification is successful, advanced permissions are granted.

[0014] Optionally, S1 specifically includes:

[0015] S11. During the control board manufacturing stage, each control board is assigned a globally unique device identification code. The device identification code is uniformly generated by the host system and is used to identify the unique identity of the control board.

[0016] S12. After receiving the device identification code, the control board generates an asymmetric key pair based on the device identification code and the random factor generated by the system.

[0017] S13. The generated private key is written to the local security chip of the control board through the protected write interface;

[0018] S14. The control board transmits the generated public key to the host computer software system in a secure manner.

[0019] S15. After receiving the public key from the control board, the host computer establishes a binding relationship between the public key and the corresponding device identification code, and enters it into the key mapping database of the authentication system.

[0020] S16. Once the generation of the device identifier code, the generation of the key pair, the secure writing of the private key, and the transmission of the public key are all completed, the control board enters the authentication preparation state.

[0021] Optionally, S2 specifically includes:

[0022] S21. During operation, the control board obtains the unique serial number and current system time of the device. The unique serial number is fixed inside the control board at the factory and is used to uniquely identify the device. The current system time is provided by the local clock and records the current operation time.

[0023] S22. An authentication data block is generated using a multi-layer mapping dynamic perturbation algorithm. A unique sequence number is input into a first perturbation function, which is then executed. The multi-layer mapping dynamic perturbation algorithm includes a first perturbation function, a second perturbation function, a first mapping function, and a second mapping function.

[0024] The sequence number is divided into multiple fixed-length sub-segments, and each sub-segment is subjected to cyclic displacement perturbation;

[0025] A character mapping table is used to perform multi-round substitution encoding on the perturbed sub-segments;

[0026] The result of the replacement encoding is hash-compressed and byte-level reassembled to generate the first perturbation factor;

[0027] S23. Input the current system time into the second perturbation function, split the timestamp into multiple sub-values ​​based on the time granularity, perform bit reversal, numerical offset and perturbation coding processing on each sub-value, and further splice them to form the second perturbation factor. The second perturbation factor has a clear time window and timeliness characteristics.

[0028] S24. Perform logical bit combination operations on the first perturbation factor and the second perturbation factor, including XOR mixing and structural splicing, divide the splicing result into multiple logical blocks, inject perturbation seeds into each block and reorganize the bit order to generate a hybrid key.

[0029] S25. Input the hybrid key into the first mapping function, reconstruct the input into a structure data format, perform mapping replacement and spatial rotation operations on the structure, and after perturbation, compress and encode the overall structure to generate intermediate variables.

[0030] S26. Input the intermediate variables into the second mapping function, perform structural perturbation processing, and generate an authentication data block. The structural perturbation processing includes:

[0031] Perform field order rearrangement on the data segments in the intermediate variables;

[0032] Break the data within a field into bytes or characters and cross-mix it into other fields;

[0033] Multiple fields are interleaved by parity, and predefined interference bits or redundant coding labels are inserted.

[0034] Optionally, S3 specifically includes:

[0035] S31. After generating the authentication data block, the control board receives request summary information related to the current operation and maintenance from the host computer. The request summary information is calculated and generated based on the operation command, the target module path and parameter feature content.

[0036] S32. The control panel merges the request digest information with the authentication data block to construct the authentication complex;

[0037] S33, The control board retrieves the device's private key from the local security chip;

[0038] S34. The control board takes the authentication complex as input, performs a signature operation using the private key, and generates a signature result.

[0039] S35. The control board obtains the current system time as the timestamp for this signature operation, and packages it together with the authentication complex and the signature result into a complete authentication record.

[0040] S36. The control board sets the validity period of the authentication record, which is 1 hour by default. It supports setting a custom duration of no more than 24 hours according to the control command of the host computer. The system determines whether the authentication record is valid based on the timestamp and the validity period.

[0041] S37. The control board encrypts the complete authentication record, including the authentication complex, signature result, generation time and validity period, and writes the encrypted authentication record into the dedicated authentication storage area of ​​the local security chip.

[0042] When a dynamic password is updated or regenerated, the control panel uses the new authentication complex to re-execute the signature operation and generate a new authentication record, replacing the original record, thus supporting the renewal of dynamic passwords and the security control of continuous validity of permissions.

[0043] S38. After the authentication record is written, it automatically enters the activation state. The control board starts the validity period monitoring logic. When the local time exceeds the validity period, the record is automatically marked as invalid and prohibited from being used for any verification operation. The system will also display "Authentication expired" on the local screen to remind the operation and maintenance personnel to perform authentication update or reset operations.

[0044] Optionally, S4 further includes:

[0045] When the remaining valid time is less than or equal to 10 minutes, a countdown prompt "Authentication Remaining: X minutes" will be displayed;

[0046] When the validity period expires, it will display "Certification expired" and continue to flash until the certification record is updated or the system enters the reset process;

[0047] When a dynamic password expires, a new dynamic password must be requested from the administrator to ensure authentication security.

[0048] Optionally, S6 specifically includes:

[0049] S61. When maintenance personnel initiate an advanced authentication request through the host computer software, the host computer software sends the control board's unique serial number and the current system time to the administrator.

[0050] S62. The administrator uses an independent dynamic password generation program to generate a dynamic password by inputting a unique serial number and the current system time. The dynamic password generation program uses the same multi-layer mapping dynamic disturbance algorithm as the control board.

[0051] The dynamic password generation process is consistent with the authentication data block generation process of the control board;

[0052] After generating a dynamic password, administrators need to manually confirm the sending operation to ensure the controllability of the operation.

[0053] S63. The administrator sends the generated dynamic password to the maintenance personnel in a secure manner;

[0054] S64. Record the generation information of this dynamic password through the dynamic password generation program, and store the recorded information in a security database. The generation information includes:

[0055] Applicant Identity: Records the identity information of the operations and maintenance personnel who initiated the advanced authentication request;

[0056] Application time: Records the specific time when the dynamic password was generated;

[0057] Application duration: Records the validity period of the dynamic password, which is set by the administrator;

[0058] Associated Device: Records the control board device identifier code corresponding to the dynamic password.

[0059] Optionally, S7 specifically includes:

[0060] S71. After generating the dynamic password, receive the signature value and original authentication data structure contained in the current authentication record from the control board. The original authentication data structure includes the control board's first perturbation factor, second perturbation factor, and authentication level identifier.

[0061] S72. The host computer software reads the public key that matches the control board from the local device parameters and verifies the dynamic password and signature value. Before verification, the host computer software determines the authentication type corresponding to the current authentication record by parsing the authentication level identifier.

[0062] S73. In the dynamic password structure, the host computer software additionally extracts the perturbation path instruction set, which includes character perturbation, logical order perturbation and cross-substitution method introduced during the generation of the dynamic password, and dynamically restores the signature input structure on the control board side.

[0063] S74. The host computer software reconstructs the dynamic cryptographic structure based on the extracted disturbance path instruction set, and uses the local public key to digitally verify the signature value returned by the control board, and determines whether the authentication data is consistent. If the verification is successful, it confirms that it is consistent with the original structure signed by the control board using the private key.

[0064] S75. After successful verification and while the authentication record is still within its valid time frame, grant advanced privileges and record this authentication event in the authentication log. At the same time, associate the dynamic password generation record with the authentication event.

[0065] S76. If signature verification fails or the authentication record has expired, the system will stop the authentication process and immediately block the operation and maintenance access. The user interface will display a failure message, and the authentication failure operation will be automatically restricted, and no command will be allowed to be executed.

[0066] S77. After each authentication failure event, the host computer software records a failure log, which includes an authentication structure summary, failure time, input data source, expected authentication level, and system status flags, and performs security backtracking processing.

[0067] Optional, also includes:

[0068] When the number of consecutive authentication failures by the host computer reaches a preset threshold, the control board automatically locks the authentication verification interface for a set period of time and records the time and input content of each failure.

[0069] When the authentication record expires and is not updated, the control board rejects all unauthenticated commands and continuously displays "Authentication expired" on the local screen. The maintenance personnel can trigger the authentication reset process through the local reset button or the emergency entry of the host computer software. The control board will re-collect the current system time and combine it with the device serial number to generate a new authentication data block, perform signature calculation to generate a new signature value, and update it together with the timestamp and validity period to form a new authentication record, thereby restoring the authentication function.

[0070] A dynamic password security verification system for a battery management system according to an embodiment of the present invention includes:

[0071] The key and identity initialization module is used to uniquely configure an asymmetric key pair for each control board;

[0072] The authentication data generation module is used to collect the unique serial number of the control board and the current system time, and generate authentication data blocks through a multi-layer mapping dynamic perturbation algorithm.

[0073] The signature and record module is used to perform digital signature operations on the authentication data block using the private key, generate a signature value, store the signature value and timestamp together in the local security chip, and set the validity period of the authentication record;

[0074] The status display and control module is used to display the remaining validity period of the authentication record in real time on a local display screen. When the validity period is approaching, a countdown prompt is displayed, and when the validity period expires, a "Authentication expired" prompt is displayed.

[0075] Dynamic Password Generation and Management Module: Independently generates dynamic passwords, records the generation information of dynamic passwords, and manages the usage permissions of dynamic passwords;

[0076] The dynamic password verification module is used to receive the generated dynamic password, perform digital signature verification on the signature value using a preset public key, and control system permissions based on the authentication result.

[0077] The logging and security management module is used to record authentication events and automatically block the operation and maintenance access when authentication fails, record error information and trigger security backtracking.

[0078] Optionally, the dynamic password generation and management module includes:

[0079] Dynamic password generation program: uses the same algorithm as the control panel to generate dynamic passwords;

[0080] User login verification module: Ensures that only authorized administrators can use this program;

[0081] Recording module: Records information about each dynamic password generation;

[0082] Security control module: Controls the frequency of dynamic password generation and sending operations to ensure security.

[0083] The beneficial effects of this invention are:

[0084] The dynamic password security verification method and system for battery management systems provided by this invention significantly improve the security and robustness of the local authentication process by introducing a multi-layer mapping perturbation algorithm, an asymmetric encryption mechanism, and time-dynamically generated authentication data blocks. Compared with traditional static password or fixed device identification authentication methods, this invention can generate an authentication data structure with high entropy and timeliness based on the unique serial number of the control board and the current system time, ensuring that each authentication request is unique and unpredictable, and effectively avoiding the risk of authentication credentials being replayed, forged, or brute-forced.

[0085] Meanwhile, this invention achieves complete reconstruction of the control board's authentication data structure by the host computer through dynamic restoration technology of the perturbation path instruction set and authentication data structure, ensuring that the public key verification process has structural consistency and data integrity. This solves the weaknesses of traditional methods in terms of structural matching and authentication data consistency verification. In addition, the introduction of authentication level identifiers enables fine-grained control of authentication permissions, allowing the system to not only verify the legality of authentication but also dynamically divide the authorization scope of operation and maintenance based on the authentication results, thereby improving the overall access control capability of the system.

[0086] Furthermore, this invention supports local encrypted storage and validity period management of authentication records, and provides real-time authentication status prompts through a local display screen, improving the visibility and manageability of the system during operation and maintenance. In the event of authentication failure or timeout, the system's defense against malicious operations is effectively enhanced through interface locking, log backtracking, and security reset mechanisms. Attached Figure Description

[0087] The accompanying drawings are provided to further illustrate the invention and form part of the specification. They are used in conjunction with embodiments of the invention to explain the invention and do not constitute a limitation thereof. In the drawings:

[0088] Figure 1 This is a flowchart of a dynamic password security verification method for a battery management system proposed in this invention;

[0089] Figure 2This is a schematic diagram of the structure of a multi-layer mapping dynamic perturbation algorithm for a dynamic cryptographic security verification method for a battery management system proposed in this invention.

[0090] Figure 3 This is a functional block diagram of a dynamic password security verification system for a battery management system proposed in this invention. Detailed Implementation

[0091] The present invention will now be described in further detail with reference to the accompanying drawings. These drawings are simplified schematic diagrams, illustrating only the basic structure of the invention, and therefore only show the components relevant to the invention.

[0092] refer to Figure 1-3 A dynamic password security verification method for a battery management system includes the following steps:

[0093] S1. Deploy dynamic authentication in the battery management system control board and uniquely configure an asymmetric key pair for each control board;

[0094] S2. Collect the unique serial number of the acquisition control board and the current system time, input the multi-layer mapping dynamic disturbance algorithm, and generate authentication data blocks;

[0095] S3. The control board calls the private key to perform digital signature operation on the authentication data block to obtain the signature value. The signature value and the corresponding timestamp are used as a set of authentication records, which are stored in the local security chip in an encrypted manner, and the validity period is set for the authentication record.

[0096] S4. The control board displays the remaining validity period of the current authentication record in real time on the local display screen;

[0097] S5. After the host computer software starts, it prompts for a static password. After successful verification, read-only access is granted, and advanced authentication requests to access the control board are allowed.

[0098] S6. When maintenance personnel initiate an advanced authentication request through the host computer software, the host computer software sends the unique serial number of the control board and the current system time to the administrator. The administrator then uses the dynamic password generation program to generate a dynamic password.

[0099] S7. After receiving the dynamic password, the host computer verifies the signature consistency by combining the authentication record with the control board's public key. If the verification is successful, advanced permissions are granted.

[0100] This invention constructs a complete dynamic cryptographic security verification method for battery management systems. Based on a combination of device uniqueness and time-dynamic characteristics, it generates authentication data blocks and performs asymmetric digital signatures. Combined with public key verification by the host computer, it achieves a high-strength identity authentication mechanism. This method can effectively resist security risks such as replay attacks, forged authentication, and unauthorized operations, ensuring the security of access and communication between the control board and the host computer. The authentication process features dynamic updates, authentication data structure perturbation, and signature binding, significantly improving the security and controllability of the battery management system in offline or semi-networked scenarios.

[0101] In this embodiment, S1 specifically includes:

[0102] S11. During the control board manufacturing stage, each control board is assigned a globally unique device identification code. The device identification code is uniformly generated by the host system and is used to identify the unique identity of the control board.

[0103] S12. After receiving the device identification code, the control board generates an asymmetric key pair based on the device identification code and the random factor generated by the system.

[0104] S13. The generated private key is written to the local security chip of the control board through the protected write interface;

[0105] S14. The control board transmits the generated public key to the host computer software system in a secure manner.

[0106] S15. After receiving the public key from the control board, the host computer establishes a binding relationship between the public key and the corresponding device identification code, and enters it into the key mapping database of the authentication system.

[0107] S16. Once the generation of the device identifier code, the generation of the key pair, the secure writing of the private key, and the transmission of the public key are all completed, the control board enters the authentication preparation state.

[0108] This invention embeds the device identifier and key pair generation process during the control board manufacturing stage. It generates asymmetric key pairs by combining a unique identifier code with a system random factor, and completes the key management process through controlled writing, public key binding, and mapping database registration. This effectively ensures the security and uniqueness of key pair generation. This mechanism can prevent private key leakage and forgery, enhance the identity integrity management of the control board throughout its life cycle, and provide strong encryption support for subsequent authentication processes. It is a key link in achieving an immutable foundation for end-to-end identity verification.

[0109] In this embodiment, S2 specifically includes:

[0110] S21. During operation, the control board obtains the unique serial number and current system time of the device. The unique serial number is fixed inside the control board at the factory and is used to uniquely identify the device. The current system time is provided by the local clock and records the current operation time.

[0111] S22. An authentication data block is generated using a multi-layer mapping dynamic perturbation algorithm. A unique sequence number is input into a first perturbation function, which is then executed. The multi-layer mapping dynamic perturbation algorithm includes a first perturbation function, a second perturbation function, a first mapping function, and a second mapping function.

[0112] The sequence number is divided into multiple fixed-length sub-segments, and each sub-segment is subjected to cyclic displacement perturbation;

[0113] A character mapping table is used to perform multi-round substitution encoding on the perturbed sub-segments;

[0114] The result of the replacement encoding is hash-compressed and byte-level reassembled to generate the first perturbation factor;

[0115] S23. Input the current system time into the second perturbation function, split the timestamp into multiple sub-values ​​based on the time granularity, perform bit reversal, numerical offset and perturbation coding processing on each sub-value, and further splice them to form the second perturbation factor. The second perturbation factor has a clear time window and timeliness characteristics.

[0116] S24. Perform logical bit combination operations on the first perturbation factor and the second perturbation factor, including XOR mixing and structural splicing, divide the splicing result into multiple logical blocks, inject perturbation seeds into each block and reorganize the bit order to generate a hybrid key.

[0117] S25. Input the hybrid key into the first mapping function, reconstruct the input into a structure data format, perform mapping replacement and spatial rotation operations on the structure, and after perturbation, compress and encode the overall structure to generate intermediate variables.

[0118] S26. Input the intermediate variables into the second mapping function, perform structural perturbation processing, and generate an authentication data block. The structural perturbation processing includes:

[0119] Perform field order rearrangement on the data segments in the intermediate variables;

[0120] Break the data within a field into bytes or characters and cross-mix it into other fields;

[0121] Multiple fields are interleaved by parity, and predefined interference bits or redundant coding labels are inserted.

[0122] This invention uses a multi-layer mapping dynamic perturbation algorithm to process the unique serial number and the current system time into a first perturbation factor and a second perturbation factor, respectively. By using perturbation functions, logic mixing, structure mapping, and data reorganization, it generates authentication data blocks that are both device-unique and time-sensitive. By introducing complex processing methods such as character replacement, displacement perturbation, and cross-coding, it increases the irreversibility and anti-reverse capability of the authentication structure. The authentication data exhibits high dynamism at the structural level, making it virtually impossible to illegally counterfeit authentication content, thus enhancing the uniqueness and timeliness security of the authentication data blocks.

[0123] In this embodiment, S3 specifically includes:

[0124] S31. After generating the authentication data block, the control board receives request summary information related to the current operation and maintenance from the host computer. The request summary information is calculated and generated based on the operation command, the target module path and parameter feature content.

[0125] S32. The control panel merges the request digest information with the authentication data block to construct the authentication complex;

[0126] S33, The control board retrieves the device's private key from the local security chip;

[0127] S34. The control board takes the authentication complex as input, performs a signature operation using the private key, and generates a signature result.

[0128] S35. The control board obtains the current system time as the timestamp for this signature operation, and packages it together with the authentication complex and the signature result into a complete authentication record.

[0129] S36. The control board sets the validity period of the authentication record, which is 1 hour by default. It supports setting a custom duration of no more than 24 hours according to the control command of the host computer. The system determines whether the authentication record is valid based on the timestamp and the validity period.

[0130] S37. The control board encrypts the complete authentication record, including the authentication complex, signature result, generation time and validity period, and writes the encrypted authentication record into the dedicated authentication storage area of ​​the local security chip.

[0131] When a dynamic password is updated or regenerated, the control panel uses the new authentication complex to re-execute the signature operation and generate a new authentication record, replacing the original record, thus supporting the renewal of dynamic passwords and the security control of continuous validity of permissions.

[0132] S38. After the authentication record is written, it automatically enters the activation state. The control board starts the validity period monitoring logic. When the local time exceeds the validity period, the record is automatically marked as invalid and prohibited from being used for any verification operation. The system will also display "Authentication expired" on the local screen to remind the operation and maintenance personnel to perform authentication update or reset operations.

[0133] This invention introduces request digest information after the authentication data is generated and merges it with the authentication data block to construct an authentication complex. Then, it performs digital signing using the device's private key to ensure that the authentication behavior is related to and unique with the specific operation request. This process enhances the ability of authentication records to bind to contextual operations and prevents authentication information from being reused in other scenarios. Through timestamp encryption and validity period management mechanisms, the control board can achieve full lifecycle control of authentication records, avoid the abuse of expired information, and effectively improve the system's anti-tampering capabilities and the traceability of authentication events.

[0134] In this embodiment, S4 further includes:

[0135] When the remaining valid time is less than or equal to 10 minutes, a countdown prompt "Authentication Remaining: X minutes" will be displayed;

[0136] When the validity period expires, it will display "Certification expired" and continue to flash until the certification record is updated or the system enters the reset process;

[0137] When a dynamic password expires, a new dynamic password must be requested from the administrator to ensure authentication security.

[0138] In this embodiment, S6 specifically includes:

[0139] S61. When maintenance personnel initiate an advanced authentication request through the host computer software, the host computer software sends the control board's unique serial number and the current system time to the administrator.

[0140] S62. The administrator uses an independent dynamic password generation program to generate a dynamic password by inputting a unique serial number and the current system time. The dynamic password generation program uses the same multi-layer mapping dynamic disturbance algorithm as the control board.

[0141] The dynamic password generation process is consistent with the authentication data block generation process of the control board;

[0142] After generating a dynamic password, administrators need to manually confirm the sending operation to ensure the controllability of the operation.

[0143] S63. The administrator sends the generated dynamic password to the maintenance personnel in a secure manner;

[0144] S64. Record the generation information of this dynamic password through the dynamic password generation program, and store the recorded information in a security database. The generation information includes:

[0145] Applicant Identity: Records the identity information of the operations and maintenance personnel who initiated the advanced authentication request;

[0146] Application time: Records the specific time when the dynamic password was generated;

[0147] Application duration: Records the validity period of the dynamic password, which is set by the administrator;

[0148] Associated Device: Records the control board device identifier code corresponding to the dynamic password.

[0149] In this embodiment, S7 specifically includes:

[0150] S71. After generating the dynamic password, receive the signature value and original authentication data structure contained in the current authentication record from the control board. The original authentication data structure includes the control board's first perturbation factor, second perturbation factor, and authentication level identifier.

[0151] S72. The host computer software reads the public key that matches the control board from the local device parameters and verifies the dynamic password and signature value. Before verification, the host computer software determines the authentication type corresponding to the current authentication record by parsing the authentication level identifier.

[0152] S73. In the dynamic password structure, the host computer software additionally extracts the perturbation path instruction set, which includes character perturbation, logical order perturbation and cross-substitution method introduced during the generation of the dynamic password, and dynamically restores the signature input structure on the control board side.

[0153] S74. The host computer software reconstructs the dynamic cryptographic structure based on the extracted disturbance path instruction set, and uses the local public key to digitally verify the signature value returned by the control board, and determines whether the authentication data is consistent. If the verification is successful, it confirms that it is consistent with the original structure signed by the control board using the private key.

[0154] S75. After successful verification and while the authentication record is still within its valid time frame, grant advanced privileges and record this authentication event in the authentication log. At the same time, associate the dynamic password generation record with the authentication event.

[0155] S76. If signature verification fails or the authentication record has expired, the system will stop the authentication process and immediately block the operation and maintenance access. The user interface will display a failure message, and the authentication failure operation will be automatically restricted, and no command will be allowed to be executed.

[0156] S77. After each authentication failure event, the host computer software records a failure log, which includes an authentication structure summary, failure time, input data source, expected authentication level, and system status flags, and performs security backtracking processing.

[0157] This embodiment also includes:

[0158] When the number of consecutive authentication failures by the host computer reaches a preset threshold, the control board automatically locks the authentication verification interface for a set period of time and records the time and input content of each failure.

[0159] When the authentication record expires and is not updated, the control board rejects all unauthenticated commands and continuously displays "Authentication expired" on the local screen. The maintenance personnel can trigger the authentication reset process through the local reset button or the emergency entry of the host computer software. The control board will re-collect the current system time and combine it with the device serial number to generate a new authentication data block, perform signature calculation to generate a new signature value, and update it together with the timestamp and validity period to form a new authentication record, thereby restoring the authentication function.

[0160] This invention designs a complete authentication failure and response mechanism. After authentication expires or fails repeatedly, the interface is automatically blocked to restrict operation and maintenance access, ensuring that the system cannot be exploited by abnormal or malicious operations. The authentication reset process is triggered by the reset button or emergency entry, allowing the authentication function to be restored and the authentication data block and signature to be regenerated. This effectively reduces the security risks caused by human intervention. Through dual triggering and automatic recovery functions, this mechanism provides an emergency handling method that balances security and operation and maintenance flexibility, significantly enhancing the fault tolerance and self-recovery capability of the authentication process in abnormal scenarios.

[0161] A dynamic password security verification system for a battery management system, comprising:

[0162] The key and identity initialization module is used to uniquely configure an asymmetric key pair for each control board;

[0163] The authentication data generation module is used to collect the unique serial number of the control board and the current system time, and generate authentication data blocks through a multi-layer mapping dynamic perturbation algorithm.

[0164] The signature and record module is used to perform digital signature operations on the authentication data block using the private key, generate a signature value, store the signature value and timestamp together in the local security chip, and set the validity period of the authentication record;

[0165] The status display and control module is used to display the remaining validity period of the authentication record in real time on a local display screen. When the validity period is approaching, a countdown prompt is displayed, and when the validity period expires, a "Authentication expired" prompt is displayed.

[0166] Dynamic Password Generation and Management Module: Independently generates dynamic passwords, records the generation information of dynamic passwords, and manages the usage permissions of dynamic passwords;

[0167] The dynamic password verification module is used to receive the generated dynamic password, perform digital signature verification on the signature value using a preset public key, and control system permissions based on the authentication result.

[0168] The logging and security management module is used to record authentication events and automatically block the operation and maintenance access when authentication fails, record error information and trigger security backtracking.

[0169] The dynamic cryptographic security verification system proposed in this invention integrates modular functions such as key initialization, authentication data generation, signature calculation, status display, verification permission control, and log recording to form a complete end-to-end authentication system. The system has a dynamic perturbation structure, operation request binding authentication, and failure and reset mechanisms, and supports high-precision permission management and security traceability. The system can run independently on the edge control board of the battery management system, and has high self-sufficiency and low dependence, providing strong operation and maintenance security protection for the battery system in complex environments and improving the overall protection level and reliability of the system.

[0170] In this embodiment, the dynamic password generation and management module includes:

[0171] Dynamic password generation program: uses the same algorithm as the control panel to generate dynamic passwords;

[0172] User login verification module: Ensures that only authorized administrators can use this program;

[0173] Recording module: Records information about each dynamic password generation;

[0174] Security control module: Controls the frequency of dynamic password generation and sending operations to ensure security.

[0175] Example 1:

[0176] To verify the feasibility of this invention in practice, it was applied to the battery management system of an energy storage power station. This energy storage power station uses more than 15,000 lithium iron phosphate battery cells, distributed across more than 240 battery clusters. The battery management system adopts a distributed structure, and on-site maintenance is frequent. It is necessary to ensure the security, timeliness, and consistency of every remote access and local maintenance process. Traditional authentication methods using static passwords or fixed-period passwords have the following problems: high risk of password leakage, lack of binding of maintenance records, lack of timeliness awareness in the authentication process, making it difficult to track illegal intrusions, and posing security risks to equipment control.

[0177] In this scenario, maintenance personnel access the BMS system via host computer software to perform maintenance operations on the battery clusters. Before each connection, the control board first collects the current system time and device serial number, and generates an authentication data block using the multi-layer mapping dynamic perturbation algorithm provided by this invention. The authentication data block integrates the current time window and the device's unique identifier, and after structural perturbation and reassembly, uses the control board's embedded private key to complete the signing operation. The generated authentication record is automatically stored in the control board's security chip and displays the remaining valid time in a graphical interface. Maintenance personnel read the current timestamp from the interface, input it to the host computer, the system generates the target authentication data block, verifies the signature's legality using the public key, and executes instructions under authentication level control.

[0178] To verify the performance of this invention, it was compared with the performance of existing authentication mechanisms. The comparison results are shown in Table 1.

[0179] Table 1. Performance Comparison of Dynamic Authentication System and Existing Authentication Mechanisms

[0180]

[0181]

[0182] Regarding authentication time, although the average authentication time of this invention is 1.8 seconds, which is slightly higher than the 0.8 seconds of the static cryptography mechanism, it is still within an acceptable range while improving security performance. This is because this invention introduces a dynamic perturbation algorithm and multi-layer mapping processing, and also performs structure reconstruction and signature verification operations, which increases data integrity protection. Sacrificing some response time for a higher level of security is a reasonable trade-off.

[0183] In terms of signature verification pass rate, this invention achieved 92.4%, higher than the 81.6% of traditional static password mechanisms and also higher than the 89.2% of fixed-period password mechanisms. This indicates that the authentication data block generated by this invention has consistency and tamper-proof capabilities with the private key signature mechanism, reducing the probability of authentication failure due to forgery, loss, password leakage, etc.

[0184] Regarding the false authentication rate, this invention achieves only 2.1%, while traditional static passwords reach as high as 12.5%, and even fixed-period mechanisms reach 7.4%. This is because this invention employs a dynamic perturbation path and context binding mechanism, which not only requires correct input authentication data but also requires it to match the current operation intent, thus effectively avoiding erroneous operations.

[0185] Regarding the risk of instruction reuse, i.e., the replay attack rate, this invention has a rate of 0.0%, while traditional static passwords have a rate of 6.3%, and fixed-period mechanisms have a rate of 3.8%. This is because the authentication records of this invention have explicit timestamps, perturbation factors, and context-bound digests, and automatically expire after their validity period, making them impossible to reuse or replay.

[0186] Regarding the integrity of the authentication record structure, this invention is the only one of the three that supports a complete binding mechanism of "authentication data block + request digest + timestamp", ensuring the contextual consistency of the authentication content and preventing forgery and mismatch.

[0187] In terms of flexibility, this invention supports dynamic validity period settings from 1 hour to 24 hours, which is far superior to the traditional mechanism of "no validity period" or "fixed time period". The authentication window can be flexibly adjusted according to the operation and maintenance strategy to meet more diverse scenario needs.

[0188] Furthermore, this invention can provide an average of 2-3 log-based early warning responses per day, significantly improving the system's self-protection capabilities. In contrast, traditional mechanisms lack robust logging and blocking logic, resulting in information gaps and difficulties in post-event tracing.

[0189] In terms of access control, this invention dynamically assigns permissions through authentication level identifiers, supporting two permission levels: "read-only" and "full control," which is far more secure and manageable than traditional single-level authentication.

[0190] Meanwhile, this invention uses a perturbation algorithm to encrypt and scramble the authentication structure itself, making it difficult to be identified by reverse engineering and to restore the original identity information or timestamp, which is not present in traditional mechanisms.

[0191] In terms of system resource consumption, this invention uses only 1.2MB of memory, which is relatively high but still lightweight, and is fully applicable to the current mainstream BMS embedded hardware environment.

[0192] The above description is only a preferred embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any equivalent substitutions or modifications made by those skilled in the art within the scope of the technology disclosed in the present invention, based on the technical solution and inventive concept of the present invention, should be covered within the scope of protection of the present invention.

Claims

1. A dynamic password security verification method for a battery management system, characterized in that, Includes the following steps: S1. Deploy dynamic authentication in the battery management system control board and uniquely configure an asymmetric key pair for each control board; S2. Collect the unique serial number of the acquisition control board and the current system time, input the multi-layer mapping dynamic disturbance algorithm, and generate authentication data blocks; S3. The control board calls the private key to perform digital signature operation on the authentication data block to obtain the signature value. The signature value and the corresponding timestamp are used as a set of authentication records, which are stored in the local security chip in an encrypted manner, and the validity period is set for the authentication record. S4. The control board displays the remaining validity period of the current authentication record in real time on the local display screen; S5. After the host computer software starts, it prompts for a static password. After successful verification, read-only access is granted, and advanced authentication requests to access the control board are allowed. S6. When maintenance personnel initiate an advanced authentication request through the host computer software, the host computer software sends the unique serial number of the control board and the current system time to the administrator. The administrator then uses the dynamic password generation program to generate a dynamic password. S7. After receiving the dynamic password, the host computer verifies the signature consistency by combining the authentication record with the control board's public key. If the verification is successful, advanced permissions are granted. The dynamic password generation program uses the same multi-layer mapping dynamic perturbation algorithm as the control board. S1 specifically includes: S11. During the control board manufacturing stage, each control board is assigned a globally unique device identification code. The device identification code is uniformly generated by the host system and is used to identify the unique identity of the control board. S12. After receiving the device identification code, the control board generates an asymmetric key pair based on the device identification code and the random factor generated by the system. S13. The generated private key is written to the local security chip of the control board through the protected write interface; S14. The control board transmits the generated public key to the host computer software system in a secure manner. S15. After receiving the public key from the control board, the host computer establishes a binding relationship between the public key and the corresponding device identification code, and enters it into the key mapping database of the authentication system. S16. Once the generation of the device identifier code, the generation of the key pair, the secure writing of the private key, and the transmission of the public key are all completed, the control board enters the authentication preparation state. S2 specifically includes: S21. During operation, the control board obtains the unique serial number and current system time of the device. The unique serial number is fixed inside the control board at the factory and is used to uniquely identify the device. The current system time is provided by the local clock and records the current operation time. S22. An authentication data block is generated using a multi-layer mapping dynamic perturbation algorithm. A unique sequence number is input into a first perturbation function, which is then executed. The multi-layer mapping dynamic perturbation algorithm includes a first perturbation function, a second perturbation function, a first mapping function, and a second mapping function. The sequence number is divided into multiple fixed-length sub-segments, and each sub-segment is subjected to cyclic displacement perturbation; A character mapping table is used to perform multi-round substitution encoding on the perturbed sub-segments; The result of the replacement encoding is hash-compressed and byte-level reassembled to generate the first perturbation factor; S23. Input the current system time into the second perturbation function, split the timestamp into multiple sub-values ​​based on the time granularity, perform bit reversal, numerical offset and perturbation coding processing on each sub-value, and further splice them to form the second perturbation factor. The second perturbation factor has a clear time window and timeliness characteristics. S24. Perform logical bit combination operations on the first perturbation factor and the second perturbation factor, including XOR mixing and structural splicing, divide the splicing result into multiple logical blocks, inject perturbation seeds into each block and reorganize the bit order to generate a hybrid key. S25. Input the hybrid key into the first mapping function, reconstruct the input into a structure data format, perform mapping replacement and spatial rotation operations on the structure, and after perturbation, compress and encode the overall structure to generate intermediate variables. S26. Input the intermediate variables into the second mapping function, perform structural perturbation processing, and generate an authentication data block. The structural perturbation processing includes: Perform field order rearrangement on the data segments in the intermediate variable; Break the data within a field into bytes or characters and cross-mix it into other fields; Multiple fields are interleaved and mixed in an even / odd manner, and predefined interference bits or redundant coding tags are inserted. Specifically, S7 includes: S71. After generating the dynamic password, receive the signature value and original authentication data structure contained in the current authentication record from the control board. The original authentication data structure includes the control board's first perturbation factor, second perturbation factor, and authentication level identifier. S72. The host computer software reads the public key that matches the control board from the local device parameters and verifies the dynamic password and signature value. Before verification, the host computer software determines the authentication type corresponding to the current authentication record by parsing the authentication level identifier. S73. In the dynamic password structure, the host computer software additionally extracts the perturbation path instruction set, which includes character perturbation, logical order perturbation and cross-substitution method introduced during the generation of the dynamic password, and dynamically restores the signature input structure on the control board side. S74. The host computer software reconstructs the dynamic cryptographic structure based on the extracted disturbance path instruction set, and uses the local public key to digitally verify the signature value returned by the control board, and determines whether the authentication data is consistent. If the verification is successful, it confirms that it is consistent with the original structure signed by the control board using the private key. S75. After successful verification and while the authentication record is still within its valid time frame, grant advanced privileges and record this authentication event in the authentication log. At the same time, associate the dynamic password generation record with the authentication event. S76. If signature verification fails or the authentication record has expired, the system will stop the authentication process and immediately block the operation and maintenance access. The user interface will display a failure message, and the authentication failure operation will be automatically restricted, and no command will be allowed to be executed. S77. After each authentication failure event, the host computer software records a failure log, which includes an authentication structure summary, failure time, input data source, expected authentication level, and system status flags, and performs security backtracking processing.

2. The dynamic password security verification method for a battery management system according to claim 1, characterized in that, S3 specifically includes: S31. After generating the authentication data block, the control board receives request summary information related to the current operation and maintenance from the host computer. The request summary information is calculated and generated based on the operation command, the target module path and parameter feature content. S32. The control panel merges the request digest information with the authentication data block to construct the authentication complex; S33, The control board retrieves the device's private key from the local security chip; S34. The control board takes the authentication complex as input, performs a signature operation using the private key, and generates a signature result. S35. The control board obtains the current system time as the timestamp for this signature operation, and packages it together with the authentication complex and the signature result into a complete authentication record. S36. The control board sets the validity period of the authentication record, which is 1 hour by default. It supports setting a custom duration of no more than 24 hours according to the control command of the host computer. The system determines whether the authentication record is valid based on the timestamp and the validity period. S37. The control board encrypts the complete authentication record, including the authentication complex, signature result, generation time and validity period, and writes the encrypted authentication record into the dedicated authentication storage area of ​​the local security chip. When a dynamic password is updated or regenerated, the control panel uses the new authentication complex to re-execute the signature operation and generate a new authentication record, replacing the original record, thus supporting the renewal of dynamic passwords and the security control of continuous validity of permissions. S38. After the authentication record is written, it automatically enters the activation state. The control board starts the validity period monitoring logic. When the local time exceeds the validity period, the record is automatically marked as invalid and prohibited from being used for any verification operation. The local display screen will prompt "Authentication has expired" to remind the operation and maintenance personnel to perform authentication update or reset operations.

3. The method for dynamic password security authentication for battery management system of claim 1, wherein, S4 further includes: When the remaining valid time is less than or equal to 10 minutes, a countdown prompt "Authentication Remaining: X minutes" will be displayed; When the validity period expires, it will display "Certification expired" and continue to flash until the certification record is updated or the system enters the reset process; When a dynamic password expires, a new dynamic password must be requested from the administrator to ensure authentication security.

4. The method for dynamic password security authentication for battery management system of claim 1, wherein, S6 specifically includes: S61. When maintenance personnel initiate an advanced authentication request through the host computer software, the host computer software sends the control board's unique serial number and the current system time to the administrator. S62. The administrator uses an independent dynamic password generation program to generate a dynamic password by inputting a unique serial number and the current system time. The dynamic password generation program uses the same multi-layer mapping dynamic disturbance algorithm as the control board. The dynamic password generation process is consistent with the authentication data block generation process of the control board; After generating a dynamic password, administrators need to manually confirm the sending operation to ensure the controllability of the operation. S63. The administrator sends the generated dynamic password to the maintenance personnel in a secure manner; S64. Record the generation information of this dynamic password through the dynamic password generation program, and store the recorded information in a security database. The generation information includes: Applicant Identity: Records the identity information of the operations and maintenance personnel who initiated the advanced authentication request; Application time: Records the specific time when the dynamic password was generated; Application duration: Records the validity period of the dynamic password, which is set by the administrator; Associated Device: Records the control board device identifier code corresponding to the dynamic password.

5. The method for dynamic password security verification for battery management system of claim 1, wherein, Also includes: When the number of consecutive authentication failures by the host computer reaches a preset threshold, the control board automatically locks the authentication verification interface for a set period of time and records the time and input content of each failure. When the authentication record expires and is not updated, the control board rejects all unauthenticated commands and continuously displays "Authentication expired" on the local screen. The maintenance personnel can trigger the authentication reset process through the local reset button or the emergency entry of the host computer software. The control board will re-collect the current system time and combine it with the device serial number to generate a new authentication data block, perform signature calculation to generate a new signature value, and update it together with the timestamp and validity period to form a new authentication record, thereby restoring the authentication function.

6. A dynamic password security verification system for a battery management system, performing the dynamic password security verification method for a battery management system according to any one of claims 1 to 4, characterized in that, include: The key and identity initialization module is used to uniquely configure an asymmetric key pair for each control board; The authentication data generation module is used to collect the unique serial number of the control board and the current system time, and generate authentication data blocks through a multi-layer mapping dynamic perturbation algorithm. The signature and record module is used to perform digital signature operations on the authentication data block using the private key, generate a signature value, store the signature value and timestamp together in the local security chip, and set the validity period of the authentication record; The status display and control module is used to display the remaining validity period of the authentication record in real time on a local display screen. When the validity period is approaching, a countdown prompt is displayed, and when the validity period expires, a "Authentication expired" prompt is displayed. Dynamic Password Generation and Management Module: Independently generates dynamic passwords, records the generation information of dynamic passwords, and manages the usage permissions of dynamic passwords; The dynamic password verification module is used to receive the generated dynamic password, perform digital signature verification on the signature value using a preset public key, and control system permissions based on the authentication result. The logging and security management module is used to record authentication events and automatically block the operation and maintenance access when authentication fails, record error information and trigger security backtracking. The dynamic password generation program uses the same multi-layer mapping dynamic perturbation algorithm as the control board. The key and identity initialization module specifically includes: S11. During the control board manufacturing stage, each control board is assigned a globally unique device identification code. The device identification code is uniformly generated by the host system and is used to identify the unique identity of the control board. S12. After receiving the device identification code, the control board generates an asymmetric key pair based on the device identification code and the random factor generated by the system. S13. The generated private key is written to the local security chip of the control board through the protected write interface; S14. The control board transmits the generated public key to the host computer software system in a secure manner. S15. After receiving the public key from the control board, the host computer establishes a binding relationship between the public key and the corresponding device identification code, and enters it into the key mapping database of the authentication system. S16. Once the generation of the device identifier code, the generation of the key pair, the secure writing of the private key, and the transmission of the public key are all completed, the control board enters the authentication preparation state. The authentication data generation module specifically includes: S21. During operation, the control board obtains the unique serial number and current system time of the device. The unique serial number is fixed inside the control board at the factory and is used to uniquely identify the device. The current system time is provided by the local clock and records the current operation time. S22. An authentication data block is generated using a multi-layer mapping dynamic perturbation algorithm. A unique sequence number is input into a first perturbation function, which is then executed. The multi-layer mapping dynamic perturbation algorithm includes a first perturbation function, a second perturbation function, a first mapping function, and a second mapping function. The sequence number is divided into multiple fixed-length sub-segments, and each sub-segment is subjected to cyclic displacement perturbation; A character mapping table is used to perform multi-round substitution encoding on the perturbed sub-segments; The result of the replacement encoding is hash-compressed and byte-level reassembled to generate the first perturbation factor; S23. Input the current system time into the second perturbation function, split the timestamp into multiple sub-values ​​based on the time granularity, perform bit reversal, numerical offset and perturbation coding processing on each sub-value, and further splice them to form the second perturbation factor. The second perturbation factor has a clear time window and timeliness characteristics. S24. Perform logical bit combination operations on the first perturbation factor and the second perturbation factor, including XOR mixing and structural splicing, divide the splicing result into multiple logical blocks, inject perturbation seeds into each block and reorganize the bit order to generate a hybrid key. S25. Input the hybrid key into the first mapping function, reconstruct the input into a structure data format, perform mapping replacement and spatial rotation operations on the structure, and after perturbation, compress and encode the overall structure to generate intermediate variables. S26. Input the intermediate variables into the second mapping function, perform structural perturbation processing, and generate an authentication data block. The structural perturbation processing includes: Perform field order rearrangement on the data segments in the intermediate variables; Break the data within a field into bytes or characters and cross-mix it into other fields; Multiple fields are interleaved and mixed in an even / odd manner, and predefined interference bits or redundant coding tags are inserted. The dynamic password verification module specifically includes: S71. After generating the dynamic password, receive the signature value and original authentication data structure contained in the current authentication record from the control board. The original authentication data structure includes the control board's first perturbation factor, second perturbation factor, and authentication level identifier. S72. The host computer software reads the public key that matches the control board from the local device parameters and verifies the dynamic password and signature value. Before verification, the host computer software determines the authentication type corresponding to the current authentication record by parsing the authentication level identifier. S73. In the dynamic password structure, the host computer software additionally extracts the perturbation path instruction set, which includes character perturbation, logical order perturbation and cross-substitution method introduced during the generation of the dynamic password, and dynamically restores the signature input structure on the control board side. S74. The host computer software reconstructs the dynamic cryptographic structure based on the extracted disturbance path instruction set, and uses the local public key to digitally verify the signature value returned by the control board, and determines whether the authentication data is consistent. If the verification is successful, it confirms that it is consistent with the original structure signed by the control board using the private key. S75. After successful verification and while the authentication record is still within its valid time frame, grant advanced privileges and record this authentication event in the authentication log. At the same time, associate the dynamic password generation record with the authentication event. S76. If signature verification fails or the authentication record has expired, the system will stop the authentication process and immediately block the operation and maintenance access. The user interface will display a failure message, and the authentication failure operation will be automatically restricted, and no command will be allowed to be executed. S77. After each authentication failure event, the host computer software records a failure log, which includes an authentication structure summary, failure time, input data source, expected authentication level, and system status flags, and performs security backtracking processing.

7. The dynamic password security verification system for battery management system of claim 6, wherein, The dynamic password generation and management module includes: Dynamic password generation program: uses the same algorithm as the control panel to generate dynamic passwords; User login verification module: Ensures that only authorized administrators can use this program; Recording module: Records information about each dynamic password generation; Security control module: Controls the frequency of dynamic password generation and sending operations to ensure security.