A power grid internet of things platform gateway device access security management and control system and method

By combining two-way identity authentication and a hierarchical permission model with an LSTM prediction model, the problems of low resource allocation efficiency and untimely response to security vulnerabilities in the security management of gateway devices access in the power grid IoT platform are solved. This ensures the legality and security of device access, optimizes resource utilization, and guarantees the stability and business continuity of the platform.

CN120639504BActive Publication Date: 2026-07-07GUANGZHOU KETENG INFORMATION TECH

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
GUANGZHOU KETENG INFORMATION TECH
Filing Date
2025-08-01
Publication Date
2026-07-07

AI Technical Summary

Technical Problem

Existing methods for managing the security of gateway devices on power grid IoT platforms lack flexible dynamic adjustment and intelligent prediction capabilities, resulting in low resource allocation efficiency, untimely response to security vulnerabilities, and impact on platform stability and business continuity.

Method used

It employs two-way authentication, a hierarchical permission model, and an LSTM prediction model. It generates unique digital certificates for device authentication, divides permission levels based on device type and business data, dynamically adjusts resource allocation, and monitors and handles abnormal behavior in real time.

Benefits of technology

It improves the legality and security of device access, optimizes resource utilization efficiency, ensures platform stability and business continuity, responds promptly to emergencies, and enhances security and efficiency.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN120639504B_ABST
    Figure CN120639504B_ABST
Patent Text Reader

Abstract

The application discloses a kind of power grid Internet of Things platform gateway equipment access security control systems and methods, it is related to the field of security control, including: equipment is generated digital certificate by submitting unique identifier and hardware feature code, and carries out two-way identity authentication with platform;According to device type and business demand, the operating authority is divided for equipment by hierarchical permission model and the real-time data is encrypted protection;System predicts future device access quantity and service type by training LSTM neural network model;Based on the prediction result, the resource allocation proportion of each permission level is dynamically adjusted to meet the demand;When detecting device behavior anomaly, the platform will locate abnormal device and take corresponding security measures.The application has the advantages that: through two-way identity authentication, hierarchical permission model and LSTM prediction, the security access management of power grid Internet of Things platform is realized, the resource allocation is optimized, and the sudden traffic and abnormal behavior are effectively dealt with, the security and efficiency of the platform are improved.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of security management and control, and in particular to a security management and control system and method for a power grid Internet of Things platform gateway device to access the system. Background Technology

[0002] With the rapid development of smart grid and Internet of Things (IoT) technologies, the digital transformation of the power industry is accelerating, and the power grid IoT platform has become a core component of the power system. The integration of IoT devices makes power grid monitoring, management, and optimization more efficient, but at the same time, it also brings challenges related to device access security and data security.

[0003] Current methods for managing gateway device access security on power grid IoT platforms typically rely on static identity authentication and access control, lacking flexible dynamic adjustments and intelligent predictive capabilities. These methods often manage device access through simple identity verification and permission allocation, making it difficult to cope with complex and ever-changing device access needs. Due to the lack of historical data analysis and prediction, future access demands cannot be accurately assessed or potential access bottlenecks identified in a timely manner, leading to low resource allocation efficiency and a tendency for the platform to overload or waste resources. Furthermore, traditional methods often rely on manual or rule-driven approaches to address abnormal device behavior, lacking real-time monitoring and intelligent anomaly detection. This results in delayed responses to security vulnerabilities, potentially significantly impacting platform stability and business continuity. Summary of the Invention

[0004] To improve existing systems and methods, this paper provides a security management system and method for gateway devices access to a power grid Internet of Things (IoT) platform. This method achieves secure access management of the power grid IoT platform through two-way authentication, hierarchical permission model, and LSTM prediction, optimizes resource allocation, effectively responds to sudden traffic and abnormal behavior, and improves the platform's security and efficiency.

[0005] To achieve the above objectives, the technical solution adopted by the present invention is as follows:

[0006] A method for security management and control of gateway devices accessing a power grid Internet of Things (IoT) platform includes:

[0007] The gateway device to be connected submits its unique identifier and hardware feature code to the IoT platform to generate a unique digital certificate that binds the device's identity.

[0008] When a device connects, the gateway and the device perform two-way authentication based on digital certificates. After successful authentication, the gateway obtains the service type and operation instructions requested by the device.

[0009] Based on device type and access business data, a hierarchical permission model is used to divide the operation permission levels of devices, add hierarchical tags, and perform secure encapsulation of real-time business data.

[0010] Based on historical gateway device access data, train an LSTM neural network model to build a gateway device access prediction model. Input real-time access data into the prediction model and output the number of devices accessing each permission level and the distribution of service types in the future time period.

[0011] Based on the number of devices accessed and the distribution of service types at each level, the allocation ratio of physical interface resources corresponding to each permission level is dynamically adjusted to meet the access needs of different levels of services.

[0012] When the IoT platform detects abnormal device behavior, it extracts the unique identifier and hardware feature code of the abnormal device to locate the device and triggers a forced session reset or access suspension operation.

[0013] Preferably, the step of submitting the device's unique identifier and hardware feature code to the IoT platform to generate a unique digital certificate binding the device's identity specifically includes:

[0014] Obtain the serial number or MAC address of the gateway device to be connected as a unique identifier, package it with the device hardware feature code into request data and send the request to the IoT platform.

[0015] After receiving a device request, the IoT platform verifies the validity of the device's unique identifier and hardware signature.

[0016] Based on the approved devices, the IoT platform generates a unique digital certificate to identify the device and stores it locally on the device.

[0017] Preferably, when the device connects, the gateway and the device perform two-way authentication based on digital certificates. After successful authentication, the gateway obtains the service type and operation instructions requested by the device, specifically including:

[0018] The access device sends the obtained digital certificate to the gateway for authentication. The gateway verifies the validity period of the digital certificate, the issuing authority, and the consistency of the device identifier.

[0019] The device verifies the validity and trustworthiness of the certificate based on the digital certificate provided by the gateway;

[0020] After the gateway and device have mutually verified their identities and completed two-way authentication, the device sends a request, and the gateway parses the request to identify the specific service type and operation instructions requested by the device.

[0021] Preferably, the step of dividing operation permission levels for devices based on device type and access service data through a hierarchical permission model, adding hierarchical tags, and securely encapsulating real-time service data specifically includes:

[0022] The devices are classified based on their functions and characteristics, and the data is divided into different types based on the business operations involved in the devices.

[0023] Based on device type and access services, a hierarchical permission model is constructed, which includes at least three permission levels: device control layer, data acquisition layer, and system management layer.

[0024] Add labels to each permission level;

[0025] Based on business needs and data sensitivity, real-time business data is securely encapsulated and encrypted.

[0026] Preferably, the step of training an LSTM neural network model based on historical gateway device access data to construct a gateway device access prediction model, inputting real-time access data into the prediction model, and outputting the distribution of device access quantity and service type at each permission level within a future time period specifically includes:

[0027] Obtain historical gateway device access data and extract features from the preprocessed data;

[0028] Historical data is divided into training and validation sets. The model is trained based on the LSTM neural network model to build a gateway device access prediction model.

[0029] Based on the trained gateway device access prediction model, real-time access data is input into the prediction model to obtain the distribution data of device access quantity and service type at each permission level within the future time period predicted by the model.

[0030] Preferably, the step of dynamically adjusting the physical interface resource allocation ratio corresponding to each permission level based on the obtained distribution of device access quantity and service type at each level to meet the service access needs of different levels specifically includes:

[0031] Based on the predicted number of devices connected and the distribution of service types at each level, the resource requirements of each level are assessed and the resource load of each level is calculated.

[0032] Based on the resource requirements and resource load of each level, allocate a proportion for each level and allocate physical interface resources.

[0033] Based on the actual number of devices connected and the distribution of service types at each level, the allocation ratio of physical interface resources is dynamically adjusted in real time.

[0034] For high-priority services, allocate high-priority resources; for low-priority services, adopt a strategy of rate limiting or appropriate resource allocation.

[0035] By reserving 5% of physical interface resources as redundant resources, we can cope with sudden surges in device access or sudden changes in business needs.

[0036] Preferably, when the IoT platform detects abnormal device behavior, extracting the unique identifier and hardware feature code of the abnormal device for device location, and triggering a forced session reset or access suspension operation specifically includes:

[0037] Real-time monitoring of device sensor data, operation logs, and communication behavior data to determine if device behavior is abnormal;

[0038] In case of abnormal detection, the abnormal device is identified by extracting the device's unique identifier and hardware feature code, and the device is located.

[0039] Based on the location of the abnormal device, the level of abnormality is determined. For low-risk abnormalities, a forced session reset is triggered. For high-risk abnormalities, the device access is suspended, and all communication and data exchange between the device and the IoT platform are stopped.

[0040] Furthermore, a security management and control system for gateway devices accessing a power grid Internet of Things platform is proposed, comprising:

[0041] Device authentication module: The device authentication module is responsible for receiving the device's unique identifier and hardware feature code, and performing two-way authentication through digital certificates to ensure the legitimacy of the access device's identity;

[0042] Access Request Parsing Module: The access request parsing module parses authenticated device requests, identifies the service type and operation instructions of the device requests, and processes them according to the permission model;

[0043] Permission hierarchy module: The permission hierarchy module constructs a hierarchical permission model based on device type and business requirements, assigns different operation permissions to devices, and ensures the secure encapsulation and encryption of real-time business data;

[0044] Access data prediction module: The access data prediction module uses historical gateway device access data to train an LSTM neural network model to predict the number of devices accessing each permission level and the distribution of service types in the future;

[0045] Resource allocation and scheduling module: The resource allocation and scheduling module dynamically adjusts the allocation ratio of physical interface resources based on the predicted access data, and responds to sudden surges in device access volume;

[0046] Anomaly Detection Module: The anomaly detection module is used to monitor the sensor data, operation logs and communication behavior of the device in real time, detect and locate abnormal devices, and trigger forced session reset or suspension of access operation to ensure platform security.

[0047] Processor: The processor is used to handle the calculation process of each formula and the construction calculation process of each model.

[0048] Compared with the prior art, the advantages of the present invention are:

[0049] A two-way authentication mechanism ensures the legitimacy and security of devices, preventing unauthorized access. Secondly, the hierarchical permission model allows for refined resource allocation and management for different devices based on business needs and permissions, improving platform resource utilization efficiency. Furthermore, historical data analysis and prediction using an LSTM neural network model allows for real-time monitoring of access at each permission level, enabling advance estimation of access demands and providing a scientific basis for platform resource scheduling. Especially in handling emergencies, dynamic adjustment of access traffic and reservation of redundant resources ensure platform stability and business continuity. Finally, the abnormal behavior detection system, by monitoring device operating status in real time, can quickly locate and handle potential security threats, effectively guaranteeing the platform's security and reliability. Attached Figure Description

[0050] Figure 1 This is a schematic diagram of the method proposed in this invention;

[0051] Figure 2 This invention provides a schematic diagram for generating a unique digital certificate;

[0052] Figure 3 This is a schematic diagram of the two-way identity authentication proposed in this invention;

[0053] Figure 4 This is a schematic diagram illustrating the hierarchical division of operation permissions proposed in this invention;

[0054] Figure 5 This is a schematic diagram illustrating the distribution of the predicted number of connected devices and service types proposed in this invention;

[0055] Figure 6 This is a schematic diagram of the dynamic resource adjustment proposed in this invention;

[0056] Figure 7 This is a schematic diagram of an abnormality in the processing equipment proposed in this invention. Detailed Implementation

[0057] The following description is intended to disclose the invention and enable those skilled in the art to implement it. The preferred embodiments described below are merely examples, and other obvious variations will occur to those skilled in the art.

[0058] A power grid Internet of Things (IoT) platform gateway device access security management system includes:

[0059] Device authentication module: The device authentication module is responsible for receiving the device's unique identifier and hardware feature code, and performing two-way authentication through digital certificates to ensure the legitimacy of the access device's identity;

[0060] Access Request Parsing Module: The access request parsing module parses authenticated device requests, identifies the service type and operation instructions of the device requests, and processes them according to the permission model;

[0061] Permission hierarchy module: The permission hierarchy module constructs a hierarchical permission model based on device type and business requirements, assigns different operation permissions to devices, and ensures the secure encapsulation and encryption of real-time business data;

[0062] Access data prediction module: The access data prediction module uses historical gateway device access data to train an LSTM neural network model to predict the number of devices accessing each permission level and the distribution of service types in the future;

[0063] Resource allocation and scheduling module: The resource allocation and scheduling module dynamically adjusts the allocation ratio of physical interface resources based on the predicted access data, and responds to sudden surges in device access volume;

[0064] Anomaly Detection Module: The anomaly detection module is used to monitor the sensor data, operation logs and communication behavior of the device in real time, detect and locate abnormal devices, and trigger forced session reset or suspension of access operation to ensure platform security.

[0065] Processor: The processor is used to handle the calculation process of each formula and the construction calculation process of each model.

[0066] See Figure 1 As shown, a method for security management and control of gateway devices access to a power grid Internet of Things platform includes:

[0067] Step 1: Submit the unique identifier and hardware feature code of the gateway device to be connected to the IoT platform to generate a unique digital certificate that binds the device's identity.

[0068] Step 2: When a device connects, the gateway and the device perform two-way authentication based on digital certificates. After successful authentication, the gateway obtains the service type and operation instructions requested by the device.

[0069] Step 3: Based on device type and access business data, divide the operation permission levels of the device through a hierarchical permission model, add hierarchical tags, and perform secure encapsulation of real-time business data;

[0070] Step 4: Train an LSTM neural network model based on historical gateway device access data, build a gateway device access prediction model, input real-time access data into the prediction model, and output the number of devices accessing each permission level and the distribution of service types in the future time period.

[0071] Step 5: Based on the obtained number of devices accessing each level and the distribution of service types, dynamically adjust the allocation ratio of physical interface resources corresponding to each permission level to meet the access needs of different levels of services.

[0072] Step Six: When the IoT platform detects abnormal device behavior, it extracts the unique identifier and hardware feature code of the abnormal device to locate the device and triggers a forced session reset or access suspension operation.

[0073] See Figure 2 As shown, the process of submitting the device's unique identifier and hardware feature code to the IoT platform to generate a unique digital certificate binding the device's identity specifically includes:

[0074] Obtain the serial number or MAC address of the gateway device to be connected as a unique identifier, package it with the device hardware feature code into request data and send the request to the IoT platform.

[0075] After receiving a device request, the IoT platform verifies the validity of the device's unique identifier and hardware signature.

[0076] Based on the approved devices, the IoT platform generates a unique digital certificate to identify the device and stores it locally on the device.

[0077] Specifically, the device hardware signature is a unique feature of the device hardware. It is a hash value generated by the device's hardware components, including processor model, memory size, and storage type. The device hardware information is processed by a hash algorithm to obtain a fixed-length signature.

[0078] The device's unique identifier and hardware signature are packaged into request data and sent to the IoT platform for verification. The platform queries the database based on the received ID to confirm whether the device is legitimate, and recalculates the device's hardware signature, comparing it with the signature sent by the device.

[0079] Once verification is successful, the IoT platform will generate a unique digital certificate for the device. The digital certificate includes information such as the device's ID, hardware signature, and public key, and will be stored locally on the device.

[0080] See Figure 3 As shown, when a device connects, the gateway and the device perform two-way authentication based on digital certificates. After successful authentication, the gateway obtains the service type and operation instructions requested by the device, specifically including:

[0081] The access device sends the obtained digital certificate to the gateway for authentication. The gateway verifies the validity period of the digital certificate, the issuing authority, and the consistency of the device identifier.

[0082] The device verifies the validity and trustworthiness of the certificate based on the digital certificate provided by the gateway;

[0083] After the gateway and device have mutually verified their identities and completed two-way authentication, the device sends a request, and the gateway parses the request to identify the specific service type and operation instructions requested by the device.

[0084] Specifically, after receiving the device's digital certificate, the gateway verifies the validity period of the digital certificate, verifies the validity of the certificate authority, and verifies the consistency between the device identifier and the hardware signature.

[0085] After receiving the gateway's certificate, the device verifies the certificate's public key, extracts the public key from the gateway's certificate, and verifies its validity.

[0086] Once both the device and the gateway have successfully authenticated themselves, the two-way authentication is complete. The device then sends a service request to the gateway. Upon receiving the request, the gateway first decrypts the request content and then identifies the specific service type and operation instructions requested by the device.

[0087] See Figure 4 As shown, based on device type and access service data, a hierarchical permission model is used to divide the operation permission levels for devices, add hierarchical tags, and perform secure encapsulation of real-time service data, specifically including:

[0088] The devices are classified based on their functions and characteristics, and the data is divided into different types based on the business operations involved in the devices.

[0089] Based on device type and access services, a hierarchical permission model is constructed, which includes at least three permission levels: device control layer, data acquisition layer, and system management layer.

[0090] Add labels to each permission level;

[0091] Based on business needs and data sensitivity, real-time business data is securely encapsulated and encrypted.

[0092] Specifically, equipment is classified according to its function and characteristics. Equipment can be divided into multiple categories, including control equipment, data acquisition equipment, communication equipment, and management equipment. Data is also classified according to the specific business operations involved, including real-time data, control commands, log data, and configuration data.

[0093] Based on device type and business needs, a hierarchical permission model is constructed to ensure that each device or user can only perform operations within its authorized scope. The device control layer allows users or the system to control the status of the device, the data acquisition layer allows users or the system to access the data collected by the device, and the system management layer allows management operations such as configuration, update, and maintenance of the device.

[0094] Each permission level is labeled according to the permission requirements of the actual operation, so that the system can easily identify and manage permissions at each level.

[0095] Based on business needs and data sensitivity, real-time business data is securely encapsulated and encrypted to ensure the confidentiality, integrity, and availability of data transmission and storage. The encryption method can be selected according to the data type and business needs, such as using symmetric encryption for sensitive data and public key encryption for transmitted data.

[0096] See Figure 5 As shown, an LSTM neural network model is trained based on historical gateway device access data to construct a gateway device access prediction model. Real-time access data is input into the prediction model, and the output includes the distribution of device access quantity and service type at each permission level in the future time period.

[0097] Obtain historical gateway device access data and extract features from the preprocessed data;

[0098] Historical data is divided into training and validation sets. The model is trained based on the LSTM neural network model to build a gateway device access prediction model.

[0099] Based on the trained gateway device access prediction model, real-time access data is input into the prediction model to obtain the distribution data of device access quantity and service type at each permission level within the future time period predicted by the model.

[0100] Specifically, access data is collected from the gateway device, including device ID, access time, permission level, and service type. The data is then normalized or standardized to ensure that all features are at the same level, and feature extraction is performed.

[0101] Historical data is divided into training and validation sets, with 70% used as the training set and 30% as the validation set. By training the LSTM model, a model that can predict future device access is obtained. During the training process, the weights of the LSTM network are continuously adjusted to minimize the prediction error.

[0102] Real-time access data is input into a trained LSTM model. The input layer takes historical data from each time step and inputs it into the network. The LSTM layer learns the long-term dependencies of the time series. The output layer obtains predictions of future access volume and service types. Based on the prediction of access volume, the distribution of different service types is further predicted.

[0103] See Figure 6 As shown, based on the obtained distribution of device access numbers and service types at each level, the allocation ratio of physical interface resources corresponding to each permission level is dynamically adjusted to meet the access needs of different service levels. Specifically, this includes:

[0104] Based on the predicted number of devices connected and the distribution of service types at each level, the resource requirements of each level are assessed and the resource load of each level is calculated.

[0105] Based on the resource requirements and resource load of each level, allocate a proportion for each level and allocate physical interface resources.

[0106] Based on the actual number of devices connected and the distribution of service types at each level, the allocation ratio of physical interface resources is dynamically adjusted in real time.

[0107] For high-priority services, allocate high-priority resources; for low-priority services, adopt a strategy of rate limiting or appropriate resource allocation.

[0108] By reserving 5% of physical interface resources as redundant resources, we can cope with sudden surges in device access or sudden changes in business needs.

[0109] Specifically, resource requirements and load are assessed based on the number of devices connected at each level and the distribution of service types. Each device consumes a certain amount of resources upon connection, and different service types have different resource requirements. The resource requirement formula is as follows:

[0110]

[0111] in, For the total resource requirements of level i, Let j be the number of devices of type j accessed at level i. Let j be the resource requirement of the j-th type of device. For general types;

[0112] The formula for calculating resource load is:

[0113]

[0114] in, For the resource load of level i, Let be the total resource capacity of the i-th level;

[0115] Based on the resource requirements and load of each tier, calculate the resource allocation ratio for each tier using the following formula:

[0116]

[0117] in, Let i be the resource allocation ratio for the i-th level. The total number across all levels;

[0118] The number of devices connected and the distribution of service types at each level will change over time. The resource allocation ratio is adjusted based on real-time data. For high-priority services, it is necessary to ensure that their resources are allocated first. For low-priority services, a rate limiting strategy can be adopted.

[0119] To cope with sudden surges in traffic or sudden changes in business demand, a certain percentage of resources should be reserved as redundancy. The reserved resources should be set at 5% of the total resources. By reserving redundant resources, we can cope with sudden situations, such as a sudden surge in the number of devices accessing the network or a sudden change in business demand.

[0120] See Figure 7 As shown, when the IoT platform detects abnormal device behavior, it extracts the unique identifier and hardware feature code of the abnormal device for device location, triggering a forced session reset or access suspension operation, specifically including:

[0121] Real-time monitoring of device sensor data, operation logs, and communication behavior data to determine if device behavior is abnormal;

[0122] In case of abnormal detection, the abnormal device is identified by extracting the device's unique identifier and hardware feature code, and the device is located.

[0123] Based on the location of the abnormal device, the level of abnormality is determined. For low-risk abnormalities, a forced session reset is triggered. For high-risk abnormalities, the device access is suspended, and all communication and data exchange between the device and the IoT platform are stopped.

[0124] Specifically, the system acquires sensor data, operation logs, and communication behavior data from the device in real time to determine if there is any abnormal behavior. Once abnormal behavior is detected, the system identifies the abnormal device by extracting its unique identifier and hardware signature.

[0125] Based on the identified abnormal device, the system locates the device and determines the danger level according to the severity of the abnormality. For low-risk abnormalities, the system actively triggers a session reset to reinitialize the device connection. For high-risk abnormalities, the system needs to suspend the device access operation and stop the device's communication and data exchange with the IoT platform.

[0126] It should be noted that the order of the above embodiments of the present invention is merely for descriptive purposes and does not represent the superiority or inferiority of the embodiments. Furthermore, the above description focuses on specific embodiments of this specification. Additionally, the processes depicted in the accompanying drawings do not necessarily require a specific or sequential order to achieve the desired results. In some embodiments, multitasking and parallel processing are possible or may be advantageous.

[0127] The various embodiments in this specification are described in a progressive manner. The same or similar parts between the various embodiments can be referred to each other. Each embodiment focuses on describing the differences from other embodiments.

[0128] The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention. Any modifications, equivalent substitutions, improvements, etc., made within the principles of the present invention should be included within the protection scope of the present invention.

Claims

1. A method for secure access control of gateway devices in a power grid Internet of Things (IoT) platform, characterized in that, include: The gateway device to be connected submits its unique identifier and hardware feature code to the IoT platform to generate a unique digital certificate that binds the device's identity. When a device connects, the gateway and the device perform two-way authentication based on digital certificates. After successful authentication, the gateway obtains the service type and operation instructions requested by the device. Based on device type and access business data, a hierarchical permission model is used to divide the operation permission levels of devices, add hierarchical tags, and perform secure encapsulation of real-time business data. Based on historical gateway device access data, train an LSTM neural network model to build a gateway device access prediction model. Input real-time access data into the prediction model and output the number of devices accessing each permission level and the distribution of service types in the future time period. Based on the predicted number of devices connected and the distribution of service types at each level, the resource requirements of each level are assessed and the resource load of each level is calculated. Based on the resource requirements and resource load of each level, allocate a proportion for each level and allocate physical interface resources. Based on the actual number of devices connected and the distribution of service types at each level, the allocation ratio of physical interface resources is dynamically adjusted in real time. For high-priority services, allocate high-priority resources; for low-priority services, adopt a strategy of rate limiting or appropriate resource allocation. By reserving 5% of physical interface resources as redundant resources, we can cope with sudden surges in device access or sudden changes in business needs. When the IoT platform detects abnormal device behavior, it extracts the unique identifier and hardware feature code of the abnormal device to locate the device and triggers a forced session reset or access suspension operation.

2. The method for secure access control of gateway devices in a power grid Internet of Things platform according to claim 1, characterized in that, The step of submitting the device's unique identifier and hardware feature code to the IoT platform to generate a unique digital certificate binding the device's identity specifically includes: Obtain the serial number or MAC address of the gateway device to be connected as a unique identifier, package it with the device hardware feature code into request data and send the request to the IoT platform. After receiving a device request, the IoT platform verifies the validity of the device's unique identifier and hardware signature. Based on the approved devices, the IoT platform generates a unique digital certificate to identify the device and stores it locally on the device.

3. The method for secure access control of gateway devices in a power grid Internet of Things platform according to claim 1, characterized in that, When the device connects, the gateway and the device perform two-way authentication based on digital certificates. After successful authentication, the gateway obtains the service type and operation instructions requested by the device, specifically including: The access device sends the obtained digital certificate to the gateway for authentication. The gateway verifies the validity period of the digital certificate, the issuing authority, and the consistency of the device identifier. The device verifies the validity and trustworthiness of the certificate based on the digital certificate provided by the gateway; After the gateway and device have mutually verified their identities and completed two-way authentication, the device sends a request, and the gateway parses the request to identify the specific service type and operation instructions requested by the device.

4. The method for secure access control of gateway devices in a power grid Internet of Things platform according to claim 1, characterized in that, The process of dividing operation permission levels for devices based on device type and access service data, adding level tags, and securely encapsulating real-time service data specifically includes: The devices are classified based on their functions and characteristics, and the data is divided into different types based on the business operations involved in the devices. Based on device type and access services, a hierarchical permission model is constructed, which includes at least three permission levels: device control layer, data acquisition layer, and system management layer. Add labels to each permission level; Based on business needs and data sensitivity, real-time business data is securely encapsulated and encrypted.

5. The method for secure access control of gateway devices in a power grid Internet of Things platform according to claim 1, characterized in that, The process of training an LSTM neural network model based on historical gateway device access data to construct a gateway device access prediction model, inputting real-time access data into the prediction model, and outputting the distribution of device access quantity and service type at each permission level within a future time period specifically includes: Obtain historical gateway device access data and extract features from the preprocessed data; Historical data is divided into training and validation sets. The model is trained based on the LSTM neural network model to build a gateway device access prediction model. Based on the trained gateway device access prediction model, real-time access data is input into the prediction model to obtain the distribution data of device access quantity and service type at each permission level within the future time period predicted by the model.

6. The method for secure access control of gateway devices in a power grid Internet of Things platform according to claim 1, characterized in that, When the IoT platform detects abnormal device behavior, extracting the unique identifier and hardware feature code of the abnormal device for device location, and triggering a forced session reset or access suspension operation specifically includes: Real-time monitoring of device sensor data, operation logs, and communication behavior data to determine if device behavior is abnormal; In case of abnormal detection, the abnormal device is identified by extracting the device's unique identifier and hardware feature code, and the device is located. Based on the location of the abnormal device, the level of abnormality is determined. For low-risk abnormalities, a forced session reset is triggered. For high-risk abnormalities, the device access is suspended, and all communication and data exchange between the device and the IoT platform are stopped.

7. A power grid Internet of Things (IoT) platform gateway device access security management system, used to implement the power grid IoT platform gateway device access security management method as described in any one of claims 1-6, characterized in that, include: Device authentication module: The device authentication module is responsible for receiving the device's unique identifier and hardware feature code, and performing two-way authentication through digital certificates to ensure the legitimacy of the access device's identity; Access Request Parsing Module: The access request parsing module parses authenticated device requests, identifies the service type and operation instructions of the device requests, and processes them according to the permission model; Permission hierarchy module: The permission hierarchy module constructs a hierarchical permission model based on device type and business requirements, assigns different operation permissions to devices, and ensures the secure encapsulation and encryption of real-time business data; Access data prediction module: The access data prediction module uses historical gateway device access data to train an LSTM neural network model to predict the number of devices accessing each permission level and the distribution of service types in the future; Resource allocation and scheduling module: The resource allocation and scheduling module dynamically adjusts the allocation ratio of physical interface resources based on the predicted access data, and responds to sudden surges in device access volume; Anomaly Detection Module: The anomaly detection module is used to monitor the sensor data, operation logs and communication behavior of the device in real time, detect and locate abnormal devices, and trigger forced session reset or suspension of access operation to ensure platform security. Processor: The processor is used to handle the calculation process of each formula and the construction calculation process of each model.