A method and system for managing the identity of smart grid devices based on real-world assets

By deploying sensors and edge computing nodes in smart grid equipment to assess asset value, generating verifiable credentials and storing them on the blockchain, the problem of the separation between equipment identity and assets in new power systems is solved, achieving efficient and secure identity management and asset liquidity, and supporting full lifecycle management.

CN122160049APending Publication Date: 2026-06-05GUANGZHOU UNIVERSITY

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GUANGZHOU UNIVERSITY
Filing Date
2026-03-16
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

In new power systems, traditional centralized CA authentication systems have single-point failure risks, resource-constrained equipment cannot directly run complex encryption algorithms, identity and assets are separated, verification efficiency is low and privacy leakage risks are high. Existing blockchain solutions have failed to effectively solve the problems of identity credibility, asset liquidity and data security.

Method used

By deploying sensors on smart grid devices to collect data, edge computing nodes verify and evaluate the value of real-world assets, generate verifiable credentials, and register and store them using a blockchain network, a layered architecture and dual-signature mechanism are adopted to ensure data security, thus achieving a deep and trustworthy integration of device identity and asset value.

Benefits of technology

It achieves deep and trusted integration of device identity and assets, improves verification efficiency and system scalability, enhances data security, and supports automated management of assets throughout their entire lifecycle.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122160049A_ABST
    Figure CN122160049A_ABST
Patent Text Reader

Abstract

The application discloses a kind of intelligent power grid equipment identity management method and system based on real world asset, comprising: through device sensor acquisition and signature encryption operating parameter, send to edge computing node;Node verifies signature and fuses oracle external data, calculates the real world asset value of equipment through dynamic evaluation model;Generate verifiable credentials containing device DID and asset fingerprint;Identity document is submitted to block chain identity registration contract and is stored;Listen to contract event, build / update merkle tree and its root hash is synchronized to the verification contract of verification block chain;When responding to access request, generate the merkle proof of target equipment based on root hash and return credentials.The application realizes the strong binding of the physical identity of equipment and dynamic economic value, solves the problems of centralized single point failure, low verification efficiency and privacy leakage, and improves the identity credibility, asset liquidity and audit efficiency of new subject equipment in intelligent power grid.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of distributed digital identity management technology, and particularly relates to a method and system for managing the identity of smart grid equipment based on real-world assets. Background Technology

[0002] Against the backdrop of new power system construction, the large-scale integration of new main equipment such as distributed photovoltaics, energy storage devices, and charging piles into the distribution network is driving the transformation of the distribution network from a traditional single-source radial structure to a dynamic network with multi-source and multi-directional power flow. The scale of source-grid-load-storage coordinated control is expanding exponentially. This structural change presents a dual challenge to the identity authentication and asset value management of these new entities. At the identity management level, traditional centralized CA (Certificate Authority) authentication systems suffer from single-point-of-failure risks: if the CA server is attacked or crashes, the entire system's identity authentication service will be paralyzed, making it difficult to meet high availability requirements. Simultaneously, such devices typically have limited computing and storage resources, making it impossible to directly run complex encryption algorithms. Furthermore, existing distributed digital identity (DID) systems are mostly designed for high-computing-power terminals and are not adapted to the lightweight authentication needs of resource-constrained devices.

[0003] In terms of asset value management, the assessment and on-chain notarization of real-world assets (RWAs) are becoming key directions for digital transformation. New entities such as distributed photovoltaic systems, charging piles, and energy storage devices possess clear physical attributes (e.g., equipment model, operating time, number of charge / discharge cycles) and economic value (e.g., power generation revenue, carbon credits). However, current technologies lack an effective mechanism to bind the physical device's identity to its RWA value. Traditional asset valuation relies on manual review and centralized database storage, which carries the risk of data tampering, and the valuation results cannot be updated in real time, making it difficult to reflect value fluctuations caused by dynamic depreciation or policy changes.

[0004] Current solutions attempting to incorporate blockchain still have significant shortcomings:

[0005] 1. Separation of Identity and Assets: Traditional asset management often relies on physical registration certificates, which are susceptible to loss, theft, or damage. Furthermore, most systems only implement the single function of device DID registration or asset information on-chain, failing to establish a cryptographic binding relationship between identity identifiers and RWA data, resulting in a broken asset ownership verification chain.

[0006] 2. Low verification efficiency: Resource-constrained devices need to perform complete Merkle proof verification through cloud smart contracts, with a latency of over 200ms, which cannot meet the real-time control requirements of the edge side.

[0007] 3. Privacy risk: RWA assessment reports are usually stored on the blockchain in plain text. Attackers can use data analysis to infer the device's operating status and trade secrets.

[0008] While recent studies have proposed layered authentication architectures, their edge computing layers only handle data forwarding and do not embed RWA evaluation algorithms. Furthermore, although the international standard W3C DID specification supports verifiable credentials (VC), it does not define quantitative mapping rules between device physical status and asset value. Therefore, there is an urgent need for a new system that integrates lightweight DID management, real-time RWA evaluation, and privacy protection to address the collaborative challenges faced by new entities in terms of identity credibility, asset liquidity, and data security. Summary of the Invention

[0009] To address these issues, this invention provides a smart grid device identity management method based on real-world assets, which solves the above problems.

[0010] In a first aspect, the present invention provides a method for managing the identity of smart grid devices based on real-world assets, comprising:

[0011] S1. Data is collected by sensors deployed on smart grid equipment, encrypted, and signed at the source end before being sent to the edge computing node; wherein, the device data includes the device's identity information and the device's real-time operating parameters;

[0012] S2. Verify the source signature at the edge computing node, and integrate external market and environmental data obtained through the oracle to calculate the real-world asset value of the device using a pre-set evaluation model;

[0013] S3. Based on the verified device data and the calculated real-world asset value, generate a data certificate that conforms to the verifiable certificate standard. The data certificate includes a distributed identity identifier for the device and asset fingerprint information associated with the asset value.

[0014] S4. Submit the complete identity document containing the distributed identity identifier of the device and the asset fingerprint information to the identity registration smart contract in the blockchain network for registration and evidence storage.

[0015] S5. Listen for the registration or update event of the identity registration smart contract, construct or update the Merkle tree based on the identity documents of all registered devices, and synchronize the generated Merkle tree root hash value to at least one verification and evidence storage smart contract in the verification blockchain network.

[0016] S6. In response to an access request for the target device, generate a Merkel proof corresponding to the target device based on the current Merkel root hash stored in the verification and evidence storage smart contract, and return the Merkel proof and the data credential associated with the target device.

[0017] Furthermore, the valuation model used to calculate the value of the real-world assets is as follows:

[0018] Asset value = (Base cost × Dynamic weight α) + (Physical condition score × Dynamic weight β) + (Present value of expected returns × Dynamic weight γ) - Risk discount factor;

[0019] The dynamic weights α, β, and γ are automatically calibrated periodically based on real-time external data acquired by the oracle.

[0020] The physical condition score is obtained by analyzing the real-time operating parameters through a time series analysis model; the risk discount factor is calculated based on the frequency of policy changes, the level of meteorological disaster warnings, and the historical maintenance records of the equipment.

[0021] Furthermore, a dual-signature mechanism is used when generating the data credential, including:

[0022] The data packet containing device data and asset value is first signed using the private key of the edge computing node.

[0023] The credential issuing authority uses its private key to perform a second signature on the data packet that already contains the first signature, in order to generate the final data credential.

[0024] Before submitting to the identity registration smart contract, the first signature and the second signature are verified independently.

[0025] Furthermore, the generated data credential is a verifiable credential conforming to the W3C VC-DATA-MODEL standard. The main field of the data credential contains the asset fingerprint information, which is the hash value of the real-world asset and its leaf node position index in the Merkle tree.

[0026] Furthermore, a smart grid device identity management method based on real-world assets also includes:

[0027] When the identity registration smart contract triggers a device identity revocation event, the identifier of the corresponding device is added to the on-chain certificate revocation list, and the Merkle tree is reconstructed.

[0028] Furthermore, a smart grid device identity management method based on real-world assets also includes:

[0029] The value of the real-world assets and their associated metadata are forged into non-fungible tokens on the blockchain through asset digitization smart contracts.

[0030] The metadata of the non-fungible token contains the address of the verification and notarization smart contract or a reference to the latest Merkle root hash.

[0031] Furthermore, the step of responding to an access request for the target device includes:

[0032] The verification and evidence storage smart contract receives an access request containing the distributed identity identifier of the target device;

[0033] Based on the target device's distributed identity identifier, locate its corresponding leaf node data from the current Merkle tree;

[0034] Starting from the leaf node, obtain and assemble the hash path to the root node level by level to generate the Merkel proof;

[0035] The generated Merkel proof is returned along with the verifiable credentials corresponding to the target device obtained from off-chain storage.

[0036] Secondly, the present invention provides a smart grid device identity management system based on real-world assets, comprising:

[0037] The data acquisition and trusted upload module is configured to collect device identity information and real-time operating parameters through sensors deployed on smart grid devices, and send them to the edge computing node after encryption and source signature.

[0038] An edge fusion evaluation module is configured to be deployed on the edge computing node, and is configured to verify the source signature, fuse external market and environmental data obtained through oracles, and calculate the real-world asset value of the device through a pre-set evaluation model;

[0039] The credential generation module is configured to generate a data credential that conforms to the verifiable credential standard based on the verified device data and the calculated asset value. The data credential includes a distributed identity identifier for the device and asset fingerprint information associated with the asset value.

[0040] The identity registration and evidence storage module is configured to submit a complete identity document containing the device's distributed identity identifier and the asset fingerprint information to an identity registration smart contract in the blockchain network for registration and evidence storage.

[0041] The Merkle tree maintenance module is configured to listen for registration or update events of the identity registration smart contract, construct or update the Merkle tree based on the identity documents of all registered devices, and synchronize the generated Merkle tree root hash value to at least one verification and evidence storage smart contract in a verification blockchain network.

[0042] The request response and verification module is configured to respond to access requests for a target device, generate a Merkle proof corresponding to the target device based on the current Merkle root hash stored in the verification and notarization smart contract, and return the Merkle proof and the data credential associated with the target device.

[0043] Thirdly, an electronic device is provided, comprising: at least one processor, and a memory communicatively connected to the at least one processor, wherein the memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to perform the steps of the smart grid device identity management method based on real-world assets according to any embodiment of the present invention.

[0044] Fourthly, the present invention also provides a computer-readable storage medium having a computer program stored thereon, wherein when the program instructions are executed by a processor, the processor performs the steps of the smart grid device identity management method based on real-world assets according to any embodiment of the present invention.

[0045] The smart grid device identity management method and system based on real-world assets proposed in this application have the following specific beneficial effects:

[0046] 1. Achieved deep and trustworthy integration of identity and assets: By embedding dynamic asset value hashes into verifiable credentials and binding them to device DIDs, a cryptographic link between physical devices and their economic value was established, solving the problem of the separation between identity and asset data and laying the foundation for the trustworthy circulation of assets.

[0047] 2. Improved verification efficiency and system scalability: Adopting a layered architecture of "edge evaluation + off-chain evidence storage + on-chain lightweight verification", complex calculations are brought forward, and only the Merkle root hash required for verification is put on the chain, which greatly reduces the on-chain load and the burden on the device side, and meets the needs of real-time management of massive devices.

[0048] 3. Enhanced data security and privacy: End-to-end encryption and dual-signature mechanisms ensure the trustworthiness of the data source; sensitive raw data is not on the blockchain, but is only stored as a hash "fingerprint", which effectively prevents on-chain privacy leakage while ensuring data integrity and verifiability.

[0049] 4. Realizes automated management of the entire asset lifecycle: Through smart contracts, dynamic asset valuation results are automatically mapped to on-chain digital assets (such as NFTs), and operations such as ownership change, status update, and certificate revocation can be automatically triggered, improving management efficiency and business automation level. Attached Figure Description

[0050] To more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the following description of the embodiments will be briefly introduced. Obviously, the drawings described below are some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0051] Figure 1 A flowchart illustrating a smart grid device identity management method based on real-world assets, provided as an embodiment of the present invention;

[0052] Figure 2 This is a module interaction architecture diagram of a smart grid device identity management system based on real-world assets, provided as an embodiment of the present invention.

[0053] Figure 3 This is a schematic diagram of the structure of an electronic device provided in an embodiment of the present invention. Detailed Implementation

[0054] To make the objectives, technical solutions, and advantages of the embodiments of the present invention clearer, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0055] The following combination Figure 1 This document details the specific implementation steps of a preferred embodiment of the present invention. It should be noted that the descriptions in this embodiment are merely examples and do not constitute a sole limitation on the scope of protection of the present invention.

[0056] Example 1: An example of the creation and verification process for a Decentralized Identifier (DID) for a charging pile device A.

[0057] like Figure 1 As shown, the method provided in this embodiment mainly includes the following steps:

[0058] S1. Data is collected by sensors deployed on smart grid equipment, encrypted, and signed at the source end before being sent to the edge computing node; wherein, the device data includes the device's identity information and the device's real-time operating parameters;

[0059] S2. Verify the source signature at the edge computing node, and integrate external market and environmental data obtained through the oracle to calculate the real-world asset value of the device using a pre-set evaluation model;

[0060] S3. Based on the verified device data and the calculated real-world asset value, generate a data certificate that conforms to the verifiable certificate standard. The data certificate includes a distributed identity identifier for the device and asset fingerprint information associated with the asset value.

[0061] S4. Submit the complete identity document containing the distributed identity identifier of the device and the asset fingerprint information to the identity registration smart contract in the blockchain network for registration and evidence storage.

[0062] S5. Listen for the registration or update event of the identity registration smart contract, construct or update the Merkle tree based on the identity documents of all registered devices, and synchronize the generated Merkle tree root hash value to at least one verification and evidence storage smart contract in the verification blockchain network.

[0063] S6. In response to an access request for the target device, generate a Merkel proof corresponding to the target device based on the current Merkel root hash stored in the verification and evidence storage smart contract, and return the Merkel proof and the data credential associated with the target device.

[0064] Step S1 is executed, in which device data is collected by sensors deployed on smart grid equipment, encrypted and signed by the source end, and then sent to the edge computing node; wherein, the device data includes the device's identity information and the device's real-time operating parameters;

[0065] In this embodiment, embedded sensors (such as temperature sensors, voltage / current sensors, counters, etc.) built into new smart grid entities such as distributed photovoltaic inverters, electric vehicle charging piles, or electrochemical energy storage devices (hereinafter collectively referred to as "devices") collect basic identification information (such as device model, manufacturer code, and serial number) and real-time operating parameters of the devices with industrial-grade precision. For charging piles, operating parameters include the number of times the charging head is plugged in and out (error ≤ ±1 times), the operating temperature of core components (error ≤ ±0.5℃), and the cumulative charging amount (error ≤ ±0.1kWh); for photovoltaic inverters, the DC-side input voltage (error ≤ ±0.1V) and daily power generation efficiency (error ≤ ±1%) are monitored. The collected data is first digitally signed (source signature) using the device's private key by the integrated Hardware Security Module (HSM) or Trusted Platform Module (TPM) at the device end, and then encrypted using the AES-256 algorithm. The encrypted data packet is sent to an edge computing node with a relatively short physical distance (e.g., within 5 kilometers) via a low-power wide-area network protocol such as LoRa or NB-IoT.

[0066] Execute step S2, verify the source signature at the edge computing node, and fuse external market and environmental data obtained through the oracle to calculate the real-world asset value of the device through a pre-set evaluation model;

[0067] Specifically, the valuation model used to calculate the value of the real-world assets is as follows:

[0068] Asset value = (Base cost × Dynamic weight α) + (Physical condition score × Dynamic weight β) + (Present value of expected returns × Dynamic weight γ) - Risk discount factor;

[0069] The dynamic weights α, β, and γ are automatically calibrated periodically based on real-time external data acquired by the oracle.

[0070] The physical condition score is obtained by analyzing the real-time operating parameters through a time series analysis model; the risk discount factor is calculated based on the frequency of policy changes, the level of meteorological disaster warnings, and the historical maintenance records of the equipment.

[0071] In this embodiment, after receiving the data packet, the edge fusion evaluation module on the edge computing node first performs AES-256 decryption and verifies the validity of the source signature using a pre-set device whitelist public key. Data that fails verification is discarded and an alarm is triggered. For data that passes verification, the edge fusion evaluation module dynamically obtains external data related to the asset value of the device through a connected trusted oracle network, including but not limited to: real-time market electricity price index, detailed carbon credit subsidy policies issued by the government, and meteorological disaster warning levels (such as typhoons, lightning, and high temperatures) for the area where the device is located.

[0072] Subsequently, the edge fusion evaluation module invokes a pre-built RWA (Real-World Asset) evaluation smart contract or a local evaluation model. The core calculation formula of this model is:

[0073] Asset value = (base cost × dynamic weight α) + (physical condition score × dynamic weight β) + (present value of expected return × dynamic weight γ) - risk discount factor.

[0074] Basic cost: The sum of the purchase price and installation and commissioning costs obtained from the equipment manufacturer's database.

[0075] Physical condition rating: The real-time operating parameters of the equipment (time-series data such as temperature, voltage, number of charge and discharge cycles, etc.) are input into a pre-trained Long Short-Term Memory (LSTM) network model, and the model outputs a 0-100 point score to quantitatively reflect the physical health of the equipment.

[0076] Present value of expected revenue: Based on the remaining lifespan of the equipment, current electricity prices, and subsidy policies, calculate the sum of discounted cash flows of future electricity revenue and carbon credit revenue, with the discount rate referencing the benchmark interest rate published by the central bank.

[0077] Risk discount factor: A comprehensive calculation of three types of risk:

[0078] Policy risk coefficient (assigned a value between 0 and 0.2 based on the annual frequency of changes in local government energy policies);

[0079] Natural disaster coefficient (adjusted between 0 and 0.15 based on the meteorological department's warning level);

[0080] Maintenance cost coefficient (classified between 0 and 0.1 based on the historical average maintenance frequency of this equipment model). Final risk discount = (policy risk coefficient + natural disaster coefficient + maintenance cost coefficient) × total assets × 5%.

[0081] The initial values ​​of the dynamic weights α, β, and γ are set to α=0.3, β=0.4, and γ=0.3, and are automatically calibrated by the oracle every 24 hours based on external factors such as market fluctuations and policy stability.

[0082] After the evaluation is completed, the edge computing node will package the verified raw device data, RWA evaluation results and related timestamps into a standardized JSON data block.

[0083] Execute step S3, based on the verified device data and the calculated real-world asset value, generate a data certificate that conforms to the verifiable certificate standard, the data certificate containing a distributed device identity identifier and asset fingerprint information associated with the asset value;

[0084] Specifically, a dual-signature mechanism is used when generating the data credential, including:

[0085] The data packet containing device data and asset value is first signed using the private key of the edge computing node.

[0086] The credential issuing authority uses its private key to perform a second signature on the data packet that already contains the first signature, in order to generate the final data credential.

[0087] Before submitting to the identity registration smart contract, the first signature and the second signature are verified independently.

[0088] Specifically, the generated data credential is a verifiable credential conforming to the W3C VC-DATA-MODEL standard. The main field of the data credential contains the asset fingerprint information, which is the hash value of the real-world asset and its leaf node position index in the Merkle tree.

[0089] In this embodiment, the credential generation module is typically deployed in a credential management layer (or CA center) with a higher security level. It receives JSON data blocks from edge computing nodes.

[0090] First, the credential generation module uses the public key of the edge computing node to verify whether the data block comes from a legitimate edge node. Then, a dual-signature mechanism is employed:

[0091] First-level signature verification and appending: The credential generation module verifies the device source signature (first-level signature) contained in the data block. After successful verification, the credential generation module uses its own private key (based on the national cryptographic SM2 algorithm or EdDSA algorithm) to perform a second-level signature on the entire data block (including device data, evaluation results, timestamp, and the first-level signature).

[0092] Generate Verifiable Credentials (VC): The credential generation module follows the W3C VC-DATA-MODEL v2.0 international standard to generate structured verifiable credentials. This VC contains the following core fields:

[0093] id: A unique identifier for the credential.

[0094] issuer: The issuer, i.e., the public key address or DID of the credential generation module.

[0095] credentialSubject: The credential body, which contains:

[0096] id: Distributed Identifier (DID) of the device, in the format did:rwa:device type:manufacturer code:serial number (e.g., did:rwa:chargingpile:XYZ:A12345).

[0097] rwaHash: Asset fingerprint information obtained by performing a SHA-256 hash operation on the asset value and related assessment metadata calculated in step S102.

[0098] merkleIndex: A reserved field used to store the index of the leaf node position of the asset fingerprint in the Merkle tree later (initially can be empty).

[0099] The proof field stores information such as the second signature generated by the credential generation module, the signature type, and the verification public key.

[0100] At this point, a trusted digital credential (VC) binding the device's identity and dynamic asset value has been generated.

[0101] In step S4, the complete identity document containing the device's distributed identity identifier and the asset fingerprint information is submitted to the identity registration smart contract in the blockchain network for registration and notarization.

[0102] Specifically, the value of the real-world assets and their associated metadata are forged into non-fungible tokens on the blockchain through asset digitization smart contracts.

[0103] The metadata of the non-fungible token contains the address of the verification and notarization smart contract or a reference to the latest Merkle root hash.

[0104] In this embodiment, the identity registration and notarization module is responsible for formally registering the device identity on the blockchain. It calls the identity registration smart contract deployed on the registration blockchain. This contract provides the registerDID or updateVC function.

[0105] The identity registration and notarization module uses the following information as the basis for transaction invocation of the contract: the device's complete DID document (containing the did:rwa:... identifier and the device's public key), the hash value of the VC generated in step S3, and the second signature from the credential generation module. The identity registration smart contract executes its logic on-chain as follows:

[0106] Verify the validity of the second signature attached to the transaction.

[0107] Once verification is successful, the device's DID document and its associated VC hash value are written into the blockchain's private state database to complete the registration or update.

[0108] Trigger a chaincode event (e.g., DIDUpdated) that contains the registered or updated DID identifier.

[0109] Execute step S5, listen for the registration or update event of the identity registration smart contract, construct or update the Merkle tree based on the identity documents of all registered devices, and synchronize the generated Merkle tree root hash value to at least one verification and evidence storage smart contract in the verification blockchain network.

[0110] Specifically, when the identity registration smart contract triggers a device identity revocation event, the identifier of the corresponding device is added to the on-chain certificate revocation list, and the Merkle tree is reconstructed.

[0111] In this embodiment, the Merkle tree maintenance module, as an off-chain service, continuously listens for the DIDUpdated event emitted by the identity registration smart contract on the registration blockchain.

[0112] Once an event is detected, the Merkle tree maintenance module immediately retrieves the complete DID document (containing basic device information and its latest rwaHash) of all registered devices from the state database of the registered blockchain.

[0113] Subsequently, the Merkle tree maintenance module reconstructs a complete Merkle tree using these DID documents as leaf node data. Each leaf node stores the following data: DID identifier || rwaHash || timestamp. The latest Merkle tree root hash is obtained through recursive calculation (parent node hash = SHA-256(left child node hash || right child node hash)).

[0114] Finally, the Merkle tree maintenance module calls the updateRoot function of the verification and notarization smart contract deployed on the application blockchain, submitting the newly calculated Merkle tree root hash and storing it in the contract's state variable. The old root hash is preserved in the historical record for audit traceability.

[0115] In step S6, in response to an access request for the target device, a Merkel proof corresponding to the target device is generated based on the current Merkel root hash stored in the verification and evidence storage smart contract, and the Merkel proof and the data credential associated with the target device are returned.

[0116] Specifically, the steps in response to an access request for the target device include:

[0117] The verification and evidence storage smart contract receives an access request containing the distributed identity identifier of the target device;

[0118] Based on the target device's distributed identity identifier, locate its corresponding leaf node data from the current Merkle tree;

[0119] Starting from the leaf node, obtain and assemble the hash path to the root node level by level to generate the Merkel proof;

[0120] The generated Merkel proof is returned along with the verifiable credentials corresponding to the target device obtained from off-chain storage.

[0121] In this embodiment, when a user needs to verify the identity and asset status of a target device, they send an access request to the system, which includes the DID of the target device.

[0122] The request-response and verification module (whose logic can be built into the verification and evidence storage smart contract) performs the following operations:

[0123] Upon receiving a request, the verification smart contract first checks the Certificate Revocation List (CRL) maintained on-chain to confirm that the target DID has not been revoked.

[0124] Once the validity is confirmed, the contract locates the leaf node corresponding to the target DID and its index position N in the tree from the current Merkle tree structure maintained by the Merkle tree maintenance module.

[0125] Contract generates Merkel proof: Starting from leaf node N, collect the hash values ​​of all required "sibling nodes" on the path to the root node, forming a hash value array proofPath.

[0126] The contract returns the generated proofPath (Merkel proof) along with the target device's rwaHash, merkleIndex, and the complete verifiable credential (VC) retrieved from off-chain storage (such as IPFS) based on the DID to the requesting user.

[0127] After receiving the response, the user can:

[0128] Use the public key from the credential generation module to verify the validity of the signature in the proof field of VC.

[0129] Using the returned rwaHash, merkleIndex, and proofPath, the Merkle proof calculation is re-executed locally: starting from rwaHash, combined with the sibling node hashes in proofPath, the calculation is performed layer by layer until a calculated root hash is obtained.

[0130] The calculated root hash is compared with the latest Merkle tree root hash retrieved from the verification and evidence storage smart contract. If the two are completely identical, it proves that the device's identity is genuine, its asset value information has not been tampered with, and it has obtained authoritative system certification.

[0131] Example 2: Case study of full lifecycle management of charging pile assets.

[0132] Taking a DC charging pile with model number "FastCharge-100" and serial number "A12345" (hereinafter referred to as "Pile A") as an example, the operation of this system will be explained in detail.

[0133] Network Registration and Initial Assessment: After installation and power-on, pile A's sensors begin operation. Its collected serial number and initial operating parameters are encrypted with an HSM signature and sent to the edge node. The edge node verifies the signature and obtains the local electricity price (0.8 yuan / kWh) and no special disaster warnings via an oracle. The assessment model calculates its initial asset value (e.g., 100,000 yuan) and generates VC. The identity registration contract registers pile A's DID (did:rwa:chargingpile:XYZ:A12345) on the blockchain, triggering a Merkle tree update, and the root hash M1 is synchronized to the verification contract.

[0134] Dynamic Value Update During Operation: Three months later, the edge node monitored that pile A had accumulated 10,000 kWh of charging, and the average temperature of core components was normal. However, the oracle reported that the local electricity price had increased to 1.0 yuan / kWh. The valuation model was recalculated, and the asset value was updated to 105,000 yuan. The credential generation module issued a VC containing the new rwaHash. The identity registration contract updated the DID document, triggering Merkle tree reconstruction, and the new root hash M2 replaced M1.

[0135] Ownership Transfer (NFT Mapping): The owner of stake A decides to sell the asset. The system invokes the asset digitization smart contract to mint the latest RWA valuation result (105,000 RMB) and related proof of stake A into an ERC-721 standard NFT. The NFT's tokenURI points to an IPFS link storing the detailed valuation report, and customFields record the current verification contract address and root hash M2. The buyer and seller complete the on-chain ownership transfer by trading this NFT. The NFT transfer event triggers a callback that automatically updates the owner address field associated with the DID in the identity registration contract.

[0136] Identity Verification and Audit: The buyer (new owner) or regulatory body wants to verify the status of pile A. They initiate a query to the verification contract for DID did:rwa:chargingpile:XYZ:A12345. The contract returns a Merkle proof generated based on the root hash M2, the latest rwaHash, and VC. The verifier can then confirm that the asset information is the latest and trusted version certified by the current system.

[0137] Device Retirement and Identity Revocation: Five years later, stake A reaches the end of its lifespan and is removed. Maintenance personnel, through an authorized account, invoke the `revokeDID` function of the identity registration contract, passing in the DID of stake A. This contract adds stake A's DID to the on-chain CRL and triggers the `DIDUpdated` event. Upon detecting the event, the Merkle tree maintenance module excludes the revoked stake A data when constructing the new tree, generating a new root hash M3. Thereafter, any verification request for stake A's identity will be rejected due to the CRL check failure.

[0138] Please see Figure 2 The diagram illustrates the modular interaction architecture of a smart grid device identity management system based on real-world assets, as described in this application.

[0139] like Figure 2 As shown, the data acquisition and trusted upload module 200 is configured to collect device identity information and real-time operating parameters through sensors deployed on smart grid devices, and send them to the edge computing node after encryption and source signature.

[0140] Edge fusion evaluation module 210 is configured to be deployed on the edge computing node, configured to verify the source signature, and fuse external market and environmental data obtained through oracles, and calculate the real-world asset value of the device through a preset evaluation model;

[0141] The credential generation module 220 is configured to generate a data credential that conforms to the verifiable credential standard based on the verified device data and the calculated asset value. The data credential includes a distributed identity identifier for the device and asset fingerprint information associated with the asset value.

[0142] The identity registration and evidence storage module 230 is configured to submit a complete identity document containing the distributed identity identifier of the device and the asset fingerprint information to the identity registration smart contract in the blockchain network for registration and evidence storage.

[0143] Merkle tree maintenance module 240 is configured to listen for registration or update events of the identity registration smart contract, construct or update the Merkle tree based on the identity documents of all registered devices, and synchronize the generated Merkle tree root hash value to at least one verification and evidence storage smart contract in a verification blockchain network.

[0144] The request response and verification module 250 is configured to respond to an access request for a target device, generate a Merkel proof corresponding to the target device based on the current Merkel root hash stored in the verification and notarization smart contract, and return the Merkel proof and the data credential associated with the target device.

[0145] It should be understood that Figure 2 The modules and references described in the document Figure 1 The steps described in the text correspond to those in the method described above. Therefore, the operations, features, and corresponding technical effects described above also apply to the method described in the text. Figure 2 The various modules in the document will not be described in detail here.

[0146] In other embodiments, the present invention also provides a computer-readable storage medium having a computer program stored thereon, wherein when the program instructions are executed by a processor, the processor performs the smart grid device identity management method based on real-world assets in any of the above method embodiments.

[0147] S1. Data is collected by sensors deployed on smart grid equipment, encrypted, and signed at the source end before being sent to the edge computing node; wherein, the device data includes the device's identity information and the device's real-time operating parameters;

[0148] S2. Verify the source signature at the edge computing node, and integrate external market and environmental data obtained through the oracle to calculate the real-world asset value of the device using a pre-set evaluation model;

[0149] S3. Based on the verified device data and the calculated real-world asset value, generate a data certificate that conforms to the verifiable certificate standard. The data certificate includes a distributed identity identifier for the device and asset fingerprint information associated with the asset value.

[0150] S4. Submit the complete identity document containing the distributed identity identifier of the device and the asset fingerprint information to the identity registration smart contract in the blockchain network for registration and evidence storage.

[0151] S5. Listen for the registration or update event of the identity registration smart contract, construct or update the Merkle tree based on the identity documents of all registered devices, and synchronize the generated Merkle tree root hash value to at least one verification and evidence storage smart contract in the verification blockchain network.

[0152] S6. In response to an access request for the target device, generate a Merkel proof corresponding to the target device based on the current Merkel root hash stored in the verification and evidence storage smart contract, and return the Merkel proof and the data credential associated with the target device.

[0153] Computer-readable storage media may include a stored program area and a stored data area, wherein the stored program area may store an operating system and an application program required for at least one function; the stored data area may store data created based on the use of the real-world asset-based smart grid device identity management system, etc. Furthermore, the computer-readable storage medium may include high-speed random access memory, and may also include memory, such as at least one disk storage device, flash memory device, or other non-volatile solid-state storage device. In some embodiments, the computer-readable storage medium may optionally include memory remotely configured relative to a processor, which can be connected to the real-world asset-based smart grid device identity management system via a network. Examples of such networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.

[0154] Figure 3 This is a schematic diagram of the structure of the electronic device provided in the embodiment of the present invention, such as... Figure 3 As shown, the device includes a processor 310 and a memory 320. The electronic device may also include an input device 330 and an output device 340. The processor 310, memory 320, input device 330, and output device 340 can be connected via a bus or other means. Figure 3Taking a bus connection as an example, the memory 320 is the computer-readable storage medium described above. The processor 310 executes various server functions and data processing by running non-volatile software programs, instructions, and modules stored in the memory 320, thereby implementing the smart grid device identity management method based on real-world assets as described in the above method embodiment. The input device 330 can receive input digital or character information and generate key signal inputs related to user settings and function control of the smart grid device identity management system based on real-world assets. The output device 340 may include a display device such as a screen.

[0155] The aforementioned electronic device can execute the method provided in the embodiments of the present invention, and has the corresponding functional modules and beneficial effects for executing the method. Technical details not described in detail in this embodiment can be found in the method provided in the embodiments of the present invention.

[0156] In one implementation, the aforementioned electronic device is used in a smart grid device identity management system based on real-world assets, serving as a client, and includes: at least one processor; and a memory communicatively connected to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to:

[0157] S1. Data is collected by sensors deployed on smart grid equipment, encrypted, and signed at the source end before being sent to the edge computing node; wherein, the device data includes the device's identity information and the device's real-time operating parameters;

[0158] S2. Verify the source signature at the edge computing node, and integrate external market and environmental data obtained through the oracle to calculate the real-world asset value of the device using a pre-set evaluation model;

[0159] S3. Based on the verified device data and the calculated real-world asset value, generate a data certificate that conforms to the verifiable certificate standard. The data certificate includes a distributed identity identifier for the device and asset fingerprint information associated with the asset value.

[0160] S4. Submit the complete identity document containing the distributed identity identifier of the device and the asset fingerprint information to the identity registration smart contract in the blockchain network for registration and evidence storage.

[0161] S5. Listen for the registration or update event of the identity registration smart contract, construct or update the Merkle tree based on the identity documents of all registered devices, and synchronize the generated Merkle tree root hash value to at least one verification and evidence storage smart contract in the verification blockchain network.

[0162] S6. In response to an access request for the target device, generate a Merkel proof corresponding to the target device based on the current Merkel root hash stored in the verification and evidence storage smart contract, and return the Merkel proof and the data credential associated with the target device.

[0163] Through the above description of the embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by means of software plus necessary general-purpose hardware platforms, and of course, it can also be implemented by hardware. Based on this understanding, the above technical solutions, in essence or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product can be stored in a computer-readable storage medium, such as ROM / RAM, magnetic disk, optical disk, etc., including several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute the methods of various embodiments or some parts of embodiments.

[0164] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, and not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features; and these modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

1. A method for managing the identity of smart grid devices based on real-world assets, characterized in that, include: S1. Data is collected by sensors deployed on smart grid equipment, encrypted, and signed at the source end before being sent to the edge computing node; wherein, the device data includes the device's identity information and the device's real-time operating parameters; S2. Verify the source signature at the edge computing node, and integrate external market and environmental data obtained through the oracle to calculate the real-world asset value of the device using a pre-set evaluation model; S3. Based on the verified device data and the calculated real-world asset value, generate a data certificate that conforms to the verifiable certificate standard. The data certificate includes a distributed identity identifier for the device and asset fingerprint information associated with the asset value. S4. Submit the complete identity document containing the distributed identity identifier of the device and the asset fingerprint information to the identity registration smart contract in the blockchain network for registration and evidence storage. S5. Listen for the registration or update event of the identity registration smart contract, construct or update the Merkle tree based on the identity documents of all registered devices, and synchronize the generated Merkle tree root hash value to at least one verification and evidence storage smart contract in the verification blockchain network. S6. In response to an access request for the target device, generate a Merkel proof corresponding to the target device based on the current Merkel root hash stored in the verification and evidence storage smart contract, and return the Merkel proof and the data credential associated with the target device.

2. The method for smart grid device identity management based on real-world assets according to claim 1, characterized in that, The valuation model used to calculate the value of the real-world assets is as follows: Asset value = (Base cost × Dynamic weight α) + (Physical condition score × Dynamic weight β) + (Present value of expected returns × Dynamic weight γ) - Risk discount factor; The dynamic weights α, β, and γ are automatically calibrated periodically based on real-time external data acquired by the oracle. The physical condition score is obtained by analyzing the real-time operating parameters through a time series analysis model; the risk discount factor is calculated based on the frequency of policy changes, the level of meteorological disaster warnings, and the historical maintenance records of the equipment.

3. The method for smart grid device identity management based on real-world assets according to claim 1, characterized in that, The data credentials are generated using a dual-signature mechanism, including: The data packet containing device data and asset value is first signed using the private key of the edge computing node. The credential issuing authority uses its private key to perform a second signature on the data packet that already contains the first signature, in order to generate the final data credential. Before submitting to the identity registration smart contract, the first signature and the second signature are verified independently.

4. The method for smart grid device identity management based on real-world assets according to claim 3, characterized in that, The generated data credential is a verifiable credential conforming to the W3C VC-DATA-MODEL standard. The main field of the data credential contains the asset fingerprint information, which is the hash value of the real-world asset and its leaf node position index in the Merkle tree.

5. The method for smart grid device identity management based on real-world assets according to claim 1, characterized in that, Also includes: When the identity registration smart contract triggers a device identity revocation event, the identifier of the corresponding device is added to the on-chain certificate revocation list, and the Merkle tree is reconstructed.

6. The method for smart grid device identity management based on real-world assets according to claim 1, characterized in that, Also includes: The value of the real-world assets and their associated metadata are forged into non-fungible tokens on the blockchain through asset digitization smart contracts. The metadata of the non-fungible token contains the address of the verification and notarization smart contract or a reference to the latest Merkle root hash.

7. The method for smart grid device identity management based on real-world assets according to claim 1, characterized in that, The steps in responding to an access request for the target device include: The verification and evidence storage smart contract receives an access request containing the distributed identity identifier of the target device; Based on the target device's distributed identity identifier, locate its corresponding leaf node data from the current Merkle tree; Starting from the leaf node, obtain and assemble the hash path to the root node level by level to generate the Merkel proof; The generated Merkel proof is returned along with the verifiable credentials corresponding to the target device obtained from off-chain storage.

8. A smart grid device identity management system based on real-world assets, characterized in that, include: The data acquisition and trusted upload module is configured to collect device identity information and real-time operating parameters through sensors deployed on smart grid devices, and send them to the edge computing node after encryption and source signature. An edge fusion evaluation module is configured to be deployed on the edge computing node, and is configured to verify the source signature, fuse external market and environmental data obtained through oracles, and calculate the real-world asset value of the device through a pre-set evaluation model; The credential generation module is configured to generate a data credential that conforms to the verifiable credential standard based on the verified device data and the calculated asset value. The data credential includes a distributed identity identifier for the device and asset fingerprint information associated with the asset value. The identity registration and evidence storage module is configured to submit a complete identity document containing the device's distributed identity identifier and the asset fingerprint information to an identity registration smart contract in the blockchain network for registration and evidence storage. The Merkle tree maintenance module is configured to listen for registration or update events of the identity registration smart contract, construct or update the Merkle tree based on the identity documents of all registered devices, and synchronize the generated Merkle tree root hash value to at least one verification and evidence storage smart contract in a verification blockchain network. The request response and verification module is configured to respond to access requests for a target device, generate a Merkle proof corresponding to the target device based on the current Merkle root hash stored in the verification and notarization smart contract, and return the Merkle proof and the data credential associated with the target device.

9. An electronic device, characterized in that, include: At least one processor, and a memory communicatively connected to the at least one processor, wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method according to any one of claims 1 to 7.

10. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the program is executed by the processor, it implements the method according to any one of claims 1 to 7.