A virtual power plant cross-domain authentication method based on PUF and blockchain

By generating a unique identity for terminal devices through PUF, combining DID and VC, and using blockchain to store identity digests, and employing a challenge-response mechanism and dual signature verification, the problem of easy imitation of terminal device identities in multi-domain collaborative environments of virtual power plants is solved, achieving efficient and secure cross-domain authentication.

CN122160067APending Publication Date: 2026-06-05HARBIN INST OF TECH

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
HARBIN INST OF TECH
Filing Date
2026-03-13
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

In a multi-domain collaborative environment of a virtual power plant, traditional centralized certificate authority authentication methods suffer from high trust risks and the ease with which terminal device identities can be counterfeited.

Method used

The system utilizes Physically Unclonable Functions (PUFs) to generate unique identities for terminal devices, implements identity identification through Distributed Identity Identifiers (DIDs) and Verifiable Credentials (VCs), stores identity digests using blockchain, and completes cross-domain identity authentication using a challenge-response mechanism and dual signature verification.

Benefits of technology

It achieves the non-cloning of terminal device identity, improves the efficiency and security of cross-domain authentication, reduces computational overhead, and is suitable for terminal devices with limited computing power.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122160067A_ABST
    Figure CN122160067A_ABST
Patent Text Reader

Abstract

The application discloses a kind of virtual power plant cross-domain authentication methods based on PUF and block chain, the method includes the following steps: step S1, terminal equipment identity registration;Step S2, identity authentication in this domain;Step S3, cross-domain identity authentication.Step S4, authentication result feedback.The application generates the unique identity of terminal equipment using PUF, realizes the unclonable nature of terminal equipment identity;Terminal equipment trusted identity system is constructed by distributed identity label (ID) and verifiable credential (VC);Identity digest is stored using block chain to realize decentralized trust management, and cross-domain identity authentication is completed through challenge-response mechanism and double signature verification, to improve the security and reliability of terminal equipment access in virtual power plant multi-domain collaborative environment.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of power system information security and network identity authentication technology, and relates to a virtual power plant identity authentication method, specifically a virtual power plant cross-domain identity authentication method based on Physical Unclonable Function (PUF) and blockchain. Background Technology

[0002] With the large-scale integration of new energy and distributed energy resources, Virtual Power Plants (VPPs) have become a crucial technology for achieving coordinated scheduling of distributed energy resources. VPPs aggregate resources such as distributed photovoltaics, energy storage systems, electric vehicle charging stations, and controllable loads to achieve coordinated operation of the source-grid-load-storage system. However, in the multi-domain collaborative environment of VPPs, a large number of heterogeneous terminal devices need to access different control platforms across domains, such as aggregator platforms, grid dispatching platforms, and user-side energy management systems. Traditional authentication methods based on centralized certificate authorities suffer from high trust risks and the ease with which terminal device identities can be counterfeited. Summary of the Invention

[0003] The purpose of this invention is to provide a cross-domain authentication method for virtual power plants based on PUF and blockchain, which can be used to achieve trusted identity authentication and secure access for terminal devices in a multi-domain environment. This method utilizes PUF to generate a unique physical identity for the terminal device, implements the terminal device identity identification through Distributed Identity Identifier (DID), uses Verifiable Credentials (VC) as cross-domain identity credentials, and stores identity digests through blockchain to achieve decentralized trust management.

[0004] The objective of this invention is achieved through the following technical solution:

[0005] A cross-domain authentication method for virtual power plants based on PUF and blockchain includes the following steps:

[0006] Step S1: Terminal device identity registration:

[0007] The registration domain control center first challenges the terminal device, then the terminal device uses the PUF module to generate a unique response and construct a distributed identity identifier for the terminal device. The registration domain control center generates verifiable credentials based on the terminal device attributes. The identity digest is then written into the blockchain. The specific steps are as follows:

[0008] Step S101: The terminal device accesses the system and sends an identity registration request to the registration domain control center. The specific steps are as follows:

[0009] Step S10101: When a terminal device first accesses the virtual power plant system, it needs to send an identity registration request to the control center of its registration domain. This request is used to establish a unique identity for the terminal device and complete the initial trust establishment.

[0010] Step S10102: After receiving the identity registration request, the registration domain control center initiates the identity registration process for the terminal device and generates a random challenge value for the subsequent PUF challenge-response authentication.

[0011] Step S102: The registration domain control center sends a random challenge value to the terminal device. , ,in Indicates length is The random number generation function, Indicates the safe length of the random number;

[0012] Step S103: The terminal device receives the challenge value. Then, it uses its internal PUF module to generate a unique response. , ,in This represents a physically unclonable function within the terminal device.

[0013] Step S104: The terminal device generates a key pair based on the PUF response. , ,in This represents the public key of the terminal device. This represents the private key of the terminal device. This indicates the key generation algorithm;

[0014] Step S105: The terminal device combines metadata to generate a distributed identity identifier. , ,in For a safe hash function, This refers to the metadata of the terminal device; ║ indicates a string concatenation operation.

[0015] Step S106: The registration domain control center generates verifiable credentials based on the terminal device attributes. , ,in Indicates the issuer of the certificate. Indicates terminal device , This represents the attribute information of the terminal device. This indicates a signature as proof;

[0016] Step S107: The registration domain control center uses its private key to... Perform digital signature: ,in To register the domain control center private key, For digital signature algorithms, for The hash value of the content, and the final signature, are appended to it. middle;

[0017] Step S108, Documents and The summary is written to the blockchain;

[0018] Step S2, Local Domain Identity Authentication:

[0019] The terminal device initiates an authentication request to the registration domain control center. The registration domain control center sends a challenge value to the terminal device. The terminal device generates a response using PUF and signs the challenge value. The registration domain control center then authenticates the response via on-chain... Public key verification of the signature completes the terminal device authentication process. The specific steps are as follows:

[0020] Step S201: The terminal device initiates a domain authentication request to the registration domain control center, which includes the terminal device's authentication request. In addition to authentication identification information, the authentication request is represented as: Where t represents the current timestamp. After receiving the authentication request, the registration domain control center initiates the challenge-response authentication mechanism to verify the identity of the terminal device by verifying the terminal device's signature;

[0021] Step S202: The registration domain control center generates a new random challenge value. , And send the challenge value to the terminal device;

[0022] Step S203: The terminal device uses the private key Sign the challenge value: The signature result is then sent back to the registration domain control center;

[0023] Step S204: The registration domain control center reads the terminal device through the blockchain network. Documents and extract the public key of the terminal device. The public key is used to verify the signature returned by the terminal device: If the verification is successful, it means that the terminal device holds the correct private key, and thus the authentication is successful.

[0024] Step S3, Cross-domain Identity Authentication:

[0025] Terminal equipment carries An authentication request is sent to the target domain control center, and the target domain obtains the terminal device from the blockchain. and Information, and verified by the terminal device signature and The specific steps for using signatures to achieve cross-domain authentication are as follows:

[0026] Step S301: When a terminal device needs to access resources in another domain, the terminal device sends a cross-domain authentication request to the target domain control center, along with... The request structure, including credentials and signature information, is as follows: ;

[0027] Step S302: Query the target domain from the blockchain. and Information to verify the legitimacy of the terminal device's identity and The effectiveness;

[0028] Step S303, Target Domain Verification Signature and terminal device signature:

[0029] Step S30301, Verification sign: ;

[0030] Step S30302: Verify the terminal device signature: ;

[0031] Step S30303: If both verifications are successful, it means that the terminal device's identity is genuine and trustworthy.

[0032] Step S4, Certification Result Feedback:

[0033] If the verification is successful, the target domain allows the terminal device to access the virtual power plant system resources; if the verification fails, the terminal device's access request is denied.

[0034] Compared with the prior art, the present invention has the following advantages:

[0035] 1. Utilize PUF to generate a unique identity for the terminal device, ensuring that the terminal device identity cannot be cloned;

[0036] 2. Utilize blockchain to store identity digests, achieving decentralized trust management;

[0037] 3. Implement cross-domain identity transfer through VC to improve cross-domain authentication efficiency;

[0038] 4. Adopt a challenge-response mechanism to improve the system's resistance to replay attacks;

[0039] 5. The authentication process has low computational overhead, making it suitable for terminal devices with limited computing power. Attached Figure Description

[0040] Figure 1This is an overall flowchart of a cross-domain authentication method for virtual power plants based on PUF and blockchain.

[0041] Figure 2 This is a flowchart illustrating the cross-domain authentication method for virtual power plants based on PUF and blockchain. Detailed Implementation

[0042] The technical solution of the present invention will be further described below with reference to the accompanying drawings, but it is not limited thereto. Any modifications or equivalent substitutions to the technical solution of the present invention that do not depart from the spirit and scope of the technical solution of the present invention should be covered within the protection scope of the present invention.

[0043] This invention provides a cross-domain authentication method for virtual power plants based on PUF and blockchain. It utilizes PUF to generate a unique identity for terminal devices, achieving the non-cloning nature of terminal device identities; and employs distributed identity identification (…). ) and verifiable credentials ( This involves constructing a trusted identity system for terminal devices; utilizing blockchain to store identity digests for decentralized trust management; and employing a challenge-response mechanism and dual-signature verification to complete cross-domain identity authentication, thereby improving the security and reliability of terminal device access in a multi-domain collaborative environment of a virtual power plant. Figure 1 As shown, the method includes the following steps:

[0044] S1: Terminal device identity registration.

[0045] The registration domain control center first challenges the terminal device, then the terminal device uses the PUF module to generate a unique response and construct a distributed identity identifier for the terminal device. The registration domain control center generates verifiable credentials based on the terminal device attributes. And write the identity digest to the blockchain.

[0046] S2: Local domain authentication.

[0047] The terminal device initiates an authentication request to the registration domain control center. The registration domain control center sends a challenge value to the terminal device. The terminal device generates a response using PUF and signs the challenge value. The registration domain control center then authenticates the response via on-chain... Public key verification of signature completes terminal device identity authentication.

[0048] S3: Cross-domain identity authentication.

[0049] Terminal equipment carries An authentication request is sent to the target domain control center, and the target domain obtains the terminal device from the blockchain. and Information, and verified by the terminal device signature and Signatures enable cross-domain identity authentication.

[0050] S4: Feedback on certification results.

[0051] If the verification is successful, the target domain allows the terminal device to access system resources; if the verification fails, the access request is denied.

[0052] like Figure 2 As shown, the specific implementation steps are as follows:

[0053] S1: The terminal device accesses the system and sends an identity registration request to the registration domain control center.

[0054] When a terminal device first connects to the virtual power plant system, it needs to send an identity registration request to its respective registration domain control center. This request is used to establish a unique identity for the terminal device and complete the initial trust establishment. The registration request sent by the terminal device contains basic information about the terminal device, such as the terminal device type, manufacturer identifier, and metadata such as timestamps. After receiving the request, the registration domain control center initiates the identity registration process for the terminal device and generates a random challenge value for subsequent PUF challenge-response authentication.

[0055] S2: The registration domain control center sends a random challenge value to the terminal device. .

[0056] Registered domain control center generates random challenge values The challenge value is then sent to the terminal device. This challenge value is used to activate the PUF module within the terminal device and to prevent replay attacks. The challenge value is typically generated by a secure random function. .in Indicates length is The random number generation function, Indicates the safe length of the random number. This challenge value is only valid within the current authentication session.

[0057] S3: The terminal device uses the PUF module to generate a unique response. .

[0058] The terminal device received the challenge value. Then, it uses its internal Physically Unclonable Function (PUF) module to generate a unique response. The PUF response is determined by microscopic physical differences in the chip manufacturing process, and therefore possesses uniqueness and cannot be replicated. The PUF response generation process can be represented as: .in This represents a physically unclonable function within the terminal device. This is the unique response from the terminal device. This response serves as the basis for subsequent identity and key generation by the terminal device.

[0059] S4: The terminal device generates a key pair based on the PUF response. .

[0060] Response generated by terminal device using PUF As an entropy source, asymmetric key pairs are generated through a key generation function: .in This represents the public key of the terminal device. This represents the private key of the terminal device. This indicates the key generation algorithm. This key pair is used for subsequent authentication and digital signatures by the terminal device.

[0061] S5: Terminal devices combine metadata to generate distributed identity identifiers. .

[0062] The terminal device combines the PUF response with its metadata to generate a Decentralized Identifier (DID). The terminal device metadata includes the terminal device type, manufacturer information, and timestamp, among other things. The generation method is as follows: .in For secure hash functions, such as SHA-256, This represents terminal device metadata; ║ indicates a string concatenation operation. Generated using the method described above. Used to uniquely identify the terminal device.

[0063] S6: The domain control center generates verifiable credentials based on the terminal device attributes. .

[0064] The registration domain control center generates a verifiable credential (VC) based on the terminal device's DID and attribute information. Used to describe the identity attributes and access permissions of terminal devices. Defined as the following quintuple: .in Indicates the issuer of the certificate. Indicates the DID of the terminal device. This represents the attribute information of the terminal device. This indicates a signature as proof. This indicates the metadata of the terminal device.

[0065] S7: Registry Domain Control Center Perform digital signature.

[0066] The registration domain control center uses its private key to The content is digitally signed to ensure the integrity and authenticity of the certificate. The signing process is represented as follows: .in To register the domain control center private key, For digital signature algorithms, for The hash value of the content. The final generated signature is appended to... middle.

[0067] S8: Will Documents and The summary is written to the blockchain.

[0068] The system will connect the terminal devices Documents and The summary is written into the blockchain ledger. As a decentralized trust infrastructure, blockchain can guarantee the immutability and traceability of identity data. The abstract calculation method is as follows: Then the terminal device , The summary and registration timestamp are written to the blockchain. Recording identity information through the blockchain enables cross-domain identity sharing.

[0069] S9: The terminal device initiates a domain identity authentication request to the registered domain control center.

[0070] After a terminal device completes identity registration, it needs to perform domain authentication before accessing resources within the domain system. The terminal device sends an authentication request to the registration domain control center, which includes the terminal device's authentication information. And authentication identification information. An authentication request can be represented as: Where t represents the current timestamp. After receiving the authentication request, the registration domain control center initiates the challenge-response authentication mechanism to verify the identity of the terminal device by verifying the terminal device's signature.

[0071] S10: The registration domain control center generates a challenge value and sends it to the terminal device.

[0072] The registration domain control center generates new random challenge values. The challenge value is then sent to the terminal device. The challenge value is used to verify whether the terminal device possesses a legitimate private key and to ensure the randomness of the authentication process. The challenge value generation process is as follows: This challenge value is only valid within the current authentication session.

[0073] S11: The terminal device uses its private key to sign the challenge value.

[0074] After the terminal device receives the challenge value Using their private key Digitally sign the challenge value: The terminal device then sends the signature result back to the registration domain control center. This signature is used to prove that the terminal device has ownership of the private key.

[0075] S12: The Registry Domain Control Center reads from the blockchain. Public key and verify signature.

[0076] The registration domain control center reads the terminal device through the blockchain network. Documents and extract the public key of the terminal device. The public key is then used to verify the signature returned by the terminal device. If the verification is successful, it means that the terminal device holds the correct private key, and thus the authentication is successful.

[0077] S13: Terminal equipment carries Initiate a cross-domain authentication request to the target domain.

[0078] When a terminal device needs to access resources in another domain, the terminal device sends a cross-domain authentication request to the target domain control center, along with... Credentials and signature information. The request structure can be represented as: This request is used to establish a trust relationship between different domains.

[0079] S14: Target domain queried from blockchain and information.

[0080] The target domain control center queries the identity information of the terminal devices through the blockchain network, including the terminal devices themselves. document, The data includes a summary and the public key of the registration domain control center. Using this data, the target domain can verify the legitimacy of the terminal device's identity. The effectiveness.

[0081] S15: Target Domain Validation Signature and terminal device signature.

[0082] The target domain requires dual validation. First, validate... sign: Then verify the terminal device signature: If both verifications are successful, it indicates that the terminal device's identity is authentic and trustworthy.

[0083] S16: If the verification is successful, the terminal device is allowed to access system resources.

[0084] Once the target domain completes all authentication steps and successfully verifies its identity, the system allows the terminal device to access virtual power plant system resources, such as participating in energy dispatching, data acquisition, or load control. If authentication fails, the system rejects the terminal device's access request and records the authentication log.

Claims

1. A cross-domain authentication method for virtual power plants based on PUF and blockchain, characterized in that... The method includes the following steps: Step S1: Terminal device identity registration: The registration domain control center first challenges the terminal device, then the terminal device uses the PUF module to generate a unique response and construct a distributed identity identifier for the terminal device. The registration domain control center generates verifiable credentials based on the terminal device attributes. And write the identity digest to the blockchain; Step S2, Local Domain Identity Authentication: The terminal device initiates an authentication request to the registration domain control center. The registration domain control center sends a challenge value to the terminal device. The terminal device generates a response using PUF and signs the challenge value. The registration domain control center then authenticates the response via on-chain... Public key verification of signature completes terminal device identity authentication; Step S3, Cross-domain Identity Authentication: Terminal equipment carries An authentication request is sent to the target domain control center, and the target domain obtains the terminal device from the blockchain. and Information, and verified by the terminal device signature and Signatures enable cross-domain identity authentication; Step S4, Certification Result Feedback: If the verification is successful, the target domain allows the terminal device to access the virtual power plant system resources; if the verification fails, the terminal device's access request is denied.

2. The cross-domain authentication method for virtual power plants based on PUF and blockchain according to claim 1, characterized in that... The specific steps of step S1 are as follows: Step S101: The terminal device accesses the system and sends an identity registration request to the registration domain control center; Step S102: The registration domain control center sends a random challenge value to the terminal device. , ,in Indicates length is The random number generation function, Indicates the safe length of the random number; Step S103: The terminal device receives the challenge value. Then, it uses its internal PUF module to generate a unique response. , ,in This represents a physically unclonable function within the terminal device. Step S104: The terminal device generates a key pair based on the PUF response. , ,in This represents the public key of the terminal device. This represents the private key of the terminal device. This indicates the key generation algorithm; Step S105: The terminal device combines metadata to generate a distributed identity identifier. , ,in For a safe hash function, This refers to the metadata of the terminal device; ║ indicates a string concatenation operation. Step S106: The registration domain control center generates verifiable credentials based on the terminal device attributes. , ,in Indicates the issuer of the certificate. Indicates terminal device , This represents the attribute information of the terminal device. This indicates a signature as proof; Step S107: The registration domain control center uses its private key to... Perform digital signature: ,in To register the domain control center private key, For digital signature algorithms, for The hash value of the content, and the final signature, are appended to it. middle; Step S108, Documents and The summary is written to the blockchain.

3. The cross-domain authentication method for virtual power plants based on PUF and blockchain according to claim 2, characterized in that... The specific steps of step S101 are as follows: Step S10101: When a terminal device first accesses the virtual power plant system, it needs to send an identity registration request to the control center of its registration domain. This request is used to establish a unique identity for the terminal device and complete the initial trust establishment. Step S10102: After receiving the identity registration request, the registration domain control center initiates the identity registration process for the terminal device and generates a random challenge value for the subsequent PUF challenge-response authentication.

4. The cross-domain authentication method for virtual power plants based on PUF and blockchain according to claim 2, characterized in that... The specific steps of step S2 are as follows: Step S201: The terminal device initiates a domain authentication request to the registration domain control center, which includes the terminal device's authentication request. In addition to authentication identification information, the authentication request is represented as: Where t represents the current timestamp. After receiving the authentication request, the registration domain control center initiates the challenge-response authentication mechanism to verify the identity of the terminal device by verifying the terminal device's signature; Step S202: The registration domain control center generates a new random challenge value. , And send the challenge value to the terminal device; Step S203: The terminal device uses the private key Sign the challenge value: The signature result is then sent back to the registration domain control center; Step S204: The registration domain control center reads the terminal device through the blockchain network. Documents and extract the public key of the terminal device. The public key is used to verify the signature returned by the terminal device: If the verification is successful, it means that the terminal device holds the correct private key, and thus the authentication is successful.

5. The cross-domain authentication method for virtual power plants based on PUF and blockchain according to claim 4, characterized in that... The specific steps of step S3 are as follows: Step S301: When a terminal device needs to access resources in another domain, the terminal device sends a cross-domain authentication request to the target domain control center, along with... The request structure, including credentials and signature information, is as follows: ; Step S302: Query the target domain from the blockchain. and Information to verify the legitimacy of the terminal device's identity and The effectiveness; Step S303, Target Domain Verification Signature and terminal device signature: Step S30301, Verification sign: ; Step S30302: Verify the terminal device signature: ; Step S30303: If both verifications are successful, it means that the terminal device is authentic and trustworthy.