A blockchain-assisted asymmetric identity authentication method based on preset public keys
By using a blockchain-assisted asymmetric identity authentication method based on a pre-set public key, and utilizing quantum random numbers and blockchain distributed ledgers for local certificate verification, the system addresses the high concurrency and low latency identity authentication requirements in the power distribution Internet of Things (IoT), thereby improving the system's security and stability.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- HEBEI UNIVERSITY
- Filing Date
- 2026-03-05
- Publication Date
- 2026-06-05
AI Technical Summary
Existing authentication methods struggle to simultaneously meet the demands for high security, high concurrency, and low latency in local communication. In particular, centralized CA online verification methods in power distribution IoT suffer from performance bottlenecks and security risks.
A blockchain-assisted asymmetric identity authentication method based on a pre-set public key is adopted. Random number strings are generated by a quantum random number generation module and local certificate status verification is performed in combination with the blockchain distributed ledger. Quantum random numbers and auxiliary authentication factors are used for two-way identity authentication, eliminating the dependence on a central CA.
It significantly improves the system's high-concurrency processing capabilities and overall stability, reduces authentication latency, enhances its resistance to attacks, and ensures the security and trustworthiness of communication.
Smart Images

Figure CN122160119A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to an identity authentication method, specifically a blockchain-assisted asymmetric identity authentication method based on a pre-set public key. Background Technology
[0002] As a critical national infrastructure, the power grid plays an indispensable role in ensuring national energy supply, social stability, and economic development. However, due to its importance, the power grid has long been a primary target for hacker groups and hostile forces, who attempt to disrupt its stable operation to impact national security and public order. In recent years, with the development of information technology, the digitalization and intelligence of the power grid have continuously improved, especially with the widespread application of the distribution Internet of Things (IoT), making the communication network within the power grid system more open. However, this openness also brings significant security risks. The distribution IoT contains a large number of distributed resources interconnected through networks, forming a complex and vast communication system. If the security of this system is not effectively guaranteed, it could become a breakthrough point for attackers, causing security risks to spread between different areas, and even from low-security areas to high-security areas, threatening the security of the entire power grid.
[0003] To address this challenge and ensure secure data exchange between distribution network IoT terminals and edge nodes, preventing attackers from exploiting communication vulnerabilities for unauthorized intrusion, a reliable two-way authentication mechanism must be established between the distribution network terminals and the intelligent converged terminals of the edge nodes. Two-way authentication technology not only ensures the legitimacy of both communicating parties but also effectively prevents common network threats such as spoofing attacks and replay attacks. Specifically, authentication technology verifies the identities of both communicating parties through a systematic process, including the user submitting identity verification to the system and the system verifying that verification, ensuring that each party in the communication is authentic and trustworthy. This technology provides crucial protection for the secure operation of the distribution network IoT, preventing the expansion of attack scope and maintaining the overall security of the power grid.
[0004] Existing public key certificate-based identity authentication schemes primarily rely on certificate factors and centralized certificate authorities (CAs) for identity verification. However, single points of trust failure, certificate forgery, and man-in-the-middle attacks remain risks if certificates are leaked, private keys are counterfeited, or certificate status synchronization lags. Furthermore, in large-scale distribution IoT scenarios, the sheer number of edge nodes and end-side terminals makes traditional online verification methods reliant on centralized CAs prone to performance bottlenecks, failing to simultaneously meet the demands for high security, high concurrency, and low-latency local communication. Summary of the Invention
[0005] The purpose of this invention is to provide a blockchain-assisted asymmetric identity authentication method based on a pre-set public key, in order to solve the problem that existing identity authentication methods cannot simultaneously meet the requirements of high security, high concurrency, and low-latency local communication.
[0006] The objective of this invention is achieved in this way: A blockchain-assisted asymmetric identity authentication method based on a pre-set public key includes the following steps: S1.CA issues side certificates to smart converged terminals and end certificates to distribution network terminals; S2. The intelligent converged terminal and the distribution network terminal retain their respective certificate private keys and exchange certificate public keys; S3. The intelligent fusion terminal generates a random number string R0 and uses the random number string R0 to authenticate the distribution network terminal; if the authentication is successful, proceed to step S4. S4. The intelligent converged terminal performs auxiliary authentication on the distribution network terminal. If the authentication is successful, proceed to step S5. S5. The distribution network terminal generates a random number string R1 and uses the random number string R1 to authenticate the smart converged terminal.
[0007] Furthermore, both the intelligent fusion terminal and the distribution network terminal are equipped with quantum random number generation modules; the random number string R0 is generated by the quantum random number generation module in the intelligent fusion terminal, and the random number string R1 is generated by the quantum random number generation module in the distribution network terminal.
[0008] Furthermore, the specific method for authenticating the distribution network terminal using the random number string R0 in step S3 is as follows: S3-1. The intelligent converged terminal uses the public key of the terminal certificate to encrypt the random number string R0 to obtain the encrypted random number string M0; and sends the encrypted random number string M0 to the distribution network terminal. S3-2. The distribution network terminal uses the private key of the edge certificate to decrypt the encrypted data M0, obtaining the decrypted random number string R0′; and uses the decrypted random number string R0′ and the public key of the edge certificate to generate the message authentication code H1; S3-3. The distribution network terminal uses the private key of the terminal certificate to encrypt the message authentication code H1, obtains the encrypted message authentication code M1, and sends it to the smart converged terminal. S3-4. The intelligent fusion terminal uses the public key of the edge certificate to decrypt the encrypted message authentication code M1 to obtain the decrypted message authentication code H1′, and generates the message authentication code H1′′ based on the random number string R0 and the public key of the edge certificate. S3-5. The intelligent fusion terminal compares the decrypted message authentication code H1′ and message authentication code H1′′; if they match, the identity authentication of the distribution network terminal is successful; if they do not match, the identity authentication process is terminated and the random number string R0 is destroyed.
[0009] Furthermore, the intelligent fusion terminal uses an asymmetric encryption algorithm to encrypt the random number string R0.
[0010] 5. The blockchain-assisted asymmetric identity authentication method based on a pre-set public key according to claim 1, characterized in that step S4 includes the following sub-steps: S4-1. The distribution network terminal obtains the auxiliary authentication factor corresponding to the distribution network terminal and generates a one-time dynamic password; the auxiliary authentication factor corresponding to the distribution network terminal, the one-time dynamic password, the random number string R0 and the terminal certificate identifier are combined and operated to generate an authentication digest; S4-2. The distribution network terminal uses the private key of the terminal certificate to sign the authentication digest to obtain authentication data; and sends it to the smart converged terminal. S4-3. The intelligent fusion terminal verifies the signature of the authentication data; calculates the authentication credibility, stores it in the blockchain distributed ledger, and becomes the historical authentication credibility; the intelligent fusion terminal queries the blockchain to check the validity status of the distribution network terminal's terminal certificate and the historical authentication credibility; S4-4. When the terminal certificate is valid, the signature verification is successful, and the historical authentication credibility is greater than or equal to the preset threshold, the auxiliary authentication of the distribution network terminal is successful.
[0011] Furthermore, step S4 also includes: S4-5. If the terminal certificate is valid and the signature verification is successful, but the historical authentication credibility is less than the preset threshold, the intelligent fusion terminal regenerates a random number string and executes steps S3 and S4-1-S4-4. The intelligent fusion terminal authenticates the distribution network terminal based on the regenerated random number string. After successful authentication, the distribution network terminal resubmits the auxiliary authentication factor and one-time dynamic password. The distribution network terminal regenerates authentication data based on the regenerated random number string, auxiliary authentication factor, and one-time dynamic password. The intelligent fusion terminal verifies the signature again and calculates the historical authentication credibility. If the historical authentication credibility exceeds the preset threshold, the authentication is successful.
[0012] Furthermore, the specific method for authenticating the identity of the intelligent converged terminal in step S5 is as follows: S5-1. The distribution network terminal uses the public key of the side certificate to encrypt the random number string R1, and sends the encrypted random number string R1 to the smart converged terminal. S5-2. The intelligent fusion terminal uses the private key of the side certificate to decrypt the encrypted random number string R1, and uses the decrypted random number string R1 and the public key of the side certificate to generate the message authentication code H4. S5-3. The intelligent fusion terminal uses the private key of the side certificate to encrypt the message authentication code H4, obtains the encrypted message authentication code M4, and sends it to the distribution network terminal. S5-4. The distribution network terminal uses the public key of the side certificate to decrypt the encrypted message authentication code M4 to obtain the decrypted message authentication code H4′; and generates the message authentication code H4′′ based on the random number string R1 and the public key of the side certificate. S5-5. The distribution network terminal compares the decrypted message authentication code H4′ with the message authentication code H4′′; if they match, the distribution network terminal's identity authentication is successful; if they do not match, the identity authentication process is terminated and the random number string R1 is destroyed.
[0013] The identity authentication method of this invention, by introducing a blockchain distributed ledger, changes the traditional model that relies on centralized CA real-time online verification, significantly reducing the pressure on central nodes. Specifically, the intelligent fusion terminals of edge nodes can utilize the distributed evidence storage capability of the blockchain ledger to verify the certificate status and legality of distribution network terminals locally. This mechanism eliminates the impact on the central CA server when massive terminals access the network concurrently, enabling edge nodes to independently process authentication requests in parallel, significantly improving the system's high-concurrency processing capability and overall stability.
[0014] This invention effectively meets the requirements for low-latency communication. The authentication process is completed entirely in a closed loop between the edge node and the end terminal via a local communication channel (such as power line carrier, low-power wireless, etc.), without the need for wide area network message interaction with a remote CA server. By eliminating network transmission latency and processing queuing latency caused by third-party central nodes, and retaining only the necessary authentication message interaction between the edge and the end, this invention effectively reduces the total authentication time, avoids the risk of authentication timeout in weak network environments, and improves the establishment efficiency and real-time performance of local communication in the power distribution IoT.
[0015] This invention, based on asymmetric identity authentication using pre-set public key certificates, introduces quantum random numbers (i.e., random number strings R0 and R1), auxiliary authentication factors, and a blockchain distributed verification mechanism. The quantum random number generation module generates truly random numbers based on the intrinsic properties of quantum mechanics, enhancing resistance to brute-force attacks. The auxiliary authentication factor utilizes a local security module to generate a device physical identity factor or security chip identifier bound to hardware features, strongly binding the digital identity (certificate private key) to the physical entity (terminal hardware), effectively defending against device impersonation and key leakage attacks. A one-time dynamic password derived from quantum random numbers ensures the freshness of authentication data, blocking replay attack paths. Finally, blockchain is used for distributed verification and storage of certificate status and authentication results, significantly improving protection against certificate forgery, key leakage, and impersonation attacks. Simultaneously, without requiring the private key to be transmitted, it enhances the overall security, trustworthiness, and auditability of the system. Attached Figure Description
[0016] Figure 1 This is a flowchart of the method of the present invention.
[0017] Figure 2 This is a schematic diagram illustrating the authentication process for intelligent converged terminals and distribution network terminals. Detailed Implementation
[0018] The invention will now be described in further detail with reference to the accompanying drawings.
[0019] like Figure 1 and Figure 2 As shown, the present invention includes the following steps: S1.CA issues side certificates to smart converged terminals and end certificates to distribution network terminals.
[0020] During the certificate issuance phase, the Certificate Authority (CA) issues side certificates to smart converged terminals and end certificates to distribution network terminals. The smart converged terminals and distribution network terminals exchange certificates issued by the CA.
[0021] The two-way authentication of this invention requires the collaboration of edge devices and end devices. The overall security is jointly guaranteed by the quantum security module and local security module configured in the edge devices and end devices. It also combines the blockchain distributed ledger to realize certificate status verification and authentication result storage, thereby forming an identity authentication system with verifiable security and traceability.
[0022] The intelligent converged terminal, also known as the distribution transformer area intelligent terminal, is located at the edge node and is a side device. As a local data processing center, the intelligent converged terminal supports advanced business applications, enabling online monitoring, intelligent analysis, and decision control of the transformer area's operational status. The distribution network terminal, as an end device, has communication access capabilities, supports the collection and processing of relevant information, and can transmit information to the side devices. The intelligent converged terminal and the distribution network terminal transmit data through a local communication channel. This local communication channel, also known as the distribution transformer area communication channel, uses communication methods including power line carrier, low-power wireless, and RS485 communication.
[0023] Both the side certificate and the end certificate contain their respective public keys.
[0024] The Certificate Authority (CA) issues side certificates and end certificates, generating their respective certificate identifiers or certificate hash values. These certificate identifiers or hash values are then registered in the blockchain's distributed ledger for distributed verification of certificate validity and revocation status.
[0025] S2. The intelligent converged terminal and the distribution network terminal retain the private keys of their respective certificates and exchange the public keys of their certificates.
[0026] The intelligent converged terminal sends the public key Pe of the side certificate to the distribution network terminal, and the distribution network terminal sends the public key Pt of the end certificate to the intelligent converged terminal. The intelligent converged terminal stores the private key de corresponding to the public key Pe, and the distribution network terminal stores the private key dt corresponding to Pt.
[0027] S3. The intelligent fusion terminal generates a random number string R0 and uses the random number string R0 to authenticate the distribution network terminal; if the authentication is successful, proceed to step S4.
[0028] Both the edge device and the end device are equipped with quantum security modules, which contain quantum random number generators to generate quantum random numbers required for authentication. The random number string R0 is generated by the quantum random number generator module in the smart fusion terminal.
[0029] S3-1. The intelligent fusion terminal uses the public key Pt of the terminal certificate to encrypt the random number string R0, obtaining the encrypted random number string M0=CPt(R0), and sends the encrypted random number string M0 to the distribution network terminal.
[0030] Where Cx(·) represents an asymmetric encryption algorithm using x as the encryption key.
[0031] The specific method for generating the ciphertext (i.e., the encrypted random number string) M0 is as follows: S3-1-1. Determine the parameters of the elliptic curve and use the SM2 algorithm to perform point operations on the elliptic curve E.
[0032] S3-1-2: Generate a random number k, k∈[1,n-1], as a temporary private key.
[0033] S3-1-3: Calculate the point C1=k×G on the elliptic curve, where G is the base point of the elliptic curve E.
[0034] S3-1-4: Calculate the shared key S=k×Pt using the public key Pt of the distribution network terminal.
[0035] S3-1-5: Derive the symmetric key K from S using the key derivation function KDF.
[0036] S3-1-6: Encrypt R0 using K to obtain C2=R0⊕K.
[0037] S3-1-7: Concatenate C1 and C2 in sequence to form ciphertext M0.
[0038] S3-2. The distribution network terminal uses the private key dt of the edge certificate to decrypt the encrypted random number string M0, obtaining the decrypted random number string R0′=Ddt(M0), and uses the decrypted random number string R0′ and the public key Pe of the edge certificate to generate the message authentication code H1=MAC(R0′, Pe).
[0039] Wherein, MAC(·) represents the message authentication code generation algorithm, and Ddt(·) represents the decryption algorithm that uses the private key dt of the end certificate as the decryption key.
[0040] S3-3. The distribution network terminal uses the private key dt of the terminal certificate to encrypt the message authentication code H1, obtaining the encrypted message authentication code M1=Cdt(H1), and sends the encrypted message authentication code M1 to the smart converged terminal.
[0041] S3-4. The intelligent fusion terminal uses the public key Pt of the edge certificate to decrypt the encrypted message authentication code M1, obtaining the decrypted message authentication code H1′=DPt(M1), and generates the message authentication code H1′′=MAC(R0,Pe) based on the random number string R0 and the public key of the edge certificate.
[0042] S3-5. The intelligent fusion terminal compares the decrypted message authentication code H1′ and message authentication code H1′′; if they match, the identity authentication of the distribution network terminal is successful; if they do not match, the identity authentication process is terminated and the random number string R0 is destroyed.
[0043] If the decrypted message authentication code H1′ and the message authentication code H1′′ match, it is determined that the first authentication factor verification based on the pre-set certificate is successful, indicating that the random number string R0 has not been tampered with and the network terminal holds a private key that matches its certificate.
[0044] S4. The intelligent converged terminal performs auxiliary authentication on the distribution network terminal. If the authentication is successful, proceed to step S5.
[0045] The intelligent converged terminal sends an auxiliary authentication request to the distribution network terminal, which then obtains the corresponding auxiliary authentication factor and generates authentication data.
[0046] S4-1. The distribution network terminal obtains the auxiliary authentication factor F0 corresponding to the distribution network terminal and generates a one-time dynamic password R2; the auxiliary authentication factor F0 corresponding to the distribution network terminal, the one-time dynamic password R2, and the encrypted random number string R0′ are combined and operated to generate the authentication digest H3 = Hash(R0′ || F0 || R2).
[0047] Hash refers to hash calculation.
[0048] Both edge devices and end devices are equipped with local security modules, which are used to provide device physical identity factors or security chip identifiers as auxiliary authentication factors.
[0049] S4-2. The distribution network terminal uses the private key dt of the terminal certificate to sign the authentication digest H3 to obtain the authentication data M2; and sends it to the smart converged terminal.
[0050] S4-3. After receiving the authentication data M2, the intelligent fusion terminal uses the public key Pt of the terminal certificate to verify the authentication data M2, and queries the blockchain to check the validity status and historical authentication credibility of the terminal certificate of the distribution network terminal.
[0051] The intelligent converged terminal also needs to calculate the authentication credibility of the distribution network terminal. The authentication credibility is calculated by comparing the authentication digest H3 with a pre-stored hash value, and using the distance between the two hash values as the authentication credibility, which is then saved to the blockchain distributed ledger as historical authentication credibility. The intelligent converged terminal can query the certificate status and historical authentication credibility of the distribution network terminal's end certificate from the blockchain distributed ledger. Each time the authentication credibility is re-authenticated and calculated, it is stored in the blockchain distributed ledger, replacing the previously calculated authentication credibility, and becoming the historical authentication credibility.
[0052] When the authentication credibility is greater than the preset threshold, the signature verification is successful.
[0053] S4-4. When the terminal certificate is valid, the signature verification is successful, and the historical authentication credibility is greater than or equal to the preset threshold, the auxiliary authentication of the distribution network terminal is successful.
[0054] When the terminal certificate is invalid and the signature verification fails, the auxiliary authentication process for the distribution network terminal is terminated.
[0055] S4-5. When the terminal certificate is valid and the signature verification is successful, but the historical authentication credibility is less than the preset threshold, the upgrade authentication mechanism is triggered. That is, the smart fusion terminal regenerates a random number string and executes steps S3 and S4-1-S4-4. The smart fusion terminal authenticates the distribution network terminal based on the regenerated random number string. After successful authentication, the distribution network terminal obtains the decrypted random number string of the regenerated random number string. The distribution network terminal regenerates a one-time dynamic password. The distribution network terminal regenerates authentication data again based on the auxiliary authentication factor F0, the regenerated one-time dynamic password, and the decrypted random number string of the regenerated random number string. The authentication data is verified, the authentication credibility is calculated, and it is stored in the blockchain distributed ledger as historical authentication credibility. When the historical authentication credibility is greater than or equal to the preset threshold, the authentication is successful.
[0056] S5. The distribution network terminal generates a random number string R1 and uses the random number string R1 to authenticate the smart converged terminal.
[0057] The random number string R1 is generated by the quantum random number generation module in the distribution network terminal. The method by which the distribution network terminal authenticates the smart converged terminal is the same as the method by which the smart converged terminal authenticates the distribution network terminal.
[0058] S5-1. The distribution network terminal uses the public key Pe of the side certificate to encrypt the random number string R1, generating an encrypted random number string M3=CPe(R1), and sends the encrypted random number string M3 to the smart fusion terminal.
[0059] The asymmetric encryption algorithm used in this invention is the same, and the methods for encrypting random number string R1 and random number string R0 are the same.
[0060] S5-2. The intelligent fusion terminal uses the private key de of the side certificate to decrypt the encrypted random number string M3, obtaining the decrypted random number string R1′=Dde(M3), and uses the decrypted random number string R1′ and the public key Pt of the side certificate to generate the message authentication code H4 = MAC(R1′, Pt).
[0061] S5-3. The intelligent fusion terminal uses the private key de of the side certificate to encrypt the message authentication code H4, obtaining the encrypted message authentication code M4 = Cde(H4), and sends it to the distribution network terminal.
[0062] S5-4. After receiving the encrypted message authentication code M4, the distribution network terminal uses the public key Pe of the side certificate to decrypt the encrypted message authentication code M4, and obtains the decrypted message authentication code H4′= DPe(M4); and generates the message authentication code H4′′ = MAC(R1, Pt) based on the random number string R1 and the public key Pt of the side certificate.
[0063] S5-4. The distribution network terminal compares the decrypted message authentication code H4′ with the message authentication code H4′′; if they match, the distribution network terminal's identity authentication is successful, and it is determined that the smart converged terminal holds a private key that matches its certificate, thus completing the identity authentication of the smart converged terminal; if they do not match, the identity authentication process is terminated and the random number string R1 is destroyed.
[0064] Once both two-way authentication and auxiliary authentication are successful, the smart fusion terminal writes the certificate identifier, authentication result, historical authentication credibility, and timestamp information of this authentication into the blockchain distributed ledger for subsequent auditing and traceability.
[0065] After completing two-way authentication and auxiliary authentication, the random number string and one-time dynamic password are destroyed to prevent replay attacks.
[0066] This invention introduces quantum random numbers as a challenge factor in an asymmetric identity authentication framework based on pre-set public key certificates, and combines device physical identity factors and one-time dynamic passwords to achieve multi-factor authentication. At the same time, it uses a blockchain distributed ledger to verify and store the certificate status and authentication results, making the authentication process more secure, resistant to forgery, and traceable.
[0067] The two-way authentication of this invention requires the collaboration of edge devices and end devices. The overall security is jointly guaranteed by the quantum security module and local security module configured in the edge devices and end devices. It also combines the blockchain distributed ledger to realize certificate status verification and authentication result storage, thereby forming an identity authentication system with verifiable security and traceability.
Claims
1. A blockchain-assisted asymmetric identity authentication method based on a pre-set public key, characterized in that, Includes the following steps: S1.CA issues side certificates to smart converged terminals and end certificates to distribution network terminals; S2. The intelligent converged terminal and the distribution network terminal retain their respective certificate private keys and exchange certificate public keys; S3. The intelligent fusion terminal generates a random number string R0 and uses the random number string R0 to authenticate the distribution network terminal. If authentication is successful, proceed to step S4; S4. The intelligent converged terminal performs auxiliary authentication on the distribution network terminal. If the authentication is successful, proceed to step S5. S5. The distribution network terminal generates a random number string R1 and uses the random number string R1 to authenticate the smart converged terminal.
2. The blockchain-assisted asymmetric identity authentication method based on a pre-set public key according to claim 1, characterized in that, Both the intelligent fusion terminal and the distribution network terminal are equipped with quantum random number generation modules; The random number string R0 is generated by the quantum random number generation module in the intelligent fusion terminal, and the random number string R1 is generated by the quantum random number generation module in the distribution network terminal.
3. The blockchain-assisted asymmetric identity authentication method based on a pre-set public key according to claim 1, characterized in that, The specific method for authenticating the distribution network terminal using the random number string R0 in step S3 is as follows: S3-1. The intelligent converged terminal uses the public key of the terminal certificate to encrypt the random number string R0 to obtain the encrypted random number string M0; and sends the encrypted random number string M0 to the distribution network terminal. S3-2. The distribution network terminal uses the private key of the edge certificate to decrypt the encrypted data M0, obtaining the decrypted random number string R0′; and uses the decrypted random number string R0′ and the public key of the edge certificate to generate the message authentication code H1; S3-3. The distribution network terminal uses the private key of the terminal certificate to encrypt the message authentication code H1, obtains the encrypted message authentication code M1, and sends it to the smart converged terminal. S3-4. The intelligent fusion terminal uses the public key of the edge certificate to decrypt the encrypted message authentication code M1 to obtain the decrypted message authentication code H1′, and generates the message authentication code H1′′ based on the random number string R0 and the public key of the edge certificate. S3-5. The intelligent fusion terminal compares the decrypted message authentication code H1′ and message authentication code H1′′; if they match, the identity authentication of the distribution network terminal is successful; if they do not match, the identity authentication process is terminated and the random number string R0 is destroyed.
4. The blockchain-assisted asymmetric identity authentication method based on a pre-set public key according to claim 3, characterized in that, The intelligent fusion terminal uses an asymmetric encryption algorithm to encrypt the random number string R0.
5. The blockchain-assisted asymmetric identity authentication method based on a pre-set public key according to claim 1, characterized in that, Step S4 includes the following sub-steps: S4-1. The distribution network terminal obtains the auxiliary authentication factor corresponding to the distribution network terminal and generates a one-time dynamic password; The auxiliary authentication factor, one-time dynamic password, random number string R0, and terminal certificate identifier corresponding to the distribution network terminal are combined and calculated to generate an authentication digest; S4-2. The distribution network terminal uses the private key of the terminal certificate to sign the authentication digest to obtain the authentication data; And send it to the intelligent converged terminal; S4-3. The intelligent fusion terminal verifies the signature of the authentication data; The authentication credibility is calculated and stored in the blockchain distributed ledger, becoming the historical authentication credibility; the smart fusion terminal queries the blockchain to check the validity status and historical authentication credibility of the distribution network terminal's terminal certificate. S4-4. When the terminal certificate is valid, the signature verification is successful, and the historical authentication credibility is greater than or equal to the preset threshold, the auxiliary authentication of the distribution network terminal is successful.
6. The blockchain-assisted asymmetric identity authentication method based on a pre-set public key according to claim 5, characterized in that, Step S4 also includes: S4-5. If the terminal certificate is valid and the signature verification is successful, but the historical authentication credibility is less than the preset threshold, the intelligent fusion terminal regenerates a random number string and executes steps S3 and S4-1-S4-4. The intelligent fusion terminal authenticates the distribution network terminal based on the regenerated random number string. After successful authentication, the distribution network terminal resubmits the auxiliary authentication factor and one-time dynamic password. The distribution network terminal regenerates authentication data based on the regenerated random number string, auxiliary authentication factor, and one-time dynamic password. The intelligent fusion terminal verifies the signature again and calculates the historical authentication credibility. If the historical authentication credibility exceeds the preset threshold, the authentication is successful.
7. The blockchain-assisted asymmetric identity authentication method based on a pre-set public key according to claim 1, characterized in that, The specific method for authenticating the identity of the intelligent converged terminal in step S5 is as follows: S5-1. The distribution network terminal uses the public key of the side certificate to encrypt the random number string R1, and sends the encrypted random number string R1 to the smart converged terminal. S5-2. The intelligent fusion terminal uses the private key of the side certificate to decrypt the encrypted random number string R1, and uses the decrypted random number string R1 and the public key of the side certificate to generate the message authentication code H4. S5-3. The intelligent fusion terminal uses the private key of the side certificate to encrypt the message authentication code H4, obtains the encrypted message authentication code M4, and sends it to the distribution network terminal. S5-4. The distribution network terminal uses the public key of the side certificate to decrypt the encrypted message authentication code M4 to obtain the decrypted message authentication code H4′; and generates the message authentication code H4′′ based on the random number string R1 and the public key of the side certificate. S5-5. The distribution network terminal compares the decrypted message authentication code H4′ with the message authentication code H4′′; if they match, the distribution network terminal's identity authentication is successful; if they do not match, the identity authentication process is terminated and the random number string R1 is destroyed.