CN110795767B - Electric power transaction method, device and system and trusted cloud platform - Google Patents
Electric power transaction method, device and system and trusted cloud platform Download PDFInfo
- Publication number
- CN110795767B CN110795767B CN201911098818.0A CN201911098818A CN110795767B CN 110795767 B CN110795767 B CN 110795767B CN 201911098818 A CN201911098818 A CN 201911098818A CN 110795767 B CN110795767 B CN 110795767B
- Authority
- CN
- China
- Prior art keywords
- user data
- data acquisition
- acquisition equipment
- cloud platform
- electric power
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
- G06Q50/06—Electricity, gas or water supply
Abstract
The invention provides an electric power transaction method, an electric power transaction device, an electric power transaction system and a credible cloud platform, wherein the credible cloud platform ensures the authenticity of a data source by carrying out identity verification on user data acquisition equipment, decrypts encrypted data sent by the user data acquisition equipment in a credible execution environment under the condition of successful identity verification on the user data acquisition equipment, ensures that the decrypted user data is not leaked because the credible execution environment cannot be accessed by an external environment, judges whether an electric power transaction electronic contract is executed or not by comparing the contract electric quantity in the electric power transaction electronic contract acquired from the external environment with the electric quantity in the user data on the basis, and ensures the safety and privacy of the user data in the electric power transaction process.
Description
Technical Field
The invention relates to the technical field of energy transaction, in particular to a power transaction method, device and system and a credible cloud platform.
Background
With the release of the national policy on the distributed power transaction, the point-to-point power transaction formed by the distributed power energy becomes a development direction, however, the point-to-point power transaction necessarily involves the power data of the user, such as the generated energy data of the electricity selling user and the electricity consumption data of the electricity consuming user, and the data belongs to the personal data of the user, is the personal privacy data of the user and is not convenient for others to know.
At present, the power internet of things becomes a development trend of power construction, requirements of interconnection of everything, data open sharing, data exchange and the like in the power internet of things seriously threaten data safety and user privacy of users, and the problem of leakage of user privacy data is increasingly severe. Therefore, how to protect the user data security and the user privacy while creating the power internet of things and realize the point-to-point energy transaction and settlement on the premise that the users do not share personal data with each other becomes a problem to be solved urgently.
Disclosure of Invention
In view of this, the invention provides a power transaction method, device and system and a trusted cloud platform, which ensure the security and privacy of user data in the power transaction process.
In order to achieve the above purpose, the invention provides the following specific technical scheme:
a power transaction method is applied to a trusted cloud platform, the trusted cloud platform comprises an external environment and a trusted execution environment, and the method comprises the following steps:
receiving upload data of user data acquisition equipment in the external environment under the condition that the user data acquisition equipment is registered in the trusted cloud platform, wherein the upload data comprises secondary encrypted user data and equipment identification;
performing identity verification on the user data acquisition equipment by using the secondary encrypted user data and the equipment identifier in the external environment to obtain primary encrypted user data;
under the condition that the identity of the user data acquisition equipment is successfully verified, decrypting the primary encrypted user data in the trusted execution environment to obtain user data;
acquiring contract electric quantity in an electric power transaction electronic contract corresponding to the equipment identification in the external environment;
comparing the electric quantity in the user data with the contract electric quantity in the trusted execution environment, and sending a comparison result to the external environment;
and judging whether the electric power transaction electronic contract is executed or not according to the comparison result in the external environment.
Optionally, the method further includes:
receiving a registration request sent by the user data acquisition equipment;
sending a preset encryption algorithm and an MD5 code of the preset encryption algorithm to the user data acquisition equipment;
under the condition that the user data acquisition equipment passes the verification of the preset encryption algorithm, receiving a public key and the equipment identification sent by the user data acquisition equipment, and storing the corresponding relation between the public key of the user data acquisition equipment and the equipment identification in the external environment, wherein a public and private key pair of the user data acquisition equipment is generated according to the preset encryption algorithm, and a private key of the user data acquisition equipment is stored locally in the user data acquisition equipment;
and generating a public and private key pair of the trusted cloud platform according to the preset encryption algorithm, sending the public key of the trusted cloud platform to the user data acquisition equipment, and storing the private key of the trusted cloud platform in the trusted execution environment.
Optionally, the secondary encrypted user data is obtained by encrypting the hash value of the primary encrypted data by the user data acquisition device according to a private key of the user data acquisition device, and the primary encrypted data is obtained by encrypting the user data by the user data acquisition device according to a public key of the trusted cloud platform.
Optionally, the uploading data further includes a hash value of the primary encrypted user data, and the authenticating the user data acquisition device by using the secondary encrypted user data and the device identifier in the external environment to obtain the primary encrypted user data includes:
determining a public key of the user data acquisition equipment in the external environment by using the equipment identifier and a corresponding relation between the pre-stored equipment identifier and the public key;
decrypting the secondary encrypted user data by using the public key of the user data acquisition equipment to obtain the primary encrypted user data;
calculating the hash value of the primary encrypted user data;
judging whether the hash value in the uploaded data is consistent with the hash value obtained through calculation;
if the user data acquisition equipment is consistent with the user data acquisition equipment, judging that the authentication of the user data acquisition equipment is successful;
and if the user data acquisition equipment is inconsistent, judging that the authentication of the user data acquisition equipment fails.
An electric power transaction device is applied to a trusted cloud platform, the trusted cloud platform comprises an external environment and a trusted execution environment, and the electric power transaction device comprises:
the data receiving unit is used for receiving uploading data of the user data acquisition equipment in the external environment under the condition that the user data acquisition equipment is registered in the trusted cloud platform, and the uploading data comprises secondary encrypted user data and equipment identification;
the identity authentication unit is used for authenticating the identity of the user data acquisition equipment by using the secondary encrypted user data and the equipment identifier in the external environment to obtain primary encrypted user data;
the data decryption unit is used for decrypting the primary encrypted user data in the trusted execution environment under the condition that the identity of the user data acquisition equipment is successfully verified to obtain user data;
a contract electric quantity acquisition unit for acquiring a contract electric quantity in an electric power transaction electronic contract corresponding to the device identification in the external environment;
the electric quantity comparison unit is used for comparing the electric quantity in the user data with the contract electric quantity in the trusted execution environment and sending a comparison result to the external environment;
a contract state determination unit for determining whether the electric power transaction electronic contract has been executed or not in the external environment according to the comparison result.
Optionally, the apparatus further includes a registration unit, where the registration unit is specifically configured to:
receiving a registration request sent by the user data acquisition equipment;
sending a preset encryption algorithm and an MD5 code of the preset encryption algorithm to the user data acquisition equipment;
under the condition that the user data acquisition equipment passes the verification of the preset encryption algorithm, receiving a public key and the equipment identification sent by the user data acquisition equipment, and storing the corresponding relation between the public key of the user data acquisition equipment and the equipment identification in the external environment, wherein a public and private key pair of the user data acquisition equipment is generated according to the preset encryption algorithm, and a private key of the user data acquisition equipment is stored locally in the user data acquisition equipment;
and generating a public and private key pair of the trusted cloud platform according to the preset encryption algorithm, sending the public key of the trusted cloud platform to the user data acquisition equipment, and storing the private key of the trusted cloud platform in the trusted execution environment.
Optionally, the secondary encrypted user data is obtained by encrypting the hash value of the primary encrypted data by the user data acquisition device according to a private key of the user data acquisition device, and the primary encrypted data is obtained by encrypting the user data by the user data acquisition device according to a public key of the trusted cloud platform.
Optionally, the uploaded data further includes a hash value of the primary encrypted user data, and the identity verification unit is specifically configured to:
determining a public key of the user data acquisition equipment in the external environment by using the equipment identifier and a corresponding relation between the pre-stored equipment identifier and the public key;
decrypting the secondary encrypted user data by using the public key of the user data acquisition equipment to obtain the primary encrypted user data;
calculating the hash value of the primary encrypted user data;
judging whether the hash value in the uploaded data is consistent with the hash value obtained through calculation;
if the user data acquisition equipment is consistent with the user data acquisition equipment, judging that the authentication of the user data acquisition equipment is successful;
and if the user data acquisition equipment is inconsistent, judging that the authentication of the user data acquisition equipment fails.
A trusted cloud platform comprising an external environment and a trusted execution environment;
the trusted cloud platform is used for executing the electric power transaction method as claimed in any one of claims 1 to 4.
An electric power trading system, comprising: user data acquisition equipment and a block chain;
the block chain comprises a transaction center, an identity management center, a user terminal block chain wallet, a billing node and the trusted cloud platform;
the identity management center is used for registering the user-side block chain wallet and the accounting node, and taking the equipment identifier of the user data acquisition equipment as the identity identifier of the corresponding user-side block chain wallet;
the user-side blockchain wallet comprises a power consumer blockchain wallet, a power seller blockchain wallet and a power grid settlement company blockchain wallet;
the accounting node comprises: the power utilization side node, the power selling side node, the power grid settlement company node and the government regulatory agency node are used for participating in the consensus of the transactions in the block chain and packaging the consensus transaction data to generate a block;
the user-side blockchain wallet to initiate a power transaction request in the blockchain;
the transaction center is used for matching the electric power transaction according to a preset matching principle when receiving an electric power transaction request initiated by the user-side block chain wallet, generating an electric power transaction electronic contract after the user-side block chain wallet participating in the electric power transaction confirms, and submitting the electric power transaction electronic contract and the to-be-executed state information of the electric power transaction electronic contract to the block chain;
the user data acquisition equipment comprises electricity selling party data acquisition equipment and electricity using party data acquisition equipment and is used for uploading data to the trusted cloud platform according to a preset data uploading period;
the trusted cloud platform is further used for submitting executed state information of the electric power transaction electronic contract to the block chain when the electric power transaction electronic contract is executed;
the trading center is further used for calling a smart contract to realize fee settlement among the power consumption party blockchain wallet, the power selling party blockchain wallet and the power grid settlement company blockchain wallet participating in the power trading when the state of the power trading electronic contract is executed, and submitting fee settlement information and settled state information of the power trading electronic contract into the blockchain.
Compared with the prior art, the invention has the following beneficial effects:
the invention discloses an electric power transaction method, which is characterized in that a trusted cloud platform ensures the authenticity of a data source by carrying out identity verification on user data acquisition equipment, decrypts encrypted data sent by the user data acquisition equipment in a trusted execution environment under the condition that the identity verification on the user data acquisition equipment is successful, and ensures that the decrypted user data is not leaked because the trusted execution environment cannot be accessed by an external environment.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic flow chart illustrating an electric power transaction method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a method for registering a user data acquisition device on a trusted cloud platform according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an electric power transaction apparatus according to an embodiment of the disclosure;
fig. 4 is a schematic structural diagram of an electric power transaction system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment discloses an electric power transaction method which is applied to a trusted cloud platform, wherein the trusted cloud platform is a cloud computing platform with a trusted execution environment, and the trusted execution environment comprises various trusted key storage spaces, temporary data storage spaces, log storage spaces and the like, so that the confidentiality of the trusted execution environment is ensured. Specifically, the trusted cloud platform comprises an external environment and a trusted execution environment, and the interaction between the trusted cloud platform and the user data acquisition equipment ensures the safety and privacy of user data in the power transaction process. Referring to fig. 1, the power transaction method disclosed in this embodiment includes the following steps:
s101: under the condition that the user data acquisition equipment is registered in the trusted cloud platform, receiving upload data of the user data acquisition equipment in an external environment, wherein the upload data comprises secondary encrypted user data and equipment identification;
the users in the electric power transaction generally comprise electricity selling party users and electricity consuming party users, the user data acquisition equipment correspondingly comprises electricity selling party data acquisition equipment, such as a data acquisition unit for measuring the generated energy of a photovoltaic power station, and the user data acquisition equipment further comprises electricity consuming party data acquisition equipment, such as an intelligent electric meter for measuring the electricity consumption of the electricity consuming party and the like.
It should be noted that before uploading data to the trusted cloud platform, the user data collection device needs to register on the trusted cloud platform, and specifically, referring to fig. 2, the registering of the user data collection device on the trusted cloud platform includes the following steps:
s201: receiving a registration request sent by user data acquisition equipment;
s202: sending a preset encryption algorithm and an MD5 code of the preset encryption algorithm to user data acquisition equipment;
the predetermined encryption algorithm may be any encryption algorithm, such as an RSA encryption algorithm.
And calculating the MD5 code of the RSA encryption algorithm by using the MD5 algorithm.
S203: under the condition that the user data acquisition equipment passes the verification of the preset encryption algorithm, receiving a public key and an equipment identifier sent by the user data acquisition equipment, and storing the corresponding relation between the public key of the user data acquisition equipment and the equipment identifier in an external environment;
the user data acquisition equipment calculates the received MD5 code of the preset encryption algorithm by using the locally stored MD5 algorithm, and determines whether the verification of the preset encryption algorithm is passed or not by judging whether the calculated MD5 code is consistent with the received MD5 code, specifically, when the calculated MD5 code is consistent with the received MD5 code, the received preset encryption algorithm is complete, namely, the verification of the preset encryption algorithm is passed. Otherwise, if the preset encryption algorithm is not verified, sending abnormal information of the preset encryption algorithm to the trusted cloud platform, and after the registration is finished, applying for registration to the trusted cloud platform again.
And under the condition that the user data acquisition equipment passes the verification of the preset encryption algorithm, the user data acquisition equipment generates a public and private key pair by using the preset encryption algorithm and equipment information of the user data acquisition equipment, sends a public key in the public and private key pair to the trusted cloud platform, and stores the private key in the local part of the user data acquisition equipment.
S204: and generating a public and private key pair of the trusted cloud platform according to a preset encryption algorithm, sending the public key of the trusted cloud platform to the user data acquisition equipment, and storing the private key of the trusted cloud platform in a trusted execution environment.
After receiving the public key sent by the user data acquisition equipment, the trusted cloud platform generates a public and private key pair by using a preset encryption algorithm and equipment information of the trusted cloud platform, sends the public key to the user data acquisition equipment, stores the private key in a trusted execution environment, and successfully registers the user data acquisition equipment on the trusted cloud platform.
After the user data acquisition equipment is successfully registered in the trusted cloud platform, the user data acquisition equipment can upload data to the trusted cloud platform according to a preset data uploading period under the regulation of the electric power transaction electronic contract, wherein the uploaded data comprise encrypted data of the user data.
Specifically, the user data acquisition equipment encrypts the acquired user data by using a public key of the trusted cloud platform to obtain primary encrypted user data, then calculates a hash value of the primary encrypted user data by using a preset hash algorithm, and finally encrypts the hash value by using a private key of the user data acquisition equipment to obtain secondary encrypted user data.
Uploading data comprises: the hash value, the secondary encrypted user data and the device identifier of the user data acquisition device.
Because the hash algorithm is an irreversible algorithm, the original data cannot be calculated by using the hash value, and the uploaded data comprises data encrypted by using a private key of the user data acquisition equipment and a public key of the trusted cloud platform, the security of the uploaded data in the transmission process is high.
S102: the method comprises the steps that identity authentication is carried out on user data acquisition equipment by using secondary encrypted user data and equipment identification in an external environment, and primary encrypted user data are obtained;
specifically, the public key of the user data acquisition device is determined in the external environment by using the device identifier and the corresponding relationship between the pre-stored device identifier and the public key;
decrypting the received secondary encrypted user data by using a public key of the user data acquisition equipment to obtain primary encrypted user data;
calculating the hash value of the primary encrypted user data by using a preset hash algorithm agreed with the user data acquisition equipment in advance;
judging whether the hash value in the uploaded data is consistent with the hash value obtained through calculation;
if the identity authentication is consistent with the user data acquisition equipment, the identity authentication of the user data acquisition equipment is judged to be successful;
and if the user data acquisition equipment is inconsistent, judging that the authentication of the user data acquisition equipment fails.
S103: under the condition that the identity verification of the user data acquisition equipment is successful, decrypting the primary encrypted user data in a trusted execution environment to obtain user data;
and under the condition that the authentication of the user data acquisition equipment fails, the received uploaded data is unreliable, and the returned data is failed to be uploaded.
And under the condition that the identity of the user data acquisition equipment is successfully verified, decrypting the primary encrypted data by using a private key of the trusted cloud platform in the trusted execution environment to obtain the user data. Because the decryption is carried out in the trusted execution environment, the trusted execution environment cannot be accessed by the external environment, and the security and the privacy of the decrypted data are ensured.
Because the user data acquisition equipment uploads data according to the preset data uploading period recorded in the electric power transaction electronic contract, the times of decryption operation of the trusted cloud platform in the trusted execution environment are limited in a controllable range, and security attack can be prevented.
S104: acquiring contract electric quantity in an electric power transaction electronic contract corresponding to the equipment identification in an external environment;
the electric power transaction electronic contract is an electronic contract signed between the user of the power consumer and the user of the power seller in the transaction, and the electric quantity value of the transaction is recorded in the electronic contract.
S105: comparing the electric quantity in the user data with the contract electric quantity in the trusted execution environment, and sending a comparison result to an external environment;
s106: and judging whether the electric power transaction electronic contract is executed or not according to the comparison result in the external environment.
And when the electric quantity in the user data is not less than the contract electric quantity, the electric power transaction electronic contract is not executed, otherwise, when the electric quantity in the user data is not less than the contract electric quantity, the electric power transaction electronic contract is executed.
It can be seen that, in the power transaction method disclosed in this embodiment, the trusted cloud platform performs authentication on the user data acquisition device to ensure authenticity of a data source, and decrypts encrypted data sent by the user data acquisition device in the trusted execution environment under the condition that the authentication on the user data acquisition device is successful, and since the trusted execution environment cannot be accessed by an external environment, it is ensured that the decrypted user data is not leaked, on this basis, whether the power transaction electronic contract is executed is determined by comparing contract electric quantity in the power transaction electronic contract acquired from the external environment with electric quantity in the user data, and security and privacy of the user data in the power transaction process are ensured.
Referring to fig. 3, the present embodiment correspondingly discloses an electric power transaction apparatus deployed in a trusted cloud platform, including:
a data receiving unit 301, configured to receive, in the external environment, upload data of a user data collection device when the user data collection device is registered in the trusted cloud platform, where the upload data includes secondary encrypted user data and a device identifier;
an identity authentication unit 302, configured to perform identity authentication on the user data acquisition device by using the secondary encrypted user data and the device identifier in the external environment, so as to obtain primary encrypted user data;
a data decryption unit 303, configured to decrypt the primary encrypted user data in the trusted execution environment to obtain user data when the authentication of the user data acquisition device is successful;
a contract power amount acquisition unit 304 for acquiring, in the external environment, a contract power amount in the power transaction electronic contract corresponding to the device identification;
an electric quantity comparison unit 305, configured to compare, in the trusted execution environment, the electric quantity in the user data with the contract electric quantity, and send a comparison result to the external environment;
a contract status determination unit 306, configured to determine whether the electric power transaction electronic contract has been executed according to the comparison result in the external environment.
Optionally, the apparatus further includes a registration unit, where the registration unit is specifically configured to:
receiving a registration request sent by the user data acquisition equipment;
sending a preset encryption algorithm and an MD5 code of the preset encryption algorithm to the user data acquisition equipment;
under the condition that the user data acquisition equipment passes the verification of the preset encryption algorithm, receiving a public key and the equipment identification sent by the user data acquisition equipment, and storing the corresponding relation between the public key of the user data acquisition equipment and the equipment identification in the external environment, wherein a public and private key pair of the user data acquisition equipment is generated according to the preset encryption algorithm, and a private key of the user data acquisition equipment is stored locally in the user data acquisition equipment;
and generating a public and private key pair of the trusted cloud platform according to the preset encryption algorithm, sending the public key of the trusted cloud platform to the user data acquisition equipment, and storing the private key of the trusted cloud platform in the trusted execution environment.
Optionally, the secondary encrypted user data is obtained by encrypting the hash value of the primary encrypted data by the user data acquisition device according to a private key of the user data acquisition device, and the primary encrypted data is obtained by encrypting the user data by the user data acquisition device according to a public key of the trusted cloud platform.
Optionally, the uploaded data further includes a hash value of the primary encrypted user data, and the identity verification unit is specifically configured to:
determining a public key of the user data acquisition equipment in the external environment by using the equipment identifier and a corresponding relation between the pre-stored equipment identifier and the public key;
decrypting the secondary encrypted user data by using the public key of the user data acquisition equipment to obtain the primary encrypted user data;
calculating the hash value of the primary encrypted user data;
judging whether the hash value in the uploaded data is consistent with the hash value obtained through calculation;
if the user data acquisition equipment is consistent with the user data acquisition equipment, judging that the authentication of the user data acquisition equipment is successful;
and if the user data acquisition equipment is inconsistent, judging that the authentication of the user data acquisition equipment fails.
The embodiment also discloses a trusted cloud platform, which comprises an external environment and a trusted execution environment, wherein the trusted cloud platform is used for executing the following electric power transaction method:
receiving upload data of user data acquisition equipment in the external environment under the condition that the user data acquisition equipment is registered in the trusted cloud platform, wherein the upload data comprises secondary encrypted user data and equipment identification;
performing identity verification on the user data acquisition equipment by using the secondary encrypted user data and the equipment identifier in the external environment to obtain primary encrypted user data;
under the condition that the identity of the user data acquisition equipment is successfully verified, decrypting the primary encrypted user data in the trusted execution environment to obtain user data;
acquiring contract electric quantity in an electric power transaction electronic contract corresponding to the equipment identification in the external environment;
comparing the electric quantity in the user data with the contract electric quantity in the trusted execution environment, and sending a comparison result to the external environment;
and judging whether the electric power transaction electronic contract is executed or not according to the comparison result in the external environment.
Further, the method further comprises:
receiving a registration request sent by the user data acquisition equipment;
sending a preset encryption algorithm and an MD5 code of the preset encryption algorithm to the user data acquisition equipment;
under the condition that the user data acquisition equipment passes the verification of the preset encryption algorithm, receiving a public key and the equipment identification sent by the user data acquisition equipment, and storing the corresponding relation between the public key of the user data acquisition equipment and the equipment identification in the external environment, wherein a public and private key pair of the user data acquisition equipment is generated according to the preset encryption algorithm, and a private key of the user data acquisition equipment is stored locally in the user data acquisition equipment;
and generating a public and private key pair of the trusted cloud platform according to the preset encryption algorithm, sending the public key of the trusted cloud platform to the user data acquisition equipment, and storing the private key of the trusted cloud platform in the trusted execution environment.
Further, the secondary encrypted user data is obtained by encrypting the hash value of the primary encrypted data by the user data acquisition equipment according to a private key of the user data acquisition equipment, and the primary encrypted data is obtained by encrypting the user data by the user data acquisition equipment according to a public key of the trusted cloud platform.
Further, the uploading data further includes a hash value of the primary encrypted user data, and the authenticating the user data acquisition device by using the secondary encrypted user data and the device identifier in the external environment to obtain the primary encrypted user data includes:
determining a public key of the user data acquisition equipment in the external environment by using the equipment identifier and a corresponding relation between the pre-stored equipment identifier and the public key;
decrypting the secondary encrypted user data by using the public key of the user data acquisition equipment to obtain the primary encrypted user data;
calculating the hash value of the primary encrypted user data;
judging whether the hash value in the uploaded data is consistent with the hash value obtained through calculation;
if the user data acquisition equipment is consistent with the user data acquisition equipment, judging that the authentication of the user data acquisition equipment is successful;
and if the user data acquisition equipment is inconsistent, judging that the authentication of the user data acquisition equipment fails.
Based on the trusted cloud platform disclosed by the embodiment, the embodiment discloses an electric power transaction system, which meets the requirements of distributed safe storage and transaction settlement of related data in the electric power transaction process by using the block chain distributed book characteristic and the automatic execution characteristic of an intelligent contract while ensuring the safety and privacy of user data in the electric power transaction process. Referring to fig. 4, the power transaction system includes a user acquisition device and a block chain.
The block chain comprises a transaction center, an identity management center, a user end block chain wallet, a billing node and a trusted cloud platform.
The user-side blockchain wallet includes a consumer blockchain wallet, a vendor blockchain wallet, and a grid settlement company blockchain wallet.
The accounting node comprises: the system comprises a power consumer node, a power seller node, a power grid settlement company node and a government regulatory agency node.
Firstly, the identity management center registers a user side block chain wallet and a bookkeeping node, distributes a digital certificate and a private key for the user side block chain wallet and the bookkeeping node to log in a block chain and perform transaction operation, and uses the equipment identification of the user data acquisition equipment as the identity identification of the corresponding user side block chain wallet, namely the equipment identification of the electric side data acquisition equipment is consistent with the identity identification of the electric side block chain wallet, and the equipment identification of the electric side data acquisition equipment is consistent with the identity identification of the electric side block chain wallet.
After the consumer blockchain wallet, the seller blockchain wallet and the power grid settlement company blockchain wallet are registered in the identity management center, a transaction pending statement can be initiated in a blockchain in the form of a transaction.
The transaction center is used for receiving an electric power transaction request initiated by a user-side blockchain wallet, namely receiving a transaction hanging sheet initiated by an electric-party blockchain wallet and a transaction hanging sheet initiated by an electric-party blockchain wallet, matching electric power transaction according to a preset matching principle, such as a price priority principle, sending a transaction result to the corresponding electric-party blockchain wallet and the electric-party blockchain wallet, generating an electric power transaction electronic contract if the corresponding electric-party blockchain wallet and the electric-party blockchain wallet are confirmed, packaging the electric power transaction electronic contract and state information to be executed of the electric power transaction electronic contract, submitting the packaged data to the blockchain in a transaction form, making a common recognition on the transaction data by a node in the blockchain, and writing the transaction data after the common recognition into the blockchain; if the corresponding power consumer blockchain wallet and the power seller blockchain wallet are not satisfied with the matching result, the order can be continuously hung or the transaction can be cancelled.
After receiving the uploading information of the user data acquisition equipment, the credible cloud platform decrypts the uploaded data in a credible execution environment by inquiring a corresponding electric power transaction electronic contract stored in an external environment, namely a block chain, determines the execution state of the electric power transaction electronic contract by comparing the electric quantity in the user data with the electric quantity of the contract, calls an intelligent contract after the execution is finished to realize the charge settlement among a power consumption party block chain wallet participating in the electric power transaction, a power selling party block chain wallet and a power grid settlement company block chain wallet, packs the charge settlement information and the settled state information of the electric power transaction electronic contract and submits the packed charge settlement information and the settled state information to the block chain in a transaction form, an accounting node in the block chain realizes the consensus on the transaction data, and writes the transaction data after the consensus in the block chain.
The above five parts are all used as network nodes of the block chain, and participate in and maintain the block chain together. The transaction center also comprises a fund transfer and reward and punishment center which is used for periodically counting the transaction times and the transaction content of the user so as to determine a reward and punishment object and a reward and punishment basis. When the electricity selling electric energy of the electricity selling party reaches a certain numerical value in a period of time, the fund transfer and reward punishment center rewards the electricity selling party, the times of canceling orders or defaulting of users are counted, and the transaction of the users can be limited due to excessive times.
In order to prevent the default of the fund transfer and reward punishment center, the fund transfer and reward punishment center needs to pay a guarantee fund to all the accounting nodes. When the fund transfer and reward punishment center operates in a violation mode, if power supply fund is refused to be paid, the accounting node has the right to pay the guarantee fund paid by the accounting node to the power supply party and pay a fine, and the fine amount is distributed to the whole network node, so that the fund transfer and reward punishment center is prevented from doing badness.
It should be noted that, in order to prevent the process of submitting data to the blockchain by the trusted cloud platform from being maliciously tampered, a plurality of trusted cloud platform nodes may be set, so as to enhance the credibility of the blockchain.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (8)
1. A power transaction method is applied to a trusted cloud platform, the trusted cloud platform comprises an external environment and a trusted execution environment, and the method comprises the following steps:
under the condition that user data acquisition equipment is registered in the trusted cloud platform, receiving uploaded data of the user data acquisition equipment in the external environment, wherein the uploaded data comprises secondary encrypted user data and equipment identification, and the secondary encrypted user data is obtained by encrypting a hash value of primary encrypted data by the user data acquisition equipment according to a private key of the user data acquisition equipment;
performing identity verification on the user data acquisition equipment by using the secondary encrypted user data and the equipment identifier in the external environment to obtain primary encrypted user data, wherein the primary encrypted data is obtained by encrypting the user data by the user data acquisition equipment according to a public key of the trusted cloud platform;
under the condition that the identity of the user data acquisition equipment is successfully verified, decrypting the primary encrypted user data in the trusted execution environment to obtain user data;
acquiring contract electric quantity in an electric power transaction electronic contract corresponding to the equipment identification in the external environment;
comparing the electric quantity in the user data with the contract electric quantity in the trusted execution environment, and sending a comparison result to the external environment;
and judging whether the electric power transaction electronic contract is executed or not according to the comparison result in the external environment.
2. The method of claim 1, further comprising:
receiving a registration request sent by the user data acquisition equipment;
sending a preset encryption algorithm and an MD5 code of the preset encryption algorithm to the user data acquisition equipment;
under the condition that the user data acquisition equipment passes the verification of the preset encryption algorithm, receiving a public key and the equipment identification sent by the user data acquisition equipment, and storing the corresponding relation between the public key of the user data acquisition equipment and the equipment identification in the external environment, wherein a public and private key pair of the user data acquisition equipment is generated according to the preset encryption algorithm, and a private key of the user data acquisition equipment is stored locally in the user data acquisition equipment;
and generating a public and private key pair of the trusted cloud platform according to the preset encryption algorithm, sending the public key of the trusted cloud platform to the user data acquisition equipment, and storing the private key of the trusted cloud platform in the trusted execution environment.
3. The method of claim 1, wherein the uploading data further includes a hash value of the primary encrypted user data, and the authenticating the user data collection device with the secondary encrypted user data and the device identifier in the external environment to obtain the primary encrypted user data comprises:
determining a public key of the user data acquisition equipment in the external environment by using the equipment identifier and a corresponding relation between the pre-stored equipment identifier and the public key;
decrypting the secondary encrypted user data by using the public key of the user data acquisition equipment to obtain the primary encrypted user data;
calculating the hash value of the primary encrypted user data;
judging whether the hash value in the uploaded data is consistent with the hash value obtained through calculation;
if the user data acquisition equipment is consistent with the user data acquisition equipment, judging that the authentication of the user data acquisition equipment is successful;
and if the user data acquisition equipment is inconsistent, judging that the authentication of the user data acquisition equipment fails.
4. An electric power transaction device applied to a trusted cloud platform, wherein the trusted cloud platform comprises an external environment and a trusted execution environment, and the electric power transaction device comprises:
the data receiving unit is used for receiving uploaded data of the user data acquisition equipment in the external environment under the condition that the user data acquisition equipment is registered in the trusted cloud platform, wherein the uploaded data comprises secondary encrypted user data and equipment identification, and the secondary encrypted user data is obtained by encrypting a hash value of primary encrypted data by the user data acquisition equipment according to a private key of the user data acquisition equipment;
the identity authentication unit is used for authenticating the identity of the user data acquisition equipment by using the secondary encrypted user data and the equipment identifier in the external environment to obtain primary encrypted user data, and the primary encrypted data is obtained by encrypting the user data by the user data acquisition equipment according to a public key of the trusted cloud platform;
the data decryption unit is used for decrypting the primary encrypted user data in the trusted execution environment under the condition that the identity of the user data acquisition equipment is successfully verified to obtain user data;
a contract electric quantity acquisition unit for acquiring a contract electric quantity in an electric power transaction electronic contract corresponding to the device identification in the external environment;
the electric quantity comparison unit is used for comparing the electric quantity in the user data with the contract electric quantity in the trusted execution environment and sending a comparison result to the external environment;
a contract state determination unit for determining whether the electric power transaction electronic contract has been executed or not in the external environment according to the comparison result.
5. The apparatus according to claim 4, wherein the apparatus further comprises a registration unit, the registration unit being specifically configured to:
receiving a registration request sent by the user data acquisition equipment;
sending a preset encryption algorithm and an MD5 code of the preset encryption algorithm to the user data acquisition equipment;
under the condition that the user data acquisition equipment passes the verification of the preset encryption algorithm, receiving a public key and the equipment identification sent by the user data acquisition equipment, and storing the corresponding relation between the public key of the user data acquisition equipment and the equipment identification in the external environment, wherein a public and private key pair of the user data acquisition equipment is generated according to the preset encryption algorithm, and a private key of the user data acquisition equipment is stored locally in the user data acquisition equipment;
and generating a public and private key pair of the trusted cloud platform according to the preset encryption algorithm, sending the public key of the trusted cloud platform to the user data acquisition equipment, and storing the private key of the trusted cloud platform in the trusted execution environment.
6. The apparatus according to claim 4, wherein the upload data further includes a hash value of the primary encrypted user data, and the authentication unit is specifically configured to:
determining a public key of the user data acquisition equipment in the external environment by using the equipment identifier and a corresponding relation between the pre-stored equipment identifier and the public key;
decrypting the secondary encrypted user data by using the public key of the user data acquisition equipment to obtain the primary encrypted user data;
calculating the hash value of the primary encrypted user data;
judging whether the hash value in the uploaded data is consistent with the hash value obtained through calculation;
if the user data acquisition equipment is consistent with the user data acquisition equipment, judging that the authentication of the user data acquisition equipment is successful;
and if the user data acquisition equipment is inconsistent, judging that the authentication of the user data acquisition equipment fails.
7. A trusted cloud platform comprising an external environment and a trusted execution environment;
the trusted cloud platform is used for executing the electric power transaction method as claimed in any one of claims 1-3.
8. An electric power transaction system, comprising: user data acquisition equipment and a block chain;
the blockchain comprises a transaction center, an identity management center, a user-side blockchain wallet, a billing node, and the trusted cloud platform of claim 7;
the identity management center is used for registering the user-side block chain wallet and the accounting node, and taking the equipment identifier of the user data acquisition equipment as the identity identifier of the corresponding user-side block chain wallet;
the user-side blockchain wallet comprises a power consumer blockchain wallet, a power seller blockchain wallet and a power grid settlement company blockchain wallet;
the accounting node comprises: the power utilization side node, the power selling side node, the power grid settlement company node and the government regulatory agency node are used for participating in the consensus of the transactions in the block chain and packaging the consensus transaction data to generate a block;
the user-side blockchain wallet to initiate a power transaction request in the blockchain;
the transaction center is used for matching the electric power transaction according to a preset matching principle when receiving an electric power transaction request initiated by the user-side block chain wallet, generating an electric power transaction electronic contract after the user-side block chain wallet participating in the electric power transaction confirms, and submitting the electric power transaction electronic contract and the to-be-executed state information of the electric power transaction electronic contract to the block chain;
the user data acquisition equipment comprises electricity selling party data acquisition equipment and electricity using party data acquisition equipment and is used for uploading data to the trusted cloud platform according to a preset data uploading period;
the trusted cloud platform is further used for submitting executed state information of the electric power transaction electronic contract to the block chain when the electric power transaction electronic contract is executed;
the trading center is further used for calling a smart contract to realize fee settlement among the power consumption party blockchain wallet, the power selling party blockchain wallet and the power grid settlement company blockchain wallet participating in the power trade when the state of the power trade electronic contract is executed, and submitting fee settlement information and settled state information of the power trade electronic contract into the blockchain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911098818.0A CN110795767B (en) | 2019-11-12 | 2019-11-12 | Electric power transaction method, device and system and trusted cloud platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911098818.0A CN110795767B (en) | 2019-11-12 | 2019-11-12 | Electric power transaction method, device and system and trusted cloud platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110795767A CN110795767A (en) | 2020-02-14 |
| CN110795767B true CN110795767B (en) | 2022-02-18 |
Family
ID=69443976
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911098818.0A Active CN110795767B (en) | 2019-11-12 | 2019-11-12 | Electric power transaction method, device and system and trusted cloud platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110795767B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111506901B (en) * | 2020-04-16 | 2023-09-05 | 腾讯科技(深圳)有限公司 | Block chain-based data processing method, terminal and storage medium |
| CN111539827B (en) * | 2020-04-29 | 2021-09-14 | 铭数科技(青岛)有限公司 | Energy internet transaction system and transaction processing method based on block chain |
| CN111639923B (en) * | 2020-05-07 | 2023-09-29 | 杭州云象网络技术有限公司 | Digital currency transaction accounting method and system based on zero knowledge proof |
| CN111815453B (en) * | 2020-07-23 | 2024-01-23 | 国家电网公司西北分部 | Electric power transaction operation system |
| CN112559993B (en) * | 2020-12-24 | 2024-02-02 | RealMe重庆移动通信有限公司 | Identity authentication method, device and system and electronic equipment |
| CN113132362B (en) * | 2021-03-31 | 2022-03-22 | 青岛中瑞汽车服务有限公司 | Trusted authorization method, trusted authorization device, electronic equipment and storage medium |
| CN113344574A (en) * | 2021-04-29 | 2021-09-03 | 广西电网有限责任公司 | Management method and storage medium for electric power transaction trusted data link |
| CN113537986B (en) * | 2021-07-16 | 2024-04-05 | 广州电力交易中心有限责任公司 | Power transaction method and system based on blockchain and password technology |
| CN113407981B (en) * | 2021-08-19 | 2021-11-09 | 国网浙江省电力有限公司信息通信分公司 | Energy consumption data processing method based on zero knowledge proof |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108944516A (en) * | 2018-07-19 | 2018-12-07 | 华北电力大学 | It is a kind of to be charged incentive mechanism based on block chain and the electric car of machine learning |
| CN109447646A (en) * | 2018-11-13 | 2019-03-08 | 华瓴(南京)信息技术有限公司 | Privacy of identities guard method and system in a kind of electricity transaction system |
| CN109684861A (en) * | 2019-01-11 | 2019-04-26 | 阳光电源股份有限公司 | Multi-energy data storage method, system and data audit center based on block chain |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8639922B2 (en) * | 2009-06-01 | 2014-01-28 | Dhananjay S. Phatak | System, method, and apparata for secure communications using an electrical grid network |
-
2019
- 2019-11-12 CN CN201911098818.0A patent/CN110795767B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108944516A (en) * | 2018-07-19 | 2018-12-07 | 华北电力大学 | It is a kind of to be charged incentive mechanism based on block chain and the electric car of machine learning |
| CN109447646A (en) * | 2018-11-13 | 2019-03-08 | 华瓴(南京)信息技术有限公司 | Privacy of identities guard method and system in a kind of electricity transaction system |
| CN109684861A (en) * | 2019-01-11 | 2019-04-26 | 阳光电源股份有限公司 | Multi-energy data storage method, system and data audit center based on block chain |
Non-Patent Citations (2)
| Title |
|---|
| 《he application of multiple texts watermarking algorithm in the transmission of power information security under the Internet》;Z. Hongbin等;《2017 IEEE Conference on Energy Internet and Energy System Integration (EI2)》;20180104;第1-5页 * |
| 《基于可信平台模块的能源互联网新型统一安全架构》;栾文鹏等;《吉林大学学报(工学版)》;20171130;第47卷(第6期);第1933-1938页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110795767A (en) | 2020-02-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110795767B (en) | Electric power transaction method, device and system and trusted cloud platform | |
| Baza et al. | Privacy-preserving blockchain-based energy trading schemes for electric vehicles | |
| TWI798483B (en) | Method and device for generating blockchain transactions | |
| US20200394651A1 (en) | Dynamic off-chain digital currency transaction processing | |
| JP2020528222A (en) | Handling of transaction activities based on smart contracts in blockchain Caution Methods and devices for protecting data | |
| CN109905360B (en) | Data verification method and terminal equipment | |
| CN111815322B (en) | Distributed payment method with selectable privacy service based on Ethernet | |
| CN114401268A (en) | Cross-link data sharing method, system, equipment and readable storage medium | |
| CN111414434B (en) | Block chain-based data transaction management network, transaction device and storage medium | |
| CN115796871A (en) | Resource data processing method and device based on block chain and server | |
| CN111489164A (en) | Electric power transaction method and device based on Internet of things identification and block chain and electronic equipment | |
| CN112288555A (en) | Anonymous auction method, device and medium based on block chain | |
| CN111314066B (en) | Block chain-based data transfer method, terminal and computer-readable storage medium | |
| CA2303450C (en) | Method for publishing certification information representative of selectable subsets of rights and apparatus and portable data storage media used to practice said method | |
| Su et al. | BDTF: A blockchain-based data trading framework with trusted execution environment | |
| CN115456613A (en) | Digital collection transaction method and equipment | |
| CN115147224A (en) | Transaction data sharing method and device based on alliance chain | |
| KR101120059B1 (en) | Billing verifying apparatus, billing apparatus and method for cloud computing environment | |
| CN112948789B (en) | Identity authentication method and device, storage medium and electronic equipment | |
| Khan et al. | A blockchain based secure decentralized transaction system for energy trading in microgrids | |
| CN112418850A (en) | Transaction method and device based on block chain and electronic equipment | |
| Biswas | Enhancing the privacy of decentralized identifiers with ring signatures | |
| CN114417389A (en) | Method for storing user asset limit through addition homomorphic encryption in block chain | |
| CN113256448A (en) | Block chain-based power data processing method and system | |
| CN113706261A (en) | Block chain-based power transaction method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221215 Address after: Room 214-49, Block B, Phase III (South District), Huguang Road Independent Innovation Industrial Base, Shushan New Industrial Park, Shushan District, Hefei City, Anhui Province, 230088 Patentee after: Hefei Zero Carbon Technology Co.,Ltd. Address before: 230088 No. 1699 Xiyou Road, Hefei High-tech Zone, Anhui Province Patentee before: SUNGROW POWER SUPPLY Co.,Ltd. |
|
| TR01 | Transfer of patent right |