CN113872986B

CN113872986B - Power distribution terminal authentication method and device and computer equipment

Info

Publication number: CN113872986B
Application number: CN202111202008.2A
Authority: CN
Inventors: 张伟; 谢虎; 谢型浪; 徐长飞; 杨占杰; 何超林
Original assignee: China Southern Power Grid Digital Grid Technology Guangdong Co ltd
Current assignee: China Southern Power Grid Digital Grid Technology Guangdong Co ltd
Priority date: 2021-10-15
Filing date: 2021-10-15
Publication date: 2023-10-24
Anticipated expiration: 2041-10-15
Also published as: CN113872986A

Abstract

The application relates to a distribution terminal authentication method, a distribution terminal authentication system, a distribution terminal authentication device, computer equipment and a storage medium. Acquiring master node information sent by a node to be authenticated corresponding to a power distribution terminal to be authenticated; determining a master node corresponding to the master node information and receiving a storage position sent by the master node; acquiring first terminal attribute information in a storage position, and acquiring second terminal attribute information sent by a node to be authenticated; and comparing the first terminal attribute information with the second terminal attribute information, and determining whether the identity authentication of the node to be authenticated is passed or not according to the comparison result. In the embodiment, since any authenticated node in the private chain network can perform identity authentication on the node to be authenticated, the fact that a large number of power distribution terminals are subjected to identity authentication by depending on limited center trusted devices can be avoided, the authentication speed is improved, and meanwhile the failure of an authentication system caused by the failure of a single center trusted device can be prevented, so that the identity authentication efficiency of the power distribution terminals is effectively improved.

Description

Power distribution terminal authentication method and device and computer equipment

Technical Field

The present application relates to the field of power grid technologies, and in particular, to a method, a system, an apparatus, a computer device, and a storage medium for authenticating a power distribution terminal.

Background

With the development of power grid technology and the continuous promotion of distribution automation construction, the number of distribution terminals put into operation is increased in a blowout mode, the covered area is enlarged sharply, a large number of distribution terminals need to be connected into a distribution automation main station, and hidden danger is brought to power grid information safety. In order to ensure the safe operation of the distribution automation system, the distribution terminal accessing the distribution automation system can be authenticated.

In the related technology, the authentication function corresponding to the distribution terminal certificate authority can be intensively deployed in a center trusted device, and the center trusted device performs identity authentication on the accessed distribution terminal.

However, in the above manner, only one central trusted device authenticates the power distribution terminal, and when more power distribution terminals need to be authenticated, the authentication process is long, the real-time requirement of the power distribution automation system cannot be met, and once a single central trusted device fails, the whole authentication system is easy to fail. Therefore, the related art has the problem of low identity authentication efficiency of the power distribution terminal.

Disclosure of Invention

In view of the foregoing, it is desirable to provide a power distribution terminal authentication method, system, apparatus, computer device, and storage medium.

The power distribution terminal authentication method is applied to authenticated nodes corresponding to authenticated power distribution terminals in a private chain network, and comprises the following steps:

acquiring master node information sent by a node to be authenticated corresponding to a power distribution terminal to be authenticated;

determining a master node corresponding to the master node information, and receiving a storage position sent by the master node; the master node is a node in the private chain network corresponding to a power distribution master station or a power distribution substation, and the storage position is a position in the private chain network for storing first terminal attribute information corresponding to the power distribution terminal to be authenticated when the master node registers the identity of the node to be authenticated;

acquiring the first terminal attribute information in the storage position, and acquiring second terminal attribute information sent by the node to be authenticated;

comparing the first terminal attribute information with the second terminal attribute information, and determining whether the identity authentication of the node to be authenticated is passed or not according to the comparison result.

In one embodiment, the obtaining the second terminal attribute information sent by the node to be authenticated includes:

sending a public key acquisition request aiming at the node to be authenticated to the master node, and receiving a public key corresponding to the node to be authenticated, which is sent by the master node; the public key is obtained when the main node registers the identity of the node to be authenticated;

Acquiring encrypted second terminal attribute information sent by the node to be authenticated; the encrypted second terminal attribute information is encrypted through a private key corresponding to the node to be authenticated;

and decrypting the encrypted second terminal attribute information by adopting the public key corresponding to the node to be authenticated to obtain the second terminal attribute information.

In one embodiment, the sending, to the master node, a public key obtaining request for the node to be authenticated includes:

acquiring third terminal attribute information corresponding to the authenticated power distribution terminal, and generating a public key acquisition request for the node to be authenticated, wherein the public key acquisition request comprises the third terminal attribute information;

and sending the public key acquisition request to the master node to trigger the master node to send the public key corresponding to the node to be authenticated to the authenticated node when the third terminal attribute information is matched with the authenticated terminal attribute information corresponding to the authenticated power distribution terminal in the private chain network after receiving the public key acquisition request.

In one embodiment, after determining whether to pass the identity authentication of the node to be authenticated according to the comparison result, the method further includes:

When the node to be authenticated passes identity authentication, the second terminal attribute information is used as authenticated terminal attribute information corresponding to the node to be authenticated and stored in the private chain network, so that when the node to be authenticated acquires public keys of other nodes to be authenticated from the master node, the master node is triggered to verify the identity of the node to be authenticated based on the terminal attribute information corresponding to the node to be authenticated.

In one embodiment, the acquiring the first terminal attribute information in the storage location includes:

acquiring encrypted first terminal attribute information in the storage position; the encrypted first terminal attribute information is encrypted through a private key corresponding to the master node;

and obtaining the public key corresponding to the main node, and decrypting the encrypted first terminal attribute information by adopting the public key corresponding to the main node to obtain the first terminal attribute information.

In one embodiment, the comparing the first terminal attribute information with the second terminal attribute information includes:

And acquiring a second hash value corresponding to the second terminal attribute information, and comparing the first hash value with the second hash value.

The system comprises nodes to be authenticated corresponding to power distribution terminals to be authenticated in a private chain network, main nodes corresponding to power distribution main stations or power distribution sub-stations and authenticated nodes corresponding to authenticated power distribution terminals;

the node to be authenticated is configured to send a registration request to the master node, where the registration request carries first terminal attribute information corresponding to the power distribution terminal to be authenticated;

the master node is used for registering the identity of the node to be authenticated after receiving a registration request, and storing the first terminal attribute information to a storage position set in the private chain network when the registration is successful;

the node to be authenticated is further configured to send, after successful registration, master node information corresponding to the master node and second terminal attribute information currently acquired to the authenticated node;

the authenticated node is configured to determine a master node corresponding to the master node information, obtain the first terminal attribute information from the storage location sent by the master node, compare the first terminal attribute information with the second terminal attribute information, and determine whether to pass identity authentication of the node to be authenticated according to a comparison result.

A distribution terminal authentication device applied to an authenticated node corresponding to an authenticated distribution terminal in a private chain network, the device comprising:

the main node information receiving module is used for acquiring main node information sent by a node to be authenticated corresponding to the power distribution terminal to be authenticated;

the storage position determining module is used for determining a master node corresponding to the master node information and receiving a storage position sent by the master node; the master node is a node in the private chain network corresponding to a power distribution master station or a power distribution substation, and the storage position is a position in the private chain network for storing first terminal attribute information corresponding to the power distribution terminal to be authenticated when the master node registers the identity of the node to be authenticated;

the terminal attribute information acquisition module is used for acquiring the first terminal attribute information in the storage position and acquiring second terminal attribute information sent by the node to be authenticated;

and the authentication module is used for comparing the first terminal attribute information with the second terminal attribute information and determining whether the identity authentication of the node to be authenticated is passed or not according to the comparison result.

A computer device comprising a memory storing a computer program and a processor implementing the steps of any one of the methods described above when the computer program is executed by the processor.

A computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method as claimed in any one of the preceding claims.

According to the power distribution terminal authentication method, the device, the computer equipment and the storage medium, the authenticated node in the private chain network can acquire the master node information sent by the node to be authenticated and corresponding to the power distribution terminal to be authenticated, determine the master node corresponding to the master node information, and receive the storage position sent by the master node, wherein the master node is the node in the private chain network and corresponding to the power distribution master station or the power distribution substation, and the storage position is the position in the private chain network, used for storing the first terminal attribute information corresponding to the power distribution terminal to be authenticated, when the master node performs identity registration on the node to be authenticated, so that the authenticated node can acquire the first terminal attribute information in the storage position, acquire the second terminal attribute information sent by the node to be authenticated, compare the first terminal attribute information with the second terminal attribute information, and determine whether the identity authentication of the node to be authenticated passes or not according to the comparison result. In the embodiment, since any authenticated node in the private chain network can perform identity authentication on the node to be authenticated, the fact that a large number of power distribution terminals are subjected to identity authentication by depending on limited center trusted devices can be avoided, the authentication speed is improved, and meanwhile the failure of an authentication system caused by the failure of a single center trusted device can be prevented, so that the identity authentication efficiency of the power distribution terminals is effectively improved.

Drawings

FIG. 1 is an application environment diagram of a power distribution terminal authentication method in one embodiment;

FIG. 2 is a flow chart of a method of authentication of a power distribution terminal in one embodiment;

FIG. 3 is a flowchart illustrating a step of registering an identity of a node to be authenticated in one embodiment;

FIG. 4 is a flowchart illustrating an authentication procedure of a node to be authenticated according to another embodiment;

FIG. 5 is a block diagram of a distribution terminal authentication system in one embodiment;

FIG. 6 is a block diagram of a distribution terminal authentication device in one embodiment;

fig. 7 is an internal structural diagram of a computer device in one embodiment.

Detailed Description

The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.

With the development of power grid technology and the continuous promotion of distribution automation construction, the number of distribution terminals put into operation is increased in a blowout mode, the covered area is enlarged sharply, a large number of distribution terminals need to be connected into a distribution automation main station, and hidden danger is brought to power grid information safety.

Specifically, the power distribution terminal can be accessed to the power distribution automation master station through communication modes such as optical fibers or wireless networks, when the safety protection measures of the power distribution terminal are relatively weak, or a hacking means is enhanced, and the power distribution terminal has the distribution characteristics of multiple points and wide scope. In order to ensure the safe operation of the distribution automation system, the distribution terminal accessing the distribution automation system can be authenticated.

In the related technology, the authentication function corresponding to the distribution terminal certificate authority can be intensively deployed in a center trusted device, and the center trusted device performs identity authentication on the accessed distribution terminal. The method can also be called a distributed public key certificate management method, and compared with a deployment method in which a traditional public key certificate mechanism is too complicated, the center trusted device can realize authentication of the power distribution terminal under the condition of offline operation.

However, in the above manner, only one center trusted device authenticates the power distribution terminal, and when there are more power distribution terminals needing authentication, the authentication process is longer in time consumption, and the real-time requirement of the power distribution automation system cannot be met. If multiple distribution terminals need to be authenticated in real time, the center trusted device is required to have higher computing power, so that the application range of the mode is limited to a certain extent. And, once a single central trusted device fails, the whole authentication system is easy to fail.

Therefore, the related art has the problem of low identity authentication efficiency of the power distribution terminal.

Based on the authentication method, the application provides a power distribution terminal authentication method to at least solve the problem of low power distribution terminal identity authentication efficiency in the related technology. The power distribution terminal authentication method provided by the application can be applied to an application environment shown in fig. 1, wherein the application environment can comprise a private chain network and a plurality of network nodes in the private chain network, and the plurality of network nodes can at least comprise authenticated nodes corresponding to authenticated power distribution terminals, main nodes corresponding to power distribution main stations or power distribution sub stations in a power distribution automation system, and nodes corresponding to power distribution terminals to be authenticated.

The private chain network may be a blockchain network that is open only to internal or authorized devices of the grid enterprise. The authenticated node may be a node of the private chain network to which the authenticated (i.e., authenticated) distribution terminal corresponds. The master node may be a node corresponding to a power distribution automation master station and/or a substation in the power distribution automation system that directly transmits or forwards the regulation command. The node to be authenticated may be a node corresponding to a distribution terminal that is not authenticated (i.e., not authenticated). The authenticated node and the node to be authenticated may be collectively referred to as a general node.

In one embodiment, as shown in fig. 2, a power distribution terminal authentication method is provided, and the method is applied to an authenticated node for illustration, and may include the following steps:

step 201, obtaining master node information sent by a node to be authenticated corresponding to a power distribution terminal to be authenticated.

As an example, the master node information may be information for identifying a designated master node in the private chain network, for example, may be a node identifier corresponding to the master node, or a network address of the master node in the private chain network.

In practical application, the node to be authenticated corresponding to the power distribution terminal to be authenticated can send the master node information to any authenticated node in the private chain network, so that the authenticated node can acquire the master node information.

Specifically, for example, the node to be authenticated may send an identity authentication request to any authenticated node in the private chain network, e.g., may send an identity authentication request to the authenticated node closest to it, or may send an identity authentication request to an authenticated node in an idle state that is not performing identity authentication. The authenticated node may read the master node information from the identity authentication request in the obtaining of the identity authentication request.

Step 202, determining a master node corresponding to the master node information, and receiving a storage position sent by the master node.

The master node is a node in the private chain network corresponding to the power distribution master station or the power distribution substation, and in practical application, before the identity registration and the identity authentication are performed on the power distribution terminal, a trusted worker with authority can authenticate a plurality of power distribution automation master stations and/or substations in the power distribution automation system according to the power distribution automation information security protection requirement, so that the power distribution master station or the power distribution substation has credibility and becomes the master node in the private chain network. And determining a plurality of distribution automation master stations or substations as master nodes in the private chain network, forming initial on-chain nodes in the private chain network, and ensuring the initial security of the private chain authentication system.

The storage position is a position in the private chain network, which is used for storing the first terminal attribute information corresponding to the power distribution terminal to be authenticated when the master node performs identity registration on the node to be authenticated. Specifically, the node to be authenticated may perform identity registration in advance at the master node before performing identity authentication by the authenticated node. When the identity registration is performed, the node to be authenticated can send the first terminal attribute information to the master node, the master node can store the first terminal attribute information into the private chain network after determining that the identity registration is performed on the node to be authenticated, the private chain network can encrypt and store the first terminal attribute information, for example, perform a linking operation on the first terminal attribute information, and then return the storage position of the encrypted and stored first terminal attribute information in the private chain network to the master node.

In a specific implementation, after the authenticated node obtains the master node information, the master node corresponding to the master node information can be determined, a terminal attribute information obtaining request aiming at the node to be authenticated is sent to the master node, and after the master node receives the terminal attribute information obtaining request, the master node can send a storage position corresponding to the first terminal attribute information to the authenticated node.

Step 203, obtaining the first terminal attribute information in the storage location, and obtaining the second terminal attribute information sent by the node to be authenticated.

As an example, the first terminal attribute information may be terminal attribute information that is sent to the master node when the node to be authenticated performs identity registration with the master node. The second terminal attribute information may be terminal attribute information sent to the authenticated node when the node to be authenticated performs identity authentication on the authenticated node.

The first terminal attribute information and/or the second terminal attribute information may include at least one of the following information of the power distribution terminal to be authenticated: the distribution terminal name, the distribution terminal identification, the distribution terminal geographical location, and the monitoring object (may also be referred to as an associated device) corresponding to the distribution terminal.

Specifically, after receiving the storage location returned by the master node, the first terminal attribute information in the storage location can be obtained from the private chain network, and the second terminal attribute information currently sent by the node to be authenticated can be obtained.

And 204, comparing the first terminal attribute information with the second terminal attribute information, and determining whether the identity authentication of the node to be authenticated is passed or not according to the comparison result.

In practical application, after obtaining the first terminal attribute information provided by the node to be authenticated when the main node performs identity registration and obtaining the second terminal attribute information currently sent by the node to be authenticated, the first terminal attribute information and the second terminal attribute information can be compared, and a comparison result of whether the first terminal attribute information and the second terminal attribute information are matched or not can be obtained. And then, according to the comparison result, whether the identity authentication of the node to be authenticated is passed or not can be determined.

Specifically, if the first terminal attribute information and the second terminal attribute information are successfully matched, if the first terminal attribute information is the same as the second terminal attribute information, it can be determined that the node to be authenticated which currently sends the second terminal attribute information to perform identity authentication has been successfully registered in the master node, if the authenticated node does not find that other abnormal conditions exist in the node to be authenticated, it can be determined that the identity authentication of the node to be authenticated passes, and information that the identity authentication is successful can be returned to the node to be authenticated.

If the matching of the first terminal attribute information and the second terminal attribute information fails, for example, the first terminal attribute information is different from the second terminal attribute information, it can be determined that the first terminal attribute information sent by the node to be authenticated when the master node performs identity registration is different from the second terminal attribute information currently sent by the node to be authenticated, it can be determined that the power distribution terminal corresponding to the node to be authenticated is not the power distribution terminal which performs identity registration in the master node in advance, and the power distribution terminal of the node to be authenticated is not verified by the master node, so that the node to be authenticated can be determined to be unreliable, and the identity authentication failure of the node to be authenticated can be determined. And, information of identity authentication failure can also be returned to the node to be authenticated.

In this embodiment, an authenticated node in the private chain network may obtain master node information sent by a node to be authenticated corresponding to a power distribution terminal to be authenticated, determine a master node corresponding to the master node information, and receive a storage location sent by the master node, where the master node is a node in the private chain network corresponding to a power distribution master station or a power distribution substation, and the storage location is a location in the private chain network where the master node performs identity registration on the node to be authenticated, where the storage location is used to store first terminal attribute information corresponding to the power distribution terminal to be authenticated, and then the authenticated node may obtain the first terminal attribute information in the storage location, obtain second terminal attribute information sent by the node to be authenticated, compare the first terminal attribute information with the second terminal attribute information, and determine whether to pass identity authentication of the node to be authenticated according to the comparison result. In the embodiment, since any authenticated node in the private chain network can perform identity authentication on the node to be authenticated, the fact that a large number of power distribution terminals are subjected to identity authentication by depending on limited center trusted devices can be avoided, the authentication speed is improved, and meanwhile the failure of an authentication system caused by the failure of a single center trusted device can be prevented, so that the identity authentication efficiency of the power distribution terminals is effectively improved.

In another example, identity authentication can be performed on the node to be authenticated based on a public chain network in the blockchain technology, namely, in the certificate application and issuing stage, the public chain network can be utilized for performing multipoint distributed verification, so that the process that a traditional certificate issuing organization issues certificates by utilizing public and private keys is replaced, and the risk of invalidation of a single certificate issuing organization is avoided.

Specifically, the digital certificates stored in the blockchain are relied on for trusted identity authentication in the use process of the certificates, and data in the blockchain has stronger reliability than that of a single certificate issuing mechanism because of common identification verification through a plurality of nodes on the chain, for example, in the application, a node to be authenticated can be subjected to identity registration through a main node and authenticated nodes can be subjected to identity authentication successively.

When cross-domain authentication is performed, a multi-certificate authority chain can also be introduced into the blockchain PKI system, and a certificate user is verified through a root certificate of the affiliated certificate authority. The method has the advantages that the certificates issued by the certificate issuing institutions are effectively audited based on the blockchain technology, the operation time delay is reduced by designing a high-efficiency query method and a forward tracking strategy, the vulnerability of the traditional certificate issuing institutions is solved, and the correctness of the certificate operation can be verified by the nodes on any blockchain, so that the robustness of the certificate use is effectively improved.

Compared with the mode of carrying out identity authentication based on a public chain network, the embodiment of the application carries out the decentralization authentication by playing the distributed characteristic of the blockchain technology, and compared with the mode of carrying out the identity authentication based on the public chain network, the embodiment of the application has the advantages that the internal nodes of the private chain network can limit the identity authentication qualification of the nodes to be authenticated, any node can be prevented from reading, transmitting or confirming the information in the network, the reliability of the identity authentication process and the authentication result of the power distribution terminal is effectively improved, the safety compliance, traceability, non-falsification and automatic execution of the power distribution terminal authentication is provided for the power distribution automation, and the safety attack of the data from the inside or the outside is prevented.

In one embodiment, the obtaining the second terminal attribute information sent by the node to be authenticated may include the following steps:

sending a public key acquisition request aiming at the node to be authenticated to the master node, and receiving a public key corresponding to the node to be authenticated, which is sent by the master node; acquiring encrypted second terminal attribute information sent by the node to be authenticated; and decrypting the encrypted second terminal attribute information by adopting the public key corresponding to the node to be authenticated to obtain the second terminal attribute information.

As an example, the public key is obtained when the master node registers the identity of the node to be authenticated; the encrypted second terminal attribute information is encrypted through a private key corresponding to the node to be authenticated.

In a specific implementation, the node to be authenticated may perform identity registration in advance on the master node before triggering the authenticated node to perform identity authentication on the node.

Specifically, as shown in fig. 3, in step 301, a power distribution terminal to be authenticated may be factory set before use, and corresponding terminal attribute information is set.

In step 302, a power distribution terminal to be authenticated is used as a node to be authenticated in a private chain network, and a registration request is sent to a master node.

In step 303, after receiving the registration request, the master node returns a registration requirement to the node to be authenticated, where the registration requirement may be used to prompt the node to be authenticated to generate a corresponding key pair, and return specified terminal attribute information, such as a power distribution terminal name, a power distribution terminal identifier, a power distribution terminal geographic location, and a monitoring object corresponding to the power distribution terminal.

In step 304, the node to be authenticated generates a key pair comprising a public key and a private key after receiving the registration request. The key pair may carry terminal identity information, such as a distribution terminal identity, corresponding to the node to be authenticated, and the key pair is unique to the node to be authenticated, the master node, and the private chain network.

In step 305, the node to be authenticated replies to the registration request, and sends the public key, the proof material and the first terminal attribute information corresponding to the node to be authenticated to the master node.

In step 306, the master node verifies whether the identity of the node to be authenticated is legal based on receiving the proof material, and if so, determines that the identity of the node to be authenticated passes the verification, and stores the public key corresponding to the node to be authenticated in the master node.

In step 307, the master node uses the private key corresponding to the master node to sign and encrypt the first terminal attribute information, and sends the first terminal attribute information after the sign and encryption to the private chain network.

In step 308, the private-link network encrypts the signed encrypted first terminal attribute message, stores the encrypted first terminal attribute message, for example, generates a corresponding block, and performs a uplink operation.

In step 309, the master node returns a registration result to the node to be authenticated, including registration success or registration failure.

After the to-be-authenticated node successfully performs identity registration on the master node, an identity authentication request can be sent to the authenticated node, the authenticated node which receives the identity authentication request can send a public key acquisition request aiming at the to-be-authenticated node to the master node, and a public key corresponding to the to-be-authenticated node returned by the master node aiming at the public key acquisition request is received.

And the node to be authenticated can also acquire encrypted second terminal attribute information sent by the node to be authenticated, and the second terminal attribute information can be carried in the identity authentication request. Or after the node to be authenticated sends the identity authentication request, the authenticated node can send an identity authentication request to the node to be authenticated, the identity authentication request can prompt the node to be authenticated to return appointed terminal attribute information, the appointed terminal attribute information is the same as the terminal attribute information appointed by the main node, and then the node to be authenticated which receives the identity authentication request can send corresponding second terminal attribute information to the authenticated node. And when the node to be authenticated sends the second terminal attribute information, the private key corresponding to the node to be authenticated can be adopted to carry out signature encryption on the second terminal attribute information.

After the encrypted second terminal attribute information sent by the node to be authenticated is obtained, the public key corresponding to the node to be authenticated can be adopted to decrypt the encrypted second terminal attribute information, and decrypted second terminal attribute information is obtained.

In this embodiment, by acquiring the public key corresponding to the node to be authenticated from the master node and decrypting the encrypted second terminal attribute information sent by the node to be authenticated by using the public key, it can be verified whether the node to be authenticated is a node that registers the identity in the master node, and when the public key can successfully decrypt the encrypted second terminal attribute information, it can be determined that the node to be authenticated is matched with the node that sends the public key.

acquiring third terminal attribute information corresponding to the authenticated power distribution terminal, and generating a public key acquisition request for the node to be authenticated, wherein the public key acquisition request comprises the third terminal attribute information; and sending the public key acquisition request to the master node to trigger the master node to send the public key corresponding to the node to be authenticated to the authenticated node when the third terminal attribute information is matched with the authenticated terminal attribute information corresponding to the authenticated power distribution terminal in the private chain network after receiving the public key acquisition request.

As an example, the third terminal attribute information may be terminal attribute information that is currently transmitted by the authenticated node to the master node, and the third terminal attribute information may include at least one of the following information: the power distribution terminal comprises a power distribution terminal name, a power distribution terminal identifier, a power distribution terminal geographic position and a monitoring object corresponding to the power distribution terminal.

In a specific implementation, the authenticated node may obtain third terminal attribute information corresponding to the authenticated power distribution terminal, and generate a public key obtaining request for the node to be authenticated, where the public key obtaining request includes the third terminal attribute information.

After generating the public key obtaining request, the authenticated node may send the public key obtaining request to the master node, and after receiving the public key obtaining request, the master node may perform identity verification on the authenticated node based on the third terminal attribute information in the public key obtaining request, so as to prevent other nodes from impersonating the authenticated node to obtain the public key.

Specifically, after the master node reads the third terminal attribute information in the public key obtaining request, the master node may obtain, from the private network, pre-stored authenticated terminal attribute information corresponding to the authenticated power distribution terminal, where the authenticated terminal attribute information may be information obtained by other nodes and uploaded to the private network when the authenticated node performs identity authentication, or may be terminal attribute information obtained when the master node performs identity registration on the authenticated node.

If the third terminal attribute information is matched with the terminal attribute information corresponding to the authenticated node currently stored in the private chain network, the master node can return a public key corresponding to the node to be authenticated to the authenticated node; if the two are not matched, the master node can determine that the identity of the authenticated node is not trusted, and can refuse to send the public key corresponding to the node to be authenticated to the authenticated node.

In this embodiment, by sending the public key obtaining request including the third terminal attribute information to the master node, the master node may be triggered to verify the identity of the authenticated node after receiving the public key obtaining request, and send the public key corresponding to the node to be authenticated after the authentication is passed, thereby improving the identity reliability of the authenticated node, and avoiding the public key of the node to be authenticated from being stolen by other nodes, and improving the security of the power distribution automation system.

In one embodiment, after determining whether to pass the identity authentication of the node to be authenticated according to the comparison result, the method may further include the steps of:

when the node to be authenticated passes identity authentication, the second terminal attribute information is used as authenticated terminal attribute information corresponding to the node to be authenticated and stored in the private chain network, so that when the node to be authenticated acquires public keys of other nodes to be authenticated from the master node, the master node is triggered to verify the identity of the node to be authenticated based on the authenticated terminal attribute information corresponding to the node to be authenticated.

As an example, the authenticated terminal attribute information may be terminal attribute information that is uploaded to the private chain network for storage when the authenticated node in the private chain network performs identity authentication on the node to be authenticated.

After the identity authentication result is obtained, if the node to be authenticated passes the identity authentication, the authenticated node can store the second terminal attribute information into the private chain network as authenticated terminal attribute information corresponding to the node to be authenticated.

Specifically, for example, the authenticated node may perform hash processing on the second terminal attribute information sent by the node to be authenticated and sign the second terminal attribute information with a private key, so as to obtain second terminal attribute information after hash processing and signature processing, where the information may also have metadata such as a timestamp, and further may be used as authenticated terminal attribute information corresponding to the node to be authenticated, and stored in the private chain network for recording.

After the authenticated terminal attribute information corresponding to the node to be authenticated is stored in the private chain network, if the subsequent node to be authenticated is to acquire public keys of other nodes to be authenticated from the master node, the master node can be triggered to verify the identity of the node to be authenticated based on the authenticated terminal attribute information corresponding to the node to be authenticated. For example, after determining that the node to be authenticated a passes identity authentication, the authenticated node B may perform the above processing on the second terminal attribute information sent by the node to be authenticated a, and store the processing result as authenticated terminal attribute information a corresponding to the node to be authenticated a in the private chain network. When the node A to be authenticated is used as an authenticated node and receives an identity authentication request of the node C to be authenticated, the node A to be authenticated can send a public key acquisition request to a master node, the master node can perform identity verification on the node A to be authenticated based on authenticated terminal attribute information a stored in a private chain network, and the public key of the node C to be authenticated is returned after verification is passed.

In this embodiment, when it is determined that the node to be authenticated passes identity authentication, the second terminal attribute information may be stored in the private chain network as authenticated terminal attribute information corresponding to the node to be authenticated, so as to provide an identity authentication material for the subsequent node to be authenticated to obtain public keys of other nodes from the master node.

acquiring encrypted first terminal attribute information in the storage position; and obtaining the public key corresponding to the main node, and decrypting the encrypted first terminal attribute information by adopting the public key corresponding to the main node to obtain the first terminal attribute information.

The encrypted first terminal attribute information is encrypted through a private key corresponding to the master node.

In practical application, when the master node performs identity registration on the node to be authenticated, the master node may receive the first terminal attribute information sent by the node to be authenticated, and store the first terminal attribute information. Specifically, in order to avoid occupying a local storage space, the master node may not store the first terminal attribute information locally at the terminal, but perform signature processing by using a private key corresponding to the master node to obtain encrypted first terminal attribute information, and further may send the encrypted first terminal attribute information to the private chain and store the encrypted first terminal attribute information in a corresponding storage position.

When receiving a storage position sent by a master node, the authenticated node can acquire first terminal attribute information encrypted by a master node private key in the storage position from a private chain network, and acquire a public key corresponding to the master node, so that the encrypted first terminal attribute information can be decrypted by adopting the public key corresponding to the master node, and decrypted first terminal attribute information is obtained.

In this embodiment, the authenticated node may take the public key corresponding to the master node, and decrypt the encrypted first terminal attribute information by using the public key corresponding to the master node, to obtain the first terminal attribute information, so as to provide a data comparison basis for subsequent identity authentication of the node to be authenticated.

In one embodiment, the first terminal attribute information in the storage location may be a hash value corresponding to the terminal attribute information of the power distribution terminal to be authenticated, that is, the first hash value. Specifically, after receiving the first terminal attribute information sent by the node to be authenticated, the master node may perform hash processing on the first terminal attribute information, and store the first terminal attribute information in the form of a first hash value.

The comparing the first terminal attribute information and the second terminal attribute information includes:

After receiving the second terminal attribute information, the authenticated node may perform hash processing on the second terminal attribute information to obtain a second hash value, and compare the first hash value with the second hash value to determine whether the first terminal attribute information is consistent with the second terminal attribute information. For example, when the first hash value is equal to the second hash value, it may be determined that the first terminal attribute information is identical to the second terminal attribute information.

In this embodiment, the authenticated node may quickly determine whether the first terminal attribute information is consistent with the second terminal attribute information, and verify the validity of the second terminal attribute by acquiring a second hash value corresponding to the second terminal attribute information and comparing the first hash value with the second hash value, thereby improving the authentication efficiency of the node to be authenticated.

In one embodiment, in the process of identity registration and identity authentication of the node to be authenticated, the security of value transmission can be ensured through an asymmetric encryption technology by information interaction among the node to be authenticated, the authenticated node and the master node, namely, a data sender firstly adopts a private key of the data sender to encrypt and sign information, then uses a public key of a data receiver to encrypt the signed information, and sends the encrypted information to the data receiver. After receiving the information, the data receiver firstly adopts the public key of the data sender to verify, and then decrypts the information by using the private key of the data receiver.

In order that those skilled in the art may better understand the above steps, an embodiment of the present application will be described below by way of an example, but it should be understood that the embodiment of the present application is not limited thereto.

As shown in fig. 4, in step 401, a node to be authenticated may initiate an identity authentication request to a neighboring authenticated node.

In step 402, after receiving the identity authentication request, the authenticated node may send a challenge code and an authentication requirement to the node to be authenticated, where the authentication requirement may be used to indicate terminal attribute information that the node to be authenticated needs to submit, and in an example, the terminal attribute information of the authentication requirement is the same as the terminal attribute information in the registration requirement in fig. 3.

In step 403, the node to be authenticated may obtain second terminal attribute information corresponding to the authentication requirement.

In step 404, the node to be authenticated generates a dynamic password corresponding to the challenge code according to the challenge code and a key seed agreed in advance with the authenticated node, signs the dynamic password, and further returns a signed response password corresponding to the challenge code to the authenticated node, master node information corresponding to a master node for registering the identity of the node to be authenticated, and second terminal attribute information encrypted by using the private key of the node to be authenticated.

In step 405, the authenticated node searches for a corresponding master node according to the master node information, and sends a public key acquisition request to the master node.

In step 406, the master node sends the public key of the node to be authenticated and the storage location of the first terminal attribute information in the private chain network to the authenticated node.

In step 407, the authenticated node looks up the first terminal attribute information in the private chain network according to the storage location.

In step 408, the obtained first terminal attribute information and the second terminal attribute information are compared to determine whether the identity authentication of the node to be authenticated is passed.

In step 409, after determining that the identity authentication is passed, the authenticated node signs the second terminal attribute information with the private key and stores it in the private chain network.

In step 410, the authenticated node returns a result of successful identity authentication to the node to be authenticated.

It should be understood that, although the steps in the flowcharts of fig. 2-4 are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in fig. 2-4 may include multiple steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor does the order in which the steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of the steps or stages in other steps or other steps.

In one embodiment, as shown in fig. 5, a power distribution terminal authentication system is provided, where the system includes a node to be authenticated 501 corresponding to a power distribution terminal to be authenticated, a master node 502 corresponding to a power distribution master station or a power distribution substation, and an authenticated node 503 corresponding to an authenticated power distribution terminal in a private chain network.

The node to be authenticated 501 is configured to send a registration request to the master node, where the registration request carries first terminal attribute information corresponding to the power distribution terminal to be authenticated.

Specifically, the node to be authenticated may send a registration request to the master node, where the registration request carries first terminal attribute information corresponding to the power distribution terminal to be authenticated.

The master node 502 is configured to perform identity registration on the node to be authenticated after receiving a registration request, and store the first terminal attribute information to a storage location set in the private chain network when registration is successful.

In practical application, after receiving the registration request, the master node may perform identity registration on the node to be authenticated in response to the registration request, and store the first terminal attribute information in a storage location set in the private chain network when the registration is successful.

The node to be authenticated 501 is further configured to send, after successful registration, master node information corresponding to the master node and second terminal attribute information currently acquired to the authenticated node.

In practical application, after the host node successfully performs identity registration on the node to be authenticated, a registration result can be returned to the node to be authenticated, the node to be authenticated can determine whether registration is successful according to the registration result, and after the registration is determined to be successful, the node to be authenticated can send host node information corresponding to the host node and second terminal attribute information acquired currently to the authenticated node.

The authenticated node 503 is configured to determine a master node corresponding to the master node information, obtain the first terminal attribute information from the storage location sent by the master node, compare the first terminal attribute information with the second terminal attribute information, and determine whether to pass identity authentication of the node to be authenticated according to a comparison result.

After receiving the storage position returned by the master node, the authenticated node can acquire the first terminal attribute information in the storage position from the private chain network, compare the first terminal attribute information with the second terminal attribute information, acquire a comparison result of whether the first terminal attribute information and the second terminal attribute information are matched or not, and further determine whether the identity authentication of the node to be authenticated is passed or not according to the comparison result.

In this embodiment, a node to be authenticated in the private chain network may send a registration request carrying first terminal attribute information corresponding to a power distribution terminal to be authenticated to a master node, after receiving the registration request, the master node performs identity registration on the node to be authenticated, and stores the first terminal attribute information in a storage location set in the private chain network when the registration is successful, after the node to be authenticated is successful in registration, the node to be authenticated may send master node information corresponding to the master node and second terminal attribute information acquired currently to the authenticated node, and further the authenticated node may determine the master node corresponding to the master node information, obtain the first terminal attribute information from the storage location sent by the master node, compare the first terminal attribute information with the second terminal attribute information, and determine whether identity authentication of the node to be authenticated passes according to a comparison result. In the embodiment, since any authenticated node in the private chain network can perform identity authentication on the node to be authenticated, the fact that a large number of power distribution terminals are subjected to identity authentication by depending on limited center trusted devices can be avoided, the authentication speed is improved, and meanwhile the failure of an authentication system caused by the failure of a single center trusted device can be prevented, so that the identity authentication efficiency of the power distribution terminals is effectively improved.

In one embodiment, as shown in fig. 6, there is provided a distribution terminal authentication apparatus applicable to an authenticated node corresponding to an authenticated distribution terminal in a private chain network, the apparatus comprising:

the master node information receiving module 601 is configured to obtain master node information sent by a node to be authenticated corresponding to a power distribution terminal to be authenticated;

a storage location determining module 602, configured to determine a master node corresponding to the master node information, and receive a storage location sent by the master node; the master node is a node in the private chain network corresponding to a power distribution master station or a power distribution substation, and the storage position is a position in the private chain network for storing first terminal attribute information corresponding to the power distribution terminal to be authenticated when the master node registers the identity of the node to be authenticated;

a terminal attribute information obtaining module 603, configured to obtain the first terminal attribute information in the storage location, and obtain second terminal attribute information sent by the node to be authenticated;

and the authentication module 604 is configured to compare the first terminal attribute information with the second terminal attribute information, and determine whether to pass the identity authentication of the node to be authenticated according to the comparison result.

In one embodiment, the terminal attribute information acquisition module includes:

the public key acquisition sub-module of the node to be authenticated is used for sending a public key acquisition request aiming at the node to be authenticated to the master node and receiving a public key corresponding to the node to be authenticated, which is sent by the master node; the public key is obtained when the main node registers the identity of the node to be authenticated;

the second encryption information acquisition sub-module is used for acquiring encrypted second terminal attribute information sent by the node to be authenticated; the encrypted second terminal attribute information is encrypted through a private key corresponding to the node to be authenticated;

and the second encryption information decryption module is used for decrypting the encrypted second terminal attribute information by adopting the public key corresponding to the node to be authenticated to obtain the second terminal attribute information.

In one embodiment, the node public key obtaining sub-module to be authenticated includes:

the public key acquisition request generation unit is used for acquiring third terminal attribute information corresponding to the authenticated power distribution terminal and generating a public key acquisition request containing the third terminal attribute information and aiming at the node to be authenticated;

And the public key acquisition request sending unit is used for sending the public key acquisition request to the master node so as to trigger the master node to send the public key corresponding to the node to be authenticated to the authenticated node when the third terminal attribute information is matched with the authenticated terminal attribute information corresponding to the authenticated power distribution terminal in the private chain network after receiving the public key acquisition request.

In one embodiment, the apparatus further comprises:

and the authentication terminal attribute information storage module is used for storing the second terminal attribute information into the private chain network as authenticated terminal attribute information corresponding to the node to be authenticated when the node to be authenticated passes identity authentication, so as to trigger the master node to verify the identity of the node to be authenticated based on the terminal attribute information corresponding to the node to be authenticated when the node to be authenticated acquires public keys of other nodes to be authenticated from the master node.

the first encryption information acquisition sub-module is used for acquiring encrypted first terminal attribute information in the storage position; the encrypted first terminal attribute information is encrypted through a private key corresponding to the master node;

And the first encryption information decryption module is used for acquiring the public key corresponding to the main node, and decrypting the encrypted first terminal attribute information by adopting the public key corresponding to the main node to obtain the first terminal attribute information.

In one embodiment, the first terminal attribute information in the storage location is a first hash value corresponding to the terminal attribute information of the power distribution terminal to be authenticated, and the authentication module is specifically configured to:

The specific limitation of the distribution terminal authentication device can be referred to the limitation of the distribution terminal authentication method hereinabove, and will not be repeated here. The respective modules in the above-described distribution terminal authentication apparatus may be implemented in whole or in part by software, hardware, and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

In one embodiment, a computer device is provided, which may be a terminal, and the internal structure of which may be as shown in fig. 7. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, an operator network, NFC (near field communication) or other technologies. The computer program, when executed by a processor, implements a method of power distribution terminal authentication. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.

It will be appreciated by those skilled in the art that the structure shown in FIG. 7 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.

In one embodiment, a computer device is provided comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of:

In one embodiment, the steps of the other embodiments described above are also implemented when the processor executes a computer program.

In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:

In one embodiment, the computer program, when executed by a processor, also implements the steps of the other embodiments described above.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, or the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.

Claims

1. A power distribution terminal authentication method, applied to an authenticated node corresponding to an authenticated power distribution terminal in a private chain network, the method comprising:

acquiring master node information sent by a node to be authenticated corresponding to a power distribution terminal to be authenticated; the authenticated node is a node corresponding to the power distribution terminal with identity authentication in the private chain network, and the node to be authenticated is a node corresponding to the power distribution terminal without identity authentication in the private chain network;

acquiring the first terminal attribute information in the storage position; the first terminal attribute information comprises at least one of the following information of the power distribution terminal to be authenticated: the method comprises the steps of distributing terminal names, distributing terminal identifiers, distributing terminal geographic positions and monitoring objects corresponding to the distributing terminals;

Decrypting the encrypted second terminal attribute information by adopting the public key corresponding to the node to be authenticated to obtain the second terminal attribute information; wherein the second terminal attribute information includes at least one of the following information of the power distribution terminal to be authenticated: the method comprises the steps of distributing terminal names, distributing terminal identifiers, distributing terminal geographic positions and monitoring objects corresponding to the distributing terminals;

2. The method according to claim 1, wherein the obtaining the master node information and the encrypted second terminal attribute information sent by the node to be authenticated corresponding to the power distribution terminal to be authenticated includes:

responding to an identity authentication request initiated by the node to be authenticated, and sending a challenge code to the node to be authenticated;

and acquiring a response password generated by the node to be authenticated according to the challenge code, master node information and encrypted second terminal attribute information.

3. The method of claim 1, wherein the sending the public key acquisition request for the node to be authenticated to the master node comprises:

4. A method according to claim 3, further comprising, after said determining whether the identity of the node to be authenticated is authenticated based on the comparison result:

5. The method of claim 1, wherein the obtaining the first terminal attribute information in the storage location comprises:

6. The method according to claim 1, wherein the first terminal attribute information in the storage location is a first hash value corresponding to terminal attribute information of the power distribution terminal to be authenticated, and the comparing the first terminal attribute information with the second terminal attribute information includes:

7. A distribution terminal authentication apparatus for use in an authenticated node corresponding to an authenticated distribution terminal in a private chain network, the apparatus comprising:

The main node information receiving module is used for acquiring main node information sent by a node to be authenticated corresponding to the power distribution terminal to be authenticated; the authenticated node is a node corresponding to the power distribution terminal with identity authentication in the private chain network, and the node to be authenticated is a node corresponding to the power distribution terminal without identity authentication in the private chain network;

the terminal attribute information acquisition module is used for acquiring the first terminal attribute information in the storage position;

decrypting the encrypted second terminal attribute information by adopting the public key corresponding to the node to be authenticated to obtain the second terminal attribute information;

8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.