CN-121980618-A - Photovoltaic data security guarantee method, system, equipment and medium integrating trusted computing and blockchain

Abstract

The invention discloses a photovoltaic data security assurance method, a system, equipment and a medium integrating trusted computing and blockchain, wherein the method comprises the steps of carrying out integrity measurement on photovoltaic acquisition equipment through a trusted measurement mechanism to generate equipment measurement logs; encrypting photovoltaic data acquired by photovoltaic acquisition equipment in a trusted execution environment and generating a data abstract when the equipment trusted verification result is passed, signing the data abstract by a trusted platform module to form an encrypted data packet, extracting credential information from the encrypted data packet, writing the credential information into a blockchain to obtain a certification receipt after the credential information passes the intelligent contract verification, establishing an encrypted transmission channel after the identity authentication passes, and transmitting the encrypted data packet through the encrypted transmission channel. The method solves the problems of incomplete integrity verification of the acquisition equipment, lack of credible protection of data processing, insufficient reliability of identity authentication, poor traceability of transmission logs, easy tampering of stored data and difficult recovery in the existing data security guarantee method.

Inventors

• HE MINGJUN
• PANG LINGRONG
• YE HUAYANG
• SONG ZIHONG
• WANG NING
• REN SIYU
• YU JINSONG
• YANG DI
• YOU XINYU
• WEN XIANKUI
• XU YUTAO
• ZHOU KE
• CAI YONGXIANG
• WANG YANG
• GAO ZHENGHAO
• ZHANG JUNWEI
• FAN QIANG

Assignees

• 贵州电网有限责任公司

Dates

Publication Date

20260505

Application Date

20251128

Claims (10)

1. 1. The photovoltaic data security assurance method integrating the trusted computing and the blockchain is characterized by comprising the following steps of: carrying out integrity measurement on the photovoltaic acquisition equipment through a trusted measurement mechanism to generate equipment measurement logs, and comparing the equipment measurement logs with reference measurement values pre-stored in a blockchain to obtain equipment trusted verification results; When the device credibility verification result is that the device credibility verification result is passed, encrypting the photovoltaic data collected by the photovoltaic collection device in a credible execution environment, generating a data abstract, and signing the data abstract through a credible platform module to form an encrypted data packet; Extracting credential information from the encrypted data packet, writing the credential information into a blockchain to obtain a certification receipt after the credential information passes through intelligent contract verification, and carrying out identity authentication on a data transmitting end and a data receiving end according to the certification receipt and an equipment measurement log, and establishing an encrypted transmission channel after the identity authentication passes; Transmitting the encrypted data packet through the encrypted transmission channel, carrying out integrity verification on the transmission process in real time, and synchronizing the transmission behavior log and the log abstract to a blockchain; writing the received encrypted data packet into an encrypted storage area bound with the trusted platform module, periodically generating an integrity check value of the encrypted storage area, and uploading the integrity check value to a blockchain.
2. 2. The method for securing photovoltaic data fusing trusted computing and blockchain as in claim 1, wherein the step of generating device metric logs for integrity metrics of the photovoltaic collection device via the trusted metrics mechanism comprises: The hardware components of the photovoltaic acquisition equipment are independently monitored through the third-party measurement module, a hardware characteristic value is generated, and when the photovoltaic acquisition equipment is started, a hash value is calculated through the software components of the photovoltaic acquisition equipment through the third-party measurement module, so that a software measurement value is obtained; And writing the hardware characteristic value and the software measurement value into the equipment measurement log together.
3. 3. The photovoltaic data security method of fusing trusted computing and blockchain as in claim 2, wherein signing the data digest by a trusted platform module forms an encrypted data packet comprises: generating an encryption key by the trusted platform module, encrypting the photovoltaic data in the trusted execution environment by using the encryption key, and generating a data ciphertext; And performing hash operation on the data ciphertext to generate a data abstract, signing the data abstract by using a private key of the trusted platform module to generate a signature value, and packaging the data ciphertext, the data abstract, the signature value, the equipment measurement log and the equipment identity corresponding to the photovoltaic acquisition equipment together to form an encrypted data packet.
4. 4. The photovoltaic data security method of fusing trusted computing and blockchain of claim 3, wherein the step of writing into the blockchain to obtain a certification receipt when the credential information passes the smart contract verification comprises: Taking the data abstract, the signature value and the equipment measurement log in the encrypted data packet as credential information, and verifying the signature value through a pre-stored equipment public key in a blockchain to verify the source authenticity of the credential information; comparing the equipment measurement log in the credential information with a reference measurement value pre-stored in a blockchain to confirm that the photovoltaic acquisition equipment is in a trusted state; When the source authenticity verification is passed and the photovoltaic collection equipment is in a trusted state, writing the credential information into a blockchain through an intelligent contract to generate a certification receipt, and binding the certification receipt with an encrypted data packet and storing the certification receipt in a storage area bound with a trusted platform module.
5. 5. The photovoltaic data security method of fusing trusted computing and blockchain as in claim 4, wherein the identity authentication is based on a ternary role architecture, the ternary role comprising a data sending end as a requesting party, a control end as a transferring party and a decision end as a decision party; the step of carrying out identity authentication on the data transmitting end and the data receiving end according to the certification receipt and the equipment measurement log comprises the following steps: The data transmitting end transmits an authentication request comprising an equipment identity, an equipment measurement log and a data abstract to the control end, the control end authenticates the authentication request and verifies a certification receipt of the data transmitting end, and the authentication request is transmitted to the decision end after being added with the equipment measurement log of the control end after passing the authentication; The decision terminal compares the device measurement logs of the data sending terminal and the control terminal with the reference measurement values pre-stored in the blockchain, and compares the data abstract with the certificate receipt stored in the blockchain; And when the comparison results of the decision end are consistent, issuing authentication passing instructions to the data sending end and the control end, and establishing an encryption transmission channel between the data sending end and the data receiving end.
6. 6. The photovoltaic data security method of fusing trusted computing and blockchain of claim 5, wherein synchronizing the transmission behavior log and the log summary to the blockchain comprises: In the data transmission process, the control end records transmission details in real time and generates a transmission behavior log, writes the transmission behavior log into a private chain of the block chain, and calculates a hash value of the transmission behavior log stored in the private chain to generate a log abstract; And submitting the log abstract and the abnormal information generated in the transmission process to a alliance chain of the blockchain at regular intervals, and storing the log abstract and the abnormal information in the alliance chain to form a transmission certificate after the intelligent contract passes verification.
7. 7. The photovoltaic data security method of fusing trusted computing and blockchain as in claim 6, wherein the step of periodically generating and uploading an integrity check value of the encrypted storage area to the blockchain comprises: carrying out partition management on the encryption storage area according to the equipment type of the photovoltaic acquisition equipment and the date of data acquisition, encrypting each partition by using an independent encryption key, periodically calculating an integrity check value for each partition, and uploading the integrity check value to a blockchain after integrating; When the integrity check value is detected to be inconsistent with the stored integrity check value in the blockchain, an abnormal alarm is generated and written into the blockchain, and tampered photovoltaic data is recovered from the backup data according to the stored integrity check value in the blockchain.
8. 8. A photovoltaic data security system incorporating trusted computing and blockchain, employing the method of any of claims 1-7, comprising: the collection and encapsulation module is used for executing the integrity measurement of the photovoltaic collection equipment, completing the encryption of the photovoltaic data and the signature of the data abstract in the trusted execution environment, and forming an encrypted data packet; The on-chain certificate storing module is used for extracting the certificate information in the encrypted data packet, writing the certificate information into the blockchain after verification through the intelligent contract, and obtaining a certificate storing receipt; The identity authentication module is used for completing identity authentication and establishing an encryption transmission channel according to a ternary role architecture based on the certificate receipt and the equipment measurement log; The transmission monitoring module is used for transmitting data in the encrypted transmission channel, carrying out real-time integrity check, and synchronizing the transmission behavior log and the log abstract to the block chain; and the secure storage module is used for storing the received encrypted data packet into an encrypted storage area bound with the trusted platform module, and periodically generating an integrity check value and uploading the integrity check value to the blockchain.
9. 9. An electronic device, comprising: A memory and a processor; The memory is configured to store computer-executable instructions that, when executed by the processor, implement the steps of the photovoltaic data security method of fusing trusted computing and blockchain of any of claims 1 to 7.
10. 10. A computer readable storage medium storing computer executable instructions which when executed by a processor perform the steps of the photovoltaic data security method of fusing trusted computing with blockchain of any of claims 1 to 7.

Description

Photovoltaic data security guarantee method, system, equipment and medium integrating trusted computing and blockchain Technical Field The invention relates to the technical field of data security, in particular to a photovoltaic data security guarantee method, system, equipment and medium for fusing trusted computing and blockchain. Background The transformation of energy sources promotes the rapid development of the photovoltaic industry, a large amount of data about generated energy, component states and the like can be generated in the operation of a photovoltaic system, and the data are core basis of operation and maintenance monitoring and fault investigation and also directly influence power grid dispatching and income settlement. However, the existing data security guarantee method is not comprehensive enough for integrity verification of photovoltaic collection equipment, only pays attention to software states and ignores hardware characteristics, cannot judge the credibility of equipment by combining with a blockchain reference value, so that unreliable equipment data flows into a photovoltaic system, lacks protection of a trusted execution environment in a data processing link, causes that an encryption signature is attacked, and a trusted certificate is not confirmed by means of an intelligent contract. Disclosure of Invention The present invention has been made in view of the above-described problems occurring in the prior art. Therefore, the invention provides a photovoltaic data security guarantee method, a system, equipment and a medium for fusing trusted computing and blockchain, which solve the problems of incomplete integrity verification of acquisition equipment, lack of trusted protection in data processing, insufficient identity authentication reliability, poor traceability of transmission logs, easy tampering of stored data and difficult recovery in the existing data security guarantee method. In order to solve the technical problems, the invention provides the following technical scheme: The photovoltaic data security guarantee method based on the intelligent contract verification comprises the steps of carrying out integrity measurement on photovoltaic collection equipment through a trusted measurement mechanism to generate equipment measurement logs, comparing the equipment measurement logs with reference measurement values prestored in the blockchain to obtain equipment trusted verification results, encrypting photovoltaic data collected by the photovoltaic collection equipment in a trusted execution environment and generating data digests when the equipment trusted verification results are passed, signing the data digests through a trusted platform module to form encrypted data packets, extracting credential information from the encrypted data packets, writing the credential information into the blockchain to obtain a storage receipt after the credential information is verified through the intelligent contract, carrying out identity authentication on a data sending end and a data receiving end according to the storage receipt and the equipment measurement logs, establishing an encrypted transmission channel after the identity authentication is passed, transmitting the encrypted data packets through the encrypted transmission channel, carrying out integrity verification on the transmission process in real time, synchronizing the transmission behavior logs and the log digests to the blockchain, writing the received encrypted data packets into the trusted platform module and writing the encrypted data packets into the encrypted data packets and the trusted platform module to generate the encrypted data packets, and carrying out periodic verification of the integrity verification of the encrypted data packets to the storage area of the blockchain. The photovoltaic data security guarantee method integrating the trusted computing and the blockchain comprises the steps of independently monitoring hardware components of the photovoltaic acquisition equipment through a third-party measurement module to generate a hardware characteristic value, calculating a hash value through a software component of the photovoltaic acquisition equipment through the third-party measurement module when the photovoltaic acquisition equipment is started to obtain a software measurement value, and writing the hardware characteristic value and the software measurement value into the equipment measurement log together. The hardware component of the photovoltaic collection device is independently monitored through the third-party measurement module to generate a hardware characteristic value, the monitoring process is not interfered by the running state of the photovoltaic collection device, the fact that the hardware characteristic value can truly reflect the actual state of the hardware component is ensured, when the photovoltaic collection device is started, the software component is calculated by the same th