METHOD OF AUTHORIZATION FOR CONTROL ACCESS TO WIND POWER INSTALLATIONS, AND ALSO INTERFACE FOR WIND POWER INSTALLATIONS AND CERTIFICATION CENTER

Abstract

A method for authorizing a user for a control access to at least one wind turbine or at least one wind farm is disclosed. In this method, a certification center first authenticates a user, and the certification center accepts a control-access type from the authenticated user. The certification center then generates an electronic certificate according to the accepted control-access type and/or according to stored access permissions of the authenticated user. Then the certificate is used for authentication with the wind turbine or with the wind farm for the purpose of performing a control access. A system for performing the method and also relates to a certification center and to an interface of a wind turbine or of a wind farm.

Claims

1. A method comprising: authorizing users for control accesses to at least one wind turbine or at least one wind farm, wherein authorizing the users comprises: at a certification center, authenticating a user, at the certification center, accepting at least one control-access type from the authenticated user, at the certification center, generating an electronic certificate containing a control-access type according to at least one of: the accepted control-access type and stored access permissions of the authenticated user, and using the certificate for authentication of the at least one wind turbine or the at least one wind farm for performing control accesses having the control-access type.

2. The method according to claim 1, further comprising: authorizing read access for the user by certificate-independent authentication of a user identifier and a password of a user using an interface of at least one of the wind turbine or at least one of the wind farm.

3. The method according to claim 1, further comprising: issuing, by an interface of the certification center, the certificate to a processing unit; performing, by the processing unit, authentication with the interface of the at least one wind turbine or the at least one wind farm; and performing, by the interface of the at least one wind turbine or the at least one wind farm, control accesses to the at least one wind turbine or the at least one wind farm independently of the certification center.

4. The method according to claim 3, wherein the certification center performs the authentication with the interface of the at least one wind turbine or the at least one wind farm and performs control accesses to the at least one wind turbine or the at least one wind farm.

5. The method according to claim 1, further comprising: allocating, by a control system of the certification center, at least one of an allowed and an un-allowed control-access type to one registered user, each of a plurality of registered users, or every registered user, and generating, by the certification center, certificates of the authenticated user having the accepted control-access type only when if the accepted control-access type is designated in the control system as allowed for the user.

6. The method according to claim 1, further comprising: generating, by the certification center the certificate containing at least one of a validity period and at least one turbine identifier.

7. The method according to claim 6, further comprising: storing, by the control system, for each control-access type at least one of a maximum total number and a maximum number per predefined region, and wherein certificates are generated for a control-access type only if the number of the certificates that have already been awarded for the region and are currently valid on the basis of their validity period is less than at least one of the maximum total number and the maximum number per predefined region.

8. The method according to claim 1, wherein the certification center generates the certificate also according to at least one ascertained current or predicted parameter, wherein the at least one ascertained current or predicted parameter includes a grid status, weather and a status of one or more wind turbines.

9. An interface for at least one wind turbine or at least one wind farm, comprising: a data connection configured to receive a certificate, wherein the interface is configured to: read a control-access type of the certificate that is stored in the certificate, and allow, on the basis of the certificate, at least one control access of a control-access type, the at least one control access having as the control-access type, the stored control-access type.

10. The interface according to claim 9, wherein the interface is configured to read at least one of a validity period and a turbine identifier of the certificate, and to allow control accesses only if the at least one of the validity period and the turbine identifier is valid.

11. A certification center for authorizing users for control accesses to at least one wind turbine or to at least one wind farm, comprising: an interface for authenticating a user with the certification center and for transferring at least one control-access type to the certification center, wherein the certification center is configured to generate a certificate containing the control-access type according to at least one of the control-access type and stored access permissions of the authenticated user, and wherein the interface is configured to issue the electronic certificate.

12. The certification center according to claim 11, wherein the certification center comprises a control system using which one registered user, each of a plurality of registered users, or every registered user is allocated at least one of an allowed and an un-allowed control-access type, and the certification center is configured to generate certificates for an authenticated user if the control-access type transferred by the user is designated in the control system as allowed for the user.

13. The certification center according to claim 12, wherein the certification center is configured to allocate a validity period to the certificates.

14. The certification center according to claim 13, wherein at least one of a maximum total number and a maximum number per predefined region is stored for each control-access type in the control system, and the certification center is configured to generate certificates for a control-access type only if the number of the awarded certificates of the control-access type that are currently valid for the region is less than the at least one of maximum total number and the maximum number for the region.

15. The certification center according to claim 12, wherein the interface of the certification center is configured to accept, using the interface, at least one turbine identifier of at least one wind turbine to be controlled or of at least one wind farm to be controlled, and the certification center is configured to generate the electronic certificate with the certification center according to the control-access type, the turbine identifier and stored access permissions of the authenticated user.

16. The certification center according to claim 12, wherein the certification center comprises a further interface, wherein the further interface is configured to: receive at least one parameter including at least one of prevailing weather data, and weather forecasts, a current grid status and grid-status predictions, and dynamically adjust, the control system according to the at least one parameter.

17. A system comprising an interface according to claim 9.

18. A system comprising a certification center according to claim 11.

Description

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

[0058] The invention is described in greater detail below using exemplary embodiments with reference to the accompanying drawings, in which:

[0059] FIG. 1 shows a wind turbine;

[0060] FIG. 2 shows a wind farm;

[0061] FIG. 3 shows an exemplary embodiment of a system; and

[0062] FIG. 4 shows a flow sequence of an exemplary embodiment of a method.

DETAILED DESCRIPTION

[0063] FIG. 1 shows a schematic diagram of a wind turbine. The wind turbine 100 comprises a tower 102 and a nacelle 104 on the tower 102. An aerodynamic rotor 106 having three rotor blades 108 and a spinner 110 is provided on the nacelle 104. During operation of the wind turbine, the wind causes the aerodynamic rotor 106 to rotate, which hence also turns a generator rotor that is coupled directly or indirectly to the aerodynamic rotor 106. The electric generator is arranged in the nacelle 104 and generates electrical energy. The pitch angle of the rotor blades 108 can be varied by pitch motors on the rotor-blade roots 108b of the respective rotor blades 108.

[0064] FIG. 2 shows a wind farm 112 comprising by way of example three wind turbines 100, which may be identical or different. The three wind turbines 100 are hence representative of in principle any number of wind turbines in a wind farm 112. The wind turbines 100 provide their power, specifically the generated electrical current, via an electrical wind-farm network 114. The current or power generated by each of the wind turbines 100 is summated in this network, and a transformer 116 which steps up the voltage in the wind farm is usually provided in order to feed into the power grid 120 at the point of common coupling (PCC) 118. FIG. 2 is just a simplified representation of a wind farm 112, which does not show a controller for instance, although obviously a controller exists. The wind-farm network 114, for example, can also have a different design, for instance a design in which a transformer is present at the output of each wind turbine 100, to name just one different exemplary embodiment.

[0065] FIG. 3 shows an exemplary embodiment of the system, which comprises in particular a certification center 10 and an interface 12 of a wind farm 112. The interface 12 of the wind farm 112 is, e.g., the interface of a SCADA system, where SCADA stands for Supervisory Control And Data Acquisition.

[0066] FIG. 3 also shows a mobile device 16 of a user 18. The user 18 makes a connection via the mobile device 16 to an interface 20 of the certification center 10. For the purpose of authenticating the user 18, the mobile device 16 transmits to the interface 20 a user name and a password of the user 18. In addition, the user 18 transmits a control-access type and a turbine identifier to the interface 20 by means of the mobile device 16. The turbine identifier specifies to which wind farm the user 18 wishes to make a control access having the transmitted control-access type.

[0067] The interface 20 transmits the transferred data to a processor 22, which first checks using a control system 24 whether the authenticated user 18 is permitted to perform the requested control-access type on the wind farm specified by the turbine identifier.

[0068] In addition, the processor 22 checks using the control system 24 whether a maximum number of control accesses of the requested control-access type is already exceeded. If this number is not exceeded, then the processor 22 generates a certificate. The certificate contains a validity period, which is created by a date-and-time source 26. The date-and-time signal is here determined, e.g., from a GPS signal, and transmitted to the processor. Then, in the processor 22, the validity period is stored in the certificate for a time period, which in particular is predefined by the control system 24. Examples of validity periods are, for instance, two hours, eight hours, one day or five days.

[0069] The certificate that was generated by the processor 22 also contains the control-access type transferred by the user 18 to the interface 20 using the mobile device 16, the turbine identifier and further cryptographic parameters for verifying the authenticity of the certificate.

[0070] The certificate 28 is transmitted via the interface 20 to the mobile device 16. By entering his user name and password, the user 18 can initiate a read access to the wind farm 112 and can read data from the wind farm 112 via a further data connection 30 between the mobile device 16 and the interface 12 of the wind farm 112. If, however, the user wants to make a write access, which in this context corresponds to the control access, to the wind farm 112, then the certificate 28 is transferred via the further data connection 30 to the interface 12 of the wind farm 112. In the wind farm 112 or in a controller (not shown here) of the wind farm 112, the certificate which has been imported via the interface 12 of the windfarm 112, is then checked for authenticity.

[0071] In addition, the interface 12 of the wind farm checks whether the certificate 28 is still valid, i.e., the validity period has not elapsed yet, and whether the turbine identifier stored in the certificate matches the turbine identifier of the windfarm. Given a valid validity period, a matching turbine identifier and an authentic certificate, the user 18 is then allowed control accesses to the windfarm 112 that relate to the control-access types stored in the certificate 28. The user 18 can thereby make a control access to the wind farm 112 via the mobile device 16.

[0072] If the power grid 32 to which the windfarm 112 is connected via a transformer 116 and a point of common coupling 118 is weak or unstable, for instance because all the electrical power generators connected to this grid are currently feeding only a small amount of power into the network, this is detected by the certification center 10 by means of externally supplied parameters 36. A parameter 36 can be ascertained, for instance, by a system measurement or frequency measurement 38 of the power grid 32 to which the windfarm 112 is connected.

[0073] In addition, a weather database 39 is provided, from which the prevailing and forecast weather data is transferred to the certification center and/or retrieved by the certification center. According to other exemplary embodiments, the weather database 39 is a complete weather system for weather recording and forecasting.

[0074] If a user 18 now transfers a control-access type, which might be critical for the grid network 32, to the interface 20 for certificate generation in the processor 22, then a critical control-access type of this kind is prohibited, because the control database 24 has been dynamically updated previously by the parameter 32 and as a result of which, critical control-access types that relate to the windfarms 112 in the region of the power grid 32 are identified categorically as prohibited.

[0075] In this last-mentioned case, the interface 20 does not issue the certificate 28 to the mobile device 16. Instead, the interface 20 issues a message to the mobile device 16 that such a control-access type is currently not possible.

[0076] FIG. 4 shows the sequence flow of an exemplary embodiment of the method. In the first step 40, a password, a user name, a required control-access type and a turbine identifier are transferred to an interface 20 of a certification center 10. In the next step 42, the user, if registered in the certification center 10 and the password and user name are correct, is authenticated and hence authorized for further communication with the certification center 10. If an incorrect user name or an incorrect password has been entered, then access terminates in the step 44.

[0077] If user name and password agree with stored data in the control system 24, then in a next step 46, a check is made as to whether the control-access type is allowed for the authenticated user to the wind turbine 100 having the transferred turbine identifier. If the control-access type is not allowed for the user then the method terminates again in the step 44. If the control-access type and the selected wind turbine 100 is allowed for the user, then in a next step 46, the certification center checks on the basis of the number of currently valid requested control accesses to wind farms in the same region, whether the requested control-access type is allowed. If this control-access type is not allowed, then the method terminates again in the step 44.

[0078] If the control-access type is currently allowed, then a certificate 28 is generated in a step 48, which certificate 28 comprises the user name, the turbine identifier, the control-access type and a timestamp or validity period. The certificate 28 is then issued to a mobile device 16 of the user 18 in a step 50.

[0079] In the next step 52, the user authenticates himself with a wind turbine 100 using the mobile device 16, re-entering for this purpose a password and a user name via an interface 12 of a wind turbine 100. If the transferred user name and transferred password match the user name and password stored in the wind turbine, the user 18 is then authorized for read accesses. Otherwise the method terminates again in the step 44.

[0080] After successful authorization of the user 18 for read accesses, the mobile device 16 transfers the certificate 28 to the interface 12 of the wind turbine 100 in the step 54, and the user is authorized for the control accesses stored in the certificate if the turbine identifier in the certificate matches the turbine identifier of the wind turbine 100 and if the validity period has not expired yet.

[0081] In the step 56, the user is then allowed control accesses according to the control-access type(s) stored in the certificate 28, and the user 18 can then perform a control action. Once the control accesses have been performed, the method terminates in the step 44.