METHOD AND SYSTEM FOR AUTHENTICATING HYDROGEN FROM RENEWABLE SOURCES

The present invention relates to a method and system for computer implemented authenticating hydrogen from renewable sources , wherein the renewable sources comprise energy generators that rely on renewable energy, for example wind energy or solar energy .

BACKGROUND OF THE INVENTION

The hydrogen market is expected to grow, in particular the market for so-called green hydrogen . Green hydrogen is hydrogen generated by renewable energy, so-called green energy, instead of fossil fuels . It has the potential to provide clean power for manufacturing, transportation, and more — and its only byproduct is water . Companies and customers turning to green hydrogen to power their operations , for example powering factories and vehicles , will demand to prove that the hydrogen they are relying on is truly green . Therefore , green hydrogen producers will be pressured by their customers to veri fy the sustainability of their hydrogen, preferably in real time , in order to meet the customer ' s environmental targets . For example , it may be important to be able to prove that the hydrogen delivered into a pipeline or a storage tank of a vehicle or tube trailer is in fact green . Further requirements may include that such proof is transparently available at any time and up to the end consumer . Furthermore , an easy and ef ficient handling of such proofs may be required .

SUMMARY

Therefore , a need exists for advanced techniques of proving delivery of green hydrogen . This need is met by the features of the independent claims .

The features of the dependent claims define embodiments .

A computer-implemented method for authenticating hydrogen from renewable sources includes metering first electrical characteristics at an electrical output of at least one electrical generator for a predetermined period of time . The at least one electrical generator is configured to generate electrical energy from a renewable energy source . For example , the at least one electrical generator may comprise a wind turbine or a solar power device , for example a photovoltaic device comprising one or more photovoltaic panels . The at least one electrical generator may comprise a plurality of electrical generators , for example a plurality of wind turbines or a plurality of photovoltaic devices , or a combination of one or more wind turbines and one or more photovoltaic devices . The first electrical characteristics may comprise electrical power and/or electrical energy delivered or produced by the at least one electrical generator during the predetermined period of time . The first electrical characteristics may be metered by a corresponding smart meter coupled to a local computer system arranged within a hydrogen power plant comprising the at least one electrical generator and a hydrogen electrolyzer . Furthermore , the computer-implemented method comprises metering second electrical characteristics at an electrical input of the hydrogen electrolyzer for the predetermined period of time . The hydrogen electrolyzer is electrically coupled to the at least one electrical generator and configured to produce hydrogen from electrical energy .

The second electrical characteristics may comprise electrical power and/or electrical energy received by the hydrogen electrolyzer during the predetermined period of time . The second electrical characteristics may be metered by a corresponding smart meter coupled to the local computer system . According to the computer-implemented method, hydrogen characteristics of hydrogen produced by the hydrogen electrolyzer and output at a hydrogen output of the hydrogen electrolyzer are metered for the predetermined period of time . The hydrogen characteristics comprise at least one of a hydrogen mass , a hydrogen volume , a hydrogen mass flow rate , a hydrogen volume flow rate , a hydrogen purity, and a hydrogen gas pressure . The above listed hydrogen characteristics may be metered by one or more corresponding smart meters coupled to the local computer system . The one or more smart meters may comprise a group of meters or sensors for measuring the above listed characteristics , for example a sensor for measuring the pressure , a further sensor for measuring the mass flow and yet a further sensor for measuring the purity of the hydrogen gas . Generally, a smart meter may be an electronic device that obtains information such as electrical energy, voltage levels , electrical currents , gas volume , a gas mass flow rate or gas purity . Smart meters may communicate the information to a processing system, for example to the local computer system of the power plant . Smart meters may obtain this information in real time or near real-time and may report regularly in short intervals , for example every few seconds . The communication may comprise digitali zed values . Communication between smart meters and the processing system may be wireless ( for example Wi-Fi , GSM or LTE ) or via fixed wired connections ( for example Ethernet or optical fibers ) . The computer implemented method comprises furthermore generating an authentication element for authenticating that the produced hydrogen is produced based on renewable energy . The authentication element is generated based on the first electrical characteristics , the second electrical characteristics , the hydrogen characteristics and the predetermined period of time . A plurality of authentication elements may be produced over time . For example , for every predetermined period of time , a corresponding authentication element may be generated based on the first electrical characteristics , the second electrical characteristics and the hydrogen characteristics .

For example , based on the first electrical characteristics , the second electrical characteristics and the hydrogen characteristics , it may be proved that a certain amount of hydro- gen has been produced during the predetermined period of time by the hydrogen electrolyzer . For example , by comparing an amount of electrical energy produced by the at least one electrical generator during the predetermined period of time ( as indicated in the first electrical characteristics ) with an amount of electrical energy received at the hydrogen electrolyzer during the predetermined period of time ( as indicated in the second electrical characteristics ) , it may be proved that the hydrogen electrolyzer is exclusively supplied with energy from the at least one electrical generator that produces electrical energy from renewable sources only . As a result , the amount of the hydrogen delivered by the hydrogen electrolyzer during the predetermined time period ( as indicated in the hydrogen characteristics ) is green hydrogen . This proof may be documented in the authentication element .

In various examples , the authentication element may be added to a distributed database , in particular a distributed ledger . For example , the distributed ledger may be based on a blockchain . Adding the authentication element to the distributed ledger may comprise adding the authentication element to a block of the blockchain . Distributed ledger and blockchain technologies are well known in the art , in particular in connection with digital currency, for example crypto-currency . A distributed ledger ( also called a shared ledger or distributed ledger technology or DLT ) is the consensus of replicated, shared, and synchroni zed digital data that is geographically spread ( distributed) across many sites , countries , or institutions . In contrast to a centrali zed database , a distributed ledger does not require a central administrator . Therefore , handling the authentication element by use of a distributed ledger allows that each hydrogen power plant can authenticate its hydrogen independent from a central administration .

In various examples , the computer-implemented method furthermore comprises metering third electrical characteristics at an electrical energy trans fer system for the predetermined period of time . The electrical energy trans fer system is cou- pled to the electrical output of the at least one electrical generator and coupleable to a power grid . The authentication element is additionally based on the third electrical characteristics . For example , the at least one electrical generator and the hydrogen electrolyzer may be coupled via an electrical bus which is also coupled to an electrical power grid via the electrical energy trans fer system, for example via an electrical trans fer system . At the point of coupling between the electrical bus and the electrical trans fer system to the power grid, the third electrical characteristics may be metered . The third electrical characteristics may be measured by means of a corresponding smart meter and may indicate an amount of electrical energy trans ferred between the electrical bus and the electrical trans fer system . For example , i f the at least one electrical generator produces more electrical energy than the hydrogen electrolyzer can convert into hydrogen, a direction of energy trans fer may be from the electrical bus via the electrical trans fer system to the power grid . In this case , the hydrogen produced by the hydrogen electrolyzer is pure green hydrogen which can be authenticated in the authentication element . Also , i f the third electrical characteristics indicate that no electrical energy is coming from the power grid and no electrical energy is transferred to the power grid, the hydrogen produced by the hydrogen electrolyzer is pure green hydrogen which can be authenticated in the authentication element . In further examples , i f the at least one electrical generator produces less electrical energy than the hydrogen electrolyzer can convert into hydrogen, a direction of energy trans fer may be from the power grid via the electrical trans fer system to the electrical bus and from there to the hydrogen electrolyzer . In this latter case , the hydrogen produced by the hydrogen electrolyzer is not pure green hydrogen, but consists partly of green hydrogen and partly of hydrogen coming from an unknown, possibly non-renewable source . Nevertheless , the part of green hydrogen comprised in the produced hydrogen may be authenticated in the authentication element . According to various examples , the computer-implemented method further comprises metering further hydrogen characteristics relating to compressed hydrogen for the predetermined period of time . The compressed hydrogen is hydrogen that has been produced by the hydrogen electrolyzer and has been compressed by means of a compressor system . The further hydrogen characteristics may be metered at a hydrogen trans fer node . The hydrogen trans fer node may receive and forward the compressed hydrogen from the compressor system to a gas grid or a gas transportation vehicle . The further hydrogen characteristics may be metered with a corresponding smart meter at an output of the compressor system . In some examples , the hydrogen trans fer node comprises a pipeline coupling node for forwarding the compressed hydrogen to a pipeline of a gas grid . In further examples , the hydrogen trans fer node comprises a dispenser node for forwarding the compressed hydrogen to a gas transportation vehicle . The authentication element is generated additionally based on the further hydrogen characteristics . As a result , the authentication element comprises a proof about whether the amount of compressed hydrogen indicated in the further hydrogen characteristics is pure green hydrogen or comprises at least a certain portion of green hydrogen . Furthermore , the authentication element may include information based on the further hydrogen characteristics , for example a mass , volume , purity or pressure of the hydrogen delivered at the output of the compressor during the predetermined period of time .

According to various examples , a communication between the smart meters and the local computer system is based on encrypted communication channels . The smart meters may relate to any one or all of the above-mentioned smart meters , i . e . the smart meter for measuring the first electrical characteristics , the smart meter for measuring the second electrical characteristics , the smart meter form measuring the third electrical characteristics , the smart meter for measuring the hydrogen characteristics and/or the smart meter for measuring the further hydrogen characteristics . Encrypted communication between the smart meters and the local computer system may prevent manipulation and falsi fication of the metering data, or at least make it considerably more di f ficult , so that customer confidence in the data stored in the authentication elements can be increased .

The predetermined period of time may be in a range of 1 to 100 minutes , preferably in a range of 5 to 20 minutes . For example , the predetermined period of time may be 10 minutes . When an authentication element is generated for example every 10 minutes , the amount of data for the authentication elements produced during a li fetime of the power plant of for example 25 to 40 years may be such that it can be stored on a mass storage media of the local computer system, for example on a hard disk drive or flash drive . A complete record of all energy produced during the li fetime of the power plant can thus be provided in the distributed database , for example in a blockchain .

In various examples , the computer-implemented method further comprises determining, based on at least the first electrical characteristics , the second electrical characteristics , and the hydrogen characteristics and optionally the third electrical characteristics , whether the hydrogen produced by the hydrogen electrolyzer during the predetermined period of time is purely produced based on electrical energy from the electrical generator . When the hydrogen is purely produced based on electrical energy from the electrical generator, a certi ficate is generated and the certi ficate is included in the authentication element . The certi ficated indicates that the hydrogen delivered during the predetermined period of time is produced from renewable energy .

For example , for determining whether the hydrogen produced by the hydrogen electrolyzer during the predetermined period of time is purely produced based on electrical energy from the electrical generator, the first electrical characteristics and the second electrical characteristics may be compared . The first electrical characteristics may indicate a first amount of electrical energy produced by the at least one electrical generator during the predetermined period of time . The second electrical characteristics may indicate a second amount of electrical energy received at the hydrogen electrolyzer during the predetermined period of time . I f the first amount of electrical energy is essentially the same as the second amount of electrical energy, it may be assumed that hydrogen produced by the hydrogen electrolyzer during the predetermined period of time is completely produced based on green energy from the at least one electrical generator such that the produced hydrogen is green hydrogen . Small deviations in the range of less of a few percent , for example less than 1 or 2 percent , may be tolerated, in particular in case the first amount of electrical energy is larger than the second amount of electrical energy . Additionally, the third electrical characteristics may be considered . The third electrical characteristics may indicate an amount of electrical energy trans ferred to or from the power grid . For example , a positive value of the amount may indicate that electrical energy has been trans ferred to the power grid, and a negative value of the amount may indicate that electrical energy has been received from the power grid . In particular, i f the amount of electrical energy is positive , it can be assumed that the hydrogen produced by the hydrogen electrolyzer during the predetermined period of time is completely produced based on green energy from the at least one electrical generator and is therefore green hydrogen . Information on the amount of electrical energy, i . e . information on the amount of the electrical energy exported into the grid during the predetermined period of time , may also be included in the authentication element as a further prove that suf ficient electrical energy was provided by the at least one generator during the predetermined period of time and that the produced hydrogen is green hydrogen .

Optionally, the authentication element may comprise information on the first electrical characteristics , the second electrical characteristics , the hydrogen characteristics and the predetermined period of time . For example , the authentication element may comprise the starting time of the predetermined period of time and the ending time of the predetermined period of time . Furthermore , the authentication element may comprise the amount of electrical energy produced during the predetermined period of time by the at least one electrical generator, for example in kWh, the amount of electrical energy received at the hydrogen electrolyzer, for example in kWh, and the amount of hydrogen produced by the hydrogen electrolyzer, for example in kg .

In further examples , the authentication element may comprise at least one of information on an average of the first electrical characteristics , information on an average of the second electrical characteristics , information on an average of the hydrogen characteristics , and information on the predetermined period of time .

According to various examples , the distributed ledger is further configured for managing at least one smart contract for trading the produced hydrogen . A smart contract may be a computer program or a transaction protocol that is intended to automatically execute , control and/or document legally- relevant events and actions according to the terms of a contract or an agreement . For example , conditions for delivery of hydrogen, in particular green hydrogen, may be agreed between an operator of the power plant and a customer . These conditions may be implemented in a smart contract and may be stored in the distributed ledger . In some examples , based on the smart contract , green hydrogen may be automatically supplied into a hydrogen grid .

Additionally or as an alternative , the local computer system may be configured to automatically deliver hydrogen as agreed by a customer and an operator of the power plant in a smart contract . For example , green hydrogen may be automatically dispensed into a hydrogen transport vehicle , for example into a tube trailer, in response to a demand from the driver of the transport vehicle . The demand may be issued by the driver with a corresponding distributed ledger application on a mobile device communicating with the local computer system .

The distributed ledger may be configured to grant access to permissioned parties only .

Furthermore , the computer-implemented method may comprise adding the authentication element , or at least parts thereof , to a further distributed ledger . The further distributed ledger does not include the smart contract for trading the hydrogen and is configured to grant access to public parties . The further distributed ledger may include further information concerning the transportation of the hydrogen with the transport vehicle , for example information concerning a destination where the hydrogen was discharged . For example , the further distributed ledger may be accessible to end-use customers who want to buy green hydrogen for their vehicles at a gas station . The access to the further distributed ledger enables the end-use customers to veri fy whether the hydrogen that was delivered to the gas station is green hydrogen are not .

In various examples , adding the authentication element to the distributed ledger comprises generating a cypher by encrypting the authentication element , and adding the cypher to the distributed ledger . For example , an asymmetric key algorithm may be used for generating the cipher . Information to be provided in the authentication element can be encrypted with a private key, for example by the operator of the power plant . The thus encrypted information provided in the authentication element can be decrypted with a public key, for example by customers . The public key can be made public without loss of confidentially .

Optionally, generating the cypher may comprise including a digital signature , a so called magic number, in the cypher . According to a further aspect , a system for authenticating hydrogen from renewable sources in a hydrogen power plant is provided . The hydrogen power plant comprises at least one electrical generator configured to generate electrical energy from a renewable energy source , and a hydrogen electrolyzer electrically coupled to the at least one electrical generator and configured to produced hydrogen from electrical energy . The system comprises a first smart meter configured to meter first electrical characteristics at an electrical output of the at least one electrical generator for a predetermined period of time , and a second smart meter configured to meter second electrical characteristics at an electrical input of the hydrogen electrolyzer for the predetermined period of time . The system furthermore comprises a third smart meter configured to meter hydrogen characteristics of produced hydrogen at a hydrogen output of the hydrogen electrolyzer for the predetermined period of time , and a computer system coupled to the first smart meter, the second smart meter and third smart meter . The computer system is configured to generate , based on the first electrical characteristics , the second electrical characteristics , the hydrogen characteristics and the predetermined period of time , an authentication element for authenticating that the produced hydrogen is produced based on renewable energy .

The system may be configured to perform the above described method and comprises therefore also the above described properties and features .

It is to be understood that the features mentioned above and those yet to be explained below may be used not only in the respective combinations indicated, but also in other combinations or in isolation without departing from the scope of the invention .

BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 shows schematically a power plant including a system for authenticating hydrogen from renewable sources according to an embodiment of the present invention .

Figure 2 shows schematically a power plant including a system for authenticating hydrogen from renewable sources according to a further embodiment of the present invention .

Figure 3 shows schematically a flowchart including method steps of a computer implemented method for authenticating hydrogen from renewable sources according to an embodiment of the present invention .

Figure 4 illustrates schematically creation of a blockchain block using smart meter data according to an embodiment of the present invention .

Figure 5 illustrates schematically an execution process of a smart contract for delivering green hydrogen according to an embodiment of the present invention .

Figure 6 shows schematically components and interaction of these components for dispensing hydrogen into mobile storage tanks based on distributed ledger techniques according to an embodiment of the present invention .

Figure 7 shows schematically components and interaction of these components for dispensing hydrogen into a gas pipeline system based on distributed ledger techniques according to an embodiment of the present invention .

DETAILED DESCRIPTION OF EMBODIMENTS

In the following, embodiments of the invention will be described in detail with reference to the accompanying drawings . It is to be understood that the following description of embodiments is not to be taken in a limiting sense . The scope of the invention is not intended to be limited by the embodiments described hereinafter or by the drawings , which are taken to be illustrative only .

The drawings are to be regarded as being schematic representations and elements illustrated in the drawings are not necessarily shown to scale . Rather, the various elements are represented such that their function and general purpose become apparent to a person skilled in the art . Any connection or coupling between functional blocks , devices , components , or other physical or functional units shown in the drawings or described herein may also be implemented by an indirect connection or coupling . A coupling between components may also be established over a wireless connection . Functional blocks may be implemented in hardware , firmware , software , or a combination thereof .

In the field of renewable energy, hydrogen becomes an important means of storing and transporting energy . In this context , it is important to ensure that the hydrogen is produced from renewable energy sources to limit electricity production in fossil power plants , thus reducing carbon emissions from the industry that uses hydrogen for industrial purposes . Hydrogen produced from renewable energy sources is referred to as " green hydrogen" , and it is required to be able to demonstrate that the hydrogen going into a pipeline , storage tank, or truck/ trailer is in fact green hydrogen .

A systems and methods are described below in which hydrogen can be traded automatically by means of a smart contract between a hydrogen supplier and a customer . A transaction to supply hydrogen can be executed on a blockchain and stored in a distributed ledger and can thus be tracked on the blockchain network .

Figure 1 schematically shows a hydrogen power plant 100 comprising a generator arrangement 120 of electrical generators 122 that produce electrical energy from renewable energy sources , and one or more electrolyzer systems 140 , wherein in Figure 1 only one electrolyzer system 140 is shown . For example , the generator arrangement 120 may comprise a windfarm comprising a plurality of wind turbines is electrical generators 122 . Furthermore , the generator arrangement 120 may comprise further types of electrical generators 122 producing electrical energy from renewable energy sources , for example a plurality of photovoltaic panels . Hereinafter, wind turbines and photovoltaic panels and any other means of providing electrical energy from renewable energy sources are collectively referred to as electrical generators 122 that produce electrical energy from renewable energy sources .

The generator arrangement 120 is coupled via a power cable system 124 to an electrical bus 130 for providing electrical energy from the electrical generators 122 to the bus 130 . The electrical bus 130 may be coupled via a trans former 132 to a common coupling bus 170 through which electrical energy can be trans ferred via an electrical trans fer system 172 and a grid connection bus 174 to and from an electrical grid 176 . Furthermore , the electrical bus 130 is coupled via a further power cable system 144 to the electrolyzer system 140 .

The electrolyzer system 140 generates hydrogen by use of electricity supplied by the power cable system 144 . The electrolyzer system 140 may comprise a plurality of electrolyzer stacks 142 each configured to decompose water into oxygen and hydrogen gas by electrolysis using electricity supplied by the power cable system 144 . The hydrogen gas released in this way can be used as hydrogen fuel . The hydrogen gas generated by the electrolyzer system 140 may be provided via a gas line 146 to a gas coupling node 148 . At the gas a coupling node 148 , hydrogen gas from electrolyzer system 140 and further electrolyzer systems may be merged and forwarded via a further gas line 150 to a compressor system 152 . In the compressor system 152 , the hydrogen gas may be compressed to a pressure of , for example , 35 barg to 100 barg . At an output of the compressor system 152 , the compressed hydrogen may be trans ferred via a coupling node 154 , a gas transmission sys- tem 156 and a gas grid node 158 into a gas grid 160 . The gas transmission system 156 may comprise a gas pipeline . The gas grid 160 may distribute the hydrogen to customer so , for example industrial customers .

The hydrogen power plant 100 furthermore comprises a system 200 for authenticating hydrogen produced from renewable sources . The system 200 comprises a plurality of smart meters for measuring electrical characteristics and hydrogen characteristics . The plurality of smart meters are coupled to a local computer system 220 for providing the electrical and hydrogen characteristics . Coupling between the smart meters and the local computer system 220 may be accomplished by any means known in the art , for example by use of wireless communication like Wi-Fi or Bluetooth, or by use of wired communication like a local area network ( LAN) or an industrial bus , for example a CAN bus , based on copper wires or glass fibers . The local computer system 220 may comprise any kind of computing device , for example a personal computer or a server, including a central processing unit ( CPU) and memory for storing program code which may be executed by the CPU to perform the methods described below .

In detail , a first smart meter 202 is provided at a coupling between the generator arrangement 120 and the electrical bus 130 and is configured to meter first electrical characteristics indicative of characteristics of electrical energy generated by the generator arrangement 120 . The first electrical characteristics may comprise for example electrical power in kW or MW, or electrical energy in kWh or MWh . The first electrical characteristics may be measured over a predetermined period of time and corresponding characteristics may be reported to the local computer system 224 for each interval having the predetermined period of time . The report may comprise a starting time and an ending time of the predetermined period of time . Such measurements may be performed in consecutive intervals having a length of the predetermined period of time . Starting times of these intervals may be synchro- ni zed to a central clock of the local the computer system 220 . In the following, as an example , the predetermined period of time will be 10 minutes . However, in other examples of , the predetermined period of time may have a di f ferent length, for example 5 minutes , 15 minutes , 20 minutes or any other value . As a result , the first smart meter 202 may send a plurality of reports to the local computer system 220 , and each report may comprise first electrical characteristics relating to a corresponding interval . Each record may indicate for example the electrical energy produced by the generator arrangement 120 during the corresponding interval or may indicate an average of the electrical power output by the generator arrangement 120 during the corresponding interval .

A second smart meter 204 is provided at a coupling between the electrical bus 130 and the hydrogen electrolyzer 140 and is configured to meter second electrical characteristics indicative of characteristics of electrical energy flowing from the electrical bus 130 into the hydrogen electrolyzer 140 . The second electrical characteristics may comprise for example electrical power in kW or MW, or electrical energy in kWh or MWh . The second electrical characteristics may be measured over the same predetermined period of time as the first electrical characteristics , and corresponding characteristics may be reported to the local computer system 220 at the end of the predetermined period of time . As explained above in connection with the first smart meter, the measurements of the second smart meter may be performed in consecutive intervals having a length of the predetermined period of time . Starting times of these intervals may be synchroni zed to a central clock of the local the computer system 220 , i . e . the intervals of the first smart meter 202 and the second smart meter 204 may be synchroni zed .

A third smart meter 206 is provided at an output side of the hydrogen electrolyzer 140 , for example at a connection between the gas line 146 and the gas coupling node 148 . The third smart meter 206 is configured to meter hydrogen charac- teristics of hydrogen produced by the hydrogen electrolyzer 140 during the predetermined period of time . The hydrogen characteristics may comprise for example hydrogen gas mass flow in kg, hydrogen gas flow rate in kg/minute , hydrogen purity in % , and/or hydrogen gas pressure in barg . The third smart meter 206 may comprise a plurality of smart meters for measuring the di f ferent characteristics , for example a smart meter or sensor for measuring the gas mass flow or gas flow rate , a further sensor for measuring the hydrogen purity and yet a further sensor for measuring the hydrogen gas pressure . The hydrogen purity may indicate contamination of the hydrogen with substances like water, dust or other gases like oxygen or noble gas . In the same way as the first and second smart meters 202 , 204 , the third smart meter 206 may measure the hydrogen characteristics in intervals having the above- mentioned predetermined period of time . The hydrogen characteristics may be reported to the local computer system 220 for each measurement interval .

A fourth smart meter 208 may be provided at an output of the compressor system 152 . In a similar way as the third smart meter 206 , the fourth smart meter 208 may be configured to meter further hydrogen characteristics of hydrogen compressed by the compressor system 152 . The further hydrogen characteristics may comprise for example hydrogen gas mass flow in kg, hydrogen gas flow rate in kg/minute , hydrogen purity in % , and hydrogen gas pressure in barg . The fouth smart meter 208 may comprise a plurality of smart meters for measuring the di f ferent characteristics , for example a smart meter or sensor for measuring the gas mass flow or gas flow rate , a further sensor for measuring the hydrogen purity and yet a further sensor for measuring the hydrogen gas pressure . Like the third smart meter 206 , the fourth smart meter 208 may measure the further hydrogen characteristics in intervals having the above-mentioned predetermined period of time , and the further hydrogen characteristics may be reported to the local computer system 220 for each measurement interval . A fi fth smart meter 210 may be provided at a coupling between the electrical bus 130 and the electrical grid 176 . For example , as shown in Figure 1 , the fi fth smart meter 210 may be provided at the common coupling bus 170 and may be configured to meter, as the third electrical characteristics , electrical energy flowing from the electrical grid 176 to the electrical bus 130 and electrical energy flowing in the opposite direction from the electrical bus 130 to the electrical grid 176 . The third electrical characteristics may be measured over the same predetermined period of time as the first electrical characteristics , and corresponding characteristics may be reported to the local computer system 220 for each interval of the predetermined period of time .

In the example illustrated above in connection with Figure 1 , the hydrogen is supplied into the gas grid 160 . Additionally or as an alternative , the hydrogen may be dispensed into a transport container of a transport vehicle , for example in a compressed gas tank or tubes of a tube trailer of a truck or a ship . Figure 2 schematically shows a power plant 100 comprising a corresponding dispenser system 192 for dispensing compressed hydrogen to a transport container 196 , for example a tube trailer . The upper part of Figure 2 is identical to the upper part of Figure 1 and therefore the description of the components of this in part will not be repeated . As illustrated in Figure 2 , a buf fer tank 180 may be provided between the gas coupling node 148 and the compressor system 152 . As there may be times in which the electrolyzer system 140 produces hydrogen but no transport container 196 is coupled to the dispenser system 192 and therefore no hydrogen can be dispensed, the buf fer tank 180 is provided for buf fering the hydrogen until it can be dispensed . The compressor system 152 may compress hydrogen from the buf fer tank 180 on demand of the dispenser system 192 . There may be more than one dispenser system 192 . The one or more dispenser systems 192 are coupled to the compressor system 152 via a dispenser node 190 . Each dispenser system 192 may be coupled via a corresponding duct 194 with a corresponding transport container 196 . The above-mentioned fourth smart meter 208 may be provided at an output of the dispenser system 192 for metering the hydrogen dispensed to the transport container 196 .

Based on data from the smart meters 202-210 , a proof of origin of the energy with which the hydrogen was produced can be performed for both, dispensing the hydrogen to the gas grid 160 and dispensing the hydrogen to the transport container 196 . The smart meters 202-210 are placed at speci fic locations to measure green electrical energy production, hydrogen electrolyzer energy input , electrolyzer hydrogen output , and final hydrogen mass flow and flow rate that enters the market via pipelines and the grid or via gas containers . All smart meters 202-210 may be equipped with high sample rate , high precision and high accuracy measuring equipment and encrypted communication channels to communicate measurement data at high speed .

The smart meters 202-210 communicate with the local computer system 220 that may as a site blockchain node of a blockchain network that may store and publish measurements from the smart meters 202-210 about the hydrogen output and electrical energy input applied to produce the hydrogen and the source of electrical energy . The data from these smart meters 202- 210 may be logged as 10 minutes accumulated or averaged values and a magic number may be generated using this information, with a typical cypher which can be deciphered to get exact measurements . The cypher may be encrypted and added to the blockchain as a new block when a transaction to get hydrogen into the transport container or pipeline is executed .

A consensus algorithm designed to provide a detailed proof of the entire production value chain of green hydrogen may give users access to the complete history of the power plant 100 and all the hydrogen produced and supplied from the particular dispenser system 192 into the container 196 or supplied from the particular compressor system 152 into the gas grid 160 , along with its purity . For accomplishing this , the local computer system 220 may be configured to perform a method 300 comprising method steps 302-320 as schematically illustrated in Figure 3 .

In step 302 , the first electrical characteristics are metered with the first smart meter 202 at an electrical output of the at least one electrical generator 122 for the predetermined period of time , for example 10 minutes . The first electrical characteristics are communicated to the local computer system 220 . In step 304 the second electric characteristics are metered with the second smart meter 204 at an electrical input of the hydrogen electrolyzer system 140 for the predetermined period of time . The second electrical characteristics are communicated to the local computer system 220 . Optionally, in step 306 , the third electrical characteristics are metered with the fi fth smart meter 210 at the common coupling bus 170 for the predetermined period of time . The third electrical characteristics are communicated to the local computer system 220 . In step 308 hydrogen characteristics are metered with the third smart meter 206 at an output of the hydrogen electrolyzer for the predetermined period of time . The hydrogen characteristics are communicated to the local computer system 220 . Optionally, in step 310 , further hydrogen characteristics of compressed hydrogen are metered with the fourth smart meter 208 at an output side of the compressor system 152 , for example as shown in Figure 1 between the compressor system 152 and the gas transmission system 156 , or as shown in Figure 2 between the dispenser system 192 and the transport container 196 .

Optionally, in steps 312 and 314 , a certi ficate may be generated based on the information from the first to fi fth smart meters 200-210 by the local computer system 220 . The certi ficate may indicate that hydrogen dispensed into the container 196 or trans ferred into the gas grid 160 during the predetermined period of time is in fact green hydrogen . For example , in step 312 , the local computer system 220 may determine whether the hydrogen produced during the predetermined period of time is purely based on green energy . For example , the local computer system 220 may compare the first , second and third electrical characteristics . Based on this comparison, the local computer system 220 may determine whether the electrolyzer system 140 is powered during the whole predetermined period of time with electrical energy from renewable sources . For example , i f the amount of energy produced by the generator arrangement 120 , which exclusively produces electrical energy from renewable sources like wind or sun, is equal or larger than the amount of electrical energy input into the electrolyzer system 140 during the predetermined period of time , it can be assumed that the hydrogen produced by the electrolyzer system 140 is entirely based on renewable energy . In particular, i f no electrical energy has been input into the power plant 100 from the electrical grid 176 , which may be indicated by the fi fth smart meter 210 , it can be assured that hydrogen produced by the power plant 100 during the predetermined period of time is green hydrogen . Moreover, i f electrical energy was even trans ferred from the power plant 100 to the electrical grid 176 during the predetermined period of time , e . g . as measured by the fi fth smart meter 210 , it is also assured that the hydrogen produced by the power plant 100 during the predetermined period of time is green hydrogen .

The amount of hydrogen produced during the predetermined period of time by the electrolyzer system 140 is measured with the third smart meter 206 . By comparing the amount of produced hydrogen as measured with the third smart meter 206 and the amount of dispensed hydrogen as measured with the fourth smart meter 208 , it can be assured that the hydrogen received at the customer is in fact the hydrogen which has been produced during the predetermined period of time which may be proved to be green hydrogen as described before based on the first , second and fi fth smart meters 202 , 204 and 210 . I f the local computer system 220 has been determined that the delivered hydrogen is green hydrogen, a corresponding certi ficate may be generated in step 314 . The certi ficate may in particular indicate the predetermined period of time and the amount of green hydrogen .

In step 316 an authentication element is generated based on the information obtained in the previous steps . For example , the authentication element may comprise information or data indicating the electrical characteristics of each of the first , second and fi fth smart meters 202 , 204 and 210 as well as the hydrogen characteristics of each of the third and fourth smart meters 206 and 208 . Furthermore , the authentication element may comprise optionally the certi ficate i f available . The authentication element may comprise information on the predetermined period of time , for example a starting time , an ending time and/or length of the predetermined period of time . As a result , based on the information or data contained in the authentication element , it may be determined and proved whether the hydrogen obtained during the predetermined period of time is completely produced based on renewable energy, i . e . the hydrogen is green hydrogen, or at least the portion of green hydrogen in the obtained hydrogen can be determined . Optionally, the authentication element may include a data element indicating the portion of green hydrogen in the hydrogen obtained during the predetermined period of time , for example as a relative value in the range of 0 to 100% . 100% means that the hydrogen produced is exclusively green hydrogen .

In step 318 the authentication element may optionally be encrypted, for example using a symmetric or asymmetric cipher . In particular the use of an asymmetric cipher, i . e . a publickey cryptography, enables an encryption which can be performed by the operator of the power plant 100 only and a decryption which can be performed by anyone who has the corresponding public key received from the operator of the power plant 100 . Manipulation of the authentication element can thus be prohibited .

Furthermore , in step 320 , the ( encrypted) authentication element can optionally be added to a distributed database , for example to a distributed ledger . The distributed ledger may be implemented as a blockchain and adding the authentication element to the distributed ledger may comprise adding the authentication element to a block of the blockchain . Storing the authentication element in a blockchain makes the authentication element available to a large number of customers . Furthermore , storing all authentication elements in the blockchain during operation of the power plant 100 , the complete history of the produced hydrogen can be tracked .

Figure 4 schematically illustrates the generation of an authentication element and adding the authentication element to a blockchain 420 . The blockchain 420 may already comprise a plurality of blocks of 422 to 428 . As described above and shown in Figure 4 , the first smart meter 202 provides first electrical characteristics based on electrical energy delivered from the generator arrangement 120 . The second smart meter 204 provides second electrical characteristics based on electrical energy input to the electrolyzer system 140 via the power cable system 144 . The third smart meter 206 provides hydrogen characteristics based on a hydrogen output of the electrolyzer 140 at the gas line 146 . The fourth smart meter 208 provides further hydrogen characteristics based on the hydrogen output at the compressor system 152 into the gas grid 160 according to Figure 1 and hydrogen output at the duct 194 to the transport container 196 according to Figure 2 , respectively . A distributed ledger application which may be executed by the local computer system 220 may implement a site blockchain node 402 which collects the information from the smart meters 202 to 210 to create a corresponding authentication element for the predetermined period of time as described above in connection with Figure 3 . Based on this authentication element , a block 404 is created and published to be validated by validator nodes 410 to 414 in a data network, for example in the Internet . Upon approval of the block 404 , the block 404 is added to the blockchain 420 as additional block 430 .

The distributed ledger may further be configured for managing smart contracts for trading the produced hydrogen . Smart contract terms and conditions have to be agreed beforehand for their execution and communicated to the customers of green hydrogen . Once the conditions of the green hydrogen smart contract is met , software , for example a smart contract application running on the local computer system 220 , may take over and perform automatic dispensation of the hydrogen when a customer has agreed for the price and has ordered an amount of hydrogen to be delivered . It is to be noted that the smart contracts are immutable and cannot be changed once executed and placed on the blockchain . Furthermore , anyone who has access to the blockchain can go back in time and look at an individual block and look at all the green hydrogen transactions that occurred and are stored on the blockchain, which provides full transparency to the customers and users of the hydrogen as well .

Figure 5 schematically shows a smart contract execution process 500 for a green hydrogen delivery process . In block 502 , the smart contract terms are created . The contract terms may relate to the hydrogen price per kilogram, the hydrogen purity and the hydrogen source , i . e . whether green hydrogen is required or at least a certain percentage of the hydrogen has to be green . Based on the smart contract terms , a smart contract is deployed in block 504 . Deployment of the smart contract may include that an agreement on the terms is reached, a transaction is initiated, funds are frozen and the blockchain 420 is updated accordingly . In block 506 the smart a contract is executed . This may be performed automatically by the local computer system 220 , for example by controlling valves for supplying hydrogen to the gas grid 160 or by releasing hydrogen dispensing in the dispenser system 194 for the transport container 196 . In other words , the value transfer, i . e . the hydrogen flow, as defined by the smart contract is performed in block 506 and a corresponding record is added to the blockchain 420 . Finally, in block 508 payment and delivery is settled by initiating payment , releasing funds , and confirming delivery . The payment and delivery settlement is also updated in the blockchain 420 . As a result , the customer 510 has received the ordered amount of hydrogen and the hydrogen supplier 512 has received the corresponding payment .

The green hydrogen smart contract can be deployed in various ways . For example , the green hydrogen smart contract can be deployed via a QR code in a mobile phone application by a tube trailer operator, who arrives at the dispenser system 192 to receive hydrogen . In further examples , the green hydrogen smart contract can be deployed by using a smart contract application via the internet , e . g . for ordering hydrogen via a pipeline , e . g . via the gas transmission system 156 . For example , an external supervisory control and data acquisition ( SCADA) system for a gas pipeline can execute transactions when needed and as required . SCADA may be implemented as a control system architecture comprising computers , networked data communications and graphical user interfaces for high-level supervision of machines and processes .

The smart contract terms are set in advance and a software framework keeps the information about the renewable energy used and the green hydrogen produced from the renewable energy . This information is used for creating a block of the blockchain and when a transaction is initiated, the hydrogen dispenser system 192 starts to deliver hydrogen into the tube trailer or the compressor 152 starts to deliver hydrogen into the gas transmission system 156 by controlling corresponding control valves and therefore starts to execute the transaction .

Each transaction covers a time interval of the predetermined period of time , for example 10 minutes . Even i f it takes a few days to fill one tube trailer, this filling of green hydrogen will comprise a series of 10-minutes green hydrogen smart contract transactions . The series of 10-minutes transactions may be put together in a block on the blockchain . Each transaction is finali zed individually and the amount to be paid for the hydrogen is accumulated, which can be paid to finish the transaction from an escrow account e . g . a wallet working on the same blockchain, allowing next transactions to be executed .

The whole procedure may be performed automatically by involved in computing systems , including for example the local computer system 220 . Therefore , this procedure does not require an intermediary and is fully transparent with all data of the transactions being available on the blockchain and accessible to be analyzed at any time .

In the following, the green hydrogen delivery mechanism described above using a blockchain will be described in more detail by way of two examples , one example relating to a delivery of hydrogen into a tube trailer, and one example relating to a delivery of hydrogen to a pipeline .

It is to be noted that some information contained in the blockchain may be required to be private , i . e . known to the operator of the power plant 100 and one or more customers only, whereas other information may be of public interest . For example , the above described procedure may be implemented on a public / private hybrid blockchain, wherein the private blockchain contains all the detailed information related to electricity generation from the power plant and hydrogen production, but the public blockchain contains only market relevant data like hydrogen amount , delivery price etc . This allows global access while providing a layer of encapsulation to protect sensitive data .

Figure 6 shows techniques that allow a green hydrogen customer to directly buy hydrogen without any intermediary using j ust a mobile phone application that has a blockchain wallet and can read a QR code and initiate a smart contract execution with the system at the renewable hydrogen power plant 100 .

In detail , as illustrated in Figure 6 , electrical characteristics and hydrogen characteristics are communicated as indicated by arrow 601 from the power plant 100 to a site blockchain node 402 . The site blockchain node 402 may be implemented by the local computer system 220 or any other computer or server coupled to the power plant 100 . A smart contract application 650 creates , based on information from the site blockchain node 402 ( arrow 602 ) , a QR code 652 which may be presented ( arrow 603 ) on a user interface at the dispenser system 192 to a customer 654 . The customer 654 may have a blockchain application 656 running on a mobile device , e . g . a mobile phone , which is capable of scanning the QR code 652 ( arrow 604 ) . Upon scanning of the QR code 652 , the terms and conditions for buying green hydrogen may be presented to the customer 654 on the mobile device . The customer 654 may accept the terms and conditions and may speci fy the requested amount of hydrogen to be bought . A confirmation indicating that the terms of the smart contract are accepted and the requested amount of hydrogen may be transmitted as a response to the smart contract application 650 ( arrows 605 and 606 ) . Agreement on the terms of the smart contract may be recorded in a private blockchain 658 ( arrow 607 ) . Furthermore , the agreement on the terms of the smart contract and to the requested amount of hydrogen is forwarded to the site blockchain node 402 ( arrow 608 ) . The site blockchain node 402 instructs and controls ( arrow 609 ) the power plant 100 to deliver the ordered hydrogen to the tube trailer 660 of the customer 654 ( arrow 611 ) . The power plant 100 acknowledges and confirms the delivery of the hydrogen to the site blockchain node 402 ( arrow 610 ) . The delivered amount of hydrogen is reported to the smart contract application 650 ( arrow 612 ) and the private blockchain 658 is updated accordingly ( arrow 613 ) . Additionally, information concerning the buying of the hydrogen may be made public in a public blockchain 662 ( arrow 614 ) . As indicated by arrow 616 , the customer 654 can retrieve , by use of its blockchain application 656 , information concerning the delivered hydrogen, for example the purity and whether it is green hydrogen or the amount of green hydrogen in the delivered hydrogen . Furthermore , as indicated by arrow 615 , the customer 654 can confirm the delivery and initiate payment by updating the private blockchain .

The public blockchain 662 allows external parties 664 , for example other customers , grid operators , trading partners and certi fication bodies and so on, to retrieve at least some of the information of the delivered hydrogen by use of a corresponding public blockchain application 666 as indicated by arrows 617 and 618 .

To sum up, the system works similar to an unmanned fuel station where the customer pays first and gets fuel later, and once all of the fuel has been dispensed, the payment is trans ferred into the account of the company owning the fuel station . In the example illustrated in connection with Figure 6 , the customer/ tube trailer operator 654 j ust scans the QR code 652 generated by the green hydrogen smart contract application 650 and agrees to the price and further details , for example details which prove the hydrogen provided is green . This agreement from the customer via the application will trigger the smart contract to be executed which will in turn start the hydrogen delivery to the connected tube trailer 660 .

These techniques do not require approval processes because they use a smart contract to execute transactions and record them in the blockchain ( s ) . The customer can access metadata about their transaction and see proof that the hydrogen delivered was truly green, based on the smart meter data that was delivered to them . Figure 7 shows techniques that allow a customer 754 to buy green hydrogen via a pipeline , e . g . via the gas transmission system 156 . Compared to the techniques described above in connection with Figure 6 , the execution of the smart contract according to Figure 7 will be slightly di f ferent as the pipeline can perpetually take hydrogen . Therefore , a customer trading software 756 may be provided as an interface to execute smart contracts and to start and stop delivery of gas as well as settling the payment of the hydrogen delivered . The customer trading software 756 may be implemented by or may be part of a SCADA software .

In detail , electrical characteristics and hydrogen characteristics are communicated as indicated by arrow 701 from the power plant 100 to a site blockchain node 402 . A smart contract application 750 provides this information from the site blockchain node 402 ( arrow 702 ) in one or more smart contracts . The one or more smart contracts may be provided to the customer trading software 756 as indicated by arrow 703 . The customer trading software 756 may request execution of a smart contract as indicated by arrow 704 . In response , the smart contract application 715 indicates ( arrow 706 ) to the site blockchain node 402 information of the smart contract to be executed . The site blockchain node 402 instructs and controls ( arrow 707 ) the power plant 100 to deliver the ordered hydrogen to the gas transmission system 156 ( arrow 708 ) . The power plant 100 acknowledges and confirms the delivery of the ordered hydrogen to the site blockchain node 402 ( arrow 709 ) . The delivered amount of hydrogen is reported to the smart contract application 750 ( arrow 710 ) and the private blockchain 658 is updated accordingly ( arrow 711 ) . Additionally, some information concerning the buying and delivery of the hydrogen may be made public in the public blockchain 662 ( arrow 712 ) . The customer 754 can monitor by use of the customer trading software 756 information concerning the delivered hydrogen, for example the purity and whether it is green hydrogen ( arrow 714 ) . Additionally, the customer 754 can confirm the delivery and initiate payment by updating the private blockchain 658 ( arrow 713 ) . As mentioned above in connection with Figure 6 , the public blockchain 662 allows external parties 664 to retrieve at least some of the information of the delivered hydrogen by use of the public blockchain application 662 as indicated by arrows 617 and 618 .

In summary, according to the above described techniques , there is direct interaction between the customer trading software 756 and the smart contract application 750 to request hydrogen delivery to the gas transmission system 156 , for example a pipeline . The smart contract application 750 executes the smart contract when all conditions are met and triggers delivery of the ( green) hydrogen gas to the gas transmission system 156 . The delivery pressure , price , hydrogen purity, energy input required to produce the hydrogen and further information from the production and meters 202-210 may be part of the smart contract and maybe recorded in the private blockchain 658 such that the customer 754 can monitoring this information at any time . The customer 754 gets access to the data through the private blockchain 658 via the customer trading software 756 that allows to query the private blockchain 658 on demand . The execution of the smart contract triggers creation of blocks that are added to the private blockchain 658 at every stage of the smart contract execution, which includes hydrogen delivery, where data is added to the block at a predetermined time ( to be placed on the blockchain later ) , and once the conditions of terminating the transaction are met , i . e . the agreed amount of hydrogen has been delivered, the transaction is completed and funds released to the hydrogen delivering party .

Unless explicitly stated otherwise above , the terms "perform" , " calculate" , " computer-implemented" , " calculate" , " establish" , " generate" , " configure" , " reconstruct" and the like preferably relate to actions and/or processes and/or processing steps which modi fy data and/or which generate data and/or which trans form data in other data . Data can be represented by physical quantities or be present as physical quan- titles, e.g., as electrical pulses. In particular, the term "computer" should be interpreted broadly to cover all electronic devices having data processing capabilities. Computers can, thus, be implemented by personal computers, servers, memory programmable controllers, handheld computer systems, pocket PC devices, wireless communication devices and other communication devices that can process data, processors and other electronic devices for processing data.

In the context of the present disclosure "computer- implemented" can relate to an implementation of a method in which a processor performs at least one method step.

A processor in the context of the present disclosure can be a machine or electronic circuit. A processor can be specifically implemented by a central processing unit (CPU) or a microprocessor or a microcontroller, e.g., an application-specific integrated circuit (ASIC) or a digital signal processor, possibly in combination with a memory unit for storing program code, etc. A processor can alternatively or additionally be implemented by an integrated circuit (IC) , specifically a field programmable gate array (FPGA) , an ASIC or a digital signal processor (DSP) or a graphic processing unit (GPU) . Alternatively or additionally, a processor can be implemented by a virtual processor or a virtual machine or a soft CPU. A processor can be implemented by a programmable processor having configuration interfaces that facilitate configuration of various techniques described herein. The programmable processor can be configured to implement method steps as described herein, components, modules, or other aspects of the techniques described herein.

A "memory unit" or "memory module" or the like can be implemented by a volatile memory in the form of random access memory (RAM) or a non-volatile memory such as a hard disc or data carrier. A "module", in the context of the present disclosure, can be implemented by a processor and/or a memory unit for storing program instructions. A module can be implemented in hardware and/or software and/or firmware. For example, the processor can be configured to execute the program instructions such that the processor executes functions that implement methods or steps of a method as described herein. A module can also be a node of a DBS that implements specific functions/ features of the respective module. The respective modules can, e.g., be implemented as separate/individual modules. For this, the respective modules can include further elements. For example, these further elements can be one or more interfaces (e.g., database interfaces, communication interfaces - e.g., a network interface or WLAN interface) and/or an evaluation unit (e.g., a processor) and/or a memory unit. By means of the interfaces, it is possible to exchange data (e.g., to receive, communicate, transmit or provide data) . By means of an evaluation unit, it is possible to compare, validate, process, assign or calculate data in a computer-implemented and/or automated manner. By means of the memory unit, data can be stored, retrieved or provided in a computer-implemented and/or automated manner. It would also be possible that multiple modules are implemented by a common processor .

The term "include" - specifically with respect to data and/or information - can relate to a (computer-implemented) storing of respective information or the respective date in a data structure/data set (which, e.g., in turn is also stored in a memory unit) in the context of the present disclosure.

The term "assign" - specifically in relation to data and/or information - can relate to a computer-implemented assignment of data and/or information in connection with the present disclosure. For example, a first date is assigned, by means of a memory address or a unique identifier, a second date, e.g., by storing the first date together with the memory ad- dress or the unique identifier of the second date in a data set .

The term "providing" - in particular in regard to data and/or information - can relate to a computer-implemented providing in connection with the present disclosure. Said providing may be implemented by an interface, e.g., a database interface, a network interface, an interface to a memory unit. It is possible that respective data and/or information are communicated and/or transmitted and/or retrieved and/or received when providing via the interface.

The term "providing" can also relate to a loading or saving, e.g., of a transaction together with respective data in the context of the present disclosure. For example, this can be implemented on or by a memory module.

The term "providing" can also relate to communicating (or transmitting or receiving or transfer) of respective data from a node to another node of the blockchain or the DBS (respectively of the corresponding infrastructure) in the context of the present disclosure.

A "smart-contract" process can refer to the execution of program code, e.g., of a control instruction, in a process by means of the DBS or the respective infrastructure.

A "checksum", e.g., a data-block checksum, a data checksum, a node checksum, a transaction checksum, a chaining checksum or the like can relate to a cryptographic checksum or a cryptographic hash or hash value, in the context of the present disclosure. Such checksums can, in particular, be determined across a data set and/or data and/or one or more transactions and/or a subsection of a data block, e.g., the block header of a block of the blockchain or the data block header of a data block of a DBS or only a part of the transaction of a data block. A checksum can be specifically implemented by a checksum or checksums or a hash value or hash values of a hash tree, e.g., a Merkle tree, a Patricia tree. Moreover, a "checksum" can also be implemented by a digital signature or a cryptographic message authentication code. By means of checksums, it is possible to implement cryptographic protec- tion/protection against manipulation for transactions and the associated data and datasets on various levels of the DBS.

For example, if there is a need for an increased level of security, it would be possible to create and validate checksums on transaction level. For example, if a reduced level of security is required, then it would be possible to create and validate checksums on block level - e.g., across the entire block or only across a part of the data block and/or a part of the transaction.

A "data-block checksum" can relate to a checksum which is calculated across a part or all transactions of a data block in the context of the present disclosure. A node can vali- date/determine the integrity/authenticity of the respective part of the data block by means of data-block checksums. Alternatively or additionally, the data-block checksum can also be formed across transactions of a preceding data block/predecessor data block. The data-block checksum can, in particular, be implemented by means of a hash tree, e.g., a Merkle tree [1] or a Patricia tree. Here, the data-block checksum can be the root checksum of the Merkle tree of the Patricia tree or of another binary hash tree. It would be possible that transactions are saved by means of further checksums from the Merkle tree or the Patricia tree, respectively, e.g., by using the transaction checksums, wherein in particular the further checksums can relate to leaves of the Merkle tree or the Patricia tree, respectively. The data- block checksum can, thereby, protect the transaction by forming the root checksum from the further checksums. The data- block checksum can, in particular, be calculated for the transactions of a specific data block of the data blocks. In particular, such a data-block checksum can be included in a subsequent data block of the given data block, e.g., to chain this subsequent data block with the preceding data blocks and, in particular to make the integrity of the DBS testable . Thereby, the data-block checksum can implement the chaining checksum or, at least , go into the chaining checksum . The header of a data block ( e . g . , of a new data block or a data block for which the data-block checksum is determined) can include the data-block checksum .

A " transaction checksum" can relate to a checksum which is determined across a transaction of a data block, in connection with the present disclosure . In addition, the calculation of the data-block checksum of a respective data block can be accelerated, because for this already calculated transactions checksums can be readily used as leaves of a Merkle tree .

A " chaining checksum" in the context of the present disclosure can relate to a checksum which for the respective data block of a DBS indicates or references to a preceding data block of the DBS - which is often referred to as "previous block hash" in literature [ 1 ] . For this , in particular, a respective chaining checksum is determined for the preceding data block . The chaining checksum can be implemented, e . g . , by a transaction checksum or a data-block checksum of a data block, i . e . , of an existing data block of the DBS ; to thereby chain a new data block with a ( existing) data block of the DBS . For example , it would also be possible that a checksum is determined across a header of the preceding data block or across the entire preceding data block to be used as a chaining checksum . For example , this could also be calculated for multiple or all of the preceding data blocks . For example , the chaining checksum could also be implemented by a checksum determined across the header of a data block in the data- block checksum . A respective data block of the DBS includes , however, preferably a chaining checksum that has been calculated or relates to a preceding data block, speci fically, the next-neighbor preceding data block directly adj acent to the respective data block . For example , it would also be possible that a respective chaining checksum is determined only across a part of the respective data block, e.g., the preceding data block. Thereby, a data block can be implemented which has an integrity protected part and a non-protected part. Thereby, a data block can be implemented that has a non-changeable integrity protected part and that has a non-protected part that can be modified later on. Integrity protected can mean that a change of the integrity protected data can be detected by means of a checksum.

Next, example implementations of a transaction are described.

The data - that is, e.g., stored in a transaction of a data block - can be provided in various manners. Instead of data - e.g., user data such as measurement data or data/ownership structure regarding ASICs - a transaction of a data block can rather include the checksum for such data. The respective checksum can be implemented in various manners. For example, a respective data-block checksum of a data block, e.g., including the respective data, of another database or of the DBS, a transaction checksum of a data block of the respective data, e.g., of the DBS or of another database, or a data checksum determined across the data can be used.

In addition, the respective transaction can optionally include a link to or an indication of a memory position - e.g., an address of a file server and indications where the respective data are to be found on the file server; or an address of another DBS which includes the data. The respective data could, e.g., also be provided in a further transaction of a further data block of the DBS - e.g., if the respective data and the associated checksums are included in different data blocks. It would also be possible that those data are provided via another communication channel - e.g., via another database and/or a cryptographically-secured communication channel .

Further, it would be possible that in addition to the checksum an add-on data set - e.g., a link or an indication to a memory position - is provided in the respective transaction. The add-on data set can, in particular, indicate where the data can be retrieved. This can be helpful to limit the amount of data of the blockchain or of the DBS.

The term "security protected" can, specifically, relate to a protection that can be implemented by a cryptographic method. For example, this can be implemented by using a DBS for the providing or communication or transmitting of respective data/ transactions . This can be implemented by a combination of the various checksums - e.g., cryptographic - , by appropriate synergetic interaction between the checksums, to, e.g., increase the security or the cryptographic security for the data of the transactions. In other words, "security protected" in the context of the present disclosure can also relate to "cryptographically protected" and/or "protected against manipulation", wherein "protected against manipulation" can also be referred to as "protected integrity" .

Insertion and adding of transactions into a DBS can include chaining of data blocks of a DBS. The term "chaining of data blocks of a DBS" in the connection of the present disclosure can relate to the data blocks respectively including information (such as the chaining checksum) which links to another data block or multiple other data blocks of the DBS [1] , [4] , [5] .

Insertion of transactions into a DBS can include saving the transactions in one or more data blocks of the DBS.

Insertion of transactions can include validating and/or confirming transactions.

The term "insertion of transactions into the DBS" and the like can relate to communicating a transaction or transactions or a data block including the transactions to one or more nodes of a DBS. If those transactions are successfully validated, e.g., by means of the one or more nodes, these transactions can be chained as a new data block with at least one existing data block of the DBS [1] , [4] , [5] . For this, the respective transactions are stored in a new data block. In particular, this validating and/or chaining can be implemented by a trusted node, e.g., a mining node, a blockchain oracle or a blockchain platform.

In particular, a blockchain can relate to a blockchain as a service, such as has been proposed by Microsoft or IBM. In particular, trusted nodes and/or other nodes can deposit a node checksum, e.g., a digital signature, in a data block, e.g., in a data block that has been validated by the respective node and which is then chained, in particular to facilitate identification of the creator of the data block and/or identification of the node. Here, the node checksum indicates which node has chained the respective data block with at least one other data block of the DBS.

A "transaction" or "transactions" in connection with the present disclosure can relate to a smart contract [4] , [5] , a data structure or a transaction data set, which, in particular, respectively include a transaction or multiple transactions. The term "transaction" or "transactions" can also relate to the data of a transaction of a data block of a blockchain, in connection with the present disclosure. A transaction can, e.g., include a program code which, e.g., implements a smart contract. For example, a transaction can also relate to a control transaction and/or a confirmation transaction in the context of the present disclosure. Alternative, a transaction can also be implemented by a data structure which saves the data (e.g., the control instructions and/or the contract data and/or other data such as video data, user data, measurement data etc.) .

In particular, the term "saving transactions in data blocks", "saving transaction" and the like can relate to a direct saving or indirect saving. A direct saving can relate to the respective data block of the DBS or the respective transaction of the DBS including the respective data. An indirect saving can relate to the respective data block or the respective transaction including a checksum and, optionally, an add-on data set, e.g., a link to or an indication of a memory location for respective data; hence, the respective data are not directly saved in the data block (or the transaction) . Rather, a checksum is provided for these data in the data block. In particular, these checksums can be validated when saving transactions in data blocks, such as has been explained above with respect to "inserting into the DBS".

A "program code" - such as a smart contract - can relate to a program instruction or multiple program instructions which are saved in one or more transactions, in connection with the present disclosure. The program code can be executable and can be executed, e.g., by the DBS. This can be implemented, e.g., by a runtime environment, e.g., of a virtual machine, wherein the runtime environment or the program code are preferably Turing complete. The program code is preferably executed by the infrastructure of the DBS [4] , [5] . Here, a virtual machine is implemented by the infrastructure of the DBS. It is possible to execute the program code when validating a corresponding transaction.

A "smart contract" can relate to an executable program code in connection with the present disclosure [4] , [5] - see, in particular, explanations with respect to "program code" provided above. The smart contract is preferably saved in a transaction of the DBS - e.g., a blockchain -, e.g., in a data block of the DBS. For example, the smart contract can be executed in the same manner as has been described in connection with the definition of "program code", in particular in connection with the subject disclosure.

The term "proof of work" can relate to solving a computationally expensive task, in particular, depending on the content of a data block or the content of a specific transaction, in connection with the present disclosure [1] , [4] , [5] . Such a computationally expensive task can also be referred to as cryptographic puzzle.

The term "DBS", which can also be referred to simply as "distributed database", can generally relate to a decentralized, distributed database, a blockchain, a distributed ledger, a distributed memory system, a distributed ledger technology (DLT) based system (DLTS) , a revision secure database system, a cloud, a cloud-service, a blockchain in a cloud or a peer- to-peer database system, in the context of the present disclosure. Also, various implementations of a blockchain or of a DLTS can be used, e.g., such as a blockchain or a DLTS that is implemented by means of a directed acyclic graph (DAG) , a cryptographic puzzle, a hash graph or a combination of these variants [6] , [7] . It would also be possible to implement different consensus algorithms. For example, a consensus algorithm can be implemented by means of a cryptographic puzzle, a gossip about gossip, a virtual voting or a combination of such techniques (e.g., gossip about gossip combined with virtual voting) [6] , [7] . For example, if a blockchain is used, then this can, in particular, be implemented by a bitcoin-based implementation or an Ethereum-based implementation [1] , [4] , [5] . The term "distributed database" can also relate to a DBS that has at least a part of its nodes and/or devices and/or infrastructure implemented by a cloud. For example, the respective components can be implemented as nodes/devices in the cloud (e.g., as virtual nodes in a virtual machine) . This can be implemented by WMware, Amazon web services or Microsoft Azure. Due to the increased flexibility of the described implementation scenarios, it is, in particular, possible to combine partial aspects of the described implementation scenarios with each other, e.g., by using a hash graph as blockchain, wherein the blockchain itself can also be a block batch.

For example, if a directed acyclic graph (DAG) is used (e.g., IOTA or Tangle) , transactions or blocks or nodes of the graph are connected with each other via directed edges. I.e., (all) edges are (always) having the same direction, e.g., as observed for time. In other words it is, in particular, not possible to propagate through or visit transactions or blocks or nodes of the graph backwards (i.e., opposite to the common unified direction) . Acyclic means, in particular, that there are no loops or ring closures when traversing the graph. For example, a DBS can relate to a public DBS (e.g., a public blockchain) or a closed (private) distributed databased system (e.g., a private blockchain) .

For example, in the case of a public DBS, the nodes and/or devices can join the DBS without proof of authorization or authentication or login credentials, respectively be accepted by the DBS without such information. In particular, in such a case the operator of the nodes and/or devices can remain anonymous .

For example, in the case of implementation of the DBS by a closed database system, new nodes and/or devices can require a valid proof of authorization and/or valid authentication information and/or valid credentials and/or valid login information to join the DBS or be accepted by the DBS.

A DBS can also be implemented by a distributed communication system for data exchange. For example, this can be a network or a peer-to-peer network.

The term "data block" - that can be, depending on the context and implementation, also be referred to as "constituent" or "block" - can refer to, in the context of the present disclosure, a data block of a DBS - e.g., a blockchain or a peer- to-peer database -, which are, in particular, implemented as a data structure and, preferably, include one of the transactions or multiple of the transactions. In an implementation, the database or the database system can be a DLT based system (DLTS) or a blockchain and the data block can be a block of the blockchain or of the DLTS. As a general rule, a data block can, e.g., include indications of the size - e.g., data volume in bytes- of the data block, a data block header (block header) , a transaction counter and one or more transactions [1] . The data block header can include a version, a chaining checksum, a data- block checksum, a timestamp, a proof of work, a Nonce - i.e., a unique value, a random value or a counter which is used for the proof of work [1] , [4] , [5] . A data block can, e.g., also simply relate to a respective memory range or address range of the overall data that is stored in the DBS. Thereby, it is possible to implement blockless DBS such as the IOT chain (ITCA) , IOTA, Byteball, etc. Here, the functionality of the blocks of a blockchain and of the transactions are combined with each other in such a manner that, e.g., the transactions themselves secure the sequence or chains of transactions of the DBS, such that they are, in particular, saved in a secured manner. For this the transactions can be chained by means of a chaining checksum, e.g., by using a separate checksum or the transaction checksum of one or more transactions as chaining checksum, which is saved in a new transaction in the DBS when storing the new transaction in the DBS. In such a scenario, a data block can, e.g., also include one or more transactions, wherein in a simple scenario a data block relates to a single transaction.

The term "Nonce" can relate to, in connection with the present disclosure, a cryptographic nonce - which is an abbreviation for "used only once" [2] or "number used once" [3] . In particular, a Nonce indicates individual numbers or a combination of letters that is preferably only used once in the respective context, e.g., transaction, data communication.

The term "preceding data blocks of a (given) data block of the DBS" can relate, in connection with the present disclosure, e.g., to the data block of the DBS that is a direct predecessor of the (given) data block. Alternatively, the term "preceding data blocks of a (given) data block of the DBS" can also relate to all data blocks of the DBS that pre- cede the given data block. Thereby, the chaining checksum or the transaction checksum can be determined across the direct preceding data block (respectively the transactions thereof) or all data blocks preceding the given data block (respectively the respective transactions) .

The terms "blockchain node", "node", "node of a DBS" and the like can relate, in the context of the present disclosure, to devices - e.g., mobile devices, wireless communication devices, computers, smartphones, clients or participants - that perform operations associated with the DBS, e.g., a blockchain [1] , [4] , [5] . Such nodes can, e.g., execute transactions of a DBS or the respective data blocks or can insert new data blocks including new transactions into the DBSs by means of new data blocks. In particular, this validation and/or chaining can be implemented by a trusted node, e.g., a mining node, or exclusively by trusted nodes. A trusted node is a node that has additional security measures - e.g., firewalls, access restrictions to the node or the like - to avoid manipulation of the node. Alternatively or additionally, a trusted node can, e.g., save a node checksum - e.g., a digital signature or a certificate - in the new data block when chaining the new data block with the DBS. Thereby, it is possible to provide the proof that indicates that the respective data block has been inserted by a specific node, respectively indicate the originator.

As a general rule, device or the devices can be implemented by devices of a technical system and/or an industrial plant and/or an automation network and/or a fabrication plant that can also be nodes of the DBS. Thereby, the devices can be mobile devices or devices of the Internet of things that can also be nodes of the DBS. Nodes can, e.g., include at least one processor, e.g., to execute their computer-implemented functionality .

The term "blockchain oracle" and the like can relate, in the context of the present disclosure, to nodes, devices or com- puters that include a security module that has software protection mechanisms - e.g., cryptographic methods - , mechanical protection mechanisms - e.g., a lockable housing - or electric protection measures - e.g., tamper protection or a protection system that deletes data of the security module in the case of unauthorized use/modif ication of the blockchain oracle. The security module can include, e.g., cryptographic keys that are required for the calculation of checksums - e.g., of transaction checksums or node checksums.

The term "computer" or "device" can relate to a computer (system) , a client, a smartphone, a device or a server that are arranged outside of the blockchain, respectively or are not participants of the DBS, e.g., of the blockchain, i.e., do not execute operations of the DBS or simply retrieve those without executing transactions, inserting data blocks or calculate proof of works. Alternatively, the term "computer" or "device" can also relate to a node of the DBS. In other words, a device can in particular implement a node of the DBS or a device outside of the blockchain and the DBS, respectively. A device outside of the DBS can, e.g., access the data - e.g., the transactions or the control transactions - of the DBS. A device outside of the DBS can be controlled by nodes - e.g., by means of smart contracts and/or blockchain oracles. For example, if a control of a device - e.g., a device implemented as a node or a device outside of the DBS - is implemented by a node, then this can occur via a smart contract which, in particular, is saved in a transaction of the DBS.

Although the invention has been shown and described with respect to certain preferred embodiments, equivalents and modifications will occur to others skilled in the art upon the reading and understanding of the specification. The present invention includes all such equivalents and modifications and is limited only by the scope of the appended claims. For illustration, various techniques have been described with respect to an implementation of a DBS by a blockchain. However, similar techniques may be readily applied to other implementations of a DBS, e.g., a distributed ledger, a distributed memory system, a DLTS, a revision secure database system, a cloud, a cloud-service, a blockchain in a cloud or a peer- to-peer database system.

LIST OF CITATIONS

[1] Andreas M. Antonopoulos "Mastering Bitcoin: Unlocking Digital Cryptocurrencies", O'Reilly Media, December 2014

[2] Roger M. Needham, Michael D. Schroeder "Using encryption for authentication in large networks of computers" ACM: Communications of the ACM. Vol 21, Nr. 12 Dec. 1978,

[3] Ross Anderson "Security Engineering. A Guide to Building Dependable Distributed Systems" Wiley, 2001

[4] Henning Diedrich "Ethereum: Blockchains, Digital Assets, Smart Contracts, Decentralized Autonomous Organizations", CreateSpace Independent Publishing Platform, 2016

[5] "The Ethereum Book Pro j ect/Mastering Ethereum" https : / / github . com/ ethereumbook/ ethereumbook, 5.10.2017

[6] Leemon Baird "The Swirlds Hashgraph Consensus Algorithm: Fair, Fast, Byzantine Fault Tolerance",

Swirlds Tech Report SWIRLDS-TR-2016-01, 31.5.2016

[7] Leemon Baird "Overview of Swirlds Hashgraph", 31.5.2016

[8] Blockchain Oracles, https : / /blockchainhub . net /blockchainoracles/ (retrieved July 12, 2018)