Search

CN-121531363-B - Block chain-based Web3.0 access authentication method and spatial information network system

CN121531363BCN 121531363 BCN121531363 BCN 121531363BCN-121531363-B

Abstract

The disclosure provides a block chain-based Web3.0 access authentication method and a space information network system, wherein a first satellite access node determines an access time interval, when the access time interval and the credit level of a mobile user meet preset quick access conditions, the mobile user interacts with the space information network system based on a historical session key, when the access time interval and/or the credit level of the mobile user do not meet the preset quick access conditions, the first satellite access node and the mobile user perform bidirectional credibility verification, and when the mobile user and the first satellite access node pass the credibility verification, a client and a first consensus ground node respectively acquire the session key. Therefore, the access convenience of high-frequency compliance users is considered, the ineffective occupation of network computing power is reduced through a difference verification strategy, and the balance of space information network safety protection, access efficiency and computing power optimization is realized.

Inventors

  • TIAN JUAN
  • FANG LIN
  • LIU YANG
  • XU TINGTING
  • Jing Haomeng

Assignees

  • 中国信息通信研究院

Dates

Publication Date
20260508
Application Date
20260108

Claims (12)

  1. 1. A blockchain-based web3.0 access authentication method, characterized by being applied to a spatial information network system, the spatial information network system comprising a terrestrial blockchain network and an inter-satellite blockchain network, the terrestrial blockchain network comprising a plurality of common terrestrial nodes and a plurality of consensus terrestrial nodes, the inter-satellite blockchain network comprising a plurality of satellite access nodes, the method comprising: In response to receiving an access request sent by a client for a mobile user, determining an access time interval by a first satellite access node based on historical access time information and current time of last access of the mobile user to the spatial information network system, wherein the first satellite access node is one of the plurality of satellite access nodes; Responding to the access time interval and the credit level of the mobile user to meet a preset quick access condition, wherein the mobile user interacts with the spatial information network system based on a historical session key of last access to the spatial information network system; Responding to the access time interval and/or the credit level of the mobile user not meeting the preset quick access condition, and performing bidirectional credibility verification on the first satellite access node and the mobile user; and responding to the mobile user and the first satellite access node passing the credibility verification, respectively acquiring session keys by the client and a first consensus ground node so that the mobile user interacts with the spatial information network system based on the session keys, wherein the first consensus ground node is one of the plurality of consensus ground nodes.
  2. 2. The method as recited in claim 1, further comprising: in response to the access time interval not exceeding a preset time interval, determining that the access time interval meets the preset quick access condition, generating a quick access request, and sending the quick access request to a first consensus ground node, wherein the quick access request comprises a blockchain identity for identifying the mobile user; the first consensus ground node determining a credit rating for the mobile user based on the blockchain identity; And when the credit rating of the mobile user exceeds the preset credit rating, determining that the credit rating of the mobile user meets the preset quick access condition.
  3. 3. The method of claim 1, wherein the client stores a system parameter of the spatial information network system and a user public-private key pair of the mobile user, the system parameter including base point data, a first secure hash function, a second secure hash function, and a third secure hash function, and wherein the client generates the access request by: Generating a user random number, a user time stamp and a request message, and generating a user temporary public key based on the base point data and the user random number, wherein the user time stamp comprises the moment of generating the user random number; Generating user core parameters by using a preset algorithm through the first secure hash function, the second secure hash function and the third secure hash function based on the blockchain identity of the mobile user, the user public-private key pair, the user temporary public key, the user timestamp and the request message; Signing the user authentication information by using the user public and private key pair private key to obtain signed user authentication information, wherein the user authentication information comprises the user core parameters and user basic information, and the user basic information comprises the user temporary public key, the blockchain identity, the request message, the user time stamp and the node identifier of the first satellite access node; and generating the access request based on the signed user authentication information.
  4. 4. A method according to claim 3, wherein said determining an access time interval comprises: Carrying out signature verification on the signature user authentication information by utilizing the public key in the public-private key pair of the user; when the signature user authentication information passes the signature verification, obtaining the user authentication information; determining delay information of the access request based on the user timestamp and the current time; and determining the access time interval in response to the delay information meeting a preset delay condition.
  5. 5. The method of claim 4, wherein the first satellite access node and the mobile user perform two-way trust verification, comprising: the first satellite access node performs validity verification on the mobile user based on the user authentication information; In response to the mobile user passing the validity verification, the first consensus ground node determining whether the mobile user is in a detection result in an access control list based on the blockchain identity; Responsive to the detection indicating that the mobile user is in the access control list, the first satellite access node determines that the mobile user passes the trust verification; The first satellite access node generates satellite identity verification information and sends the satellite identity verification information to the client, wherein the satellite identity verification information is used for proving the credibility of the first satellite access node; the client verifies the trustworthiness of the first satellite access node based on the satellite identity verification information.
  6. 6. The method of claim 5, wherein the first satellite access node performs validity verification on the mobile user based on the user authentication information, comprising: generating a user verification public key by utilizing the preset algorithm based on the user basic information, the user core parameters and the system parameters; And determining that the mobile user passes the validity verification in response to the user temporary public key being consistent with the user verification public key.
  7. 7. The method of claim 5, wherein the first satellite access node generating satellite authentication information comprises: Generating a satellite random number and a satellite time stamp, and generating a satellite temporary public key based on the base point data and the satellite random number, wherein the satellite time stamp comprises the moment of generating the satellite random number; generating satellite core parameters by using a preset algorithm through the first secure hash function, the second secure hash function and the third secure hash function based on the node identification of the first satellite access node, the satellite public and private key pair, the satellite temporary public key, the satellite time stamp and the request message; Carrying out signature processing on satellite authentication information by utilizing the satellite public and private key pair private key to obtain signature satellite authentication information, wherein the satellite authentication information comprises the satellite core parameters and satellite basic information, and the satellite basic information comprises a node identifier of the first satellite access node, the satellite temporary public key, the satellite time stamp and the blockchain identity; and generating the satellite identity verification information based on the signed satellite authentication information.
  8. 8. The method of claim 7, wherein the client verifying the trustworthiness of the first satellite access node based on the satellite identity verification information, comprising: Generating a satellite verification public key by utilizing the preset algorithm based on the satellite basic information, the satellite core parameters and the system parameters; And determining that the first satellite access node passes the validity verification in response to the satellite temporary public key being consistent with the satellite verification public key.
  9. 9. The method of any of claims 1-8, wherein a negotiation parameter and a gateway random number are stored in both a blockchain of the terrestrial blockchain network and a blockchain of the inter-satellite blockchain network, the negotiation parameter being generated based on the gateway random number and base point data; the client and the first consensus ground node respectively acquire session keys, including: the client generates the session key based on the user random number and the negotiation parameters; The first consensus ground node generates a session key based on the gateway nonce and a user temporary public key.
  10. 10. A space information network system of web3.0 based on a blockchain, wherein the space information network system comprises a ground blockchain network and an inter-satellite blockchain network, the ground blockchain network comprises a plurality of common ground nodes and a plurality of commonly-known ground nodes, and the inter-satellite blockchain network comprises a plurality of satellite access nodes; The system comprises a first satellite access node, a second satellite access node, a third satellite access node, a fourth satellite access node, a fifth satellite access node and a third satellite access node, wherein the first satellite access node is used for responding to an access request sent by a client and aiming at a mobile user, and determining an access time interval based on historical access time information and current time of the mobile user for last accessing the space information network system; A first consensus ground node for acquiring a session key in response to the mobile user and the first satellite access node both passing the trust verification, so that the mobile user interacts with the spatial information network system based on the session key, the first consensus ground node being one of the plurality of consensus ground nodes; the client is configured to perform a trust verification on the first satellite access node in response to the access time interval and/or the credit level of the mobile user not meeting the preset quick access condition, and obtain a session key in response to the mobile user and the first satellite access node passing the trust verification, so that the mobile user interacts with the spatial information network system based on the session key.
  11. 11. An electronic device, comprising: A memory for storing a computer program; a processor for executing a computer program stored in said memory, and which, when executed, implements the method of any of the preceding claims 1-9.
  12. 12. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the method of any of the preceding claims 1-9.

Description

Block chain-based Web3.0 access authentication method and spatial information network system Technical Field The disclosure relates to web3.0 technology and blockchain technology, in particular to a web3.0 access authentication method and a spatial information network system based on blockchain. Background Web3.0 is a third major evolution stage of internet development and is characterized by relying on blockchain, decentralization technology and intelligent contracts. The spatial information network (SpatialInformation Network, SIN) is a three-dimensional communication network constructed by taking space platforms such as satellites and aircrafts as carriers, and becomes an important ground scene of the web3.0 ecosystem by virtue of the global geographic coverage capability and the high dynamic topological characteristic. In the related art, in order to ensure the security of data transmission and interaction, a user needs to complete two-way identity authentication with a network node based on digital identity certificates of both parties every time the user accesses a spatial information network. The mechanism causes that when a user accesses the network, a user side and the network side need to execute a large amount of authentication related operations each time, which not only remarkably reduces the efficiency of accessing the space information network by the user, but also causes excessive occupation of network computing power resources. Disclosure of Invention In order to solve the technical problems, the embodiment of the disclosure provides a block chain-based web3.0 access authentication method and a spatial information network system. In one aspect of the disclosed embodiments, an access authentication method based on Web3.0 of a blockchain is provided and applied to a spatial information network system, the spatial information network system comprises a terrestrial blockchain network and an inter-satellite blockchain network, the terrestrial blockchain network comprises a plurality of common terrestrial nodes and a plurality of commonly-recognized terrestrial nodes, the inter-satellite blockchain network comprises a plurality of satellite access nodes, the method comprises the steps of responding to an access request sent by a client and aiming at a mobile user, determining an access time interval by a first satellite access node based on historical access time information and current time of last access to the spatial information network system of the mobile user, determining the access time interval by the first satellite access node as one of the plurality of satellite access nodes, responding to the access time interval and credit grades of the mobile user to meet preset quick access conditions, responding to the mobile user and the space information network system to interact with a historical session key of last access to the spatial information network system, responding to the first satellite access node and the commonly-recognized terrestrial nodes by the first satellite access node and the first commonly-recognized terrestrial nodes, and the first satellite access node can be authenticated by the first satellite access node and the commonly-recognized terrestrial nodes respectively. In another aspect of the disclosed embodiments, a space information network system based on web3.0 of a blockchain is provided, the space information network system comprises a terrestrial blockchain network and an inter-satellite blockchain network, the terrestrial blockchain network comprises a plurality of common terrestrial nodes and a plurality of commonly-known terrestrial nodes, the inter-satellite blockchain network comprises a plurality of satellite access nodes, a first satellite access node is used for responding to an access request sent by a client and aiming at a mobile user, determining an access time interval based on historical access time information and current time of the mobile user which last accesses the space information network system, responding to the access time interval and the credit level of the mobile user which meets a preset quick access condition, the mobile user interacts with a historical session key based on the space information network system which last accesses the space information, responding to the access time interval and/or the credit level of the mobile user which does not meet the preset quick access condition, the first satellite access node is used for carrying out a credibility verification on the client, the first satellite access node is used for responding to the first satellite access node which is in the mobile user access system, the first satellite access node is used for responding to the first commonly-known terrestrial node which is not met with the preset session key based on the mobile user access time, the first satellite access node is used for carrying out a mutual verification on the first mutually-known terrestrial key, and acquiring a ses