CN-121984657-A - Safety authentication management method and system based on blockchain big data

Abstract

The application provides a safety authentication management method and system based on big data of a block chain. The method and the device synchronously execute two key data acquisition steps based on the standard identification data of the receiving edge computing node. Inquiring static attribute certificates of nodes from a cross-chain blockchain network, collecting dynamic running state data of the nodes from an energy internet big data platform, sending the static certificates and the dynamic data into a zero knowledge proof verification framework for joint processing, finally generating an authentication judgment result, and sending the authentication judgment result to an access control gateway of the energy internet to execute specific access control operation. According to the technical scheme provided by the application, through the real-time behavior analysis of the non-tamperable identity information and big data of the fusion blockchain, collaborative verification is performed under a zero knowledge proof framework, and a dynamic security authentication mechanism which takes account of identity credibility and state credibility is realized.

Inventors

• Xiao siyuan

Assignees

• 欧成效(北京)科技有限公司

Dates

Publication Date

20260505

Application Date

20260204

Claims (10)

1. 1. The block chain big data-based security authentication management method is characterized by comprising the following steps of: receiving standard identification data sent by an edge computing node; Acquiring corresponding static attribute certificates from a blockchain network of cross-chain interoperation according to node identifiers in the standard identification data; Synchronously acquiring dynamic running state data from an energy internet real-time big data platform according to the node identifier; the static attribute certificate and the dynamic running state data are input to be subjected to joint processing based on a zero knowledge proof verification framework so as to generate an authentication judgment result; And transmitting the authentication judgment result to an access control gateway of the energy Internet to execute access control operation so as to complete the security authentication management of the blockchain big data.
2. 2. The method of claim 1, wherein receiving standard identification data sent by an edge computing node comprises: acquiring an access request data unit sent by an edge computing node; identifying node identification information carried in the access request data unit; and carrying out structuring treatment on the node identification information to form standard identification data.
3. 3. The method of claim 1, wherein retrieving corresponding static attribute credentials from a blockchain network of cross-chain interoperability based on node identifiers in the standard identification data comprises: analyzing the blockchain network identification information contained in the node identifier; determining a target blockchain network and a corresponding intelligent contract address according to the blockchain network identification information; Constructing a data query instruction containing node identity verification parameters and sending the data query instruction to the intelligent contract address; Performing node identity verification parameter matching operation in a blockchain network through the intelligent contract address to obtain successfully matched encryption attribute data packets; And carrying out decryption conversion processing on the successfully matched encrypted attribute data packet to obtain a static attribute certificate.
4. 4. The method of claim 1, wherein synchronizing the collection of dynamic operational state data from an energy internet real-time big data platform based on the node identifier comprises: determining a corresponding energy equipment type and a data acquisition protocol according to the node identifier; the real-time data stream interface is connected with the energy Internet real-time big data platform based on the data acquisition protocol; constructing a real-time data query request containing device type screening conditions and time window parameters; sending the real-time data query request to the real-time data stream interface to obtain a real-time operation parameter set; And converting the real-time operation parameter set into dynamic operation state data in a standard format.
5. 5. The method of claim 1, wherein the joint processing of the static attribute credential and the dynamic operational state data input based on a zero knowledge proof verification framework to generate an authentication decision result comprises: converting the static attribute credential to a first data object in a verifiable declaration format; Converting the dynamic running state data into a second data object in a time sequence format; Inputting the first data object and the second data object into a zero knowledge proof verification framework for consistency association analysis so as to obtain intermediate verification parameters; Inputting the intermediate verification parameters into a multidimensional data matching unit of a zero knowledge proof verification framework to execute matching operation to obtain a matching operation result; And generating a binary authentication judgment result according to the matching operation result.
6. 6. The method of claim 5, wherein inputting the first data object and the second data object into a zero knowledge proof verification framework for consistency association analysis to obtain intermediate verification parameters comprises: analyzing a data access mode statement and a data sensitivity label contained in the first data object; extracting data flow fluctuation characteristics and access request type distribution in the second data object in a specific time period; establishing a first mapping relation between the data access mode statement and the data flow fluctuation feature; Establishing a second mapping relation between the data sensitivity label and the access request type distribution; And generating an intermediate verification parameter set containing a consistency state identifier and an association strength index based on the first mapping relation and the second mapping relation.
7. 7. The method of claim 1, wherein transmitting the authentication determination result to an access control gateway of an energy internet performs an access control operation to complete secure authentication management of blockchain big data, comprising: Receiving the authentication judgment result in the binary form; Inquiring a preset access control strategy rule base according to the authentication judgment result; matching corresponding access permission level instructions from the access control policy rule base; packaging the access permission level instruction into a protocol data unit which can be identified by an access control gateway of the energy internet; transmitting the protocol data unit to an access control gateway of an energy internet; And triggering the access control gateway of the energy Internet to execute port opening or blocking operation of the edge computing node according to the protocol data unit.
8. 8. A blockchain big data based security authentication management system, comprising: the receiving module is used for receiving the standard identification data sent by the edge computing node; the acquisition module is used for acquiring corresponding static attribute certificates from the blockchain network of the cross-chain interoperation according to the node identifiers in the standard identification data; The acquisition module is used for synchronously acquiring dynamic running state data from an energy internet real-time big data platform according to the node identifier; the processing module is used for carrying out joint processing on the static attribute certificate and the dynamic running state data input based on a zero knowledge proof verification framework so as to generate an authentication judgment result; and the execution module is used for transmitting the authentication judgment result to an access control gateway of the energy internet to execute access control operation so as to finish the security authentication management of the blockchain big data.
9. 9. The computing device is characterized by comprising a processing component and a storage component, wherein the storage component stores one or more computer instructions, and the one or more computer instructions are used for being invoked and executed by the processing component to realize the blockchain big data-based security authentication management method according to any one of claims 1-7.
10. 10. A computer storage medium storing a computer program which, when executed by a computer, implements a blockchain big data-based security authentication management method according to any one of claims 1 to 7.

Description

Safety authentication management method and system based on blockchain big data Technical Field The application relates to the technical field of computers, in particular to a block chain big data-based security authentication management method and system. Background In the application scene of the internet of things with high security requirements such as the energy internet, a huge number of edge computing nodes need to be accessed into the network and execute key tasks such as data acquisition, edge computing, control instruction issuing and the like. The running states of the nodes are dynamically changed, the behavior data amount is huge, the real-time performance is strong, and extremely high requirements are put on the security authentication management of the nodes. The prior art scheme is a distributed identity authentication system based on public blockchain, a blockchain digital identity is distributed for each edge computing node, static properties such as hardware characteristics, certificates and the like of the edge computing node are stored on the blockchain in a verifiable certificate form, and an authenticator verifies the digital signature of the node on the blockchain by inquiring the certificate information of the node, so that verification of identity authenticity and legitimacy of the node is completed. But this solution has inherent drawbacks. The method is characterized in that the core of the method only relies on static identity information stored on a blockchain to carry out authentication, and node dynamic operation behavior data obtained from an energy Internet real-time big data platform in real time is completely ignored, so that an authentication system cannot sense real-time state abnormality or behavior deviation after the node is accessed, and the risk of legal identity credentials but the node is hijacked or abnormal behavior is difficult to effectively cope with, thereby forming a potential blind area of system safety. Disclosure of Invention The application provides a block chain big data-based security authentication management method and system, which are used for solving the problems that the real-time behavior risk of a node cannot be perceived because the authentication is only carried out by relying on static identity credentials in the prior art, and the security threat that the identity is legal but the actual behavior of the node is abnormal is difficult to deal with. In a first aspect, the present application provides a method for managing security authentication based on blockchain big data, including: receiving standard identification data sent by an edge computing node; Acquiring corresponding static attribute certificates from a blockchain network of cross-chain interoperation according to node identifiers in the standard identification data; Synchronously acquiring dynamic running state data from an energy internet real-time big data platform according to the node identifier; the static attribute certificate and the dynamic running state data are input to be subjected to joint processing based on a zero knowledge proof verification framework so as to generate an authentication judgment result; And transmitting the authentication judgment result to an access control gateway of the energy Internet to execute access control operation so as to complete the security authentication management of the blockchain big data. Optionally, receiving standard identification data sent by the edge computing node includes: acquiring an access request data unit sent by an edge computing node; identifying node identification information carried in the access request data unit; and carrying out structuring treatment on the node identification information to form standard identification data. Optionally, acquiring the corresponding static attribute credential from the blockchain network of the cross-chain interoperability according to the node identifier in the standard identification data includes: analyzing the blockchain network identification information contained in the node identifier; determining a target blockchain network and a corresponding intelligent contract address according to the blockchain network identification information; Constructing a data query instruction containing node identity verification parameters and sending the data query instruction to the intelligent contract address; Performing node identity verification parameter matching operation in a blockchain network through the intelligent contract address to obtain successfully matched encryption attribute data packets; And carrying out decryption conversion processing on the successfully matched encrypted attribute data packet to obtain a static attribute certificate. Optionally, synchronously collecting dynamic running state data from an energy internet real-time big data platform according to the node identifier, including: determining a corresponding energy equipment type and a data acquisition p