Search

CN-122027116-A - Cross-domain identity authentication communication method based on block chain

CN122027116ACN 122027116 ACN122027116 ACN 122027116ACN-122027116-A

Abstract

The invention discloses a blockchain-based cross-domain identity authentication communication method, which relates to the technical field of blockchain cross-domain authentication and comprises the steps of acquiring a cross-domain authentication request from user equipment and converting the request into a format, acquiring an identity credential chain formed by orderly linking user history verification record blocks from a blockchain network, positioning an effective authentication anchor point meeting trust rules with a target domain on the chain, extracting an evidence packet of the effective authentication anchor point, initiating cross-domain trust deduction at an independent consensus layer based on the evidence packet, generating verification assertion containing trust measurement and path evidence, and finally packaging the assertion into authentication response, generating a cross-domain communication credential containing an access token and returning the authentication credential to a user. The method realizes the non-falsification and continuous traceability of the authentication history through the blockchain memory, and utilizes the anchor points on the chain to complete indirect trust deduction, thereby effectively improving the reliability, auditability and dynamic adaptability of the cross-domain authentication process.

Inventors

  • YANG XUANXUAN

Assignees

  • 镇平县消防救援大队

Dates

Publication Date
20260512
Application Date
20260305

Claims (10)

  1. 1. The block chain-based cross-domain identity authentication communication method is characterized by comprising the following steps of: acquiring a cross-domain authentication request containing an identity identifier and a domain identifier to be authenticated from user equipment, and converting the cross-domain authentication request into an authentication inquiry message in a standard format; Acquiring a target identity credential chain corresponding to the identity identifier from a preset blockchain network, wherein the target identity credential chain is formed by linking verification record blocks generated by historical authentication events in a plurality of authenticated domains according to time sequence; On the target identity credential chain, locating an effective authentication anchor point meeting a preset trust transfer rule with the domain identifier to be authenticated, extracting a verification abstract and an issuer domain signature associated with the effective authentication anchor point, and forming an anchor point evidence packet; Initiating cross-domain trust derivation of the identity identifier in an independent consensus verification layer based on the anchor evidence packet and the domain identifier to be authenticated, and generating cross-domain verification assertion comprising trust measurement and path evidence; Packaging the cross-domain verification assertion into a structured authentication response, and generating a cross-domain communication credential comprising an access token and an assertion abstract according to the structured authentication response; And returning the cross-domain communication credential to the user equipment so that the user equipment submits the cross-domain communication credential when communicating with the service domain corresponding to the domain identifier to be authenticated later.
  2. 2. The blockchain-based cross-domain identity authentication communication method of claim 1, wherein obtaining a target identity credential chain corresponding to the identity identifier from a preset blockchain network comprises: performing mapping search in an identity index of a blockchain network by taking the identity identifier as a query key to obtain a chain identifier list associated with the identity identifier; Selecting a main chain identifier from the chain identifier list according to a generation timestamp and an activity index of a credential chain head block corresponding to the chain identifier; And sequentially acquiring and assembling a complete sequence formed by the verification record blocks from the distributed storage of the blockchain network by using the main chain identifier, wherein the complete sequence is the target identity credential chain.
  3. 3. The blockchain-based cross-domain identity authentication communication method of claim 2, wherein locating, on the target identity credential chain, a valid authentication anchor that satisfies a preset trust transfer rule with the domain identification to be authenticated comprises: starting from the end block of the target identity credential chain, performing block-by-block backtracking inspection along the direction from the target identity credential chain to the head block of the chain; In the backtracking checking process, comparing the relationship between the issuer domain information recorded in each verification recording block and the domain identifier to be authenticated, wherein the relationship comprises a partner domain list which is directly equal or belongs to a preset established trust relationship; and stopping backtracking when the verification record block meeting the relation is found for the first time, and confirming the verification record block as the effective authentication anchor point.
  4. 4. The blockchain-based cross-domain authentication communication method of claim 3, wherein extracting the verification digest and the issuer domain signature associated with the valid authentication anchor to form an anchor evidence package comprises: Reading a hash value representing the data integrity of the original authentication event from the appointed data segment of the verification record block corresponding to the effective authentication anchor point as the verification abstract; reading a cryptography signature generated by a private key of the issuer domain from a block header of a verification record block corresponding to the valid authentication anchor point as the issuer domain signature; And combining and packaging the verification digest, the issuer domain signature and the position index of the effective authentication anchor point in the target identity credential chain, and carrying out standardized serialization coding on the combined data to generate the anchor point evidence packet.
  5. 5. The blockchain-based cross-domain identity authentication communication method of claim 4, wherein initiating cross-domain trust derivation of the identity identifier in a separate consensus verification layer based on the anchor evidence package and the domain identification to be authenticated comprises: broadcasting the anchor point evidence packet and the domain identification to be authenticated to a plurality of verification nodes preselected in the consensus verification layer; each verification node independently verifies the validity of an issuer domain signature in the anchor evidence package according to a locally stored trust policy library, and verifies whether a trust transfer relationship between an issuer domain corresponding to the issuer domain signature and the domain to be authenticated is established; each verification node generates a local trust vote based on the verification result, wherein the local trust vote comprises a trust conclusion and a vote proof; Collecting and counting the local trust votes submitted by all verification nodes, and carrying out aggregation judgment on voting results according to a preset consensus algorithm rule to form a final global trust decision.
  6. 6. The blockchain-based cross-domain authentication communication method of claim 5, wherein the generating a cross-domain verification assertion that includes a trust metric and a path attestation includes: extracting a trust judgment result and the proportion of the number of the consensus nodes reaching the trust judgment result from the global trust decision; Mapping the number proportion of the consensus nodes into an integer value between zero and one hundred through a preset quantization function, and taking the integer value as the trust measure; combining the trust decision result, the trust metric and a logic abstract forming a main voting proof according to which the global trust decision is formed to form core content of the cross-domain verification assertion; And carrying out digital signature on the core content, the identity identifier, the domain identifier to be authenticated and the validity period time window of the cross-domain verification assertion by using a private key of the common authentication layer, and generating the cross-domain verification assertion containing complete information and signature.
  7. 7. The blockchain-based cross-domain identity authentication communication method of claim 6, wherein encapsulating the cross-domain verification assertion as a structured authentication response and generating a cross-domain communication credential including an access token and an assertion digest from the structured authentication response comprises: Defining a structured data template comprising a status code field, an assertion data field, and a meta information field; filling a state code which is successfully authenticated into the state code field, filling the whole serialization data of the cross-domain verification assertion into the assertion data field, and filling a generated time stamp and the identification of the consensus verification layer into the meta information field to complete the assembly of the structured authentication response; performing hash operation on the structured authentication response to obtain a hash value with a fixed length as the assertion abstract; creating a time-efficient random cryptographic token as the access token; Binding the access token, the assertion digest, and a reference pointer to the structured authentication response storage location to generate the cross-domain communication credential.
  8. 8. The blockchain-based cross-domain identity authentication communication method of claim 7, wherein performing a hash operation on the structured authentication response to obtain a hash value of a fixed length as the assertion digest comprises: Byte level serializing is carried out on the assembled structured authentication response to obtain an original byte stream; adopting a preset anti-collision hash algorithm to perform one-way hash calculation on the original byte stream; And intercepting byte fragments with preset lengths from the calculated hash value, or using the whole text of the hash value as the final assertion abstract.
  9. 9. The blockchain-based cross-domain identity authentication communication method of claim 8, wherein returning the cross-domain communication credential to the user device for the user device to submit the cross-domain communication credential when subsequently communicating with the service domain to which the domain identification to be authenticated corresponds comprises: encoding the cross-domain communication certificate according to a transmission protocol agreed with the user equipment; transmitting the coded cross-domain communication credential data packet to the user equipment through a secure encrypted communication channel; And after the user equipment receives the confirmation receipt from the user equipment successfully, completing the delivery flow of the cross-domain communication certificate.
  10. 10. The blockchain-based cross-domain authentication communication method of claim 9, wherein encoding the cross-domain communication credential according to a transmission protocol agreed with the user device comprises: checking the supported transmission protocol type declared by the user equipment when the cross-domain authentication request is initiated; Extracting data elements from respective components of the cross-domain communication credential; Filling the data elements into corresponding fields in a protocol data unit according to a data encapsulation format defined by the transmission protocol type; and applying a protocol header and a tail to the filled protocol data unit to generate a final coded data packet which can be transmitted in the network.

Description

Cross-domain identity authentication communication method based on block chain Technical Field The invention belongs to the technical field of block chain cross-domain authentication, and particularly relates to a cross-domain identity authentication communication method based on a block chain. Background In current digital ecology, users often need to access between multiple independently managed service domains. Traditional cross-domain identity authentication relies heavily on a centralized third party authentication authority or complex bilateral trust negotiation protocols. These methods require either a direct trust relationship to be pre-established between domains, or rely on a central authority that is absolutely trusted by all participants. Under the scene of high distributed and participant dynamic change, the centralized or preconfigured trust model faces the problems of poor expansibility, high single-point fault risk, complicated trust establishment and maintenance processes and the like, and is difficult to adapt to the open and dynamic cross-domain cooperation requirements. Existing distributed identity technologies, such as verifiable credentials, while providing the ability for users to hold and present the credentials autonomously, rely on the target domain's individual identification and trust of the credential issuer upon cross-domain verification. Authentication cannot be performed when a user attempts to access a new domain that has no preset trust relationship with its existing credential issuer. The prior art lacks a mechanism for effectively delivering and proving the identity credibility of a brand-new domain without direct trust association by utilizing the credibility authentication history of a user in different domains in the past. How to realize dynamic cross-domain trust deduction without predicting trust relationship based on scattered verifiable historical behavior records is a main technical bottleneck facing the current. Disclosure of Invention The present invention aims to solve at least one of the technical problems existing in the prior art; therefore, the invention provides a block chain-based cross-domain identity authentication communication method, which comprises the following steps: acquiring a cross-domain authentication request containing an identity identifier and a domain identifier to be authenticated from user equipment, and converting the cross-domain authentication request into an authentication inquiry message in a standard format; Acquiring a target identity credential chain corresponding to the identity identifier from a preset blockchain network, wherein the target identity credential chain is formed by linking verification record blocks generated by historical authentication events in a plurality of authenticated domains according to time sequence; On the target identity credential chain, locating an effective authentication anchor point meeting a preset trust transfer rule with the domain identifier to be authenticated, extracting a verification abstract and an issuer domain signature associated with the effective authentication anchor point, and forming an anchor point evidence packet; Initiating cross-domain trust derivation of the identity identifier in an independent consensus verification layer based on the anchor evidence packet and the domain identifier to be authenticated, and generating cross-domain verification assertion comprising trust measurement and path evidence; Packaging the cross-domain verification assertion into a structured authentication response, and generating a cross-domain communication credential comprising an access token and an assertion abstract according to the structured authentication response; And returning the cross-domain communication credential to the user equipment so that the user equipment submits the cross-domain communication credential when communicating with the service domain corresponding to the domain identifier to be authenticated later. Further, obtaining a target identity credential chain corresponding to the identity identifier from a preset blockchain network, including: performing mapping search in an identity index of a blockchain network by taking the identity identifier as a query key to obtain a chain identifier list associated with the identity identifier; Selecting a main chain identifier from the chain identifier list according to a generation timestamp and an activity index of a credential chain head block corresponding to the chain identifier; And sequentially acquiring and assembling a complete sequence formed by the verification record blocks from the distributed storage of the blockchain network by using the main chain identifier, wherein the complete sequence is the target identity credential chain. Further, locating an effective authentication anchor point meeting a preset trust transfer rule with the domain identifier to be authenticated on the target identity credential chain, in