CN119892425A - Convenient cross-domain identity authentication system and method - Google Patents
Convenient cross-domain identity authentication system and method Download PDFInfo
- Publication number
- CN119892425A CN119892425A CN202411949049.1A CN202411949049A CN119892425A CN 119892425 A CN119892425 A CN 119892425A CN 202411949049 A CN202411949049 A CN 202411949049A CN 119892425 A CN119892425 A CN 119892425A
- Authority
- CN
- China
- Prior art keywords
- domain
- cross
- information
- identity authentication
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a convenient cross-domain identity authentication system and a method, which aim to improve the safety and efficiency in an image and video sharing scene. The system is based on the blockchain technology, realizes identity authentication and information sharing, and ensures data transmission safety and identity authentication reliability. Through the steps of opening an account in a blockchain, generating a temporary public-private key pair, issuing transaction information, verifying a user temporary identifier and the like, the system realizes accurate identification and authority control of the user identity, and simultaneously reduces storage and calculation resource requirements. The invention is particularly suitable for the data sharing environment requiring high security, and provides a safe and efficient data sharing platform for users.
Description
Technical Field
The invention relates to a convenient cross-domain identity authentication system, and also relates to a corresponding image sharing cross-domain identity authentication method/video sharing cross-domain identity authentication method, belonging to the technical field of network identity authentication.
Background
Under the advanced integration of informatization and networking, technologies such as Internet of things, mobile interconnection, industrial Internet and the like are rapidly developed, and the human society is marked to comprehensively enter an information age of 'everything interconnection'. This time feature brings new challenges to information systems, such as openness, large scale and complexity. The importance of network security is becoming increasingly prominent, not only relating to national security policies, but also involving personal data security, becoming a key support for the development of the information age. In this context, the establishment of trust relationships between network entities becomes particularly critical, which is a cornerstone that maintains network space security order. The blockchain technology provides a new thought and a solution for the construction of a network trust system by the characteristics of non-falsification, non-falsification and traceability.
In the chinese patent application with publication number CN118381635A, a block-chain-based cross-domain identity authentication method and system are disclosed. The technical scheme is that a safe network access channel is established between a browser used by a visitor and an enterprise intranet, information input by the visitor is called, an account verification intelligent contract deployed on a alliance chain is verified, whether an account password is correct or not is verified by an intelligent contract connection database, an IP address of the visitor is obtained, whether the IP address is a new IP address for first login or not is judged, identity recognition is utilized for second confirmation of the identity of the visitor, a terminal management and control system is established by a server, safety of safety cross-domain login is improved, a data access authority control and audit mechanism is established, a safety evaluation and vulnerability scanning mechanism is established, and system safety is continuously evaluated.
The above-described solution requires recording a large amount of account opening data in the blockchain system. The accumulation of such data over time can lead to increased storage space requirements, as well as increased computing resources required to process such data, adversely affecting the scalability and performance of the blockchain system.
Disclosure of Invention
The invention aims to provide a convenient cross-domain identity authentication system.
The invention aims to provide a convenient image sharing cross-domain identity authentication method.
The invention aims to provide a convenient video sharing cross-domain identity authentication method.
In order to achieve the technical purpose, the invention adopts the following technical scheme:
According to a first aspect of the embodiment of the invention, a convenient cross-domain identity authentication system is provided, which comprises a resource management module, a service agent module, a home domain user management module, an access control module, an outside domain user authentication module, a trusted platform module, an encryption and decryption module and a blockchain module;
The resource management module is responsible for sending an external resource list to a local domain user, interacting with the blockchain module, receiving/sending local domain resource information and external resource summarizing information, simultaneously, the resource management module is also communicated with the access control module, receiving/sending resource management and control information and sending an access request to the service agent module;
the service agent module processes cross-domain access, receives and initiates an external access request, and receives/transmits a temporary ID to the access control module;
the local domain user management module is responsible for receiving/transmitting login information of a local domain user, interacting with the access control module, receiving authority information of the local domain user and transmitting a login result of the local domain user;
The external domain user authentication module is cooperated with the access control module, receives a cross-domain authentication result and sends a cross-domain authentication request;
The trusted platform module exchanges signature information with the access control module and is responsible for receiving/sending signature data;
the encryption and decryption module interacts with the access control module and receives/transmits data to be encrypted and decrypted;
The blockchain module is responsible for receiving/transmitting blockchain-related data with an external system.
Preferably, the resource management module comprises a resource release sub-module and a resource receiving sub-module;
the resource receiving sub-module receives the resources of the external domain through the block chain system and pushes all accessible external resources to the user by combining the authority of the user of the local domain.
Preferably, the service agent module comprises a GB/T28181 protocol standard agent sub-module, a GA/T1400 protocol standard agent sub-module and a service sub-module;
The service sub-module interacts with a user in the local domain, on one hand, receives and modifies a request of the user, and sends a modified request message to the service sub-module of the peer-to-peer system in the external domain, on the other hand, receives the request of the external domain, interacts with the GB/T28181 protocol standard agent sub-module or the GB/T28181 protocol standard agent sub-module according to the content of the request, and interacts with an information system in the local domain respectively.
Preferably, the home domain user management module comprises an account management sub-module and a password strategy sub-module;
the account management submodule is used for completing account opening and account selling of individuals needing to access external resources, and the password strategy submodule is used for setting password complexity and password validity period strategies of users.
Preferably, the access control module comprises a permission management sub-module and a user state management sub-module;
the user state management submodule records the user in the logged-in state and generates temporary identity for the user.
Wherein preferably, the external domain user authentication module comprises a cross-domain user authentication sub-module;
The cross-domain user authentication sub-module receives a real identity request from the blockchain system, verifies the request message, interacts with the access control module to obtain a real identity, and sends a response message.
Preferably, the blockchain module comprises a transaction information receiving sub-module and a transaction information sending sub-module;
The transaction information sending sub-module sends the transaction information to the resource management module or the external domain user authentication module according to the type of the transaction information, or issues the transaction information through the blockchain system according to the interface information of the blockchain system.
Wherein preferably, the trusted platform module is implemented by a CCM3310S-T chip.
According to a second aspect of the embodiment of the present invention, there is provided a convenient image sharing cross-domain identity authentication method, wherein sharing information includes image data, including the steps of:
S1, using the cross-domain identity authentication system to complete account opening in a blockchain system, and storing authentication credentials returned by the blockchain system;
S2, the cross-domain identity authentication system logs in the blockchain system by using authentication credentials, generates a temporary public-private key pair, issues public key-transaction information through the blockchain system, and performs data synchronization in the blockchain system;
s3, the cross-domain identity authentication system of the information sharing domain issues externally accessible sharing information through a block chain, and performs data synchronization in the block chain system;
s4, the user of the information receiving domain completes account opening in a cross-domain identity authentication system of the domain;
S5, a user of the information receiving domain logs in a cross-domain identity authentication system of the domain;
S6, the cross-domain identity authentication system of the information receiving domain returns an accessible outer domain resource list according to the authority of the user;
s7, a user of the information receiving domain initiates a cross-domain access request for sharing information;
S8, a cross-domain identity authentication system of the information receiving domain randomly generates a unique temporary ID for a user in the local domain, marks date, time and validity period for the temporary ID to form a temporary identifier, signs the temporary identifier by using a temporary private key of the information receiving domain, expands a head domain to carry the temporary identifier and a wallet address of the information receiving domain in a cross-domain access request message, and issues 'user temporary identifier-transaction information' through a block chain system;
S9, the cross-domain identity authentication system of the information sharing domain finds a temporary public key according to the wallet address, then uses the temporary public key to check the temporary identifier, and obtains a temporary ID from the temporary identifier;
S10, judging whether the verification sign passes or not, if the verification sign passes and the cross-domain identity authentication system needs to know the real identity of the visitor in the outer domain, issuing special transaction information through a blockchain, and if the verification sign does not pass, returning an error report to an information receiving domain;
S11, an information system in the local domain opens access rights for a cross-domain identity authentication system of an information sharing domain, and the cross-domain identity authentication system of the information sharing domain accesses the information system according to GB/T28181 protocol standard or GA/T1400 protocol standard through the access rights to request to acquire related sharing information;
S12, a cross-domain identity authentication system of the information receiving domain receives a request for acquiring the true identity of a user from a blockchain system, and recovers a temporary ID from transaction contents by using a private key;
S13, the information system in the local domain returns data to the cross-domain identity authentication system of the information sharing domain according to the request
S14, the cross-domain identity authentication system of the information receiving domain encrypts the account of the user by using a temporary public key of the cross-domain identity authentication system of the information sharing domain, and then sends the ciphertext to the cross-domain identity authentication system of the information sharing domain in a URL expanding mode;
and S15, receiving data by a user of the information receiving domain.
According to a third aspect of the embodiment of the present invention, there is provided a convenient video sharing cross-domain identity authentication method, including the steps of:
S01, using the cross-domain identity authentication system to complete account opening in the blockchain system, and storing authentication credentials returned by the blockchain system;
S02, the cross-domain identity authentication system logs in the blockchain system by using authentication credentials, generates a temporary public-private key pair, issues public key-transaction information through the blockchain system, and performs data synchronization in the blockchain system;
S03, the cross-domain identity authentication system of the information sharing domain issues externally accessible sharing information through a block chain, and performs data synchronization in the block chain system;
s04, the user of the information receiving domain completes account opening in a cross-domain identity authentication system of the domain;
s05, a user of the information receiving domain logs in a cross-domain identity authentication system of the domain;
s06, the cross-domain identity authentication system of the information receiving domain returns an accessible outer domain resource list according to the authority of the user;
S07, a user of an information receiving domain initiates a cross-domain access request for sharing information;
S08, a cross-domain identity authentication system of an information receiving domain randomly generates a unique temporary ID for a user in the domain, marks date, time and validity period for the temporary ID to form a temporary identifier, then signs the temporary identifier by using a temporary private key of the information receiving domain, expands a wallet address carrying the temporary identifier and the information receiving domain in a cross-domain access request, and issues 'user temporary identifier-transaction information' through a blockchain;
S09, the cross-domain identity authentication system of the information sharing domain finds a temporary public key according to the wallet address, then uses the temporary public key to check the temporary identifier and obtains a temporary ID from the temporary identifier;
S010, judging whether the verification sign passes or not, if the verification sign passes and the cross-domain identity authentication system needs to know the real identity of the visitor in the outer domain, issuing special transaction information through the blockchain, and if the verification sign does not pass, returning an error report to the information receiving domain;
S011, the information system opens access rights for a cross-domain identity authentication system of the information sharing domain, and the cross-domain identity authentication system of the information sharing domain accesses the information system according to GB/T28181 protocol standard or GA/T1400 protocol standard through the access rights to request to acquire related sharing information;
S012, the information system generates a response message according to GB/T28181 protocol and sends the response message to the cross-domain identity authentication system of the information sharing domain;
s013, forwarding response information to the cross-domain identity authentication system of the information receiving domain by the cross-domain identity authentication system of the information sharing domain;
S014, forwarding a response message to the user by the cross-domain identity authentication system of the information receiving domain, and preparing to receive the video stream by the user according to the information in the response message;
S015, the information system sends the video stream to a user of an information receiving domain;
S016, the cross-domain identity authentication system of the information receiving domain encrypts the account of the user by using the temporary public key of the cross-domain identity authentication system of the information sharing domain, and then sends the ciphertext to the cross-domain identity authentication system of the information sharing domain.
Compared with the prior art, the invention realizes an efficient and safe identity authentication mechanism by constructing a cross-domain identity authentication system based on the blockchain, and particularly optimizes the sharing flow of image and video data. The system provides a solid trust basis for cross-domain identity authentication by utilizing the characteristics of non-falsification and transparency of the blockchain, and ensures the authenticity of the user identity and reasonable control of access authority through the steps of generating a temporary public-private key pair, issuing transaction information, verifying the user temporary identifier through the blockchain and the like. The invention not only enhances the safety of data sharing, but also effectively reduces the storage and calculation burden of the block chain system by reducing the necessary information storage on the block chain.
Drawings
FIG. 1 is a system deployment diagram for implementing the present invention;
FIG. 2 is a schematic diagram of a cross-domain identity authentication system according to an embodiment of the present invention;
FIG. 3 is an information interaction diagram of an image sharing cross-domain identity authentication method provided by an embodiment of the invention;
fig. 4 is an information interaction diagram of a video sharing cross-domain identity authentication method according to an embodiment of the present invention.
Detailed Description
The technical contents of the present invention will be described in detail with reference to the accompanying drawings and specific examples.
The invention provides a convenient and safe cross-domain identity authentication system and a method, which are particularly suitable for scenes of image and video sharing. The system realizes identity authentication and information sharing through a block chain technology, and ensures the safety of data transmission and the reliability of identity authentication. As shown in fig. 1, the system includes three main parts, an information receiving domain, an information sharing domain, and a blockchain, which are connected to each other through a network. In the information receiving domain, the cross-domain identity authentication system is directly connected with a user network and is responsible for processing the identity authentication and information request of the user. The domain sends a true identity response to the information sharing domain and a wallet address and public key to the blockchain while receiving the wallet address and public key from the blockchain to ensure the security of the transaction. The information sharing domain comprises a cross-domain identity authentication system and an information system, wherein the cross-domain identity authentication system is connected with the information system through a network to acquire data in the information system. In addition, the information sharing domain sends wallet address, public key, and real identity requests to the blockchain and receives corresponding information from the blockchain.
Compared with the prior art, the invention has the main technical concept of providing a decentralised trust foundation for cross-domain identity authentication by utilizing the non-tamper property and transparency of the blockchain. The corresponding cross-domain identity authentication system adopts a modularized design, and comprises a resource management module, a service agent module, a home domain user management module, an access control module, an outer domain user authentication module, a trusted platform module, an encryption and decryption module and the like, wherein each module has specific functions and responsibilities and cooperates together to complete cross-domain identity authentication and information sharing.
In addition, the trusted platform module can be realized by adopting chips such as CCM3310S-T, CCM3310S-H, CCM3320S and the like to provide security protection at a hardware level, and the functions of key management, system integrity verification, digital signature, identity authentication and the like are included, so that the security of the whole cross-domain identity authentication system is enhanced. By the design, the invention not only improves the efficiency and the safety of cross-domain identity authentication, but also reduces the performance overhead of the blockchain system, because the blockchain system only stores the minimum necessary information. The invention is particularly suitable for image and video sharing application scenes which need high security and reliability, and can provide a convenient and safe data sharing platform for users.
First embodiment
As shown in FIG. 2, the convenient cross-domain identity authentication system provided by the first embodiment of the invention comprises a resource management module, a service agent module, a home domain user management module, an access control module, an external domain user authentication module, a trusted platform module, an encryption and decryption module and a blockchain module.
The resource management module is responsible for sending an external resource list to a local domain user, interacting with the blockchain module, receiving/sending local domain resource information and external resource summary information, meanwhile, the resource management module is also communicated with the access control module, receiving/sending resource management information and sending an access request to the service agent module, the service agent module processes cross-domain access, receives and initiates an external access request and receives/sends a temporary ID to the access control module, the local domain user management module is responsible for receiving/sending login information of the local domain user and interacting with the access control module, receiving authority information of the local domain user and sending login results of the local domain user, the external domain user authentication module cooperates with the access control module, receiving the cross-domain authentication results and sending cross-domain authentication requests, the external domain user authentication module also receives cross-domain authentication requests sent by the blockchain module and sends cross-domain authentication results to the outside, the trusted platform module exchanges signature information with the access control module and is responsible for receiving/sending signature data, the encryption and decryption module interacts with the access control module and receives/sends data to be encrypted and to be decrypted, and the blockchain module is responsible for receiving/sending data related to an external system.
In one embodiment of the invention, the resource management module includes a resource publishing sub-module and a resource receiving sub-module. The resource release sub-module releases the resources which are shared by the domain to the outside through the block chain system. The resource receiving sub-module receives the resources of the external domain through the block chain system and pushes all the accessible external resources to the user by combining the authority of the user of the local domain.
In one embodiment of the invention, the service agent module comprises a GB/T28181 protocol standard agent sub-module, a GA/T1400 protocol standard agent sub-module and a service sub-module. The service sub-module interacts with the local domain user, on one hand, receives the request of the user, adds necessary information into the request message, and sends the modified request message to the service sub-module of the external domain peer-to-peer system. And on the other hand, receiving a request of an outer domain, and interacting with the GB/T28181 protocol standard agent sub-module or the GB/T28181 protocol standard agent sub-module according to the content of the request. The GB/T28181 protocol standard agent sub-module and the GB/T28181 protocol standard agent sub-module respectively interact with an information system in the local area.
In one embodiment of the invention, the home domain user management module comprises an account management sub-module and a password policy sub-module. The account management sub-module is used for completing account opening and account selling of individuals needing to access external resources. The password strategy submodule is used for setting password complexity and password validity period strategies of the user.
In one embodiment of the invention, the access control module includes a rights management sub-module and a user state management sub-module. The authority management sub-module sets authority for users in the local domain and is used by the resource management module. The user state management submodule records the user in the logged-in state and generates a temporary identity for the user.
In one embodiment of the invention, the external domain user authentication module comprises a cross-domain user authentication sub-module which is used for receiving a real identity request from the blockchain system, verifying the request message, and interacting with the access control module to obtain the real identity and sending a response message.
The trusted platform module is a microchip embedded in hardware devices such as a computer motherboard. It aims to enhance the security of the whole computer system by providing security-related functions, provide protection of hardware level for sensitive data, keys and other information in the system, and can be used for verifying the integrity of the system starting process and the like. In one embodiment of the invention, the microchip is of the type CCM3310S-T (or CCM3310S-H, CCM3320S, etc., but is not limited thereto). CCM3310S-T is a vehicle-mounted security chip developed independently of state-of-the-art technology, which employs a 32-bit CPU security kernel CS0 with independent intellectual property, has 32K-byte SRAM, 16K-byte ROM and 256K-byte EFLASH storage resources, and DMA/EDMA, 2 timers, watchdog and timer modules. For further explanation of CCM3310S-T, reference may be made to the links http:// www.fai thiot.com/content S/11/179.Html, which are not described in detail herein.
The main functions of the trusted platform module include key management, system integrity verification, digital signature and identity authentication.
The key management means that the encryption key can be safely generated, stored and managed inside the trusted platform module. For example, it may generate a symmetric key for encrypting hard disk data, or an asymmetric key pair (public and private keys) for digital signature, authentication. Because the secret key is stored in the protected area inside the hardware, compared with the secret key stored in the software layer, the secret key is less prone to be stolen or tampered, and therefore the security of the secret key is improved.
The system integrity verification means that when the computer is started, the trusted platform module can perform hash operation on each key component (such as BIOS, boot loader, operating system kernel and the like) in the starting process, and compare the obtained hash value with a legal hash value stored in the chip in advance. If an inconsistency occurs, meaning that the system may be tampered with, the trusted platform module may take appropriate action, such as preventing the system from starting or alerting an administrator, to ensure that the system is started in a trusted configuration.
Digital signature refers to the fact that a trusted platform module can digitally sign data, files and the like by using a stored private key thereof to prove the source and the integrity of the data. For example, in some scenarios where the authenticity of a document needs to be guaranteed, a recipient may verify the signature by using a corresponding public key through a document signed by the trusted platform module, to confirm whether the document is from a trusted source and has not been tampered with.
Identity authentication refers to the fact that identity authentication of a user or equipment can be assisted based on information such as a key stored in the identity authentication device. For example, in an enterprise network environment, when a computer accesses a network, the legitimacy of the computer is proved to a server by the aid of related information in a trusted platform module, so that safer and more reliable network access is realized.
In one embodiment of the invention, the encryption and decryption module comprises an encryption sub-module and a decryption sub-module, which are used for encrypting plaintext data or decrypting ciphertext data. The blockchain module comprises a transaction information receiving sub-module and a transaction information transmitting sub-module. Wherein the transaction information receiving sub-module periodically obtains the latest transaction information from the blockchain system. The transaction information sending sub-module sends the transaction information to the resource management module or the external domain user authentication module according to the type of the transaction information, or issues the transaction information through the blockchain system according to the interface information of the blockchain system.
Second embodiment
As shown in fig. 3, the method for conveniently and rapidly sharing image cross-domain identity authentication according to the second embodiment of the present invention uses image data as sharing information, and specifically includes the following steps:
S1, using the cross-domain identity authentication system to complete account opening in the blockchain system, and storing authentication credentials returned by the blockchain system, namely a certificate and a private key.
S2, the cross-domain identity authentication system logs in the blockchain system by using authentication credentials, generates a temporary public-private key pair, issues public key-transaction information through the blockchain system, and performs data synchronization in the blockchain system.
In step S2, when the cross-domain identity authentication system first attempts to log into the blockchain system, it must publish its wallet address and a pair of temporary public and private keys by creating and issuing a transaction. In this transaction, both the publisher and the recipient refer to the same entity, namely the cross-domain authentication system itself that performs the login.
And S3, the cross-domain identity authentication system of the information sharing domain issues externally accessible sharing information through the blockchain, and performs data synchronization in the blockchain system.
S4, the user of the information receiving domain completes account opening in the cross-domain identity authentication system of the domain.
S5, the user of the information receiving domain logs in the cross-domain identity authentication system of the domain.
Step S5 describes the process of the user logging into the cross-domain identity authentication system. In this step, the authentication method is not limited to a specific mechanism, but any existing authentication method may be employed. For example, authentication can be performed by using a traditional account encryption mode, and a biometric-based authentication mode, such as fingerprint identification, can also be adopted.
And S6, the cross-domain identity authentication system of the information receiving domain returns an accessible outer domain resource list according to the authority of the user.
S7, the user of the information receiving domain initiates a cross-domain access request for sharing information.
S8, the cross-domain identity authentication system of the information receiving domain randomly generates a unique temporary ID for the user of the domain, marks date, time and validity period for the temporary ID to form a temporary identifier, signs the temporary identifier by using a temporary private key of the information receiving domain, expands a head domain to carry the temporary identifier and a wallet address of the information receiving domain in a cross-domain access request message, and issues 'user temporary identifier-transaction information' through a block chain system.
S9, the cross-domain identity authentication system of the information sharing domain finds a temporary public key according to the wallet address, uses the temporary public key to check the temporary identifier, and obtains the temporary ID from the temporary identifier.
S10, judging whether the check mark passes or not. If the verification passes and the cross-domain identity authentication system needs to know the real identity of the outside-domain visitor, special transaction information is issued through the blockchain. If the verification signature does not pass, an error report is returned to the information receiving domain.
Step S10 relates to a special transaction information processing method. In this step, the information sharing domain serves as a sender, and transmits specific transaction information to the information receiving domain. The contents of this transaction are the temporary ID encrypted using the temporary public key of the information receiving domain. Such a design ensures the security and privacy of the information, since only the information receiving domain having the corresponding private key can decrypt and recognize the real temporary ID.
S11, the information system in the local domain opens access rights for the cross-domain identity authentication system of the information sharing domain, and the cross-domain identity authentication system of the information sharing domain accesses the information system according to the GB/T28181 protocol standard or the GA/T1400 protocol standard through the access rights to request to acquire related sharing information.
And S12, the cross-domain identity authentication system of the information receiving domain receives a request for acquiring the true identity of the user from the blockchain system, and recovers the temporary ID from the transaction content by using the private key.
And S13, the information system in the local domain returns data to the cross-domain identity authentication system of the information sharing domain according to the request.
S14, the cross-domain identity authentication system of the information receiving domain encrypts the account of the user by using the temporary public key of the cross-domain identity authentication system of the information sharing domain, and then sends the ciphertext to the cross-domain identity authentication system of the information sharing domain in a URL expanding mode.
And S15, receiving data by a user of the information receiving domain.
In summary, in the image sharing cross-domain identity authentication method provided by the second embodiment of the present invention, through the steps of creating a temporary key pair, issuing sharing information, generating and verifying a temporary ID, security and reliability of authentication of image data in a cross-domain transmission process are ensured, and meanwhile, system performance overhead is reduced, and authentication efficiency and convenience of data sharing are improved.
Third embodiment
As shown in fig. 4, the method for conveniently and rapidly sharing video across-domain identity authentication according to the third embodiment of the present invention uses video data as sharing information, and specifically includes the following steps:
S01, using the cross-domain identity authentication system to complete account opening in the blockchain system, and storing authentication credentials returned by the blockchain system, namely a certificate and a private key.
S02, the cross-domain identity authentication system logs in the blockchain system by using the authentication credentials, generates a temporary public-private key pair, issues public key-transaction information through the blockchain system, and performs data synchronization in the blockchain system.
Step S02 details the first interaction procedure of the cross-domain identity authentication system and the blockchain system. Specifically, when a cross-domain identity authentication system first logs into a blockchain system, it needs to publish its wallet address and a pair of temporary public and private keys by creating and issuing a transaction. In this transaction, the identities of the publisher and the recipient both refer to the same entity, namely the cross-domain authentication system itself that performs the login operation.
S03, the cross-domain identity authentication system of the information sharing domain issues externally accessible sharing information through the blockchain, and performs data synchronization in the blockchain system.
S04, the user of the information receiving domain completes account opening in the cross-domain identity authentication system of the domain.
S05, the user of the information receiving domain logs in the cross-domain identity authentication system of the domain.
Step S05 involves the process of the user logging into the cross-domain identity authentication system. In this step, the authentication method is not limited to a specific mechanism, but any existing authentication method may be employed. For example, the user may choose to authenticate by using a conventional account encryption method, or may use a biometric-based authentication method, such as fingerprint identification.
And S06, the cross-domain identity authentication system of the information receiving domain returns an accessible outer domain resource list according to the authority of the user.
S07, a user of the information receiving domain initiates a cross-domain access request for sharing information.
S08, a cross-domain identity authentication system of the information receiving domain randomly generates a unique temporary ID for a user in the local domain, marks date, time and validity period for the temporary ID to form a temporary identifier, then signs the temporary identifier by using a temporary private key of the information receiving domain, expands a wallet address carrying the temporary identifier and the information receiving domain in a cross-domain access request, and issues 'user temporary identifier-transaction information' through a blockchain.
S09, the cross-domain identity authentication system of the information sharing domain finds the temporary public key according to the wallet address, then uses the temporary public key to check the temporary identifier, and obtains the temporary ID from the temporary identifier.
S010, judging whether the check mark passes. If the verification passes and the cross-domain identity authentication system needs to know the real identity of the outside-domain visitor, special transaction information is issued through the blockchain. If the verification signature does not pass, an error report is returned to the information receiving domain.
Step S010 describes a special transaction information processing way. In this step, the information sharing domain serves as a sender, and transmits specific transaction information to the information receiving domain. The requested content of this transaction is the temporary ID encrypted using the temporary public key of the information receiving domain. Such a design ensures the security and privacy of the information, since only the information receiving domain having the corresponding private key can decrypt and recognize the real temporary ID.
And S011, the information system opens access rights for the cross-domain identity authentication system of the information sharing domain, and the cross-domain identity authentication system of the information sharing domain accesses the information system according to the GB/T28181 protocol standard or the GA/T1400 protocol standard through the access rights to request to acquire related sharing information.
S012, the information system generates a response message according to the GB/T28181 protocol and sends the response message to the cross-domain identity authentication system of the information sharing domain.
S013, forwarding response information to the cross-domain identity authentication system of the information receiving domain by the cross-domain identity authentication system of the information sharing domain.
And S014, forwarding a response message to the user by the cross-domain identity authentication system of the information receiving domain, and preparing to receive the video stream by the user according to the information in the response message.
And S015, the information system sends the video stream to a user of the information receiving domain.
S016, the cross-domain identity authentication system of the information receiving domain encrypts the account of the user by using the temporary public key of the cross-domain identity authentication system of the information sharing domain, and then sends the ciphertext to the cross-domain identity authentication system of the information sharing domain.
In summary, the video sharing cross-domain identity authentication method provided by the third embodiment of the present invention realizes the steps of user account opening, generation of a temporary public and private key pair, release of accessible video information, processing of a cross-domain access request, verification of a user temporary ID, and the like through a blockchain technology, ensures the security and the authentication reliability of video data in cross-domain transmission, protects user account information through an encryption technology, reduces the performance overhead of a blockchain system, and improves the efficiency and security of video sharing.
It should be noted that the above embodiments are only examples. The technical schemes of the embodiments can be combined, and all the technical schemes are within the protection scope of the invention.
The cross-domain identity authentication method and the system provided by the invention are described in detail. Any obvious modifications to the present invention, without departing from the spirit thereof, would constitute an infringement of the patent rights of the invention and would take on corresponding legal liabilities.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411949049.1A CN119892425B (en) | 2024-12-27 | 2024-12-27 | A convenient cross-domain identity authentication system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411949049.1A CN119892425B (en) | 2024-12-27 | 2024-12-27 | A convenient cross-domain identity authentication system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN119892425A true CN119892425A (en) | 2025-04-25 |
| CN119892425B CN119892425B (en) | 2025-11-21 |
Family
ID=95420425
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202411949049.1A Active CN119892425B (en) | 2024-12-27 | 2024-12-27 | A convenient cross-domain identity authentication system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN119892425B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100064354A1 (en) * | 2006-12-01 | 2010-03-11 | David Irvine | Maidsafe.net |
| CN117081734A (en) * | 2023-08-08 | 2023-11-17 | 河南科技大学 | Cross-domain authentication method for trusted access of industrial Internet equipment |
| CN117394977A (en) * | 2023-10-12 | 2024-01-12 | 重庆邮电大学 | Anonymous identity data storage method and system based on blockchain |
| CN117997640A (en) * | 2024-02-04 | 2024-05-07 | 北京交通大学 | Cross-domain authentication method and system for IoT devices based on cross-chain technology |
| CN118174851A (en) * | 2022-12-09 | 2024-06-11 | 大唐移动通信设备有限公司 | Cross-domain authentication method, device, apparatus and storage medium |
-
2024
- 2024-12-27 CN CN202411949049.1A patent/CN119892425B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100064354A1 (en) * | 2006-12-01 | 2010-03-11 | David Irvine | Maidsafe.net |
| CN118174851A (en) * | 2022-12-09 | 2024-06-11 | 大唐移动通信设备有限公司 | Cross-domain authentication method, device, apparatus and storage medium |
| CN117081734A (en) * | 2023-08-08 | 2023-11-17 | 河南科技大学 | Cross-domain authentication method for trusted access of industrial Internet equipment |
| CN117394977A (en) * | 2023-10-12 | 2024-01-12 | 重庆邮电大学 | Anonymous identity data storage method and system based on blockchain |
| CN117997640A (en) * | 2024-02-04 | 2024-05-07 | 北京交通大学 | Cross-domain authentication method and system for IoT devices based on cross-chain technology |
Non-Patent Citations (2)
| Title |
|---|
| YING LIU等: "《Secure System Logon Based on IBC and Mobile Terminal》", 《2017 13TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL INTELLIGENCE AND SECURITY》, 31 December 2017 (2017-12-31), pages 1 - 5 * |
| 栗红梅等: "《公共安全视频监控联网信息安全测试规范》", pages 1 - 43, Retrieved from the Internet <URL:《Test specifications for information security of video surveillance network system for public security》> * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN119892425B (en) | 2025-11-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8196186B2 (en) | Security architecture for peer-to-peer storage system | |
| Oktian et al. | BorderChain: Blockchain-based access control framework for the Internet of Things endpoint | |
| JP5860815B2 (en) | System and method for enforcing computer policy | |
| JP5021215B2 (en) | Reliable third-party authentication for web services | |
| CN102217277B (en) | Method and system for token-based authentication | |
| US12309261B2 (en) | Cryptographic systems and methods using distributed ledgers | |
| CN101496019B (en) | Method for access verification of distributed file system and distributed file system | |
| WO2000042730A1 (en) | Seamless integration of application programs with security key infrastructure | |
| US7266705B2 (en) | Secure transmission of data within a distributed computer system | |
| CN102577301A (en) | Method and apparatus for trusted authentication and login | |
| US12450385B2 (en) | Integration of identity access management infrastructure with zero-knowledge services | |
| JP5992535B2 (en) | Apparatus and method for performing wireless ID provisioning | |
| CN114697061B (en) | Access control method, device, network side equipment, terminal and blockchain node | |
| Ding et al. | Bloccess: towards fine-grained access control using blockchain in a distributed untrustworthy environment | |
| TW202213147A (en) | Distributed anonymized compliant encryption management system | |
| Chen et al. | An intelligent blockchain-enabled authentication protocol for transportation cyber-physical systems | |
| CN113239376B (en) | Data sharing method, request method and device based on block chain | |
| Liu et al. | Light-Weighted Mutual Authentication and Key Agreement in V2N VANET. | |
| JP6045018B2 (en) | Electronic signature proxy server, electronic signature proxy system, and electronic signature proxy method | |
| CN118869177B (en) | Digital identity management method, system, electronic equipment and computer readable storage medium based on blockchain | |
| CN106576050B (en) | Three-tier security and computing architecture | |
| WO2025227758A1 (en) | Data sharing method, device and system | |
| CN119892425B (en) | A convenient cross-domain identity authentication system and method | |
| Fongen et al. | The integration of trusted platform modules into a tactical identity management system | |
| CN114996770B (en) | Identity recognition method based on sink management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |