摘要
针对高校传统信息系统中“用户名+密码”方式认证的缺陷,文中采用去中心化身份技术完成去中心化无密码认证系统的设计。首先,对由去中心化身份标识、可验证凭证、可验证表达和分布式公钥机制构成去中心化身份的技术原理和适用性进行分析;其次,采用去中心化身份控制权判断和用户信息选择性披露验证技术,定义以密码学证明方式实现无密码认证的方法;再次,以联盟区块链和去中心化身份组件为实现环境,以用户实体身份信息为可信数据来源,以高校机构或共识联盟背书为数字化身份信任构造手段,通过依次进行角色和运行过程定义的模式设计、服务模块和模块间关系定义的架构设计、功能及层次关系定义的功能设计、信息交互和处理逻辑定义的时序设计,完成系统的整体设计。文中的创新点在于:实现身份信息的用户控制和共同维护,符合认证信息提供的“知情同意”和“最小必要”原则,实现身份属性验证的自我证明。
In allusion to the shortcomings of"user name+password"authentication in the traditional information system of universities,the decentralized passwordless authentication system is designed by means of decentralized identity technology.The technology principle and applicability of decentralized identity composed of decentralized identity label,verifiable credential,verifiable presentation and distributed public key mechanism are analyzed.The decentralized identification control right judgment and user information selective disclosure verification technology are adopted to define the method of realizing passwordless authentication by means of the proof mode in cryptography.By taking the alliance blockchain and decentralized identity components as the implementation environment,the user entity identity information as the trusted data source,and the endorsement of university institutions or consensus alliances as the digital identity trust construction means,the pattern design of role and operation process definition,the architecture design of service module and relationship definition between modules,the functional design of function and hierarchical relationship definition,and the time⁃series design of information interaction and processing logic definition are carried out in turn,so as to complete the overall design of the system.The innovation of this paper is to achieve user control and common maintenance of identity information,comply with the principles of"informed consent"and"minimum necessity"provided by authentication information,and achieve self certification of identity attribute verification.
作者
夏亚东
车路
王关祥
马鸿健
XIA Yadong;CHE Lu;WANG Guanxiang;MA Hongjian(Network Information Technology Center,Shandong Agricultural University,Tai’an 271018,China)
出处
《现代电子技术》
2023年第8期137-142,共6页
Modern Electronics Technique
基金
中国教育技术协会高等农业院校分会智慧校园项目:基于SDN框架的智慧校园网络基础设施体系优化(C21LX03)。
关键词
高校
去中心化身份
身份认证
无密码认证
技术原理
适用性分析
时序设计
university
decentralized identity
identity authentication
passwordless authentication
technology principle
applicability analysis
time⁃series design
