摘要
身份信息滥用是社会顽疾问题。文中提出了一种基于区块链的身份鉴证与授权(Blockchain-based Identity Authentication and Authorization,BIAA)机制,该机制要求用户主体在对业务进行身份授权时提供有效身份证件和生物特征信息,确保业务为本人授权;同时将业务信息及身份授权写入区块链账本,进一步实现业务的安全存证与可追溯。为构建该机制,提出了“身份注册-身份授权”星形多区块链架构,身份注册链采用可控联盟链方式,由身份管理权威机构对身份信息注册实施管理,并提供身份鉴证服务;身份授权链可由各行业在获得权威机构许可后构建,其提供的相应业务在身份鉴证确认后,与身份授权信息写入身份授权链。在技术实现上,设计了一个身份注册-鉴证-授权(Identity Register-Authenticate-Authorize,IRAA)终端,将用户生物信息和身份证件信息读取后利用哈希运算转化为密文,确保用户明文信息不上线;设计了身份鉴证协议,实现身份鉴证链为各身份授权链提供身份鉴证服务,协议过程以密文形式进行;设计了身份授权通用智能合约,实现对应用业务的身份授权管理与存证。最后利用二代身份证和指静脉纹作为身份信息构建了原型系统,验证了BIAA机制的安全性、可行性与有效性,为解决身份信息滥用问题提供有价值的参考。
The abuse of people’s identity information is a serious problem in nowadays society.In this paper,a blockchain-based identity authentication and authorization(BIAA)mechanism is proposed.BIAA requires users to provide the effective identity certificate and biological feature to authorize the business,to ensure that the business is authorized by the user.Then,the identity authorization together with the business contract will be written into the blockchain ledger with the secure and traceable manner.To fulfill BIAA,a stellate multi-blockchain structure is proposed for identity register and authorization.An identity register blockchain is built using consortium blockchain which is maintained by authorities to manage the identity registration.It also charges to identity authentication.Multiple identity authorization blockchains can be built with the permission from identity register blockchain.Each identity authorization blockchain can be maintained by a business sector and write the business contracts with identity authorizations into the blockchain ledger.For technical implementation,an identity register-authenticate-authorize(IRAA)terminal is designed.It transforms the identity and biological feature into ciphertext by hash function,thus to guarantee the identity information offline and secure.It is also embedded with the protocol to deal with the identity authentication in an encrypted way.IRAA terminal also charges to sign the business contract using digital signature and thus finish the identity authorization.Finally,a prototype system leveraging second-generation identity certificate and finger vein pattern as identity information is built,which verifies the security,feasibility,and effectiveness of BIAA mechanism and provides a valuable reference for solving the abuse of identity.
作者
林飞龙
岳跃栋
郑建辉
陈中育
李明禄
LIN Feilong;YUE Yuedong;ZHENG Jianhui;CHEN Zhongyu;LI Minglu(College of Mathematics and Computer Science,Zhejiang Normal University,Jinhua,Zhejiang 321004,China)
出处
《计算机科学》
CSCD
北大核心
2023年第S01期765-773,共9页
Computer Science
基金
国家自然科学基金(62273310)
浙江省自然科学基金(LY22F030006)。
关键词
身份信息安全
身份鉴证
身份授权
区块链
智能合约
Identity information security
Identity authentication
Identity Authorization
Blockchain
Smart contract
