Design And Implementation Of A Cross-domain Identity Authentication Architecture With Both High Efficiency And Proprietary Protection Features

Public Key Infrastructure(PKI)technology is a general deployment in cyberspace,which determines the uniqueness,authenticity and legitimacy of entity identities by maintaining digital certificates.It is well known that each PKI system forms a closed security domain and only recognizes certificates in its own domain.When users need to access services in other domains,they often cannot be recognized or the authentication systems require performing extremely complex operations to authenticate the users' identities.This is the cross-domain authentication problem.Especially in the 5G communication,finance,credit investigation,Io T,medical scenarios,it is urgent to build a cross-domain authentication platform.Previous studies on this issue include relying on trusted third parties,bridging and crosscertification.However,due to the excessive centralization of the above methods,the problem of single point of failure is common.The distributed consensus feature of blockchain provides a technical approach to solve this problem.Nevertheless,there are some challenging issues in existing blockchain-based schemes.On one hand,due to the low throughput of blockchain systems,the response speed may be insufferable when the number of cross-domain authentication requirements becomes enormous.On the other hand,the blockchain-based solution insufficently considers the privacy leakage issues at the data level and the authentication process.To solve the problem of cross-domain authentication,we propose a cross-domain identity authentication architecture that decouple storage and control layers.The architecture constructs a decentralized cross-domain authentication model based on the interplanetary file system(IPFS)and blockchain and is compatible with the existing PKI and Certificate Transparency(CT)systems.To address the above challenges,we propose an efficient cross-domain data management scheme.Through the Multiple Merkle Hash Tree and lightweight correctness verification protocol,we achieve rapid response to massive identity authentication requests.To protect the privacy of users,we propose a cross-domain anonymous identity authentication scheme and design the cross-domain anonymous identity authentication protocol based on zero-knowledge proof and pseudonym.Finally,we analyze the security of the cross-domain authentication architecture and implements the prototype system.The experimental and comparative analysis of the system shown that the cross-domain identity authentication architecture has faster response speed,stronger security and privacy protection and higher practicability.