摘要

In the context of cloud computing, the interaction between clients in different application domains becomes more frequent, which makes cross-domain identity authentication safely and efficiently become an important research topic. Public key infrastructure (PKI) is a technology to solve cross-domain authentication. However, there are problems such as difficulty in mutual trust between multiple certificate authority nodes (CA), failure of single point, and low efficiency in the traditional PKI method. Blockchain is a promising technology for decentralized trust management by providing consistent data storage, which gives impetus to the further development of cross-domain identity authentication. Thus, this article apply blockchain to cross-domain identity authentication. To solve the defects of the traditional PKI method, the design requirements are analyzed firstly, based on the analysis result, we proposed a double-layer cross-domain identity authentication model by constructing a consortium blockchain which is comprised of authentication server nodes (AS) and some internal blockchain, the model can highly improve the scalability of the PKI system without changing the internal architecture. Then a novel authentication protocol was put forward. The protocol can improve the efficiency of online cross-domain identity authentication transactions by verifying the hash instead of the signature of their certificate. By putting the generation process of the blockchain certificate and the storage process of its hash in the registration operation and reducing the authentication process for AS and CA, the efficiency is further improved. Finally, the protocol was evaluated by security and performance analysis. The results display our protocol can guarantee security and has an excellent performance in cross-domain identity authentication transactions.