CN117424747A - Cross-domain access control method and system based on multi-block chain - Google Patents

Abstract

The invention relates to the technical field of blockchain information security, in particular to a cross-domain access control method and system based on multiple blockchains, which are implemented by deploying access control chains of an access control model based on attributes in each security domain, downloading access decisions in and among domains to the access control chains in each domain, and utilizing a relay chain cross-chain technology to be compatible with heterogeneous access control chains in each security domain; based on the trust evaluation contracts of the intelligent contracts, which are policy decision contracts, policy management contracts, attribute authority contracts, inter-domain intermediary contracts and trust management in the ABAC model are introduced into the intra-domain and inter-domain access control flow, the trusted cross-domain access control of the intra-domain and inter-domain without the need of a third party access is realized; and realizing the security assurance of the cross-domain access control data based on the cross-chain interoperability and the SPV data verification algorithm. The method and the device are applicable to cross-domain access control scenes in a multi-domain environment, and can meet requirements of inter-domain privacy and expansibility in the multi-domain environment.

Description

Cross-domain access control method and system based on multi-blockchain

Technical field

The present invention relates to the field of blockchain information security technology, and in particular to a multi-blockchain-based cross-domain access control method and system.

Background technique

With the rapid development of information technologies such as big data, the Internet of Things, and cloud computing, people are gradually realizing the value of data. Data has become a new production factor in various fields including medical care, finance, and scientific research. In the context of big data, data is growing explosively and is scattered in business information systems established by different organizations. In order to meet data privacy requirements, these organizations are often divided into different security domains. Each security domain designs different security domains based on different business needs. Security policies make each security domain interconnected within the domain and isolated between domains, resulting in data being underutilized. Therefore, it is necessary to break the information isolation status of different information systems, enable the flow of data in different security domains, and realize data sharing from closed single domain to collaborative cross-domain. However, security incidents occur one after another during the data sharing process, so it is necessary to reduce the risk of data leakage during the data sharing process in a multi-domain environment and ensure data security.

Access control technology is an important security technology to ensure data security in multi-domain data sharing systems. By restricting users' access rights to data, it prevents illegal users' access behaviors and legal users' illegal access behaviors. At the same time, access control technology can also help managers control and limit users' access rights to various resources in the system, ensure the confidentiality, integrity and availability of data, and maintain the security and stable operation of the system. At present, traditional access control models such as discretionary access control, mandatory access control and role-based access control are very mature and have been used on a large scale to protect resources. However, the above models cannot be directly applied in multi-domain environments and are in urgent need of detailed The granular and flexible access control model meets the access control needs in multi-domain environments. The attribute-based access control model describes permission information through entity attributes and can respond to access requirements in multi-domain complex environments more flexibly and fine-grainedly. However, the attribute-based access control model has limitations in achieving decision transparency and auditability. If it is missing, new technologies need to be introduced to improve it.

In recent years, most access control research under multi-domain data sharing has focused on the use of a centralized architecture, that is, each domain relies on a "centralized" third-party server to perform data operations. However, a centralized architecture will face single points of failure and policy tampering. , issues such as the reliability of authority determination. Blockchain technology provides new ideas for implementing access control systems. Its natural distributed, tamper-proof, open and transparent characteristics, as well as its trusted execution characteristics without third-party endorsement, can effectively solve the problems caused by centralized access control architecture. risks of. However, current access control based on blockchain focuses more on implementation within a single domain. The ledger of a single-chain blockchain architecture is open and transparent to participating nodes, so it cannot handle cross-trust domain data. Cross-domain methods based on blockchain can Scalability and inter-domain privacy are not ideal.

Contents of the invention

To this end, the present invention provides a multi-blockchain-based cross-domain access control method and system, using blockchain technology to establish a low-cost, efficient and trustworthy cross-domain access control mechanism that can ensure inter-domain privacy to solve the problem Existing blockchain access control cannot handle cross-trust domain data, scalability, and inter-domain privacy issues that are not ideal.

According to the design scheme provided by the present invention, a multi-blockchain-based cross-domain access control method is provided, including:

Unregistered users and service providers register their respective attributes into the corresponding business blockchain security domain based on attribute authority, and by calling smart contracts in the domain, the attributes, attribute correspondences, and service provider-defined access control policies are registered in each security domain. On-chain storage is performed on the domain’s access control chain;

The access control chain in the security domain of each business blockchain is deployed to the policy execution client node. Each policy execution client node links the access control chain in the security domain of other business blockchains across domains through the relay chain. The access control chain is The intra-domain smart contract form deploys the attribute authority, policy management point and policy decision point in the ABAC access control model, and the relay chain uses the inter-domain smart contract form to perform inter-domain data transmission;

When the resource requester in the access request domain initiates an intra-domain access request, the policy execution client node uses the access control chain and establishes data exchange between the resource requester and the resource owner by calling the intra-domain smart contract; the resource requester in the access request domain initiates When an inter-domain access request is made, the policy execution client node utilizes the relay chain and establishes the data exchange between the requesting domain resource requester and the target domain resource owner by calling the inter-domain smart contract.

As the multi-blockchain-based cross-domain access control method of the present invention, further, the intra-domain smart contract includes: a policy processing contract function for adding, deleting and updating access control policies, and deleting and updating entity attributes. The attribute processing contract function of the operation, the access control processing contract function used to make judgments on access control by parsing access requests, and the inter-domain data flow for processing cross-domain access control request responses to policy execution client nodes in the access domain Handle contract functions.

As the cross-domain access control method based on multi-blockchains of the present invention, further, the inter-domain smart contract includes: a data conversion contract function for cross-chain data conversion, a routing contract function for cross-chain data routing and forwarding, and Registration contract function for cross-chain identity registration and intra-chain identity mapping of access entities.

As the cross-domain access control method based on multi-blockchain of the present invention, further, each node in the relay chain determines the role type of the current node through the inter-domain smart contract deployed by the node, and the role type in each node is divided into adapters Node role type, routing node role type and registration node role type. Among them, the adapter node role type performs format conversion processing on cross-chain data in the heterogeneous business blockchain security domain based on the data conversion contract function, and the routing node role type is based on the routing contract. The function determines the identity of the routing node and maintains cross-chain routing information on the chain. The registration node role type registers and identifies cross-chain user information based on the registration contract function.

As the multi-blockchain-based cross-domain access control method of the present invention, further, the policy execution client node uses the access control chain and establishes data exchange between the resource requester and the resource owner by calling the smart contract in the domain, including:

First, for the original access control request sent by the resource requester as the access control subject, the policy execution client node parses the original access control request based on the smart contract in the domain and queries the relevant control policy of the access request through the subject-object related attribute list to Determine whether the attributes of the subject and object meet the relevant control policy requirements and conduct a real-time trust assessment of the subject and object based on legitimate user trust management. The original access control request includes the subject's unique identifier, the object's unique identifier and the action required by the subject on the object. The relevant attribute list includes Subject and object attributes, environment attributes and trust attributes representing the current trust relationship between the subject and object;

Then, based on the real-time trust evaluation results, the policy execution client node feeds back the judgment results to the access object, so that the access object responds to the access control request.

As the multi-blockchain-based cross-domain access control method of the present invention, further, the policy execution client node uses the relay chain and establishes data between the requesting domain resource requester and the target domain resource owner by calling the inter-domain smart contract. Exchange, including:

First, for the original access control request sent by the resource requester as the access control subject, the policy execution client node in the corresponding request domain parses the original access control request based on the smart contract in the domain and obtains the subject attribute list, and adjusts the access based on the subject attribute list Control the request and send the adjusted access control request to the relay chain, where the original access control request includes the unique identifier of the requesting domain subject, the unique identifier of the target domain object, and the action requested by the subject on the object;

Next, the relay chain parses the access control request and routes the object based on the inter-domain smart contract to find the target domain policy execution client node and generates the request domain ID and target domain ID. Based on the request domain ID and target domain ID, the relay chain Construct the access control request and send the reconstructed access control request to the target domain policy execution client node;

Then, the target domain policy execution client node parses the access control request and obtains the access object attribute information and the trust attribute representing the current trust relationship between the cross-domain subject and object based on the smart contract in the domain, so as to match the qualified access control policy based on the attributes, and based on Legitimate user trust management conducts real-time trust assessment of subjects and objects;

Finally, based on the real-time trust evaluation results, the target domain policy execution client node feeds back the access control policy matching results to the access object, so that the access object responds to the access control request.

As the multi-blockchain-based cross-domain access control method of the present invention, further, the relay chain parses the access control request and routes the object based on the inter-domain smart contract, including:

By calling the inter-domain smart contract, the access request data related to the access request domain access control chain is converted, the cross-chain requests during the access are routed and forwarded, and the block transaction history of the cross-chain data transactions on the relay chain is processed. Implicit recording, where data conversion includes: removing redundant parameters, extracting cross-chain specific parameters and encapsulating cross-chain specific parameters into cross-chain data transactions, where the cross-chain specific parameters include request domain identification, target domain identification, Subject and object identification, subject attribute information and action information requested by the subject on the shell.

As the multi-blockchain-based cross-domain access control method of the present invention, further routing and forwarding cross-chain requests during access includes: setting up a router blockchain node, and based on the transmission connection requirements of the cross-chain request during access and the router area The routing table in the blockchain is used for routing forwarding. The routing information in the router blockchain is stored in the form of on-chain transactions, so that cross-chain requests can find the relay chain for cross-chain data conversion processing through the existing routing information. node and forward data through the relay chain node.

As the cross-domain access control method based on multi-blockchains of the present invention, further, implicitly recording the block transaction history of cross-chain data transactions on the relay chain also includes: using the simple payment verification SPV algorithm to Verify the authenticity of cross-chain data transactions in the chain. The verification process includes:

First, the relay chain searches for the block where the cross-chain transaction is located based on the cross-chain request identification in the cross-chain data transaction and uses the Bloom filter, and returns the hash authentication path based on the block number. The hash authentication path is determined by the cross-chain transaction. The chain transaction consists of the hash value of the adjacent leaf node of the Merkle subtree and the hash value of the root node of the adjacent subtree;

Then, the source chain performs Merkle proof based on the hash authentication path and the stored relay chain block header information, and determines the true existence of the cross-chain data transaction on the relay chain based on the proof results.

Further, the present invention also provides a cross-domain access control system based on multi-blockchain, including: access control domain, relay chain cross-domain system, access control entity and access control chain, wherein,

Access control domains are divided into access control request domains and access control target domains based on access roles. Access control chains are deployed in each access control domain to control intra-domain and inter-domain access requests;

The relay chain cross-domain system connects nodes in each domain through relay nodes to access the access control chain in each access control domain;

The access control entity consists of an access control subject that uploads domain entity attributes to the intra-domain access control chain and an access control object that uploads custom object access control policies to the intra-domain access control chain;

The access control chain stores the attributes, policies and access behavior records related to the access control mechanism in the ABAC access control model in the form of on-chain transactions;

The specific implementation of this cross-domain access control system:

First, unregistered users and service providers register their respective attributes into the corresponding business blockchain security domain based on attribute authority, and call the smart contract in the domain to register the attributes, attribute correspondences, and service provider-defined access control policies in the domain. On-chain storage is performed on the access control chain of each security domain;

The access control chain in the security domain of each business blockchain is deployed to the policy execution client node. Each policy execution client node links the access control chain in the security domain of other business blockchains across domains through the relay chain. The access control chain is The intra-domain smart contract form deploys the attribute authority, policy management point and policy decision point in the ABAC access control model, and the relay chain uses the inter-domain smart contract form to perform inter-domain data transmission;

When the resource requester in the access request domain initiates an intra-domain access request, the policy execution client node uses the access control chain and establishes data exchange between the resource requester and the resource owner by calling the intra-domain smart contract; the resource requester in the access request domain initiates When an inter-domain access request is made, the policy execution client node utilizes the relay chain and establishes the data exchange between the requesting domain resource requester and the target domain resource owner by calling the inter-domain smart contract.

Beneficial effects of the present invention:

By deploying the access control chain of the attribute-based access control model in each security domain, the present invention decentralizes intra-domain and inter-domain access decisions to the intra-domain access control chain, supports independent authorization within the domain, and realizes fine-grained and traceable access control. The relay chain cross-chain technology is compatible with heterogeneous access control chains in each security domain to realize the forwarding and recording of cross-domain access control information; smart contracts based on cross-domain access control are introduced into the ABAC model in intra-domain and inter-domain access control processes. The policy decision-making contract, policy management contract, attribute authority contract, inter-domain intermediary contract, and the trust evaluation contract of trust management are introduced to realize a trusted cross-domain access control mechanism without third-party access within and between domains; through the relay chain The cross-chain control data forwarding mechanism is based on cross-chain interoperability and SPV data verification algorithms to ensure the security of cross-domain access control data. It can be applied to cross-domain access control scenarios in multi-domain environments and can meet the needs of inter-domain operations in multi-domain environments. Privacy and scalability requirements, with good application prospects.

Picture description:

Figure 1 is a schematic diagram of the cross-domain access control architecture based on multiple blockchains in the embodiment;

Figure 2 is a schematic diagram of the intra-domain access control process in the embodiment;

Figure 3 is a schematic diagram of the intra-domain access control process in the embodiment;

Figure 4 shows the cross-chain interoperability framework based on the relay chain in the embodiment.

Detailed ways:

In order to make the purpose, technical solutions and advantages of the present invention clearer and clearer, the present invention will be described in further detail below in conjunction with the accompanying drawings and technical solutions.

Currently, most blockchain business systems use a single-chain architecture. Data in the overall blockchain network must reach consensus among all nodes before being added to the ledger. This serial approach greatly reduces the throughput of the overall network, so it is not suitable for In multi-domain scenarios where intra-domain and inter-domain access requests are frequent, and each security domain sets different access control policies based on actual needs, it is difficult for a single-chain architecture to process all cross-chain data on an open and transparent chain. In view of the fact that existing blockchain cross-domain access control methods cannot meet inter-domain privacy and scalability requirements in a multi-domain environment, embodiments of the present invention provide a multi-blockchain-based cross-domain access control system, including: access control Domain, relay chain cross-domain system, access control entity and access control chain, among which,

Access control domains are divided into access control request domains and access control target domains based on access roles. Access control chains are deployed in each access control domain to control intra-domain and inter-domain access requests;

The relay chain cross-domain system connects nodes in each domain through relay nodes to access the access control chain in each access control domain;

The access control entity consists of an access control subject that uploads domain entity attributes to the intra-domain access control chain and an access control object that uploads custom object access control policies to the intra-domain access control chain;

The access control chain stores the attributes, policies and access behavior records related to the access control mechanism in the ABAC access control model in the form of on-chain transactions.

As shown in Figure 1, the access control domain is divided into an access control request domain and a target domain based on the access control cross-domain role. Among them, an access control system of an intra-domain blockchain platform is deployed in the domain to be responsible for access within and between domains. Request access control. The Attribute Authority (AA), Policy Administration Point (PAP) and Policy Decision Point (PDP) in the ABAC model can be compiled and deployed in the form of smart contracts, and can be owned and relayed within the domain. The nodes connected by the chain also serve as policy execution clients (PEP Client), responsible for forwarding access requests. If it is an intra-domain access request, the request will be forwarded to the intra-domain access control chain. If it is an out-of-domain access request, it will be forwarded to the relay chain. Obtain access results through the relay chain. Join the trust evaluation contract TEC to realize trust management of legal users and support dynamic access control. The cross-domain system is also called the relay chain cross-chain system. It connects the nodes in each domain through relay nodes to realize the access control blockchain of the relay chain platform in each security domain. Inter-domain data transmission and data conversion are achieved by deploying the intermediary contract ICC. The accessed intra-domain access control chain can also download the relay chain block header data through light nodes for cross-domain data verification. Among the access control entities, the resource user (Data User, DU) serves as the access control subject and is responsible for uploading the attributes of entities in the domain to the access control chain in the domain. Resource owner (Data Owner, DO), the resource owner is the entity that defines the access control object, and the access control policy of the object is defined and uploaded by the resource owner. In the access control chain, each security domain implements the main logic of an access control system based on the ABAC model through smart contracts on the blockchain. The access control chain stores attributes, policies and access behavior records related to the access control mechanism in the form of on-chain transactions. The chain All transactions on the Internet are open, transparent, traceable, and cannot be tampered with. Implementing an intra-domain access control system based on blockchain can reduce the impact of single-point attacks.

Based on the above system architecture, embodiments of the present invention also provide a multi-blockchain-based cross-domain access control method, including:

S101. Unregistered users and service providers register their respective attributes into the corresponding business blockchain security domain based on attribute authority, and register the attributes, attribute correspondences, and service provider-defined access control policies in the domain by calling smart contracts in the domain. The access control chain of each security domain is stored on the chain.

Entities participating in the access process can be divided into access subjects and access objects. The subject is the entity that requests access to services or resources. The object is usually a service provider or resource provider. All entities need to register to participate in access process control.

S102. The access control chain in the security domain of each business blockchain is deployed to the policy execution client node. Each policy execution client node links the access control chain in the security domain of other business blockchains across domains through the relay chain, where access control The chain deploys attribute authority, policy management points and policy decision points in the ABAC access control model in the form of intra-domain smart contracts, and the relay chain uses inter-domain smart contracts to perform inter-domain data transmission.

Among them, the smart contract in the domain includes: policy processing contract functions for adding, deleting and updating access control policies, attribute processing contract functions for deleting and updating entity attributes, and analyzing access requests. Controls the access control processing contract function for making decisions, and the inter-domain data flow processing contract function for processing cross-domain access control request responses to policy execution client nodes in the access domain. The inter-domain smart contract includes: data conversion contract function for cross-chain data conversion, routing contract function for cross-chain data routing and forwarding, and registration contract function for cross-chain identity registration and intra-chain identity mapping of access entities. .

The specific designed functions of each smart contract are shown in Table 1 below.

Table 1 Functions of each smart contract

(a) PAPC is responsible for policy-related operations

DO adds, deletes, and updates the TX _policy in the block by calling the AddPolicy, DeletePolicy, and UpdatePolicy methods in PAPC. PAPC must match the hash value of the DO attribute list with the Pid in the TX _policy . Subsequent deletion operations can only be performed after successful matching.

The QueryPolicy function in PAPC can only be called by PDPC. It queries qualified access control policies based on the AAR provided by PDPC, and returns the queried access control-related policies in the form of a policy set for PDPC to make policy decisions.

(b)AAC is responsible for attribute-related operations

Managers in the security domain implement attribute uploading, deletion, and updating of entities by calling AddAttribute, DeleteAttribute, and UpdateAttribute. AAC understands whether the identity of the contract caller meets the conditions by obtaining the calling smart contract, such as whether the calling smart contract possesses a certain attribute to verify the smart contract. The identity of the contract caller.

PDPC calls the QueryAttribute method of AAC to obtain the attribute relationship. The attribute search operation deconstructs the subject and object attribute lists sent by PEP to PDPC, and returns it to PDPC after the search is successful.

(c) PDPC is responsible for operations related to access control decisions

PDPC is responsible for receiving and parsing the Natural Access Request (NAR) sent by the off-chain PEP client. After parsing the NAR, it obtains the uploaded on-chain attributes and on-chain access control policies. PDPC finally obtains the three access control principles based on the obtained language to make automated access control decisions and return the results to the PEP client.

(d) ICC is responsible for inter-domain data flow processing

ICC is deployed by a cross-domain system, that is, a relay chain cross-chain system, and is responsible for processing cross-domain access control requests and responses sent by PEP clients in the access domain.

Each node in the relay chain can determine the role type of the current node through the inter-domain smart contract deployed by the node, and the role types in each node are divided into adapter node role type, routing node role type and registration node role type. Among them, adapter The node role type performs format conversion processing on cross-chain data in the heterogeneous business blockchain security domain based on the data conversion contract function. The routing node role type determines the identity of the routing node based on the routing contract function and maintains cross-link routing information on the chain, and registers the node. The role type registers and identifies cross-chain user information based on the registration contract function.

S103. When the resource requester in the access request domain initiates an intra-domain access request, the policy execution client node uses the access control chain and establishes data exchange between the resource requester and the resource owner by calling the intra-domain smart contract; the resource request in the access request domain When a requester initiates an inter-domain access request, the policy execution client node uses the relay chain and establishes a data exchange between the requesting domain resource requester and the target domain resource owner by calling the inter-domain smart contract.

Specifically, the policy execution client node uses the access control chain and establishes data exchange between the resource requester and the resource owner by calling the smart contract in the domain. It can be designed to include the following content:

First, for the original access control request sent by the resource requester as the access control subject, the policy execution client node parses the original access control request based on the smart contract in the domain and queries the relevant control policy of the access request through the subject-object related attribute list to Determine whether the attributes of the subject and object meet the relevant control policy requirements and conduct a real-time trust assessment of the subject and object based on legitimate user trust management. The original access control request includes the subject's unique identifier, the object's unique identifier and the action required by the subject on the object. The relevant attribute list includes Subject and object attributes, environment attributes and trust attributes representing the current trust relationship between the subject and object;

Then, based on the real-time trust evaluation results, the policy execution client node feeds back the judgment results to the access object, so that the access object responds to the access control request.

The initialization of the access control process, that is, blockchain network initialization, smart contract deployment and cross-chain system intervention must be completed in advance by the administrator. Before authorization, the subject and object must complete the attribute registration, register the attributes into the attributes of the attribute authority, and call the AddAttribute interface in the AA Contract to register the attribute chain and the hash value of the attribute correspondence on the chain. At the same time, the object owner defines the access control policy P _DO and calls AddPolicy in the PAP Contract to upload the policy. As shown in Figure 2, when the resource and the resource requester are in the same domain, the access control decision is made by the intra-domain access control chain. The detailed steps of intra-domain access control can be described as follows:

(a) The resource requester sends an original access control request (Natural Access Request, NAR) to the PEP client as the access control subject. The NAR parameters include: the subject's unique identifier ID _DU , the object's unique identifier ID _DO , and the subject's requested action T _DO on the object. .

(b) The PEP client passes the NAR to PDPC, and PDPC parses the NAR and obtains the subject and object identifiers and actions in the NAR.

(c) PDPC sends the subject and object identification to AAC, and obtains the relevant attribute list AL stored in the TX _attr on the chain by calling QueryAttribute in AAC, including subject and object attributes, environment attributes and trust attributes representing the current trust relationship between the subject and object.

(d) PDPC combines the returned attribute list into an Attribute Access Request (AAR), then sends the AAR to PAPC for related policy query, and returns the queried TX _policy to PDPC.

(e) PDPC first determines whether the trust attribute meets the policy requirements. After meeting the requirements, it makes an access control decision on the attribute list AL and TX _policy centralized policy P _DO set returned by PAPC and AAC. After the decision is completed, the decision result and access behavior are returned to PEP. The client and TEC, TEC performs real-time trust assessment based on feedback, and the PEP client returns to the object, and the object responds to the access control results.

Specifically, the policy execution client node uses the relay chain and establishes the data exchange between the requesting domain resource requester and the target domain resource owner by calling the inter-domain smart contract, which can be designed to include the following content:

First, for the original access control request sent by the resource requester as the access control subject, the policy execution client node in the corresponding request domain parses the original access control request based on the smart contract in the domain and obtains the subject attribute list, and adjusts the access based on the subject attribute list Control the request and send the adjusted access control request to the relay chain, where the original access control request includes the unique identifier of the requesting domain subject, the unique identifier of the target domain object, and the action requested by the subject on the object;

Next, the relay chain parses the access control request and routes the object based on the inter-domain smart contract to find the target domain policy execution client node and generates the request domain ID and target domain ID. Based on the request domain ID and target domain ID, the relay chain Construct the access control request and send the reconstructed access control request to the target domain policy execution client node;

Then, the target domain policy execution client node parses the access control request and obtains the access object attribute information and the trust attribute representing the current trust relationship between the cross-domain subject and object based on the smart contract in the domain, so as to match the qualified access control policy based on the attributes, and based on Legitimate user trust management conducts real-time trust assessment of subjects and objects;

Finally, based on the real-time trust evaluation results, the target domain policy execution client node feeds back the access control policy matching results to the access object, so that the access object responds to the access control request.

As shown in Figure 3, the relay chain, as a cross-domain platform, serves as a link between two domains based on blockchain access control, realizing the forwarding of cross-domain access control data. The inter-domain access control process is as follows:

(a) The subject sends a cross-domain NaturalAccess Request (C-NAR) to the requesting domain PEP client. C-NAR will change the parameters according to the specific situation. The one in the request domain is called C-NAR1. The request parameters include: the unique identifier C-UID _DU of the subject in the request domain, the unique identifier C-UID _DO of the object in the target domain and the action T _DO requested by the subject on the object.

(b) The PEP client in the requesting domain requests the attribute list of the access subject from the AAC of this domain. After receiving the returned attribute list, the PEP client sends the changed C-NAR2 to the ICC on the relay chain. The C-NAR2 request parameters include : The request domain subject’s unique identifier C-UID _DU and subject attribute information AL _DU , the unique identifier of the target domain object C-UID _DO , and the subject requires the action T _DO on the object.

(c) Cross-domain system, that is, in the relay chain cross-chain system, the ICC receives the cross-domain unified identity of the object in the C-NAR and performs routing addressing on the C-UID _DO . After finding the PEP client of the target domain, it re- Constitute C-NAR3, the parameters include: source domain identifier L _DU , target domain identifier L _DO , request domain subject unique identifier C-UID _DU and subject attribute information AL _DU , target domain object unique identifier C-UID _DO , subject requirements for The object's action T _DO .

(d) After the PEP client in the target domain receives the successfully addressed C-NAR3, it generates a new C-NAR4. The parameters include: source domain identifier L _DU , request domain subject unique identifier C-UID _DU and subject attribute information. AL _DU , the unique identifier of the target domain object C-UID _DO , the subject requires the action T _DO on the object. Send C-NAR4 to PDP for access control decision.

(e) The PDPC in the target domain will first be passed to the C-UID _DU , and the C-UID _DO will be sent to the AAC of this domain to obtain the object attribute information and the trust attribute representing the current trust relationship between the cross-domain subject and object. PDPC generates an AAR for all the passed attribute information and sends it to the target domain. PAPC matches the qualified access control policy set. PAPC returns to PDPC after finding the qualified access control policy set.

(f) The target domain PDPC makes a centralized decision on the access control policy set and returns the decision result to the target domain PEP client. The target domain client then passes the decision result to the ICC. The return parameter is: Request domain subject unique identifier C-UID _DU , the unique identifier C-UID _DO of the target domain object and the access control result.

Among them, the relay chain parses access control requests and routes objects based on inter-domain smart contracts, which can include:

By calling the inter-domain smart contract, the access request data related to the access request domain access control chain is converted, the cross-chain requests during the access are routed and forwarded, and the block transaction history of the cross-chain data transactions on the relay chain is processed. Implicit recording, where data conversion includes: removing redundant parameters, extracting cross-chain specific parameters and encapsulating cross-chain specific parameters into cross-chain data transactions, where the cross-chain specific parameters include request domain identification, target domain identification, Subject and object identification, subject attribute information and action information requested by the subject on the shell.

Routing and forwarding of cross-chain requests during access can be designed to include: setting up router blockchain nodes, and routing and forwarding based on the transmission connection requirements of cross-chain requests during access and the routing table in the router blockchain, where the router block The routing information in the chain is stored in the form of on-chain transactions, so that cross-chain requests can use the stored routing information to find the relay chain node for cross-chain data conversion processing and forward the data through the relay chain node.

The current centralized cross-domain access control mechanism uniformly forwards cross-domain control information through third-party servers outside the security domain, which cannot guarantee the traceability and auditability of cross-domain information. Moreover, the blockchain-based access control of each security domain Because the system has not negotiated the consistency of the platform in advance, it cannot directly exchange data across chains. For this reason, in the embodiment of this case, a cross-chain control information forwarding mechanism is implemented based on the relay chain, and the parallel data in each security domain is processed through the relay chain. Heterogeneous chains are compatible while ensuring the security, trustworthiness and auditability of cross-domain access control. Among them, the cross-chain interoperability framework based on the relay chain is shown in Figure 4, which can be composed of the following three parts:

(a) Parallel chain: Parallel chain plays the role of requester and receiver of cross-chain operations in cross-chain control information exchange, and is responsible for implementing business systems in each trust domain. Each parachain is an independent blockchain network, but in order to be able to link heterogeneous blockchain platforms, the parachain can not only use on-chain smart contracts to achieve self-auditing, but also verify through SPV-based data verification algorithms. The locally stored relay chain transaction block header proves the authenticity of the cross-chain request information in the block header to achieve trustworthy auditing between chains. The mode of linking parallel chains through relay chains can connect multiple independent blockchains running in parallel, forming a "rope-like structure" to enhance cross-chain interoperability between blockchains and support cross-domain applications. Implemented in the form of cross-chain.

(b) Relay chain: As the main chain linking each parallel blockchain, the relay chain is responsible for data conversion, analysis and routing forwarding of cross-chain requests sent by nodes on the parallel chain to realize data transfer between chains. At the same time, the relay chain implicitly records every transaction passed by each parachain. Each parachain client can perform transaction verification based on the block header data stored in the relay chain and access each parachain, using SPV for transaction verification. . The architecture is shown in Figure 4. The nodes on the relay chain are mainly divided into three types of roles, namely adapter nodes, routing nodes and registration nodes. The roles of nodes on the relay chain are not fixed and can be concurrently held. The node deployment smart contract is mainly used to determine a certain node. The role played by the time node. The adapter node connects the parallel chain and the relay chain, allowing transactions to be sent and querying different types of blockchain protocols and networks. It can process cross-chain data formats on heterogeneous blockchains by deploying a Data Conversion Contract (DCC). , such as parsing, storing and converting cross-chain data primitives sent using the Goland-based chain code in Fabric; the routing node implements inter-chain routing addressing and routing forwarding, through the deployment of routing contracts (Router Contract) on the relay chain , RC) to determine the identity of the routing node. At the same time, the routing node is responsible for maintaining cross-link routing information on the chain; the registration node is also the node on the overall relay chain responsible for registering information for cross-chain users, and each user is registered through a unified user identity. Make identification.

(c) Cross-chain transaction entities: Mainly divided into source chain requesters and target chain recipients. Cross-chain transaction entities can be any chain in heterogeneous parallel chains deploying cross-chain smart contracts, but it must be ensured that all cross-chain transaction entities have Unified cross-chain identity.

The design of the inter-domain smart contract on the relay chain can be described as follows:

(a) Data conversion contract DCC

The blockchain is a closed and independent system, and the blockchain-based application system platforms in different security domains are unknown to each other before using the relay chain to link, so there is a problem of transaction incompatibility on the blockchain. In order to realize the connection between chains, a specific role must be added as the connecting party to facilitate the exchange of information between the two parties. The adapter node is responsible for the information exchange between the relay chain and the parallel chain, and the DCC deployed on the adapter node is mainly responsible for the conversion of cross-chain data, that is, parsing, modifying and encapsulating the cross-chain data passed from the parallel chain. DCC is first responsible for parsing the cross-chain information sent by the parallel chain, converting and removing redundant parameters such as block height, and only obtaining specific cross-chain parameters, such as subject and object identifiers in cross-chain access control requests and other specific information. Then the specific content is encapsulated into a cross-chain transaction. All operations on the relay chain, except routing table information, are performed through cross-chain transactions. Among them, DCC encapsulates the specific content after data conversion into a cross-chain transaction to encapsulate the cross-chain data. Transactions, the specific information of cross-chain data transactions can be expressed as:

TX _cross-chain ={SourceChainID,DestinationChainID,Type,Txid,Timestamp,Content}

Among them, SourceChai-nID is the source chain ID, DestinationChainID is the target chain ID, Type is the cross-chain transaction type, which can be an access control class, Txid is the unique identifier of the transaction, or it can be other transaction types, and Timestamp generates timestamps for cross-chain transactions. , Content is the encapsulated specific content passed from the parachain.

(b) Routing contract RC

Blockchain routing can use some blockchain entities or nodes as routers to send requests between different blockchain networks. In the blockchain router network, the blockchain acts as a router, analyzing and transmitting according to the communication protocol. Connection requests,preserving the dynamic communication layout of the blockchain,network. In this method, we choose to use a smart contract, that is, use a routing contract for routing and forwarding to ensure that cross-chain data can find the adapter node linked to the parallel chain through the existing routing information, and then unpack and process the data through the adapter node. Forwarding, where routing transactions are transmitted by router nodes based on routing tables written in the router blockchain. Routing information is stored in the form of on-chain transactions, specifically expressed as follows:

TX _Routing ={BlockchainID,Pority,Timestamp,AdapterAddr}

Among them, Block-chainID is the unique identifier of the blockchain application system, Portity is the routing priority, the one with the highest priority contains the latest blockchain information connected to the cross-chain system, Timestamp is the timestamp generated by the routing information, and Address is the connection. The adapter node address of the blockchain network.

(3)Registration Contract RCC

The registration contract is responsible for uniformly mapping entities' accounts in each chain to facilitate cross-chain management. Users can perform cross-chain identity registration and intra-chain identity mapping by calling the registration function on the RCC contract.

According to the above contract, the data conversion algorithm on the relay chain is shown in Table 2 below:

Table 2 is based on relay chain data exchange

Among them, the simple payment verification SPV algorithm is used to verify the authenticity of cross-chain data transactions in the relay chain. The verification process can be designed to include the following:

First, the relay chain searches for the block where the cross-chain transaction is located based on the cross-chain request identification in the cross-chain data transaction and uses the Bloom filter, and returns the hash authentication path based on the block number. The hash authentication path is determined by the cross-chain transaction. The chain transaction consists of the hash value of the adjacent leaf node of the Merkle subtree and the hash value of the root node of the adjacent subtree;

Then, the source chain performs Merkle proof based on the hash authentication path and the stored relay chain block header information, and determines the true existence of the cross-chain data transaction on the relay chain based on the proof results.

The relay chain is responsible for data conversion of accessed heterogeneous parallel chains and routing and forwarding of cross-chain requests. At the same time, the sent cross-chain transactions are implicitly recorded in the block transaction history on the relay chain, but they are different. The construction chain cannot determine whether the cross-chain transaction sent is completely processed in the relay blockchain. In this case, each parallel chain needs to verify that the submitted cross-chain transaction is on the relay chain through the cross-chain transaction verification algorithm. The reality of existence. Simple Payment Verification (SPV) is a data existence verification algorithm based on the Merkle tree structure. In the block body, each transaction is mounted on a leaf node of the Merkel tree. The user only needs to save the block header information of each block to complete the payment verification of a certain transaction (its essence is verification Whether the block in which a certain transaction is located is a consensus block). Based on this, in the embodiment of this case, the SPV algorithm is chosen to verify the existence authenticity of transactions on the storage relay chain. The pseudo code of the SPV-based data verification algorithm can be shown in Table 3 below:

Table 3 Cross-chain data existence verification algorithm based on SPV

After the node sends a cross-chain request, it will receive the CCId, that is, the CCId is stored in the form of a leaf node in the Merkle binary hash tree. The parachain first sends the CCId to the relay chain. The relay chain quickly queries the block where the transaction is located through the Bloom filter. The relay chain returns the hash value sum of the adjacent leaf nodes of the subtree where the transaction is based on the block number. A hash authentication path composed of the hash value of the root node of the adjacent subtree; after the source link receives the hash authentication path, it performs Merkle proof based on the stored relay chain block header information. If the proof is successful, it means that the cross-chain transaction is in the relay exists on the chain.

In view of the fact that the existing blockchain cross-domain access control scheme cannot meet the inter-domain privacy and scalability requirements in a multi-domain environment, in the embodiment of this case, an access control chain based on attribute-based access control models is deployed in each security domain. and inter-domain access decisions are delegated to the intra-domain access control chains, supporting independent authorization within the domain to achieve fine-grained and traceable access control. The heterogeneous access control chains in each security domain are linked through the relay chain to realize cross-domain access requests. Forwarding and recording of responses; designing smart contracts that support cross-domain access control, by introducing intra-domain policy decision-making contracts, policy management contracts, attribute authority contracts, trust evaluation contracts and inter-domain intermediary contracts into the intra-domain and inter-domain access control processes. Trusted cross-domain access control process without third-party access within and between domains; and by designing forwarding smart contracts on the relay chain and SPV-based cross-chain data existence algorithm to ensure cross-chain auditability and verifiability , can be applied to cross-domain access control scenarios in multi-domain environments, and can meet inter-domain privacy and scalability requirements in multi-domain environments.

Unless otherwise specifically stated, the relative order of components and steps, numerical expressions, and numerical values set forth in these examples do not limit the scope of the invention.

Each embodiment in this specification is described in a progressive manner. Each embodiment focuses on its differences from other embodiments. The same and similar parts between the various embodiments can be referred to each other. As for the system disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple. For relevant details, please refer to the description in the method section.

The units and method steps of each example described in conjunction with the embodiments disclosed herein can be implemented with electronic hardware, computer software, or a combination of both. In order to clearly illustrate the interchangeability of hardware and software, in the above description The composition and steps of each example have been generally described in terms of function. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Persons of ordinary skill in the art may use different methods to implement the described functions for each specific application, but such implementations are not considered to be beyond the scope of the present invention.

Those of ordinary skill in the art can understand that all or part of the steps in the above method can be completed by instructing relevant hardware through a program. The program can be stored in a computer-readable storage medium, such as a read-only memory, a magnetic disk or an optical disk. Optionally, all or part of the steps of the above embodiments can also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the above embodiments can be implemented in the form of hardware, or can also be implemented in the form of software function modules. Form realization. The invention is not limited to any particular form of combination of hardware and software.

Finally, it should be noted that the above-mentioned embodiments are only specific implementations of the present invention and are used to illustrate the technical solution of the present invention rather than to limit it. The protection scope of the present invention is not limited thereto. Although refer to the foregoing The embodiments illustrate the present invention in detail. Those of ordinary skill in the art should understand that any person familiar with the technical field can still modify the technical solutions recorded in the foregoing embodiments within the technical scope disclosed by the present invention. It may be easy to think of changes, or equivalent substitutions of some of the technical features; and these modifications, changes or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention, and they should all be included in the present invention. within the scope of protection. Therefore, the protection scope of the present invention should be determined by the protection scope of the claims.

Claims (10)

1. A multi-blockchain-based cross-domain access control method, comprising:

registering each attribute to a corresponding service block chain security domain by an unregistered user and a service provider based on attribute authority, and performing uplink storage on access control chains of each security domain by calling an intra-domain intelligent contract to store the attribute, the attribute corresponding relation and a service provider self-defined access control policy;

the access control links in the security domains of the business block chains are deployed to policy execution client nodes, and the policy execution client nodes cross-domain link the access control links in the security domains of other business block chains through relay links, wherein the access control links deploy attribute authorities, policy management points and policy decision points in an ABAC access control model in an intra-domain intelligent contract form, and the relay links execute inter-domain data transmission in an inter-domain intelligent contract form;

when a resource requester in an access request domain initiates an intra-domain access request, a policy execution client node establishes data exchange between the resource requester and a resource owner by using an access control chain and calling an intra-domain intelligent contract; when a resource requester in an access request domain initiates an inter-domain access request, a policy execution client node establishes data exchange between the request domain resource requester and a target domain resource owner by using a relay chain and by calling an inter-domain intelligent contract.

2. The multi-blockchain-based cross-domain access control method of claim 1, wherein the intra-domain intelligence contract comprises: a policy handling contract function for performing add, delete and update operations on access control policies, an attribute handling contract function for performing delete and update operations on entity attributes, an access control handling contract function for deciding access controls by parsing access requests, and an inter-domain data flow handling contract function for performing cross-domain access control request response handling for policy enforcement client nodes within an access domain.

3. The multi-blockchain-based cross-domain access control method of claim 1 or 2, wherein the inter-domain intelligence contract comprises: a data conversion contract function for cross-link data conversion, a routing contract function for cross-link data routing forwarding, and a registration contract function for cross-link identity registration and intra-link identity mapping of access entities.

4. The multi-blockchain-based cross-domain access control method according to claim 3, wherein each node in the relay chain determines that the current node plays a role type through an inter-domain intelligent contract deployed by the node, the role type in each node is divided into an adapter node role type, a routing node role type and a registration node role type, wherein the adapter node role type performs format conversion processing on cross-link data on a heterogeneous service blockchain security domain based on a data conversion contract function, the routing node role type determines routing node identity and maintains cross-link routing information on the chain based on a routing contract function, and the registration node role type performs registration identification on cross-link user information based on a registration contract function.

5. The multi-blockchain-based cross-domain access control method of claim 1, wherein the policy enforcement client node establishes the exchange of data between the resource requester and the resource owner using the access control chain and by invoking an intra-domain intelligence contract, comprising:

firstly, aiming at an original access control request sent by a resource requester as an access control subject, a policy execution client node analyzes the original access control request based on an intra-domain intelligent contract and inquires about a relevant control policy of the access request through a host-guest relevant attribute list so as to judge whether the attribute of a host-guest meets the requirements of the relevant control policy and perform real-time trust evaluation on the host-guest based on legal user trust management, wherein the original access control request comprises a host unique identifier, a guest unique identifier and actions of the host-guest required by the host, and the relevant attribute list comprises the attribute of the host-guest, the environmental attribute and a trust attribute representing the current trust relationship of the host-guest;

and then, based on the real-time trust evaluation result, the policy execution client node feeds back the judgment result to the access object so that the access object responds to the access control request.

6. The multi-blockchain-based cross-domain access control method of claim 1, wherein the policy enforcement client node establishes the exchange of data between the requesting domain resource requester and the target domain resource owner using the relay chain and by invoking an inter-domain intelligence contract, comprising:

firstly, aiming at an original access control request sent by a resource requester as an access control subject, a policy execution client node in a corresponding request domain analyzes the original access control request based on an intra-domain intelligent contract and acquires a subject attribute list, and adjusts the access control request based on the subject attribute list and sends the adjusted access control request to a relay chain, wherein the original access control request comprises a request domain subject unique identifier, a target domain subject unique identifier and a subject requirement to the action of the subject;

then, the relay chain analyzes the access control request and carries out routing addressing on the object based on the inter-domain intelligent contract so as to find a target domain policy execution client node and generate a request domain identifier and a target domain identifier, reconstruct the access control request based on the request domain identifier and the target domain identifier and send the reconstructed access control request to the target domain policy execution client node;

Then, the target domain policy execution client node analyzes the access control request, acquires access object attribute information and trust attributes representing the current trust relationship of the cross-domain host and guest based on the intra-domain intelligent contract, so as to match the access control policy meeting the conditions based on the attributes, and carries out real-time trust evaluation on the host and guest based on legal user trust management;

and finally, based on the real-time trust evaluation result, the target domain policy execution client node feeds back the access control policy matching result to the access object so as to enable the access object to respond to the access control request.

7. The multi-blockchain-based cross-domain access control method of claim 6, wherein the relay chain parses the access control request and routes the object based on the inter-domain smart contract, comprising:

performing data conversion on access request data related to an access control chain of a request domain accessed by calling an inter-domain intelligent contract, performing route forwarding on a cross-chain request in access, and performing implicit recording on block transaction history of a cross-chain data transaction on a relay chain, wherein the data conversion comprises: removing redundant parameters, extracting cross-chain specific parameters and packaging the cross-chain specific parameters into cross-chain data transactions, wherein the cross-chain specific parameters comprise request domain identification, target domain identification, main client identification, main body attribute information and action information of main body requirements on a shell.

8. The multi-blockchain-based cross-domain access control method of claim 7, wherein routing the access mid-cross-chain request includes: setting a router blockchain node, and carrying out route forwarding according to the transmission connection requirement of the cross-link request and a routing table in the router blockchain, wherein the routing information in the router blockchain is stored in a form of on-link transactions, so that the cross-link request searches a relay link node for cross-link data conversion processing through the stored routing information and carries out data forwarding through the relay link node.

9. The multi-blockchain-based cross-domain access control method of claim 7, wherein implicitly recording a blocktransaction history of a cross-chain data transaction on a relay chain further comprises: verifying the authenticity of the cross-chain data transaction in the relay chain by using a simple payment verification SPV algorithm, wherein the verification process comprises the following steps:

firstly, a relay chain searches a block where a cross-chain transaction is located through a bloom filter according to a cross-chain request identifier in the cross-chain data transaction, and returns a hash authentication path according to a block number, wherein the hash authentication path consists of hash values of adjacent leaf nodes of a Merkle subtree where the cross-chain transaction is located and root node hash values of adjacent subtrees;

Then, the source chain performs Merkle certification according to the hash certification path and the stored relay chain block head information, and judges the real existence of the cross-chain data transaction on the relay chain according to the certification result.

10. A multi-blockchain based cross-domain access control system, comprising: an access control domain, a relay link cross-domain system, an access control entity and an access control link, wherein,

the access control domain is divided into an access control request domain and an access control target domain according to access roles, and each access control domain is provided with an access control chain for controlling access requests in the domain and between domains;

the relay chain cross-domain system is connected with nodes in each domain through relay nodes so as to access control chains in each access control domain;

the access control entity consists of an access control subject uploading the intra-domain entity attribute to an intra-domain access control chain and an access control object uploading the custom object access control policy to the intra-domain access control chain;

an access control chain for storing related attributes, strategies and access behavior records of an access control mechanism in an ABAC access control model in a form of on-chain transactions;

the cross-domain access control system is specifically implemented in the following steps:

Firstly, registering respective attributes of unregistered users and service providers into corresponding service block chain security domains based on attribute authorities, and storing the attributes, attribute corresponding relations and access control strategies defined by the service providers in a uplink manner on access control chains of the security domains by calling intra-domain intelligent contracts;

the access control links in the security domains of the business block chains are deployed to policy execution client nodes, and the policy execution client nodes cross-domain link the access control links in the security domains of other business block chains through relay links, wherein the access control links deploy attribute authorities, policy management points and policy decision points in an ABAC access control model in an intra-domain intelligent contract form, and the relay links execute inter-domain data transmission in an inter-domain intelligent contract form;

when a resource requester in an access request domain initiates an intra-domain access request, a policy execution client node establishes data exchange between the resource requester and a resource owner by using an access control chain and calling an intra-domain intelligent contract; when a resource requester in an access request domain initiates an inter-domain access request, a policy execution client node establishes data exchange between the request domain resource requester and a target domain resource owner by using a relay chain and by calling an inter-domain intelligent contract.