CN113194469B - 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain - Google Patents

Abstract

The invention discloses a 5G unmanned aerial vehicle cross-domain identity authentication method, a system and a terminal based on a block chain, relating to the technical field of unmanned aerial vehicles, and the key points of the technical scheme are as follows: initiating a transfer transaction with the additional information being a communication connection request; sending an identity authentication request to the alliance chain according to the communication connection request; the alliance chain calls a built-in intelligent contract to search access control information and a registration validity period of the domain A equipment according to the identity authentication request; performing hash processing on the identity identifier in the account information to obtain a second hash value, and matching the second hash value with the first hash value; and the domain B equipment establishes communication connection after carrying out session key negotiation with the domain A equipment according to the identity legal information. The identity authentication of the cross-domain unmanned aerial vehicle under the distributed environment is realized by using the multi-signature intelligent contract, only one transaction needs to be submitted to the block chain for one-time authentication, and compared with the traditional authentication mode using a digital certificate, the identity authentication is completed with smaller communication overhead.

Description

Blockchain-based 5G drone cross-domain identity authentication method, system and terminal

technical field

The invention relates to the technical field of unmanned aerial vehicles, and more particularly, to a method, system and terminal for cross-domain identity authentication of 5G unmanned aerial vehicles based on blockchain.

Background technique

UAVs are unmanned remote control aircraft controlled by radio remote control equipment or self-provided program control devices. According to the application fields, they are divided into military and civilian use, and can be used in scientific research, site exploration, military, and recreational purposes. In recent years, drones have grown significantly in the global market and are widely used in construction, oil, natural gas, energy, agriculture, disaster relief and other fields.

With the development of wireless communication technology, the 5G era has arrived. 5G technology is a new generation of cellular mobile communication technology that can provide low-latency, high-speed, and high-reliability communication services, which can make UAV data transmission more stable and with lower latency. However, the 5G environment is an open network environment and faces various security threats. Unreliable communication links may lead to the leakage of sensitive data, so identity authentication is particularly important. In view of the mobility of UAVs and the heterogeneity of UAV networks, traditional authentication methods based on passwords or usernames can no longer meet the authentication security requirements in a distributed environment. At the same time, the failure of the single-node authentication server will face service paralysis. In addition, UAV tasks may require the cooperation of multiple enterprises. How to safely and effectively cooperate with UAVs in cross-enterprise domains has become a major problem, and how to establish a safety responsibility mechanism also needs to be solved urgently.

Therefore, how to research and design a blockchain-based 5G drone cross-domain identity authentication method, system and terminal is an urgent problem we need to solve at present.

SUMMARY OF THE INVENTION

In order to solve the deficiencies in the prior art, the purpose of the present invention is to provide a blockchain-based 5G drone cross-domain identity authentication method, system and terminal.

The above-mentioned technical purpose of the present invention is achieved through the following technical solutions:

In the first aspect, a blockchain-based 5G drone cross-domain identity authentication method is provided, including the following steps:

The domain A device initiates a transfer transaction with the additional information as a communication connection request to the domain B device;

Server B caches the account information of the device in domain A, connects to the alliance chain according to the alliance chain account of server B, and sends an identity authentication request to the alliance chain according to the communication connection request;

The alliance chain calls the built-in smart contract according to the identity authentication request to find the access control information and registration validity period of the device in domain A, and returns the query result after completing the ledger query; the query result shows that the device in domain A is completed in domain B of the drone to which the device in domain B belongs. When registered and the time is valid, the query result indicates that the identity of the domain A device is valid;

After receiving the valid identity feedback, server B hashes the identity identifier in the account information to obtain a second hash value, and matches the second hash value with the first hash value returned by the smart contract to obtain a matching result, and When the matching result shows that the matching is successful, output legal identity information;

The domain B device establishes a communication connection after negotiating the session key with the domain A device according to the legal identity information, and adds the transaction to the new block after reaching a consensus, and returns the transaction identifier to the domain A device and updates the consortium chain of server B. account balance.

Further, the smart contract adopts multi-signature deployment with threshold (t, n), where n is the total number of members of the alliance chain and t is the number of valid signatures;

The server in the drone domain performs multi-signature deployment as a signature participant, and the signature participants include message senders, signers, signature collectors and verifiers;

The server in the drone domain acts as a signature collector and verifier to collect and verify the signatures of other consortium chain members. The specific steps are as follows: the message sender sends the message to be signed to each signer at the same time for signature; the signer will sign The message is sent to the signature collector; the collector organizes the signed message and sends it to the signature verifier for multi-signature validity verification.

Further, the smart contract includes a registration contract and a cancellation contract;

The registration contract is used to determine the validity of the signature, and when the signature is valid, the device information and registration information are written into the access control table where the signature field in the contract is located, and the status update is completed in the alliance chain;

The cancellation contract is used to add the identity information of the corresponding device to the cancellation contract for cancellation when an abnormality of the device in the network is detected and it is permanently unavailable.

Further, the registration of the domain A device or the domain B device includes local registration and global registration;

The domain device sends a local registration request to the key generation center of the domain to which it belongs; the key generation center checks whether the corresponding domain device already has the corresponding device information in the private chain. Register locally and get a private chain account;

After the local registration is completed, the secret key generation center initializes the domain device to obtain the private identifier of the domain device; the secret key generation center sends a global registration request to the alliance chain according to the private chain account to register the corresponding domain device to obtain the alliance chain account, and at the same time, the private identification Perform hashing to obtain the first hash value.

Further, the global registration includes same-domain registration and cross-domain registration;

The same-domain registration is a domain device requesting registration from the key generation center in the domain to which it belongs;

Cross-domain registration is a domain device requesting registration from key generation centers in other domains.

Further, the specific process of finding the access control information and registration validity period of the device in domain A through the smart contract is as follows:

The domain A device sends a query request to check whether the alliance chain account has valid registration information in the drone domain B;

If the registration information has expired, the key generation center of the domain to which the device belongs to the entrusted domain A submits a validity period update request to the key generation center in the drone domain B;

The key generation center in the drone domain B generates a signature and sends it to the key generation center in the domain to which the device in domain A belongs;

The secret key generation center of the domain to which the domain A device belongs calls the identity update algorithm to complete the registration update.

Further, the process of the session key negotiation is specifically:

The domain A device and the domain B device exchange the public keys PK _i and PK _j obtained after the registration of the alliance chain and the public keys pk _i and pk _j distributed by the secret key generation center;

The domain A device randomly selects the random number r _i , performs asymmetric encryption with the public key PK _j of the domain B device according to the random number _ri to obtain the ciphertext c, and sends the ciphertext c to the domain B device; The key SK _j runs the symmetric decryption algorithm to decrypt the ciphertext c, and extracts the random number _{ri and the time stamp t i ;}

The domain B device randomly selects a random number r _j , performs asymmetric encryption with the public key PK _i of the domain A device according to the random number r _j to obtain the ciphertext c', and sends the ciphertext c' to the domain A device; the domain A device Run the symmetric decryption algorithm through the private key SK _i to decrypt and extract the ciphertext c' to obtain the random number r _j and the time stamp t _i ;

The domain A device and the domain B device use the random number r _i and the random number r _j as the input of the key generator to obtain the session key.

Further, the identity authentication method also includes local authentication, and the specific steps of local authentication are:

The server detects and collects activity information of domain devices active in the network;

Compare the identity of the activity information with the device information on the private chain. If the identity comparison result shows that the corresponding domain device is abnormal, broadcast the identity information of the domain device to other domains and add it to the cancellation contract.

A second aspect provides a blockchain-based 5G drone cross-domain identity authentication system for implementing the blockchain-based 5G drone cross-domain identity authentication method described in any one of the first aspects, Including multiple drone domains and alliance chains formed by deploying smart contracts in multiple drone domains;

Each drone domain is configured with a unique key generation center, at least one server, a private chain, and multiple domain devices;

Domain devices are connected through D2D link network communication, and domain devices and servers are connected through D2B link network communication.

In a third aspect, a computer terminal is provided, comprising a memory, a processor and a computer program stored in the memory and executable on the processor, when the processor executes the program, any one of the first aspect can be implemented. The blockchain-based 5G drone cross-domain identity authentication method described above.

Compared with the prior art, the present invention has the following beneficial effects:

1. The present invention is based on the consortium blockchain, and realizes the identity authentication of cross-domain drones in a distributed environment by using multi-signature smart contracts. One authentication only needs to submit a transaction to the blockchain. The digital certificate authentication method completes identity authentication with less communication overhead.

2. In the present invention, the delay brought by the network node verification in the blockchain transaction is low, which is a millisecond-level delay.

3. The present invention has strong flexibility due to the use of smart contracts to manage the identity of the drone, can improve management efficiency, and can effectively solve the problems of single node failure and distributed denial of service attacks.

4. The blockchain ledger of the present invention is a distributed ledger, and there are multiple backups in network nodes. The ledger data has integrity, authenticity, and non-repudiation. The behavior of the drone is recorded on the blockchain, which can be established. An effective accountability mechanism. If a drone does evil, it can be retrospectively held accountable by consulting the records on the blockchain.

5. The 5G network used in the present invention has the advantages of large bandwidth, low delay, and high reliability. When it is applied to the communication of drones, the data transmission rate can be greatly improved.

Description of drawings

The accompanying drawings described herein are used to provide further understanding of the embodiments of the present invention, and constitute a part of the present application, and do not constitute limitations to the embodiments of the present invention. In the attached image:

1 is a system architecture diagram in an embodiment of the present invention;

2 is a schematic diagram of an access control table in an embodiment of the present invention;

3 is a flowchart of global registration in an embodiment of the present invention;

4 is a flowchart of session key negotiation in an embodiment of the present invention;

FIG. 5 is a flowchart of cross-domain authentication in an embodiment of the present invention.

Detailed ways

In order to make the purpose, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the embodiments and the accompanying drawings. as a limitation of the present invention.

Example 1: The blockchain-based 5G drone cross-domain identity authentication method, as shown in Figure 1, is specifically implemented by four steps of system initialization, identity management, session key negotiation, and identity authentication.

It should be noted that the key generation center and the edge server in this embodiment are both configured as a kind of server, and the key generation center and the edge server cooperate to form a domain administrator, serving as the manager of the enterprise to which the drone belongs and the maintenance of the alliance chain. The role of the administrator is responsible for the management of local equipment and the construction and maintenance of blockchain nodes.

1. System initialization

System initialization includes domain initialization, KGC initialization, private chain construction, alliance chain construction, and deployment of smart contracts.

其中私钥

由KGC随机选择，公钥

1. Domain initialization, the KGC of each domain generates a public and private key pair for the domain to which it belongs

where the private key

Randomly selected by KGC, public key

2. KGC initialization, KGC initialization parameters required to generate secret keys and identity credentials.

3. Private chain construction. Private chain belongs to a type of blockchain, also known as permission chain. The read and write permissions are controlled by a single enterprise or organization. Only authorized nodes can participate and view data. Responsible for building. The private chain implements encrypted auditing, which is convenient for auditing work, and the source can be found in time after errors.

4. Consortium chain construction. The consortium chain is also a permissioned chain. Only authorized nodes can access and view block data, which is a partially decentralized distributed ledger. One node is deployed in each domain to build a consortium chain network.

5. Deploy smart contracts and participate in the domain of the system. Through public election, a domain deployment contract is selected. This contract is a multi-signature contract and is jointly maintained by all domains participating in the system.

2. Blockchain-based drone identity management

As 5G drones become more widely used, effective and efficient identity management is critical. Centralized identity management may bring huge management costs, and the distributed nature of blockchain can simplify the way of identity management and reduce management costs. In addition, the blockchain is tamper-proof and non-repudiation, and the blockchain users interact anonymously. If applied in the field of drones, the privacy of drones can be protected. Blockchain-based drone identity management includes two parts: private chain identity management and alliance chain identity management. The drone is first registered in the private chain, and then registered in the alliance chain by the administrator of the domain to which it belongs.

Identity management of drones and smart terminal devices includes registration, logout, and update.

1. Multi-signature construction process with threshold.

The present invention uses broadcast multiple digital signatures with a threshold of (t, n), the message sender sends the message to be signed to each signer for signature at the same time, and then the signer sends the signed message to the signature collector, and the collector verifies the signature The message is sorted and sent to the signature verifier for multi-signature validity verification. Members participating in the multi-signature include: the signature request initiator is also the sub-secret distributor UI, the signed enterprise domain U _i (i=1, 2, . . . , n), the signature set collector UC, and the signature verifier UV. Each domain has its own domain identifier GID _i (i=1, 2, . The contract creation request initiator broadcasts the compiled bytecode σ of the contract to other domains U _i (i=1, 2, ...) participating in the signature, and σ will be used as a multi-signature object. The construction process of multi-signature is as follows.

作为秘钥影子交付给秘密分发者UI，UI必须确认每个参与者的秘密影子不能重复，即

其中i≠j。若发现相同秘钥影子，则需要参与者重新选择私钥

并重新发送秘钥影子给UI。UI随机选择秘密k∈Z_p，公布秘密影子K＝g^k。然后进行秘密多项式的构造，首先选择t-1个整数a₁，...，a_t-1，随机产生一个t-1次多项式f(x)＝k+a₁x+…+a_t-1x^t-1，并根据参与者标识GID_i计算子秘密d_i＝f(GID_i)。UI随机选择一个整数s作为自己的主秘钥，计算公钥P＝g^s，并用s和参与者秘钥影子

做运算得到子秘钥

再通过t个参与者的子秘钥s_i与d_i计算得到R_i：1) Initialization, all participants U _i will use their own public key

As the key shadow is delivered to the secret distributor UI, the UI must confirm that each participant's secret shadow cannot be repeated, i.e.

where i≠j. If the same key shadow is found, the participant needs to re-select the private key

And resend the key shadow to the UI. The UI randomly selects the secret _k∈Zp and publishes the secret shadow K= ^gk . Then construct the secret polynomial, first select t-1 integers a ₁ ,...,a _t-1 , and randomly generate a t-1 degree polynomial f(x)=k+a ₁ x+...+a _t-1 x ^t-1 , and calculate the sub-secret d _i =f(GID _i ) according to the participant identification GID _i . UI randomly selects an integer s as its master key, calculates the public key P=g ^s , and uses s and the participant key shadow

Do the operation to get the subkey

Then, R _i is obtained by calculating the sub-keys s _i and d _i of t participants:

Among them, l, m, and j represent the members participating in the secret sharing. Finally, (GID _i , R _i ) and P are disclosed, where i=1, 2, . . . n.

是否成立，若不成立则需要重新验证参与者身份；反之，当t个参与者验证完毕后，可以确定各个参与者身份，并根据参与者提供的子秘钥得到每个参与者GID_i对应的d_i,d_i的计算方式如下：2) Sub-secret recovery: If the participant wants to recover the secret and then generate multiple signatures, the participant U _i sends the sub-key _si to the secret restorer, and the secret restorer verifies the equation

Whether it is established, if not, the identity of the participants needs to be re-verified; on the contrary, after the verification of t participants is completed, the identity of each participant can be determined, and the d corresponding to the GID _i of each participant can be obtained according to the sub-key provided by the participant. _i and d _i are calculated as follows:

Finally, d _i is sent to the corresponding participant U _i .

作为U_i对σ的签名，将签名信息(σ，sig_i)发送给UC，并公布子秘密影子

3) Single signature process: UI sends the information σ to be signed to all U _i , if U _i accepts the contract creation request, calculate

As U _i 's signature to σ, the signature information (σ, sig _i ) is sent to UC, and the sub-secret shadow is published

4) Single signature verification: After UC receives (σ, sig _i ), it first sets the number of valid signatures m to zero, and then verifies the correctness of the signature through the following equation: e(g, sig _i )=e(H(σ ), p _i ).

5) Multi-signature generation process: when the number of valid signatures collected by UC m ≥ t, calculate:

为拉格朗日系数，最后UC将(σ，S)作为σ的多重签名发送给UV。in,

is the Lagrangian coefficient, and finally UC sends (σ, S) to UV as a multi-signature of σ.

6) Multi-signature verification: Whether the UV calculation equation e(g, S)=e(H(σ), K) is established, if the equation is established, it means that the multi-signature is valid, otherwise the signature is invalid. When the multi-signature verification is passed, UV submits a transaction Tx _global (σ, S, GID _i ) to the alliance chain, i=1, 2, ..., m, the transaction is used to record the multi-signature and participate in the multi-signature domain.

(2) Contract creation

The structure of the access control list in the contract is shown in Figure 2. The creation of smart contracts includes the creation of registration contracts and cancellation contracts. Any member of the alliance chain has the right to deploy the contract. In order to improve the system availability and security, a (t, n) threshold multi-signature contract scheme is proposed, where n is the total number of members of the alliance chain, and the contract deployer acts as the signature collector and verifier. , collect and verify the signatures of other alliance chain members, and deploy the contract when no less than t valid signatures are collected.

(3) Global registration

所属域A的管理员需要为其提前注册联盟链账号。联盟链为

生成公私钥对{SK_i，PK_i}，对公钥PK_i进行secp256k1椭圆曲线处理和编码后得到Addr_i。The global registration process is shown in Figure 3. Before global registration,

The administrator of domain A to which it belongs needs to register a consortium chain account for it in advance. The alliance chain is

A public-private key pair {SK _i , PK _i } is generated, and Addr _{i is obtained after performing secp256k1 elliptic curve processing and encoding on the public key PK i .}

发送查询请求Qrequest查询账户Addr_i在域N中是否存在有效注册信息。若已注册但注册信息已过期，则委托KGC^A向KGC^N提交有效期更新请求,KGC^N生成签名

发送给KGC^A，接着KGC^A调用算法1完成注册更新，其中T_j为一个时间戳，表示新的有效期；若

未在域N中注册，则进行第2)步操作。1) Drone

Send a query request Qrequest to query whether the account Addr _i has valid registration information in the domain N. If it has been registered but the registration information has expired, entrust KGC ^A to submit a validity period update request to KGC ^N , and KGC ^N will generate a signature

Send it to KGC ^A , and then KGC ^A calls Algorithm 1 to complete the registration update, where T _j is a timestamp, indicating the new validity period; if

If it is not registered in domain N, go to step 2).

The specific steps of Algorithm 1 are as follows:

向KGC^A提交全局注册请求register_global＝(GRrequest||Addr_i||h_i)，其中GRrequest为全局注册请求，h_i＝H(ID_i))。GRrequest为分两类，第一类为

在其所属域A进行注册，第二类为

在其它域N_i(i＝1，2，...，n)进行注册。对于第一类，若KGC^A接受该注册申请则为

生成签名

再跳到第4)步操作；若是第二类则进行第3)步操作。2)

Submit a global registration request to KGC ^A register _global =(GRrequest||Addr _i ||h _i ), where GRrequest is a global registration request, h _i =H(ID _i )). GRrequest is divided into two categories, the first category is

Register in its own domain A, the second category is

Registration is performed in other domains Ni ( _i =1, 2, . . . , n). For the first category, if KGC ^A accepts the application for registration, it is

Generate signature

Skip to step 4) operation again; if it is the second type, perform step 3) operation.

返回给KGC^A。3) KGC ^A submits a registration request to KGC ^N. If KGC ^N accepts the registration application, it will sign the device information and send

Return to KGC ^A.

4) KGC ^A takes the device identity information and its corresponding signature sig as the contract input, calls the registration contract, and runs the algorithm 2 to realize the registration.

The specific steps of Algorithm 2 are as follows:

5) The registration contract determines the validity of the signature. If the output of the signature verification function Valid(sig) is true, the device registration information will be written into the access control table where the signature field is located in the contract, and a transaction Tx will be initiated in the alliance chain completion state. renew.

保存。6) After the registration is successful, the alliance chain returns the contract address Wsc to

save.

进行注销时，

所属域的KGC^A发起全局注销请求deregister_global＝(GDRrequest||Addr_i||H(ID_i)，)，其中GDRrequest表示全局注销请求。接着将设备身份信息和对其的签名sig作为合约输入，通过Bsc调用注销合约，完成注销操作；同时调用注册合约，将相应的注册状态设为无效。when needed

When logging out,

The KGC ^A of the domain to which it belongs initiates a global deregister request deregister _global =(GDRrequest||Addr _i ||H(ID _i ),), where GDRrequest represents a global deregister request. Then, the device identity information and its signature sig are input to the contract, and the logout contract is called through Bsc to complete the logout operation; at the same time, the registration contract is called to set the corresponding registration status to invalid.

3. Session key negotiation

As shown in Figure 4, the session key is used to ensure data security during the communication process of the drone. The drones d _i and d _j are set, and they need to negotiate a session key before establishing communication. The specific steps are as follows.

1) d _i and d _j exchange the public keys PK _i and PK _j obtained after registration in the alliance chain and the public keys pk _i and pk _j assigned by KGC to them.

用公钥PK_j做非对称加密运算得

其中t_i为时间戳，接着将密文c发送给d_j。2) d _i is randomly selected

Using the public key PK _j to do asymmetric encryption operation, we get

where t _i is the timestamp, and then the ciphertext c is sent to d _j .

提取出r_i和t_i。然后随机选择

运行相同的非对称加密算法用d_i的公钥PK_i加密r_j和t_i得

将c′发给d_i。3) After d _j receives c, it is decrypted by private key SK _j to obtain

_ri and _ti are extracted. then randomly choose

Run the same asymmetric encryption algorithm to encrypt r _j and t _i with d _i 's public key PK _i to get

Send c' to _di .

提取出r_j和t_i。4) After d _i receives c', run the decryption algorithm through the private key SK _i to obtain

r _j and t _i are extracted.

5) d _i and d _j take (r _i , r _j ) as the input of the key generator, and finally obtain the session key ks=H(r _i ||r _j ).

In addition, the session key ks ^* = k ₁ +k ₂ between the drone and the enterprise, where k ₁ is the security key stored by the drone and the enterprise; k ₂ is generated based on the elliptic curve encryption algorithm and stored by the enterprise . Before establishing communication, the enterprise sends k ₂ to the terminal through a secure channel.

4. Cross-domain identity authentication

想与

通信，

对

进行身份认证的流程如图5所示，具体步骤如下。Cross-domain devices have communication barriers due to different communication protocols or device types. In the traditional mode, using a central agency for authentication will bring huge communication and storage overhead. The solution of the present invention adopts the decentralized blockchain for cross-domain device authentication, assuming that

want to be with

communication,

right

The flow of identity authentication is shown in Figure 5, and the specific steps are as follows.

调用联盟链合约函数Valid(Addr_i)检查其在域B中的注册时间是否过期，联盟链进行账本查询并返回查询结果Addr_i||T_i，若T_i失效，

则向KGC^A提交更新请求Urequest和设备信息(Addr_i||addr_i||h_i)；若T_i有效，则直接进行第4)步操作。1)

Call the alliance chain contract function Valid(Addr _i ) to check whether its registration time in domain B has expired, and the alliance chain will query the _ledger and return the query result Addr _i ||T _i , if Ti is invalid,

Then submit the update request Urequest and the device information (Addr _i ||addr _i ||h _i ) to KGC ^A ; if T _i is valid, proceed directly to step 4).

是否属于A域设备，若属于A域，KGC^A则代理

向KGC^B申请身份更新，获取到B域签名

和新的有效期T_j后调用联盟链注册合约，运行算法1，在联盟链发起更新交易。2) KGC ^A calls the private chain contract function valid(addr _i ) to check

Whether it belongs to the A domain device, if it belongs to the A domain, KGC ^A will act as an agent

Apply for identity update to KGC ^B and get the signature of domain B

After and the new validity period T _j , call the alliance chain registration contract, run the algorithm 1, and initiate an update transaction on the alliance chain.

返回更新结果Uresponse。3) The consortium chain nodes update the ledger data through the consensus mechanism and send the

Returns the update result Urresponse.

将身份标识ID_i通过安全通道发送给

4)

Send the identity ID _i through the secure channel to

计算

h_i＝H(ID_i),生成连接请求消息op＝(connect||ct||h_i),其中connect表示通信连接请求。随后

发起一笔交易Tx＝(Addr_i，Addr_k，coin_i，op)，付款方为

的账户Addr_i，收款方为

的账户Addr_k，交易额为coin_i，交易的附加信息为op。5)

calculate

h _i =H(ID _i ), generate a connection request message op=(connect||ct||h _i ), where connect represents a communication connection request. subsequently

Initiate a transaction Tx=(Addr _i , Addr _k , coin _i , op), the payer is

account Addr _i , the payee is

The account Addr _k , the transaction amount is coin _i , and the additional information of the transaction is op.

并更新账户Addr_k的余额。6) The alliance chain node verifies the transaction, adds the transaction to the new block after reaching a consensus, and then returns the transaction identifier TxID to the

And update the balance of the account Addr _k .

收到转账后，缓存付款方账户Addr_i，通过存储在本地的合约地址Wsc调用合约，查询Addr_i在合约里对应域B的访问控制表中的注册状态。

提交的身份验证请求为Vrequest＝(Wsc，Addr_i，GID_B，ks)，其中，ks为联盟链节点与

提前协商好的会话秘钥。7)

After receiving the transfer, cache the payer account Addr _i , and call the contract through the locally stored contract address Wsc to query the registration status of Addr _i in the access control table of the corresponding domain B in the contract.

The submitted authentication request is Vrequest=(Wsc, Addr _i , GID _B , ks), where ks is the consortium chain node and the

The session key negotiated in advance.

若

对应的账户Addr_i在域B已注册则status＝true，否则status＝false；T_i为一个时间戳，表示注册的有效期，h_i＝H(ID_i)。8) The consortium chain node runs algorithm 3, obtains the ciphertext c=E _ks (Addr _i ||status||T _i ||h _i ) and sends c to

like

If the corresponding account Addr _i has been registered in domain B, then status=true, otherwise status=false; Ti is a timestamp, indicating the validity period of the registration, h _i =H(ID _{i )} .

The specific steps of Algorithm 3 are as follows:

运行对称解密算法得到m＝D_ks(c)＝(Addr_i||status||T_i||h_i)，若注册状态status＝false则终止操作；若为true则继续判断Addr_i注册有效期T_i。令now表示当前时间戳，若T_i＜now表示注册日期失效，随即终止操作；若T_i＞now表示注册日期有效，接着

对

发来的身份标识ID_i做哈希处理得到h＝H(ID_i)，若h＝h_i成立，则函数Equal(h＝＝h_i)输出true，表示身份合法，认证成功，反之认证失败。需要说明的是，该跨域认证方法同样适用于同域无人机间、无人机与智能终端间的身份认证。9)

Run the symmetric decryption algorithm to get m=D _ks (c)=(Addr _i ||status||T _i ||h _i ), if the registration status status=false, terminate the operation; if it is true, continue to judge the validity period T of the Addr _i registration _i . Let now represent the current timestamp, if T _i <now indicates that the registration date is invalid, the operation is terminated immediately; if T _i >now indicates that the registration date is valid, then

right

The sent identification ID _i is hashed to obtain h=H(ID _i ), if h= _hi is established, the function Equal(h== _hi ) outputs true, indicating that the identity is legal and the authentication is successful, otherwise the authentication fails . It should be noted that this cross-domain authentication method is also applicable to identity authentication between drones in the same domain, and between drones and smart terminals.

In this embodiment, one enterprise is one domain.

Example 2: The blockchain-based 5G drone cross-domain identity authentication system, as shown in Figure 1, includes multiple drone domains and a consortium chain formed by deploying smart contracts in multiple drone domains. Each drone domain is configured with a unique key generation center, an edge server, a private chain, and multiple domain devices. Domain devices are connected through D2D link network communication, and domain devices and servers are connected through D2B link network communication. Domain devices include but are not limited to drones, smart terminals, etc.

The specific embodiments described above further describe the objectives, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above descriptions are only specific embodiments of the present invention, and are not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included within the protection scope of the present invention.

Claims (10)

1. A blockchain-based 5G drone cross-domain identity authentication method, characterized in that it includes the following steps: The domain A device initiates a transfer transaction with the additional information as a communication connection request to the domain B device; Server B caches the account information of the device in domain A, connects to the alliance chain according to the alliance chain account of server B, and sends an identity authentication request to the alliance chain according to the communication connection request; The alliance chain calls the built-in smart contract according to the identity authentication request to find the access control information and registration validity period of the device in domain A, and returns the query result after completing the ledger query; the query result shows that the device in domain A is completed in domain B of the drone to which the device in domain B belongs. When registered and the time is valid, the query result indicates that the identity of the domain A device is valid; After receiving the valid identity feedback, server B hashes the identity identifier in the account information to obtain a second hash value, and matches the second hash value with the first hash value returned by the smart contract to obtain a matching result, and When the matching result shows that the matching is successful, output legal identity information; The domain B device establishes a communication connection after negotiating the session key with the domain A device according to the legal identity information, and adds the transaction to the new block after reaching a consensus, and returns the transaction identifier to the domain A device and updates the consortium chain of server B. account balance; The smart contract adopts multi-signature deployment with threshold (t, n), where n is the total number of members of the alliance chain, and the contract deployer acts as the signature collector and verifier to collect and verify the signatures of other members of the alliance chain. After t valid signatures, the contract is deployed. 2. The blockchain-based 5G drone cross-domain identity authentication method according to claim 1, wherein the server in the drone domain performs multi-signature deployment as a signature participant, and the signature participant includes a message sending signer, signer, signature collector and verifier; The server in the drone domain acts as a signature collector and verifier to collect and verify the signatures of other consortium chain members. The specific steps are as follows: the message sender sends the message to be signed to each signer at the same time for signature; the signer will sign The message is sent to the signature collector; the collector organizes the signed message and sends it to the signature verifier for multi-signature validity verification. 3. The blockchain-based 5G drone cross-domain identity authentication method according to claim 1, wherein the smart contract comprises a registration contract and a cancellation contract; The registration contract is used to determine the validity of the signature, and when the signature is valid, the device information and registration information are written into the access control table where the signature field in the contract is located, and the status update is completed in the alliance chain; The cancellation contract is used to add the identity information of the corresponding device to the cancellation contract for cancellation when an abnormality of the device in the network is detected and it is permanently unavailable. 4. The blockchain-based 5G drone cross-domain identity authentication method according to claim 1, wherein the registration of the domain A device or the domain B device includes local registration and global registration; The domain device sends a local registration request to the key generation center of the domain to which it belongs; the key generation center checks whether the corresponding domain device already has the corresponding device information in the private chain. Register locally and get a private chain account; After the local registration is completed, the secret key generation center initializes the domain device to obtain the private identifier of the domain device; the secret key generation center sends a global registration request to the alliance chain according to the private chain account to register the corresponding domain device to obtain the alliance chain account, and at the same time, the private identification Perform hashing to obtain the first hash value. 5. The blockchain-based 5G drone cross-domain identity authentication method according to claim 4, wherein the global registration comprises same-domain registration and cross-domain registration; The same-domain registration is a domain device requesting registration from the key generation center in the domain to which it belongs; Cross-domain registration is a domain device requesting registration from key generation centers in other domains. 6. The blockchain-based 5G drone cross-domain identity authentication method according to claim 1, wherein the specific process of finding the access control information and registration validity period of domain A equipment through the smart contract is: The domain A device sends a query request to check whether the alliance chain account has valid registration information in the drone domain B; If the registration information has expired, the key generation center of the domain to which the device belongs to the entrusted domain A submits a validity period update request to the key generation center in the drone domain B; The key generation center in the drone domain B generates a signature and sends it to the key generation center in the domain to which the device in domain A belongs; The secret key generation center of the domain to which the domain A device belongs calls the identity update algorithm to complete the registration update. 7. The blockchain-based 5G drone cross-domain identity authentication method according to claim 1, wherein the process of the session key negotiation is specifically: The domain A device and the domain B device exchange the public keys PK _i and PK _j obtained after the registration of the alliance chain and the public keys pk _i and pk _j distributed by the secret key generation center; The domain A device randomly selects the random number r _i , performs asymmetric encryption with the public key PK _j of the domain B device according to the random number _ri to obtain the ciphertext c, and sends the ciphertext c to the domain B device; The key SK _j runs the symmetric decryption algorithm to decrypt the ciphertext c, and extracts the random number _{ri and the time stamp t i ;} The domain B device randomly selects a random number r _j , performs asymmetric encryption with the public key PK _i of the domain A device according to the random number r _j to obtain the ciphertext c', and sends the ciphertext c' to the domain A device; the domain A device Run the symmetric decryption algorithm through the private key SK _i to decrypt and extract the ciphertext c' to obtain the random number r _j and the time stamp t _i ; The domain A device and the domain B device use the random number r _i and the random number r _j as the input of the key generator to obtain the session key. 8. The blockchain-based 5G drone cross-domain identity authentication method according to claim 1, wherein the identity authentication method further comprises local authentication, and the concrete steps of local authentication are: The server detects and collects activity information of domain devices active in the network; Compare the identity of the activity information with the device information on the private chain. If the identity comparison result shows that the corresponding domain device is abnormal, broadcast the identity information of the domain device to other domains and add it to the cancellation contract. 9. A blockchain-based 5G drone cross-domain identity authentication system for realizing the blockchain-based 5G drone cross-domain identity authentication method according to any one of claims 1-8, characterized in that it includes multiple A UAV domain and a consortium chain formed by deploying smart contracts in multiple UAV domains; Each drone domain is configured with a unique key generation center, at least one server, a private chain, and multiple domain devices; Domain devices are connected through D2D link network communication, and domain devices and servers are connected through D2B link network communication. 10. A computer terminal comprising a memory, a processor and a computer program stored in the memory and running on the processor, wherein the processor implements any one of claims 1-8 when the processor executes the program The blockchain-based 5G drone cross-domain identity authentication method described in this article.

Images