在数据要素流通过程中,各信任域往往采用独立的身份认证体系和权限管理标准,用户在跨域访问时难以实现精准授权。为此,提出了一种基于区块链的数据要素精准授权机制。该机制采用“链上-链下”协同架构:链上,设计智能合约驱动的非同质化通证元数据动态更新机制,通过将用户身份与角色映射为可编码的非同质化通证,实现用户身份与权限的实时更新;链下,部署信任评估模型和动态解析缓存机制,将用户信任值转化为动态授权评估因子,实现异构信任域场景下的分级自动权限映射。实验结果表明,本工作提出的机制能实现更精细的权限管理,在加速策略变更进程的同时,有效隔离潜在风险。
In the circulation of data elements, different trust domains often adopt independent identity authentication systems and access control standards, making precise authorization for cross-domain access challenging. To address this issue, a blockchain-based precise authorization mechanism for data elements is proposed. This mechanism adopts a collaborative on-chain and off-chain architecture. On-chain, a smart contract-driven dynamic metadata update mechanism for non-fungible tokens (NFTs) is designed, mapping user identities and roles into codable NFTs to enable real-time updates of identity and permissions. Off-chain, a trust evaluation model and a dynamic parsing cache mechanism are deployed to convert user trust values into dynamic authorization evaluation factors, enabling hierarchical and automated permission mapping in heterogeneous trust domains. Experimental results show that the proposed mechanism achieves finer-grained access control, accelerates policy updates, and effectively isolates potential risks.
[1] 中国信息通信研究院. 数据要素白皮书. [EB/OL]. (2023-09-18) [2025-01-02]. Retrieved from http://www.caict.ac.cn/english/research/whitepapers/202311/P020231103487266783845.pdf.
[2] 国务院. 关于印发《关于加强数据资产管理的指导意见》 的通知[EB/OL]. (2023-12-31) [2025-01- 02]. https://www.gov.cn/zhengce/zhengceku/202401/content_6925470.htm.
[3] Wei X, Yan Y, Guo S, et al. Secure data sharing: blockchain-enabled data access controlframework for IoT [J]. IEEE Internet of Things Journal, 2021, 9(11): 8143-8153.
[4] Luka M K, Okereke O U, Omizegba E E, et al. Blockchains for spectrum management in wireless networks: a survey [DB/OL]. (2021-06-11) [2025-01-02]. https://arxiv.org/abs/2107.01005.
[5] Chen L, Lim H W, Yang G. Cross-domain password-based authenticated key exchange revisited [J]. ACM Transactions on Information and System Security (TISSEC), 2014, 16(4): 1-32.
[6] 赵国威. 安全协议形式化自动验证工具AVISPA的研究[D]. 长春: 吉林大学, 2014.
[7] Jiang L, Chang X, Liu Y, et al. Performance analysis of hyperledger fabric platform: a hierarchical model approach [J]. Peer-to-Peer Networking and Applications, 2020, 13: 1014- 1025.
[8] Khalil U, Malik O A, Hong O W, et al. Leveraging a novel NFT-enabled blockchain architecture for the authentication of IoT assets in smart cities [J]. Scientific Reports, 2023, 13(1): 19785.
[9] Shen M, Liu H, Zhu L, et al. Blockchain-assisted secure device authentication for cross-domain industrial IoT [J]. IEEE Journal on Selected Areas in Communications, 2020, 38(5): 942-954.
[10] Sanka A I, Irfan M, Huang I, et al. A survey of breakthrough in blockchain technology: adoptions, applications, challenges and future research [J]. Computer Communications, 2021, 169: 179-201.
[11] Kapoor V, Abraham V S, Singh R. Elliptic curve cryptography [J]. Ubiquity, 2008: 1-8.
[12] Fang X, Wu Y. Investigation into the elliptic curve cryptography [C]//20173rd International Conference on Information Management (ICIM). IEEE, 2017: 412-415.
[13] Chen J, Zhan Z, He K, et al. XAuth: efficient privacy-preserving cross-domain authentication [J]. IEEE Transactions on Dependable and Secure Computing, 2021, 19(5): 3301-3311.
[14] Goyal V, Pandey O, Sahai A, et al. Attribute-based encryption for fine-grained access control of encrypted data [C]//13th ACM conference on Computer and Communications Security, 2006: 89-98.
[15] Nakamoto S. Bitcoin: a peer-to-peer electronic cash system [EB/OL]. (2008-10-31) [2025-01-02]. https://nakamotoinstitute.org/library/bitcoin.
[16] Fan K, Ren Y, Yan Z, et al. Secure time synchronization scheme in IoT based on blockchain [C]//2018 IEEE International Conference on Internet of Things (IThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, 2018: 1063-1068.
[17] European Commission. Digital Decade 2024: eGovernment Benchmark [EB/OL]. (2024-06-02) [2025-01-02]. https://digital-strategy.ec.europa.eu/en/library/digital-decade-2024-egovernmentbenchmark.
[18] Rahulamathavan Y, Phan R C W, Rajarajan M, et al. Privacy-preserving blockchain based IoT ecosystem using attribute-based encryption [C]//2017 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS). IEEE, 2017: 1-6.
