PDF(2042 KB)
PDF(2042 KB)
PDF(2042 KB)
面向跨境的去中心分布式数字身份框架设计
A Framework Design for Decentralized Digital Identity Across Borders
进入数字化时代后,跨境数据流动衍生出数据主权要求,在个人数据隐私保护、灵活高效的授权访问之间矛盾凸显;数字身份框架作为解决这一矛盾的关键基础支撑,研究价值突出。本文在梳理跨境数字身份认证模型研究发展态势的基础上,提出了一种去中心化分布式跨境身份认证框架,引入数据分类分级策略,包含基于区块链的去中心化身份管理机制、动态数据属性分类与分级的通用认证池模型、隐私保护与访问控制策略3个核心模块,用于克服传统的集中式模型在跨境场景中的信任与合规性问题。进一步剖析了属性关联异构分级的效率和精度、跨境双方属性授权信任边界的博弈等跨境数字身份认证框架的应用难点,从认证框架应用封装的应用程序编程接口模型、认证框架的评估标准和实施路径等方面出发完善了相应解决方案。相关框架设计方案及发展理念,不仅为跨境数字身份认证提供了实践参考,而且为构建跨境数据流动的统一标准和安全规范提供了新的技术思路与实施路径。
In the digital era, the challenges of data sovereignty and the conflict between personal data privacy protection and efficient access are becoming more pronounced. As a critical foundational support for resolving this contradiction, the digital identity framework holds significant research values. Based on a review of the research and development trends in cross-border digital identity authentication models, this study proposes a decentralized, distributed framework for cross-border identity authentication. The framework incorporates a data classification and grading strategy, and features three core components: a blockchain-based decentralized identity management mechanism, a universal certification pool model for dynamic data attribute classification and grading, and privacy protection and access control strategies. These components are designed to overcome the trust and compliance issues inherent in traditional centralized models in cross-border scenarios. Furthermore, this study delves into the application challenges of the cross-border digital identity authentication framework, such as the efficiency and accuracy of attribute association and heterogeneous grading, and the strategic interaction of trust boundaries for attribute authorization between cross-border parties. It refines corresponding solutions from the perspectives of application encapsulation of the authentication framework through application programming interface (API) models, evaluation criteria for the authentication framework, and implementation pathways. The proposed framework not only provides practical references for cross-border digital identity authentication but also offers new technical insights and implementation pathways for establishing unified standards and security protocols for cross-border data flow.
跨境数据 / 去中心化数字身份 / 分布式系统 / 隐私保护 / 访问控制 / 区块链技术
ccross-border data / decentralized digital identity / distributed system / privacy protection / access control / blockchain technology
| [1] |
促进和规范数据跨境流动规定 [EB/OL]. (2024-03-22)[2024-12-15]. https://www.gov.cn/gongbao/2024/issue_11366/202405/content_6954192.html?xxgkhide=1.
Regulations on promoting and standardizing cross-border data flow [EB/OL]. (2024-03-22)[2024-12-15]. https://www.gov.cn/gongbao/2024/issue_11366/202405/content_6954192.html?xxgkhide=1.
|
| [2] |
European Commission. New practical guide to the Data governance act [EB/OL]. (2024-09-24)[2024-12-25]. https://digital-strategy.ec.europa.eu/en/library/new-practical-guide-data-governance-act.
|
| [3] |
Carovano G, Finck M. Regulating data intermediaries: The impact of the Data governance act on the EU’s data economy [J]. Computer Law & Security Review, 2023, 50: 105830.
|
| [4] |
陈嘉丽. 个人数据跨境流动法律规制研究 [D]. 北京: 北方工业大学(硕士学位论文), 2022.
Chen J L. Research on legal regulation of cross-border flow of personal data [D].Beijing: North China University of Technology (Master’s thesis), 2022.
|
| [5] |
网络数据安全管理条例 [EB/OL]. (2024-09-24)[2024-12-15]. https://www.gov.cn/zhengce/zhengceku/202409/content_6977767.htm.
Network data security management regulations [EB/OL]. (2024-09-24)[2024-12-15]. https://www.gov.cn/zhengce/zhengceku/202409/content_6977767.htm.
|
| [6] |
焦志伟, 吴正豪, 徐亦佳, 等. 基于隐私保护的分布式数字身份认证技术研究及实践探索 [J]. 信息通信技术与政策, 2024 (1): 59‒66.
Jiao Z W, Wu Z H, Xu Y J, et al. Research and practice of decentralized digital identity authentication technology based on privacy protection [J]. Information and Communications Technology and Policy, 2024 (1): 59‒66.
|
| [7] |
Liu Y Z, Zhao B Y, Zhao Z D, et al. SS-DID: A secure and scalable Web3 decentralized identity utilizing multilayer sharding blockchain [J]. IEEE Internet of Things Journal, 2024, 11(15): 25694‒25705.
|
| [8] |
“数字湾区”建设三年行动方案 [EB/OL]. (2023-11-07)[2024-12-15]. http://www.gd.gov.cn/zwgk/gongbao/2023/31/content/post_4287722.html.
Three-year action plan for the construction of “digital bay area” [EB/OL]. (2023-11-07)[2024-12-15]. http://www.gd.gov.cn/zwgk/gongbao/2023/31/content/post_4287722.html.
|
| [9] |
Hummel P, Braun M, Tretter M, et al. Data sovereignty: A review [J]. Big Data & Society, 2021, 8(1): 2053951720982012.
|
| [10] |
王文泽. 我国数据分类分级保护法律制度的完善 [D]. 长春: 吉林大学(硕士学位论文), 2023.
Wang W Z. Perfection of China’s legal system of data classification and classification protection [D]. Changchun: Jilin University (Master’s thesis), 2023.
|
| [11] |
Samir E, Wu H Y, Azab M, et al. DT-SSIM: A decentralized trustworthy self-sovereign identity management framework [J]. IEEE Internet of Things Journal, 2022, 9(11): 7972‒7988.
|
| [12] |
Lin I C, Yeh I L, Chang C C, et al. Designing a secure and scalable data sharing mechanism using decentralized identifiers (DID) [J]. Computer Modeling in Engineering & Sciences, 2024, 141(1): 809‒822.
|
| [13] |
Hummel P, Braun M, Tretter M H, et al. Data sovereignty: A review [J]. Big Data & Society, 2021, 8(1): 205395172098201.
|
| [14] |
Jajodia S, Samarati P, Yung M. Encyclopedia of cryptography, security and privacy [M]. Berlin: Springer Berlin, 2021.
|
| [15] |
Deng H T, Liang J W, Zhang C, et al. Future DID: A fully decentralized identity system with multi-party verification [J]. IEEE Transactions on Computers, 2024, 73(8): 2051‒2065.
|
| [16] |
Naik N, Jenkins P. uPort open-source identity management system: An assessment of self-sovereign identity and user-centric data platform built on blockchain [C]. Vienna: 2020 IEEE International Symposium on Systems Engineering (ISSE), 2020.
|
| [17] |
Khovratovich D, Law J. Sovrin: Digital identities in the blockchain era [EB/OL]. [2024-12-25]. https://sovrin.org/wp-content/uploads/AnonCred-RWC.pdf.
|
| [18] |
Bai Y R, Leo H, Li S Z, et al. Decentralized and self-sovereign identity in the era of blockchain: A survey [C]. Espoo: 2022 IEEE International Conference on Blockchain, 2022.
|
| [19] |
Dunphy P, Petitcolas F A P. A first look at identity management schemes on the blockchain [J]. IEEE Security & Privacy, 2018, 16(4): 20‒29.
|
| [20] |
Badirova A, Dabbaghi S, Moghaddam F F, et al. A survey on identity and access management for cross-domain dynamic users: Issues, solutions, and challenges [J]. IEEE Access, 2023, 11: 61660‒61679.
|
| [21] |
Singh C, Thakkar R, Warraich J. IAM identity access management—Importance in maintaining security systems within organizations [J]. European Journal of Engineering and Technology Research, 2023, 8(4): 30‒38.
|
| [22] |
Regateiro D, Pereira Ó, Aguiar R L. On the application of fuzzy set theory for access control enforcement [C]. Madrid: Proceedings of the 14th International Joint Conference on e-Business and Telecommunications, 2017.
|
| [23] |
吴国英, 杨林, 邱旭华. 可信身份认证平台的构建 [J]. 信息安全研究, 2022, 8(9): 888‒894.
Wu G Y, Yang L, Qiu X H. Construction of a trusted authentication platform [J]. Journal of Information Security Research, 2022, 8(9): 888‒894.
|
| [24] |
Dixit S, Joshi K P, Choi S G. Multi authority access control in a cloud EHR system with MA-ABE [C]. Milan: 2019 IEEE International Conference on Edge Computing (EDGE), 2019.
|
| [25] |
Idrees S M, Nowostawski M. Blockchain transformations [M]. Cham: Springer Nature Switzerland, 2024.
|
| [26] |
Dash S P, Jena A K. An efficient approach for optimizing the CA selection search space in a blockchain network [C]. Bhubaneswar: 2024 International Conference on Emerging Systems and Intelligent Computing (ESIC), 2024.
|
| [27] |
Chen J, Lu F, Liu Y Z, et al. Cross trust: A decentralized MA-ABE mechanism for cross-border identity authentication [J]. International Journal of Critical Infrastructure Protection, 2024, 44: 100661.
|
| [28] |
Hatami P, Hoza W. Paradigms for unconditional pseudorandom generators [M]. Boston: Now Foundations and Trends, 2024.
|
| [29] |
Kosuge H, Xagawa K. Probabilistic hash-and-sign with retry in the quantum random oracle model [M]. Cham: Springer Nature Switzerland, 2024.
|
| [30] |
全国网络安全标准化技术委员会. 数据安全技术 数据分类分级规则(GB/T 43697—2024) [S]. 北京: 中国标准出版社, 2024.
National Technical Committtee 260 on Cybersecurity of Standardization Administration of China. Data security technology—Rules for data classification and grading (GB/T 43697—2024) [S]. Beijing: Standards Press of China, 2024.
|
| [31] |
Ju W, Yi S Y, Wang Y F, et al. A survey of graph neural networks in real world: Imbalance, noise, privacy and OOD challenges [EB/OL]. (2024-03-07)[2024-12-25]. https://arxiv.org/abs/2403.04468v1.
|
| [32] |
Liu J, Shang L T, Su Y T, et al. Privacy-preserving multi-source cross-domain recommendation based on knowledge graph [J]. ACM Transactions on Multimedia Computing, Communications, and Applications, 2024, 20(5): 1‒18.
|
| [33] |
Chen C C, Zheng F, Cui J, et al. Survey and open problems in privacy-preserving knowledge graph: Merging, query, representation, completion, and applications [J]. International Journal of Machine Learning and Cybernetics, 2024, 15(8): 3513‒3532.
|
| [34] |
Zhang X L, Xu R. A multi-level fuzzy comprehensive evaluation method for knowledge transfer efficiency in innovation cluster [J]. Mobile Information Systems, 2022 (9): 1‒12.
|
| [35] |
Wang J T, Zhu Y, Wang Y X, et al. A privacy-friendly approach to data valuation [EB/OL]. (2023-09-22)[2024-12-15]. https://openreview.net/forum?id=FAZ3i0hvm0.
|
| [36] |
Zhang X Y, Xu H Y, Ba Z J, et al. PrivacyAsst: Safeguarding user privacy in tool-using large language model agents [J]. IEEE Transactions on Dependable and Secure Computing, 2024, 21(6): 5242‒5258.
|
/
| 〈 |
|
〉 |
