An Open Identity Authentication Scheme Based on Blockchain

Abstract

With the development of Public Key Infrastructure (PKI), there implements lots of identity management systems in enterprises, hospitals, government departments, etc. These systems based on PKI are typically centralized systems. Each of them has their own certificate authority (CA) as trust anchor and is designed according their own understanding, thus formalizing lots of trust domains isolated from each other and there is no unified business standards with regard to trust delivery of an identity system to another, which caused a lot of inconveniences to users who have cross-domain requirements, for example, repeatedly register same physical identity in different domains, hard to prove the validity of an attestation issued by a domain to another. Present PKI systems choose solutions such as Trust list, Bridge CA or Cross-authentication of CAs to break trust isolation, but practice shows that they all have obvious defects under existing PKI structure. We propose an open identity authentication structure based on blockchain and design 3 protocols including: Physical identity registration protocol, virtual identity binding protocol and Attribution attestation protocol. The tests and security analysis show that the scheme has better practice value compared to traditional ones.