Resumen
A consortium system can leverage information to improve workflows, accountability, and transparency through setting up a backbone for these cross-company and cross-discipline solutions, which make it become a hot spot of market application. Users of a consortium system may register and log in different target domains to get the access authentications, so how to access resources in different domains efficiently to avoid the trust-island problem is a big challenge. Cross-domain authentication is a kind of technology that breaks trust islands and enables users to access resources and services in different domains with the same credentials, which reduces service costs for all parties. Aiming at the problems of traditional cross-domain authentication, such as complex certificate management, low authentication efficiency, and being unable to prevent the attack users? accounts, a cross-domain authentication protocol based on face recognition is proposed in this paper. The protocol makes use of the decentralized and distributed characteristics of the consortium chain to ensure the reliable transmission of data between participants without trust relationships, and achieves biometric authentication to further solve the problem of account attack by applying a deep-learning face-recognition model. An asymmetric encryption algorithm is used to encrypt and store the face feature codes on the chain to ensure the privacy of the user?s face features. Finally, through security analysis, it is proved that the proposed protocol can effectively prevent a man-in-the-middle attack, a replay attack, an account attack, an internal attack, and other attacks, and mutual security authentication between different domains can be realized with the protocol.