In this work, we propose a new Blockchain-based Identity Management system for smart industry. First, we describe an efficient biometric-based anonymous credential scheme, which supports selective disclosure, suspension/thaw and revocation of credentials/entities. Our system provides non-transferability through a freshly computed hidden biometric attribute, which is generated using a secure fuzzy extractor during each authentication. This mechanism combined with offchain storage guarantees GDPR compliance, which is required for protecting user’s data. We define blinded (Brands) DLRep scheme to provide multi-show unlinkability, which is a lacking feature in Brands’ credential based systems. For larger organizations, we re-design the system by replacing the Merkle Tree with an accumulator to improve scalability. The new system enables auditing by adapting the standard Industrial IoT (IIoT) Identity Management Lifecycle to Blockchain. Finally, we show that the new proposal outperforms BASS, i.e. the most recent blockchain-based anonymous credential scheme designed for smart industry. The computational cost at the user-side (can be a weak IoT device) of our scheme is 8-times less than that of BASS. Thus, our system is more suitable for IIoT.

在这项工作中，我们为智能行业提出了一个新的基于区块链的身份管理系统。首先，我们描述了一种有效的基于生物特征的匿名凭证方案，该方案支持选择性公开，暂停/解冻和撤销凭证/实体。我们的系统通过新计算的隐藏生物特征属性提供了不可转让性，该属性是在每次身份验证期间使用安全的模糊提取器生成的。这种机制与脱链存储相结合，可确保GDPR合规性，这是保护用户数据所必需的。我们定义了盲（Brands）DLRep方案以提供多节目不可链接性，这是Brands基于凭据的系统中缺少的功能。对于大型组织，我们通过用累加器替换Merkle树来重新设计系统，以提高可伸缩性。新系统通过将标准工业物联网（IIoT）身份管理生命周期调整为适用于区块链，从而实现了审计。最后，我们表明，新提案的性能优于BASS，即针对智能行业设计的最新的基于区块链的匿名证书方案。我们的方案在用户端（可能是一个弱势的IoT设备）的计算成本比BASS降低了8倍。因此，我们的系统更适用于IIoT。