DTAP: A Blockchain-Based Dual-Terminal Collaborative Authentication Protocol for Cloud Services

With the increasing reliance on cloud services, establishing secure and reliable authentication for terminal devices to remotely access and control data has become a critical challenge. Existing solutions often suffer from limitations such as concentrated computational load, privacy infringements, and dependence on centralized architectures that introduce single points of failure (SPOF). To address these issues, this paper proposes DTAP, a blockchain-based dual-terminal collaborative anonymous authentication protocol. DTAP introduces a novel architecture that splits the user terminal into a U-Shield and a smartphone: the U-Shield securely hosts the master key offline, providing a robust security anchor, while the smartphone leverages BBS+ signatures and zero-knowledge proofs to achieve privacy-preserving authentication and Fine-Grained Access Control (FGAC). Furthermore, the protocol employs blockchain technology to eliminate SPOF, with smart contracts ensuring tamper-proof logging and transactional transparency. Security analysis confirms that the protocol meets the required security properties. Performance evaluation shows that DTAP maintains competitive computational and communication efficiency despite its enhanced functionality, and its deployment on the Ethereum testnet demonstrates practical feasibility.