| With the advent of the "Internet +" era and the rapid development of e-commerce,the traditional paper credentials have become more and more difficult to meet the current business environment and people's needs because of the disadvantages of high cost,low efficiency and cumbersome process.The credential services began to move towards electronic and intelligent.The construction of the electronic credential service system will make innovations and contributions in the efficiency,cost and environmental protection of the credential industry.However,while the electronic credential brings many conveniences,we have to consider the security problems in the process of electronic credential transfer,including the authenticity,integrity and non-repudiation of credential information.These security requirements are based on the identity authentication of users,devices and service terminals in the system.The most important thing is identity management,which is also part of the research content of the national key research and development program.The identity management of electronic credential service system faces the following challenges: Firstly,in the face of different application scenarios,the access entities(users/devices)are vastly different,the same entity has multiple different identities,different identities have different requirements for security levels and privilege,and different entities need to work together.The traditional identity authentication modes are mostly for a single scenario,without considering matching authentication for specific application scenarios and different security requirements.It is difficult to meet the new requirements for identity authentication in the development mode of the new business process of the electronic credential system.Secondly,with the rapid development of big data,a large amount of data is stored in the cloud.The electronic credential service involves a large amount of sensitive information of users.How to protect users' sensitive information also poses new challenges to identity management technology.Thirdly,when a large number of entities access to the system simultaneously,improving the service efficiency of the authentication server is also a key issue to be solved.This thesis has done the following work aiming at the above problems:(1)A multi-identity management scheme was designed and implemented based on the electronic credential service system.Assigning identity authentication methods to multiple different identities of an entity according to its application scenario,privilege requirements and security level.In order to improve the efficiency of identity authentication and the switching between different identities of entities,we construct multi-identity rings for entities with higher access to the system,store their identity information in the authentication server memory,and adopt the quick search structure to search for identity's multi-identity ring address.At the same time,when accessing the system,different identities can only perform corresponding privilege operations,and do not disclose information about other identities to business interlocutors,thus enhancing the privacy protection of different identities of entities.(2)Design and implement a group-based device authentication scheme suitable for the electronic credential service system.Because the same service process in the system has different devices working together,we can divide devices into different groups according this business type.the identity-based group authentication scheme enables the authentication server to authenticate all members of the group simultaneously,which can greatly reduce the communication data and computational overhead in the authentication process,thus improving the authentication efficiency.The multi-identity management method designed in this thesis can effectively strengthen the entity privacy protection.It can assign appropriate identity authentication methods according to the different needs of the entity for scenarios,privileges and security levels,and at the same time ensure the efficiency of the authentication server when a large number of entities access the system simultaneously.In addition,we carrie out the system prototype implementation and performance test,and demonstrate the feasibility of the scheme. |
PDF Full Text Request