• • 上一篇    下一篇

以用户为中心的可信终端身份管理模型

李建%周化钢%彭越%任其达   

  • 基金资助:
    教育部新世纪优秀人才支持计划[NCET1565]、广西高等学校科研项目(201204LX668、2012JGA422)

The Model of User-Centric Identity Management based on Trusted Terminal

LI Jian%ZHOU Hua-gang%PENG Yue%REN Qi-da   

  • About author:北京交通大学信息安全体系结构研究中心,北京 100044; 南宁学院?畔⒐こ萄г海阄髂夏?530200%南宁学院信息工程学院,广西南宁,530200

摘要: 针对终端用户身份管理难题和现有的身份管理技术的不足,为了满足终端用户在任何情况下访问网络资源的客观需求,文章提出了以用户为中心的可信终端域内、跨域和开放网络环境下的身份管理系统模型,在此基础上设计了包括终端用户身份安全保护机制、身份管理流程、终端用户身份管理协议的终端用户身份安全保护方案,对协议进行了安全性分析和形式化分析,并与其他身份管理模型的安全性进行了比较,结果表明该模型能够安全地管理用户身份和实现各种环境下的访问控制。

Abstract: For end-user identity management challenges and weakness of current identity management, in order to satisfy the need which users access network resources in any conditions, the model of user-centric identity management system is proposed which based on trusted terminal for inner-domain, cross-domain and open network environment, the security protection program is designed which includes the protection mechanism of end-user identity and the procedure of end-user identity management and the protocol of identity management, security analysis and formal analysis of the end-user identity management protocol are carried out, the security of the model and other models are compared. The result shows that the model can implement the safe of managing user identity and access control under a variety of environment.