基于实体行为的身份可信等级评估机制研究

doi:10.3969/j.issn.1671-1122.2016.09.025

信息网络安全 ›› 2016, Vol. 16 ›› Issue (9): 124-129.doi: 10.3969/j.issn.1671-1122.2016.09.025

基于实体行为的身份可信等级评估机制研究

彭佳(), 高能

中国科学院数据与通信保护研究教育中心,北京 100093

收稿日期:2016-07-25 出版日期:2016-09-20 发布日期:2020-05-13
作者简介:
作者简介：彭佳（1988—）,女,天津,助理工程师,硕士,主要研究方向为信息安全;高能（1976—）,女,北京,研究员,博士,主要研究方向为信息安全。
基金资助:
国家重点研发计划 [2016YFB0800504];国家高技术研究发展计划（国家863计划）[2013AA01A214]

Research on Identity Trusted Level Evaluation Mechanism Based on User Behavior Analysis

Jia PENG(), Neng GAO

Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, Beijing 100093, China

Received:2016-07-25 Online:2016-09-20 Published:2020-05-13

摘要/Abstract

摘要：

随着互联网应用种类越来越多,用户参与互联网活动的形式越来越丰富。对网络实体身份进行可信分级并建立规范的可信测评体系是构建安全、科学与规范的网络可信体系的基础。文章提出了一种基于用户行为的身份可信等级评估模型。身份服务提供方根据实体的身份信息和行为信息确定实体的最高可信等级,当依赖方需要鉴别实体身份时,身份服务提供方结合最高可信等级提供给依赖方该实体登录环境下的动态可信等级,依赖方可根据动态可信等级对实体进行权限管理。该模型利用分级的思想,满足应用对用户身份的不同可信需求,实现适度安全,提高身份管理效率与易用性。

关键词: 可信等级, 行为特征, 用户行为动态鉴别, 多因素鉴别

Abstract:

With the development of Internet technology, there have been more kinds of Internet applications, and the ways of users participated in the Internet become richer. It is the basis of network trusted system to grating trusted level of network identity. This paper proposed an evaluation model of the identity trusted level based on user behavior. Identity provider (IDP) according to the entity's identity information and behavior determines the highest trusted level of entities. When relying party (RP) needs to identify the entity identity, IDP combines the login environment with the highest confidence level to provide RP a dynamic trusted level. RP may manage the rights according to the dynamic trust level. The model using the ideas of classification, can meet the demand of application to the different trusted level of user identity, achieve reasonable security, and improve the efficiency of identity management and ease of use.

Key words: trusted level, behavior features, dynamic authentication, multiple factors to identify

中图分类号:

TP309

彭佳, 高能. 基于实体行为的身份可信等级评估机制研究[J]. 信息网络安全, 2016, 16(9): 124-129.

Jia PENG, Neng GAO. Research on Identity Trusted Level Evaluation Mechanism Based on User Behavior Analysis[J]. Netinfo Security, 2016, 16(9): 124-129.

图/表 4

参考文献 14

[1]	STERNER E.Retaliatory Deterrence in Cyberspace[J]. Strategic Studies Quarterly, 2011,5(1):62.
[2]	National Audit Office. Identity Assurance Programme[EB/OL]. ,2014-12-10.
[3]	MANTELERO A.The EU Proposal for a General Data Protection Regulation and the Roots of the ‘Right to Be Forgotten’[J]. Computer Law & Security Report, 2013, 29(29):229-235.
[4]	范月,许晋,高宇童. eID移动身份认证系统的研究与实现[J]. 信息网络安全,2015(3):48-53.
[5]	ELDON, ERIC. Single Sign-on Service OpenID Getting More Usage [EB/OL]. , 2009-04-25.
[6]	WHITSON G. Understanding OAuth: What Happens When You Log Into a Site with Google, Twitter, or Facebook [EB/OL]. ,2016-05-15.
[7]	Wikipedia.Security Assertion Markup Language [EB/OL]. , 2016-6-7.
[8]	MATT H., 2014-10-4.
[9]	武传坤. 身份证件的安全要求和可使用的密码学技术[J]. 信息网络安全,2015(5):21-27.
[10]	MONROSE F, RUBIN A .Authentication via Keystroke Dynamics[C]//ACM.4th ACM Conference on Computer and Communications Security, April 1-4, 1997, Zurich, Switzerland.New York: ACM,1997:48-56.
[11]	FEHER C, ELOVICI Y, Moskovitch R, et al.User Identity Verification via Mouse Dynamics[J]. Information Sciences, 2012, 201(19):19-36.
[12]	VELTEN M, SCHNEIDER P, WESSEL S, et al.User Identity Verification Based on Touchscreen Interaction Analysis in Web Contexts[M].Berlin Heidelberg:Springer , 2015.
[13]	WESOLOWSKI T, KUDLACIK P.User Profiling Based on Multiple Aspects of Activity in a Computer System[J]. Journal of Medical Informatics & Technologies, 2014,11(6):121-130.
[14]	徐剑,赵英南,田永纯,等. 融合二维码与人脸识别的会议身份认证系统研究[J]. 信息网络安全,2015(4):13-18.

基于实体行为的身份可信等级评估机制研究

Research on Identity Trusted Level Evaluation Mechanism Based on User Behavior Analysis

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 14

相关文章 2

编辑推荐

Metrics

本文评价

[1]	杜凯选;王斌君. 一种形为特征验证码研究分析[J]. , 2012, 12(1): 0-0.
[2]	陈莉;方勇;刘亮;钟倩. 基于扩展攻击树的文件安全度评估研究[J]. , 2010, (2): 0-0.