Abstract: For end-user identity management challenges and weakness of current identity management, in order to satisfy the need which users access network resources in any conditions, the model of user-centric identity management system is proposed which based on trusted terminal for inner-domain, cross-domain and open network environment, the security protection program is designed which includes the protection mechanism of end-user identity and the procedure of end-user identity management and the protocol of identity management, security analysis and formal analysis of the end-user identity management protocol are carried out, the security of the model and other models are compared. The result shows that the model can implement the safe of managing user identity and access control under a variety of environment.