The Research Of Identity Management Mechanism With Uniform Identity In IBE

Nowadays, whether individuals or industrial users, many financial services are handled via the Internet. However, theft and malicious programs are ubiquitous. The confidential documents, account numbers, passwords can be intercepted and deciphered in the case without knowing anything. It means that there will be a huge risk for users while transacting business via the Internet. And trusted authentication technique is one of the key technologies to ensure transaction security.At present, there are two main authentication systems:one is based on PKI (Public Key Infrastructure) authentication technique and the other is IBE (Identity-based Encryption) authentication technique.As a mature authentication system, PKI has been widely used in various industries. It is based on the public key cryptography and the third party CA certification as the center and it has a complete set of network information security technology infrastructure and services. However, the identity-based Encryption authentication system IBE (Identity-based Encryption) is an encryption method which uses an arbitrary string as the user's public key. It eliminates the third-party CA authentication mechanism in PKI authentication system. For its concise interactive data encryption and the identity-authentication feature, more and more scholars pay close attention on it. Its development prospects are wide which will make a very important role especially in e-government, e-military affairs and so on. However, the IBE technology is still at a research state. Although there are many improvements about IBE method, it still cannot be widely used. Therefore, how to design a practical IBE system is the key research.According to the current development of IBE, we combine the IBE prototype and hierarchical ID-based Encryption and an improved IBE system which called IBE based on trust services is given in this paper. Then the identity management mechanism with uniform identity based on the improved IBE system is designed. So the identification techniques and related application technology are presented at first and then the design and realization of identity management mechanism with unity identity are given.Uniform identity management system can provide a uniform security certification service for variety application system. It has the features with secure, reliable efficient and so on. Its mainly advantages display in:(1) User data can be uniform managed and uniform storied.(2) User identity can be centralized authenticated.(3) It uses the single sign-on authentication for user identity, and it is user-friendly and can reduce the difficulty for users and improve user efficiency.Therefore, it can improve the management of the user in IBE system by way of applying the uniform identity management system into the current popular authentication system.Before given the realization of the identity management mechanism with uniform identity, we must firstly complete the initial configuration of key management module in the improved IBE system. So, a system initial configuration is presented at first. The mainly function achievements of identity management of IBE system are as follows:(1) User identity registration mechanism:responsible for handling registration requests submitted by users;(2) User login authentication mechanism:responsible for the verification process of user identity which means through authentication to authenticate the user to ensure that they are the claimed user.(3) User personal information maintenance mechanism:responsible for the maintenance of user identity data, the management of service registry data, the management of data across the board needed by services and the replacement and the real-time update of personal information;(4) User identity logout mechanism:responsible for handling the revocation of user's public key.In this paper, the identity management module structure is divided into three parts: uniform authentication management module, uniform identity authentication server and identity information storage server. Of which:Uniform authentication management module is responsible for user management, user group management. It provides the interface service for users and gets the data submitted by user and connects to the background server authentication.Uniform identity authentication server is responsible for user identity authentication and management of each user's permissions in the different domains. It is the core of identity management module.Identity information storage server is responsible for the storage of user identity information and user permissions.Subsequently, by combining the achieved identity management module, an IBE system architecture diagram is given which is divided into the following three layers:the subject presentation layer, business process layer and data processing layer. The subjects of subject presentation layer including:users and services. It provides the authentication interface for users and services. Business process layer is used to process user requests and connect the subject presentation layer and data processing layer. Data processing layer is also called identity server which is implemented by LDAP and including identity information, role permissions and service information.Finally, the realizations of two critical parts of identity management mechanism with uniform identity are presented:the directory server and the data exchange and data stream format between various modules. Subsequently, two applications based on the identity management mechanism with uniform identity are briefly introduced:cross-domain access and the application on HIBE.For the problems of key escrow and key revocation in IBE system, it is difficult to be widely used. So how to design a practical IBE system is still the emphasis of the research. The improved scheme of IBE system proposed in this paper makes it more applicable in authentication. But there are still lots of areas needed to be optimized and improved.