Research And Implementation Of Service Security Level Control In Mobile Internet Unified Authentication

Mobile Internet is the combination of the standard Internet application and the mobile environment services. The specific service and service components in mobile Internet are provided by several equipments and software in the network. This process involves the user operation, protocol interaction, software implementation, data access, access control and other key steps. It's a complex interaction. Existing information security and network security assessment techniques are for the whole network. While the network service or applications are not focused. However, due to the diversification of mobile Internet services, the loose coupling between service and service equipments. They brought the problem that the security needs of the service have their own characteristics and are different from the network. So it needs to re-examine the security issues from a service point directly.At the same time, unified authentication service system is becoming one of the mobile Internet development trend. Unified authentication is already relatively mature now. But when the application environment changes, there are many problems in the authentication of network access and the business. It's a topic needs for further study. As a special service in the mobile Internet, unified authentication hosts a number of services with different security. How to protect service security on unified authentication service platform is of great significance to study the service security level control in mobile Internet.This paper introduces the development of mobile Internet and unified authentication service first, and analyzes the characters of existing information security assessment standard. Followed by the above-mentioned background and on a number of international standards, this paper analyzes and proposes the security requirements and security framework of the mobile Internet, and puts forward a service security level control method in unified authentication service based on the framework, mainly including the level assessment, level-based access policy and user confidence. The service security level uses the static fuzzy comprehensive evaluation method to realize. It provides a simple and effective security level classification for services to join in the unified authentication service platform. At the same time, this paper provides classification authentication strategy, level switch control for the services and brings in the concept of user confidence computing to reflect the dynamic of service. In unified authentication process, take user authentication based on the level and user confidence. Finally, based on the above methods, the paper gives details of the design and implementation of the unified authentication service platform with service security level control function.