The Design Of Cross-domain Authentication System For Multiple Security Element Based On PKI

Nowadays, development of network information technology is based onmany application systems. With the wide use of application service systems, theproblem of security is becoming more and more serious. Identity authenticationof multiple domains and elements has become a primary problem to be solvedin application service systems. On the one hand, nowadays, most identityauthentication system only verify the validity of people’s identity in cyberspace.But for other entities, such as application system and services, there are lack ofeffective safety guarantee. It leads to the security coverage of network space isincomplete. On the other hand, a large number of business applicationdeployment lead to centralized Shared information service become the user’surgent needs. The sharing of large-scale network information can be throughestablishing the system of cross-domain information management andauthentication.In this paper the concept of "security element" in network space isproposed. The safety factor refers to identity safe of entity elements in the cyberspace, including personnel, applications, services, etc. The purpose ofsecurity elements’ identity management, authentication and identification is toguarantee reliable sources by controlling the source of network information, andensure the usability of network information by grasping security of theinformation’s direction. Taking advantage of the other technologies to strengthenthe confidentiality of information transmission process, can ensure that theinformation of entire network space is security.This article through to technology research of cryptography, PKI, SAML,SSL, SSO, etc, design a set of cross-domain authentication system for multiplesecurity element based on PKI. PKI system not only can be very good to ensurethe safety of the entity identity, at the same time for password protectioncapacity in the process of information transmission is also very strong. Inpractical application, through to the entity certificate issuing, guarantee theundeniable and controllable of entity’s identity. Through to processcommunication message such as hash arithmetic, signature and encryption,guarantee the integrity and confidentiality of message. It formed the wholeprotection process of information transmission. This system provides an "exit"type bridge between the PKI and application service system, and makes them bea good combination.This system establishing an authentication and tag system for all kinds ofsecurity elements, through to marking management and authentication identityin network access of the security elements, thus it form support capability for the application system access network security elements in identity management. Bythe cross-domain characteristics of SAML specification, it established a set ofcross-domain identity management and authentication mechanism, to ensure thatit can be unified to the identity information of entities on management andcertification in large-scale network.