Research On Identification Management And Cross-Domain Authentication System Of Information Services Entity

With the rapid development of the Internet,information services have penetrated into all areas of society and have played an increasingly important role.The current Internet environment is characterized by the diversity of information services,the overlapping of service content boundaries,the multi-mode of information service formats and the dynamic nature of information services cycles.Because of the lack of information service management and verification mechanisms,and the poor ability in supervising and tracing information service behavior,it is of great significance to probe the lifecycle management like issuance,updating and revocation,and cross-domain authentication mechanisms of information services' trustworthy identifiers.The study conducts an in-depth research on the identification management and cross-domain authentication of the information services entity(ISE),and proposes an identification management mechanism and designs a cross-domain authentication system(including crossdomain authentication model and protocols,and identity signature scheme)for ISE.The main work is as follows:(1)In order to achieve the unified management requirements for the diverse ISE's identities in the network,a management framework for the trustworthy identifier of ISE based on China's autonomous cryptographic algorithm is designed,and the logical composition,the data format,and the whole lifecycle management of the entity trustworthy identifier is described.Moreover,based on the SM2 digital signature algorithm and the SM3 digest algorithm,which are all the domestic cryptographic algorithm,a trustworthy identifier is developed by utilizing the open source Gm SSL tool to improve the manageability,identifiability,provability and traceability of ISE in the architecture level.(2)For the large-scale heterogeneity network environment,there are multiple patterns of interactions between different types of ISE.The study put forwards a new cross-domain authentication model for ISE by combining the certificate-based public key Infrastructure(PKI)and the identity-based cryptography(IBC).This model uses PKI to achieve mutual authentication of the inter-domain identities and uses IBC to realize intra-domain identity authentication,which is not only flexible and efficient,but also can achieve frequent interactions between users and ISE,and it suitable for constructing the application environment of large-scale information service entities.Compared with the traditional PKI or IBC authentication framework,this model simplifies the system structure and saves management costs.(3)In order to solve the problem of identity instant revocation inherent in the identity-based authentication system,a revocable identity signature scheme(SM9_m IBS)is proposed.The scheme introduces a security mediator(SEM)to store part of the private key of the entity based on the signature algorithm of the domestic cryptographic algorithm SM9.Because the entity lacks a complete private key,it needs to apply for signature token to SEM to get a complete signature.Therefore,the entity's signature capability can be revoked by terminating the SEM to send the ISE the token,thereby realizing the instant revocation of the ISE's identity.And this scheme is proved to be existential unforgeability under adaptive chosen message and identity attacks in the mediated identity based signature(EUF-m IBSCMA).(4)Based on the SM9_m IBS scheme,a cross-domain authentication protocol that is suitable for the above model is designed,which can realize bidirectional entity authentication and key negotiation across the trust domain,and improve the authentication efficiency.Moreover,the protocol not only resists forgery and replay attacks,but also has forward security and revocability.The results show that the computational complexity of the user and the ISE in this protocol is relatively low,and the increase in communication is also small under the condition of ensuring high security.Therefore,the study has a good reference value for guiding cross-domain authentication of ISE in a large-scale heterogeneous network environment.