Research And Implementation Of Identity Management System Based On Dynamic Trust Management

With the development of cloud computing,the popularity of BYOD and the elimination of information island,enterprise information system presents the trend of open dynamic interconnection.The traditional closed static identity management method can not meet the existing security requirements.From the perspective of enterprises,there are open and cooperative businesses between different enterprises.In order to improve work efficiency,it is often necessary to achieve identity authentication between different enterprises through single-sign-on.From the perspective of employees,there are often multi-device,multi-scene and multi-way authentication scenarios.Therefore,in the open dynamic identity management scenario,flexible dynamic trust management is needed for complex and diverse scenarios such as employee equipment loss,remote login,account leakage,etc.to ensure security.Based on this,we study and design an identity management system based on dynamic trust management.The main work and research content of this paper are as follows:(1)Aiming at the situation that the user's single sign on account is stolen in dynamic trust management,this paper proposes a single-sign-off protocol based on OAuth.We sort out and summarize the security of OAuth protocol,and propose a single-sign-off protocol to solve the problem of lacking RP account and session management of RP system after IDP account is stolen,which is used to unbind RP account and logoff session state.We designed the usage scenario of the protocol,as well as the specific protocol process,implemented and analyzed the protocol.(2)This paper proposes a dynamic trust evaluation method based on machine learning for the scenarios of user equipment loss,remote login and account leakage in dynamic trust management.We propose a dynamic trust evaluation method based on discrete user behavior characteristics,and use a new model in machine learning field to experiment with real scene data sets.We make a comprehensive and systematic analysis of the evaluation index of the model performance combined with the authentication scenario,and design four typical application scenarios to verify and analyze the application effect of the model.(3)An identity management system based on dynamic trust management is designed and implemented.Our identity management system can support a variety of single-sign-on protocols and third-party social account login,support OAuth based single-sign-off function,support dynamic trust evaluation based on user behavior,and support multi-factor identity authentication.Through the integration of functions,user-friendly operation and interaction,the identity management system for complex dynamic trust management scenarios is realized.