互联网中身份管理应对策略思考

随着Web2.0的出现,互联网进入第三个高速发展阶段,互联网已经成为日常生活中的重要组成部分,同时互联网上的个人隐私泄露与保护问题也日益凸显。因此,建立以身份管理为核心的信息网络基础设施,用于规范个人信息管理,提升政府的监管能力,促进ICT网络的融合与发展。本文从互联网典型身份管理技术方案分析入手,继而分析互联网中身份管理相关问题,提出身份管理作为信息网络重要基础设施的应对策略以及下一步的研究建议。     

网络空间实名身份管控机制研究

随着国家信息系统和基础设施对网络空间依赖程度越来越高,网络空间的安全已经成为国家安全的一部分。建立网络空间安全信任体系,是网络空间安全的基础,人员身份的实名管理是互联网环境下网络空间安全的重要环节：分析了互联网犯罪问题存在的难点,跟踪了国内外实名管控发展动态．设计了实名身份管理的管理体系和技术架构,最后提出了实名身份管理的发展建议。     

移动运营商用户运营之痛——移动互联时代用户运营核心能力分析

文中分别介绍了移动运营商在通信网环境下的用户运营核心能力和互联网企业在移动互联网环境下用户运营体系的核心能力,总结出真实身份、安全交易环境、支付的三大用户运营核心能力。通过对两种用户运营核心能力的对比,指出移动运营商在移动互联网时代丧失了通信网时代建立的核心能力,推荐移动运营商建立基于公钥基础设施的用户运营核心能力符合移动互联网特征,赢得与互联网企业的用户运营能力的竞争。     

身份管理技术综述

身份管理是解决大规模异构网络环境中的信息安全技术,联盟身份管理和相关标准成为发展主流,其通过对用户身份标识和管理策略进行绑定和对其进行全生命周期管理,形成集身份认证、授权管理、责任认定于一体的基础设施框架,以降低管理用户身份、属性和信任证书的成本,提高安全性,保护用户的隐私,方便信息共享等。     

中国PKI事业发展概况

前 言公钥基础设施(PKI,Public Key Infrastructure)是一种基于公开密钥理论和技术建立起来的安全体系,为网络用户、设备提供信息安全服务的具有普适性的信息安全基础设施。该体系在统一的安全认证标准和规范基础上提供在线身份认证,核心是要解决信息网络空间中的信任问题,确定信息网络空间中各种经济、军事和管理行为主体(包括组织和个人)身份的唯一性、真实性和合法性,保护信息网络空间中各种主体的安全利益。PKI作为国家信息化的基础设施,涉及到电子政务、电子商务以及国家信息化的整体发展战略等多层面问题,是相关技术、应用、组织…     

基于区块链的异构身份联盟与监管体系架构和关键机制

网络身份管理是网络空间安全防护的重要组成部分。随着信息技术和应用的发展,面对海量异构的身份管理、跨网跨域信任服务和身份隐私保护需求,传统中心式的网络身份管理体系和机制存在身份管理平台多样且互通性差、跨域身份管理可信评价难、身份隐私信息易泄露及多态跨域网络实体行为监管困难等诸多问题。基于区块链技术设计异构身份联盟与监管体系,以网络身份管理系统作为联盟链节点,为异构的网络身份提供统一身份标识、属性登记和跨域核验、实体可信度动态评价、身份隐私保护以及实体行为监管等关键技术机制;为融合已存在的多种异构身份管理系统,打造身份提供方、监管方和用户之间的和谐共生关系,提出了一种新的解决思路。     

移动警务终端访问高级权限内容时的二次身份认证系统研究

提出一种基于动态口令的身份认证方法,为移动警务终端在访问高级权限内容时提供二次身份认证。首先身份认证中心和移动警务终端通过数字证书管理中心进行数字证书的相互认证,确认双方网上的合法身份,然后身份认证中心对移动警务终端进行动态身份认证,最后移动警务终端通过身份中心的认证,并获得访问高级权限内容权限。在移动警务终端访问高级权限内容时,身份认证中心采用动态口令身份认证的方式对其再次进行认证,解决了仅通过单次身份认证访问高级权限内容时存在的安全问题,保护了高级权限内容的安全。     

移动互联网的十大潜力业务

互联网的核心特征是开放、分享、互动、创新,而移动通信的核心特征是随身、互动。移动互联网继承了移动和互联网两者的特征：用户身份可识别、随时随地、开放、互动和用户更方便地参与。简言之,移动互联网就是用户身份可识别的、口袋中的新型互联网。     

一种基于NFC的身份识别系统设计

随着物联网和移动技术的发展,"互联网+"正在改变社会的生活和工作模式,人性化和智能化是其主要特点.身份识别在移动技术的应用中发挥越来越重要的作用.本文从NFC技术出发,提出一种基于NFC身份识别的设计思路,可以广泛地运用到智能身份识别的实际工作中.     

基于PKI体系结构的双向身份认证模型

互联网是一个无中心,不可控的网络,传统的以口令字来确认用户身份的方式已经不能满足网络对用户身份进行确认的要求.但是PKI(公钥基础设施)体系结构的产生为用户身份认证问题提供了很好的解决思想,论文首次提出了一种在PKI体系结构下以身份证书为基础的双向身份认证模型,有效地解决了对网络用户进行身份认证的问题.     

Host mobility for IP networks: a comparison

The growth of wireless networking is enabling many Internet hosts to become mobile. This article describes and compares three alternatives for providing host mobility managment in IP-based networks. We first summarize the operation and behavior of Mobile IP, on which the Internet Engineering Task Force has focused as a host mobility solution. We next describe two alternative architectures (Migrate and host identity protocol) for providing mobility management. Our qualitative comparison focuses on contrasting the different performance, security, deployment, scalability, and robustness properties of each approach.     

Broadband packet switching: a personal perspective

The author's personal perspective on the development of broadband packet switching from 1980 to 1995 is presented in the context of the Internet's development during the same timeframe. The development of today's Internet is also placed into a 40-year perspective of a mature deployment of a national broadband packet infrastructure. A conclusion that today's Internet represents about 0.1 percent of the deployment of a national petabit per second capacity broadband packet network, and that we have moved roughly halfway through the development and deployment timeline is developed. Along the way, the author gives his personal perspective on the development of, and the researchers who developed, technologies like packet voice, Ethernet bridging, ATM, the CNRI gigabit testbeds, and local ATM. The article discusses the efforts at transitioning the Internet from academic to commercial service     

企业体系化统一身份管理平台设计

统一身份管理旨在将分散在各个信息系统中的用户账户管理、属性管理及入门级应用访问权限进行统一集中管理,简化信息系统管理人员对多信息系统账户操作的维护工作量,提升系统安全性。同时可根据企业内部的组织架构,通过体系化的部署建设,使之能够覆盖企业内部分散的多个应用域,实现统一身份管理对企业信息系统的全覆盖支撑。     

4G助力移动互联网进入发展快车道

通过梳理4G与移动互联网发展之间的相互促进作用，挖掘出移动互联网未真正到来的主要原因，提出传统电信运营商如何在这场变革中实现跨越发展的一些思考。     

A survey on identity federation solutions

As Internet is a prime vehicle for business and personal interactions, more and more organizations provide their users with personalized online services. Identity Management is, therefore, a key component for these organizations to manage users’ accounts (i.e. identities) and secure access to their personal services and information. Today, however, users’personal information and authentication are confined to organizations’ boundaries. This brings to a situation where the users have multiple identities on the Internet preventing both users and organizations to benefit from registrations and authentications already done at other organizations. Identity federation becomes, therefore, a key component of identity management enabling authentications and personal information to pass through organizations’boundaries in a privacy-friendly way. This article focuses on Single Sign-On and attribute sharing, two of the main functions Identity Management systems provide. It gives an overview of the main solutions available today.     

移动互联网“绿色上网”

互联网在生产生活中起到积极正面作用的同时，也带来了许多新的问题，成为恶意行为、违法犯罪活动的途径、工具和平台。甚至催生了许多恶意行为、违法犯罪活动的新形态和新类型。主要关注在移动互联网环境下部署绿色上网，以应对网络上泛滥成灾的不良信息。     

A Privacy-Considerate Framework for Identity Management in Mobile Services

The subscribers’ personal information and services that mobile operators are able to provide to Web developers offer new and exciting possibilities in numerous domains. However, bringing mobile information services to the Web to enable a new generation of mobile Web services presents several research challenges on identity and privacy management. In this paper, we describe a framework for identity management in mobile services that empowers users to govern the use and release of their personal information. Our framework is based on a brokering approach that intermediates between the mobile operator’s information services and the Web service providers. By leveraging on Web services, identity management infrastructure and privacy enhancing technologies, our framework provides an effective, privacy-considerate delivery of services over the mobile Web environment. This paper describes the design principles and architecture of the framework as well as the feasibility, applicability and user-experience evaluation we have carried out.     

An operational mobility model over IPv6: design,modeling, and evaluation

The fast Internet evolution and rapid development of wireless technologies have made it possible for users to communicate while on the move. Mobile IPv6 (MIPv6) is a candidate solution for next generation mobile Internet. Despite its popularity, MIPv6 still suffers from various limitations, for example, lack of business model and management of enormous and discrete home agents, preventing it from being deployed in large‐scale commercial environments. Recently, the ID/Locator split architecture has demonstrated its significant predominance in next generation mobile networks. With the aim of pushing the global deployment of mobility support over IPv6, this study makes an effort to design and evaluate an operational mobility model over IPv6 (OMIPv6) based on the ID/Locator split architecture to tackle the problems raised by the current form of MIPv6. In particular, a distributed cloud mobility management system is employed to be responsible for maintaining the identification and locations of mobile hosts, and providing the name resolution services to the mobile hosts. Furthermore, this paper develops an analytical model considering all possible costs required for the operation of OMIPv6, and adopts it as a cost‐effective tool to evaluate various costs and operation overheads on the performance of the OMIPv6 protocol. Copyright © 2012 John Wiley & Sons, Ltd.