Knowledge-aware identity services

The identification problem is concerned with the question whether two objects in an application refer to the same real-world entity. In this paper, the identification problem is investigated from a knowledge modelling point of view. We develop a framework of establishing knowledge-aware identity services by abstracting identity knowledge into an additional identity layer. The knowledge model in the identity service layer provides a capability for combining declarative formulae with concrete data and thus allows us to capture domain-specific identity knowledge at flexible levels of abstraction. By adding validation constraints to the identity service, we are also able to reason about inconsistency of identity knowledge. In doing so, the accuracy of identity knowledge can be improved over time, especially when utilising identity services provided by different communities in a service-oriented architecture. Our experimental study shows the effectiveness of the proposed knowledge modelling approach and the effects of domain-specific identity knowledge on data quality control.     

基于可信计算平台的身份管理框架*

针对网络用户身份管理难题及现有的身份管理方案存在的不足,基于可信计算平台完整性校验、保护存储和访问控制以及远程平台校验等安全特性,提出了可信计算平台身份管理方案和协议。本方案实现了多种方式的身份认证及身份、身份认证审计记录和主密钥、审计密钥、平台AIK私钥的加密存储,以及移动平台的可信验证、加密身份的还原和服务提供者身份标志的查找定位,并实现了身份信息和认证数据的加密传输。最后,进行了安全性分析,结果表明该方案在保护用户身份信息安全的前提下,大大减轻了用户身份管理的负担。     

可信移动平台身份管理框架*

针对网络用户身份管理难题及现有的身份管理方案存在的不足,基于可信移动平台完整性校验、保护存储、域隔离和访问控制以及远程平台校验等安全特性,提出了可信移动平台身份管理方案和协议;构建了对应于口令、证书、指纹等认证方式的身份矩阵;实现了多种方式的身份认证、身份认证审计记录,主密钥、审计密钥、平台AIK私钥的加密存储,以及移动平台的可信验证、加密身份的还原和服务提供者身份标志的查找定位,并实现了身份信息和认证数据的加密传输;进行了安全性分析,结果表明该方案在保护用户身份信息安全的前提下,大大减轻了用户身份管理的     

Speaking things into existence: Ontological foundations of identity representation and management

Conceptual models capture knowledge about domains of reality. Therefore, conceptual models and their modelling constructs should be based on theories about the world—that is, they should be grounded in ontology. Identity is fundamental to ontology and conceptual modelling because it addresses the very existence of objects and conceptual systems in general. Classification involves grouping objects that share similarities and delineating them from objects that fall under other concepts (qualitative identity). However, among objects that fall under the same concept, we must also distinguish between individual objects (individual identity). In this paper, we analyze the ontological question of identity, focusing specifically on institutional identity, which is the identity of socially constructed institutional objects. An institutional entity is a language construct that is ‘spoken into existence’. We elaborate on how institutional identity changes how we understand conceptual modelling and the models produced. We show that different models result if we base modelling on a property-based conception of identity compared to an institutional one. We use the Bunge-Wand-Weber principles, which embrace a property-based view of identity, as an anchor to the existing literature to point out how this type of ontology sidesteps identity in general and institutional identity in particular. We contribute theoretically by providing the first in-depth ontological analysis of what the notion of institutional identity can bring to conceptual modelling. We also contribute a solid ontological grounding of identity management and the identity of things in digital infrastructures.     

Proteus vs. social identity effects on virtual brainstorming

ABSTRACT

Avatars are known to influence behaviour through their individual identity cues (Proteus effect) and through their shared identity cues (Social identity effect). The aim of this study was to investigate these two processes in a crossed design, in order to examine their interaction in the context of a brainstorming task. To activate the Proteus effect, we used creative avatars resembling inventors, and to make social identity salient, we made the avatars wear the traditional clothing of the participants’ school. The resulting factorial design included four conditions: creative avatars with or without social identity cues, and non-creative avatars with or without social identity cues. The results show that creative performance was higher with creative than non-creative avatars, but only in the absence of social identity cues. Furthermore, the presence of social identity cues increased social identification to the group, but this unexpectedly decreased creative performance. This result is discussed together with an analysis of the meaning of the social identity cues we used, which appeared to be unrelated to creativity. This discussion highlights that the effects of social identity cues on performance are complex and may be moderated by their meaning and the particular facet of social identity they make salient.     

一种云计算中的多重身份认证与授权方案

OpenID是一种广泛应用于云计算中的去中心化的身份认证技术。OpenID为用户以一个身份在多个云服务中通行提供了一种方式,也解决了因遗失在云提供商处注册的云身份凭证而不能登录的问题。但用户以OpenID身份登录云服务后,却不能访问该用户的云身份拥有的资源,且OpenID技术也没有对请求身份信息的云服务进行认证与细粒度授权。因此文章在OpenID技术和OAuth技术的基础上,设计了一种多重身份认证与授权方案来解决上述同一用户不同身份的资源不可访问问题,以及身份信息等资源访问流程中的细粒度授权问题。     

网络虚拟社会的有序活动依赖eID

eID是政府身份管理职能部门签发的、普适性的网络身份证件。本文通过对网络身份证件的需求分析及对国外网络身份管理建设的研究,指出了当前我国网络虚拟社会身份信任体系存在的问题,提出了借鉴我国居民身份证制度管理现实社会的成功经验、依托现有身份管理的行政体系尽早发行网络身份证件;并针对我国数字认证行业发展的状况,提出了对我国网络身份建设统筹规划的建议。     

以用户为中心的可信终端身份管理模型

针对终端用户身份管理难题和现有的身份管理技术的不足,为了满足终端用户在任何情况下访问网络资源的客观需求,文章提出了以用户为中心的可信终端域内、跨域和开放网络环境下的身份管理系统模型,在此基础上设计了包括终端用户身份安全保护机制、身份管理流程、终端用户身份管理协议的终端用户身份安全保护方案,对协议进行了安全性分析和形式化分析,并与其他身份管理模型的安全性进行了比较,结果表明该模型能够安全地管理用户身份和实现各种环境下的访问控制。     

Boneh-Boyen1基于身份加密体制的安全密钥分发

为了提高基于身份加密体制的用户密钥安全性,解决基于身份加密体制中的密钥托管问题成为一个重要课 题。提出了一种针对13onch-13oycn:基于身份加密体制的安全密钥分发方案,方案中系统的主密钥分片分别保存于一 个密钥生成中心和多个密钥隐私中心处,用户的私钥生成需要用户收到密钥生成中心和密钥隐私中心发来的多个私 钥分片,以避免密钥生成中心获取用户的私钥。在标准模型中证明了密胡分发方案能够保证密钥生成中心无法获取 用户的私钥,能够有效解决13onc卜13oycn:基于身份加密方案的密钥托管问题。     

Biometrics in Identity Management Systems

Biometric technology - the automated recognition of individuals using biological and behavioral traits - has been presented as a natural identity management tool that offers "greater security and convenience than traditional methods of personal recognition." Indeed, many existing government identity management systems employ biometrics to assure that each person has only one identity in the system and that only one person can access each identity. Historically, however, biometric technology has also been controversial, with many writers suggesting that biometrics invade privacy, that specific technologies have error rates unsuitable for large-scale applications, or that the techniques "are useful to organizations that regulate the individual, but of little use where the individual controls identification and authorization." Here, I address these controversies by looking more deeply into the basic assumptions made in biometric recognition. I'll look at some example systems and delve into the differences between personal identity and digital identity. I'll conclude by discussing how those whose identity is managed with biometrics can manage biometric identity management.     

一种基于联盟链的物联网匿名交易方案

针对物联网终端交易的跨平台、去中心化、隐私、安全需求,提出基于联盟链的匿名交易方案,确保用户身份隐匿。通过划分基础域和互联域实现中心化身份认证和去中心化交易;对身份认证,提出基于Merkle树的双因素认证方案,实现各节点身份与消息的去耦;针对通信中明文消息暴露用户身份问题,提出基于CoinJoin思想的聚合签名隐私保护方案,混淆交易身份,以抵抗身份关联分析攻击;最后针对一致性和记账权问题,提出基于信誉评价策略的共识机制。安全性与效率分析表明,所提方案能以较低存储和计算开销保护终端身份隐私。     

基于区块链的电网可信分布式身份认证系统

基于区块链的身份认证系统大多基于公有区块链平台,本质上仍是传统的中心式身份管理和验证方式,难以满足微电网中可信接入、细粒度访问控制等需求.因此,基于FISCO BCOS联盟区块链技术,设计了一个支持多中心的分布式身份认证系统,提出了基于DID的身份管理协议,实现了用户身份的自主控制;研究了微网中终端节点的分布式可信接入...     

Object Identity in Database Systems

The concept of object identity and implementation of object identity in some systems have been explained in literature.Based on an analysis on the idea of data scheme in ANSI/X3/SPARC,this paper presents the concept of full-identity,which includes entity identity,conceptual object identity,and internal object identity,In addition,the equality of objects,which is richer and more practical,is discussed based on the full identity of objects.Therefore,the semantics and constructions of the identity for the complex objects are fully observed,and some appliactions in object management,version management,and user interface are found.Also,it could support the combination of O-O model with V-O model.     

基于区块链应用模式的铁路旅客身份认证系统

采用“区块链技术+不对称加密+生物识别+身份认证”应用模式，依托智能手机客户端设计与开发一套铁路旅客身份认证系统.基于Ethereum开发平台，应用truffle开发框架，实现铁路旅客身份认证系统智能合约的编写与部署.系统针对传统铁路身份认证模式的不足，将旅客身份数据分布式存储，弱化中心化服务器的压力，提升旅客身份数据的安全性和鲁棒性；进行生物信息认证确保旅客对身份信息的所有权；利用非对称加密技术在保护旅客隐私、实现实名制的前提下增强数据的透明性.基于区块链应用模式的铁路旅客身份认证系统能够让用户身份实现本地存储、信息摘要链上校验，实现铁路旅客身份信息数据访问的细粒度控制，保障铁路旅客身份信息安全，提升铁路旅客的乘车体验.     

Identity matching using personal and social identity features

Identity verification is essential in our mission to identify potential terrorists and criminals. It is not a trivial task because terrorists reportedly assume multiple identities using either fraudulent or legitimate means. A national identification card and biometrics technologies have been proposed as solutions to the identity problem. However, several studies show their inability to tackle the complex problem. We aim to develop data mining alternatives that can match identities referring to the same individual. Existing identity matching techniques based on data mining primarily rely on personal identity features. In this research, we propose a new identity matching technique that considers both personal identity features and social identity features. We define two groups of social identity features including social activities and social relations. The proposed technique is built upon a probabilistic relational model that utilizes a relational database structure to extract social identity features. Experiments show that the social activity features significantly improve the matching performance while the social relation features effectively reduce false positive and false negative decisions.     

基于CIS的产品形象识别系统探究

本文针对产品形象识别系统在塑造企业形象上的重要作用,探讨了产品形象的构成,以及产品形象和企业形象密不可分的关系,就目前企业中所存在的问题进行了分析,并就如何创造出好的产品形象提出了意见和建议。     

传统与现代的视觉传递——谈古城中高新区的视觉识别设计

视觉识别设计是凭借视觉性符号和语言进行信息传递的设计。[1]目前很多城市高新区的视觉识别设计不够完善,笔者通过对古城中的高新区的视觉识别设计进行多方面的分析,思考古城高新区的视觉识别系统的发展方向,试图探索出具有传统地域特色的现代视觉识别设计。     

Identity ambiguity and the promises and practices of hybrid e-HRM project teams

The role of IS project team identity work in the enactment of day-to-day relationships with their internal clients is under-researched. We address this gap by examining the identity work undertaken by an electronic human resource management (e-HRM) ‘hybrid’ project team engaged in an enterprise-wide IS implementation for their multi-national organisation. Utilising social identity theory, we identify three distinctive, interrelated dimensions of project team identity work (project team management, team ‘value propositions’ (promises) and the team’s ‘knowledge practice’). We reveal how dissonance between two perspectives of e-HRM project identity work (clients’ expected norms of project team’s service and project team’s expected norms of themselves) results in identity ambiguity. Our research contributions are to identity studies in the IS project management, HR and hybrid literatures and to managerial practice by challenging the assumption that hybrid experts are the panacea for problems associated with IS projects.     

基于区块链的身份托管模型研究

针对现有中心化信任下用户多身份管理难的问题,提出一种基于区块链的身份托管模型。模型将用户拥有的各个系统的身份信息采用椭圆曲线算法加密签名,确保身份信息的所有权;设计了身份认证区块链模型和身份信息上链的智能合约,将身份签名结果存储到区块链中,确保其安全和不可篡改;设计了登录验证的智能合约,使用用户公钥对签名信息验证用户是否具有登录系统的权限。对该区块链身份托管模型在Hyperledger Fabric中进行实验论证,实验结果表明,该模型具有高的安全性和时间效率,能方便管理用户的多个系统身份信息。     

网络环境下身份认证技术探析

身份认证技术是能够对信息收发方进行真实身份鉴别的技术,是保护网络信息资源安全的第一道大门.如何确定用户身份以控制用户对信息资源的访问,是一个值得研究的问题.本文对目前常用的身份认证技术的发展现状和技术特点进行了综述,分析了目前网络环境下常用的身份认证技术.