计算机工程与应用 ›› 2019, Vol. 55 ›› Issue (23): 22-28.DOI: 10.3778/j.issn.1002-8331.1906-0444

• 热点与综述 • 上一篇    下一篇

美国电子身份指南评析

杨明慧,邹翔   

  1. 公安部第三研究所 治安印章研究室,上海 201204
  • 出版日期:2019-12-01 发布日期:2019-12-11

Evaluation of US Electronic Identity Guide

YANG Minghui, ZOU Xiang   

  1. Public Security Seal Technology Research Laboratory, The Third Research Institute of Ministry of Public Security, Shanghai 201204, China
  • Online:2019-12-01 Published:2019-12-11

摘要: 随着计算机技术的发展,网络空间已经成为各国关注的焦点,有第五大战略空间之称。但网络空间面临着日益加剧的安全威胁,网络身份信息泄露是其中最为突出的一项。世界多数主要国家已开始制定网络可信身份管理规则和策略,从规范网络各个参与者为入手点来保护网络空间安全。以美国出台的第三版《电子身份指南》为例,介绍该指南的主要内容,对比分析各版本指南的差异,总结其优点,提出了针对我国网络身份管理的改进建议。建议包括:电子身份凭证颁发阶段的静态定级,对于不同的应用场景为用户提供不同等级的电子身份凭证,保护用户隐私;后续根据用户行为动态调整电子身份凭证等级,提供安全可靠的服务。

关键词: 电子身份指南, 网络身份管理, 身份凭证等级, 静态定级, 动态调整

Abstract: With the development of computer technology, cyberspace has become the focus of attention of all countries and is known as the fifth big strategic space of the name. But cyberspace is facing increasing security threats, and network identity information disclosure is one of the most prominent. Most major countries in the world have begun to develop network trusted identity management rules and strategies to protect cyberspace security by standardizing the participants in the network as the starting point. Taking the third edition of the Electronic Identity Guide issued by the United States as an example, the main contents of the guide are introduced, the differences of each version guide are compared and analyzed, then advantages and disadvantages are summarized. Several suggestions are made for the construction of hierarchical trusted network identity management and evaluation in China. Based on the front analysis, several improvements are proposed, which include: during electronic identity certificate issuance stage the credential issue level is graded statistically, and different credential issue levels will be provided for different application scenarios to protect user privacy, in the subsequent stage the credential issue level will be dynamically adjusted according to user behavior to provide a safe and reliable service.

Key words: electronic authentication guide, network identity management, credential issue level, statistical grading, dynamic adjustment