Domainname-based unified identification mark and authentication method

Abstract

The invention belongs to the field of Internet user identity identification and authentication, and is characterized in that it utilizes the good system structure design proposed by the next-generation Internet protocol IPv6, and expands the functions of the existing identity authentication system by combining with the secure domain name service to realize user identity and authentication. The current binding relationship of real IPv6 addresses provides more reliable security services for upper-layer applications. In the user management domain, there are: network access control server: through the triplet composed of the source MAC address of the user computer, the source IPv6 address and the port <mac，ipv6，port>To identify the registered user; identity authentication server: authenticate the user identity and set the corresponding access rights; the domain name server establishes the positive and negative correspondence between the user's personal domain name and IPv6 address. The present invention can provide multiple effective identity authentication means for the application of the Internet in the future, has good scalability and can adapt to the requirements brought by the application development of the Internet in the future.< / mac，ipv6，port>

Description

technical field [0001] The domain name-based unified identification and authentication method belongs to the field of Internet user identification and authentication, and requires users to confirm their identity and authority before requesting services. Background technique [0002] The identity mark is a symbol for the user to indicate his identity to the network service provider, and identity authentication is used to verify the legitimacy and validity of the user's identity mark. Before users access network resources, they should first be identified by the identity authentication system. The identity authentication server determines whether the user can access a certain network resource according to the user's identity and authorization database. It can be said that the identity authentication system is the first gateway of the entire network security system, and security services such as access control and auditing all rely on the user identity information provided by it...

AI Technical Summary

Problems solved by technology

[0005] 1. Existing application systems independently use their own identification and authentication systems, making interoperability difficult

User identification is combined with specific application services. Various authentication systems can only operate independently. Users must perform multiple different authentications when accessing different network resources. There is a lack of a global and unified user identification and authentication mechanism.

[0006] 2. Existing various identity authentication systems can only verify whether users have access to network resources, but cannot track various behaviors of users

Under the existing security mechanism, when a network security incident occurs, various tracking systems can only locate the source address that caused the incident and cannot quickly determine the corresponding responsible person

[0007] With the vigorous promotion and application of the IPv6 protocol, the mobile characteristics of the host and the encryption characteristics of the protocol will also make the problem more complicated

The IP address of the host can be changed at any time, and the IP address will no longer be the external identification of the host. Through traditional firewalls and IDS (Intrusion Detection System), it is difficult to realize the identity authentication of the host and the control of user behavior. New attacks and Illegal means of access will follow

Images