Trusted network identity management and verification system and method

Abstract

The invention relates to a trusted network identity management and verification system and method. The method comprises the following steps that: a user identity management unit maintains network identity information of a user, binds a network identity of the user with public key information, and registers the bound network identity and public key information to a trusted identity maintenance unit; a network service management unit manages an Internet service, binds corresponding public key information with a domain name, and registers the bound public key information and domain name to the trusted identity maintenance unit; the trusted identity maintenance unit deploys a DNSSEC (Domain Name System Security Extensions) protocol, and maintains identity and public key binding information of the user and the Internet service; an Internet user unit saves and manages private key information of the Internet user unit, and acquires information of a trusted Internet service provider by inquiring the trusted identity maintenance unit; and an Internet service provider unit saves and manages private key information of the Internet service provider unit, and acquires user information by inquiring the trusted identity maintenance unit. Through adoption of the trusted network identity management and verification system and method, functions such as bidirectional identity authentication, key negotiation and secure communication between the service provider and an Internet user can be supported.

Description

technical field [0001] The invention belongs to the field of network technology and information security technology, and in particular relates to a trusted network identity management and verification system and method. Background technique [0002] With the rapid development of information technology in the past two decades, the importance of the Internet in social production and personal life has become increasingly prominent, and its services and applications have penetrated into military, cultural, political, economic and other fields. However, with the unprecedented wide application of the Internet, the security problems it faces are becoming increasingly severe. Cases such as the "Prism Gate" incident, the "Five Eyes" intelligence alliance, and the "Angry Birds" espionage incident have continuously aroused great attention from all countries to network credibility and security. [0003] Since 2000, the United States, the European Union, Japan and other countries and re...

AI Technical Summary

Problems solved by technology

[0006] The original protocol of DNS is a lightweight protocol, which cannot provide security guarantee for service data content; moreover, DNS data is transmitted in clear text on the Internet, and the data is easily hijacked or tampered with during transmission.

Since the DNS protocol itself does not provide an integrity protection mechanism for data content, the receiver cannot tell whether the received message has been tampered with or whether the source is correct; in addition, the implementation of the DNS protocol is usually based on the UDP protocol, which lacks the reliability of communication Assurance, which further heightens the possibility of messages being tampered with or falsified

Images