Domainname-based unified identification mark and authentication method

Abstract

This invention utilizes the good architecture design presented by the latest Internet protocol IPv6, combines with safety domain name (DN) service, extends the existed ID verification system functions, realizes the bounding relation between the user ID and recent real IPv6 address to offer a reliable security service for the upper application. In the user management domain, there are a net access control server (NACS), an ID authentication server (IDAS) and a DN server. NACS recognizes the registered user via a 3-element group consisted of user computer source MAC address, the source IPv6 address and the port. IDAS authenticates the user ID recognition and defines related accessing priority. DN server establishes the positive-negative direction relations between user private DN and IPv6 address. This invention provides more effective ID authentication means and possesses a great extendable function to meet the requirement of the future Internet application development.

Description

technical field [0001] The domain name-based unified identification and authentication method belongs to the field of Internet user identification and authentication, and requires users to confirm their identity and authority before requesting services. Background technique [0002] The identity mark is a symbol for the user to indicate his identity to the network service provider, and identity authentication is used to verify the legitimacy and validity of the user's identity mark. Before users access network resources, they should first be identified by the identity authentication system. The identity authentication server determines whether the user can access a certain network resource according to the user's identity and authorization database. It can be said that the identity authentication system is the first gateway of the entire network security system, and security services such as access control and auditing all rely on the user identity information provided by it...

AI Technical Summary

Problems solved by technology

[0005] 1. Existing application systems independently use their own identification and authentication systems, making interoperability difficult

User identification is combined with specific application services. Various authentication systems can only operate independently. Users must perform multiple different authentications when accessing different network resources. There is a lack of a global and unified user identification and authentication mechanism.

[0006] 2. Existing various identity authentication systems can only verify whether users have access to network resources, but cannot track various behaviors of users

Under the existing security mechanism, when a network security incident occurs, various tracking systems can only locate the source address that caused the incident and cannot quickly determine the corresponding responsible person

[0007] With the vigorous promotion and application of the IPv6 protocol, the mobile characteristics of the host and the encryption characteristics of the protocol will also make the problem more complicated

The IP address of the host can be changed at any time, and the IP address will no longer be the external identification of the host. Through traditional firewalls and IDS (Intrusion Detection System), it is difficult to realize the identity authentication of the host and the control of user behavior. New attacks and Illegal means of access will follow

Images