Identity authentication is a necessary link that accompanies network applications from beginning to end. For a network application, the identity authentication during user registration and the identity authentication when the registered user password is lost and retrieved are the two most critical identity authentication nodes. These two authentications are directly related to whether the offline person's identity information has been stolen, fraudulently used or simply forged.
Whether it is a type 1) or a type 2) network security incident, at least one of the above three problems is accompanied. In this way, logically speaking, in the online world, as long as the identity theft and fraudulent use of offline actors by online actors and the forgery of online actors' identities can be solved, fundamentally or mechanically speaking, there will be no problem. It can solve the possibility of two types of network security incidents, and at least have the possibility of completely eradicating the occurrence of two types of network security incidents.
Identity authentication systems are designed for this purpose.
The identity authentication system consists of the identity authentication system interface system and related information systems connected together through a private network. Its main function is to provide the registration link and password retrieval link in various network applications with the identity certificate of the registrant or the retriever with legal effect and in compliance with relevant laws and regulations.
The identity authentication system in Figure 1 is a minimal identity authentication system, which is formed by connecting the resident identity information system, the fixed network routing information system, and the mobile network routing information system through a private network. This identity authentication system can complete the individual registration phase on the network application server and the identity authentication in the password retrieval phase to provide authentication services. Available authentication modes, see Table 1
Figure 2 is a schematic diagram of a system that has joined the citizen credit reporting system. By joining the Citizen Credit Information System, you can provide real-time citizen credit information in the online behaviors (such as registration, purchasing motor train tickets, air tickets, applying for credit cards, etc.) Statutory certificate.
Figure 3 is a schematic diagram of a system that has joined the industrial and commercial registration system. It can provide legal proof that the legal person is legal and compliant for any legal person's activities, especially the legal person's online activities. For example, when a legal person becomes a legal person, the credit investigation and qualification investigation of the legal person constitute the person (as long as the citizenship authentication system is added to the identity authentication system, it can be realized). The establishment of collection accounts for legal persons engaged in online services (this provision does not exist at present, but in order to prevent any online fraudulent activities in the image of individuals or companies, it is necessary to set up the "Management Specifications for Collection Accounts Providing Online Services" and "Online Services." Purchasing and Payment Management Regulations, which are the two legal management regulations for online transaction behavior.) Due diligence to check whether it complies with relevant management regulations.
The information contained in the fixed network routing information system is: the MAC code of the resident's application for the Internet optical modem, the applicant's ID number, the contact phone number, the installation location information of the Internet optical modem, and the information of all routers managed by the fixed network operator. MAC code, the connection relationship of all routers, etc.
The information contained in the mobile network routing information system is: the telephone number applied by the resident and the ICCID number of the corresponding SIM card, the applicant's ID card number, the geographic location of all mobile base stations managed by the mobile operator, and the location of each mobile base station. Information such as the base station identification code of the base station, the cell identification code on each base station, and the implementation location of each mobile phone.
The following is a brief description of the identity authentication process when an individual registers on a certain network application server by describing the process of the anonymous authentication mode of the dual-network terminal.
Authentication process:
step 1:
Use your mobile phone to log in to the official website of the identity authentication system interface system and the official website of the network application server, and download and install the corresponding APP. Then the phone switches to the mobile data connection method.
Step 2:
Use the fixed network terminal to log in to the authentication page of the identity authentication system interface system official website, fill in the ID card number and the mobile phone number registered with the ID card number, and use the identity authentication system interface system APP on the mobile phone to scan the "Dual Network Anonymous Authentication" on the screen. QR code.
Step 3:
The identity authentication system interface system will receive the ID number, routing fingerprint, geographic location information, phone number, ICCID number of the SIM card, the base station identification code of all base stations around the mobile phone "seen", and the cell on each base station. The identification code is respectively sent into the resident identity information system (input ID number), fixed network routing information system (input ID number, routing fingerprint, geographic location information), mobile network routing information system (input ID number, geographic location information) The location information, phone number, ICCID number of the SIM card, base station identification codes of all base stations around the mobile phone "seen", and cell identification codes on each base station) are checked and compared respectively. If all three systems pass the verification, a QR code that allows anonymous registration with a valid time limit will be sent on the fixed network terminal. (Note 1:)
Step 4:
Log in to the registration page of the network application server with a fixed-line terminal, fill in the mobile phone number, and scan the QR code of "allowing anonymous registration" on the screen with the APP on the mobile phone.
Step 5:
The network application server will receive the QR code that allows anonymous registration, routing fingerprint, geographic location information, phone number, ICCID number of the SIM card, the base station identification code of all base stations around the mobile phone "seen", and the information on each base station. The cell identification code is sent to the identity authentication system interface system for comparison and verification, and the verification is passed, which returns the information that the anonymous registration is allowed, otherwise it returns the information that the registration is not allowed.
Step 6:
After the web application server receives the registration permission information, the current registration process is performed.
If the password is lost, the identity authentication process of the password retrieval link is omitted.
The three most prominent advantages of the identity authentication system:
1) Strong confidentiality, accurate authentication, safe and reliable
All authentication requests can only be made to the identity authentication system interface system. Each information system only exchanges information with the identity authentication system interface system, and does not directly face the "end user", thus completely avoiding any information from the "public network". attack.
2) System scalability and management timeliness
The management items needed in the process of identity authentication, as long as they can access the identity authentication system through the private network in the form of an information management system, the corresponding management effect can be generated. And once the management information in any accessed information management system changes, the management behavior corresponding to the information will take effect immediately.
For example, once the "citizen credit information system" is connected, any management process that needs to query the citizen credit information system will take effect immediately. Once the "Lao Lai" list takes effect in the "Citizens' Credit Information Department", the restricted online and offline activities (as long as the activity is backed up by the network and requires real-name) activities stipulated by the Lao Lai's laws and regulations will take effect immediately. . And once the "Lao Lai" list is invalid in the "Citizens Credit Information System", the restricted online and offline activities (as long as the activity has network support in the background and real name is required) stipulated by the Lao Lai's laws and regulations will be invalid immediately. Any non-integrity results of online and offline activities that can be collected by the Citizen Credit Information System under any law can be quickly and timely collected into the "Citizen Credit Information System". The timeliness of this rapid response will set up a barrier to anyone who attempts to engage in non-security or non-integrity activities on the Internet, with a very high opportunity cost of "untrustworthy one place, untrustworthy everywhere".
3) Cost-effective
Any management behavior is to pay the corresponding management costs.
In theory, an information system connected to the identity authentication system, the corresponding paper certificate can disappear (of course, this needs to be clarified and confirmed by relevant laws and regulations). The corresponding office hall where the paper certificate is applied for can at least significantly reduce the number of seats in the office hall. The management loopholes that provide false paper certificates will be closed, and the corresponding corrupt practices will cease to exist.
Theoretically, any management regulations or management specifications that can be presented with the result data of business processes or management results can be quickly and accurately projected to the identity authentication system or the network behavior management process based on the identity authentication system. middle.
People have every reason to expect that when more and more management systems of departments with management responsibilities stipulated by laws and regulations are connected to the identity authentication system, the corresponding business processes will become more and more reasonable after collisions and revisions. After the standardization, people will usher in a "more and more clear" network world.
In this "clean" online world:
An enterprise that is an e-commerce platform does not need to worry about the existence of fake sellers, fake buyers and fake goods on its platform, and then there is no need to worry that someone will use the "three fakes" problem to attack it morally.
Enterprises that provide products and services through the Internet can also concentrate on doing their own products or services without distractions, without thinking about fraud or worrying about competitors gaining competitive advantage through fraud. (When the cost of counterfeiting is far greater than the benefits of not counterfeiting, who still commits fraud)
Consumers who obtain products or services from the Internet do not need to worry about encountering "consumption traps" or "Internet scams."
Parents don’t have to worry that their children will be abducted and trafficked, that underage children will be addicted to online games, and they don’t have to worry about being exposed to all kinds of unavoidable online bad information as they grow up.
Parents of college students who are not yet involved in the world no longer have to worry about suddenly receiving a debt collection call from a "campus loan" one day.
The uncle of the police officer who is responsible for investigating the hit-and-run case of a car accident without witnesses or surveillance video will no longer have to rack his brains to search for a needle in a haystack to find witnesses and escaped perpetrators. The identity authentication system will directly give a limited number of List of "perpetrators" of suspects and possible eyewitnesses.
The census is the largest social mobilization that governments have to face in peacetime. With the help of the identity authentication system, the government can organize various population surveys with higher frequency, more accurate data and less investment.
Etc., etc.
What a beautiful future network world, then the question is, can it be achieved with only one identity authentication system? The answer is obviously no! So how many obstacles are there? What is the corresponding solution?
Table 1: Authentication Modes and Their Main Features
| Authentication mode |
Main technical features |
| Fixed network terminal real-name authentication mode |
The registration is completed through the fixed network terminal, and the ID number is provided to the network application server during registration. |
| Mobile network terminal real-name authentication mode |
Complete the registration through the mobile network terminal (mobile phone), and provide the ID number to the network application server during registration. |
| Fixed network terminal anonymous authentication mode |
The registration is completed through the fixed network terminal, and the ID number is not provided to the network application server during registration. |
| Mobile network terminal anonymous authentication mode |
The registration is completed through the mobile network terminal (mobile phone), and the ID number is not provided to the network application server during registration. |
| Dual-network terminal real-name authentication mode |
Complete the registration through the fixed network and mobile network terminals (mobile phones), and provide the ID number to the network application server during registration. |
| Dual network terminal anonymous authentication mode |
The registration is completed through the fixed network and mobile network terminals (mobile phones), and the ID number is not provided to the network application server during registration. |
Figure 1: Schematic diagram of the identity authentication system
Figure (2) System diagram with the addition of the citizen credit system
Figure (3) System schematic diagram of the industrial and commercial registration system added
Note 1: If the registrant is not the fixed-line applicant himself, he should fill in the applicant's ID number plus a description of the relationship with the applicant. The identity authentication system interface system can carry out subsequent verification only after obtaining the applicant's permission or guarantee.