Identity authentication is the foundation of all network applications and runs through the entire process of all network applications. It can be said that there is no web application without authentication.
According to the identity authentication implementer and the authentication object, during the establishment and operation of a network application, the identity authentication can basically be divided into four types as shown in Table 1.
Table 1: Types of authentication based on web applications
Authentication type |
The main certification implementer |
authenticated object |
Certification purpose or objective |
Certification result |
Administrative Certification |
Government management agencies and units stipulated by laws and regulations. |
Legal or natural person providing network application services |
Ensure that the network application services provided by the legal or natural person providing network application services are legal and compliant. |
Network application services provided by legal and compliant legal or natural persons are allowed to go online. |
Check certification |
Government management agencies and units stipulated by laws and regulations. |
Online network application services presented by legal persons or natural persons on the Internet. |
The network application services presented on the network are legal and compliant network application services. |
Offline illegal and non-compliant network services. |
login authentication |
A server that provides web application services. |
Authenticate the login person who logs in to the server. |
Make sure that the person logging into the server with an account is indeed the legitimate holder of that account. |
When the login person is not the legal holder of the login account, the login is refused. |
Law enforcement certification |
Units with law enforcement and regulatory responsibilities |
Groups or individuals who have committed unsafe online behaviors with corresponding consequences. |
Determine the true identities of gang members or individuals who have committed unsafe online behavior and have consequences. |
According to relevant regulations, gang members or individuals who have implemented unsafe network behaviors and have corresponding consequences shall be punished accordingly. |
Through the research on the notification of various network security incidents released by the official media, it can be found that in any network security incident, there should be three kinds of certifications (management certification, inspection certification) to prevent the occurrence of network security incidents. , login authentication), at least one kind of authentication fails, which directly leads to the direct occurrence of the network security incident. And law enforcement authentication, under the deliberate disguise of the perpetrators of the non-secure network, it is also difficult to find these perpetrators, and it requires a lot of manpower and material resources. At the same time, it can also be found that as long as it is a "type 2)" network security incident in "Key Points of Network Security", it must be accompanied by the failure of "login authentication".
For a variety of civilian network applications that are most closely linked with the people, embedded in all aspects of people's lives, have a wide variety, and change the fastest, establishing a low-cost, efficient, and accurate login authentication system (method) become the key points in building an effective network security management approach.