信息安全研究 ›› 2021, Vol. 7 ›› Issue (12): 1127-.

• 学术论文 • 上一篇    下一篇

基于零信任架构的统一身份认证平台应用研究

李崇智   

  1. 中国中煤能源集团公司  北京  100120
  • 出版日期:2021-12-05 发布日期:2021-12-02
  • 作者简介:李崇智 硕士,工程师,经济师. 主要研究方向为计算机软件与理论、网络与信息安全,信息系统管理. lichongz@chinacoal.com

Research of the Identity Access Management Platform Based on Zero Trust Architecture

  • Online:2021-12-05 Published:2021-12-02
  • Contact: 李崇智 硕士,工程师,经济师. 主要研究方向为计算机软件与理论、网络与信息安全,信息系统管理. lichongz@chinacoal.com

摘要: 基于零信任架构建设集团级企业统一身份认证平台的方法,有效解决“传统便捷安全模型向访问权限控制演进的企业安全信息架构问题”,充分利用身份识别、行为分析、持续认证等技术,结合集团级大型企业实际需要,建立可靠的组织、用户、权限等信息多维度、跨组织的加密传输共享,在基于传统边界思想的防御模式之上,定义多层零信任模型,实现多网络环境下的系统访问、远程办公、特定互联网应用的身份认证管理,为业务系统发展提供了便捷、可信的安全环境及服务,将传统单一的“非黑即白”防御升级到了“黑加白”多维度的弹性防御领域,有效保障了大型集团企业的数字化转型安全可靠发展.

关键词: 零信任架构, 规则引擎, 身份认证, 访问控制, 数据加密传输

Abstract: This article focuses on the method of construct the enterprise identity access management platform based on the zero-trust architecture, effectively solves the problem of “enterprise security information architecture that evolves from traditional and convenient security models to access permission control”, and makes full use of technologies such as identity recognition, behavior analysis, and continuous authentication, combined with the actual needs of large-scale group enterprises are to establish reliable multi-dimensional, cross-organizational encrypted transmission and sharing of information such as organizations, users, and permissions. On top of the defense model based on traditional boundary thinking, define a multi-layer zero trust model to achieve multi-network environment System access, remote office, and identity authentication management for specific Internet applications provide a convenient and reliable security environment and services for the development of business systems, and upgrade the traditional single "black and white" defense to "black plus white". Effectively guarantees the safe and reliable of large-scale group enterprises’ digital transformation.

Key words: zero trust architecture, rule engine, Identity access management, access control, data encrypted transmission