国内外分布式数字身份建设研究

信息安全研究 ›› 2023, Vol. 9 ›› Issue (10): 993-.

国内外分布式数字身份建设研究

王妮娜1,2杨帆3桑杰1,2许雪姣1,2

1(数据通信科学技术研究所北京100191)
2(兴唐通信科技有限公司北京100191)
3(北京科技大学数理学院北京100083)

出版日期:2023-10-17 发布日期:2023-10-28
通讯作者: 王妮娜硕士,高级工程师.主要研究方向为数字身份安全及零信任. wangnn_sdt@163.com
作者简介:王妮娜硕士,高级工程师.主要研究方向为数字身份安全及零信任. wangnn_sdt@163.com 杨帆硕士.主要研究方向为数字身份、人工智能. yf3092030@163.com 桑杰硕士.主要研究方向为密码通信、可信身份认证. 17125117@bjtu.edu.cn 许雪姣硕士.主要研究方向为密码、可信身份认证. xuxuejiao1993@163.com

Research on Distributed Digital Identity Construction at Home and Abroad

Wang Nina1,2, Yang Fan3, Sang Jie1,2, and Xu Xuejiao1,2

1(Data Communication Science and Technology Research Institution, Beijing 100191)
2(Xingtang Telecommunication Technology Co. Ltd., Beijing 100191)
3(School of Mathematics and Physics, University of Science and Technology Beijing, Beijing 100083)

Online:2023-10-17 Published:2023-10-28

摘要/Abstract

摘要： 数字身份是现实空间自然人真实身份在网络空间的映射.传统数字身份是通过中心化管理和控制的，随着人们隐私保护意识的提高，其已不再满足需求.首先，对国内外数字身份的发展现状及趋势进行阐述，分析了国内外数字身份的应用需求，说明了我国数字身份建设向分布式认证模式发展的可能.然后，根据对各国数字身份应用案例的调查研究，深入探讨了分布式数字身份的技术性和安全性.其中，技术性聚焦于实现分布式数字身份的基础设施及技术模型，包括分布式标识(decentralized identifiers, DIDs)、可验证凭证(verifiable credential, VC)以及数字身份钱包等；安全性则关注于各案例的数字身份在核验、鉴别及联合过程中的安全保证.最后，概述了我国当前数字身份建设所面临的挑战，提出了建设符合我国可监管政策要求的分布式数字身份建议.

关键词: 可信数字身份, 分布式身份, 数字身份钱包, 网络监管, 身份信息安全

Abstract: Digital identity is the mapping of real identity of natural person in cyberspace. Traditional digital identities are centrally managed and controlled. With the improvement of people’s privacy protection awareness, these digital identities no longer meet the requirements. This paper first expounds the development status and trends of digital identity at home and abroad, analyzes the application requirements of digital identity, and illustrates the possibility of the development of our national digital identity construction to a decentralized model. Secondly, the technical and security aspects of decentralized identity are thoroughly examined based on the investigation and research of digital identity application scenarios in some nations. Among them, technical aspect focuses on the infrastructure and technical models for realizing decentralized digital identity, including Decentralized Identifiers (DIDs), Verifiable Credential (VC), and digital identity wallets, etc. and security aspect focuses on the verification, authentication, and federation process of digital identities in each case. Finally, this paper concludes by outlining the challenges facing the current digital identity construction in China, and offering suggestions for building a decentralized digital identity according with Chinese situation.

Key words: trusted digital identity, decentralized identity, digital identity wallet, network regulation, identity information security

中图分类号:

TP309

王妮娜, 杨帆, 桑杰, 许雪姣, . 国内外分布式数字身份建设研究[J]. 信息安全研究, 2023, 9(10): 993-.

参考文献

［1］毕丹阳, 景越, 李婧璇, 等. 分布式数字身份及其在工业互联网中的应用［J］. 信息通信技术与政策, 2021, 47(10): 712［2］European Commission. Commission proposes a trusted and securedigital identity for all Europeans［EBOL］. 202106 ［20220930］. https:ec.europa.eucommissionpresscornerdetailenIP_21_2663［3］European Commission. Regulation on electronic identification and trust services［EBOL］. 202206 ［20220930］. https:digitalstrategy.ec.europa.euenpolicieseidasregulation［4］European Commission. General Data Protection Regulation［EBOL］. 201805 ［20220930］. https:gdpr.eutaggdpr［5］Reed D, Sporny M, Longley D. Decentralized Identifiers(DIDs), Version 1.0: Core Architecture, Data Model, and Representations［SOL］. (20220719) ［20220930］. https:www.w3.orgTRdidcore［6］于锐. 各国数字身份建设情况及我国可信数字身份发展路径［J］. 信息安全研究, 2022, 8(9): 858862［7］分布式数字身份产业联盟. DIDA白皮书［ROL］. 202008 ［20220930］. https:www.dida.org.cnwhitepaper［8］Sporny M, Longley D, Chadwick D. Verifiable Credentials Data Model, Version 1.1［SOL］. (20220303) ［20220930］. https:www.w3.orgTRvcdatamodel［9］eIDAS Expert Group. European digital identity architecture and reference framework［EBOL］. 202202 ［20220930］. https:digitalstrategy.ec.europa.euenlibraryeuropeandigitalidentityarchitectureandreferenceframeworkoutline［10］Grassi P, Fenton J, Lefkovitz N, et al. Digital identity guidelines: Enrollment and identity proofing requirements［EBOL］. 201706 ［20220930］. https:doi.org10.6028NIST.SP.80063a［11］Grassi P, Fenton J, Lefkovitz N, et al. Digital identity guidelines: Authentication and lifecycle management ［EBOL］.201706 ［20220930］. https:doi.org10.6028NIST.SP.80063b［12］Grassi P, Fenton J, Lefkovitz N, et al. Digital identity guidelines: Federation and assertions ［EBOL］. 201706 ［20220930］. https:doi.org10.6028NIST.SP.80063c［13］吴国英, 杨林, 邱旭华. 可信身份认证平台的构建［J］. 信息安全研究, 2022, 8(9): 888894