面向跨域联邦环境的身份管理关键技术研究
|
摘要
网络应用的飞速发展使得用户面临的身份盗用和身份信息泄露威胁以及应用和服务面临的来自外部和内部的身份安全威胁越来越严重,如何解决身份盗用和身份信息泄露是当前的研究热点。身份管理技术正是为了解决用户在使用、维护和更新身份,以及应用在使用身份完成身份鉴别和授权等功能时所面临的主要安全威胁而提出的。身份管理是指以身份为基础实现身份识别、身份认证、授权管理、访问控制和行为审计等功能的一组策略、规则、方法和系统。身份管理的目标是通过将系统中的用户与特定标识绑定,并将用户权限和约束条件与该用户特定标识相关联,控制用户对应用的访问、第三方对用户身份信息的访问以及应用对身份信息的泄露,实现对身份信息的管理控制,确保身份信息的安全性,改善用户端使用体验及安全性。
本课题针对当前身份管理技术中存在的量化身份模型难以建立,跨域身份鉴别机制难以实现,多种身份鉴别方式难以有效融合,现有隐私保护技术难以有效实现用户隐私保护等关键问题,以解决身份盗用和身份信息泄露为根本目标,对用户身份建模、跨域鉴别、隐私保护等影响身份管理功能有效实现和部署的关键问题进行了深入研究,主要工作和创新点如下:
(1)深入而广泛地综述了身份管理领域相关工作。针对目前纷繁复杂的身份管理研究工作,从身份定义和建模,身份鉴别机制和方法,隐私保护模型、方法和评价指标三个方面分析比较了身份管理领域的关键问题,归纳总结了相关工作,从而明确本文的主要研究内容。
(2)设计了面向联邦跨域环境的身份管理系统框架。分析了身份管理系统的身份建模需求、身份鉴别需求和隐私保护需求,设计了身份管理系统的功能模块和服务模块,并对系统实际部署进行了简要说明,从而明确论文要研究的关键问题。
(3)提出了一种可对身份信息量化描述的身份信息描述语言,基于该语言设计了一个适用于跨域联邦身份管理环境的量化身份模型。借鉴现有数据描述语言,首先给出了身份信息描述语言——XIDL中的数据类型、身份操作的定义以及用户操作的描述,分析了该语言的语义和扩展性,并给出了使用XIDL描述身份信息的示例;随后,通过对现有身份模型的分析,设计了适用于跨域联邦身份管理的量化身份模型,给出了身份模型的建立流程和状态转换和示例。
(4)提出了结合用户身份和行为的跨域主动身份鉴别机制。首先对现有跨域身份鉴别机制进行了探讨,分析了跨域联邦身份管理系统的特点,介绍了击键动力学相关知识,设计了基于具体击键统计分布的加权PR-RP模型(luuKey)作为身份鉴别方法;随后,使用安全标记断言语言(SAML)作为身份鉴别机制,将用户身份模型和SAML结合以实现用户身份断言、属性断言、授权决策断言和安全域间通信,对单域和跨域环境中现有身份鉴别流程进行分析,给出了主动身份鉴别机制流程,该机制通过建立身份鉴别第三方生成身份鉴别结果,不改变现有各个域中已经实现的身份鉴别机制。理论分析和仿真实验表明,基于luuKey模型的击键动力学身份鉴别方法相较于传统的击键动力学身份鉴别方法具有较低的误报率和误报警率,跨域主动身份鉴别机制能够较好的实现与现有身份管理系统融合。
(5)提出了面向用户关键身份和身份敏感信息的隐私保护模型。为了明确隐私保护对象,首先对信息重要性度量方法和隐私保护方法进行了简单介绍,借鉴PageRank的设计思想,提出了关键身份和敏感信息重要度的度量方法——CIE(Critical Identity Evaluation),该方法通过身份之间以及身份与应用之间的互相引用来测度身份信息的重要性,分析表明CIE方法能够有效度量关键用户身份和身份敏感信息。隐私保护通过对公开数据的匿名化处理,使得攻击方无法获取能够伪造用户身份的足够信息,在使用CIE方法度量得到关键身份和敏感信息后,提出了一个避免背景知识攻击的-Risk匿名隐私保护模型,该模型首先给出了背景知识相关定义,提出了度量数据集匿名化水平的测度,通过将匿名化水平和隐私风险相关联,实现对要发布数据集的匿名化处理,并结合考虑了公开数据集、隐私数据集以及隐私数据集中的数据属性分布,对该模型进行了优化。从隐私保护度、算法复杂性和信息丢失三个方面进行了仿真实验,实验结果表明,通过设置合理匿名化水平测度,该模型能够较好的防范基于背景知识的攻击,有效的实现了对关键用户身份和身份敏感信息的隐私保护。
As the rapid development of network applications, users’ security threats onidentity theft and identity disclosure and applications’ security threats from external andinternal are more and more serious. Therefore, how to solve identity theft and disclosureis the hot issue of current study. Identity management (IdM) is proposed to solve themajor security threats in the period that users use, maintenance and update identities andin the process while applications using users identities to complete identityidentification, authentication and authorization. IdM refers to a set of policies, rules,methods and systems based on identities that can complete functions like identification,authentication, authorization, access control and behavior audit. IdM aims at controllinguser access to resources, third-party applications access to identity information andidentity disclosure by giving specific identity and making user permissions andconstraints interrelated with user identity. IdM can achieve control of identityinformation and guarantee the security of identity information, improve the clientexperience and security.
This paper aims at the difficult in establishing quantitative identity model,achieving cross-domain authentication mechanism, integrating of various authenticationmethods, effectively achieving privacy protection in current IdM systems; and considersto solve identity theft and identity disclosure as a fundamental goal. Key issues of IdMtechnology such as identity modeling, cross-domain authentication, privacy protectionhave been researched; the main contributions of our work are as follows:
(1) Survey the related works deeply and comprehensively. As there are a largenumber parallel approaches about IdM technology, we firstly summarize the key issuesof IdM from three aspects: identity definition and modeling, authentication mechanismsand methods, models, methods and evaluating indicators of privacy protection. Thisclarifies the objective of our work.
(2) An IdM framework oriented to cross-domain federated environment hasbeen proposed. The requirements of identity modeling, identity authentication andprivacy protection in IdM systems have been analyzed. Functional modules, servicemodules and actual system deployment of IdM systems have been designed and brieflydescripted in order to clear the key issues of IdM that should be researched.
(3) An identity information description language-XIDL that can giveidentity quantitative description has been proposed, and a quantitative identitymodel that can be applied in cross-domain federated IdM systems has beendesigned. Draw on the experience of current data description languages, the data types,operations and descriptions of identity, the semantics and expansibility of XIDL havebeen defined and analyzed, an example has been given to show how to describe identifiable information using XIDL. Subsequently, through analysis of existing identitymodels, a quantitative identity model which is suitable for cross-domain federated IdMhas been designed, construction process, state transitions and example of the model hasbeen carried out.
(4) A cross-domain active identity authentication mechanism based on thecombination of user identity and behaviors has been proposed. Currentauthentication mechanisms and the characteristics of cross-domain federation have beendiscussed at first. Then the knowledge of keystroke dynamics has been introduced,based on this, a weighted PR-RP model based on the statistical distribution of thespecific keystrokes (luuKey) has been designed and plays as the authentication method,security assertion markup language (SAML) has been used as the authenticationmechanism. Identity assertion, attribute assertion, authorization decision assertion andsecure inter-domain communication can be achieved using SAML. By analyzing thecurrent authentication process in single domain and cross-domain environments, anactive identity authentication mechanism (AAM) has been proposed. The authenticationresults can be generated by a third-party that has been established by AAM, the existingauthentication mechanisms in current IdM systems wouldn’t be changed. Theoreticalanalysis and simulation experiments show that luuKey has a low rate of false positivesand false alarm rate, AAM can achieve better integration with existing authenticationmechanisms.
(5) A privacy protection oriented to critical identity and sensitive identityinformation has been proposed. To clear privacy protection subject, existing methodson information importance metrics and privacy protection methods have beenintroduced, draw on the experience of Google PageRank, a critical identity evaluationmethod (CIE) which uses reference between identities and applications to measure theimportance of identity and sensitivity of attributes has been proposed. The analysisshows that the CIE method can effectively measure critical identity and sensitiveattributes. By anonymization of public data, attackers can’t get enough information tofake identity. After measuring the importance and sensitivity of identity, a privacyprotection model which can prevent background knowledge attack called (,)-Risk hasbeen proposed, this model gives the anonymization evaluation parameters (,) at first,by connecting the anonymization with privacy risk, the anonymization can be achieved.This model has been optimized by considering the characters of public data, privacydata, attribute distribution in privacy data. Theoretical analysis and simulation show thatthe model can prevent background knowledge attack and protect the privacy of criticalidentity and sensitive identity information effectively.
本课题针对当前身份管理技术中存在的量化身份模型难以建立,跨域身份鉴别机制难以实现,多种身份鉴别方式难以有效融合,现有隐私保护技术难以有效实现用户隐私保护等关键问题,以解决身份盗用和身份信息泄露为根本目标,对用户身份建模、跨域鉴别、隐私保护等影响身份管理功能有效实现和部署的关键问题进行了深入研究,主要工作和创新点如下:
(1)深入而广泛地综述了身份管理领域相关工作。针对目前纷繁复杂的身份管理研究工作,从身份定义和建模,身份鉴别机制和方法,隐私保护模型、方法和评价指标三个方面分析比较了身份管理领域的关键问题,归纳总结了相关工作,从而明确本文的主要研究内容。
(2)设计了面向联邦跨域环境的身份管理系统框架。分析了身份管理系统的身份建模需求、身份鉴别需求和隐私保护需求,设计了身份管理系统的功能模块和服务模块,并对系统实际部署进行了简要说明,从而明确论文要研究的关键问题。
(3)提出了一种可对身份信息量化描述的身份信息描述语言,基于该语言设计了一个适用于跨域联邦身份管理环境的量化身份模型。借鉴现有数据描述语言,首先给出了身份信息描述语言——XIDL中的数据类型、身份操作的定义以及用户操作的描述,分析了该语言的语义和扩展性,并给出了使用XIDL描述身份信息的示例;随后,通过对现有身份模型的分析,设计了适用于跨域联邦身份管理的量化身份模型,给出了身份模型的建立流程和状态转换和示例。
(4)提出了结合用户身份和行为的跨域主动身份鉴别机制。首先对现有跨域身份鉴别机制进行了探讨,分析了跨域联邦身份管理系统的特点,介绍了击键动力学相关知识,设计了基于具体击键统计分布的加权PR-RP模型(luuKey)作为身份鉴别方法;随后,使用安全标记断言语言(SAML)作为身份鉴别机制,将用户身份模型和SAML结合以实现用户身份断言、属性断言、授权决策断言和安全域间通信,对单域和跨域环境中现有身份鉴别流程进行分析,给出了主动身份鉴别机制流程,该机制通过建立身份鉴别第三方生成身份鉴别结果,不改变现有各个域中已经实现的身份鉴别机制。理论分析和仿真实验表明,基于luuKey模型的击键动力学身份鉴别方法相较于传统的击键动力学身份鉴别方法具有较低的误报率和误报警率,跨域主动身份鉴别机制能够较好的实现与现有身份管理系统融合。
(5)提出了面向用户关键身份和身份敏感信息的隐私保护模型。为了明确隐私保护对象,首先对信息重要性度量方法和隐私保护方法进行了简单介绍,借鉴PageRank的设计思想,提出了关键身份和敏感信息重要度的度量方法——CIE(Critical Identity Evaluation),该方法通过身份之间以及身份与应用之间的互相引用来测度身份信息的重要性,分析表明CIE方法能够有效度量关键用户身份和身份敏感信息。隐私保护通过对公开数据的匿名化处理,使得攻击方无法获取能够伪造用户身份的足够信息,在使用CIE方法度量得到关键身份和敏感信息后,提出了一个避免背景知识攻击的-Risk匿名隐私保护模型,该模型首先给出了背景知识相关定义,提出了度量数据集匿名化水平的测度,通过将匿名化水平和隐私风险相关联,实现对要发布数据集的匿名化处理,并结合考虑了公开数据集、隐私数据集以及隐私数据集中的数据属性分布,对该模型进行了优化。从隐私保护度、算法复杂性和信息丢失三个方面进行了仿真实验,实验结果表明,通过设置合理匿名化水平测度,该模型能够较好的防范基于背景知识的攻击,有效的实现了对关键用户身份和身份敏感信息的隐私保护。
As the rapid development of network applications, users’ security threats onidentity theft and identity disclosure and applications’ security threats from external andinternal are more and more serious. Therefore, how to solve identity theft and disclosureis the hot issue of current study. Identity management (IdM) is proposed to solve themajor security threats in the period that users use, maintenance and update identities andin the process while applications using users identities to complete identityidentification, authentication and authorization. IdM refers to a set of policies, rules,methods and systems based on identities that can complete functions like identification,authentication, authorization, access control and behavior audit. IdM aims at controllinguser access to resources, third-party applications access to identity information andidentity disclosure by giving specific identity and making user permissions andconstraints interrelated with user identity. IdM can achieve control of identityinformation and guarantee the security of identity information, improve the clientexperience and security.
This paper aims at the difficult in establishing quantitative identity model,achieving cross-domain authentication mechanism, integrating of various authenticationmethods, effectively achieving privacy protection in current IdM systems; and considersto solve identity theft and identity disclosure as a fundamental goal. Key issues of IdMtechnology such as identity modeling, cross-domain authentication, privacy protectionhave been researched; the main contributions of our work are as follows:
(1) Survey the related works deeply and comprehensively. As there are a largenumber parallel approaches about IdM technology, we firstly summarize the key issuesof IdM from three aspects: identity definition and modeling, authentication mechanismsand methods, models, methods and evaluating indicators of privacy protection. Thisclarifies the objective of our work.
(2) An IdM framework oriented to cross-domain federated environment hasbeen proposed. The requirements of identity modeling, identity authentication andprivacy protection in IdM systems have been analyzed. Functional modules, servicemodules and actual system deployment of IdM systems have been designed and brieflydescripted in order to clear the key issues of IdM that should be researched.
(3) An identity information description language-XIDL that can giveidentity quantitative description has been proposed, and a quantitative identitymodel that can be applied in cross-domain federated IdM systems has beendesigned. Draw on the experience of current data description languages, the data types,operations and descriptions of identity, the semantics and expansibility of XIDL havebeen defined and analyzed, an example has been given to show how to describe identifiable information using XIDL. Subsequently, through analysis of existing identitymodels, a quantitative identity model which is suitable for cross-domain federated IdMhas been designed, construction process, state transitions and example of the model hasbeen carried out.
(4) A cross-domain active identity authentication mechanism based on thecombination of user identity and behaviors has been proposed. Currentauthentication mechanisms and the characteristics of cross-domain federation have beendiscussed at first. Then the knowledge of keystroke dynamics has been introduced,based on this, a weighted PR-RP model based on the statistical distribution of thespecific keystrokes (luuKey) has been designed and plays as the authentication method,security assertion markup language (SAML) has been used as the authenticationmechanism. Identity assertion, attribute assertion, authorization decision assertion andsecure inter-domain communication can be achieved using SAML. By analyzing thecurrent authentication process in single domain and cross-domain environments, anactive identity authentication mechanism (AAM) has been proposed. The authenticationresults can be generated by a third-party that has been established by AAM, the existingauthentication mechanisms in current IdM systems wouldn’t be changed. Theoreticalanalysis and simulation experiments show that luuKey has a low rate of false positivesand false alarm rate, AAM can achieve better integration with existing authenticationmechanisms.
(5) A privacy protection oriented to critical identity and sensitive identityinformation has been proposed. To clear privacy protection subject, existing methodson information importance metrics and privacy protection methods have beenintroduced, draw on the experience of Google PageRank, a critical identity evaluationmethod (CIE) which uses reference between identities and applications to measure theimportance of identity and sensitivity of attributes has been proposed. The analysisshows that the CIE method can effectively measure critical identity and sensitiveattributes. By anonymization of public data, attackers can’t get enough information tofake identity. After measuring the importance and sensitivity of identity, a privacyprotection model which can prevent background knowledge attack called (,)-Risk hasbeen proposed, this model gives the anonymization evaluation parameters (,) at first,by connecting the anonymization with privacy risk, the anonymization can be achieved.This model has been optimized by considering the characters of public data, privacydata, attribute distribution in privacy data. Theoretical analysis and simulation show thatthe model can prevent background knowledge attack and protect the privacy of criticalidentity and sensitive identity information effectively.
引文
[1] Digital Identity [EB/OL]. Available at: http://en.wikipedia.org/wiki/Digital_identity.
[2] Akihiro Shimizu. A dynamic password authentication method using a one-wayfunction [J]. Systems and Computers in Japan,1991,7(22):32-40.
[3] Anil Jain, Lin Hong, Sharath Pankanti, Biometric identification [J].Communications of the ACM,2000,2(43).
[4] Carlisle Adams, Steve Lloyd. Understanding PKI: Concepts, Standards, andDeployment Considerations [M]. Boston, MA, USA: Addison-Wesley LongmanPublishing Co., Inc.,2002.
[5] Ravi Sandhu, Pierangela Samarati. Authentication, access control, and audit [J].ACM Computing Surveys,1996,1(28).
[6] M. Gercke. Consumer Fraud and Identity Theft Complaint Data, EconomicCrime Division, Directorate General of Human Rights and Legal Affairs,Strasbourg, France,2007.
[7] Aaron Emigh. Online Identity Theft: Phishing Technology, Chokepoints andCountermeasures [EB/OL]. Available at:http://www.cyber.st.dhs.gov/docs/phishing-dhs-report.pdf,2005.
[8] Daniel J. Solove. Identity Theft, Privacy, and the Architecture of Vulnerability[J]. Hastings Law Journal,2003,54:1227.
[9] E Bertino, F Paci, N Shang. Digital Identity Protection-Concepts and Issues [C].In International Conference on Availability, Reliability and Security. Fukuoka,Japan:2009:69-78.
[10] Zhu D., Li X., Wu S. Identity disclosure protection: A data reconstructionapproach for privacy-preserving data mining. Decision Support Systems,2009,48:133-140.
[11] Kun B., Ying L., Peng L. Prevent Identity Disclosure in Social Network DataStudy [C]. In ACM Conference on Computer and Communications Security(CCS),2009.
[12]裴庆祺,赵鹏,张红斌等.内部威胁身份鉴别系统的研究[J],通信学报,2009,(S2):121-126.
[13]倪亮,韩臻,何永忠,身份管理技术综述[J],信息安全与通信保密,2007,(11):78-81.
[14]李建,沈昌祥,韩臻,身份管理研究综述[J],计算机工程与设计,2009,(6):1365-1370.
[15] Yuan Cao, Lin Yang, A survey of Identity Management technology [C], IEEEInternational Conference on Information Theory and Information Security(ICITIS), Beijing:2010.
[16] Yuan Cao, Lin Yang, Zongbo Fu, et al. Identity Management Architecture:Paradigms and Models [C]. WASE Global Conference on Science andEngineering, GCSE2010, China.
[17] A J sang, S Pope. User centric identity management [C]. In AusCERT AsiaPacific Information Technology,2005.
[18] B. Abhilasha, C. Jan, G. Thomas, et al. User centricity: a taxonomy and openissues [J]. Journal of Computer Security,2007,(15):0926-227X.
[19] Yuan Cao, Lin Yang. Identity Management Architecture: Paradigms and Models[J]. Applied Mechanics and Materials (Advances in Science and EngineeringFrontier Topics in Theoretical and Applied Science and Engineering),2011,40-41:647-651.
[20]曹源,杨林,付宗波.一种通用的身份模型及其构建流程[J].计算机工程,2012,3(38):119-120.
[21] David Chaum. Security without Identification: Transaction Systems to make BigBrother Obsolete [J]. Communication of ACM,1985,28(10):1030-1044.
[22] David Chaum. Security without Identification: Card Computers to make BigBrother Obsolete [J]. Informatik-Spektrum,1987,(10):262-277.
[23] ITU-T X.1252:身份管理基准术语定义[EB/OL], Available at:http://www.itu.int/SG-CP/example_docs/ITU-T-REC/ITU-T-REC_C.pdf.
[24] Windley P. Digital Identity [M], O'Reilly Media, Inc.,2005.
[25] Sebastian ClauB, Marit Kohntopp. Identity Management and its support inmultilaeral security [J], Computer Networks,2001,(37):205-219.
[26] S Clau, TU Dresden, T K¨olsch. Privacy-enhancing identity management:protection against re-identification and profiling [C]. In ACM Proc. Of DigitalIdentity Management, DIM’05,2005.
[27] M Koch, W W rndl. Community Support and Identity Management [C]. In Proc.ECSCW’01, Bonn, Germany,2001.
[28] P White. Identity Management Architecture: A New Direction [C]. In IEEEInternational Conference on Computer and Information Technology,2008:408-413.
[29] Hristo Koshutanski, Mihaela Ion, Luigi Telesca. Distributed IdentityManagement Model for Digital Ecosystems [C]. In International Conference onEmerging Security Information, Systems and Technologies, Valencia, Spain:2007:132-138.
[30] Yuan Cao, Lin Yang, Zongbo Fu. A Survey of Identity Management Technology.In IEEE International Conference on Information Theory and InformationSecurity, Beijing China,2010:287-293.
[31] ITU-T X.1250: Baseline capabilities for enhanced global identity managementand interoperability [EB/OL]. Available at:http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=9456&lang=en.
[32] ITU Focus Group on Identity Management [EB/OL]. Available at:http://www.itu.int/ITU-T/studygroups/com17/fgidm/.
[33] David Recordon, Drummond Reed. OpenID2.0:A Platform for User-CentricIdentity Management [C]. In ACM Workshop on Digital Identity Management,Alexandria, Virginia, USA,2006:11-16.
[34] Jussi Malinen. Windows Cardspace [C]. In TKK T-110.5290Seminar onNetwork Security,2006.
[35] Bob Morgan, Scott Cantor Steven Carmody, Walter Hoehn, et al. FederatedSecurity: The Shibboleth Approach [J], Educause Quarterly,2004,(4):12-17.
[36] Liberty Alliance [EB/OL]. Available at: http://kantarainitiative.org/,2013.
[37] T Wason, Liberty ID-FF Architecture Overview [EB/OL]. Available at:http://www.projectliberty.org/liberty/content/download/318/2366/file/draft-liberty-idff-arch-overview-1.2-errata-v1.0.pdf,2013.
[38] FIDIS Project [EB/OL]. Available at: http://www.fidis.net/.
[39] PrimeLife Project [EB/OL]. Available at: https://www.prime-project.eu/.
[40] Amir Hayat, Herbert Leitold, Christian Rechberger, et al. Survey on EU e-IDSolutions [EB/OL]. Available at: http://www.a-sit.at/pdfs/A-SIT_EID_SURVEY.pdf,2004.
[41] Homeland Security Presidential Directive12: Policy for a CommonIdentification Standard for Federal Employees and Contractors [EB/OL].Available at: http://www.dhs.gov/xabout/laws/gc_1217616624097.shtm.
[42] FICAM Roadmap and Implementation Guidance [EB/OL]. Available at:http://www.idmanagement.gov/documents/FICAM_Roadmap_Implementation_Guidance.pdf.
[43]吴小勇,黄希庭,毕重增.身份及其相关研究进展[J].西南大学学报(社会科学版),2008,(3):8-13.
[44] A J sang, M A Zomai, S Suriadi. Usability and Privacy in Identity ManagementArchitectures. In Proc. of the fifth Australasian symposium on ACSW frontiers,ACSW '07,2007,(68):143-152.
[45] Yuan Cao, Lin Yang. A Survey of Identity Management Technology [C]. In Proc.2010IEEE International Conference on Information Theory and InformationSecurity, ICITIS2010,2010:287-293.
[46] Ahn, G.-J, Ko, M.N., Shchab, M. Portable User-Centric Identity Management[C]. In Proc. of the IFIP TC1123rd International Information SecurityConference, Sushil Jajodia, Pierangela Samarati, Stelvio Cimato, Boston:Springer,2008:573-587.
[47] Ernesto Damiani, Sabrina De Capitani DiVimercati, Pierangela Samarati.Managing Multiple and Dependable Identities [J]. IEEE Internet Computing,2003:29-37.
[48] N. Manders-Huits. Practical versus moral identities in identity management [J].Ethics and Information Technology,2010,12(1):43-55.
[49] K. Vangeneugden. GIAC Enterprises-Next Generation Network [EB/OL].Available at: http://basia.xvr.pl/~matematyka/bsd/Kris_Vangeneugden_GCFW.pdf.
[50] Personal Identity Verification [EB/OL]. Available at:http://www.va.gov/pivproject/.
[51] Stork Project [EB/OL]. Available at: https://www.eid-stork.eu/.
[52] Herbert Kubicek, Noack Torsten. The path dependency of national electronicidentities-A comparison of innovation proceses in four European countries [J].Identity in the Information Society,2010,(3):111-153.
[53] Teemu Rissanen. Electronic identity in Finland: ID cards vs. bank IDs [J].Identity in the Information Society,2010,(3):175-194.
[54] Yves Deswarte. Towards a Privacy-Preserving National Identity Card [J]. DataPrivacy Management and Autonomous,2010:48-64.
[55] Andreas Reisen. The German Identity Card-Concepts and Applications [C]. InISSE/SECURE2007Securing Electronic Business.2007:401-404.
[56] Windows Identity Foundation [EB/OL]. Available at:http://en.wikipedia.org/wiki/Windows_Identity_Foundation.
[57] Kal Toth, M. Subramanium. The persona concept: a consumer-centered identitymodel [J]. Emerging Applications for Wireless and Mobile,2003.
[58] A Sarma, A Matos, J Gir o, RL Aguiar. Virtual Identity Framework for TelecomInfrastructures [J]. Wireless Personal Communications,2008,45(4):521-543.
[59] DGW Birch. Psychic ID: A blueprint for a modern national identity scheme [J].Identity in the Information Society,2008,(1):189-201.
[60] Siani Pearson, Marco Casassa Mont. Provision of trusted Identity ManagementUsing Trust credentials [C]. In iTrust2006. LNCS3986,2006:267-282.
[61] Mohammad Hasan Samadani, Mehdi Shajari. Mobile Partial IdentityManagement-The Non-repudiable Minimal Mobile Identity Model [C]. In FGIT2010, Springer-Verlag Berlin Heidelberg, LNCS6485,2010:439-449.
[62] OPAALS [EB/OL]. Available at: http://www.opaals-oks.eu/.
[63] Jimmy McGibney, Dmitri Botvich. Distributed dynamic protection of services onad hoc and p2p. In Proc.of the7th IEEE international conference on IPoperations and management, Springer-Verlag Berlin, Heidelberg,2007:95-106.
[64] Javier Noguera, Techideas Llacuna. Distributed Identity Management Model forDigital Ecosystems [C]. In Proc. of the The International Conference onEmerging Security Information, Systems, and Technologies, IEEE ComputerSociety, Washington, DC, USA,2007:132-138.
[65] Mark McLaughlin, Paul Malone. A Practical Approach to Identity on DigitalEcosystems Using claim Verification and Trust [C]. In Proc. OPAALS2010,LNICST67,2010:161-177.
[66] M. Ion, L. Telesca, F. Botto, et al. An Open Distributed Identity and TrustManagement Approach for Digital Community Ecosystems [C]. In InternationalWorkshop on ICT for Business Clusters in Emerging Markets, Michigan StateUniversity,2007.
[67] McLaughlin, Mark. A Model for Identity in Digital Ecosystems [C]. In3rd IEEEInternational Conference on Digital Ecosystems and Technologies, DEST09,2009:295-300.
[68] Hidehito Gomi, Makoto Hatakeyama, Shigeru Hosono, et al. A DelegationFramework for Federated Identity Management [C]. In Proc. of the2005workshop on Digital identity management, ACM New York, NY, USA,2005:94-103.
[69] Information Management Resource Kit (IMARK)[EB/OL]. Available at:http://www.imarkgroup.org/.
[70]身份识别[EB/OL]. Available at: http://en.wikipedia.org/wiki/Identification.
[71]身份认证[EB/OL]. Available at: http://en.wikipedia.org/wiki/Authentication.
[72]赵鹏.内部威胁身份鉴别系统的研究[D].西安电子科技大学,2010.
[73] Adi Shamir. Identity-based cryptosystems and signature schemes [C]. In Proc. ofCRYPTO84on Advances in cryptology, Santa Barbara, California, UnitedStates: Springer-Verlag New York, Inc.,1985:47-53.
[74] Leslie Lamport. Password authentication with insecure communication [J].Communication of ACM,1981,24(11):770-772.
[75]胡天麟.动态口令双向身份鉴别方案的研究与设计[D].四川大学,2006.
[76]徐红,唐刚强.数据安全与加密算法[J].企业技术开发,2006,(9):16-18.
[77]陶良升.基于对称密钥认证的安全握手协议研究及应用[D].华中科技大学,2009.
[78]吴素研,李瑛,胡祥义等.基于组合对称密钥带加密数字签名方法的研究[J].电子科技大学学报,2009, z1(38):75-78.
[79]曾勇.一种基于非对称密钥密码体制的IMSI保护方案[J].通信技术,2008,9(41).
[80]裴士辉,赵宏伟,张孝临等.基于Vandermonde矩阵的分布式密钥分发中心方案[J].吉林大学学报(工学版),2007,(5):1154-1158.
[81]李志敏.改进Kerberos协议[J].孝感学院学报,2009,(3):61-63.
[82] BSI. BS ISO17090-1-2008.健康信息学.公开密钥基础设施.数字证书服务的综述[S].
[83]田野,张玉军,李忠诚.使用对技术的基于身份密码学研究综述[J].计算机研究与发展,2006,(10):1810-1819.
[84]南湘浩.组合公钥(CPK)体制标准(v5.0)[J].计算机安全,2010,(10).
[85]王先博,李大兴.基于身份的组合公钥认证体制的研究与设计[D].山东大学,2008.
[86]南相浩. CPK算法与标识认证[J].信息安全与通信保密,2006,9(28):12-16.
[87] R. Joyce, G. Gupta. Identity authentication based on keystroke latencies [J].Communications of the ACM,1990,33(2):168-176.
[88] D. Song, P. Venable, A. Perrig. User recognition by keystroke latency patternanalysis [EB/OL]. Available at: http://users.ece.cmu.edu/~adrian/projects/keystroke/mid.pdf,1997.
[89]沈超,蔡忠闽,管晓宏等.基于鼠标行为特征的用户身份认证与监控[J].通信学报,2010,(007):68-75.
[90] A. Weiss, A. Ramapanicker, P. Shah, et al. Mouse movements biometricidentification: A feasibility study [C]. In Proc. of Student/Faculty Research DayCSIS, Pace University, White Plains, NY,2007.
[91] M. Pusara, C. E. Brodley. User re-authentication via mouse movements [C]. InProc. of the2004ACM workshop on Visualization and data mining for computersecurity, ACM New York, NY,USA,2004:1-8.
[92]朱勇,谭铁牛,王蕴红.基于笔迹的身份鉴别[J].自动化学报.2001,2(27).
[93] R. Plamondon, G. Lorette. Automatic signature verification and writeridentification--the state of the art [J]. Pattern recognition,1989,22(2):107-131.
[94] K. Yu, Y. Wang, T. Tan. Writer identification using dynamic features [J].Biometric Authentication,2004:1-8.
[95] Privacy [EB/OL]:Available at: http://en.wikipedia.org/wiki/Privacy.
[96]闵丹丹.网络实名制与隐私权保护问题探究[J].劳动保障世界.2013(2).
[97] C. Clifton, M. Kantarcioglu, J. Vaidya. Defining privacy for data mining [C]. InNational Science Foundation Workshop on Next Generation Data Mining,2002:126-133.
[98]周水庚,李丰,陶宇飞等.面向数据库应用的隐私保护研究综述[J].计算机学报,2009,32(5):847-861.
[99] G. Miklau, D. Suciu. A formal analysis of information disclosure in dataexchange [J]. Journal of Computer and System Sciences,200773(3):207-534.
[100] A. Machanavajjhala, J. Gehrke. On the efficiency of checking perfect privacy [C].In Proceedings of the25th ACM SIGMOD-SIGACT-SIGART symposium onPrinciples of database systems, PODS06, ACM New York, NY, USA,2006:163-172.
[101] A. Deutsch, Y. Papakonstantinou. Privacy in database publishing [C]. In Proc. ofthe10th international conference on Database Theory, ICDT05, Springer-VerlagBerlin, Heidelberg,2005:230-245.
[102] T. Dalenius. Towards a methodology for statistical disclosure control [J].Statistik Tidskrift,1977,15(429-444):1-2.
[103] C. Dwork. Differential privacy: A Survey of Results [C]. In Proc. of the5thinternational conference on Theory and applications of models of computationSpringer-Verlag Berlin, Heidelberg,2008:1-19.
[104] L. H. Cox. Suppression methodology and statistical disclosure control [J].Journal of the American Statistical Association,1980:377-385.
[105] T. Dalenius. Finding a needle in a haystack-or identifying anonymous censusrecord [J]. Journal of Official Statistics,1986,2(3):329-336.
[106] L. Sweeney. Achieving k-anonymity privacy protection using generalization andsuppression [J]. International Journal of Uncertainty Fuzziness andKnowledge-Based Systems,2002,10(5):571-588.
[107] L. Sweeney. k-anonymity: A model for protecting privacy [J]. InternationalJournal on Uncertainty Fuzziness and Knowledgebased Systems,2002,10(5):557-570
[108] K. Wang, B. Fung. Anonymizing sequential releases [C]. In Proc. of the12thACM SIGKDD international conference on Knowledge discovery and datamining, ACM New York, NY, USA,2006:414-423.
[109] M. E. Nergiz, C. Clifton, A. E. Nergiz. Multirelational k-anonymity [J]. IEEETransactions on Knowledge and Data Engineering,2009,21(8):1104-1117.
[110] Ashwin Machanavajjhala, Daniel Kifer, Johannes Gehrke, et al. L-diversity:Privacy beyond k-anonymity [J]. ACM Transcation on Knowledge Discoveryfrom Data (TKKD),2007,1(1):3.
[111] Ninghui Li, Tiancheng Li, Suresh Venkatasubramanian. t-Closeness: PrivacyBeyond k-Anonymity and l-Diversity [C]. In IEEE23rd International Conferenceon Data Engineering, ICDE2007, Istanbul, Turkey,2007:106-115.
[112] Raymond Chi-Wing Wong, Jiuyong Li, Ada Wai-Chee Fu, et al.(,k)-anonymity: an enhanced k-anonymity model for privacy preserving datapublishing [C]. In Proc. of the12th ACM SIGKDD international conference onKnowledge discovery and data mining, Philadelphia, USA: Association forComputing Machinery (ACM),2006:754-759.
[113] Xiaokui Xiao, Yufei Tao. Personalized privacy preservation [C]. In Proc. of the2006ACM SIGMOD international conference on Management of data,SIGMOD06, ACM New York, NY, USA,2006:229-240.
[114] M. E. Nergiz, M. Atzori, C. Clifton. Hiding the presence of individuals fromshared databases [C]. In Proc. of the2007ACM SIGMOD internationalconference on Management of data, SIGMOD07, ACM New York, NY, USA,2007:665-676.
[115] A. Blum, K. Ligett, A. Roth. A learning theory approach to non-interactivedatabase privacy [C]. In Proc. of the40th annual ACM symposium on Theory ofcomputing, STOC08, ACM New York, NY, USA,2008:609-618.
[116] V. Rastogi, D. Suciu, S. Hong. The boundary between privacy and utility in datapublishing [C]. In Proc. of the33rd international conference on Very large databases, VLDB07,2007:531-542.
[117] G. T. Marx. Privacy and technology [J]. Whole Earth Review,1991,5(9):523-541.
[118] SAML [EB/OL]. Available at: http://saml.xml.org/,http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language.
[119] OASIS [EB/OL].Available at: http://www.oasis-open.org/.
[120] AuthML [EB/OL].Available at: http://dret.net/glossary/authml.
[121] WS-Federation [EB/OL].Available at: http://www.ibm.com/developerworks/library/specification/ws-fed/, http://en.wikipedia.org/wiki/WS-Federation,http://msdn.microsoft.com/en-us/library/bb498017.aspx.
[122] Medina, M., Colomer, M., Polo, S.G., Poorter, A.D.. Fidelity: Federated IdentityManagement Security based on Liberty Alliance on European Ambit [C]. In Proc.of the28th International Conference on Software Engineering, ISSE(2006),2006:161-167.
[123] Liberty Alliance [EB/OL]. Available at: http://kantarainitiative.org/.
[124] Shibboleth [EB/OL]. Available at: http://shibboleth.net/.
[125] Federal Segment Architecture Methodology (FSAM)[EB/OL]. Available at:http://www.whitehouse.gov/omb/e-gov/fsam.
[126] E. H. Sibley, R. W. Taylor. A data definition and mapping language [J].Communications of the ACM,1973,16(12):750-759.
[127] A. G. Merten, J. P. Fry. A data description language approach to file translation[C]. In Proc. of the1974ACM SIGFIDET (now SIGMOD) workshop on Datadescription, access and control, SIGFIDET74, ACM New York, NY, USA,1974:192-205.
[128] B. Veth. An integrated data description language for coding design knowledge[J]. Intelligent CAD Systems I.1987:295-313.
[129] N. C. Shu, B. C. Housel, V. Y. Lum. CONVERT: a high level translationdefinition language for data conversion [J]. Communications of the ACM,1975,18(10):557-567.
[130] M. E. Senko. Data description language in the concept of multilevel structureddescription: DIAM II with FORAL [C]. In IFIP TC-2Special WorkingConference on Data Base Description, North-Holland Pub. Co., Amsterdam,1975:239-258.
[131] D. Chamberlin, J. Robie, D. Florescu. Quilt: An XML query language forheterogeneous data sources [J]. The World Wide Web and Databases,2001:1-25.
[132] D. D. Chamberlin, M. M. Astrahan, K. P. Eswaran, et al. SEQUEL2: A unifiedapproach to data definition, manipulation, and control [J]. IBM Journal ofResearch and Development,1976,20(6):560-575.
[133] XML Schema [EB/OL]. Available at:http://www.w3schools.com/schema/schema_intro.asp,http://en.wikipedia.org/wiki/XML_schema.
[134] XML Document Type Definition [EB/OL]. Available at:http://www.w3schools.com/dtd/default.asp,http://en.wikipedia.org/wiki/Document_Type_Definition.
[135] Data Format Description Language WG (DFDL-WG)[EB/OL]. Available at:http://forge.gridforum.org/projects/dfdl-wg.
[136] Y. Mandelbaum, K. Fisher, D. Walker, et al. PADS/ML: A functional datadescription language [J]. ACM SIGPLAN Notices,2007,42(1):77-83.
[137] Binary XML [EB/OL]. Available at: http://www.w3.org/XML/Binary/.
[138] RDF Schema [EB/OL]. Available at: http://www.w3.org/TR/rdf-schema/.
[139] Protocol Buffers: Google s Data Interchange Format [EB/OL]. Available at:http://code.google.com/apis/protocolbuffers.
[140] Kim Cameron, The Law Of Identity [EB/OL]. Available at:http://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf,2005.
[141] S. S. Y. Shim, G. Bhalla, V. Pendyala. Federated identity management [J].Computer,2005,38(12):120-122.
[142] Y. Zuo, X. Luo, F. Zeng. Towards a dynamic federation framework based onSAML and automated trust negotiation [J]. Web Information Systems andMining,2010:254-262.
[143] S. Rieger. User-centric identity management in heterogeneous federations [C]. InProc. of the4th International Conference on Internet and Web Applications andServices, ICIW09,2009:527-532.
[144] Federated Identity [EB/OL]. Available at:http://en.wikipedia.org/wiki/Federated_identity.
[145] S. Bleha, C. Slivinsky, B. Hussien. Computer-access security systems usingkeystroke dynamics [J]. Pattern Analysis and Machine Intelligence, IEEETransactions on,1990,12(12):1217-1222.
[146] F. Monrose, A. D. Rubin. Keystroke dynamics as a biometric for authentication[J]. Future Generation Computer Systems,2000,16(4):351-359.
[147] F. Bergadano, D. Gunetti, C. Picardi. User authentication through keystrokedynamics [J]. ACM Transactions on Information and System Security (TISSEC),2002,5(4):367-397.
[148] M. S. Obaidat, B. Sadoun. Verification of computer users using keystrokedynamics [J]. IEEE Transactions on Systems, Man, and Cybernetics, Part B:Cybernetics,1997,27(2):261-269.
[149] V. Kacholia, S. Pandit. Biometric authentication using random distributions(bioART)[C]. In Proc.15th Canadian IT Security Symp.(CITSS), Governmentof Canada,2003.
[150] X. Kai, Others. Identity authentication system based on improved PR-RP model
[C]. In Proc. of the2nd International Conference on Advanced ComputerControl,ICACC10,2010(5):65-69.
[151] S. Brin, L. Page. The anatomy of a large-scale hypertextual Web search engine[J]. Computer networks and ISDN systems,1998,30(1-7):107-117.
[152] J. M. Kleinberg. Authoritative sources in a hyperlinked environment [J]. Journalof the ACM (JACM),1999,46(5):604-632.
[153] A. Meyerson, R. Williams. On the complexity of optimal k-anonymity [C]. InProc. of the23rd ACM SIGMOD-SIGACT-SIGART Symposium on Principlesof Database Systems (PODS’04). Paris, France,2004:223-228.
[154] X. Xiao and Y. Tao. Anatomy: Simple and effective privacy preservation [C]. InProc. of the32nd International Conference on Very Large Data Bases(VLDB’06). Seoul, Korea.2006:139-150.
[155] C. C. Aggarwal. On k-anonymity and the curse of dimensionality [C]. In Proc. ofthe31st International Conference on Very Large Data Bases (VLDB’05),Trondheim, Norway.2005.901-909.
[156] N. Li, T. Li, and S. Venkatasubramanian. Closeness: A New Privacy Measure forData Publishing [J]. IEEE Transcations on Knowledge and Data Engineering,2010,22(7):943-956.
[157] L. Sweeney. Achieving k-anonymity privacy protection using generalization andsuppression [J]. International Journal on Uncertainly, Fuzziness andKnowledge-based Systems,2002,10(5):571-588.
[158] A. Machanavajjhala, J. Gehrke, and D. Kifer. L-diversity: Privacy beyondk-anonymity [J]. ACM Transactions on Knowledge Discovery from Data(TKDD),2007,1(1).
[159] Y. Rubner, C. Tomasi, and L. J. Guibas. The earth mover’s distance as a metricfor image retrieval [J]. International Journal of Computer Vision,2000,40(2):99~121.
[160] Adult Data Set in Machine Learning Respository [EB/OL]. Available at:http://archive.ics.uci.edu/ml/datasets/Adult.
[161] X. Xiao and Y. Tao. Anatomy: Simple and effective privacy preservation [C]. InProc. of the32nd International Conference on Very Large Data Bases(VLDB’06), Seoul, Korea,2006:139~150.
[2] Akihiro Shimizu. A dynamic password authentication method using a one-wayfunction [J]. Systems and Computers in Japan,1991,7(22):32-40.
[3] Anil Jain, Lin Hong, Sharath Pankanti, Biometric identification [J].Communications of the ACM,2000,2(43).
[4] Carlisle Adams, Steve Lloyd. Understanding PKI: Concepts, Standards, andDeployment Considerations [M]. Boston, MA, USA: Addison-Wesley LongmanPublishing Co., Inc.,2002.
[5] Ravi Sandhu, Pierangela Samarati. Authentication, access control, and audit [J].ACM Computing Surveys,1996,1(28).
[6] M. Gercke. Consumer Fraud and Identity Theft Complaint Data, EconomicCrime Division, Directorate General of Human Rights and Legal Affairs,Strasbourg, France,2007.
[7] Aaron Emigh. Online Identity Theft: Phishing Technology, Chokepoints andCountermeasures [EB/OL]. Available at:http://www.cyber.st.dhs.gov/docs/phishing-dhs-report.pdf,2005.
[8] Daniel J. Solove. Identity Theft, Privacy, and the Architecture of Vulnerability[J]. Hastings Law Journal,2003,54:1227.
[9] E Bertino, F Paci, N Shang. Digital Identity Protection-Concepts and Issues [C].In International Conference on Availability, Reliability and Security. Fukuoka,Japan:2009:69-78.
[10] Zhu D., Li X., Wu S. Identity disclosure protection: A data reconstructionapproach for privacy-preserving data mining. Decision Support Systems,2009,48:133-140.
[11] Kun B., Ying L., Peng L. Prevent Identity Disclosure in Social Network DataStudy [C]. In ACM Conference on Computer and Communications Security(CCS),2009.
[12]裴庆祺,赵鹏,张红斌等.内部威胁身份鉴别系统的研究[J],通信学报,2009,(S2):121-126.
[13]倪亮,韩臻,何永忠,身份管理技术综述[J],信息安全与通信保密,2007,(11):78-81.
[14]李建,沈昌祥,韩臻,身份管理研究综述[J],计算机工程与设计,2009,(6):1365-1370.
[15] Yuan Cao, Lin Yang, A survey of Identity Management technology [C], IEEEInternational Conference on Information Theory and Information Security(ICITIS), Beijing:2010.
[16] Yuan Cao, Lin Yang, Zongbo Fu, et al. Identity Management Architecture:Paradigms and Models [C]. WASE Global Conference on Science andEngineering, GCSE2010, China.
[17] A J sang, S Pope. User centric identity management [C]. In AusCERT AsiaPacific Information Technology,2005.
[18] B. Abhilasha, C. Jan, G. Thomas, et al. User centricity: a taxonomy and openissues [J]. Journal of Computer Security,2007,(15):0926-227X.
[19] Yuan Cao, Lin Yang. Identity Management Architecture: Paradigms and Models[J]. Applied Mechanics and Materials (Advances in Science and EngineeringFrontier Topics in Theoretical and Applied Science and Engineering),2011,40-41:647-651.
[20]曹源,杨林,付宗波.一种通用的身份模型及其构建流程[J].计算机工程,2012,3(38):119-120.
[21] David Chaum. Security without Identification: Transaction Systems to make BigBrother Obsolete [J]. Communication of ACM,1985,28(10):1030-1044.
[22] David Chaum. Security without Identification: Card Computers to make BigBrother Obsolete [J]. Informatik-Spektrum,1987,(10):262-277.
[23] ITU-T X.1252:身份管理基准术语定义[EB/OL], Available at:http://www.itu.int/SG-CP/example_docs/ITU-T-REC/ITU-T-REC_C.pdf.
[24] Windley P. Digital Identity [M], O'Reilly Media, Inc.,2005.
[25] Sebastian ClauB, Marit Kohntopp. Identity Management and its support inmultilaeral security [J], Computer Networks,2001,(37):205-219.
[26] S Clau, TU Dresden, T K¨olsch. Privacy-enhancing identity management:protection against re-identification and profiling [C]. In ACM Proc. Of DigitalIdentity Management, DIM’05,2005.
[27] M Koch, W W rndl. Community Support and Identity Management [C]. In Proc.ECSCW’01, Bonn, Germany,2001.
[28] P White. Identity Management Architecture: A New Direction [C]. In IEEEInternational Conference on Computer and Information Technology,2008:408-413.
[29] Hristo Koshutanski, Mihaela Ion, Luigi Telesca. Distributed IdentityManagement Model for Digital Ecosystems [C]. In International Conference onEmerging Security Information, Systems and Technologies, Valencia, Spain:2007:132-138.
[30] Yuan Cao, Lin Yang, Zongbo Fu. A Survey of Identity Management Technology.In IEEE International Conference on Information Theory and InformationSecurity, Beijing China,2010:287-293.
[31] ITU-T X.1250: Baseline capabilities for enhanced global identity managementand interoperability [EB/OL]. Available at:http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=9456&lang=en.
[32] ITU Focus Group on Identity Management [EB/OL]. Available at:http://www.itu.int/ITU-T/studygroups/com17/fgidm/.
[33] David Recordon, Drummond Reed. OpenID2.0:A Platform for User-CentricIdentity Management [C]. In ACM Workshop on Digital Identity Management,Alexandria, Virginia, USA,2006:11-16.
[34] Jussi Malinen. Windows Cardspace [C]. In TKK T-110.5290Seminar onNetwork Security,2006.
[35] Bob Morgan, Scott Cantor Steven Carmody, Walter Hoehn, et al. FederatedSecurity: The Shibboleth Approach [J], Educause Quarterly,2004,(4):12-17.
[36] Liberty Alliance [EB/OL]. Available at: http://kantarainitiative.org/,2013.
[37] T Wason, Liberty ID-FF Architecture Overview [EB/OL]. Available at:http://www.projectliberty.org/liberty/content/download/318/2366/file/draft-liberty-idff-arch-overview-1.2-errata-v1.0.pdf,2013.
[38] FIDIS Project [EB/OL]. Available at: http://www.fidis.net/.
[39] PrimeLife Project [EB/OL]. Available at: https://www.prime-project.eu/.
[40] Amir Hayat, Herbert Leitold, Christian Rechberger, et al. Survey on EU e-IDSolutions [EB/OL]. Available at: http://www.a-sit.at/pdfs/A-SIT_EID_SURVEY.pdf,2004.
[41] Homeland Security Presidential Directive12: Policy for a CommonIdentification Standard for Federal Employees and Contractors [EB/OL].Available at: http://www.dhs.gov/xabout/laws/gc_1217616624097.shtm.
[42] FICAM Roadmap and Implementation Guidance [EB/OL]. Available at:http://www.idmanagement.gov/documents/FICAM_Roadmap_Implementation_Guidance.pdf.
[43]吴小勇,黄希庭,毕重增.身份及其相关研究进展[J].西南大学学报(社会科学版),2008,(3):8-13.
[44] A J sang, M A Zomai, S Suriadi. Usability and Privacy in Identity ManagementArchitectures. In Proc. of the fifth Australasian symposium on ACSW frontiers,ACSW '07,2007,(68):143-152.
[45] Yuan Cao, Lin Yang. A Survey of Identity Management Technology [C]. In Proc.2010IEEE International Conference on Information Theory and InformationSecurity, ICITIS2010,2010:287-293.
[46] Ahn, G.-J, Ko, M.N., Shchab, M. Portable User-Centric Identity Management[C]. In Proc. of the IFIP TC1123rd International Information SecurityConference, Sushil Jajodia, Pierangela Samarati, Stelvio Cimato, Boston:Springer,2008:573-587.
[47] Ernesto Damiani, Sabrina De Capitani DiVimercati, Pierangela Samarati.Managing Multiple and Dependable Identities [J]. IEEE Internet Computing,2003:29-37.
[48] N. Manders-Huits. Practical versus moral identities in identity management [J].Ethics and Information Technology,2010,12(1):43-55.
[49] K. Vangeneugden. GIAC Enterprises-Next Generation Network [EB/OL].Available at: http://basia.xvr.pl/~matematyka/bsd/Kris_Vangeneugden_GCFW.pdf.
[50] Personal Identity Verification [EB/OL]. Available at:http://www.va.gov/pivproject/.
[51] Stork Project [EB/OL]. Available at: https://www.eid-stork.eu/.
[52] Herbert Kubicek, Noack Torsten. The path dependency of national electronicidentities-A comparison of innovation proceses in four European countries [J].Identity in the Information Society,2010,(3):111-153.
[53] Teemu Rissanen. Electronic identity in Finland: ID cards vs. bank IDs [J].Identity in the Information Society,2010,(3):175-194.
[54] Yves Deswarte. Towards a Privacy-Preserving National Identity Card [J]. DataPrivacy Management and Autonomous,2010:48-64.
[55] Andreas Reisen. The German Identity Card-Concepts and Applications [C]. InISSE/SECURE2007Securing Electronic Business.2007:401-404.
[56] Windows Identity Foundation [EB/OL]. Available at:http://en.wikipedia.org/wiki/Windows_Identity_Foundation.
[57] Kal Toth, M. Subramanium. The persona concept: a consumer-centered identitymodel [J]. Emerging Applications for Wireless and Mobile,2003.
[58] A Sarma, A Matos, J Gir o, RL Aguiar. Virtual Identity Framework for TelecomInfrastructures [J]. Wireless Personal Communications,2008,45(4):521-543.
[59] DGW Birch. Psychic ID: A blueprint for a modern national identity scheme [J].Identity in the Information Society,2008,(1):189-201.
[60] Siani Pearson, Marco Casassa Mont. Provision of trusted Identity ManagementUsing Trust credentials [C]. In iTrust2006. LNCS3986,2006:267-282.
[61] Mohammad Hasan Samadani, Mehdi Shajari. Mobile Partial IdentityManagement-The Non-repudiable Minimal Mobile Identity Model [C]. In FGIT2010, Springer-Verlag Berlin Heidelberg, LNCS6485,2010:439-449.
[62] OPAALS [EB/OL]. Available at: http://www.opaals-oks.eu/.
[63] Jimmy McGibney, Dmitri Botvich. Distributed dynamic protection of services onad hoc and p2p. In Proc.of the7th IEEE international conference on IPoperations and management, Springer-Verlag Berlin, Heidelberg,2007:95-106.
[64] Javier Noguera, Techideas Llacuna. Distributed Identity Management Model forDigital Ecosystems [C]. In Proc. of the The International Conference onEmerging Security Information, Systems, and Technologies, IEEE ComputerSociety, Washington, DC, USA,2007:132-138.
[65] Mark McLaughlin, Paul Malone. A Practical Approach to Identity on DigitalEcosystems Using claim Verification and Trust [C]. In Proc. OPAALS2010,LNICST67,2010:161-177.
[66] M. Ion, L. Telesca, F. Botto, et al. An Open Distributed Identity and TrustManagement Approach for Digital Community Ecosystems [C]. In InternationalWorkshop on ICT for Business Clusters in Emerging Markets, Michigan StateUniversity,2007.
[67] McLaughlin, Mark. A Model for Identity in Digital Ecosystems [C]. In3rd IEEEInternational Conference on Digital Ecosystems and Technologies, DEST09,2009:295-300.
[68] Hidehito Gomi, Makoto Hatakeyama, Shigeru Hosono, et al. A DelegationFramework for Federated Identity Management [C]. In Proc. of the2005workshop on Digital identity management, ACM New York, NY, USA,2005:94-103.
[69] Information Management Resource Kit (IMARK)[EB/OL]. Available at:http://www.imarkgroup.org/.
[70]身份识别[EB/OL]. Available at: http://en.wikipedia.org/wiki/Identification.
[71]身份认证[EB/OL]. Available at: http://en.wikipedia.org/wiki/Authentication.
[72]赵鹏.内部威胁身份鉴别系统的研究[D].西安电子科技大学,2010.
[73] Adi Shamir. Identity-based cryptosystems and signature schemes [C]. In Proc. ofCRYPTO84on Advances in cryptology, Santa Barbara, California, UnitedStates: Springer-Verlag New York, Inc.,1985:47-53.
[74] Leslie Lamport. Password authentication with insecure communication [J].Communication of ACM,1981,24(11):770-772.
[75]胡天麟.动态口令双向身份鉴别方案的研究与设计[D].四川大学,2006.
[76]徐红,唐刚强.数据安全与加密算法[J].企业技术开发,2006,(9):16-18.
[77]陶良升.基于对称密钥认证的安全握手协议研究及应用[D].华中科技大学,2009.
[78]吴素研,李瑛,胡祥义等.基于组合对称密钥带加密数字签名方法的研究[J].电子科技大学学报,2009, z1(38):75-78.
[79]曾勇.一种基于非对称密钥密码体制的IMSI保护方案[J].通信技术,2008,9(41).
[80]裴士辉,赵宏伟,张孝临等.基于Vandermonde矩阵的分布式密钥分发中心方案[J].吉林大学学报(工学版),2007,(5):1154-1158.
[81]李志敏.改进Kerberos协议[J].孝感学院学报,2009,(3):61-63.
[82] BSI. BS ISO17090-1-2008.健康信息学.公开密钥基础设施.数字证书服务的综述[S].
[83]田野,张玉军,李忠诚.使用对技术的基于身份密码学研究综述[J].计算机研究与发展,2006,(10):1810-1819.
[84]南湘浩.组合公钥(CPK)体制标准(v5.0)[J].计算机安全,2010,(10).
[85]王先博,李大兴.基于身份的组合公钥认证体制的研究与设计[D].山东大学,2008.
[86]南相浩. CPK算法与标识认证[J].信息安全与通信保密,2006,9(28):12-16.
[87] R. Joyce, G. Gupta. Identity authentication based on keystroke latencies [J].Communications of the ACM,1990,33(2):168-176.
[88] D. Song, P. Venable, A. Perrig. User recognition by keystroke latency patternanalysis [EB/OL]. Available at: http://users.ece.cmu.edu/~adrian/projects/keystroke/mid.pdf,1997.
[89]沈超,蔡忠闽,管晓宏等.基于鼠标行为特征的用户身份认证与监控[J].通信学报,2010,(007):68-75.
[90] A. Weiss, A. Ramapanicker, P. Shah, et al. Mouse movements biometricidentification: A feasibility study [C]. In Proc. of Student/Faculty Research DayCSIS, Pace University, White Plains, NY,2007.
[91] M. Pusara, C. E. Brodley. User re-authentication via mouse movements [C]. InProc. of the2004ACM workshop on Visualization and data mining for computersecurity, ACM New York, NY,USA,2004:1-8.
[92]朱勇,谭铁牛,王蕴红.基于笔迹的身份鉴别[J].自动化学报.2001,2(27).
[93] R. Plamondon, G. Lorette. Automatic signature verification and writeridentification--the state of the art [J]. Pattern recognition,1989,22(2):107-131.
[94] K. Yu, Y. Wang, T. Tan. Writer identification using dynamic features [J].Biometric Authentication,2004:1-8.
[95] Privacy [EB/OL]:Available at: http://en.wikipedia.org/wiki/Privacy.
[96]闵丹丹.网络实名制与隐私权保护问题探究[J].劳动保障世界.2013(2).
[97] C. Clifton, M. Kantarcioglu, J. Vaidya. Defining privacy for data mining [C]. InNational Science Foundation Workshop on Next Generation Data Mining,2002:126-133.
[98]周水庚,李丰,陶宇飞等.面向数据库应用的隐私保护研究综述[J].计算机学报,2009,32(5):847-861.
[99] G. Miklau, D. Suciu. A formal analysis of information disclosure in dataexchange [J]. Journal of Computer and System Sciences,200773(3):207-534.
[100] A. Machanavajjhala, J. Gehrke. On the efficiency of checking perfect privacy [C].In Proceedings of the25th ACM SIGMOD-SIGACT-SIGART symposium onPrinciples of database systems, PODS06, ACM New York, NY, USA,2006:163-172.
[101] A. Deutsch, Y. Papakonstantinou. Privacy in database publishing [C]. In Proc. ofthe10th international conference on Database Theory, ICDT05, Springer-VerlagBerlin, Heidelberg,2005:230-245.
[102] T. Dalenius. Towards a methodology for statistical disclosure control [J].Statistik Tidskrift,1977,15(429-444):1-2.
[103] C. Dwork. Differential privacy: A Survey of Results [C]. In Proc. of the5thinternational conference on Theory and applications of models of computationSpringer-Verlag Berlin, Heidelberg,2008:1-19.
[104] L. H. Cox. Suppression methodology and statistical disclosure control [J].Journal of the American Statistical Association,1980:377-385.
[105] T. Dalenius. Finding a needle in a haystack-or identifying anonymous censusrecord [J]. Journal of Official Statistics,1986,2(3):329-336.
[106] L. Sweeney. Achieving k-anonymity privacy protection using generalization andsuppression [J]. International Journal of Uncertainty Fuzziness andKnowledge-Based Systems,2002,10(5):571-588.
[107] L. Sweeney. k-anonymity: A model for protecting privacy [J]. InternationalJournal on Uncertainty Fuzziness and Knowledgebased Systems,2002,10(5):557-570
[108] K. Wang, B. Fung. Anonymizing sequential releases [C]. In Proc. of the12thACM SIGKDD international conference on Knowledge discovery and datamining, ACM New York, NY, USA,2006:414-423.
[109] M. E. Nergiz, C. Clifton, A. E. Nergiz. Multirelational k-anonymity [J]. IEEETransactions on Knowledge and Data Engineering,2009,21(8):1104-1117.
[110] Ashwin Machanavajjhala, Daniel Kifer, Johannes Gehrke, et al. L-diversity:Privacy beyond k-anonymity [J]. ACM Transcation on Knowledge Discoveryfrom Data (TKKD),2007,1(1):3.
[111] Ninghui Li, Tiancheng Li, Suresh Venkatasubramanian. t-Closeness: PrivacyBeyond k-Anonymity and l-Diversity [C]. In IEEE23rd International Conferenceon Data Engineering, ICDE2007, Istanbul, Turkey,2007:106-115.
[112] Raymond Chi-Wing Wong, Jiuyong Li, Ada Wai-Chee Fu, et al.(,k)-anonymity: an enhanced k-anonymity model for privacy preserving datapublishing [C]. In Proc. of the12th ACM SIGKDD international conference onKnowledge discovery and data mining, Philadelphia, USA: Association forComputing Machinery (ACM),2006:754-759.
[113] Xiaokui Xiao, Yufei Tao. Personalized privacy preservation [C]. In Proc. of the2006ACM SIGMOD international conference on Management of data,SIGMOD06, ACM New York, NY, USA,2006:229-240.
[114] M. E. Nergiz, M. Atzori, C. Clifton. Hiding the presence of individuals fromshared databases [C]. In Proc. of the2007ACM SIGMOD internationalconference on Management of data, SIGMOD07, ACM New York, NY, USA,2007:665-676.
[115] A. Blum, K. Ligett, A. Roth. A learning theory approach to non-interactivedatabase privacy [C]. In Proc. of the40th annual ACM symposium on Theory ofcomputing, STOC08, ACM New York, NY, USA,2008:609-618.
[116] V. Rastogi, D. Suciu, S. Hong. The boundary between privacy and utility in datapublishing [C]. In Proc. of the33rd international conference on Very large databases, VLDB07,2007:531-542.
[117] G. T. Marx. Privacy and technology [J]. Whole Earth Review,1991,5(9):523-541.
[118] SAML [EB/OL]. Available at: http://saml.xml.org/,http://en.wikipedia.org/wiki/Security_Assertion_Markup_Language.
[119] OASIS [EB/OL].Available at: http://www.oasis-open.org/.
[120] AuthML [EB/OL].Available at: http://dret.net/glossary/authml.
[121] WS-Federation [EB/OL].Available at: http://www.ibm.com/developerworks/library/specification/ws-fed/, http://en.wikipedia.org/wiki/WS-Federation,http://msdn.microsoft.com/en-us/library/bb498017.aspx.
[122] Medina, M., Colomer, M., Polo, S.G., Poorter, A.D.. Fidelity: Federated IdentityManagement Security based on Liberty Alliance on European Ambit [C]. In Proc.of the28th International Conference on Software Engineering, ISSE(2006),2006:161-167.
[123] Liberty Alliance [EB/OL]. Available at: http://kantarainitiative.org/.
[124] Shibboleth [EB/OL]. Available at: http://shibboleth.net/.
[125] Federal Segment Architecture Methodology (FSAM)[EB/OL]. Available at:http://www.whitehouse.gov/omb/e-gov/fsam.
[126] E. H. Sibley, R. W. Taylor. A data definition and mapping language [J].Communications of the ACM,1973,16(12):750-759.
[127] A. G. Merten, J. P. Fry. A data description language approach to file translation[C]. In Proc. of the1974ACM SIGFIDET (now SIGMOD) workshop on Datadescription, access and control, SIGFIDET74, ACM New York, NY, USA,1974:192-205.
[128] B. Veth. An integrated data description language for coding design knowledge[J]. Intelligent CAD Systems I.1987:295-313.
[129] N. C. Shu, B. C. Housel, V. Y. Lum. CONVERT: a high level translationdefinition language for data conversion [J]. Communications of the ACM,1975,18(10):557-567.
[130] M. E. Senko. Data description language in the concept of multilevel structureddescription: DIAM II with FORAL [C]. In IFIP TC-2Special WorkingConference on Data Base Description, North-Holland Pub. Co., Amsterdam,1975:239-258.
[131] D. Chamberlin, J. Robie, D. Florescu. Quilt: An XML query language forheterogeneous data sources [J]. The World Wide Web and Databases,2001:1-25.
[132] D. D. Chamberlin, M. M. Astrahan, K. P. Eswaran, et al. SEQUEL2: A unifiedapproach to data definition, manipulation, and control [J]. IBM Journal ofResearch and Development,1976,20(6):560-575.
[133] XML Schema [EB/OL]. Available at:http://www.w3schools.com/schema/schema_intro.asp,http://en.wikipedia.org/wiki/XML_schema.
[134] XML Document Type Definition [EB/OL]. Available at:http://www.w3schools.com/dtd/default.asp,http://en.wikipedia.org/wiki/Document_Type_Definition.
[135] Data Format Description Language WG (DFDL-WG)[EB/OL]. Available at:http://forge.gridforum.org/projects/dfdl-wg.
[136] Y. Mandelbaum, K. Fisher, D. Walker, et al. PADS/ML: A functional datadescription language [J]. ACM SIGPLAN Notices,2007,42(1):77-83.
[137] Binary XML [EB/OL]. Available at: http://www.w3.org/XML/Binary/.
[138] RDF Schema [EB/OL]. Available at: http://www.w3.org/TR/rdf-schema/.
[139] Protocol Buffers: Google s Data Interchange Format [EB/OL]. Available at:http://code.google.com/apis/protocolbuffers.
[140] Kim Cameron, The Law Of Identity [EB/OL]. Available at:http://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf,2005.
[141] S. S. Y. Shim, G. Bhalla, V. Pendyala. Federated identity management [J].Computer,2005,38(12):120-122.
[142] Y. Zuo, X. Luo, F. Zeng. Towards a dynamic federation framework based onSAML and automated trust negotiation [J]. Web Information Systems andMining,2010:254-262.
[143] S. Rieger. User-centric identity management in heterogeneous federations [C]. InProc. of the4th International Conference on Internet and Web Applications andServices, ICIW09,2009:527-532.
[144] Federated Identity [EB/OL]. Available at:http://en.wikipedia.org/wiki/Federated_identity.
[145] S. Bleha, C. Slivinsky, B. Hussien. Computer-access security systems usingkeystroke dynamics [J]. Pattern Analysis and Machine Intelligence, IEEETransactions on,1990,12(12):1217-1222.
[146] F. Monrose, A. D. Rubin. Keystroke dynamics as a biometric for authentication[J]. Future Generation Computer Systems,2000,16(4):351-359.
[147] F. Bergadano, D. Gunetti, C. Picardi. User authentication through keystrokedynamics [J]. ACM Transactions on Information and System Security (TISSEC),2002,5(4):367-397.
[148] M. S. Obaidat, B. Sadoun. Verification of computer users using keystrokedynamics [J]. IEEE Transactions on Systems, Man, and Cybernetics, Part B:Cybernetics,1997,27(2):261-269.
[149] V. Kacholia, S. Pandit. Biometric authentication using random distributions(bioART)[C]. In Proc.15th Canadian IT Security Symp.(CITSS), Governmentof Canada,2003.
[150] X. Kai, Others. Identity authentication system based on improved PR-RP model
[C]. In Proc. of the2nd International Conference on Advanced ComputerControl,ICACC10,2010(5):65-69.
[151] S. Brin, L. Page. The anatomy of a large-scale hypertextual Web search engine[J]. Computer networks and ISDN systems,1998,30(1-7):107-117.
[152] J. M. Kleinberg. Authoritative sources in a hyperlinked environment [J]. Journalof the ACM (JACM),1999,46(5):604-632.
[153] A. Meyerson, R. Williams. On the complexity of optimal k-anonymity [C]. InProc. of the23rd ACM SIGMOD-SIGACT-SIGART Symposium on Principlesof Database Systems (PODS’04). Paris, France,2004:223-228.
[154] X. Xiao and Y. Tao. Anatomy: Simple and effective privacy preservation [C]. InProc. of the32nd International Conference on Very Large Data Bases(VLDB’06). Seoul, Korea.2006:139-150.
[155] C. C. Aggarwal. On k-anonymity and the curse of dimensionality [C]. In Proc. ofthe31st International Conference on Very Large Data Bases (VLDB’05),Trondheim, Norway.2005.901-909.
[156] N. Li, T. Li, and S. Venkatasubramanian. Closeness: A New Privacy Measure forData Publishing [J]. IEEE Transcations on Knowledge and Data Engineering,2010,22(7):943-956.
[157] L. Sweeney. Achieving k-anonymity privacy protection using generalization andsuppression [J]. International Journal on Uncertainly, Fuzziness andKnowledge-based Systems,2002,10(5):571-588.
[158] A. Machanavajjhala, J. Gehrke, and D. Kifer. L-diversity: Privacy beyondk-anonymity [J]. ACM Transactions on Knowledge Discovery from Data(TKDD),2007,1(1).
[159] Y. Rubner, C. Tomasi, and L. J. Guibas. The earth mover’s distance as a metricfor image retrieval [J]. International Journal of Computer Vision,2000,40(2):99~121.
[160] Adult Data Set in Machine Learning Respository [EB/OL]. Available at:http://archive.ics.uci.edu/ml/datasets/Adult.
[161] X. Xiao and Y. Tao. Anatomy: Simple and effective privacy preservation [C]. InProc. of the32nd International Conference on Very Large Data Bases(VLDB’06), Seoul, Korea,2006:139~150.