Broadband man solution details

China's broadband MAN construction is still very rapid, so I have studied the problems encountered during the construction of the broadband MAN, here I will share with you, I hope to be useful to you. The capability of network and information security represents the overall national strength, economic competitiveness, and viability of the 21st century. It is the "killer" of international competition in the future ". At present, China is accelerating the process of informatization of the national economy and society, and urgently needs a secure and trusted basic network platform for telecommunications to provide basic security protection for various information applications.

With the development and evolution of network technology, IP Broadband man has become the development direction of broadband man, and all kinds of information applications will be based on IP technology. However, IP Broadband man has many problems in management and security applications. For example, it cannot effectively identify users entering the network and effectively protect users' personal information; it cannot effectively resolve the anti-Repudiation issue. On the one hand, these problems lead to poor control, management, and operation of the IP Broadband man. On the other hand, they directly affect the national information security and the national security.

The main cause of these problems is that the "user name + password" authentication method currently adopted by the IP Broadband man can only achieve basic and simple management, security is insufficient (for example, it is easy to use and use together). There is no fixed correspondence between the user name and the access line, making it difficult to locate the user access and manage the user permissions. Therefore, to effectively solve the problems existing in the management and security applications of IP Broadband man, we must first solve the problems of user identity authentication, user authorization management, and user positioning, establish a trusted network environment. In recent years, information security technology has received wide attention and has made great strides, especially based on public key infrastructure (PKI) and authorization management infrastructure (PMI) has made breakthroughs in Intelligent trust and authorization technology, and has been widely applied in e-government and e-commerce systems.

Therefore, this article will discuss how to use smart trust and authorization technology based on PKI/PMI to establish a trusted environment for IP Broadband man, how to Apply digital certificate authentication, management, and other information security technologies to the operation and management of IP Broadband man, so as to build a telecom-level IP Broadband man that can be controlled, managed, and operated, provides a secure and trusted basic telecommunications network platform for various information applications. This is a brand new way of thinking, a new attempt, with higher security and flexibility than other IP Man management methods.

PKI is an important part of national information security infrastructure (NISI). It is based on public key technology, provides reliable security services for network applications (such as browsers and e-mails) for the security purpose of data confidentiality, integrity, online identity authentication, and non-repudiation of behaviors. In the national information security infrastructure, PKI adopts a dual-key certificate system. asymmetric algorithms support RSA and Elliptic Curve Public Key (ECC) algorithms, symmetric cryptographic algorithms support cryptographic algorithms specified by the office of the Office of the National cryptography Administration Commission. The Public Key Infrastructure includes the trust service system and key management system.

The primary responsibility of the trust service system is to provide the system with the entity identity authentication service based on the PKI public key digital certificate (PKC) authentication mechanism, so that the real identity of the entity can be uniquely identified within the entire system, so as to establish consistent trust benchmarks throughout the system. The key management system is mainly responsible for providing key pair management services to the system, at the same time, the authorization management department is provided with the special key recovery function in case of emergency.

PMI is also an important component of NISI. It aims to provide authorization Service Management for users and applications, and is mainly responsible for providing application-related Authorization Service Management to application systems, provides the ing function from user identity to application authorization. With resource management as the core, PMI provides an authorization and access control mechanism based on the attribute certificate (AC) to centrally control resource access to the Authority for management, that is, access control is performed by the resource owner. Compared with PKI, the difference between the two lies in: PKI proves who the user is, while PMI proves what permissions the user has and what he can do, and PMI requires PKI to provide identity authentication services for the user.