用户自治数字身份安全白皮书.pdf

第一章：为什么需要用户自治的数字身份................................................................7 1.1 传统的中心化数字身份..................................................................................7 1.2 传统的数字身份系统的痛点..........................................................................9 第二章：用户自治的数字身份（SSI）和去中心化数字身份（DID）................... 10 2.1 DID 标准介绍..............................................................................................12 2.1.1 W3C 的 DID...................................................................................... 13 2.1.2 欧洲的 SID....................................................................................... 17 2.1.3 中国公安部的 EID........................................................................... 19 2.2 DID 代表性项目介绍..................................................................................21 2.2.1 元界 DNA 的 DID 数字身份.............................................................21 2.2.2 Civic 数字身份项目......................................................................... 25 2.2.3 Evernym 数字身份项目...................................................................27 2.2.4 uPort 数字身份项目........................................................................31 2.2.5 微软的 DID 数字身份项目..............................................................32 第三章：DID 安全与隐私考虑...................................................................................37 3.1 DID 安全注意事项: 窃听..............................................................................39 3.2 DID 安全注意事项: 重放攻击......................................................................40 3.3 DID 安全注意事项：消息操纵.....................................................................40 3.4 DID 安全注意事项: 中间人攻击..................................................................41 3.5 DID 安全注意事项: DID 的 CRUD 安全.........................................................42 3.6 DID 安全注意事项：密钥和签名到期.........................................................43 3.7 DID 安全注意事项：抵赖攻击（Repudiation)...............................