MeSign unified identity authentication service aims to provide users with a neutral third-party identity authentication service. This is to protect the privacy of Internet users and to protect the security of business systems. It separates identity authentication services from Internet services, identity authentication service provider does not know the user’s Internet consumption behavior, and Internet service providers do not know the user’s identity. This is so that Internet service providers cannot achieve user behavior portraits and can effectively protect users’ Internet consumption privacy. At the same time, it can also effectively protect the system security of the Internet service provider because the consumption data loses the value of the attack without the real identity information; and the attack on the identity service provider is also worthless, because there is no value information behind the identity.
The advantage of MeSign unified identity authentication service is that each user has a digital certificate and can provide a more secure and reliable digital signature technology to achieve secure identity authentication instead of using insecure username/password authentication. MeSign users only need to scan the code using MeSign App to achieve strong identity authentication with their own digital certificate and digital signature, providing reliable and secure unified identity authentication services for Internet service providers.
MeSign unified identity authentication service provides users with 5 different security levels of identity: V0 level: only verifies the username and password, with the lowest security level; V1 level: verifies the digital signature of the user’s email without other identity information; V2 level: verifies the digital signature of user’s email and user personal identity, trusted personal identity; V3 level: verifies the digital signature of user’s enterprise email and organization identity, trusted organization identity; V4 level: verifies the digital signature of user’s enterprise email, organization identity and employee identity, trusted organization employee identity. Internet service providers can choose what level of user identity is required for user to log in to the business system according to business needs.
MeSign Unified Identity Authentication Service adopts the OpenID standards. Users need to connect to the identity authentication service in accordance with OpenID standards. MeSign Technology provides corresponding docking documents and corresponding technical support. The specific implementation principle is shown in the figure below. The user must first register with the MeSign identity authentication system (MeSign App users do not need to register), and select the required identity validation level, and complete the identity validation according to the requirements. The V0 level is free to register and provide free service, the V1 level needs to download and install the MeSign App, setup email account and log in to automatically obtain the signing certificate and encrypting certificate that bound to user’s email address, then users can use MeSign App to use the signing certificate for digital signature to realize strong identity authentication and login to the business system, which is also free service. For V2/V3/V4 levels, users need to download and install the MeSign App and pay for the related services to obtain the signing certificate and encrypting certificate of the corresponding identity validation level, then users can use MeSign App to use the corresponding validation level of signing certificate for digital signature to realize the strong identity authentication and login to business system.
That is to say, after the user has the MeSign identity, user has an OpenID Access Token, then can use this Token to access all business systems that support OpenID unified identity authentication. When a user uses a Token to access a business system, the business system accesses the MeSign Identity Validation System to verify whether the token is valid. If it is valid, the user is allowed to log in, and the business system can choose which level identity is requireed to access the system. And business sytem also can provide different resources according to the different identity level token provided by the user. For example, forums that allow anonymous access can only require users to use V0 or V1 level tokens, while services that require user’s identity validated can require users to use V2/V3/V4 level tokens to register and log in to different systems. MeSign unified identity authentication system allows individual users to choose V0/V1/V2 three different identity levels, and organiztion users can choose V0/V1/V3/V4 four different identity levels to log in to different systems.