Method and system for realizing network identity authentication based on two pieces of isolation equipment

The invention relates to a method and system for realizing network identity authentication based on two pieces of isolation equipment. One piece of network computing equipment used in the network identity authentication process is increased to two pieces of physically-isolated network computing equipment, and each piece of network computing equipment does not process all identity authentication information, so that the Internet log-on and transaction activity security of a user is promoted. In a typical application of the method and the system, on the basis of the characteristic that a mobile phone is highly bound with the user, the same function of a special hardware key device is realized by using the mobile phone, the mobile phone becomes a general digital signature terminal, and the user can safely complete log-on and transaction activities by using a public computer, so that user experience is enhanced greatly, a PKI (Public Key Infrastructure) certificate system is easier to implement, and a general safe resolution is provided for network identity authentication based on a PKI/CA (Public Key Infrastructure/Certification Authority) structure.