Abstract: To solve the problems of a large number of business terminal devices and complex unified security access management permissions in the high-speed railway passenger service system (referred to as the passenger service system), insufficient zero trust access control measures, and single point of failure in the traditional Software Defined Perimeter (SDP) zero trust architecture in practical applications, this paper designed a Dual identity SDP (DSDP) zero trust architecture to transform the main data center of the passenger service system and the server cluster architecture of the railway bureau group company, ensured the security of the station business terminal device access under its management. The paper proposed a dual authentication process algorithm based on homomorphic encryption technology to implement bidirectional mutual recognition between the main data center and the SDP control module of the railway group company under the zero trust architecture of DSDP. The experimental results show that the zero trust architecture of DSDP can effectively combat hijacking risks. In the case of multiple users, this architecture can ensure that the response time of the passenger service system is within a reasonable range and with availability, provide technical means for unified access of passenger service system terminal devices and zero trust identity authentication with different permission requirements.