CN104753872A - Authentication method, authentication platform, service platform, network elements and system - Google Patents
Authentication method, authentication platform, service platform, network elements and system Download PDFInfo
- Publication number
- CN104753872A CN104753872A CN201310745612.9A CN201310745612A CN104753872A CN 104753872 A CN104753872 A CN 104753872A CN 201310745612 A CN201310745612 A CN 201310745612A CN 104753872 A CN104753872 A CN 104753872A
- Authority
- CN
- China
- Prior art keywords
- authentication
- business
- terminal
- request
- platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the invention provides an authentication method, an authentication platform, a service platform, network elements and a system. When terminal information of a terminal triggered by network elements conducting terminal authentication initialization in a designated network having a complete authentication mechanism and completing authentication initialization of the designated network is received, the terminal information is saved, wherein the terminal information includes terminal identification information; when a first service authentication request sent by the service platform and conducting authentication on a request terminal requesting for login of the service platform is received, it is determined whether the request terminal completes the authentication initialization of the designated network according to the saved terminal information; when the request terminal completes the authentication initialization of the designated network, it is determined that an authentication result of the first service authentication request is yes, and the authentication result of the first service authentication request is sent to the service platform. The problem of low authentication efficiency in the prior art is solved. The invention relates to the technical field of mobile communication.
Description
Technical field
The present invention relates to mobile communication technology field, particularly relate to authentication method, authentication platform, business platform, network element and system.
Background technology
In prior art, in order to ensure secure user data, user usually needed the certification by security mechanism before usage data business.To use based on IP Multimedia System (IMS, IP MultimediaSubsystem) network data service and use based on HTML (Hypertext Markup Language) (HTTP, HypertextTransfer Protocol) data service carried out of agreement is example, based on the data service that IMS network is carried out, mostly be the data services such as instant messaging, video calling, video conference.Comprise multiple based on http protocol and the data service carried out of related communication mechanism, such as: for the game service etc. of the location service of locating and navigate, client-based and server.
In order to ensure the safety of user data, when using the data service based on http protocol and the data service based on IMS network, usually all need to carry out certification to client.For the data service based on http protocol, generally before client uses corresponding business, business platform can adopt HTTP Basic Authentication or HTTP summary HTTP Digest authentication mode to carry out certification to client; For the business based on IMS network, generally when client access IMS network, IMS network adopts IMS session initiation protocol summary (Session Initiation Protocol Digest) authentication mode or IMS certifiede-mail protocol (AKA, Authentication and Key Agreement) authentication mode carries out certification to client, the client that have passed based on the business platform certification of http protocol can use this business, and the client that have passed IMS network certification can use the most IMS business provided in IMS network.
Further, when the client based on HTTP existing in a terminal, there is again the client based on IMS business, and the authentication information of needs when certification being carried out to client based on the business platform of HTTP, when when carrying out certification with IMS network to client, the authentication information of needs is same set of user data, such as, termination number, client identification module (SIM, Subscriber Identity Model) card in information, terminal number, user name password etc., terminal supports same set of user data, but need to support different authentication modes, namely the certification based on the business platform of HTTP and the certification based on IMS network is supported respectively, and for network side, namely also need to provide different network elements to support different authentication mechanisms for same set of user data respectively based on the business platform of HTTP and IMS network, no matter still to network side, exploitation is all existed to terminal complicated, authentication function repeats, and the problem that authentication efficiency is low.
Summary of the invention
Embodiments provide authentication method, authentication platform, business platform, network element and system, in order to solve in prior art, data service based on different platform needs to provide different network elements to support different authentication mechanisms for same set of user data respectively, the problem that authentication function repeats, authentication efficiency is low.
Based on the problems referred to above, one of a kind of authentication method that the embodiment of the present invention provides, comprising:
When receiving in the specified network with full authentication mechanism for carrying out that the initialized network element of certification triggers, the end message that completes described specified network certification initialization terminal to terminal, described end message is preserved, wherein, described end message comprises terminal identification information;
When receiving requesting terminal that business platform sends, that request is logged in described business platform and carrying out the first business authentication request of certification, according to the described end message preserved, determine whether described request terminal completes the certification initialization of described specified network;
When determining that described request terminal completes the certification initialization of described specified network, determining that the authentication result of described first business authentication request is successfully, and the authentication result of described first business authentication request is sent to described business platform.
A kind of authentication method two that the embodiment of the present invention provides, comprising:
When receiving the logging request that requesting terminal sends, the first business authentication request described request terminal being carried out to certification is sent to authentication platform, wherein, described first business authentication request is used for described authentication platform according to the end message completing described specified network certification initialization terminal preserved, determine that whether described request terminal has been the initialized terminal of certification of described specified network, described end message comprises terminal identification information;
When described authentication platform determination described request terminal completes the certification initialization of described specified network, receive the successful authentication result of described first business authentication request authentication that described authentication platform sends.
A kind of authentication method three that the embodiment of the present invention provides, comprising:
After certification initialization is carried out to terminal, the end message completing specified network certification initialization terminal is triggered to authentication platform,
Wherein, described end message is used for described authentication platform and is preserved by described end message, when receiving requesting terminal that business platform sends, that request is logged in described business platform and carrying out the first business authentication request of certification, according to the described end message preserved, determine whether described request terminal completes the certification initialization of described specified network, and when determining that described request terminal completes the certification initialization of described specified network, the authentication result determining described first business authentication request is successfully, and described end message comprises terminal identification information.
A kind of authentication platform that the embodiment of the present invention provides, comprising:
Memory module, for when receiving in the specified network with full authentication mechanism for carrying out that the initialized network element of certification triggers, the end message that completes described specified network certification initialization terminal to terminal, described end message is preserved, wherein, described end message comprises terminal identification information;
First authentication module, for when receiving requesting terminal that business platform sends, that request is logged in described business platform and carrying out the first business authentication request of certification, according to the described end message preserved, determine whether described request terminal completes the certification initialization of described specified network;
Sending module, for when determining that described request terminal completes the certification initialization of described specified network, determining that the authentication result of described first business authentication request is successfully, and the authentication result of described first business authentication request is sent to described business platform.
A kind of business platform that the embodiment of the present invention provides, comprising:
Sending module, for when receiving the logging request that requesting terminal sends, the first business authentication request described request terminal being carried out to certification is sent to authentication platform, wherein, described first business authentication request is used for described authentication platform according to the end message completing described specified network certification initialization terminal preserved, determine that whether described request terminal has been the initialized terminal of certification of described specified network, described end message comprises terminal identification information;
Receiver module, for when described authentication platform determination described request terminal completes the certification initialization of described specified network, receives the successful authentication result of described first business authentication request authentication that described authentication platform sends.
The network element of a kind of specified network that the embodiment of the present invention provides, comprising:
Certification initialization module, for carrying out the certification initialization of specified network to terminal;
Trigger module, after certification initialization being carried out to terminal at described certification initialization module, the end message completing described specified network certification initialization terminal is triggered to authentication platform, wherein, described end message is used for described authentication platform and is preserved by described end message, when receive business platform send, when first business authentication request of certification is carried out to the requesting terminal of request login described business platform, according to the described end message preserved, determine whether described request terminal completes the certification initialization of described specified network, and when determining that described request terminal completes the certification initialization of described specified network, the authentication result determining described first business authentication request is successfully, described end message comprises terminal identification information.
A kind of Verification System that the embodiment of the present invention provides, comprising: the network element of above-mentioned authentication platform, above-mentioned business platform, above-mentioned specified network and multiple terminal.
The beneficial effect of the embodiment of the present invention comprises:
The authentication method that the embodiment of the present invention provides, authentication platform, business platform, network element and system, when receiving in the specified network with full authentication mechanism for carrying out end message that the initialized network element of certification triggers, that complete specified network certification initialization terminal to terminal, end message is preserved, wherein, end message comprises terminal identification information; When receive that business platform sends, the first business authentication request of certification is carried out to the requesting terminal of request registering service platform time, according to the end message preserved, determine whether requesting terminal completes the certification initialization of specified network; When determining that requesting terminal completes the certification initialization of specified network, determining that the authentication result of the first business authentication request is successfully, and the authentication result of the first business authentication request is sent to business platform.When requesting terminal request registering service platform, determine whether this requesting terminal completes the certification initialization of specified network by the authentication platform of the end message having preserved specified network certification initialization terminal, if requesting terminal has completed the certification initialization of specified network, then determine that requesting terminal logs in the success of described business platform, namely after completing the certification initialization of specified network, just can use the business of the business platform in listing specified network and outside specified network, extended authentication result can be use based on the data service of above-mentioned specified network, can be again based on described specified network outside business platform data service use, both effectively make use of the authentication capability that existing network element provides, avoid the repeated construction of authentication function network element, turn avoid terminal authentication function is repeated and complicated exploitation.With prior art, the data service based on different platform needs to provide different network elements to support for same set of user data respectively, and different authentication mechanisms is compared, and improves authentication efficiency.
Accompanying drawing explanation
The flow chart of one of a kind of authentication method that Fig. 1 provides for the embodiment of the present invention;
The flow chart of a kind of authentication method two that Fig. 2 provides for the embodiment of the present invention;
The flow chart of a kind of authentication method that Fig. 3 provides for the embodiment of the present invention 1;
The flow chart of a kind of authentication method that Fig. 4 provides for the embodiment of the present invention 2;
The flow chart of a kind of authentication method that Fig. 5 provides for the embodiment of the present invention 3;
The flow chart of a kind of authentication method that Fig. 6 provides for the embodiment of the present invention 4;
The structural representation of a kind of authentication platform that Fig. 7 provides for the embodiment of the present invention;
The structural representation of a kind of business platform that Fig. 8 provides for the embodiment of the present invention;
The structural representation of a kind of specified network network element that Fig. 9 provides for the embodiment of the present invention.
Embodiment
Embodiments provide authentication method, authentication platform, business platform, network element and system, below in conjunction with Figure of description, the preferred embodiments of the present invention are described, be to be understood that, preferred embodiment described herein, only for instruction and explanation of the present invention, is not intended to limit the present invention.And when not conflicting, the embodiment in the application and the feature in embodiment can combine mutually.
The embodiment of the present invention provides a kind of authentication method, is applied to authentication platform side, as shown in Figure 1, comprising:
S101, when receiving in the specified network with full authentication mechanism for carrying out end message that the initialized network element of certification triggers, that complete specified network certification initialization terminal to terminal, this end message is preserved, wherein, this end message comprises terminal identification information.
S102, when receive that business platform sends, the first business authentication request of certification is carried out to the requesting terminal of request registering service platform time, according to the above-mentioned end message preserved, determine whether this requesting terminal completes the certification initialization of specified network.
S103, when determining that above-mentioned requesting terminal completes the certification initialization of specified network, determining that the authentication result of the first business authentication request is successfully, and the authentication result of the first business authentication request is sent to business platform.
Correspondingly, the embodiment of the present invention provides a kind of authentication method to the authentication method provided with Fig. 1, is applied to business platform side, as shown in Figure 2, comprises:
S201, when receive requesting terminal send logging request time, the first business authentication request requesting terminal being carried out to certification is sent to authentication platform, wherein, first business authentication request is used for authentication platform according to the end message completing specified network certification initialization terminal preserved, determine that whether requesting terminal has been the initialized terminal of certification of specified network, end message comprises terminal identification information.
S202, when authentication platform determines that above-mentioned requesting terminal completes the certification initialization of specified network, receive authentication platform send the successful authentication result of the first business authentication request authentication.
Correspondingly, the embodiment of the present invention provides a kind of authentication method to the authentication method provided with Fig. 1, Fig. 2, is applied to the network element side network element of specified network, comprises:
After certification initialization is carried out to terminal, the end message completing specified network certification initialization terminal is triggered to authentication platform,
Wherein, end message is used for authentication platform and is preserved by this end message, when receive that business platform sends, the first business authentication request of certification is carried out to the requesting terminal of request registering service platform time, according to the end message preserved, determine whether requesting terminal completes the certification initialization of specified network, and when determining that requesting terminal completes the certification initialization of specified network, determine that the authentication result of the first business authentication request is that successfully end message comprises terminal identification information.
Further, specified network can be authenticated, ripe, possesses the network of complete safety authentication mechanism, has complete user and end message administrative mechanism, and can safe handling, storing subscriber information, end message.For IMS network system, for the data service carried out based on IMS network, the code that IMS generally all can be used to provide number, route and security authentication mechanism, mainly comprise the authentication mode of SIP Digest and IMS AKA.After IMS network and network unit construction complete, above various mechanism just can be provided to carry out data service based on IMS, but be only limitted to provide to based on IMS data service.For most of HTTP class data service that non-IMS carries out, be code number, route or security authentication mechanism all again build.Because IMS network has oneself routing mechanism, proprietary server and code mechanism, it is a comparatively safe and closed network system, and have safer user data, if therefore IMS security certification result can be used, and extended authentication result can be use based on the data service of IMS, can be again use based on the data service of HTTP, both effectively make use of the authentication capability that existing network element provides, avoid the repeated construction of authentication function network element, turn avoid terminal and authentication function is repeated and complicated exploitation.
Below in conjunction with accompanying drawing, with specific embodiment, method provided by the invention and relevant device are described in detail.
Embodiment 1:
In the embodiment of the present invention 1, provide a kind of authentication method, be applied to authentication platform side, as shown in Figure 3, specifically comprise the steps:
S301, when receiving in the specified network with full authentication mechanism for carrying out end message that the initialized network element of certification triggers, that complete specified network certification initialization terminal to terminal, this end message is preserved, wherein, this end message comprises terminal identification information.
Further, for IMS network, the network element mainly used in the ims network, and the basic function of these network elements in IMS certification initialization procedure is as follows:
CSCF (CSCF, Call Session Control Function), CSCF can be divided into P/S/I three types again by its position and function: Proxy Call Session Control Function (P-CSCF, ProxyCSCF): be first tie point be connected with user in IMS, Proxy function is provided, namely accepts the service request of user and service request is forwarded; Service call conversation control function (S-CSCF, ServingCSCF): S-CSCF is in the driver's seat of core in IMS core net, is responsible for the certification initialization authentication to UE and session control in IMS certification initialization procedure; Consultation call conversation control function (I-CSCF, Interrogating CSCF): I-CSCF is the preliminary entrance of the unification of ownership IMS network, is first access point of local network; I-CSCF is responsible for forwarding user's call request to suitable S-CSCF; P/S/I-CSCF can be also can be independently unification on physical entity.
In prior art, after terminal completes IMS network certification initialization, the end message completing certification initialization terminal can be triggered to the IMS business platform in IMS network for carrying out the initialized network element of certification to terminal, each IMS business platform can be determined when the request of the use IMS business of subsequently received terminal by the initialized terminal of IMS network certification, continue follow-up IMS business, in the present embodiment, a network element is determined other network elements that can relate to when these network elements or terminal carry out IMS network certification initialization in advance, after terminal completes IMS network certification initialization, not only the end message completing certification initialization terminal is triggered to the IMS business platform in IMS network, also to the end message completing certification initialization terminal be triggered to authentication platform, make the business platform based on HTTP business the terminal of this business platform can be used to carry out certification to request by authentication platform.
Further, authentication platform can be the platform independent of each business platform, also can be integrated on a physical entity with each business platform, when authentication platform is independent of each business platform, the initialized network element of certification is carried out to terminal and the end message completing certification initialization terminal can be sent to this authentication platform, when authentication platform is integrated on a physical entity as authentication module and each business platform, the initialized network element of certification is carried out to terminal and the end message completing certification initialization terminal can be sent to respectively each authentication module in each business platform.
S302, when receiving the first business authentication request that business platform sends, that request is logged in service identification that certification is carried out in the requesting terminal of this business platform, that carry the corresponding business of this business platform, the first token token is generated based on this service identification, and a token is sent to this business platform
Wherein, after one token is sent to requesting terminal for business platform by the one token, requesting terminal is with the first cipher mode, use the terminal identification information of a token to requesting terminal to be encrypted, the terminal identification information of the first cipher mode and encryption is sent to described business platform.
Further, in this step, can work as after business platform receives the logging request of requesting terminal, the terminal identification information of this requesting terminal of correspondence is sent to authentication platform, authentication platform is made directly to use this terminal identification information and the terminal identification information completing specified network certification initialization terminal of self preserving to compare, determine whether this requesting terminal completes specified network certification initialization, thus whether the authentication result determining the first business authentication request is authentication success, but, in order to fail safe, in this step, authentication platform makes requesting terminal reporting terminal identification information by signing and issuing a token.For IMS network, this terminal identification information can be public user identity (IMPU, IMS Public User identity).
Further, the service identification of the corresponding business of business platform can be carried in first business authentication request, the terminal identification information of requesting terminal can also be carried in first business authentication request, the terminal identification information of requesting terminal is that business platform is preserved in advance, and when receiving the logging request of requesting terminal, the log-on message of carrying according to requesting terminal is determined, that is, different log-on messages may be used when requesting terminal logs in different business platforms, by the log-on message corresponding stored of the terminal identification information of this requesting terminal and requesting terminal business platform can apply for business during in requesting terminal, when receiving the logging request of this requesting terminal, the terminal identification information of requesting terminal can be determined according to log-on message, and be carried in the first business authentication request and send to authentication platform, so, in this step, a token is generated based on service identification, can be replaced by: the terminal identification information based on service identification and requesting terminal generates a token.
Further, after one token is sent to requesting terminal for business platform by the one token, requesting terminal is with the first cipher mode, the token received is used to be encrypted the terminal identification information of requesting terminal and the relevant information of requesting terminal, by the first cipher mode, the terminal identification information of encryption, and the relevant information of encryption sends to business platform, relevant information comprises the numbering of requesting terminal and/or the medium access control (MAC of requesting terminal, Media Access Control) address, that is, in this step, when requesting terminal uses a token to be encrypted, in order to improve fail safe, more information can be encrypted.
S303, when receive business platform send carry the second business authentication request of the terminal identification information of the first cipher mode and encryption time, according to first manner of decryption corresponding with the first cipher mode, determine the terminal identification information of requesting terminal, and according to the end message preserved, determine whether requesting terminal completes the certification initialization of specified network.
In this step, when requesting terminal is with the first cipher mode, when using the token received to be encrypted the terminal identification information of requesting terminal and the relevant information of requesting terminal, the second business authentication request carries the first cipher mode, the terminal identification information of encryption and the relevant information of encryption.
In this step, when business platform receives the first cipher mode and the terminal identification information of encryption that requesting terminal sends, the terminal identification information of the first cipher mode and encryption can be packaged in the second business authentication request and send to authentication platform, certification please be carried out by authentication platform.
Further, in this step, the terminal identification information of requesting terminal that deciphering can be obtained and the end message completing specified network certification initialization terminal of preservation compare, if there is the terminal identification information of this requesting terminal in the end message preserved, then determine that this requesting terminal has completed the certification initialization of specified network.
S304, when determining that above-mentioned requesting terminal completes the certification initialization of specified network, determining that the authentication result of the first business authentication request is successfully, and the authentication result of the first business authentication request is sent to business platform.
S305, generation the 2nd token also send to business platform,
Wherein, after 2nd token is sent to requesting terminal for business platform by the 2nd token, requesting terminal, with the second cipher mode, uses the 2nd token to be encrypted business information, and the business information of the second cipher mode and encryption is sent to business platform.
Further, determine that requesting terminal is by after certification in step s 304, requesting terminal and business platform can be made in subsequent steps to carry out alternately, but in order to ensure safety, some important business information can be encrypted, in this step, the 2nd token that authentication platform generates may be used for follow-uply important business information being encrypted.
S306, when receive business platform send carry the 3rd business authentication request of the business information of the second cipher mode and encryption time, according to second manner of decryption corresponding with the second cipher mode, determine the 2nd token.
In this step, when business platform receives the second cipher mode and the business information of encryption that requesting terminal sends, the business information of the second cipher mode and encryption can be packaged in the 3rd business authentication request and send to authentication platform, certification please be carried out by authentication platform.
S307, the 2nd token obtained according to deciphering, determine the authentication result of the 3rd business authentication request, and the authentication result obtained sent to business platform,
Wherein, authentication result is used for when authentication result is authentication success, and business platform responds the business information that requesting terminal sends.
In this step, when authentication platform determines that deciphering the 2nd token obtained is the token self generated, can determine that the authentication result of this certification is authentication success, business platform can respond the business information that requesting terminal sends, and during follow-up business information is mutual, requesting terminal still can by important business information, such as: online trading information etc., be encrypted by the 2nd token, and be decrypted by authentication platform, continue follow-up business with business platform after authentication success.
Embodiment 2:
With embodiment 1 correspondingly, in the embodiment of the present invention 2, provide a kind of authentication method, be applied to business platform side, as shown in Figure 4, specifically comprise the steps:
S401, when receiving the logging request that requesting terminal sends, send the first business authentication request of service identification that certification is carried out to requesting terminal, that carry the corresponding business of business platform to authentication platform.
Further, in this step, when receiving the logging request that requesting terminal sends, business platform first can judge that whether this requesting terminal is by the business authentication of authentication platform, business platform can preserve the logging status information of each requesting terminal of access self, when determining requesting terminal not yet through the certification of authentication platform, send the first business authentication request of service identification that certification is carried out to requesting terminal, that carry the corresponding business of business platform to authentication platform.
S402, when receive authentication platform send the first token token time, a token is sent to requesting terminal,
Wherein, a token is after authentication platform receives the first business authentication request, generates based on service identification; One token is used for requesting terminal with the first cipher mode, uses the terminal identification information of a token to requesting terminal to be encrypted, and the terminal identification information of the first cipher mode and encryption is sent to business platform.
Further, the terminal identification information of requesting terminal can also be carried in first business authentication request, so, in this step, one token is after authentication platform receives the first business authentication request, generate based on service identification, the Ke Yiwei: the one token is after authentication platform receives the first business authentication request, and the terminal identification information based on service identification and requesting terminal generates.
Further, one token is used for requesting terminal with the first cipher mode, the token received is used to be encrypted the terminal identification information of requesting terminal and the relevant information of requesting terminal, the relevant information of the terminal identification information of the first cipher mode, encryption and encryption is sent to business platform, relevant information comprises the numbering of requesting terminal and/or the MAC Address of requesting terminal, that is, in this step, when requesting terminal uses a token to be encrypted, in order to improve fail safe, more information can be encrypted.
S403, receive the first cipher mode and the terminal identification information of encryption that requesting terminal sends, and the terminal identification information of the first cipher mode and encryption is carried on the second business authentication request sends to authentication platform,
Wherein, second business authentication request is used for authentication platform according to first manner of decryption corresponding with the first cipher mode, determine the terminal identification information of requesting terminal, and when the end message according to preservation, when determining that requesting terminal completes the certification initialization of specified network, determine that the authentication result of the first business authentication request is authentication success.
S404, when authentication platform determines that requesting terminal completes the certification initialization of specified network, receive authentication platform send the successful authentication result of the first business authentication request authentication and authentication platform generate the 2nd token.
This step can also be embodied as: the 2nd token receiving the authentication platform generation that authentication platform sends.Because when authentication platform sends the 2nd token to business platform, the authentication result that can characterize the request of acquiescence first business authentication is authentication success.
S405, the 2nd token is sent to requesting terminal,
Wherein, the 2nd token is used for requesting terminal with the second cipher mode, uses the 2nd token to be encrypted business information, and the business information of the second cipher mode and encryption is sent to business platform.
S406, receive the second cipher mode and the business information of encryption that requesting terminal sends, and the business information of the second cipher mode and encryption is carried on the 3rd business authentication request sends to authentication platform,
Wherein, 3rd business authentication request is used for authentication platform according to second manner of decryption corresponding with the second cipher mode, determine the 2nd token, and when determining that the 2nd token is authentication platform generation, determine that the authentication result of the 3rd business authentication request is authentication success.
S407, when receiving the 3rd successful authentication result of business authentication request authentication, the business information that requesting terminal sends to be responded.
Further, when subsequent request terminal sends important business information to business platform, can repeated execution of steps S406-S407, to ensure the safety of business information.
Embodiment 3:
With embodiment 1 and embodiment 2 correspondingly, in the embodiment of the present invention 3, provide a kind of authentication method, be applied to end side, as shown in Figure 5, specifically comprise the steps:
S501, to business platform send logging request.
The token that S502, reception business platform send.
S503, with the first cipher mode, use the terminal identification information of a token to requesting terminal to be encrypted, and the terminal identification information of the first cipher mode and encryption is sent to business platform.
The 2nd token that S504, reception business platform send.
S505, with the second cipher mode, use the 2nd token to be encrypted business information, and the business information of the second cipher mode and encryption is sent to business platform.
The response to the business information sent in S505 that S506, reception business platform send.
Further, in embodiment provided by the invention, terminal is illustrated as follows:
Initiatively should initiate certification initialization procedure to specified network after starting up of terminal, for IMS network, terminal needs to comprise following functions:
After starting up of terminal completes terminal staging or terminal management, needs can judge whether himself has supported SIP Agent or IMS client, if support, need according to preset IMS service device address, to initiate certification initialization procedure to IMS service device.
According to the IMS service device address of terminal preset, terminal, after the terminal management service such as upgrading complete, initiatively initiates certification initialization request to IMS service device.According to terminal for having card or without card terminal, terminal initiates different certification initialization request to IMS service device, if terminal is without card terminal, the general SIPDigest of employing mode initiates certification initialization request to IMS service device; If terminal is for there being card terminal, the general IMS of employing AKA mode initiates certification initialization request to IMS service device.
Further, generally adopt user name, password as the SIP Digest authentication mode of user profile without card terminal.User name, password can be inputted by user oneself, but implement from security consideration, can accomplish user's unaware, therefore for without card terminal, can consider in user's unaware situation, to store user name, password by with under type:
First kind of way: can terminal management platform be passed through, long-range by escape way, user account information is configured to the memory space of terminal security.
The second way: can, when terminal is dispatched from the factory, be each terminal Random assignment user account information, and dispatch from the factory and be preset to the memory space of terminal security, by simultaneously also synchronous to platform side for the accounts information distributed.
Further, secure storage section comprises following storage mode:
First kind of way: storing the secure memory space of user account information can be a part of read-only hard disk (flash) memory space, this space dispatch from the factory after read only attribute can not revise arbitrarily.
The second way: user account information also can be stored in the read-only storage area of CPU by if desired safer storage.
The second way: user account information is encrypted storage.
Embodiment 4:
In the embodiment of the present invention 4, provide a kind of authentication method, be applied to authentication platform, business platform, the network element of specified network and end side, as shown in Figure 6, specifically comprise the steps:
To have triggered the end message of certification initialization terminal to authentication platform for carrying out the initialized network element of certification to terminal in S601, specified network.
The end message received is preserved by S602, authentication platform, and wherein, this end message comprises terminal identification information.
S603, requesting terminal send logging request to business platform.
Whether this requesting terminal of S604, business platform judges is by the certification of authentication platform.
S605, determine requesting terminal not yet through the certification of authentication platform when business platform, to authentication platform send to requesting terminal carry out certification, carry the corresponding service identification of business of business platform and the first business authentication request of requesting terminal identification information.
S606, authentication platform generate a token according to the service identification received and requesting terminal identification information.
The token generated in S606 is sent to business platform by S607, authentication platform.
One token is sent to requesting terminal by S608, business platform.
S609, requesting terminal, with the first cipher mode, use a token to be encrypted the terminal identification information of requesting terminal and the relevant information of requesting terminal.
First cipher mode and the terminal identification information of encryption and the relevant information of encryption are sent to business platform by S610, requesting terminal.
The relevant information of the terminal identification information of the first cipher mode, encryption and encryption is carried on the second business authentication request and sends to authentication platform by S611, business platform.
S612, authentication platform, according to first manner of decryption corresponding with the first cipher mode, determine the terminal identification information of requesting terminal, and when according to the end message preserved, when determining that requesting terminal completes the certification initialization of specified network, generate the 2nd token.
The 2nd token generated in S612 is sent to business platform by S613, authentication platform.
2nd token is sent to requesting terminal by S614, business platform.
S615, requesting terminal, with the second cipher mode, use the 2nd token to be encrypted business information.
The business information of the second cipher mode and encryption is sent to business platform by S616, requesting terminal.
The business information of the second cipher mode, encryption is carried on the 3rd business authentication request and sends to authentication platform by S617, business platform.
S618, authentication platform, according to second manner of decryption corresponding with the second cipher mode, determine the 2nd token.
S619, when authentication platform determine the 2nd token be authentication platform generate time, the successful authentication result of the 3rd business authentication request authentication is sent to business platform.
S620, business platform respond the business information that requesting terminal sends.
Based on same inventive concept, the embodiment of the present invention additionally provides authentication platform, business platform, network element and system, the principle of dealing with problems due to these platforms and system is similar to aforementioned authentication method, therefore the enforcement of this platform and system see the enforcement of preceding method, can repeat part and repeats no more.
Embodiments provide a kind of authentication platform, as shown in Figure 7, comprising:
Memory module 701, for when receiving in the specified network with full authentication mechanism for carrying out that the initialized network element of certification triggers, the end message that completes described specified network certification initialization terminal to terminal, described end message is preserved, wherein, described end message comprises terminal identification information;
First authentication module 702, for when receiving requesting terminal that business platform sends, that request is logged in described business platform and carrying out the first business authentication request of certification, according to the described end message preserved, determine whether described request terminal completes the certification initialization of described specified network;
Sending module 703, for when determining that described request terminal completes the certification initialization of described specified network, the authentication result determining described first business authentication request is successfully, and the authentication result of described first business authentication request is sent to described business platform.
Further, the service identification of the corresponding business of described business platform is carried in the described first business authentication request that described first authentication module 702 receives;
First authentication module 702, specifically for determining whether described request terminal completes the certification initialization of described specified network in the following way: when receive business platform send, when first business authentication request of certification is carried out to the requesting terminal of request login described business platform, the first token token is generated based on described service identification, and a described token is sent to described business platform, wherein, after a described token is sent to described request terminal for described business platform by a described token, described request terminal is with the first cipher mode, the terminal identification information of a described token to described request terminal is used to be encrypted, the terminal identification information of described first cipher mode and encryption is sent to described business platform, when receive described business platform send carry the second business authentication request of the terminal identification information of described first cipher mode and encryption time, according to first manner of decryption corresponding with described first cipher mode, determine the terminal identification information of described request terminal, and according to the described end message preserved, determine whether described request terminal completes the certification initialization of described specified network.
Further, the terminal identification information of described request terminal is also carried in the described first business authentication request that described first authentication module 702 receives, the terminal identification information of described request terminal is that described business platform is preserved in advance and when receiving the logging request of described request terminal, and the log-on message of carrying according to described request terminal is determined;
Described first authentication module 702, generates a token specifically for the terminal identification information based on described service identification and described request terminal;
After a described token is sent to described request terminal for described business platform by the described token that described first authentication module 702 generates, described request terminal is with the first cipher mode, the relevant information of a described token to the terminal identification information of described request terminal and described request terminal received is used to be encrypted, by described first cipher mode, the terminal identification information of encryption, and the described relevant information of encryption sends to described business platform, described relevant information comprises the numbering of described request terminal and/or the MAC Address of described request terminal,
The described second business authentication request that described first authentication module 702 receives carries described first cipher mode, the terminal identification information of described encryption and the relevant information of described encryption.
Further, described authentication platform, also comprises: the second authentication module 704;
Described second authentication module 704, for determine the authentication result of described first business authentication request be successfully after, generate the 2nd token and send to described business platform, wherein, after described 2nd token is sent to described request terminal for described business platform by described 2nd token, described request terminal, with the second cipher mode, uses described 2nd token to be encrypted business information, and the business information of described second cipher mode and encryption is sent to described business platform; When receive described business platform send carry the 3rd business authentication request of the business information of described second cipher mode and encryption time, according to second manner of decryption corresponding with described second cipher mode, determine described 2nd token; According to deciphering the 2nd token obtained, determine the authentication result of described 3rd business authentication request;
Described sending module 703, described authentication result also for being obtained by described second authentication module 704 sends to described business platform, wherein, described authentication result is used for when the authentication result of described 3rd business authentication request is authentication success, and described business platform responds the business information that described request terminal sends.
Embodiments provide a kind of business platform, as shown in Figure 8, comprising:
Sending module 801, for when receiving the logging request that requesting terminal sends, the first business authentication request described request terminal being carried out to certification is sent to authentication platform, wherein, described first business authentication request is used for described authentication platform according to the end message completing described specified network certification initialization terminal preserved, determine that whether described request terminal has been the initialized terminal of certification of described specified network, described end message comprises terminal identification information;
Receiver module 802, for when described authentication platform determination described request terminal completes the certification initialization of described specified network, receives the successful authentication result of described first business authentication request authentication that described authentication platform sends.
Further, the service identification of the corresponding business of business platform is carried in the described first business authentication request that described sending module 801 sends;
Described receiver module 802, also for receiving the first token token that described authentication platform sends; And receive described first cipher mode of described request terminal transmission and the terminal identification information of encryption;
Described sending module 801, also for receive when described receiver module 802 described authentication platform send the first token token time, a described token is sent to described request terminal, wherein, a described token, after described authentication platform receives described first business authentication request, generates based on described service identification, a described token is used for described request terminal with the first cipher mode, use the terminal identification information of a described token to described request terminal to be encrypted, and the terminal identification information of described first cipher mode and encryption is sent to described business platform, and described receiver module 802 receive described request terminal send described first cipher mode and encryption terminal identification information after, the terminal identification information of described first cipher mode and encryption is carried on the second business authentication request and sends to described authentication platform, wherein, described second business authentication request is used for described authentication platform according to first manner of decryption corresponding with described first cipher mode, determine the terminal identification information of described request terminal, and when the described end message according to preservation, when determining that described request terminal completes the certification initialization of described specified network, the authentication result determining described first business authentication request is authentication success.
Further, described business platform, also comprises: respond module 803;
Described receiver module 802, specifically for the 2nd token that the successful authentication result of described first business authentication request authentication and described authentication platform that receive the transmission of described authentication platform generate, or receive the 2nd token of the described authentication platform generation that described authentication platform sends;
Described sending module 801, also for receive at described receiver module 802 described authentication platform send the successful authentication result of described first business authentication request authentication after, described 2nd token is sent to described request terminal, wherein, described 2nd token is used for described request terminal with the second cipher mode, use described 2nd token to be encrypted business information, and the business information of described second cipher mode and encryption is sent to described business platform; And the business information of the second cipher mode to be received by described receiver module 802 and encryption is carried on the 3rd business authentication request and sends to described authentication platform, wherein, described 3rd business authentication request is used for described authentication platform according to second manner of decryption corresponding with described second cipher mode, determine described 2nd token, and when determining that described 2nd token is the generation of described authentication platform, determine that the authentication result of described 3rd business authentication request is authentication success; ;
Described receiver module 802, also for receiving described second cipher mode and the business information of encryption that described request terminal sends; And receive the successful authentication result of described 3rd business authentication request authentication;
Described respond module 803, during for receiving the 3rd successful authentication result of business authentication request authentication when described receiver module 802, responds the described business information that described request terminal sends.
Embodiments provide a kind of network element of specified network, as described in Figure 9, comprising:
Certification initialization module 901, for carrying out the certification initialization of specified network to terminal;
Trigger module 902, after carrying out certification initialization in described certification initialization module 901 pairs of terminals, the end message completing described specified network certification initialization terminal is triggered to authentication platform, wherein, described end message is used for described authentication platform and is preserved by described end message, when receive business platform send, when first business authentication request of certification is carried out to the requesting terminal of request login described business platform, according to the described end message preserved, determine whether described request terminal completes the certification initialization of described specified network, and when determining that described request terminal completes the certification initialization of described specified network, the authentication result determining described first business authentication request is successfully, described end message comprises terminal identification information.
Embodiments provide a kind of Verification System, comprising: the network element of above-mentioned authentication platform, above-mentioned business platform, above-mentioned specified network and multiple terminal.
The function of above-mentioned each unit may correspond to the respective handling step in flow process shown in Fig. 1 to Fig. 6, does not repeat them here.
The authentication method that the embodiment of the present invention provides, authentication platform, business platform, network element and system, when receiving in the specified network with full authentication mechanism for carrying out end message that the initialized network element of certification triggers, that complete specified network certification initialization terminal to terminal, end message is preserved, wherein, end message comprises terminal identification information; When receive that business platform sends, the first business authentication request of certification is carried out to the requesting terminal of request registering service platform time, according to the end message preserved, determine whether requesting terminal completes the certification initialization of specified network; When determining that requesting terminal completes the certification initialization of specified network, determining that the authentication result of the first business authentication request is successfully, and the authentication result of the first business authentication request is sent to business platform.When requesting terminal request registering service platform, determine whether this requesting terminal completes the certification initialization of specified network by the authentication platform of the end message having preserved specified network certification initialization terminal, if requesting terminal has completed the certification initialization of specified network, then determine that requesting terminal logs in the success of described business platform, namely after completing the certification initialization of specified network, just can use the business of the business platform in listing specified network and outside specified network, extended authentication result can be use based on the data service of above-mentioned specified network, can be again based on described specified network outside business platform data service use, both effectively make use of the authentication capability that existing network element provides, avoid the repeated construction of authentication function network element, turn avoid terminal authentication function is repeated and complicated exploitation.With prior art, the data service based on different platform needs to provide different network elements to support for same set of user data respectively, and different authentication mechanisms is compared, and improves authentication efficiency.
Through the above description of the embodiments, those skilled in the art can be well understood to the embodiment of the present invention can by hardware implementing, and the mode that also can add necessary general hardware platform by software realizes.Based on such understanding, the technical scheme of the embodiment of the present invention can embody with the form of software product, it (can be CD-ROM that this software product can be stored in a non-volatile memory medium, USB flash disk, portable hard drive etc.) in, comprise some instructions and perform method described in each embodiment of the present invention in order to make a computer equipment (can be personal computer, server, or the network equipment etc.).
It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, the module in accompanying drawing or flow process might not be that enforcement the present invention is necessary.
It will be appreciated by those skilled in the art that the module in the device in embodiment can carry out being distributed in the device of embodiment according to embodiment description, also can carry out respective change and be arranged in the one or more devices being different from the present embodiment.The module of above-described embodiment can merge into a module, also can split into multiple submodule further.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (17)
1. an authentication method, is characterized in that, comprising:
When receiving in the specified network with full authentication mechanism, during for carrying out end message that the initialized network element of certification triggers, that complete described specified network certification initialization terminal to terminal, preserved by described end message, wherein, described end message comprises terminal identification information;
When receiving requesting terminal that business platform sends, that request is logged in described business platform and carrying out the first business authentication request of certification, according to the described end message preserved, determine whether described request terminal completes the certification initialization of described specified network;
When determining that described request terminal completes the certification initialization of described specified network, determining that the authentication result of described first business authentication request is successfully, and the authentication result of described first business authentication request is sent to described business platform.
2. the method for claim 1, is characterized in that, carries the service identification of the corresponding business of described business platform in described first business authentication request;
Determine whether described request terminal completes the certification initialization of described specified network in the following way:
When receiving requesting terminal that business platform sends, that request is logged in described business platform and carrying out the first business authentication request of certification, generate the first token token based on described service identification, and a described token sent to described business platform,
Wherein, after a described token is sent to described request terminal for described business platform by a described token, described request terminal is with the first cipher mode, use the terminal identification information of a described token to described request terminal to be encrypted, the terminal identification information of described first cipher mode and encryption is sent to described business platform;
When receive described business platform send carry the second business authentication request of the terminal identification information of described first cipher mode and encryption time, according to first manner of decryption corresponding with described first cipher mode, determine the terminal identification information of described request terminal, and according to the described end message preserved, determine whether described request terminal completes the certification initialization of described specified network.
3. method as claimed in claim 2, it is characterized in that, the terminal identification information of described request terminal is also carried in described first business authentication request, the terminal identification information of described request terminal is that described business platform is preserved in advance and when receiving the logging request of described request terminal, and the log-on message of carrying according to described request terminal is determined;
Generate a token based on described service identification, specifically comprise:
Terminal identification information based on described service identification and described request terminal generates a token;
After a described token is sent to described request terminal for described business platform by a described token, described request terminal is with the first cipher mode, the relevant information of a described token to the terminal identification information of described request terminal and described request terminal received is used to be encrypted, the described relevant information of the terminal identification information of described first cipher mode, encryption and encryption is sent to described business platform, and described relevant information comprises the numbering of described request terminal and/or the medium access control MAC Address of described request terminal;
Described second business authentication request carries described first cipher mode, the terminal identification information of described encryption and the relevant information of described encryption.
4. the method as described in any one of claim 1-3, is characterized in that, determine the authentication result of described first business authentication request be successfully after, also comprise:
Generate the 2nd token and send to described business platform, wherein, after described 2nd token is sent to described request terminal for described business platform by described 2nd token, described request terminal is with the second cipher mode, use described 2nd token to be encrypted business information, and the business information of described second cipher mode and encryption is sent to described business platform;
When receive described business platform send carry the 3rd business authentication request of the business information of described second cipher mode and encryption time, according to second manner of decryption corresponding with described second cipher mode, determine described 2nd token;
According to deciphering the 2nd token obtained, determine the authentication result of described 3rd business authentication request, and the described authentication result obtained is sent to described business platform, wherein, described authentication result is used for when the authentication result of described 3rd business authentication request is authentication success, and described business platform responds the business information that described request terminal sends.
5. an authentication method, is characterized in that, comprising:
When receiving the logging request that requesting terminal sends, the first business authentication request described request terminal being carried out to certification is sent to authentication platform, wherein, described first business authentication request is used for described authentication platform according to the end message completing described specified network certification initialization terminal preserved, determine that whether described request terminal has been the initialized terminal of certification of described specified network, described end message comprises terminal identification information;
When described authentication platform determination described request terminal completes the certification initialization of described specified network, receive the successful authentication result of described first business authentication request authentication that described authentication platform sends.
6. method as claimed in claim 5, is characterized in that, carries the service identification of the corresponding business of business platform in described first business authentication request;
After sending to authentication platform the first business authentication request described request terminal being carried out to certification, and before receiving the authentication result of described first business authentication request, also comprise:
When receiving the first token token that described authentication platform sends, a described token is sent to described request terminal, wherein, a described token, after described authentication platform receives described first business authentication request, generates based on described service identification; A described token is used for described request terminal with the first cipher mode, use the terminal identification information of a described token to described request terminal to be encrypted, and the terminal identification information of described first cipher mode and encryption is sent to described business platform;
Receive the terminal identification information of described first cipher mode that described request terminal sends and encryption, and the terminal identification information of described first cipher mode and encryption is carried on the second business authentication request sends to described authentication platform,
Wherein, described second business authentication request is used for described authentication platform according to first manner of decryption corresponding with described first cipher mode, determine the terminal identification information of described request terminal, and when the described end message according to preservation, when determining that described request terminal completes the certification initialization of described specified network, determine that the authentication result of described first business authentication request is authentication success.
7. the method as described in claim 5 or 6, is characterized in that, receives the successful authentication result of described first business authentication request authentication that described authentication platform sends, specifically comprises:
Receive the successful authentication result of described first business authentication request authentication of described authentication platform transmission and the 2nd token of described authentication platform generation, or
Receive the 2nd token of the described authentication platform generation that described authentication platform sends;
After the successful authentication result of described first business authentication request authentication receiving the transmission of described authentication platform, also comprise:
Described 2nd token is sent to described request terminal, wherein, described 2nd token is used for described request terminal with the second cipher mode, uses described 2nd token to be encrypted business information, and the business information of described second cipher mode and encryption is sent to described business platform;
Receive the business information of described second cipher mode that described request terminal sends and encryption, and the business information of described second cipher mode and encryption is carried on the 3rd business authentication request sends to described authentication platform,
Wherein, described 3rd business authentication request is used for described authentication platform according to second manner of decryption corresponding with described second cipher mode, determine described 2nd token, and when determining that described 2nd token is the generation of described authentication platform, determine that the authentication result of described 3rd business authentication request is authentication success;
When receiving the 3rd successful authentication result of business authentication request authentication, the described business information that described request terminal sends is responded.
8. an authentication method, is characterized in that, comprising:
After certification initialization is carried out to terminal, the end message completing specified network certification initialization terminal is triggered to authentication platform,
Wherein, described end message is used for described authentication platform and is preserved by described end message, when receive business platform send, when first business authentication request of certification is carried out to the requesting terminal of request login described business platform, according to the described end message preserved, determine whether described request terminal completes the certification initialization of described specified network, and when determining that described request terminal completes the certification initialization of described specified network, the authentication result determining described first business authentication request is successfully, described end message comprises terminal identification information, described specified network has complete authentication mechanism.
9. an authentication platform, is characterized in that, comprising:
Memory module, for when receiving in the specified network with full authentication mechanism for carrying out that the initialized network element of certification triggers, the end message that completes described specified network certification initialization terminal to terminal, described end message is preserved, wherein, described end message comprises terminal identification information;
First authentication module, for when receiving requesting terminal that business platform sends, that request is logged in described business platform and carrying out the first business authentication request of certification, according to the described end message preserved, determine whether described request terminal completes the certification initialization of described specified network;
Sending module, for when determining that described request terminal completes the certification initialization of described specified network, determining that the authentication result of described first business authentication request is successfully, and the authentication result of described first business authentication request is sent to described business platform.
10. authentication platform as claimed in claim 9, is characterized in that, carries the service identification of the corresponding business of described business platform in the described first business authentication request that described first authentication module receives;
First authentication module, specifically for determining whether described request terminal completes the certification initialization of described specified network in the following way: when receive business platform send, when first business authentication request of certification is carried out to the requesting terminal of request login described business platform, the first token token is generated based on described service identification, and a described token is sent to described business platform, wherein, after a described token is sent to described request terminal for described business platform by a described token, described request terminal is with the first cipher mode, the terminal identification information of a described token to described request terminal is used to be encrypted, the terminal identification information of described first cipher mode and encryption is sent to described business platform, when receive described business platform send carry the second business authentication request of the terminal identification information of described first cipher mode and encryption time, according to first manner of decryption corresponding with described first cipher mode, determine the terminal identification information of described request terminal, and according to the described end message preserved, determine whether described request terminal completes the certification initialization of described specified network.
11. authentication platforms as claimed in claim 10, it is characterized in that, the terminal identification information of described request terminal is also carried in the described first business authentication request that described first authentication module receives, the terminal identification information of described request terminal is that described business platform is preserved in advance and when receiving the logging request of described request terminal, and the log-on message of carrying according to described request terminal is determined;
Described first authentication module, generates a token specifically for the terminal identification information based on described service identification and described request terminal;
After a described token is sent to described request terminal for described business platform by the described token that described first authentication module generates, described request terminal is with the first cipher mode, the relevant information of a described token to the terminal identification information of described request terminal and described request terminal received is used to be encrypted, by described first cipher mode, the terminal identification information of encryption, and the described relevant information of encryption sends to described business platform, described relevant information comprises the numbering of described request terminal and/or the medium access control MAC Address of described request terminal,
The described second business authentication request that described first authentication module receives carries described first cipher mode, the terminal identification information of described encryption and the relevant information of described encryption.
12. authentication platforms as described in any one of claim 9-11, is characterized in that, also comprise: the second authentication module;
Described second authentication module, for determine the authentication result of described first business authentication request be successfully after, generate the 2nd token and send to described business platform, wherein, after described 2nd token is sent to described request terminal for described business platform by described 2nd token, described request terminal, with the second cipher mode, uses described 2nd token to be encrypted business information, and the business information of described second cipher mode and encryption is sent to described business platform; When receive described business platform send carry the 3rd business authentication request of the business information of described second cipher mode and encryption time, according to second manner of decryption corresponding with described second cipher mode, determine described 2nd token; According to deciphering the 2nd token obtained, determine the authentication result of described 3rd business authentication request;
Described sending module, described authentication result also for being obtained by described second authentication module sends to described business platform, wherein, described authentication result is used for when the authentication result of described 3rd business authentication request is authentication success, and described business platform responds the business information that described request terminal sends.
13. 1 kinds of business platforms, is characterized in that, comprising:
Sending module, for when receiving the logging request that requesting terminal sends, the first business authentication request described request terminal being carried out to certification is sent to authentication platform, wherein, described first business authentication request is used for described authentication platform according to the end message completing described specified network certification initialization terminal preserved, determine that whether described request terminal has been the initialized terminal of certification of described specified network, described end message comprises terminal identification information;
Receiver module, for when described authentication platform determination described request terminal completes the certification initialization of described specified network, receives the successful authentication result of described first business authentication request authentication that described authentication platform sends.
14. business platforms as claimed in claim 13, is characterized in that, carry the service identification of the corresponding business of business platform in the described first business authentication request that described sending module sends;
Described receiver module, also for receiving the first token token that described authentication platform sends; And receive described first cipher mode of described request terminal transmission and the terminal identification information of encryption;
Described sending module, also for receive when described receiver module described authentication platform send the first token token time, a described token is sent to described request terminal, wherein, a described token, after described authentication platform receives described first business authentication request, generates based on described service identification, a described token is used for described request terminal with the first cipher mode, use the terminal identification information of a described token to described request terminal to be encrypted, and the terminal identification information of described first cipher mode and encryption is sent to described business platform, and described receiver module receive described request terminal send described first cipher mode and encryption terminal identification information after, the terminal identification information of described first cipher mode and encryption is carried on the second business authentication request and sends to described authentication platform, wherein, described second business authentication request is used for described authentication platform according to first manner of decryption corresponding with described first cipher mode, determine the terminal identification information of described request terminal, and when the described end message according to preservation, when determining that described request terminal completes the certification initialization of described specified network, the authentication result determining described first business authentication request is authentication success.
15. business platforms as described in claim 13 or 14, is characterized in that, also comprise: respond module;
Described receiver module, specifically for the 2nd token that the successful authentication result of described first business authentication request authentication and described authentication platform that receive the transmission of described authentication platform generate, or receive the 2nd token of the described authentication platform generation that described authentication platform sends;
Described sending module, also for receive at described receiver module described authentication platform send the successful authentication result of described first business authentication request authentication after, described 2nd token is sent to described request terminal, wherein, described 2nd token is used for described request terminal with the second cipher mode, use described 2nd token to be encrypted business information, and the business information of described second cipher mode and encryption is sent to described business platform; And the business information of the second cipher mode to be received by described receiver module and encryption is carried on the 3rd business authentication request and sends to described authentication platform, wherein, described 3rd business authentication request is used for described authentication platform according to second manner of decryption corresponding with described second cipher mode, determine described 2nd token, and when determining that described 2nd token is the generation of described authentication platform, determine that the authentication result of described 3rd business authentication request is authentication success; ;
Described receiver module, also for receiving described second cipher mode and the business information of encryption that described request terminal sends; And receive the successful authentication result of described 3rd business authentication request authentication;
Described respond module, during for receiving the 3rd successful authentication result of business authentication request authentication when described receiver module, responds the described business information that described request terminal sends.
The network element of 16. 1 kinds of specified networks, is characterized in that, comprising:
Certification initialization module, for carrying out the certification initialization of specified network to terminal;
Trigger module, after certification initialization being carried out to terminal at described certification initialization module, the end message completing described specified network certification initialization terminal is triggered to authentication platform, wherein, described end message is used for described authentication platform and is preserved by described end message, when receive business platform send, when first business authentication request of certification is carried out to the requesting terminal of request login described business platform, according to the described end message preserved, determine whether described request terminal completes the certification initialization of described specified network, and when determining that described request terminal completes the certification initialization of described specified network, the authentication result determining described first business authentication request is successfully, described end message comprises terminal identification information.
17. 1 kinds of Verification Systems, is characterized in that, comprising: the network element of the authentication platform as described in any one of claim 9-12, the business platform as described in any one of claim 13-15, specified network as claimed in claim 16 and multiple terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310745612.9A CN104753872B (en) | 2013-12-30 | 2013-12-30 | Authentication method, authentication platform, business platform, network element and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310745612.9A CN104753872B (en) | 2013-12-30 | 2013-12-30 | Authentication method, authentication platform, business platform, network element and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104753872A true CN104753872A (en) | 2015-07-01 |
| CN104753872B CN104753872B (en) | 2018-10-12 |
Family
ID=53592990
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310745612.9A Active CN104753872B (en) | 2013-12-30 | 2013-12-30 | Authentication method, authentication platform, business platform, network element and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104753872B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105141881A (en) * | 2015-09-30 | 2015-12-09 | 北京奇虎科技有限公司 | Method for carrying out video conversation and terminal device |
| CN106850805A (en) * | 2017-02-06 | 2017-06-13 | 网宿科技股份有限公司 | A kind of data transmission method and device |
| CN108462760A (en) * | 2018-03-21 | 2018-08-28 | 平安科技(深圳)有限公司 | Electronic device, cluster access domain name automatic generation method and storage medium |
| CN112199656A (en) * | 2020-12-03 | 2021-01-08 | 湖北亿咖通科技有限公司 | Access authority acquisition method of service platform and access control method of service platform |
| CN113452782A (en) * | 2021-06-28 | 2021-09-28 | 烽火通信科技股份有限公司 | Upgrading method and device under mesh networking |
| CN114553442A (en) * | 2022-04-24 | 2022-05-27 | 安徽云知科技有限公司 | Enterprise internal remote conference method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1802016A (en) * | 2005-06-21 | 2006-07-12 | 华为技术有限公司 | Method for carrying out authentication on user terminal |
| CN101998406A (en) * | 2009-08-31 | 2011-03-30 | ***通信集团公司 | WLAN access authentication based method for accessing services |
| CN102299928A (en) * | 2011-09-13 | 2011-12-28 | 航天科工深圳(集团)有限公司 | Network terminal service authentication method and device |
| CN102421098A (en) * | 2010-09-27 | 2012-04-18 | ***通信集团公司 | User authentication method, device and system |
| WO2013127342A2 (en) * | 2012-03-02 | 2013-09-06 | 中兴通讯股份有限公司 | Ims single sign on combined authentication method and system |
-
2013
- 2013-12-30 CN CN201310745612.9A patent/CN104753872B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1802016A (en) * | 2005-06-21 | 2006-07-12 | 华为技术有限公司 | Method for carrying out authentication on user terminal |
| CN101998406A (en) * | 2009-08-31 | 2011-03-30 | ***通信集团公司 | WLAN access authentication based method for accessing services |
| CN102421098A (en) * | 2010-09-27 | 2012-04-18 | ***通信集团公司 | User authentication method, device and system |
| CN102299928A (en) * | 2011-09-13 | 2011-12-28 | 航天科工深圳(集团)有限公司 | Network terminal service authentication method and device |
| WO2013127342A2 (en) * | 2012-03-02 | 2013-09-06 | 中兴通讯股份有限公司 | Ims single sign on combined authentication method and system |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105141881A (en) * | 2015-09-30 | 2015-12-09 | 北京奇虎科技有限公司 | Method for carrying out video conversation and terminal device |
| CN105141881B (en) * | 2015-09-30 | 2018-03-13 | 北京奇虎科技有限公司 | A kind of method and terminal device for carrying out video calling |
| CN106850805A (en) * | 2017-02-06 | 2017-06-13 | 网宿科技股份有限公司 | A kind of data transmission method and device |
| CN108462760A (en) * | 2018-03-21 | 2018-08-28 | 平安科技(深圳)有限公司 | Electronic device, cluster access domain name automatic generation method and storage medium |
| CN112199656A (en) * | 2020-12-03 | 2021-01-08 | 湖北亿咖通科技有限公司 | Access authority acquisition method of service platform and access control method of service platform |
| CN113452782A (en) * | 2021-06-28 | 2021-09-28 | 烽火通信科技股份有限公司 | Upgrading method and device under mesh networking |
| CN114553442A (en) * | 2022-04-24 | 2022-05-27 | 安徽云知科技有限公司 | Enterprise internal remote conference method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104753872B (en) | 2018-10-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101461455B1 (en) | Authentication method, system and device | |
| CN102812665B (en) | Pluggable token provider model to implement authentication across multiple web services | |
| US8819800B2 (en) | Protecting user information | |
| CN102160357B (en) | Key management in communication network | |
| US9648006B2 (en) | System and method for communicating with a client application | |
| CN101635823B (en) | Method and system of terminal for encrypting videoconference data | |
| US20090249454A1 (en) | Authentication server, authentication system, and authentication method | |
| US9854508B2 (en) | Downloadable ISIM | |
| US20120284786A1 (en) | System and method for providing access credentials | |
| US20040225878A1 (en) | System, apparatus, and method for providing generic internet protocol authentication | |
| CN104753872A (en) | Authentication method, authentication platform, service platform, network elements and system | |
| CN103987037A (en) | Secret communication implementation method and device | |
| US20130232560A1 (en) | Method, device and system for verifying communication sessions | |
| CN102379114A (en) | Security key management in ims-based multimedia broadcast and multicast services (mbms) | |
| KR20120104336A (en) | Hierarchical key management for secure communications in multimedia communication system | |
| CN102217280A (en) | Method, system, and server for user service authentication | |
| Zhang et al. | Cryptanalysis and improvement of password‐authenticated key agreement for session initiation protocol using smart cards | |
| US20150067807A1 (en) | Operating a user device | |
| CN107534649A (en) | Change the IMS supplementary service datas in IMS network | |
| CN103905408A (en) | Information acquisition method and equipment | |
| CN104486460B (en) | Application server address acquisition methods, equipment and system | |
| CN108809969A (en) | A kind of authentication method, system and its apparatus | |
| CN109962878A (en) | A kind of register method and device of IMS user | |
| CN102065069B (en) | Method and system for authenticating identity and device | |
| CN105516070A (en) | Authentication credential replacing method and authentication credential replacing device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |