CN1260927C - IP network system for realizing safety verification and method thereof - Google Patents
IP network system for realizing safety verification and method thereof Download PDFInfo
- Publication number
- CN1260927C CN1260927C CNB021531951A CN02153195A CN1260927C CN 1260927 C CN1260927 C CN 1260927C CN B021531951 A CNB021531951 A CN B021531951A CN 02153195 A CN02153195 A CN 02153195A CN 1260927 C CN1260927 C CN 1260927C
- Authority
- CN
- China
- Prior art keywords
- client
- authentication
- sim card
- server
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention discloses an IP network system and a method for realizing safety verification. The system comprises a verification authentication server, an access server, a customer end, a card reading device and an SIM card, wherein the access server and the customer end are connected with the verification authentication server through an IP network; the card reading device is connected with the customer end; the SIM card is used in the card reading device and for identifying the identity of a user. When asking for access and verification, the customer end obtains information from SIM to send the information to the access server to be processed. After being processed, the information is sent to the verification authentication server to be verified. The present invention combines the safety of the SIM card and the openness of the Internet together and realizes an internet credit payment system. The present invention has the advantages of convenient user movement, low operating cost, convenient service expansion, etc.
Description
Technical field
The present invention relates to the communications network security technology, relate in particular to a kind of IP network system and method thereof that realizes security credential.
Background technology
The identification of existing network identity generally solves by the mode of user name encrypted code.Though this kind mode is enough to general security requirement, have under the non repudiation applicable cases with needing to set up for security sensitive is higher, this mode just can't satisfy the demands.
For addressing the above problem, industry adopts digital certificate technique, and this technology is differentiated user identity by third-party ca authentication, makes both parties' relation that can build one's credit, and guarantees the non repudiation that writes down by digital signature.Digital certificate guarantees interoperability by the standard of International Telecommunications Union.But digital certificate need be retained on the hard disk of PC usually, if the hacker just might usurp by trojan horse program like this; And the mobility that is retained in the digital certificate on the hard disk is poor, if want by shared device its access network, then has big inconvenience.
In the prior art, smart card not only can be protected the private cipher key of proof user identity, and can also protect the physical medium of preserving key.Specifically: on the one hand, smart card can provide better preventive means for private cipher key, because the private cipher key that is kept in the smart card is unreadable, need use the process that private cipher key carries out encryption and decryption-digital signature and conciliate the Migong data of secret key encryption-all finished by the processor on the card altogether, private cipher key can not leave smart card from start to finish; On the other hand, use privately owned password in the card also to need to know the password (PIN) of card, prevent that smart card from losing.This dual authentication mechanism wants much safe compared with the password password, and it can guarantee to have only the legal owner just can use his digital certificate.Simultaneously, smart card also is easy to use, be easy to carry and be difficult to and duplicate, and when using smart card, also will input password earlier, if do not know password, so after inputing several times by mistake continuously, just card can automatic lockout, prevents usurping other people smart card.
As seen how with application of IC cards of the prior art safety problem with the solution user identity identification on INTERNET, be the major issue that industry need solve at present.
Summary of the invention
The invention provides a kind of IP network system and method thereof that realizes security credential, to solve the problem that user identity identification secure authentication technology mobility is relatively poor, fail safe is lower on the INTERNET network in the prior art.
For addressing the above problem, the invention provides following technical scheme:
A kind of IP network realizes the security credential system, comprise the authentication server, the access server and the client that are connected with this authentication server by IP network, it is characterized in that described client also is connected with reader device and is used for the SIM card of this device, described client drives described reader device by application interface module, intercourse information through reader device and described SIM card, client is sent to the access server processing with SRES information in the SIM card and IMSI sign indicating number information, authentication request information after the processing is sent to described authentication server and authenticates, and this authentication request information comprises the random number that access server produces at least, SRES and IMSI sign indicating number; This authentication server is at first judged the user that this user belongs to the SIM card authentication according to the IMSI sign indicating number in the described authentication request information, then according to the corresponding algorithm in the described SIM card, and utilize described random number to calculate SRES, again with described authentication request information in SRES compare after, finish verification process.
A kind of method that realizes security credential on IP network, this method comprises the steps:
A, access server produce a random number and are handed down to client;
B, client send described random number to SIM card, and SIM card calculates signature response SRES at least according to this random number, and reader device is read the IMSI sign indicating number of SIM card simultaneously, and sends this SRES and IMSI sign indicating number to client;
C, client will send to access server from the information that SIM card obtains;
D, access server are handled the information that obtains from client, send authentication request message to the authentication server, and comprise described random number, SRES and IMSI sign indicating number at least in this message;
E, authentication server judge according to IMSI sign indicating number in the request message whether this user belongs to the user of SIM card authentication, if judged result is then responded authentification failure message for not, change step G;
If the judged result of F step e is for being, the authentication server is then according to corresponding algorithm in the SIM card, utilize described random number to calculate SRES, and relatively whether this SRES is consistent with the SERS that receives from request message, if it is consistent, then respond authentication by message, otherwise respond failed authentication message to access server;
After G, access server are received authentication server response message, receive the response accordingly to the client transmission according to authenticating result.
Beneficial effect of the present invention:
1, the fail safe with SIM card combines with the opening of Internet, has realized internet credit payment system;
2, the SIM card reader adopts USB interface, and the card reader volume is little, carries easily, makes things convenient for the user to move;
3, user key need not user oneself management, can guarantee the fail safe and the ease for use of smart card, cuts operating costs;
4, SIM card is combined with the WEB authentication, conveniently activate business, but do not need updating client.
Description of drawings
Fig. 1 is a system configuration schematic diagram of the present invention;
Fig. 2 the present invention adopts CHAP to realize PPPoE SIM identifying procedure;
Fig. 3 the present invention adopts EAP-MD5 to realize 802.1xSIM card identifying procedure figure;
Fig. 4 the present invention adopts CHAP to realize WEB SIM card identifying procedure figure;
Fig. 5 the present invention adopts BAS termination EAP message;
Fig. 6 the present invention adopts BAS transparent transmission EAP message;
Fig. 7 the present invention adopts 802.1x to realize standard EAP flow process;
Fig. 8 the present invention adopts WEB to realize standard EAP identifying procedure.
Embodiment
With reference to figure 1, Verification System comprises the authentication server, the access server and the pc client that are connected with this authentication server by IP network, be connected with reader device and be used for the SIM card of this device in client, client drives described reader device by application interface module, through reader device and described SIM interactive information, client is sent to access server with the user profile in the SIM card and handles, and the information after the processing is sent to described authentication server and authenticates.
Card reader and SIM card: handle accordingly according to drivers/API; Major function is to calculate SRES (Signed RESponse calculated by a SIM, literal meaning is " signature response that SIM card is calculated ") and Kc (Cryptographic key is called for short Kc, is used for the A5 password), reads the information of IMSI and other preservations.
Pc client: carry out Authentication Client, call the SIM card reader drivers/API, mutual with access server or Portal server.
Verification portal server (Portal): just useful under the situation of WEB authentication, certification page is provided, can provide random number under the chap authentication mode, transmit the message identifying between client and the access server.
Access server: carry out message identifying and handle, the access of control pc client.
Authentication server:, carry out corresponding authentication processing according to authentication request; Whether the control access server allows the PC terminal to insert.
Protocol specification:
Portal protocol: for realizing WEB authentication, the proprietary protocol between Portal server and the access server.
PPPoE/EAPoL/IP: the PPPoE/EAPoL/IP bearing protocol of access server and PC terminal authentication message.
Radius agreement: the agreement between access server and the certificate server; Comprise standard Radius agreement and EAPoRadius.
Drivers/API: Authentication Client calls the interface of functions of card reader.
SIM card is made up of microprocessor and memory cell, and the interface by standard can drive the microprocessor in the SIM card, and memory cell is operated.SIM card provides dual safeguard protection: PIN (PIN) and SIM card itself.
PIN code is the protected mode to SIM card itself.The disabled user is after the PIN code of three mistakes of input, and SIM card will lock; The built-in shared key K i that can't read is forever arranged in the SIM card, guaranteed can't duplicating of SIM card, and be very difficult the attack of SIM card.SIM card uniqueness has physically also guaranteed non repudiation.
Need two parts in the solution of USB/SIM card: user's SIM card, the USB interface card reader that is convenient for carrying.SIM card has been widely used in the mobile communication as the identification of user identity, and its fail safe is verified.The card reader volume of USB interface is little, is convenient for carrying, and mobility is strong.USB/SIM efficiently solves the user identity identification and the credit relationship problem of network application, has very strong competitiveness in future network is used.
In the USB/SIM authentication mode, can adopt the authentication of carrying SIM card based on 802.1x and WEB mode; Use the 802.1x authentication to need special client to bring in the control identifying procedure; Use the WEB mode be by the Applet that downloads as client, expand portal protocol and realize authentification of user.
Aspect the authentication method that uses, dual mode can be arranged:
1) use original chap authentication flow process and field to carry the information of SIM card.Be that 802.1x passes through the flow process of EAP-MD5 and the carrying that field realizes SIM card information, authenticate through the RADIUS request form that converts CHAP at the BAS end; The WEB mode is exactly that identifying procedure need not change by original C HAP mode;
2) Extensible Authentication Protocol of use standard (Extensible Authentication Protocol: be called for short EAP) mode.This needs BAS and RADIUS Server all to support the flow process of standard EAP authentication, and what the BAS time finished is the encapsulation and the functions of retransmission of EAP message, the passage of authentication is provided, and need not be concerned about the EAP message of transmission; Authentication realizes authentication end to end by client and RADIUS Server.(draft that the EAP authentication method can use Nokia to provide also can oneself define).
It is following that the present invention is described in detail according to different flow processs:
Access server is BAS Broadband Access Server (being called for short BAS) in the present embodiment.
Consult shown in Figure 2 with CHAP realization PPPoE SIM card identifying procedure:
1, produces the random number RA ND1 of one 16 byte earlier by BAS, be handed down to client by PPPoE/PPP/CHAP/CHALLENGE.
2, client is after receiving the message that BAS issues, can call the API that card reader provides, the RADN1 that parses is passed to SIM card, by the algorithm routine in the SIM card according to built-in shared key K i and RAND1, draw SRES (Signed RESponse calculated by a SIM, literal meaning is " signature response that SIM card is calculated ") according to the A4 algorithm; Draw key K c (Cryptographic key is called for short Kc, is used for the A5 password) according to the A8 algorithm.(SERS is 4 bytes SRES to be filled to 16 bytes again, if and be the MD5 algorithm in the CHAP algorithm, RESPONSE should be 16 bytes, so can fill 12 bytes in the back of SRES), read the IMSI of SIM card simultaneously, be combined into the form of a user name such as IMSI@SIM, send to BAS by the PPPoE/PPP/CHAP/RESPONSE message.
3, BAS can authenticate the RADIUS SERVER that authentication information is passed to the backstage by the RADIUS message of standard after receiving that domain name is (as @SIM) user name of a specific names.RADIUS SERVER is when the user name of analysis user, judge whether it is the user of SIM card authentication according to domain name, if then parse the random number RA ND1 that produces by BAS, according to the client SIM card in the same algorithm, draw (SRES, Kc), relatively whether SRES is consistent with the SERS that receives, if it is consistent, then respond a RADIUS/ACCESS-ACCEPT message,, otherwise respond a RADIUS/ACCESS-REJECT message simultaneously with the radius attribute of some standards of going up to BAS.
4, BAS is after receiving the message that RADIUS SERVER sends over, if success message then sends PPPoE/PPP/CHAP/SUCCESS message to client, the success of notice client certificate, can carry out the work of next stage, as carry out the process of IPCP; Otherwise then send the message of PPPoE/PPP/CHAP/FAILUE, tell the client failure, and whether start the flow process that rolls off the production line according to concrete strategy decision to client.
Consult shown in Figure 3 with EAP-MD5 realization 802.1xSIM card identifying procedure:
1, EAP-Start:Client initiates (optional), the beginning of expression EAP process;
2, the identity of EAP-Req/ID:BAS inquiry Client;
3, EAP-Resp/ID:Client by from the card read IMSI, and from the card read domain name (domain field can leave in certain file of SIM card), be combined into the form of IMSI@Domain, send to BAS.
4, EAP-Challenge:BAS generates Rand (random number), sends to Client;
5, EAP-Resp/sres:Client calls the cryptographic algorithm of SIM card, generates authenticator sres, and BAS is given in loopback;
6, Radius-Auth-Req:BAS equipment is with sres and the rand mode according to CHAP, and (IMSI@Domain is as user name to send authentication request to RADIUSServer; Sres is as the CHAP password);
7, Radius-Accept/Reject:RADIUS Server compares by the sres that identical algorithm uses rand to generate sres and user's generation, judges that whether the user is legal, provides authentication result;
8, EAP-Success/Failure:BAS gives the Client authentication result;
Consult Fig. 4 and realize WEB SIM card identifying procedure with CHAP:
The flow process and the 802.1x authentication of WEB authentication are basic identical.Different is, and what to drive SIM card is the Applet client of downloading (hereinafter describing in detail).IMSI and sres can use the CHAP field of original definition in portal protocol, BAS need not explain, are distinguished by domain name and are verified by RADIUS Server.
Realize the SIM card identifying procedure of standard EAP with PPPoE:
The flow process of BAS termination EAP is as shown in Figure 5:
This mode requires to support the mode of PPP/EAP to BAS, and can resolve the message of EAP.It is similar with the chap authentication mode that client requires, and requires client also to support the mode of PPP/EAP.Its access process is as follows:
1, consults to determine the authentication of terminal to be taked the authentication mode of EAP at authentication phase BAS in the LCP stage of PPP.BAS sends the message of PPPoE/PPP/EAP-Request/Identity to client.
2, client is after receiving the message that BAS sends over, and the function that provides by card reader obtains IMSI from SIM card, generates Identity according to specific form, as IMSI@SIM, sends to BAS by PPPoE/PPP/EAP-Response/Identity.
3, BAS receives and produces the random number RA ND1 of one 16 byte after the message that client sends over, and is handed down to client by PPPoE/PPP/EAP-Request/MD5-Challenge.
4, client can be called the API that card reader provides after receiving the message that BAS issues, and the RADN1 that parses is passed to SIM card, according to built-in shared key K i and RAND1, draws SRES according to the A4 algorithm by the algorithm routine in the SIM card; Draw Kc according to the A8 algorithm.(SERS is 4 bytes SRES to be filled to 16 bytes again, if and be the MD5 algorithm, RESPONSE should be 16 bytes, so can fill 12 bytes in the back of SRES), read the IMSI of SIM card simultaneously, be combined into the form of a user name such as IMSI@SIM, send to BAS by the PPPoE/PPP/EAP-Response/MD5-Challenge message.
5, BAS can authenticate the RADIUS SERVER that authentication information is passed to the backstage by the RADIUS message of standard after receiving that domain name is (as @SIM) user name of a specific names.RADIUS SERVER is when the user name of analysis user, judge whether it is the user of SIM card authentication according to domain name, if then parse the random number RA ND1 that produces by BAS, according to the client SIM card in the same algorithm, draw (SRES, Kc), relatively whether SRES is consistent with the SERS that receives, if it is consistent, then respond a RADIUS/ACCESS-ACCEPT message,, otherwise respond a RADIUS/ACCESS-REJECT message simultaneously with the radius attribute of some standards of going up to BAS.
6, BAS is after receiving the message that RADIUS SERVER sends over, if success message then sends PPPoE/PPP/EAP-SUCCESS message to client, the success of notice client certificate, can carry out the work of next stage, as carry out the process of IPCP; Otherwise then send the message of PPPoE/PPP/EAP-FAILUE, tell the client failure, and whether start the flow process that rolls off the production line according to concrete strategy decision to client.
BAS transparent transmission EAP flow process is as shown in Figure 6:
This mode require to be supported the mode of PPP/EAP to BAS, does not need to resolve the message of EAP, and that only does the EAP message heavily encapsulates and monitor final result.It is similar with the chap authentication mode that client requires, and requires client also to support the mode of PPP/EAP.Shown in its access process is described below:
1, consults to determine the authentication of terminal to be taked the authentication mode of EAP at authentication phase BAS in the LCP stage of PPP.BAS sends the message of PPPoE/PPP/EAP-Request/Identity to client.
2, client is after receiving the message that BAS sends over, and the function that provides by card reader obtains IMSI from SIM card, generates Identity according to specific form, as IMSI@SIM, sends to BAS by PPPoE/PPP/EAP-Response/Identity.
3, BAS will parse from the Identity the message that client is received, judges whether to do passing through background server and handle (will do corresponding configuration on BAS) according to domain name.If the authentication mode of SIM card, the message that then encapsulates RADIUS/Access-Request/EAP-Message/EAP-Response/Identity sends to RADIUS SERVER.
4, RADIUS SRVER is after receiving the message that BAS sends over, IMSI according to the user generates one group of authentication collection (SRES in the server on backstage, RAND, Kc), and encapsulated message RADIUS/Access-Challenge/EAP-Message/EAP-Request/MD5-Chal lenge RAND1 is sent to BAS.This random number generally produces behind the validated user that finds the IMSI correspondence, also can produce after receiving the request message that BAS sends over, and this random number is used for and user's Ki calculates SRES and Kc together, and RADIUS only can send to equipment with RAND.
5, BAS is after receiving the message that RADIUS SERVER sends over, and wherein EAP message heavily is packaged into PPPoE/PPP/EAP-Request/MD5-Challenge is handed down to client.
6, client can be called the API that card reader provides after receiving the message that BAS issues, and the RADN1 that parses is passed to SIM card, according to built-in shared key K i and RAND1, draws SRES according to the A4 algorithm by the algorithm routine in the SIM card; Draw Kc according to the A8 algorithm.(SERS is 4 bytes SRES to be filled to 16 bytes again, if and be the MD5 algorithm, RESPONSE should be 16 bytes, so can fill 12 bytes in the back of SRES), read the IMSI of SIM card simultaneously, be combined into the form of a user name such as IMSI@SIM, send to BAS by the PPPoE/PPP/EAP-Response/MD5-Challenge message.
7, BAS is after receiving the EAP message that client sends over, peel off the head of PPoE/PPP, the EAP message is packaged into RADIUS/Access-Request/EAP-Message/EAP-Response/MD5-Chall enge message, and the RADIUS SERVER that passes to the backstage authenticates.RADIUS SERVER judges whether it is the user of SIM card authentication according to domain name when the user name of analysis user, and parses SRES that client generates and the SRES in the background data base compares.If it is consistent, represent that this authenticated user is a validated user, respond a RADIUS/ACCESS-ACCEPT/EAP-Message/EAP-SUCCESS message to BAS, simultaneously with the radius attribute of going up some standards, otherwise respond a RADIUS/ACCESS-REJECT/EAP-Message/EAP-FAILURE message.
8, BAS is after receiving the message that RADIUS SERVER sends over, if success message then sends PPPoE/PPP/EAP-SUCCESS message to client, the success of notice client certificate, can carry out the work of next stage, as carry out the process of IPCP; Otherwise then send the message of PPPoE/PPP/EAP-FAILUE, tell the client failure, and whether start the flow process that rolls off the production line according to concrete strategy decision to client.
In addition, can also realize standard EAP identifying procedure by 802.1x, as shown in Figure 7.802.1x having defined, standard itself needs the EAP of realization standard flow process.SIM authentication is a kind of as the EAP authentication, can directly apply to the EAP identifying procedure, and is end-to-end mutual between related just Authentication Client and certificate server.Because the 802.1x authentication is the application of the EAP of standard, so do not do detailed explanation.
With reference to figure 8, the WEB authentication realizes that EAP need expand portal protocol, uses portal protocol to transmit the message identifying of EAP.
To the retransmission process in the EAP flow process:
The re-transmission of client: stipulate that in RFC2284 the response of client is to be subjected to can sending after the request of Authenticator (also must send), timer need not be set retransmit.Whether the EAP request message that resends is distinguished by the Identifier in the message is the request message of retransmitting.
The retransmission process of BAS equipment: BAS equipment must be realized the repeating transmission of request message as Authenticator and RADIUS Client on both direction: the message of Authentication Client is retransmitted and the message of RADIUSServer is retransmitted.
The description of retransmitting about message in RFC2869 is: because BAS equipment is what can't know the re-transmission parameter of EAP message, so can realize controlling for the re-transmission of EAP Request by Session-Timeout (retransmission time out duration) and Password-Retry (re-transmission maximum times) attribute.If EAP-Message attribute and Session-Timeout attribute are arranged among the RADIUS-Access-Challenge simultaneously, Session-Timeout is used for controlling the retransmission time out duration (unit Second) of BAS to EAP Request message; Do not illustrate how to use, consideration is the number of times that is used for controlling re-transmission if having the Password-Retry attribute in the message simultaneously.
The retransmission process of Portal Server: realize relating to the repeating transmission of Portal Server in the EAP authentication to message at WEB.Consider that Portal Server retransmission mechanism is as follows:
1) Portal-EAP-Start (redetermination in portal protocol) needs Portal Server realize to retransmit, send can not get responding for N time after, think authentification failure;
2) for the Response message of EAP, retransmission mechanism is identical with the EAP regulation, i.e. response again after receiving the EAPRequest message;
3) Portal Server and Authentication Client Applet have a unified relation, and all PortalServer should be as can be known for the overtime of EAP authentication, and be overtime to what authenticate by Portal Server oneself control;
4) the message transmission is to realize relevantly between Portal Server and Applet, is controlled by specific implementation;
5) Portal Server must respond for the EAP Request message of receiving.
Claims (9)
1, a kind of IP network system that realizes security credential, comprise the authentication server, the access server and the client that are connected with this authentication server by IP network, it is characterized in that described client also is connected with reader device and is used for the SIM card of this device, described client drives described reader device by application interface module, intercourse information through reader device and described SIM card, client is sent to the access server processing with SRES information in the SIM card and IMSI sign indicating number information, authentication request information after the processing is sent to described authentication server and authenticates, and this authentication request information comprises the random number that access server produces at least, SRES and IMSI sign indicating number; This authentication server is at first judged the user that this user belongs to the SIM card authentication according to the IMSI sign indicating number in the described authentication request information, then according to the corresponding algorithm in the described SIM card, and utilize described random number to calculate SRES, again with described authentication request information in SRES compare after, finish verification process.
2, the system as claimed in claim 1 is characterized in that also further comprising the verification portal server that is connected with described access server, is used for providing when adopting the Web mode to authenticate certification page.
3, system as claimed in claim 1 or 2 is characterized in that described reader device is connected with described client through the general serial mouth.
4, a kind of method that realizes security credential on IP network is characterized in that comprising the steps:
A, access server produce a random number and are handed down to client;
B, client send described random number to SIM card, and SIM card calculates signature response SRES at least according to this random number, and reader device is read the IMSI sign indicating number of SIM card simultaneously, and sends this SRES and IMSI sign indicating number to client;
C, client will send to access server from the information that SIM card obtains;
D, access server are handled the information that obtains from client, send authentication request message to the authentication server, and comprise described random number, SRES and IMSI sign indicating number at least in this message;
E, authentication server judge according to IMSI sign indicating number in the request message whether this user belongs to the user of SIM card authentication, if judged result is then responded authentification failure message for not, change step G;
If the judged result of F step e is for being, the authentication server is then according to corresponding algorithm in the SIM card, utilize described random number to calculate SRES, and relatively whether this SRES is consistent with the SERS that receives from request message, if it is consistent, then respond authentication by message, otherwise respond failed authentication message to access server;
After G, access server are received authentication server response message, receive the response accordingly to the client transmission according to authenticating result.
5, method as claimed in claim 4 is characterized in that the authentication server authenticates customer end adopted CHAP mode.
6, method as claimed in claim 4, it is characterized in that the authentication server authenticates customer end adopted EAP mode, this authentication also further comprised the detection of the SIM card of client being carried out identification before steps A, detection is by the errorless steps A that then continues of affirmation identity, otherwise refusal inserts.
7, method as claimed in claim 6 is characterized in that described detection comprises step:
A, client send EAP to access server and begin request;
B, access server send the identification request message to the client that request inserts;
C, client obtain IMSI sign indicating number and domain name by card reader from SIM card, and form specific user name and return to access server.
8,, it is characterized in that by the retransmission time out duration and retransmit the maximum times attribute realizing controlling for the re-transmission of EAP request as claim 6 or 7 described methods.
9, method as claimed in claim 4 is characterized in that customer end adopted WEB mode is authenticated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021531951A CN1260927C (en) | 2002-11-26 | 2002-11-26 | IP network system for realizing safety verification and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB021531951A CN1260927C (en) | 2002-11-26 | 2002-11-26 | IP network system for realizing safety verification and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1503525A CN1503525A (en) | 2004-06-09 |
| CN1260927C true CN1260927C (en) | 2006-06-21 |
Family
ID=34235005
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB021531951A Expired - Lifetime CN1260927C (en) | 2002-11-26 | 2002-11-26 | IP network system for realizing safety verification and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1260927C (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1303846C (en) * | 2004-10-13 | 2007-03-07 | 中国联合通信有限公司 | Power authentication conversion method for EV-DO network, and its appts |
| CN100393033C (en) * | 2004-11-18 | 2008-06-04 | 耿健 | Method for implementing computer driving service security network system |
| CN100428718C (en) * | 2005-10-19 | 2008-10-22 | 华为技术有限公司 | Identification log-on method and device for access non IMS mobile terminal into IMS field |
| CN100583130C (en) * | 2006-07-20 | 2010-01-20 | 中国科学院自动化研究所 | Radio frequency recognizing reader-writer personal identification method based on SIM card |
| WO2008110093A1 (en) * | 2007-03-09 | 2008-09-18 | Huawei Technologies Co., Ltd. | Method and device for accessing net to manage radio resources |
| CN101800987B (en) | 2010-02-10 | 2014-04-09 | 中兴通讯股份有限公司 | Intelligent card authentication device and method |
| CN101808142B (en) * | 2010-03-10 | 2013-03-27 | 上海十进制网络信息技术有限公司 | Method and device for realizing trusted network connection through router or switch |
| CN101986649B (en) * | 2010-11-29 | 2014-01-15 | 深圳天源迪科信息技术股份有限公司 | Shared data center used in telecommunication industry billing system |
| CN103188669B (en) * | 2011-12-28 | 2016-09-14 | 中国电信股份有限公司 | 2G or 3G mobile card is made to access the method for LTE network, system and mobile terminal |
| CN103095721B (en) * | 2013-01-31 | 2015-11-25 | 北京惠银通联科技有限公司 | A kind of method, terminal and system setting up secure connection |
| CN104184761B (en) * | 2013-05-22 | 2017-11-21 | ***通信集团公司 | Mobile service confirmation method and device, service server |
| CN106375348B (en) * | 2016-11-17 | 2019-12-27 | 新华三技术有限公司 | Portal authentication method and device |
| CN108881320B (en) * | 2018-09-11 | 2020-08-28 | 北京北信源信息安全技术有限公司 | Authentication processing method for user login, server and client |
-
2002
- 2002-11-26 CN CNB021531951A patent/CN1260927C/en not_active Expired - Lifetime
Also Published As
| Publication number | Publication date |
|---|---|
| CN1503525A (en) | 2004-06-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1191696C (en) | Sefe access of movable terminal in radio local area network and secrete data communication method in radio link | |
| JP3863852B2 (en) | Method of controlling access to network in wireless environment and recording medium recording the same | |
| CN1260927C (en) | IP network system for realizing safety verification and method thereof | |
| KR100729105B1 (en) | Apparatus And Method For Processing EAP-AKA Authentication In The non-USIM Terminal | |
| CN1694555A (en) | Dynamic cipher system and method based on mobile communication terminal | |
| CN1897523A (en) | System and method for realizing single-point login | |
| CN1756148A (en) | Mobile authentication for network access | |
| CN1879071A (en) | Method and system for the authentication of a user of a data processing system | |
| CN1523811A (en) | System and method for user authentication at the level of the access network during a connection of the user to the internet | |
| CN1769637A (en) | Electric key and electric lock device and realization method thereof | |
| CN101076796A (en) | Virtual special purpose network established for roam user | |
| CN1385051A (en) | GSM security for packet data networks | |
| CN1653746A (en) | Method for authenticating and verifying sms communications | |
| CN101714918A (en) | Safety system for logging in VPN and safety method for logging in VPN | |
| CN1758594A (en) | Biometric authenticating apparatus and terminal | |
| CN1756155A (en) | Mobile authentication for network access | |
| CN1864384A (en) | System and method for protecting network management frames | |
| CN1268157C (en) | A handset used for dynamic identity authentication | |
| CN1795444A (en) | Device authentication system | |
| CN1910882A (en) | Method and system for protecting data, related communication network and computer programme product | |
| CN1628449A (en) | Method system and device for transferring accounting information | |
| CN1142662C (en) | Authentication method for supporting network switching in based on different devices at same time | |
| CN1662092A (en) | Access authentication method and equipment in data packet network at high speed | |
| CN1853397A (en) | Method for enhancing wireless LAN safety | |
| CN1700638A (en) | Enterprise network security access method by means of security authentication gateway |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term |
Granted publication date: 20060621 |
|
| CX01 | Expiry of patent term |