CN101426009A - Identity management platform, service server, uniform login system and method - Google Patents
Identity management platform, service server, uniform login system and method Download PDFInfo
- Publication number
- CN101426009A CN101426009A CNA2007101766126A CN200710176612A CN101426009A CN 101426009 A CN101426009 A CN 101426009A CN A2007101766126 A CNA2007101766126 A CN A2007101766126A CN 200710176612 A CN200710176612 A CN 200710176612A CN 101426009 A CN101426009 A CN 101426009A
- Authority
- CN
- China
- Prior art keywords
- information
- identity
- service server
- management platform
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to an identity management platform, service server, unified entry system and method. The platform comprises an information receiving module, a validation module, an inquiry module, and an information sending module. The service server comprises an information receiving module, and inquiry module, an information sending module. The unified entry system comprises identity management platform, service server and identity federated database. The terminal adds identity tab code information in service request information when performing service access; service server inquires user identity information and complete terminal entry. The invention does not need fussy identity authentication course for service access after performing one-time identity authentication when accessing to IMS core net, thereby reducing fussy operation when user access and guaranteeing safety and reliability of user identity etc.
Description
Technical field
The present invention relates to a kind of identity management platform, especially a kind of management platform that is used for the office terminal identity information; The invention still further relates to a kind of service server, the especially a kind of service server that can finish login according to the terminal identity information that automatic inquiry obtains automatically; The invention still further relates to a kind of unified entry system, especially a kind of system that can finish the unified login of terminal; The invention still further relates to a kind of unified login method, especially a kind of terminal is when carrying out Operational Visit, and network side is finished the method for terminal login automatically.
Background technology
At present, unified login authentication still is in conceptual phase, and practical application also only is confined to local field, for example in the single-sign-on of business field be limited to the authentication of the terminal of card insert type.In normal structure, to adopting Network Attachment Subsystem (Network Attachment Subsystem; Hereinafter to be referred as: NASS) with IP multimedia system (IP Multimedia Subsystem; Hereinafter to be referred as IMS) binding authentication, normally the authentification of user of IMS is finished in the authentication of the positional information by network layer.
So-called single-sign-on is exactly in the network environments of serving that distribute, many, by user's disposable discriminating login, can obtain the legitimacy proof of identification of all services in the distributed system of visiting; With this understanding, the keeper need not to revise or interferes user's login, just can carry out security control easily.Therefore, the key of single-sign-on is how to realize that the user passes through once to differentiate login process, and the proof of identification of oneself just can be provided to other service.
Existing MSN (being the chat software that Microsoft bundlees in operating system Windows XP) software terminal startup blog (hereinafter to be referred as: Blog) service is unified in the login process, the user is starting " windowslive messenger " afterwards, its Blog that provides link is provided, just can start browser, and then use the Blog service of this account correspondence; Such scheme has following characteristics: one is that MSN software terminal and Blog must use unified account; It two all passes through unified certificate server for all authentication request.There is following defective in above-mentioned unified login method:
1, must use unified user account between terminal and the service server, and in existing field of telecommunications, service server is diversified, requires each service server to use the service range of the user account identical with core net with the limit service server;
2, owing to adopt centralized certificate server, there is certain potential safety hazard; If certificate server is former thereby can't operate as normal because of certain, then all services in the whole system all can't be used.
Summary of the invention
First aspect of the present invention provides a kind of identity management platform, and the identity information of finishing terminal carries out unified management, increases fail safe, the reliability of identity information.
Second aspect of the present invention provides a kind of service server, to realize finishing automatically according to the identity information of terminal the login of terminal.
The 3rd aspect of the present invention provides a kind of unified entry system, realizes the unified login of terminal, improves network resource utilization.
The 4th aspect of the present invention provides a kind of unified login method, finishes the unified login process of terminal, avoids user's repetitive operation.
First aspect of the present invention provides following technical scheme by some embodiment:
A kind of identity management platform, comprise information receiving module, be used for the identity marks sign indicating number solicited message of receiving terminal transmission and the user identity solicited message that service server sends, described identity marks sign indicating number solicited message comprise public subscriber identification (hereinafter to be referred as: IMPU) information and terminal authorization information, described user identity solicited message comprise the identification information and the service identifiers information of identity marks sign indicating number information, described service server; Authentication module is connected with described information receiving module, is used for the identity marks sign indicating number solicited message that described terminal sends is verified; Enquiry module is connected with described information receiving module, is used for inquiring about corresponding subscriber identity information according to the identification information and the service identifiers information of described identity marks sign indicating number information, described service server in identity combination data base; Information sending module is connected with described authentication module, enquiry module, is used for sending the checking object information to described terminal, sends the described subscriber identity information that inquires to described service server.
Embodiment related identity management platform in first aspect of the present invention can be effectively manages the identity information of terminal, increases fail safe, the reliability of information.
Second aspect of the present invention provides following technical scheme by other embodiment:
A kind of service server comprises information receiving module, is used for the service request information of receiving terminal transmission and the subscriber identity information that identity management platform sends; Enquiry module is connected with described information receiving module, is used for identification information and service identifiers information according to the identity marks sign indicating number information of described terminal, described service server, the corresponding subscriber identity information of inquiry in described identity management platform; Information sending module is connected with described enquiry module, is used for sending the user identity solicited message to described identity management platform.
Second related service server of aspect embodiment of the present invention can be inquired about described identity information automatically when the terminal request business service, finish the login of described terminal, and be convenient and practical.
Third aspect of the present invention provides following technical scheme by other embodiment:
A kind of unified entry system comprises identity management platform, service server and identity combination data base; Wherein said identity management platform, the identity marks sign indicating number information that is used for the terminal that sends according to service server obtains user IMPU information, and in described identity combination data base inquiry described user IMPU information, the identification information of described service server and the subscriber identity information of service identifiers information correspondence; Described identity combination data base is used to store identification information and the corresponding subscriber identity information of service identifiers information with described user IMPU information, described service server; Described service server is used to receive the identity marks sign indicating number information that described terminal sends, according to the identification information and the service identifiers information of described identity marks sign indicating number information, described service server, to the corresponding subscriber identity information of described identity management platform inquiry.
The unified entry system that third aspect of the present invention embodiment is related can be finished the login of terminal on the service server that will visit automatically behind the terminal access to IMS core network, save Internet resources, has improved utilization rate of network resource.
The 4th aspect of the present invention provides following technical scheme by other embodiment:
A kind of unified logging method comprises:
Terminal sends the identity marks sign indicating number solicited message of described terminal to identity management platform, and described identity marks sign indicating number solicited message comprises user IMPU information and terminal authorization information;
Described identity management platform returns authorization information according to described identity marks sign indicating number solicited message to described terminal;
Described terminal obtains the identity marks sign indicating number information of described terminal according to described authorization information, and sends service request information to service server, and described service request information carries described identity marks sign indicating number information;
Described service server is inquired about the identification information of described identity marks sign indicating number information, described service server and the subscriber identity information of service identifiers information correspondence according to the described identity marks sign indicating number information in the described service request information to described identity management platform;
Described identity management platform is inquired about described subscriber identity information, and returns to described service server;
Described service server judges whether to allow described terminal to sign in to described service server according to the described subscriber identity information that described identity management platform returns.
The unified login method that fourth aspect present invention embodiment is related, the user only need insert the IMS core net the time carry out one-time identity authentication, carry out loaded down with trivial details authentication input process once more and just need not the user other Operational Visits that carry out afterwards the time, this process is finished voluntarily by network, has reduced the troublesome operation the when user carries out Operational Visit.
Description of drawings
Fig. 1 is identity management platform embodiment one structural representation of the present invention;
Fig. 2 is identity management platform embodiment two structural representations of the present invention;
Fig. 3 is service server embodiment one structural representation of the present invention;
Fig. 4 is service server embodiment two structural representations of the present invention;
Fig. 5 is a unified entry system example structure schematic diagram of the present invention;
Fig. 6 unifies login method embodiment one flow process schematic diagram for the present invention;
Identity management platform returns the authorization information schematic flow sheet to Fig. 7 in the login method for the present invention unifies;
Fig. 8 unifies identity management platform inquiring user identity information schematic flow sheet in the login method for the present invention;
Fig. 9 unifies login method signaling process schematic diagram for the present invention.
Embodiment
Further specify technical scheme of the present invention below in conjunction with the drawings and specific embodiments.
As shown in Figure 1, a kind of identity management platform comprises: information receiving module 11, authentication module 12, enquiry module 13 and information sending module 14.Wherein, information receiving module 11, be used for the identity marks sign indicating number solicited message of receiving terminal transmission and the user identity solicited message that service server sends, identity marks sign indicating number solicited message comprises user IMPU information and terminal authorization information, and the user identity solicited message comprises the identification information and the service identifiers information of identity marks sign indicating number information, service server; Authentication module 12 is connected with information receiving module 11, is used for the identity marks sign indicating number solicited message that terminal sends is verified; Enquiry module 13 is connected with information receiving module 11, is used for inquiring about corresponding subscriber identity information according to the identification information and the service identifiers information of identity marks sign indicating number information, service server in identity combination data base; Information sending module 14 is connected with authentication module 12, enquiry module 13, is used for sending the checking object information to terminal, sends the described subscriber identity information that inquires to service server.
Identity management platform is used for the management of subscriber identity information is carried out in the unified login of terminal, utilize the service on the software terminal access service server of installing on the terminal as the user after, information receiving module 11 in the identity management platform receives the identity marks sign indicating number solicited message that terminal sends, authentication module 12 will be verified the user IMPU information and the terminal authorization information that receive, and will verify that object information returns to terminal by information sending module 14; Information receiving module 11 also receives the user identity solicited message that service server sends, after receiving this information, enquiry module 13 is the identification information of the identity marks sign indicating number information in identity combination data base inquiring user identity request information, service server and the subscriber identity information of service identifiers information correspondence again; After inquiry obtains subscriber identity information, this information is returned to enquiry module 13 send to service server by information sending module 14.The identity management platform that present embodiment provided is used for user's identity information is managed effectively, the checking of identity marks sign indicating number solicited message is provided for terminal, for service server provides subscriber identity information, both realized the purpose of unified login, and guaranteed the fail safe of information.
Further, as shown in Figure 2, identity management platform also comprises: timestamp distribution module 15.Timestamp distribution module 15 is connected with authentication module 12, information sending module 14, is used for being the terminal distribution timestamp information after authentication module 12 is verified terminal according to the terminal authorization information.After authentication module 12 receives the identity marks sign indicating number solicited message of information receiving module 11 transmissions, wherein user IMPU information and terminal authorization information are verified, the terminal authorization information comprises that cryptographic Hash is to be used to verify whether solicited message is called by legal software terminal according to the cryptographic Hash information of shared key between terminal and the identity management platform and the generation of user IMPU information.12 pairs of cryptographic Hash of authentication module verify that after being proved to be successful, allocating time stabs distribution module 15 for sending the terminal distribution timestamp information of identity marks sign indicating number solicited message, and timestamp distribution module 15 is obtained current system time and distributed to terminal as timestamp; And, in the back program process of login process, the timestamp information checking that identity management platform also will be applied as terminal distribution sends the legitimacy of the service server of user identity solicited message, therefore will store this timestamp information, identity management platform also can comprise in the present embodiment: timestamp distribution list module 16.Timestamp distribution list module 16 is connected with timestamp distribution module 15, is used to store the corresponding relation of the timestamp information of user IMPU information and distribution.Identity management platform is by for carrying out the terminal distribution timestamp of service access, and the terminal that has guaranteed to send service request and identity management platform are inquired about the corresponding relation between the subscriber identity information that obtains.
Again as shown in Figure 2, enquiry module 13 comprises: analyzing sub-module 131, judgement submodule 132 and inquiry submodule 133.Wherein, analyzing sub-module 131 is connected with information receiving module 11, is used for the identity marks sign indicating number information of user identity solicited message is resolved, and obtains user IMPU information and timestamp information; Judge that submodule 132 is connected with analyzing sub-module 131, be used for timestamp information is judged; Inquiry submodule 133 is connected with analyzing sub-module 131, information sending module 14, and the identification information and the service identifiers information that are used for the service server of the user IMPU information that obtains according to parsing and user identity solicited message are inquired about the subscriber identity information of correspondence in identity combination data base.Identity marks sign indicating number information in the user identity solicited message that analyzing sub-module 131 utilization identity management platforms and terminal cipher key shared are sent service server is decrypted, and obtains user IMPU information and timestamp information; Judge whether the timestamp information that submodule 132 judges that analyzing sub-module 131 parsings obtain is that identity management platform is the timestamp of terminal distribution; After judging successfully, inquiry submodule 133 is resolved the user IMPU information that obtains, the subscriber identity information of the identification information of inquiring user IMPU information, service server and service identifiers information correspondence in identity combination data base according to analyzing sub-module 131.The enquiry module that present embodiment provides is verified by the timestamp information that service server is sent, guaranteed to carry out the reliability and the fail safe of subscriber identity information inquiry, guarantee the subscriber identity information searched by the legal identity of terminal of transmission service access; Realized unified management to the identity information of terminal by identity management platform, corresponding relation mutual between network side is according to information is inquired about, and has both guaranteed the fail safe of information, reliability, the Internet resources of Jie Shenging again.
As shown in Figure 3, a kind of service server comprises: information receiving module 21, enquiry module 22 and information sending module 23.Wherein, information receiving module 21 is used for the service request information of receiving terminal transmission and the subscriber identity information that identity management platform sends; Enquiry module 22 is connected with information receiving module 21, is used for the identity marks sign indicating number information according to terminal, the identification information and the service identifiers information of service server, sends the user identity solicited message, the corresponding subscriber identity information of inquiry in identity management platform; Information sending module 23 is connected with enquiry module 22, is used for sending the user identity solicited message to identity management platform.
Particularly, after information receiving module 21 receives the service request information of terminal transmission, enquiry module 22 is according to the identity marks sign indicating number information in the service request information, send the user identity solicited message by information sending module 23 to identity management platform, inquiry identity marks sign indicating number information, the identification information of service server and the subscriber identity information of service identifiers information correspondence on identity management platform; Identity management platform returns to service server with this information after finding required subscriber identity information, after the information receiving module 21 in the service server receives subscriber identity information, judges whether to allow terminal to sign in on this service server.
Service server provides business service for terminal, before effective service is provided, terminal should sign in to earlier on the service server, the service request information of information receiving module 21 receiving terminals, call 22 pairs of service request informations of enquiry module and carry out analysis and judgement, particularly as shown in Figure 4, enquiry module 22 comprises: identity marks sign indicating number information analysis submodule 221 and identity information inquiry submodule 222.Wherein, identity marks sign indicating number information analysis submodule 221 is connected with information receiving module 21, the identity marks sign indicating number information that is used for the uniform resource locator information of reading terminals sends to identity marks sign indicating number information identity information inquiry submodule 222 again and carries out the inquiry of subscriber identity information; Identity information inquiry submodule 222 is connected with identity marks sign indicating number information reading submodule 221, information sending module 23, be used for identification information and service identifiers information according to identity marks sign indicating number information, service server, inquiring user identity information in identity management platform, receive the identity marks sign indicating number information that identity marks sign indicating number information analysis submodule 221 sends, and pass through information sending module 23 to identity management platform transmission user identity solicited message, inquire about required user identity.
Also can comprise cookie information read-write submodule 223 in the enquiry module 22, cookie information read-write submodule 223 is connected with identity marks sign indicating number information analysis submodule 221, the log-on message that is used for the cookie information of reading terminals, judge whether terminal is logined, and in cookie information, write down the log-on message of terminal.The cookie information of storing in the browser on cookie information read-write submodule 223 reading terminals because record the log-on message of terminal in the cookie information, therefore can learn whether terminal has logined success by reading wherein information; If login, then need not to login once more, service directly is provided; If login is not then called identity marks sign indicating number information analysis submodule 221 and is logined inquiry; Cookie information read-write submodule 223 also is responsible for after terminal is logined successfully, the log-on message of record terminal in cookie information; So-called Cookie is that Web server is kept at one section text on the terminal, and Cookie allows Web website preservation information and fetch it subsequently again on user's terminal.
The service server that the foregoing description provides can carry out the inquiry of user identity automatically according to the identity marks sign indicating number information that terminal provides, and the login process of finishing terminal; Need not to carry out loaded down with trivial details authenticating user identification process during terminal registering service server, realize the unified login of terminal.
As shown in Figure 5, a kind of unified entry system comprises identity management platform 1, service server 2 and identity combination data base 3; Wherein the identity management platform 1 identity marks sign indicating number information that is used for the terminal that sends according to service server obtains user IMPU information, and in identity combination data base the identification information of inquiring user IMPU information, service server and the subscriber identity information of service identifiers information correspondence; Identity combination data base 3 is used to store identification information and the corresponding subscriber identity information of service identifiers information with user IMPU information, service server; Service server 2 is used to receive the identity marks sign indicating number information that described terminal sends, according to the identity marks sign indicating number information of terminal, the identification information and the service identifiers information of service server, and the corresponding subscriber identity information of inquiry in identity management platform.
In the unified entry system that present embodiment provided, terminal at first obtained identity marks sign indicating number information on identity management platform 1 before carrying out service access, carry out service access according to identity marks sign indicating number information to service server 2 again; The pairing subscriber identity information of service that service server 2 will conduct interviews on service server 2 to identity management platform 1 inquiry terminal again; Identity management platform 1 returns to service server 2 with this information after inquiring about and obtaining required subscriber identity information in identity combination data base 3; Service server 2 is finished the login of terminal.
Particularly, identity management platform 1 comprises: information receiving module 11, authentication module 12, enquiry module 13 and information sending module 14.Wherein, information receiving module 11, be used for the identity marks sign indicating number solicited message of receiving terminal transmission and the user identity solicited message that service server sends, identity marks sign indicating number solicited message comprises user IMPU information and terminal authorization information, and the user identity solicited message comprises the identification information and the service identifiers information of identity marks sign indicating number information, service server; Authentication module 12 is connected with information receiving module 11, is used for the identity marks sign indicating number solicited message that terminal sends is verified; Enquiry module 13 is connected with information receiving module 11, is used for inquiring about corresponding subscriber identity information according to the identification information and the service identifiers information of identity marks sign indicating number information, service server in identity combination data base; Information sending module 14 is connected with authentication module 12, enquiry module 13, is used for sending the checking object information to terminal, sends the described subscriber identity information that inquires to service server.
Further, identity management platform 1 also comprises: timestamp distribution module 15.Timestamp distribution module 15 is connected with authentication module 12, information sending module 14, is used for being the terminal distribution timestamp information after authentication module 12 is verified terminal according to the terminal authorization information.After authentication module 12 receives the identity marks sign indicating number solicited message of information receiving module 11 transmissions, wherein user IMPU information and terminal authorization information are verified, the terminal authorization information comprises that cryptographic Hash is to be used to verify whether solicited message is called by legal software terminal according to the cryptographic Hash information of shared key between terminal and the identity management platform 1 and the generation of user IMPU information.12 pairs of cryptographic Hash of authentication module verify that after being proved to be successful, allocating time stabs distribution module 15 for sending the terminal distribution timestamp information of identity marks sign indicating number solicited message, and timestamp distribution module 15 is obtained current system time and distributed to terminal as timestamp; And, in the back program process of login process, the timestamp information checking that identity management platform 1 also will be applied as terminal distribution sends the legitimacy of the service server of user identity solicited message, therefore will store this timestamp information, identity management platform also can comprise in the present embodiment: timestamp distribution list module 16.Timestamp distribution list module 16 is connected with timestamp distribution module 15, is used to store the corresponding relation of the timestamp information of user IMPU information and distribution.Identity management platform 1 is by for carrying out the terminal distribution timestamp of service access, and the terminal that has guaranteed to send service request and identity management platform are inquired about the corresponding relation between the subscriber identity information that obtains.
Particularly, after information receiving module 21 receives the service request information of terminal transmission, enquiry module 22 is according to the identity marks sign indicating number information in the service request information, send the user identity solicited message by information sending module 23 to identity management platform, inquiry identity marks sign indicating number information, the identification information of service server and the subscriber identity information of service identifiers information correspondence on identity management platform; Identity management platform returns to service server with this information after finding required subscriber identity information, after the information receiving module 21 in the service server receives subscriber identity information, judges whether to allow terminal to sign in on this service server.
The service request information of information receiving module 21 receiving terminals in the service server 2, call 22 pairs of service request informations of enquiry module and carry out analysis and judgement, particularly, enquiry module 22 comprises: identity marks sign indicating number information analysis submodule 221 and identity information inquiry submodule 222.Wherein, identity marks sign indicating number information analysis submodule 221 is connected with information receiving module 21, the identity marks sign indicating number information that is used for the uniform resource locator information of reading terminals sends to identity marks sign indicating number information identity information inquiry submodule 222 again and carries out the inquiry of subscriber identity information; Identity information inquiry submodule 222 is connected with identity marks sign indicating number information reading submodule 221, information sending module 23, be used for identification information and service identifiers information according to identity marks sign indicating number information, service server, inquiring user identity information in identity management platform, receive the identity marks sign indicating number information that identity marks sign indicating number information analysis submodule 221 sends, and pass through information sending module 23 to identity management platform transmission user identity solicited message, inquire about required user identity.
Also can comprise cookie information read-write submodule 223 in the enquiry module 22, cookie information read-write submodule 223 is connected with identity marks sign indicating number information analysis submodule 221, the log-on message that is used for the cookie information of reading terminals, judge whether terminal is logined, and in cookie information, write down the log-on message of terminal.The cookie information of storing in the browser on cookie information read-write submodule 223 reading terminals because record the log-on message of terminal in the cookie information, therefore can learn whether terminal has logined success by reading wherein information; If login, then need not to login once more, service directly is provided; If login is not then called identity marks sign indicating number information analysis submodule 221 and is logined inquiry; Cookie information read-write submodule 223 also is responsible for after terminal is logined successfully, the log-on message of record terminal in cookie information.
To sum up, the unified entry system that present embodiment provided comprises aforementioned related identity management platform 1 and service server 2, and described terminal comprises mobile phone, personal digital assistant (Personal DigitalAssistant; Hereinafter to be referred as: PDA) generally be meant palmtop PC and the computer that uses the GPRS card of surfing Internet, the application program that terminal is used can utility cession initiation protocol (Session Initiation Protocol; Hereinafter to be referred as: SIP) software terminal or browser etc.
This system provides unified login feature for the user carries out business service, avoided user in the prior art to carry out repeatedly login authentication process; And guaranteed the fail safe and the reliability of login process, saved Internet resources, improved network resource utilization, network entry speed.
As shown in Figure 6, a kind of unified logging method comprises:
After step 100, the terminal access to IMS core net, send the identity marks sign indicating number solicited message of described terminal to identity management platform, described identity marks sign indicating number solicited message comprises user IMPU information and terminal authorization information;
During the terminal access to IMS core net, at first to carry out the authentication of subscriber identity information; After inserting successfully, the SIP software terminal of being installed on the terminal has just obtained user IMPU information, and with this information as its core network identity information.The terminal access to IMS core net can insert by different modes, promptly can insert by GPRS, and non-GPRS access, as WLAN, broadband access or local area network (LAN) access etc.Terminal will be used the identity marks sign indicating number information of terminal when carrying out Operational Visit, therefore will send identity marks sign indicating number solicited message to identity management platform earlier before carrying out Operational Visit, and request obtains identity marks sign indicating number information; Terminal together sends to identity management platform with user IMPU information and terminal authorization information, after identity management platform receives above-mentioned information, will verify this information, returns authorization information; After terminal obtains identity marks sign indicating number information according to authorization information, when button or the menu of user by software terminal visits certain HTML (Hypertext Markup Language) (Hyper TextTransfer Protocol; Hereinafter to be referred as: HTTP) when professional (as the Web mailbox), identity marks sign indicating number information can be joined uniform resource locator information (hereinafter to be referred as: URL), browser sends service request according to URL to service server; After service server receives service request information, according to it identity marks sign indicating number information that comprises, send the user identity solicited message to identity management platform again, request inquiry described identity marks sign indicating number information, the identification information of described service server and the subscriber identity information of service identifiers information correspondence; Service server will be inquired about the identity information of this terminal to identity management platform according to the identity marks sign indicating number information of terminal, and the identification information of the service server that also terminal will be visited simultaneously and corresponding service identifiers information together send to identity management platform; Identity management platform returns to service server after obtaining the subscriber identity information of terminal, after service server receives this identity information, terminal is linked into described business service, and for it provides service, thereby realize unified login.
The unified logging method that present embodiment provides, after terminal is by access IMS core net, when carrying out service access, service server need not user's input authentication information once more, but inquire about this user's identity information to identity management platform by the identity marks sign indicating number information of terminal, after successfully obtaining described subscriber identity information, the login process of terminal will be finished automatically; The user only need insert the IMS core net the time carry out one-time identity authentication, carry out loaded down with trivial details authentication input process once more and just need not the user other Operational Visits that carry out afterwards the time, this process is finished voluntarily by network, has reduced the troublesome operation the when user carries out Operational Visit.
The prerequisite of unified login is that the user sets up identity combination on identity management platform, make identity management platform preserve the user identity united information, at first should sign in to identity management platform, during login, the user logins by the used user name of input login identity management platform; After identity management platform was logined in success, terminal sent identity combination solicited message from service page to identity management platform by what identity management platform provided, and the user of identity management platform provides the identity combination function of each service server on service page; The user logins after the identity management platform, and the associating between the user identity of the user identity of identity management platform and service server is set up in the link of the identity combination of click-to-call service server, request; Identity management platform at first writes down current system time after receiving user's identity combination solicited message, and it as timestamp, and is stored in timestamp in the timestamp tabulation of identity management platform; After joining the timestamp that generates among the used URL of terminal access service server, the identity management platform page has been embedded in the login page of service server, the prompting user imports the used username and password of registering service server, send service request according to URL to service server, service server authenticates the username and password that receives; After authentication is passed through, with the Link redirect of terminal to the identity management platform page, identity management platform is preserved identity combination information, and promptly identity management platform stores the incidence relation information of user at identity information on the identity management platform (as cell-phone number) and the identity information on service server; User's identity information is united and is set up successfully.
Based on the foregoing description, as shown in Figure 7, further, the process that step 200, described identity management platform return authorization information according to described identity marks sign indicating number solicited message to described terminal specifically comprises:
Terminal is with after identity management platform is connected, distribute timestamp by " AllocTimeStampReq " operation from identity management platform, carried user IMPU information in the parameter of batch operation, and the cryptographic Hash that adopts the H1 function calculation to obtain according to user IMPU information and key, whether cryptographic Hash is used for the checking request and is called by software terminal.Wherein key is a preallocated shared key between terminal and the identity management platform.After identity management platform receives the solicited message of terminal, at first whether certificate parameter is called by terminal, it is the legitimacy of verification terminal, if it is correct, then obtain current system time as timestamp, and after the timestamp information that generates carried out encryption, return this timestamp information to terminal by " AllocTimeStampRes " operation, also will write down the corresponding relation of this timestamp and user IMPU information simultaneously.The user may be at short notice starts a plurality of browser access business continuously by the software terminal of installing on the terminal, so identity management platform should be recorded as a plurality of timestamp informations that same user distributes, and regularly removes expired record.If authentication failed then finishes login process.After terminal receives timestamp information into its distribution, according to user IMPU information, timestamp information, adopt the H3 function calculation to obtain identity marks sign indicating number information, the H3 function carries out encryption and decryption based on symmetric encipherment algorithms such as key employing 3DES to all input parameters; In the present embodiment method, shared key is arranged between identity management platform and the software terminal, and and each service server between shared key is arranged respectively.
In the process of unifying to login, after service server receives described service request information, before identity management platform sends the user identity solicited message, the cookie information that described service server is at first stored on the reading terminals browser, if the described terminal of record expression has signed in to described service server, need not to login again, then will finish unified login process.Have again, if do not store the user's of the identification information of user IMPU information, described service server and service identifiers information correspondence identity information in the identity combination data base, then return query failure message, finish unified login process, service server will be pointed out the user to import identity information and be logined.After unifying to login successfully, described service server will be preserved the log-on message of described terminal in the cookie on the terminal browser, log-on message comprises user name, login time, the term of validity etc., and the term of validity of Cookie is the set time, for example 1 hour etc.
Based on above embodiment, more further, as shown in Figure 8, step 500, described identity management platform are inquired about described subscriber identity information, and return to described service server, specifically comprise:
Service server is obtained identity marks sign indicating number information from URL, inquire about the identification information of this identity marks sign indicating number information, service server and the user identity of service identifiers information correspondence by " TokenAuthenReq " operation to identity management platform then; The shared key that identity management platform is at first used with service server is decrypted identity marks sign indicating number information, obtains user IMPU information and timestamp information; Check then whether this timestamp is present in the timestamp distribution list on the identity management platform, judge promptly whether this timestamp information is identical with the timestamp information of record, if the timestamp checking is passed through, then delete timestamp information described in the described timestamp distribution list, and in identity combination data base the inquiry described user IMPU information, the identification information of service server and the subscriber identity information of service identifiers information correspondence, if the user has carried out identity combination operation, will obtain subscriber identity information that should service server; Identity management platform returns Query Result by " TokenAuthenRes " operation to service server, if successful inquiring, return results is the subscriber identity information of user on service server, otherwise returns failure information.
As shown in Figure 9, terminal preferred embodiment of unifying login method comprises the steps:
Step a, user send user's IMPU information and terminal authorization information by the SIP software terminal to identity management platform, and request distributes timestamp information;
Step b, identity management platform are verified software terminal according to the terminal authorization information;
Step c, checking are passed through, and then distribute timestamp, encrypt, and write down this timestamp and user IMPU information corresponding relation;
Steps d, return timestamp information through encrypting to software terminal;
Step e, software terminal obtain identity marks sign indicating number information according to applying stamp information;
Step f, identity marks sign indicating number information is joined among the URL, start browser and carry out Operational Visit;
Cookie information on step g, the service server reading terminals judges whether to login;
Step h, terminal be not login as yet, sends the user identity solicited message to identity management platform;
Step I, identity management platform parse user IMPU information and timestamp information, and the proving time is stabbed information, after being proved to be successful, deletes this timestamp information;
Step j, identity management platform be the inquiring user identity information in identity combination data base;
Step k, identity management platform return the subscriber identity information that inquires to service server;
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (16)
1, a kind of identity management platform is characterized in that, comprising:
Information receiving module, be used for the identity marks sign indicating number solicited message of receiving terminal transmission and the user identity solicited message that service server sends, described identity marks sign indicating number solicited message comprises public subscriber identification information and terminal authorization information, and described user identity solicited message comprises the identification information and the service identifiers information of identity marks sign indicating number information, described service server;
Authentication module is connected with described information receiving module, is used for the identity marks sign indicating number solicited message that described terminal sends is verified;
Enquiry module is connected with described information receiving module, is used for inquiring about corresponding subscriber identity information according to the identification information and the service identifiers information of described identity marks sign indicating number information, described service server in identity combination data base;
Information sending module is connected with described authentication module, enquiry module, is used for sending the checking object information to described terminal, sends the described subscriber identity information that inquires to described service server.
2, identity management platform according to claim 1 is characterized in that, also comprises:
The timestamp distribution module is connected with described authentication module, information sending module, is used for being described terminal distribution timestamp information after described authentication module is verified described terminal according to described terminal authorization information.
3, identity management platform according to claim 2 is characterized in that, also comprises timestamp distribution list module, is connected with described timestamp distribution module, is used to store the corresponding relation of the timestamp information of described public subscriber identification information and distribution.
4, according to claim 1 or 2 or 3 described identity management platforms, it is characterized in that described enquiry module comprises:
Analyzing sub-module is connected with described information receiving module, is used for described identity marks sign indicating number information is resolved, and obtains described public subscriber identification information and timestamp information;
Judge submodule, be connected, be used for described timestamp information is judged with described analyzing sub-module;
The inquiry submodule, be connected with described analyzing sub-module, information sending module, the identification information and the service identifiers information that are used for the described public subscriber identification information that obtains according to parsing, described service server are inquired about corresponding subscriber identity information in identity combination data base.
Whether described judgement submodule is judged the timestamp information that described analyzing sub-module parses, be that identity management platform distributes, if then inquire about submodule and inquire about described subscriber identity information in described identity combination data base.
5, a kind of service server is characterized in that, comprising:
Information receiving module is used for the service request information of receiving terminal transmission and the subscriber identity information that identity management platform sends;
Enquiry module is connected with described information receiving module, is used for identification information and service identifiers information according to the identity marks sign indicating number information of described terminal, described service server, to the corresponding subscriber identity information of described identity management platform inquiry;
Information sending module is connected with described enquiry module, is used for sending the user identity solicited message to described identity management platform.
6, service server according to claim 5 is characterized in that, described enquiry module comprises:
Identity marks sign indicating number information analysis submodule is connected with described information receiving module, is used for reading the identity marks sign indicating number information of the uniform resource locator information of described terminal;
Identity information inquiry submodule, be connected with described identity marks sign indicating number information reading submodule, information sending module, be used for identification information and service identifiers information, the described subscriber identity information of inquiry in described identity management platform according to described identity marks sign indicating number information, described service server.
7, service server according to claim 6 is characterized in that, described enquiry module also comprises:
Cookie information read-write submodule, be connected with described identity marks sign indicating number information analysis submodule, be used for reading the log-on message of the cookie information of described terminal, judge whether described terminal is logined, and in described cookie information the log-on message of the described terminal of record.
8, a kind of unified entry system is characterized in that, comprises identity management platform, service server and identity combination data base; Wherein:
Described identity management platform, the identity marks sign indicating number information that is used for the terminal that sends according to service server obtains public subscriber identification information, and in described identity combination data base inquiry described public subscriber identification information, the identification information of described service server and the subscriber identity information of service identifiers information correspondence;
Described service server is used to receive the identity marks sign indicating number information that described terminal sends, according to the identification information and the service identifiers information of described identity marks sign indicating number information, described service server, and the corresponding subscriber identity information of inquiry in described identity management platform;
Described identity combination data base is used to store identification information and the corresponding subscriber identity information of service identifiers information with described public subscriber identification information, described service server.
9, unified entry system according to claim 8, it is characterized in that, described identity management platform is each described identity management platform in the claim 1 to 4, and/or described service server is each described service server in the claim 5 to 7.
10, a kind of unified login method is characterized in that, comprising:
Terminal sends the identity marks sign indicating number solicited message of described terminal to identity management platform, and described identity marks sign indicating number solicited message comprises public subscriber identification information and terminal authorization information;
Described identity management platform returns authorization information according to described identity marks sign indicating number solicited message to described terminal;
Described terminal obtains the identity marks sign indicating number information of described terminal according to described authorization information, and sends service request information to service server, and described service request information carries described identity marks sign indicating number information;
Described service server is inquired about the identification information of described identity marks sign indicating number information, described service server and the subscriber identity information of service identifiers information correspondence according to the described identity marks sign indicating number information in the described service request information to described identity management platform;
Described identity management platform is inquired about described subscriber identity information, and returns to described service server;
Described service server judges whether to allow described terminal to sign in to described service server according to the described subscriber identity information that described identity management platform returns.
11, unified login method according to claim 10 is characterized in that, described identity management platform returns authorization information according to described identity marks sign indicating number solicited message to described terminal, specifically comprises:
Described identity management platform verifies to described terminal that according to the described terminal authorization information that identity marks sign indicating number solicited message comprises checking is not passed through, and then finishes;
Checking is passed through, and then described identity management platform acquisition time stabs information;
Described identity management platform carries out encryption to described timestamp information, and returns to terminal.
12, unified login method according to claim 11, it is characterized in that, described identity management platform carries out encryption to described timestamp information, and return to after the terminal, comprise that also described identity management platform writes down the correspondence relationship information of described timestamp information and described public subscriber identification information.
13, unified login method according to claim 10, it is characterized in that, described service server is according to the described identity marks sign indicating number information in the described service request information, inquire about to described identity management platform before the subscriber identity information of the identification information of described identity marks sign indicating number information, described service server and service identifiers information correspondence, comprise that also described service server reads the cookie information of described terminal, if described terminal has signed in to described service server, then finish.
14, unified login method according to claim 10 is characterized in that, described identity management platform is inquired about described subscriber identity information, and returns to described business service implement body and comprise:
Described identity management platform is decrypted described identity marks sign indicating number information according to the shared key with described terminal, obtains described public subscriber identification information and timestamp information;
Judgement time stabs in the distribution list whether store described timestamp information, if do not have, then finishes;
Otherwise described identity management platform is inquired about the identification information of described public subscriber identification information, described service server and the subscriber identity information of service identifiers information correspondence in identity combination data base.
15, unified login method according to claim 14, it is characterized in that: described identity management platform is inquired about in identity combination data base before the subscriber identity information of the identification information of described public subscriber identification information, described service server and service identifiers information correspondence, comprises that also described identity management platform deletes timestamp information described in the described timestamp distribution list.
16, unified login method according to claim 10, it is characterized in that: the described subscriber identity information that described service server returns according to described identity management platform, judge whether to allow described terminal to sign in to after the described service server, comprise that also then described service server is preserved the log-on message of described terminal in the cookie of described terminal if login successfully.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101766126A CN101426009A (en) | 2007-10-31 | 2007-10-31 | Identity management platform, service server, uniform login system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101766126A CN101426009A (en) | 2007-10-31 | 2007-10-31 | Identity management platform, service server, uniform login system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101426009A true CN101426009A (en) | 2009-05-06 |
Family
ID=40616341
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007101766126A Pending CN101426009A (en) | 2007-10-31 | 2007-10-31 | Identity management platform, service server, uniform login system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101426009A (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102065070A (en) * | 2009-11-18 | 2011-05-18 | 中国移动通信集团江苏有限公司 | Method and device for controlling information safety of telecommunications service (TS) |
| CN102271041A (en) * | 2011-07-30 | 2011-12-07 | 任明和 | Root service system for personal identity authentication |
| WO2011153850A1 (en) * | 2010-06-07 | 2011-12-15 | 中兴通讯股份有限公司 | System, method and terminal for implementing real-name system management |
| CN102299936A (en) * | 2010-06-25 | 2011-12-28 | 腾讯科技(深圳)有限公司 | Method and device for accessing application websites |
| CN102413138A (en) * | 2011-11-24 | 2012-04-11 | 宇龙计算机通信科技(深圳)有限公司 | Method and device for realizing registration and popularization of cloud services |
| CN102469133A (en) * | 2010-11-15 | 2012-05-23 | 腾讯科技(深圳)有限公司 | Terminal logging method and system as well as server data processing method and system |
| CN103139172A (en) * | 2011-11-30 | 2013-06-05 | 阿里巴巴集团控股有限公司 | Service implementation method and device |
| CN103634265A (en) * | 2012-08-20 | 2014-03-12 | 腾讯科技(深圳)有限公司 | Method, device and system for security authentication |
| CN104125254A (en) * | 2013-04-27 | 2014-10-29 | 博雅网络游戏开发(深圳)有限公司 | Method and system for obtaining platform user data |
| CN104125485A (en) * | 2014-07-02 | 2014-10-29 | 深圳创维数字技术股份有限公司 | Method, equipment and system for sharing user information |
| CN106096440A (en) * | 2016-06-07 | 2016-11-09 | 四川长虹电器股份有限公司 | Union user management system and management method thereof |
| CN106330971A (en) * | 2016-11-02 | 2017-01-11 | 山东中创软件工程股份有限公司 | Authentication method, server and system based on stateless service |
| CN108667800A (en) * | 2018-03-30 | 2018-10-16 | 北京明朝万达科技股份有限公司 | A kind of authentication method and device of access rights |
| CN109547460A (en) * | 2018-12-12 | 2019-03-29 | 重庆邮电大学 | More granularity combined identity certification methods towards identity federation |
| CN110583105A (en) * | 2017-05-11 | 2019-12-17 | 株式会社富士 | Mounting machine management system |
| CN113765676A (en) * | 2021-09-18 | 2021-12-07 | 平安国际智慧城市科技股份有限公司 | Interface access control method based on multiple user identities and related equipment |
| CN116132141A (en) * | 2022-12-30 | 2023-05-16 | 中国人寿保险股份有限公司上海数据中心 | System and method for integrating office mail system and multiple identity authentication modes |
| CN113765676B (en) * | 2021-09-18 | 2024-05-24 | 平安国际智慧城市科技股份有限公司 | Interface access control method based on multiple identities of user and related equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1780206A (en) * | 2004-11-23 | 2006-05-31 | 华为技术有限公司 | Internet identity authentication and system |
| CN1805341A (en) * | 2006-01-11 | 2006-07-19 | 西安电子科技大学 | Network authentication and key allocation method across secure domains |
| CN1812403A (en) * | 2005-01-28 | 2006-08-02 | 广东省电信有限公司科学技术研究院 | Single-point logging method for realizing identification across management field |
| CN1897523A (en) * | 2006-06-26 | 2007-01-17 | 北京金山软件有限公司 | System and method for realizing single-point login |
-
2007
- 2007-10-31 CN CNA2007101766126A patent/CN101426009A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1780206A (en) * | 2004-11-23 | 2006-05-31 | 华为技术有限公司 | Internet identity authentication and system |
| CN1812403A (en) * | 2005-01-28 | 2006-08-02 | 广东省电信有限公司科学技术研究院 | Single-point logging method for realizing identification across management field |
| CN1805341A (en) * | 2006-01-11 | 2006-07-19 | 西安电子科技大学 | Network authentication and key allocation method across secure domains |
| CN1897523A (en) * | 2006-06-26 | 2007-01-17 | 北京金山软件有限公司 | System and method for realizing single-point login |
Non-Patent Citations (2)
| Title |
|---|
| 王颖: "基于SAML和身份映射的单点登录系统设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑2007年第01期》 * |
| 金斌,薛质: "单点登录机制的设计与应用", 《电信快报 2007年第6期》 * |
Cited By (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102065070B (en) * | 2009-11-18 | 2014-09-03 | 中国移动通信集团江苏有限公司 | Method and device for controlling information safety of telecommunications service (TS) |
| CN102065070A (en) * | 2009-11-18 | 2011-05-18 | 中国移动通信集团江苏有限公司 | Method and device for controlling information safety of telecommunications service (TS) |
| WO2011153850A1 (en) * | 2010-06-07 | 2011-12-15 | 中兴通讯股份有限公司 | System, method and terminal for implementing real-name system management |
| CN102299936A (en) * | 2010-06-25 | 2011-12-28 | 腾讯科技(深圳)有限公司 | Method and device for accessing application websites |
| CN102299936B (en) * | 2010-06-25 | 2015-07-22 | 腾讯科技(深圳)有限公司 | Method and device for accessing application websites |
| CN102469133A (en) * | 2010-11-15 | 2012-05-23 | 腾讯科技(深圳)有限公司 | Terminal logging method and system as well as server data processing method and system |
| CN102271041A (en) * | 2011-07-30 | 2011-12-07 | 任明和 | Root service system for personal identity authentication |
| CN102271041B (en) * | 2011-07-30 | 2013-08-14 | 杨勇 | Root service system for personal identity authentication |
| CN102413138A (en) * | 2011-11-24 | 2012-04-11 | 宇龙计算机通信科技(深圳)有限公司 | Method and device for realizing registration and popularization of cloud services |
| CN105376220A (en) * | 2011-11-30 | 2016-03-02 | 阿里巴巴集团控股有限公司 | Service implementation method and system and server |
| CN103139172B (en) * | 2011-11-30 | 2016-01-13 | 阿里巴巴集团控股有限公司 | A kind of service implementation method and device |
| CN103139172A (en) * | 2011-11-30 | 2013-06-05 | 阿里巴巴集团控股有限公司 | Service implementation method and device |
| CN105376220B (en) * | 2011-11-30 | 2019-09-17 | 阿里巴巴集团控股有限公司 | A kind of service implementation method, system and server |
| CN103634265B (en) * | 2012-08-20 | 2019-01-11 | 腾讯科技(深圳)有限公司 | Method, equipment and the system of safety certification |
| CN103634265A (en) * | 2012-08-20 | 2014-03-12 | 腾讯科技(深圳)有限公司 | Method, device and system for security authentication |
| CN104125254A (en) * | 2013-04-27 | 2014-10-29 | 博雅网络游戏开发(深圳)有限公司 | Method and system for obtaining platform user data |
| CN104125254B (en) * | 2013-04-27 | 2017-10-13 | 博雅网络游戏开发(深圳)有限公司 | Obtain the method and system of platform user data |
| CN104125485A (en) * | 2014-07-02 | 2014-10-29 | 深圳创维数字技术股份有限公司 | Method, equipment and system for sharing user information |
| CN104125485B (en) * | 2014-07-02 | 2018-03-16 | 深圳创维数字技术有限公司 | A kind of user profile shared method, equipment and system |
| CN106096440A (en) * | 2016-06-07 | 2016-11-09 | 四川长虹电器股份有限公司 | Union user management system and management method thereof |
| CN106096440B (en) * | 2016-06-07 | 2019-05-28 | 四川长虹电器股份有限公司 | Unified user management system and its management method |
| CN106330971A (en) * | 2016-11-02 | 2017-01-11 | 山东中创软件工程股份有限公司 | Authentication method, server and system based on stateless service |
| CN110583105A (en) * | 2017-05-11 | 2019-12-17 | 株式会社富士 | Mounting machine management system |
| CN110583105B (en) * | 2017-05-11 | 2021-02-26 | 株式会社富士 | Mounting machine management system and mounting machine |
| CN108667800A (en) * | 2018-03-30 | 2018-10-16 | 北京明朝万达科技股份有限公司 | A kind of authentication method and device of access rights |
| CN108667800B (en) * | 2018-03-30 | 2020-08-28 | 北京明朝万达科技股份有限公司 | Access authority authentication method and device |
| CN109547460A (en) * | 2018-12-12 | 2019-03-29 | 重庆邮电大学 | More granularity combined identity certification methods towards identity federation |
| CN109547460B (en) * | 2018-12-12 | 2020-12-04 | 重庆邮电大学 | Identity alliance-oriented multi-granularity joint identity authentication method |
| CN113765676A (en) * | 2021-09-18 | 2021-12-07 | 平安国际智慧城市科技股份有限公司 | Interface access control method based on multiple user identities and related equipment |
| CN113765676B (en) * | 2021-09-18 | 2024-05-24 | 平安国际智慧城市科技股份有限公司 | Interface access control method based on multiple identities of user and related equipment |
| CN116132141A (en) * | 2022-12-30 | 2023-05-16 | 中国人寿保险股份有限公司上海数据中心 | System and method for integrating office mail system and multiple identity authentication modes |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101426009A (en) | Identity management platform, service server, uniform login system and method | |
| CN101388773B (en) | Identity management platform, service server, uniform login system and method | |
| CN101420416B (en) | Identity management platform, service server, login system and method, and federation method | |
| CN103023918B (en) | The mthods, systems and devices logged in are provided for multiple network services are unified | |
| CN101399813B (en) | Identity combination method | |
| US7793095B2 (en) | Distributed hierarchical identity management | |
| CN101990183B (en) | Method, device and system for protecting user information | |
| EP2383946A1 (en) | Method, server and system for providing resource for an access user | |
| EP2107757A1 (en) | Identity management | |
| CN103220259A (en) | Using method, call method, device and system of Oauth application programming interface (API) | |
| CN103004244A (en) | Generic bootstrapping architecture usage with web applications and web pages | |
| CN101569217A (en) | Method and arrangement for integration of different authentication infrastructures | |
| CN110213223A (en) | Business management method, device, system, computer equipment and storage medium | |
| WO2012120106A1 (en) | Method and system for granting access to a secured website | |
| CN106789897B (en) | Digital certificate authentication method and system for application program for mobile terminal | |
| WO2010149222A1 (en) | Attribute management | |
| CN101453328A (en) | Identity management system and identity authentication system | |
| JP5565408B2 (en) | ID authentication system, ID authentication method, authentication server, terminal device, authentication method of authentication server, communication method of terminal device, and program | |
| CA2431311C (en) | Distributed hierarchical identity management | |
| EP2207303B1 (en) | Method, system and entity for bill authentication in network serving | |
| JP2005267529A (en) | Login authentication method, login authentication system, authentication program, communication program, and storage medium | |
| CN113411324B (en) | Method and system for realizing login authentication based on CAS and third-party server | |
| CN104301285B (en) | Login method for web system | |
| Wang et al. | A framework for formal analysis of privacy on SSO protocols | |
| JP4914725B2 (en) | Authentication system, authentication program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20090506 |