CN101616414A - Method, system and server that terminal is authenticated - Google Patents
Method, system and server that terminal is authenticated Download PDFInfo
- Publication number
- CN101616414A CN101616414A CN200810115406A CN200810115406A CN101616414A CN 101616414 A CN101616414 A CN 101616414A CN 200810115406 A CN200810115406 A CN 200810115406A CN 200810115406 A CN200810115406 A CN 200810115406A CN 101616414 A CN101616414 A CN 101616414A
- Authority
- CN
- China
- Prior art keywords
- terminal
- verify data
- authentication request
- authentication
- information forwarding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of method that terminal is authenticated, this method comprises: authentication information forwarding server receives the authentication request of self terminal, and this authentication request comprises terminal iidentification and verify data; The form of the verify data that authentication information forwarding server can be discerned according to the home network of terminal is handled the described verify data in the authentication request of coming self terminal, and the authentication request that will carry the verify data after handling sends to home network; Described home network authenticates described terminal according to terminal iidentification and the verify data in the authentication request that receives, and the return authentication result.By the present invention, the form of the verify data that can discern between the home network of current access network of terminal and terminal can correctly not carried out verification process simultaneously.The invention discloses a kind of system and server that terminal is authenticated.
Description
Technical field
The present invention relates to the data transmission technology of the communications field, relate in particular to a kind of method, system and server that terminal is authenticated.
Background technology
In communication system, when the current access network of terminal is not the home network of this terminal, the miscellaneous service that terminal is initiated to current access network is (as using WLAN (wireless local area network) (the Wireless LAN of access network, when WLAN) business) asking, current access network all needs the legitimacy of this terminal is authenticated, and this verification process comprises:
1, terminal is initiated authentication request to current access network, comprises the username and password of terminal in this authentication request.
2, current access network is forwarded to this authentication request the home network of this terminal.
3, the home network of terminal utilizes username and password in the authentication request to this user legal authentication whether, and authentication result is returned to the current access network of terminal.
If 4 authentication results of returning are validated users for this terminal, then current access network thinks that terminal authentication passes through, and provides corresponding business to terminal; Otherwise if the authentication result of returning is illegal user for this terminal, then current access network can be refused to provide corresponding business for terminal.
In the communication process of reality, the password form difference of the different network storages, the password form that can discern are also different.If the password form that the home network of terminal is stored, discerned with current access network is different, the home network of terminal can not correctly be discerned the password in the authentication request that is sent by current access network that receives so, therefore, the verification process of terminal can't normally be realized.For example, the home network of terminal adopts expressly password is stored and sent, and also can only discern the expressly authentication password of form; And the current Access Network Luoque of terminal is to utilize certain cryptographic algorithm (as adopting challenge handshake authentication protocol (Challenge Handshake Authentication Protocol, CHAP) cryptographic algorithm) password is encrypted back storage and transmission, and also can only discern with the password after this cryptographic algorithm encryption.In this case, after current access network receives the username and password of terminal transmission, send to the home network of terminal after according to certain cryptographic algorithm password being encrypted, at this moment, home network can't correctly be discerned the password in the authentication request, therefore, return wrong authentication result or return authentication result not probably, verification process can't normally be carried out.
Summary of the invention
The embodiment of the invention provides a kind of method, system and server that terminal is authenticated, with solve exist in the prior art because the form of the verify data that the home network of terminal and current access network can be discerned respectively is different, the problem that causes verification process normally to carry out.
A kind of method that terminal is authenticated, this method comprises:
Authentication information forwarding server receives the authentication request of self terminal, and this authentication request comprises terminal iidentification and verify data;
The form of the verify data that authentication information forwarding server can be discerned according to the home network of terminal is handled the described verify data in the authentication request of coming self terminal, and the authentication request that will carry the verify data after handling sends to home network;
Described home network authenticates described terminal according to terminal iidentification and the verify data in the authentication request that receives, and the return authentication result.
A kind of system that terminal is authenticated, this system comprises:
Authentication information forwarding server, be used for the authentication request that receiving terminal sends, described authentication request comprises terminal iidentification and verify data, and the form of the verify data that can discern according to the home network of described terminal, described verify data in the described authentication request is handled, sent the authentication request of having carried the verify data after handling;
The home network server of terminal is used to receive the described authentication request that authentication information forwarding server sends, according to terminal iidentification in the authentication request that receives and verify data described terminal authenticated, and the return authentication result.
A kind of authentication information forwarding server, this server comprises:
Receiver module is used to receive the authentication request of self terminal, and described authentication request comprises terminal iidentification and verify data;
Processing module is used for the form of the verify data that can discern according to the home network of described terminal, and the described verify data in the described authentication request is handled;
Sending module, the authentication request that has been used for having carried the described verify data after the processing sends to the home network of described terminal.
The form of the verify data that the embodiment of the invention can be discerned between the home network of current access network of terminal and terminal is not simultaneously, send to home network after by authentication information forwarding server verify data being handled according to the requirement of home network, allow home network can correctly discern verify data, and obtain authentication result according to verify data, correctly carried out verification process, then the current access network of terminal can be carried out corresponding operation to terminal according to authentication result.
Description of drawings
The method flow schematic diagram of Fig. 1 in the embodiment of the invention one terminal being authenticated;
Fig. 2 is the signaling process schematic diagram when the roaming state terminal is visiting in the embodiment of the invention two;
Fig. 3 is the signaling process schematic diagram when the roaming state terminal is gone aboard for visit in the embodiment of the invention three;
The system configuration schematic diagram of Fig. 4 in the embodiment of the invention four terminal being authenticated;
Fig. 5 is the structural representation of authentication information forwarding server in the embodiment of the invention five.
Embodiment
Below in conjunction with Figure of description the present invention is described in detail.
The zone that home network and current access network covered that relates to terminal in various embodiments of the present invention can not overlap fully, can part not overlap, and also can overlap fully, and these two network storages are different with the form of the verify data that can discern.Verify data is meant the data of using when the home network of terminal authenticates terminal, comprises data such as password.The form of verify data comprises: expressly form or encrypt according to certain cryptographic algorithm after form.
As shown in Figure 1, the method flow schematic diagram in the embodiment of the invention one terminal being authenticated said method comprising the steps of:
Step 101: authentication information forwarding server receives the authentication request of self terminal, comprises terminal iidentification and verify data in this authentication request.
Authentication information forwarding server is saved in terminal iidentification and the verify data that receives in the database, and sets up the corresponding relation between described terminal iidentification and the verify data simultaneously.Described terminal iidentification includes but not limited to that user name of described terminal etc. is used to characterize the information of this terminal identity, and described verify data comprises but is not limited to password etc. and is used to the verify data that allows home network that the legitimacy of this terminal is judged.
The authentication information forwarding server that relates in the various embodiments of the present invention can be the server in the current access network of terminal, also can be the server in the home network, can also be the independently server that can communicate with current access network and home network.
Step 102: the form of the verify data that authentication information forwarding server can be discerned according to the home network of terminal the verify data in the authentication request of coming self terminal is handled, and the authentication request after will handling sends to home network.
In this step, authentication information forwarding server verify data to be processed must be the plaintext form, if the verify data in the authentication request of the original transmission of terminal itself is exactly the plaintext form, then this moment, authentication information forwarding server can directly be handled the verify data that receives; If the verify data in the authentication request of the original transmission of terminal is not the plaintext form, then authentication information forwarding server must be discerned the form of this verify data, and can be the plaintext form with the formal transformation of this verify data, authentication information forwarding server is expressly it to be handled after the form with the formal transformation of this verify data again.
Step 103: described home network authenticates terminal according to the described authentication request that receives, and the return authentication result, and this moment, a verification process can finish, and authentication result can be transmitted to the current access network of terminal by authentication information forwarding server.
Between step 101 in the present embodiment and the step 102, except the authentication request that the authentication information forwarding server receiving terminal sends, the authentication request that the current access network of terminal also can receiving terminal sends, the current access network of terminal receives the method for the authentication request of self terminal to include but not limited to following two kinds:
First method: terminal sends described authentication request to authentication information forwarding server, after this authentication information forwarding server receives described authentication request, this authentication request is transmitted to the network that terminal inserts.
Second method: terminal directly sends described authentication request to authentication information forwarding server and current access network.
In the verification process of reality, can initiate authentication request to the home network of terminal by the current access network triggering authentication of terminal information forwarding server, therefore, between step 101 and step 102, the current access network of terminal is after receiving the authentication request of self terminal, can also and authentication information forwarding server between carry out information interaction, triggering authentication information forwarding server is initiated authentication request to home network, this information interactive process comprises following two steps:
The first step: the current access network of terminal sends to authentication information forwarding server to after receiving described verify data in the authentication request and operating according to imposing a condition with this authentication request.
Impose a condition can be according to current access network the form of the verify data that can store and discern determine, for example, if the described verify data that terminal sends is the plaintext form, and the verify data that current access network can be stored and discern also is a form expressly, and then imposing a condition can be the verify data of the plaintext form that receives not to be handled; If the verify data that current access network can be stored and discern is the form after encrypting according to the CHAP cryptographic algorithm, then imposing a condition can be according to the CHAP cryptographic algorithm verify data to be encrypted.
Because the current access network of terminal does not need according to described verify data the legitimacy of terminal to be judged, even the form of described verify data is current access network can not discern also it doesn't matter, current access network as long as to the verify data that receives according to the processing that imposes a condition.
Second step: authentication information forwarding server receives that current access network sends carried authentication request according to the verify data after the operation that imposes a condition after, therefrom determine terminal iidentification, and always determine corresponding verify data in the authentication request of self terminal according to the terminal iidentification of determining.
For example: the content in the authentication request of coming self terminal that authentication information forwarding server receives is: terminal iidentification " A ", verify data " 123 "; Content in the authentication request that current access network sends is: terminal iidentification " A ", and verify data " abc ", wherein, " abc " obtains " 123 " according to the operation back that imposes a condition.Authentication information forwarding server determines that according to terminal iidentification " A " in the authentication request of current access network transmission this terminal iidentification " A " corresponding verify data in coming the authentication request of self terminal is " 123 ".
After executing above-mentioned second step, authentication information forwarding server just can be according to the operation of the verify data execution in step of determining 102.In the scheme of the embodiment of the invention, also can not carry out the above first step and the operation in second step, receive the authentication request of self terminal by authentication information forwarding server after, just the form of the verify data that can discern according to the home network of terminal is handled the described verify data in the authentication request of coming self terminal.
In step 102, authentication information forwarding server need be determined the verify data form that the home network of terminal can be discerned, and it is multiple that this determines that mode can have, and includes but not limited to:
1, terminal is carried the home network information of this terminal when authentication information forwarding server sends authentication request;
2, authentication information forwarding server is determined the home network of this terminal according to the terminal iidentification in the authentication request of terminal transmission;
3, the current access network of terminal is determined the home network of this terminal according to the terminal iidentification in the authentication request, and the information of this home network is sent to authentication information forwarding server.
After authentication information forwarding server is determined the home network of terminal, the corresponding relation of the verify data form that can discern according to network and this network, find out the form of the verify data that the home network of described terminal can discern, the verify data of coming self terminal is operated accordingly.The corresponding relation of the verify data form that the network here and this network can be discerned can be kept in the authentication information forwarding server, also can be kept in the independent community that can communicate with authentication information forwarding server, can also be kept in the current access network of terminal.
By of the description of above step 101 to step 103, the form of the verify data that can store and discern respectively at the current access network of terminal and home network not simultaneously, the normal execution of the verification process of having realized.Further, when described terminal also needs to initiate to authenticate once more, the sign that in the authentication request that authentication information forwarding server sends, can only comprise this terminal, authentication information forwarding server is carried out follow-up identifying procedure after can finding out the verify data of described terminal according to the terminal iidentification of setting up and preserving and the corresponding relation between the verify data.
It is multiple that the home network of terminal and current access network are that the situation of two heterogeneous networks has, and typical situation is the situation that terminal is in roaming state.Be example with the roaming state below, the method for embodiment one is further described.
As shown in Figure 2, for in the embodiment of the invention two in roaming state, signaling process schematic diagram when terminal is visiting, in the present embodiment, what the current access network of terminal (being access zone network) was stored and discerned is according to the verify data after the encryption of CHAP cryptographic algorithm, that the home network of terminal (being belonging area network) is stored and discerned is Password Authentication Protocol (Password Authentication Protocol, PAP) plaintext authentication data, the information between access zone network and the belonging area network is transmitted and is realized by authentication information forwarding server.Authentication information forwarding server can be made up of roaming secondary inlet (Portal) server and intermediate server that the roaming service merchant provides in the present embodiment, and the WLAN business datum is obtained in the current requirement of terminal.The flow process of the embodiment of the invention two is as follows:
Step 2001: when terminal is in roaming state, with the access point on visit ground (Access Point, AP)/(Authentication Controller AC) surveys, association controller for authentication, and obtains the IP address.
Step 2002: terminal sends to the AC on visit ground with the WLAN service request, and this service request is redirected to the one-level Portal server on visit ground by AC.
Step 2003: the one-level Portal server on visit ground is determined the ownership place of this terminal, and described service request is redirected to roaming secondary Portal server.
The one-level Portal server on visit ground determines that the ownership place of this terminal can be initiatively to determine according to the information such as sign of terminal, also can be that terminal is selected behind the ownership place this information of home location to be sent to the one-level Portal server.
Step 2004: roaming secondary Portal server is to the terminal pushing certification page.
Step 2005: terminal is by the username and password in the request of described certification page input authentication.
Step 2006: roaming secondary Portal server backs up the username and password that receives in database with the plaintext form.
Step 2007: roaming secondary Portal server is transmitted to the authentication request that receives the one-level Portal server on visit ground.
Step 2008: the one-level Portal server on visit ground sends the information of request challenge (Challenge) to the AC on visit ground.
Step 2009: the AC on visit ground sends the Challenge information of distributing to the one-level Portal server on visit ground.
Step 2010: the one-level Portal server on visit ground sends to authentication request the AC on visit ground.
Step 2011: the AC on visit ground encrypts the password in the authentication request according to the CHAP cryptographic algorithm, and the authentication request behind the cryptographic operation is sent to the aaa server on visit ground.
Step 2012: the authentication request of the aaa server on visit ground after the intermediate server forwarding has been carried out cryptographic operation according to the CHAP cryptographic algorithm.
Step 2013: intermediate server finds out the password of this user name corresponding plaintext form from the information that has backed up according to the user name in the authentication request of having carried out behind the cryptographic operation.
Step 2014: the authentication request that intermediate server will carry the password of described plaintext form sends to the ownership place aaa server of terminal.
Step 2015: the ownership place aaa server of terminal authenticates terminal according to terminal user name and the password in the authentication request that receives, and to intermediate server return authentication result.
That returns simultaneously in this step, can also have authorization message.
Step 2016: intermediate server returns to authentication result the aaa server on visit ground.
Step 2017: the aaa server on visit ground is transmitted to the AC that visits ground with authentication result, is judged whether to allow the service request of terminal according to authentication result by AC.
By above 17 the step finished in roaming state, verification process when terminal is visiting, follow-up in step 2018 to step 2020, can also push the page that has comprised authentication result to terminal by the AC on visit ground one-level Portal server and the roaming secondary Portal server by visit ground.
As shown in Figure 3, be the signaling process schematic diagram when international roaming state terminal is gone aboard for visit in the embodiment of the invention three, in the present embodiment, what suppose the current access network of terminal (being access zone network) storage and identification is PAP plaintext authentication data, what the home network of terminal (being belonging area network) was stored and discerned is according to the verify data after the encryption of CHAP cryptographic algorithm, data forwarding between visit ground and the ownership place realizes by authentication information forwarding server, equally, authentication information forwarding server can be made up of roaming secondary Portal server and intermediate server that the roaming service merchant provides in the present embodiment, and the WLAN business datum is obtained in the current requirement of terminal.The flow process of the embodiment of the invention three is as follows:
Step 3001 in the present embodiment is identical to step 2010 with step 2001 among the embodiment two to step 3010.
Step 3011: the authentication request that the AC on visit ground will carry the password of plaintext form sends to the aaa server of visiting ground.
Step 3012: the authentication request that the aaa server on visit ground sends to the AC on intermediate server forwarding visit ground.
Step 3013: the form that intermediate server can be discerned according to ownership place, the password in the authentication request is encrypted according to the CHAP cryptographic algorithm.
Step 3014: intermediate server will carry out the ownership place that authentication request behind the cryptographic operation sends to terminal.
Step 3015 is identical to step 2020 with step 2015 to step 3020.
Each server in the visit ground that relates in the embodiment of the invention two and embodiment three can be referred to as the current access network server of terminal, and each server in the ownership place can be referred to as the home network server.
Corresponding with the embodiment of the invention one to embodiment three, the embodiment of the invention four also provides a kind of system that terminal is authenticated, as shown in Figure 4, this system comprises the home network server 12 of authentication information forwarding server 11 and terminal, wherein: authentication information forwarding server 11 is used for the authentication request that receiving terminal sends, described authentication request comprises terminal iidentification and verify data, and the form of the verify data that can discern according to the home network of described terminal, described verify data in the described authentication request is handled, sent the authentication request of having carried the verify data after handling; The home network server 12 of terminal is used to receive the described authentication request that authentication information forwarding server 11 sends, according to terminal iidentification in the authentication request that receives and verify data described terminal authenticated, and the return authentication result.
Described system also comprises the current access network server 13 of terminal, be used to receive the described authentication request of self terminal, verify data in this authentication request is handled according to imposing a condition, the authentication request of having carried the verify data after handling is sent to authentication information forwarding server 11.
Described authentication information forwarding server 11 also is used for setting up and preserves the authentication request terminal iidentification of self terminal and the corresponding relation of verify data, behind the terminal iidentification in the authentication request that current access network server 13 sends by terminal that receives, from described corresponding relation, find out the verify data of this terminal iidentification correspondence.
The embodiment of the invention five also provides a kind of authentication information forwarding server, server can be an authentication information forwarding server among the embodiment four, as shown in Figure 5, this server comprises receiver module 21, processing module 22 and sending module 23, wherein: receiver module 21 is used to receive the authentication request of self terminal, and described authentication request comprises terminal iidentification and verify data; Processing module 22 is used for the form of the verify data that can discern according to the home network of described terminal, and the described verify data in the described authentication request is handled; Sending module 23 be used for will carry the authentication request of the described verify data after handling send to the home network of described terminal.
Described receiver module 21 also is used to receive the authentication request of the current access network of self terminal, verify data in this authentication request is the verify data after the described verify data of self terminal is in the future handled according to imposing a condition, and terminal iidentification is identical with terminal iidentification in the authentication request of coming self terminal.
Described processing module 22 further comprises: corresponding relation is set up unit 31, determining unit 32, is searched unit 33 and performance element 34, and wherein: corresponding relation is set up unit 31 and is used for setting up and preserves the authentication request terminal iidentification of self terminal and the corresponding relation of verify data; Determining unit 32 is used for determining to come the terminal iidentification of the authentication request of the current access network of self terminal; Search unit 33 and be used for the definite described terminal iidentification of basis finds out this terminal iidentification correspondence from described corresponding relation verify data; Performance element 34 is used for the form of the verify data that can discern according to the home network of described terminal, and the described verify data that finds out is handled.
Method, system and the server that terminal is authenticated that provide by the embodiment of the invention, the verify data form that can discern at the current access network of terminal and terminal home network is not simultaneously, also can the correct execution verification process, according to authentication result terminal is carried out corresponding operation by the current access network of terminal; Particularly be applied in the roam procedure, can allow the current access network of terminal correctly know the legitimacy of terminal, can provide better business for terminal according to the present invention program; In addition, the present invention transforms less to existing network system, and improvement cost is lower, and owing to the distributed adjustment of having avoided the network equipment, provides the stability of equipment.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (12)
1, a kind of method that terminal is authenticated is characterized in that, this method comprises:
Authentication information forwarding server receives the authentication request of self terminal, and this authentication request comprises terminal iidentification and verify data;
The form of the verify data that authentication information forwarding server can be discerned according to the home network of terminal is handled the described verify data in the authentication request of coming self terminal, and the authentication request that will carry the verify data after handling sends to home network;
Described home network authenticates described terminal according to terminal iidentification and the verify data in the authentication request that receives, and the return authentication result.
2, the method for claim 1 is characterized in that, when authentication information forwarding server receives the described authentication request of self terminal, and the corresponding relation of terminal iidentification and verify data in foundation and the preservation authentication request.
3, method as claimed in claim 2 is characterized in that, authentication information forwarding server also comprises before the described verify data in the authentication request of coming self terminal is handled:
The current access network of terminal receives the authentication request of self terminal;
Verify data in the authentication request that receives is handled according to imposing a condition;
The authentication request of having carried according to the verify data after handling that imposes a condition is sent to authentication information forwarding server.
4, method as claimed in claim 3, it is characterized in that, the authentication request of the verify data after the current access network of terminal will carry and handle according to imposing a condition sends to after the authentication information forwarding server, and authentication information forwarding server also comprises before the described verify data in the authentication request of coming self terminal is handled:
Terminal iidentification in the authentication request that sends by the current access network of terminal that authentication information forwarding server is determined to receive;
Find out the verify data of this terminal iidentification correspondence in the described corresponding relation according to the described terminal iidentification preservation of determining.
5, method as claimed in claim 2 is characterized in that, after the described home network return authentication result, described method also comprises:
Authentication information forwarding server receives the authentication request of self terminal once more, and this authentication request comprises terminal iidentification;
Find out the verify data of the terminal iidentification correspondence in the authentication request that receives once more according to the described corresponding relation of preserving;
The verify data that finds out can the identification form be handled according to the home network of terminal, and the authentication request that will carry the verify data after handling sends to home network.
6, the method for claim 1, it is characterized in that, the form of the verify data in the described authentication request is the plaintext form, perhaps the form of this verify data is the form that authentication information forwarding server can be discerned, and authentication information forwarding server can be the plaintext form with the formal transformation of this verify data.
7, a kind of system that terminal is authenticated is characterized in that, this system comprises:
Authentication information forwarding server, be used for the authentication request that receiving terminal sends, described authentication request comprises terminal iidentification and verify data, and the form of the verify data that can discern according to the home network of described terminal, described verify data in the described authentication request is handled, sent the authentication request of having carried the verify data after handling;
The home network server of terminal is used to receive the described authentication request that authentication information forwarding server sends, according to terminal iidentification in the authentication request that receives and verify data described terminal authenticated, and the return authentication result.
8, system as claimed in claim 7 is characterized in that, described system also comprises:
The current access network server of terminal is used to receive the described authentication request of self terminal, and the verify data in this authentication request is handled according to imposing a condition, and the authentication request of having carried the verify data after handling is sent to authentication information forwarding server.
9, system as claimed in claim 8 is characterized in that,
Described authentication information forwarding server, also be used for setting up and preserve the authentication request terminal iidentification of self terminal and the corresponding relation of verify data, behind the terminal iidentification in the authentication request that current access network server sends by terminal that receives, from described corresponding relation, find out the verify data of this terminal iidentification correspondence.
10, a kind of authentication information forwarding server is characterized in that, this server comprises:
Receiver module is used to receive the authentication request of self terminal, and described authentication request comprises terminal iidentification and verify data;
Processing module is used for the form of the verify data that can discern according to the home network of described terminal, and the described verify data in the described authentication request is handled;
Sending module, the authentication request that has been used for having carried the described verify data after the processing sends to the home network of described terminal.
11, authentication information forwarding server as claimed in claim 10 is characterized in that,
Described receiver module, also be used to receive the authentication request of the current access network of self terminal, verify data in this authentication request is the verify data after the described verify data of self terminal is in the future handled according to imposing a condition, and terminal iidentification is identical with terminal iidentification in the authentication request of coming self terminal.
12, authentication information forwarding server as claimed in claim 11 is characterized in that, described processing module comprises:
Corresponding relation is set up the unit, is used for setting up and preserves the authentication request terminal iidentification of self terminal and the corresponding relation of verify data;
Determining unit is used for determining to come the terminal iidentification of the authentication request of the current access network of self terminal;
Search the unit, be used for finding out from described corresponding relation the verify data of this terminal iidentification correspondence according to the described terminal iidentification of determining;
Performance element is used for the form of the verify data that can discern according to the home network of described terminal, and the described verify data that finds out is handled.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810115406A CN101616414A (en) | 2008-06-23 | 2008-06-23 | Method, system and server that terminal is authenticated |
| PCT/CN2009/000701 WO2009155787A1 (en) | 2008-06-23 | 2009-06-23 | Terminal authentication method, system and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810115406A CN101616414A (en) | 2008-06-23 | 2008-06-23 | Method, system and server that terminal is authenticated |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101616414A true CN101616414A (en) | 2009-12-30 |
Family
ID=41443989
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810115406A Pending CN101616414A (en) | 2008-06-23 | 2008-06-23 | Method, system and server that terminal is authenticated |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101616414A (en) |
| WO (1) | WO2009155787A1 (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102448061A (en) * | 2011-11-18 | 2012-05-09 | 王黎明 | Method and system for preventing phishing attack on basis of mobile terminal |
| CN102917354A (en) * | 2011-08-03 | 2013-02-06 | 中兴通讯股份有限公司 | Access method and system as well as mobile intelligent access point |
| CN103107985A (en) * | 2012-12-04 | 2013-05-15 | 百度在线网络技术(北京)有限公司 | Cloud terminal authentication method, system and device |
| CN103856933A (en) * | 2012-11-30 | 2014-06-11 | 中国移动通信集团公司 | Authentication method and device of roaming terminal, and server |
| CN104333855A (en) * | 2014-10-31 | 2015-02-04 | 北京思特奇信息技术股份有限公司 | Wireless broadband authorization method and system of roaming forwarding |
| CN106603461A (en) * | 2015-10-14 | 2017-04-26 | 阿里巴巴集团控股有限公司 | Business authentication method, apparatus and system |
| CN106790251A (en) * | 2017-01-24 | 2017-05-31 | 中国联合网络通信集团有限公司 | User access method and subscriber access system |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105306485B (en) * | 2015-11-13 | 2018-07-24 | 上海斐讯数据通信技术有限公司 | Network access authentication method, certificate server and its place Verification System |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1502420A4 (en) * | 2002-04-22 | 2009-06-10 | Qualcomm Inc | Method and apparatus for access network authentication |
| JP2004118642A (en) * | 2002-09-27 | 2004-04-15 | Nec Corp | Contents providing server, contents providing method and contents providing program |
| CN100401670C (en) * | 2004-03-26 | 2008-07-09 | 中兴通讯股份有限公司 | Allopatic access authentication method of mobile terminal of radio LAN |
| CN101018130B (en) * | 2007-02-15 | 2010-09-08 | 物方恒德(北京)投资咨询有限公司 | Finance business system and finance business processing method |
-
2008
- 2008-06-23 CN CN200810115406A patent/CN101616414A/en active Pending
-
2009
- 2009-06-23 WO PCT/CN2009/000701 patent/WO2009155787A1/en active Application Filing
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102917354A (en) * | 2011-08-03 | 2013-02-06 | 中兴通讯股份有限公司 | Access method and system as well as mobile intelligent access point |
| CN102917354B (en) * | 2011-08-03 | 2018-04-13 | 中兴通讯股份有限公司 | A kind of cut-in method, system and intelligent movable access point |
| CN102448061A (en) * | 2011-11-18 | 2012-05-09 | 王黎明 | Method and system for preventing phishing attack on basis of mobile terminal |
| CN102448061B (en) * | 2011-11-18 | 2015-07-22 | 王黎明 | Method and system for preventing phishing attack on basis of mobile terminal |
| CN103856933A (en) * | 2012-11-30 | 2014-06-11 | 中国移动通信集团公司 | Authentication method and device of roaming terminal, and server |
| CN103856933B (en) * | 2012-11-30 | 2017-03-22 | 中国移动通信集团公司 | Authentication method and device of roaming terminal, and server |
| CN103107985B (en) * | 2012-12-04 | 2016-01-20 | 百度在线网络技术(北京)有限公司 | A kind of cloud terminal authentication, system and device |
| CN103107985A (en) * | 2012-12-04 | 2013-05-15 | 百度在线网络技术(北京)有限公司 | Cloud terminal authentication method, system and device |
| CN104333855A (en) * | 2014-10-31 | 2015-02-04 | 北京思特奇信息技术股份有限公司 | Wireless broadband authorization method and system of roaming forwarding |
| CN104333855B (en) * | 2014-10-31 | 2018-04-27 | 北京思特奇信息技术股份有限公司 | A kind of method and system of WiMAX certification roaming forwarding |
| CN106603461A (en) * | 2015-10-14 | 2017-04-26 | 阿里巴巴集团控股有限公司 | Business authentication method, apparatus and system |
| CN106790251A (en) * | 2017-01-24 | 2017-05-31 | 中国联合网络通信集团有限公司 | User access method and subscriber access system |
| CN106790251B (en) * | 2017-01-24 | 2020-05-05 | 中国联合网络通信集团有限公司 | User access method and user access system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2009155787A1 (en) | 2009-12-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP3869392B2 (en) | User authentication method in public wireless LAN service system and recording medium storing program for causing computer to execute the method | |
| US8191124B2 (en) | Systems and methods for acquiring network credentials | |
| CN101621801B (en) | Method, system, server and terminal for authenticating wireless local area network | |
| CN101123811B (en) | Apparatus and method for managing stations associated with WPA-PSK wireless network | |
| US9025769B2 (en) | Method of registering smart phone when accessing security authentication device and method of granting access permission to registered smart phone | |
| US20070098176A1 (en) | Wireless LAN security system and method | |
| CN101616414A (en) | Method, system and server that terminal is authenticated | |
| JP2018519706A (en) | Method, network access device, application server, and non-volatile computer readable storage medium for causing a network access device to access a wireless network access point | |
| EP3748928A1 (en) | Method and system for apparatus awaiting network configuration to access hot spot network apparatus | |
| JP5276593B2 (en) | System and method for obtaining network credentials | |
| US9774593B2 (en) | Private simultaneous authentication of equals | |
| DK2924944T3 (en) | Presence authentication | |
| CN101986598B (en) | Authentication method, server and system | |
| JP4504970B2 (en) | Virtual wireless local area network | |
| CN101102188A (en) | A method and system for mobile access to VLAN | |
| US20070165582A1 (en) | System and method for authenticating a wireless computing device | |
| US20200274868A1 (en) | Server-based setup for connecting a device to a local area network | |
| US20050071682A1 (en) | Layer 2 switch device with verification management table | |
| CN101578841A (en) | Authentication in communication networks | |
| EP2206400A1 (en) | Systems and methods for wireless network selection | |
| CN106559785B (en) | Authentication method, device and system, access device and terminal | |
| US9161375B2 (en) | Method for sharing access to a wireless LAN access point | |
| CN105763517A (en) | Router security access and control method and system | |
| CN104247485A (en) | Network application function authorisation in a generic bootstrapping architecture | |
| CN108599968B (en) | Information broadcasting method for urban Internet of things |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20091230 |