CN102421098A - User authentication method, device and system - Google Patents
User authentication method, device and system Download PDFInfo
- Publication number
- CN102421098A CN102421098A CN2010102945873A CN201010294587A CN102421098A CN 102421098 A CN102421098 A CN 102421098A CN 2010102945873 A CN2010102945873 A CN 2010102945873A CN 201010294587 A CN201010294587 A CN 201010294587A CN 102421098 A CN102421098 A CN 102421098A
- Authority
- CN
- China
- Prior art keywords
- terminal
- access request
- user
- carrying
- unique identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a user authentication method, device and system. The user authentication method comprises the following steps of: receiving a first access request carrying a terminal unique identification, transmitted by a user terminal, by a WLAN (Wireless Local Area Network) side; querying the legality of the terminal unique identification carried by the first access request by executing message interaction on an application system storing the legal terminal unique identification in a cellular mobile communication network; and determining that the user terminal authentication is successful after determining that the terminal unique identification carried in the first access request is legal. Through the scheme provided by the embodiment of the invention, the efficiency of the user authentication in the WLAN is improved.
Description
Technical field
The present invention relates to wireless communication technology field, relate in particular to a kind of user authen method, Apparatus and system.
Background technology
In the web authentication mechanism of WLAN WLAN, user's authentication is accomplished by access controller AC, door Portal server and RADIUS (Remote Authentication Dial In User Service) certificate server jointly at present.During authentification of user, after user terminal and access point AP connect, and accomplish dhcp address between the AC and distribute; Be that AC distributes the address for this user terminal, AC notice Portal server sends certification page to this user terminal, and this user sends to Portal server through user terminal with user name and user cipher; Then; The common authentication of accomplishing this user of AC, Portal server and RADIUS authentication server after authentication is passed through, is sent authentication by Portal to this user terminal and is passed through the page.
After authentification of user passes through, can keep a session status table among the AC, be used to write down user conversation, i.e. this user terminal address of storage in the session status table through authentication.At present; Generally with IP address or IP address+MAC Address identification index as this session status table; When the subsequent network side is received the access request of this user terminal transmission; If the source IP address of this client or source IP address+source MAC Already in the record of current sessions state table, think that then this user terminal through authentication, determines that it is validated user.
Based on the web authentication mechanism of above-mentioned WLAN, after each user terminal inserts WLAN for the first time, before visited WLAN, all need carry out authentication through the input username and password, influence user experience.In order to address this problem; Regular authentication-exempt mechanism based on Cookie has been proposed; Promptly after user terminal adopts the authentication of above-mentioned web authentication mechanism to pass through, when network side is given user terminal at the pushing certification success page, send encryption Cookie to user terminal; Wherein carry user name, this authentication through information such as time, term of validity information, user terminal this encryption Cookie that storage receives in this locality.When this SS later inserts WLAN once more; When network side sends authentication request; Carried this encryption Cookie in the authentication request; Network side obtains this encryption Cookie from this authentication request, and based on the information of carrying among this encryption Cookie this user terminal is carried out authentication, can confirm directly that in valid expiration date this user end certification passes through; And do not need again to send certification page to this user terminal, user terminal also returns to network side again behind the username and password and carries out authentication with regard to no longer importing.Compare above-mentioned web authentication mechanism, reduced the information interaction of user terminal and network side in the identifying procedure, reduced the processing time of authentification of user, improved authentication efficient, and saved the processing resource of system, also with regard to the corresponding user experience that increased.
But, also need user's accounts information of input when logining acquisition Cookie for the first time after all based on the scheme of Cookie, simultaneously; After authentication-exempt valid expiration date arrival based on Cookie; After user terminal inserts WLAN once more, still need carry out authentification of user, promptly for regular authentication-exempt mechanism based on Cookie based on the web authentication mechanism of above-mentioned WLAN; In authentication efficient, the user experience aspect still needs further to improve.
Summary of the invention
The embodiment of the invention provides a kind of user authen method, Apparatus and system, in order to improve the efficient of authentification of user among the WLAN.
The embodiment of the invention provides a kind of user authen method, comprising:
The wireless lan network side joint is received carried terminal uniquely identified first access request that user terminal sends; And
Through with cellular mobile communications networks in store legal terminal uniquely identified application system and carry out interacting message, inquire about the terminal uniquely identified legitimacy of carrying in first access request;
After the terminal unique identification that in confirming first access request, carries is legal, confirm that said user end certification passes through.
The embodiment of the invention also provides a kind of user terminal, comprising:
Generation unit is used to generate terminal uniquely identified first access request of carrying this user terminal;
First transmitting element is used for sending said first access request to the wireless lan network side.
The embodiment of the invention also provides a kind of user authentication device, comprising:
Second receiving element is used for receiving carried terminal uniquely identified first access request that user terminal sends through WLAN;
Processing unit is used for carrying out interacting message through storing legal terminal uniquely identified application system with cellular mobile communications networks, inquires about the terminal uniquely identified legitimacy of carrying in first access request;
Confirm the unit, be used for after the terminal unique identification that definite first access request is carried is legal, confirming that said user end certification passes through.
The embodiment of the invention also provides a kind of customer certification system, comprising: the user authentication device in user terminal and the WLAN, wherein:
Said user terminal is used for sending carried terminal uniquely identified first access request to said user authentication device;
Said user authentication device is used for carrying out interacting message through storing legal terminal uniquely identified application system with cellular mobile communications networks, inquires about the terminal uniquely identified legitimacy of carrying in first access request; And the terminal unique identification that in confirming first access request, carries confirms that said user end certification passes through when legal.
In the method that the embodiment of the invention provides; User terminal has carried the terminal unique identification in first access request of sending to the wlan network side; The wlan network side after getting access to this terminal unique identification, through with cellular mobile communications networks in store the interacting message of legal terminal uniquely identified application system, inquire about this terminal uniquely identified legitimacy of carrying in first access request; And after definite this terminal unique identification is legal, confirm that this user end certification passes through.Owing to store legal terminal unique identification in the related application system in the cellular mobile communications networks; The pairing user terminal of these terminal unique identifications all is to carry out the legal users terminal that authentication is passed through through cellular mobile communications networks; So; Through with the related application system carry out interacting message inquire about the terminal unique identification that carries in first access request legal after, can confirm that promptly this user end certification passes through.The method that adopts the embodiment of the invention to provide is after user terminal sends access request, only can realize the authentication to user terminal by network side, compares prior art; No longer need user terminal to send the authentication request that is specifically designed to authentication to the wlan network side; And through the input username and password carry out authentification of user, promptly simplified the WLAN access authentication flow process of user terminal, and then reduced the processing time of authentification of user; Improve authentication efficient, and then saved the processing resource of system.
Description of drawings
The flow chart of the user authen method that Fig. 1 provides for the embodiment of the invention;
The flow chart of the user authen method that Fig. 2 provides for the embodiment of the invention 1;
The flow chart of the user authen method that Fig. 3 provides for the embodiment of the invention 2;
The structural representation of the user terminal that Fig. 4 provides for the embodiment of the invention 3;
The structural representation of the user authentication device that Fig. 5 provides for the embodiment of the invention 4;
The structural representation of the customer certification system that Fig. 6 provides for the embodiment of the invention 5.
Embodiment
In order to provide the implementation that improves the efficient of authentification of user among the WLAN; The embodiment of the invention provides a kind of user authen method, Apparatus and system; Below in conjunction with Figure of description the preferred embodiments of the present invention are described; Should be appreciated that preferred embodiment described herein only is used for explanation and explains the present invention, and be not used in qualification the present invention.And under the situation of not conflicting, embodiment and the characteristic among the embodiment among the application can make up each other.
The embodiment of the invention provides a kind of user authen method, and is as shown in Figure 1, comprising:
Step S101, wireless lan network side joint are received carried terminal uniquely identified first access request that user terminal sends.
Step S102, through with cellular mobile communications networks in store legal terminal uniquely identified application system and carry out interacting message, inquire about this terminal uniquely identified legitimacy of carrying in first access request.
After step S103, this terminal unique identification that in confirming first access request, carries are legal, confirm that this user end certification passes through.
Preferable; In the said method; In the legal back of definite this terminal unique identification and before definite this user end certification passes through, can also comprise and adopt the dynamic authentication codes authentication mechanism that this user terminal is further carried out authentication, to improve the accuracy and the fail safe of authentification of user.
Below in conjunction with accompanying drawing, method provided by the invention and device and corresponding system are described in detail with specific embodiment.
Embodiment 1:
The embodiment of the invention 1 provides a kind of user authen method, and is as shown in Figure 2, comprising:
Step S201, user terminal are related with WLAN through access point AP, set up with WLAN between be connected, and after connecting, and carry out interacting message between the AC, the distribution of completion dhcp address, promptly AC is this user terminal distributing IP address.
Step S202, user terminal send access request to the wlan network side, and in access request, carry the terminal unique identification of this user terminal, and for example, the terminal unique identification is International Mobile Equipment Identity sign indicating number IMEI.
This access request specifically can behind the related WLAN of this user terminal, be obtained the terminal unique identification of this user terminal by client through client is installed automatically in user terminal, generate access request and transmission, and do not need user's intervention.
This access request specifically can adopt HTTP or HTTPS mode to send.
Step S203, AC intercept and capture the access request that user terminal sends; Therefrom obtain this terminal unique identification; And, inquire about this terminal uniquely identified legitimacy to radius server transmission message, specifically can send this terminal uniquely identified checking request of carrying to radius server.
Step S204, radius server ask that this checking be transmitted to store legal terminal uniquely identified application system in the cellular mobile communications networks after receiving this checking request, are used to inquire about this terminal uniquely identified legitimacy, for example:
Custom terminal Business Management Platform DM (Device Management) platform in cellular mobile communications networks is transmitted this terminal uniquely identified checking request of carrying; Perhaps
Business operation support system BOSS in cellular mobile communications networks (Business&OperationSupport System) system sends this terminal uniquely identified checking request of carrying.
In this application system in step S205, the cellular mobile communications networks, stored the terminal unique identification that carries out the legal users terminal that authentication passes through through cellular mobile communications networks, for example,, wherein stored the IMEI of middle and high end custom terminal for the DM platform; For the BOSS system,, stored the IMEI of the about user terminal more than 80% of the whole network through MSC ticket and SGSN ticket wherein.
So this application system is therefrom obtained this terminal unique identification that carries after the checking request that receives the radius server forwarding; And whether inquiry this locality has stored this terminal unique identification; If stored then confirmed that this terminal unique identification is legal, return the checking success response to radius server, otherwise; Confirm that this terminal unique identification is illegal, return the authentication failed response to radius server.
This application system is after confirming that through inquiry this terminal unique identification is legal; Can also determine the corresponding mobile subscriber's international number MSISDN of this terminal unique identification, and MSISDN that will be corresponding with this terminal unique identification sends to radius server through the checking success response.
Through above-mentioned steps S204 and step S205; The terminal uniquely identified legitimate verification that carries in the access request that has realized user terminal is sent, when the application system in the checking flow process adopt be DM platform or BOSS system the time owing to only stored the IMEI of middle and high end custom terminal in the DM platform; The terminal uniquely identified negligible amounts at the legal users terminal of promptly storing; Though and the terminal uniquely identified quantity at the legal users terminal of storing in the BOSS system is many, there is the invalid IMEI of some essence, the These characteristics of DM platform and BOSS system in the consideration; Preferable; In above-mentioned steps S204 and step S205, radius server can send the checking request to the DM platform earlier, if authentication failed; Send the checking request to the BOSS system again, so that the accuracy of raising terminal unique identification legitimate verification and comprehensive.
Step S206, RADIUS confirm that this user end certification passes through after receiving the checking success response of application system transmission, get into step S207.
After RADIUS receives the authentication failed response of application system transmission; Confirm this user end certification failure; Subsequent treatment can perhaps be sent certification page to user terminal to the response of user terminal backward reference refusal, and the request user imports username and password; Start web authentication mechanism of the prior art, no longer be described in detail at this.
Step S207, authentication is sent to AC through the result, wherein carry the MSISDN of this user terminal.
Step S208, AC receive this user end certification that RADIUS sends through behind the result, and the IP address of this user terminal or IP address+MAC Address, MSISDN are added in the session status table, are used for the authentication to this SS later access request.Also can add this terminal unique identification (like IMEI) in the session status table.
After the user authentication process flow process of accomplishing above-mentioned steps S201-step S208, promptly can initiate follow-up accounting processing flow process and access service handling process, no longer be described in detail at this.
Embodiment 2:
The embodiment of the invention 2 also provides a kind of user authen method, and is as shown in Figure 3, comprising:
Step S301, user terminal are related with WLAN through access point AP, set up with WLAN between be connected, and after connecting, and carry out interacting message between the AC, the distribution of completion dhcp address, promptly AC is this user terminal distributing IP address.
Step S302, user terminal send first access request to the wlan network side, and in first access request, carry the terminal unique identification of this user terminal, and for example, the terminal unique identification is IMEI.
This first access request specifically can behind the related WLAN of this user terminal, be obtained the terminal unique identification of this user terminal by client through client is installed automatically in user terminal, generate first access request and transmission, and do not need user's intervention.
This first access request specifically can adopt HTTP or HTTPS mode to send.
Step S303, AC intercept and capture first access request that user terminal sends; Therefrom obtain this terminal unique identification; And, inquire about this terminal uniquely identified legitimacy to radius server transmission message, specifically can send this terminal uniquely identified first checking request of carrying to radius server.
Step S304, radius server ask that this first checking be transmitted to store legal terminal uniquely identified application system in the cellular mobile communications networks after receiving this first checking request, are used to inquire about this terminal uniquely identified legitimacy, for example:
DM platform in cellular mobile communications networks is transmitted this terminal uniquely identified first checking request of carrying; Perhaps
BOSS system in cellular mobile communications networks sends this terminal uniquely identified first checking request of carrying.
In this application system in step S305, the cellular mobile communications networks, stored the terminal unique identification that carries out the legal users terminal that authentication passes through through cellular mobile communications networks, for example,, wherein stored the IMEI of middle and high end custom terminal for the DM platform; For the BOSS system,, stored the IMEI of the about user terminal more than 80% of the whole network through MSC ticket and SGSN ticket wherein.
So this application system is therefrom obtained this terminal unique identification that carries after the first checking request that receives the radius server forwarding; And whether inquiry this locality has stored this terminal unique identification; If stored then confirmed that this terminal unique identification is legal, return the checking success response to radius server, otherwise; Confirm that this terminal unique identification is illegal, return the authentication failed response to radius server.
This application system is after confirming that through inquiry this terminal unique identification is legal; Can also determine the corresponding mobile subscriber's international number MSISDN of this terminal unique identification, and MSISDN that will be corresponding with this terminal unique identification sends to radius server through the checking success response.
Through above-mentioned steps S304 and step S305; The terminal uniquely identified legitimate verification that carries in the access request that has realized user terminal is sent, when the application system in the checking flow process adopt be DM platform or BOSS system the time owing to only stored the IMEI of middle and high end custom terminal in the DM platform; The terminal uniquely identified negligible amounts at the legal users terminal of promptly storing; Though and the terminal uniquely identified quantity at the legal users terminal of storing in the BOSS system is many, there is the invalid IMEI of some essence, the These characteristics of DM platform and BOSS system in the consideration; Preferable; In above-mentioned steps S304 and step S305, radius server can send the checking request to the DM platform earlier, if authentication failed; Send the checking request to the BOSS system again, so that the accuracy of raising terminal unique identification legitimate verification and comprehensive.
After step S306, RADIUS receive the checking success response that application system sends, this terminal unique identification that should user terminal is generated dynamic authentication codes, get into step S307.
After RADIUS receives the authentication failed response of application system transmission; Confirm this user end certification failure; Subsequent treatment can perhaps be sent certification page to user terminal to the response of user terminal backward reference refusal, and the request user imports username and password; Start web authentication mechanism of the prior art, no longer be described in detail at this.
Step S307, send this dynamic authentication codes to this user terminal through cellular mobile communications networks; Specifically can from the checking success response, obtain MSISDN; Through network entities such as the Short Message Service Gateway in the cellular mobile communications networks, mobile switching centre, base stations, carry this dynamic authentication codes with the form of note and send to this user terminal then.
After step S308, user terminal receive this dynamic authentication codes, generate and carry this dynamic authentication codes and this terminal uniquely identified second access request, and send this second access request to the wlan network side.
This second access request specifically can be through installing client in user terminal; By client after this user terminal receives this dynamic authentication codes; Automatically obtain the terminal unique identification and this dynamic authentication codes of this user terminal; Generate second access request and transmission, and do not need user's intervention.
This second access request specifically can adopt HTTP or HTTPS mode to send.
Step S309, AC intercept and capture second access request that this user terminal sends; Therefrom obtain this terminal unique identification and this dynamic authentication codes; And to radius server transmission message; Inquiry specifically can be sent the second checking request that carry this terminal unique identification and this dynamic authentication codes to radius server to legitimacy that should terminal this dynamic authentication codes of uniquely identified.
After step S310, radius server receive this second checking request; Therefrom obtain this terminal unique identification and this dynamic authentication codes of carrying; And based on the dynamic authentication codes corresponding with this terminal unique identification of the local storage of this terminal unique identification inquiry of carrying, and the dynamic authentication codes of carrying in asking with second checking matees, if be complementary; Confirm that this user end certification passes through, get into step S311.
If be not complementary, confirm this user end certification failure, subsequent treatment can be to the response of user terminal backward reference refusal; Perhaps send certification page to user terminal; The request user imports username and password, starts web authentication mechanism of the prior art, no longer is described in detail at this.
Step S311, authentication is sent to AC through the result, wherein carry the MSISDN of this user terminal.
Step S312, AC receive this user end certification that RADIUS sends through behind the result, and the IP address of this user terminal or IP address+MAC Address, MSISDN are added in the session status table, are used for the authentication to this SS later access request.Also can add this terminal unique identification (like IMEI) in the session status table.
After the user authentication process flow process of accomplishing above-mentioned steps S301-step S312, promptly can initiate follow-up accounting processing flow process and access service handling process, no longer be described in detail at this.
User authentication process flow process through above-mentioned embodiment 2 shown in Figure 3 provides can be known; Compare the foregoing description 1 scheme; Increased the authentication mechanism of dynamic authentication codes, after the terminal unique identification of confirming user terminal is legal, the handling process of the authentication mechanism through carrying out dynamic authentication codes; Further this user terminal is carried out authentication; Improved the accuracy of authentification of user, and can prevent to carry out authentification of user, improved the fail safe of authentification of user through the terminal unique identification of forging user terminal.
Embodiment 3:
Based on same inventive concept, according to the user authen method that the above embodiment of the present invention provides, correspondingly, the embodiment of the invention 3 also provides a kind of user terminal, and its structural representation is as shown in Figure 4, comprising:
First transmitting element 402 is used for sending first access request to the wireless lan network side.
Preferable, also comprise:
First receiving element 403 is used to receive the dynamic authentication codes that the wireless lan network side is sent through cellular mobile communications networks; This dynamic authentication codes is corresponding with this terminal unique identification;
First transmitting element 402,, also be used for sending second access request to the wireless lan network side.
Embodiment 4:
Based on same inventive concept, according to the user authen method that the above embodiment of the present invention provides, correspondingly, the embodiment of the invention 4 also provides a kind of user authentication device, and its structural representation is as shown in Figure 5, comprising:
Second receiving element 501 is used for receiving carried terminal uniquely identified first access request that user terminal sends through WLAN;
Preferable, processing unit 503 specifically is used for storing legal terminal uniquely identified application system to cellular mobile communications networks and sends this terminal uniquely identified checking request of carrying in first access request of carrying; And receive this application system and store the checking success response of returning behind this terminal unique identification that carries in first access request inquiring.
Preferable, processing unit 503 specifically is used for sending this terminal uniquely identified checking request of carrying in first access request of carrying to the custom terminal Business Management Platform of cellular mobile communications networks; Perhaps the business operation support system in cellular mobile communications networks is sent this terminal uniquely identified checking request of carrying in first access request of carrying.
Preferable, said apparatus also comprises:
Second transmitting element 504 is used for after this terminal unique identification that definite first access request is carried is legal and before definite this user end certification passes through, sending dynamic authentication codes through cellular mobile communications networks to this user terminal; This terminal unique identification that carries in this dynamic authentication codes and first access request is corresponding;
Second receiving element 501 also is used for through wireless local carrying of receiving that this user terminal sends this terminal unique identification that first access request carries and second access request of this dynamic authentication codes;
Embodiment 5:
Based on same inventive concept, the user authen method that provides according to the above embodiment of the present invention, correspondingly; The embodiment of the invention 5 also provides a kind of customer certification system; Its structural representation is as shown in Figure 6, comprising: the user authentication device 602 in user terminal 601 and the WLAN, wherein:
Preferable, user terminal 601 also is used to receive the dynamic authentication codes that user authentication device 602 sends through cellular mobile communications networks; And send to user authentication device 602 and to carry this terminal unique identification that carries in first access request and second access request of this dynamic authentication codes;
In sum, the scheme that the embodiment of the invention provides comprises: the wireless lan network side joint is received carried terminal uniquely identified first access request that user terminal sends; And through with cellular mobile communications networks in store legal terminal uniquely identified application system and carry out interacting message, inquire about the terminal uniquely identified legitimacy of carrying in first access request; And the terminal unique identification that in confirming first access request, carries legal after, confirm that this user end certification passes through.The scheme that adopts the embodiment of the invention to provide has improved the efficient of authentification of user among the WLAN.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, belong within the scope of claim of the present invention and equivalent technologies thereof if of the present invention these are revised with modification, then the present invention also is intended to comprise these changes and modification interior.
Claims (13)
1. a user authen method is characterized in that, comprising:
The wireless lan network side joint is received carried terminal uniquely identified first access request that user terminal sends; And
Through with cellular mobile communications networks in store legal terminal uniquely identified application system and carry out interacting message, inquire about the terminal uniquely identified legitimacy of carrying in first access request;
After the terminal unique identification that in confirming first access request, carries is legal, confirm that said user end certification passes through.
2. the method for claim 1 is characterized in that, through with cellular mobile communications networks in store legal terminal uniquely identified application system and carry out interacting message, inquire about the terminal uniquely identified legitimacy of carrying in first access request, specifically comprise:
In cellular mobile communications networks, store legal terminal uniquely identified application system and send the terminal uniquely identified checking request of carrying in first access request of carrying; And
Receive said application system and store the checking success response of returning behind the terminal unique identification that carries in first access request inquiring.
3. method as claimed in claim 2 is characterized in that, in cellular mobile communications networks, stores legal terminal uniquely identified application system transmission and carries the terminal uniquely identified checking request of carrying in first access request, is specially:
Custom terminal Business Management Platform in cellular mobile communications networks sends the terminal uniquely identified checking request of carrying in first access request of carrying; Perhaps
Business operation support system in cellular mobile communications networks is sent the terminal uniquely identified checking request of carrying in first access request of carrying.
4. the method for claim 1 is characterized in that, after the terminal unique identification that in confirming first access request, carries is legal and before definite said user end certification passes through, also comprises:
The wireless lan network side is sent dynamic authentication codes through cellular mobile communications networks to said user terminal; The terminal unique identification that carries in said dynamic authentication codes and first access request is corresponding;
Terminal unique identification that carrying of receiving that said user terminal sends carried in first access request and second access request of said dynamic authentication codes;
Confirm storage with first access request in the said dynamic authentication codes of carrying in the corresponding said dynamic authentication codes of the terminal unique identification that carries and said second access request be complementary.
5. like the arbitrary described method of claim 1-4, it is characterized in that the terminal unique identification that carries in first access request is the International Mobile Equipment Identity sign indicating number IMEI of said user terminal.
6. a user terminal is characterized in that, comprising:
Generation unit is used to generate terminal uniquely identified first access request of carrying this user terminal;
First transmitting element is used for sending said first access request to the wireless lan network side.
7. user terminal as claimed in claim 6 is characterized in that, also comprises:
First receiving element is used to receive the dynamic authentication codes that the wireless lan network side is sent through cellular mobile communications networks; Said dynamic authentication codes is corresponding with said terminal unique identification;
Said generation unit also is used to generate second access request of carrying said terminal unique identification and said dynamic authentication codes;
Said first transmitting element also is used for sending said second access request to the wireless lan network side.
8. a user authentication device is characterized in that, comprising:
Second receiving element is used for receiving carried terminal uniquely identified first access request that user terminal sends through WLAN;
Processing unit is used for carrying out interacting message through storing legal terminal uniquely identified application system with cellular mobile communications networks, inquires about the terminal uniquely identified legitimacy of carrying in first access request;
Confirm the unit, be used for after the terminal unique identification that definite first access request is carried is legal, confirming that said user end certification passes through.
9. device as claimed in claim 8; It is characterized in that; Said processing unit specifically is used for storing legal terminal uniquely identified application system to cellular mobile communications networks and sends the terminal uniquely identified checking request of carrying in first access request of carrying; And receive said application system and store the checking success response of returning behind the terminal unique identification that carries in first access request inquiring.
10. device as claimed in claim 9 is characterized in that, said processing unit specifically is used for sending the terminal uniquely identified checking request of carrying in first access request of carrying to the custom terminal Business Management Platform of cellular mobile communications networks; Perhaps the business operation support system in cellular mobile communications networks is sent the terminal uniquely identified checking request of carrying in first access request of carrying.
11. device as claimed in claim 8 is characterized in that, also comprises:
Second transmitting element is used for after the terminal unique identification that definite first access request is carried is legal and before definite said user end certification passes through, sending dynamic authentication codes through cellular mobile communications networks to said user terminal; The terminal unique identification that carries in said dynamic authentication codes and first access request is corresponding;
Said second receiving element also is used for through wireless local carrying of receiving that said user terminal sends terminal unique identification that first access request carries and second access request of said dynamic authentication codes;
Said processing unit, the said dynamic authentication codes of carrying in said dynamic authentication codes that the terminal unique identification that carries with first access request that also is used for confirming storage is corresponding and said second access request is complementary.
12. a customer certification system is characterized in that, comprising: the user authentication device in user terminal and the WLAN, wherein:
Said user terminal is used for sending carried terminal uniquely identified first access request to said user authentication device;
Said user authentication device is used for carrying out interacting message through storing legal terminal uniquely identified application system with cellular mobile communications networks, inquires about the terminal uniquely identified legitimacy of carrying in first access request; And the terminal unique identification that in confirming first access request, carries confirms that said user end certification passes through when legal.
13. system as claimed in claim 12 is characterized in that, said user terminal also is used to receive the dynamic authentication codes that said user authentication device sends through cellular mobile communications networks; And send to said user authentication device and to carry the terminal unique identification that carries in first access request and second access request of said dynamic authentication codes;
Said user authentication device also is used for after the terminal unique identification that definite first access request is carried is legal and before definite said user end certification passes through, sending said dynamic authentication codes through cellular mobile communications networks to said user terminal; The terminal unique identification that carries in said dynamic authentication codes and first access request is corresponding; And after receiving said second access request that said user terminal sends, confirm storage with first access request in the said dynamic authentication codes of carrying in the corresponding said dynamic authentication codes of the terminal unique identification that carries and said second access request be complementary.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102945873A CN102421098A (en) | 2010-09-27 | 2010-09-27 | User authentication method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102945873A CN102421098A (en) | 2010-09-27 | 2010-09-27 | User authentication method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102421098A true CN102421098A (en) | 2012-04-18 |
Family
ID=45945288
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102945873A Pending CN102421098A (en) | 2010-09-27 | 2010-09-27 | User authentication method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102421098A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104123487A (en) * | 2014-07-18 | 2014-10-29 | Tcl集团股份有限公司 | Password input method, mobile device, password terminal and password input system |
| CN104468626A (en) * | 2014-12-25 | 2015-03-25 | 上海市共进通信技术有限公司 | System and method for achieving wireless authentication encryption of mobile terminal |
| CN104753872A (en) * | 2013-12-30 | 2015-07-01 | 中国移动通信集团公司 | Authentication method, authentication platform, service platform, network elements and system |
| CN105074713A (en) * | 2013-03-15 | 2015-11-18 | 赛门铁克公司 | Systems and methods for identifying a secure application when connecting to a network |
| CN105898743A (en) * | 2015-06-17 | 2016-08-24 | 乐卡汽车智能科技(北京)有限公司 | Network connection method, device and system |
| WO2016138726A1 (en) * | 2015-03-05 | 2016-09-09 | 中兴通讯股份有限公司 | Method and device for secure authentication, and storage medium |
| WO2016191956A1 (en) * | 2015-05-29 | 2016-12-08 | 华为技术有限公司 | Method, apparatus and device for identification in wireless network |
| WO2016197956A1 (en) * | 2015-12-01 | 2016-12-15 | 中兴通讯股份有限公司 | Method and apparatus for registering wireless access device |
| CN106878032A (en) * | 2017-02-21 | 2017-06-20 | 新华三技术有限公司 | A kind of authentication method and device |
| CN107026813A (en) * | 2016-01-29 | 2017-08-08 | 中国电信股份有限公司 | Access authentication method, system and the portal server of WiFi network |
| CN107135075A (en) * | 2016-02-29 | 2017-09-05 | 深圳秀豹科技有限公司 | A kind of authorization method and device operated to user |
| CN107360265A (en) * | 2017-05-26 | 2017-11-17 | 武汉斗鱼网络科技有限公司 | A kind of equipment exclusive identification code acquisition methods, device and mobile terminal |
| CN108062327A (en) * | 2016-11-08 | 2018-05-22 | 北京国双科技有限公司 | The matching process and device of client |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101150594A (en) * | 2007-10-18 | 2008-03-26 | 中国联合通信有限公司 | An integrated access method and system for mobile cellular network and WLAN |
| CN101399726A (en) * | 2007-09-29 | 2009-04-01 | 中国电信股份有限公司 | Method for WLAN terminal authentication |
| CN101616410A (en) * | 2009-06-25 | 2009-12-30 | 中兴通讯股份有限公司 | A kind of cut-in method of cellular mobile communication networks and system |
-
2010
- 2010-09-27 CN CN2010102945873A patent/CN102421098A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399726A (en) * | 2007-09-29 | 2009-04-01 | 中国电信股份有限公司 | Method for WLAN terminal authentication |
| CN101150594A (en) * | 2007-10-18 | 2008-03-26 | 中国联合通信有限公司 | An integrated access method and system for mobile cellular network and WLAN |
| CN101616410A (en) * | 2009-06-25 | 2009-12-30 | 中兴通讯股份有限公司 | A kind of cut-in method of cellular mobile communication networks and system |
Cited By (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105074713A (en) * | 2013-03-15 | 2015-11-18 | 赛门铁克公司 | Systems and methods for identifying a secure application when connecting to a network |
| CN104753872B (en) * | 2013-12-30 | 2018-10-12 | 中国移动通信集团公司 | Authentication method, authentication platform, business platform, network element and system |
| CN104753872A (en) * | 2013-12-30 | 2015-07-01 | 中国移动通信集团公司 | Authentication method, authentication platform, service platform, network elements and system |
| CN104123487B (en) * | 2014-07-18 | 2018-03-27 | Tcl集团股份有限公司 | Cipher-code input method, mobile device, crypto terminal and password input system |
| CN104123487A (en) * | 2014-07-18 | 2014-10-29 | Tcl集团股份有限公司 | Password input method, mobile device, password terminal and password input system |
| CN104468626A (en) * | 2014-12-25 | 2015-03-25 | 上海市共进通信技术有限公司 | System and method for achieving wireless authentication encryption of mobile terminal |
| WO2016138726A1 (en) * | 2015-03-05 | 2016-09-09 | 中兴通讯股份有限公司 | Method and device for secure authentication, and storage medium |
| CN105991619A (en) * | 2015-03-05 | 2016-10-05 | 中兴通讯股份有限公司 | Safety authentication method and device |
| US10602344B2 (en) | 2015-05-29 | 2020-03-24 | Huawei Technologies Co., Ltd. | Method and apparatus for identification in wireless network, and device |
| WO2016191956A1 (en) * | 2015-05-29 | 2016-12-08 | 华为技术有限公司 | Method, apparatus and device for identification in wireless network |
| CN107615800A (en) * | 2015-05-29 | 2018-01-19 | 华为技术有限公司 | The method, apparatus and equipment of identification are carried out in the wireless network |
| CN105898743B (en) * | 2015-06-17 | 2019-07-02 | 法法汽车(中国)有限公司 | A kind of method for connecting network, apparatus and system |
| CN105898743A (en) * | 2015-06-17 | 2016-08-24 | 乐卡汽车智能科技(北京)有限公司 | Network connection method, device and system |
| WO2016197956A1 (en) * | 2015-12-01 | 2016-12-15 | 中兴通讯股份有限公司 | Method and apparatus for registering wireless access device |
| CN107026813A (en) * | 2016-01-29 | 2017-08-08 | 中国电信股份有限公司 | Access authentication method, system and the portal server of WiFi network |
| CN107026813B (en) * | 2016-01-29 | 2019-12-20 | 中国电信股份有限公司 | Access authentication method and system of WiFi network and portal server |
| CN107135075B (en) * | 2016-02-29 | 2020-12-04 | 义乌兰思体育用品有限公司 | Authorization method and device for user operation |
| CN107135075A (en) * | 2016-02-29 | 2017-09-05 | 深圳秀豹科技有限公司 | A kind of authorization method and device operated to user |
| CN108062327A (en) * | 2016-11-08 | 2018-05-22 | 北京国双科技有限公司 | The matching process and device of client |
| CN108062327B (en) * | 2016-11-08 | 2020-10-13 | 北京国双科技有限公司 | Matching method and device for client |
| CN106878032A (en) * | 2017-02-21 | 2017-06-20 | 新华三技术有限公司 | A kind of authentication method and device |
| CN106878032B (en) * | 2017-02-21 | 2020-02-11 | 新华三技术有限公司 | Authentication method and device |
| CN107360265A (en) * | 2017-05-26 | 2017-11-17 | 武汉斗鱼网络科技有限公司 | A kind of equipment exclusive identification code acquisition methods, device and mobile terminal |
| CN107360265B (en) * | 2017-05-26 | 2019-11-01 | 武汉斗鱼网络科技有限公司 | A kind of equipment exclusive identification code acquisition methods, device and mobile terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102421098A (en) | User authentication method, device and system | |
| CN102421097B (en) | A kind of user authen method, Apparatus and system | |
| CN110800331B (en) | Network verification method, related equipment and system | |
| EP2039110B1 (en) | Method and system for controlling access to networks | |
| US7565142B2 (en) | Method and apparatus for secure immediate wireless access in a telecommunications network | |
| JP5479450B2 (en) | Telecommunications network | |
| US9077698B2 (en) | Group security in machine-type communication | |
| CN102843682B (en) | Access point authorizing method, device and system | |
| JP5536628B2 (en) | Wireless LAN connection method, wireless LAN client, and wireless LAN access point | |
| CN102783218A (en) | Method and apparatus for redirecting data traffic | |
| CN104660405A (en) | Business equipment authentication method and equipment | |
| CN102474722B (en) | Method and equipment for authenticating subscriber terminal | |
| CN108712440A (en) | User information management method, device, server and storage medium | |
| CN1795656B (en) | Method of safety initialization users and data privacy | |
| CN102215486B (en) | Network access method, system, network authentication method, equipment and terminal | |
| CN1885770B (en) | Authentication method | |
| CN102984261B (en) | Network service login method, equipment and system based on mobile telephone terminal | |
| CN102149079B (en) | Method, device and system for obtaining user identity identifier | |
| CN110337101A (en) | A kind of remote configuring method of number resource | |
| CN108259176B (en) | Digital signature method, system and terminal based on mobile phone card | |
| CN102547698B (en) | Authentication system, method and intermediate authentication platform | |
| CN107786937B (en) | Method for realizing mobile terminal localization roaming, mobile terminal and roaming server | |
| CN102420799B (en) | User authentication method, device and system | |
| JP2019153922A (en) | LTE communication system and communication control method | |
| CN105554757A (en) | Wireless access authentication method based on cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120418 |