CN101110674B - Method for implementing reinforced authentication by binding access account number and business account number - Google Patents
Method for implementing reinforced authentication by binding access account number and business account number Download PDFInfo
- Publication number
- CN101110674B CN101110674B CN2007101110028A CN200710111002A CN101110674B CN 101110674 B CN101110674 B CN 101110674B CN 2007101110028 A CN2007101110028 A CN 2007101110028A CN 200710111002 A CN200710111002 A CN 200710111002A CN 101110674 B CN101110674 B CN 101110674B
- Authority
- CN
- China
- Prior art keywords
- user
- account
- access
- authentication
- top box
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention discloses a method to realize enhanced authentication by binding an access account with a service account. In detail, a set-top box reports login parameters to a senior level. An IPTV system judges whether it is necessary to verify by matching the access account with the service account based on access type of the set-top box. If necessary, it needs to further judge access user type, special user or common user. As for common user that has ever successfully logged in, the access account and the service account are authenticated to confirm whether they match each other. In case of conformance, special account or first login of common users, a third system is informed to conduct authentication. Upon completion of authentication by the third system, authentication prompts are fed back to the set-top box through the IPTV system. The present invention enhances user account security by binding a broadband account with a service account, thus prevent service account theft and avoiding losses of operators and users.
Description
Technical field
The present invention relates to broadband access network, IPTV (IPTV) service application field, relate in particular to the authentification of user authentication techniques in the IPTV business.
Background technology
Along with enriching constantly of IPTV business is universal, customer group constantly increases, and operator need strengthen the fail safe of user account management, thereby provides the basis to the better popularization of IPTV business.
In existing the application, two input frames of the user name of log-in interface and password need the user to import correct IPTV service account information.When the user inputs account (service account name, password), carry out authentication by the professional backstage of IPTV, or by (the 97/ customer relation management CRM/ audio communication network VNET of third party system, wherein, 97 are meant 97 systems, the OSS that a kind of operator adopts) come usersaccount information is carried out authentication.
In the prior art, operator distributes the fixed broadband access account all can for user's set-top box, utilize set-top box to report this broadband access account number, but common broadband access account number and customer service account number are not done binding, may have following charging hidden danger to the professional backstage of IPTV:
(1) user can use IPTV business (being that the many people of multiple access share a service account) by a service account in many places;
(2) user can use IPTV business (being that the many people of single access share a service account) by a service account by many set-top box;
(3) user can use IPTV business (being that a service account is shared in the single access multiple terminals) by a service account by many station terminals.
More than three kinds of scenes not only can cause the operation loss of operator, simultaneously,, cause economically or the heavy losses on the information security then also may for the user who has the legitimate traffic account number if service account is stolen.
Therefore, need a kind of safer and more effective method for authenticating, under the prerequisite that guarantees account number safety, if increase the binding of broadband account number and service account, then may strengthen the fail safe of user account management, prevent that service account is stolen, avoid operator and user's loss.
Summary of the invention
Technical problem to be solved by this invention is, provide a kind of and realize the method for reinforced authentication, solve problems such as a multiple access only utilizing the customer service account to land in the prior art to cause, multi-machine shared and account number be easily stolen by the binding of access account and service account.
The invention provides a kind of method, comprise the steps: by access account and service account binding realization reinforced authentication
(1) set-top box reports the login parameters that comprises access account information, service account information, set-top box access style, inserts user type in the energising start and by behind the broadband access authentication to the IPTV system;
(2) the IPTV system judges whether that according to the set-top box access style needs mate verification to access account and service account;
When (3) needing the coupling verification, judge further that then inserting user type is special user or domestic consumer; If domestic consumer, and successfully landing before this then compares to access account and service account and judges whether both mate;
When (4) landing for special account number or for the first time of domestic consumer for mating unanimity or this user, then notify the third party system to carry out authentication as if comparison result;
(5) third party system authentication finishes, and gives set-top box with the authentication information through the IPTV system feedback.
Further, in the step (1):
Described access account information comprises access account and password; Described service account information comprises service account and password; Access way when the set-top box that is meant described set-top box access style inserts the IPTV system is for local area network (LAN) LAN access way or dial user insert ADSL mode or dynamic host configuration protocol DHCP access way; Described access user type is meant that the user is special user or domestic consumer, and wherein said special user increases for definition in the user management part of the operation support system OSS of service provider door and user management, that need not to compare coupling.
Further, in the step (2) when judging whether that according to the set-top box access style needs mate verification to access account and service account, if access style is a local area network (LAN) LAN access way, access account is empty, then need not access account and service account are mated verification; Otherwise, continue execution in step (3).
Further, be further divided in the step (3):
(3-1) utilize the User Part of the operation support system OSS of service provider to judge whether this user is the special user, land the first time that whether is domestic consumer, if land the first time of special user or domestic consumer, execution in step (4), if domestic consumer, and successfully landed before this, then continued step (3-2);
(3-2) obtain the matched rule that operator sets in advance about access account and service account;
(3-3) access account that set-top box is reported according to described matched rule and the service account matching judgment of comparing.
Further, described step (4) further comprises:
When if comparison is inconsistent, directly notice user account number mistake on electronic program list is notified the third party system with error number.
Further, described step (4) is further divided into:
(4-1), then this user profile is mail to the third party system and carries out authentication if land for the first time of domestic consumer or this user type is the special user:
A, third party system carry out authentication;
B, third party system return authentication by or the authentication result of failed authentication give electronic programming
Single system;
C, pass through as authentication, then the electronic program system notice is registered this user account number at background data base, and the announcement machine top box uses service;
D, as failed authentication, the authenticating result of electronic program system announcement machine top box failed authentication then;
E, keeper can be by carrying out special user's definition, management to third party's system user of registered mistake in the Portal door;
F, background data base make amendment to the user type of designated user according to keeper's operation;
G, Portal portal interface are returned the return messages of revising successfully or revise failure and are given the keeper; Compare with prior art, adopt technical solution of the present invention to possess following beneficial effect:
(1) strengthened the fail safe of professional opening, avoided the user according to service account, more than No. one with (a plurality of set-top box of a plurality of addresses are used service accounts), multi-machine shared (a plurality of set-top box of an address, the shared service account of PC);
(2) define the user and can only be used for using the IPTV business for the professional bandwidth that raises speed of IPTV.The user can not utilize this bandwidth to carry out functions such as information browse, data download and use, and to have reduced the operation costs of operator, the while does not impact the income of broadband services;
(3) mode of access account binding service account defines the mode that this service account can only be used for using by set-top box the IPTV business.If do not adopt this mode, then exist service account to use the mode of IPTV business by Web browser.For a kind of scene in back, for the user smoothly uses the IPTV business, the bandwidth when then needing to guarantee user's web browsing, thus influenced operator when throwing in the IPTV business, when using traditional data professional, the user, and then influences the operation of broadband services to the demand of bandwidth.Certainly, operator also can be by limiting account number at the DSLAM mechanical floor.But office side requires this function promptly to carry out restriction in business side.
Description of drawings
Fig. 1 is the operation flow of access account and service account comparison verification;
Fig. 2 is special user's definition, a management service flow process.
Embodiment
Below in conjunction with drawings and the specific embodiments, the concrete enforcement of technical solution of the present invention is described in further details.
Stolen in order to prevent the IPTV service account; Shared in order to prevent a service account multiaddress, multimachine top box; Still need comparison for fear of the service account that is labeled as the special user.Propose to increase binding comparison flow process, when access authentication of user, realize the solution of secure authentication authentication according to the comparison of binding account number.
When user's debarkation authentication, user's broadband user and service account compared, have only of the same name or coupling just is sent to the backstage or the third party system carries out business authentication, and guarantee the uniqueness that service account lands.Simultaneously, support the account number that is labeled as the special user is not done this comparison, directly be sent to the backstage or the third party system carries out business authentication.
As shown in Figure 1, the step that in the method for the invention access account and service account is compared further can be divided into following concrete steps again:
Step 101: the user is set-top box energising start, after broadband access authentication passes through, reports access account, service account and password etc. (also comprising information such as set-top box model, sequence number) separately to the IPTV system;
The parameter that step 102:IPTV system sends according to set-top box is judged the set-top box access style.If LAN (local area network (LAN)) mode inserts, then access account is empty, does not do the coupling verification operation.Access style (access methmod) can be defined as three types, can represent with the following methods: (accessmethmod=LAN|ADSL|DHCP), wherein LAN is the local area network (LAN) access way, ADSL is dial user's access way, and DHCP is DHCP (Dynamic HostConfiguration Protocol) access way;
Step 103:IPTV system judges whether this access user is special account number (need increase special user's definition, management in the user management part of service provider door OSS);
Step 104: if not special account number, then need to 2 account numbers (access account, service account) carry out matching ratio to (example: get access account ” @vod " before user name and service account name compare);
Need set man-to-man matched rule in advance during comparison, not be must be consistent, but need satisfy matched rule.But operator takes the principle of fixed line number+suffix usually when operation, for example the broadband access account number of ADSL business can adopt fixed line number+“ @adsl usually ".The IPTV service account can adopt fixed line number+“ @iptv " or fixed line number+“ @vod ".This will decide on the concrete setting of operator.
Step 105:, then directly on electronic program EPG (ElectronicProgram Guide), notify the user " account number mistake: 10001 " if compare inconsistently.10001 represent two account number comparisons inconsistent, error number are notified third party systems such as 97/CRM/VNET;
Step 106: if comparison is consistent, or be special account number, then notify the third party system to carry out authentication;
Step 107: carry out authentication by third party's system side;
Step 108: return information by the third party system and give IPTV system (authentication is passed through or failed authentication);
Step 109: return information by the IPTV system and give set-top box (authentication is passed through or failed authentication);
After having added the account number binding function, for the login first time of account number, and the setting of special account number, all need to fetch authentication information partly from the third party system.And in the flow process of not doing the account number comparison, this authentication process is unwanted.For binding, proof rule, this is customizable.Domestic consumer logins for the first time, and being does not need to mate verification, because unregistered this user's access account information still.But after landing successfully for the first time, landing after this need have been mated verification.Verification is by side's checking again.
Second step, definition special user flow process;
The first step is the scheme of front.Be to adopting special user's in the account number comparison scheme (promptly specify and need not carry out this comparison, but directly authentication) handling process by operator herein.Be intended to enrich the application scenarios of account number comparison scheme, can be applicable to that operator adopts the customizing functions under the account number comparison scheme prerequisite.
As shown in Figure 2, this step is made up of following idiographic flow again:
Step 201: the user is with set-top box energising start, and the user logins EPG request authentication;
The service account information that step 202:EPG system reports set-top box mails to IPTV system background data base, and whether for the first time to judge user's login, whether background data base has preserved this activity account information;
Whether step 203: background data base is done retrieval according to service account, registered to judge this user profile, if registered then judge this user type (special, common);
Registered and be meant that this user once logined before this, with in the step 202 to judge that whether for the first time the user logins corresponding.
Step 204: the results messages of returning the user type judgement is to EPG;
Step 205: if the unregistered mistake of this user, or this user type is the special user, then user profile mail to the third party system, carries out authentication by the third party system, and authentication comprises:
A, third party system carry out authentication;
B, third party system return authentication result (authentication is passed through or failed authentication) and give the EPG system;
C, pass through as authentication, then the EPG notifications are stepped on this user account number at background data base, and notify user's (set-top box) to use service;
D, as failed authentication, announcement machine top box authenticating result (failed authentication) then
E, keeper can be by carrying out special user's definition, management to third party's system user of registered mistake in the Portal door;
F, background data base make amendment to the attribute (special, common) of designated user according to keeper's operation;
G, Portal portal interface return messages are given keeper's (return and revise successfully or revise failure);
Step 206: if this user is a domestic consumer, and successfully landed before this, and then did the coupling verification of access account and service account:
(a) after the coupling verification is passed through, continue to be sent to the third party system and do verification, walk third party system authorizing procedure
(b) the coupling verification is not passed through, and then directly notifies the user " account number mistake: 10001 " on EPG.10001 represent two account number comparisons inconsistent, notify the third party system with error number.
Claims (6)
1. the method by access account and service account binding realization reinforced authentication is characterized in that, comprises the steps:
(1) set-top box reports the login parameters that comprises access account information, service account information, set-top box access style, inserts user type in the energising start and by behind the broadband access authentication to the IPTV system;
(2) the IPTV system judges whether that according to the set-top box access style needs mate verification to access account and service account;
When (3) needing the coupling verification, judge further that then inserting user type is special user or domestic consumer; If domestic consumer, and successfully landing before this then compares to access account and service account and judges whether both mate;
When (4) landing for special account number or for the first time of domestic consumer for mating unanimity or this user, then notify the third party system to carry out authentication as if comparison result;
(5) third party system authentication finishes, and gives set-top box with the authentication information through the IPTV system feedback.
2. the method for claim 1 is characterized in that, in the step (1):
Described access account information comprises access account and password;
Described service account information comprises service account and password;
Access way when the set-top box that is meant described set-top box access style inserts the IPTV system is for local area network (LAN) LAN access way or dial user insert ADSL mode or dynamic host configuration protocol DHCP access way;
Described access user type is meant that the user is special user or domestic consumer, and wherein said special user increases for definition in the user management part of the operation support system OSS of service provider door and user management, that need not to compare coupling.
3. method as claimed in claim 2, it is characterized in that, in the step (2) when judging whether that according to the set-top box access style needs mate verification to access account and service account, if access style is a local area network (LAN) LAN access way, access account is empty, then need not access account and service account are mated verification; Otherwise, continue execution in step (3).
4. method as claimed in claim 2 is characterized in that, step is further divided in (3):
(3-1) utilize the User Part of the operation support system OSS of service provider to judge whether this user is the special user, land the first time that whether is domestic consumer, if land the first time of special user or domestic consumer, execution in step (4), if domestic consumer, and successfully landed before this, then continued step (3-2);
(3-2) obtain the matched rule that operator sets in advance about access account and service account;
(3-3) access account that set-top box is reported according to described matched rule and the service account matching judgment of comparing.
5. the method for claim 1 is characterized in that, described step (4) further comprises:
When if comparison is inconsistent, directly notice user account number mistake on electronic program list is notified the third party system with error number.
6. as claim 1 or 5 described methods, it is characterized in that described step (4) is further divided into:
(4-1), then this user profile is mail to the third party system and carries out authentication if land for the first time of domestic consumer or this user type is the special user:
A, third party system carry out authentication;
B, third party system return authentication by or the authentication result of failed authentication give electronic program system;
C, pass through as authentication, then the electronic program system notice is registered this user account number at background data base, and the announcement machine top box uses service;
D, as failed authentication, the authenticating result of electronic program system announcement machine top box failed authentication then;
E, keeper can be by carrying out special user's definition, management to third party's system user of registered mistake in the Portal door;
F, background data base make amendment to the user type of designated user according to keeper's operation;
G, Portal portal interface are returned the return messages of revising successfully or revise failure and are given the keeper.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101110028A CN101110674B (en) | 2007-06-12 | 2007-06-12 | Method for implementing reinforced authentication by binding access account number and business account number |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101110028A CN101110674B (en) | 2007-06-12 | 2007-06-12 | Method for implementing reinforced authentication by binding access account number and business account number |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101110674A CN101110674A (en) | 2008-01-23 |
| CN101110674B true CN101110674B (en) | 2010-06-02 |
Family
ID=39042584
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101110028A Expired - Fee Related CN101110674B (en) | 2007-06-12 | 2007-06-12 | Method for implementing reinforced authentication by binding access account number and business account number |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101110674B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101247618B (en) * | 2008-03-19 | 2011-04-06 | 中兴通讯股份有限公司 | Terminal validity detecting method and system |
| CN101800880B (en) * | 2009-02-10 | 2012-06-06 | 中兴通讯股份有限公司 | Method and system for realizing IPTV one-user-multi-machine |
| CN102364907A (en) * | 2011-10-17 | 2012-02-29 | 中国联合网络通信集团有限公司 | Broadband access processing method and broadband access system |
| CN102497266A (en) * | 2011-12-05 | 2012-06-13 | 太仓市同维电子有限公司 | Broadband service terminal equipment, method using broadband service terminal equipment for realizing anti-theft function based on analog dialing |
| CN104378346A (en) * | 2014-06-30 | 2015-02-25 | 南京信风网络科技有限公司 | Method for preventing account number from being embezzled |
| CN107277067B (en) * | 2017-08-11 | 2020-10-23 | 四川长虹电器股份有限公司 | Third-party system docking method based on unified developer account |
| CN112445941A (en) * | 2020-11-19 | 2021-03-05 | 北京思特奇信息技术股份有限公司 | Method and system for handling broadband service |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859301A (en) * | 2006-01-01 | 2006-11-08 | 华为技术有限公司 | IPTV system and multicast method |
| CN1917629A (en) * | 2006-08-14 | 2007-02-21 | Ut斯达康通讯有限公司 | Operation method of interactive television |
-
2007
- 2007-06-12 CN CN2007101110028A patent/CN101110674B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859301A (en) * | 2006-01-01 | 2006-11-08 | 华为技术有限公司 | IPTV system and multicast method |
| CN1917629A (en) * | 2006-08-14 | 2007-02-21 | Ut斯达康通讯有限公司 | Operation method of interactive television |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101110674A (en) | 2008-01-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101110674B (en) | Method for implementing reinforced authentication by binding access account number and business account number | |
| CN105072133B (en) | Login method and device for application program | |
| US7653933B2 (en) | System and method of network authentication, authorization and accounting | |
| CN102638473B (en) | User data authorization method, device and system | |
| CN104158824B (en) | Genuine cyber identification authentication method and system | |
| CN101212423B (en) | Home gateway based instant messaging system and method | |
| CN101582762B (en) | Method and system for identity authentication based on dynamic password | |
| CN101931613B (en) | Centralized authenticating method and centralized authenticating system | |
| CN101174952B (en) | Automatic authentication method and device for IPTV service | |
| CN102217280B (en) | Method, system, and server for user service authentication | |
| CN101645775A (en) | Over-the-air download-based dynamic password identity authentication system | |
| CN101557406A (en) | User terminal authentication method, device and system thereof | |
| CN101184204A (en) | Authentication method for interdynamic television service | |
| CN101247239A (en) | Authenticated authorization accounting system and implementing method thereof | |
| CN101986598B (en) | Authentication method, server and system | |
| CN106060034A (en) | Account login method and device | |
| CN1243434C (en) | Method for implementing EAP authentication in remote authentication based network | |
| CN107113613A (en) | Server, mobile terminal, real-name network authentication system and method | |
| CN107438054A (en) | The method and system of menu information control are realized based on public platform | |
| CN103067407A (en) | Authentication method and authentication device of user terminal access network | |
| CN103379093B (en) | A kind of method and device for realizing account intercommunication | |
| CN102420808B (en) | Method for realizing single signon on telecom on-line business hall | |
| CN101815135B (en) | Implementation method for building service platform between telephone line and service system | |
| CN107566396A (en) | A kind of method based on dynamic password enhancing server VPN protocol securitys | |
| CN104639421A (en) | Instant communication information processing method and instant communication information processing system based on intelligent television |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: NANJING ZHONGXING NEW SOFTWARE CO., LTD Free format text: FORMER OWNER: ZTE CORPORATION Effective date: 20150518 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 518057 SHENZHEN, GUANGDONG PROVINCE TO: 210012 NANJING, JIANGSU PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20150518 Address after: Yuhuatai District of Nanjing City, Jiangsu province 210012 Bauhinia Road No. 68 Patentee after: Nanjing Zhongxing New Software Co., Ltd. Address before: 518057 Nanshan District high tech Industrial Park, Guangdong, South Road, science and technology, ZTE building, legal department Patentee before: ZTE Corporation |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100602 Termination date: 20160612 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |