CN101232379A - Method for implementing system login, information technology system and communication system - Google Patents

Method for implementing system login, information technology system and communication system Download PDF

Info

Publication number
CN101232379A
CN101232379A CNA2008100570832A CN200810057083A CN101232379A CN 101232379 A CN101232379 A CN 101232379A CN A2008100570832 A CNA2008100570832 A CN A2008100570832A CN 200810057083 A CN200810057083 A CN 200810057083A CN 101232379 A CN101232379 A CN 101232379A
Authority
CN
China
Prior art keywords
ims
key
account number
client
authentication arithmetic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2008100570832A
Other languages
Chinese (zh)
Other versions
CN101232379B (en
Inventor
李跃
高翔
张滨
赵刚
余弦
陈鹏
沈岷
郑永强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
China Mobile Communications Group Co Ltd
Original Assignee
ZTE Corp
China Mobile Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp, China Mobile Communications Group Co Ltd filed Critical ZTE Corp
Priority to CN2008100570832A priority Critical patent/CN101232379B/en
Publication of CN101232379A publication Critical patent/CN101232379A/en
Application granted granted Critical
Publication of CN101232379B publication Critical patent/CN101232379B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses a method for realizing the system login, an information technical system and a communication system, which solves the problems of low login efficiency, low safety and high complexity of the management due to the input of user accounts and login passwords one by one when in login of a plurality of application systems. The technical proposal of the invention comprises: the information technical IT system obtains a login request which is sent by a client of the IT system, the login request includes an IT system account; the corresponding Internet protocol multimedia subsystem IMS account is obtained according to the IT system account, the IMS account is sent to an IMS network, the IMS network is requested to distribute the corresponding key of the IMS account; the IMS account and the key are sent to the IMS client by the client of the IT system to be used for the IMS client for the login on the IMS network. The technical proposal can improve the login efficiency and the safety, and reduce the complexity of the system management.

Description

A kind of method, information technology system and communication system that realizes system login
Technical field
The present invention relates to network communications technology field, relate in particular to the technology that signs in to the internet protocol multimedia subsystem network by information technology system.
Background technology
3GPP R5 (3 RdGeneration Partner Project, third generation partner plan) stage has been introduced IMS (Internet Protocol Multimedia Subsystem, internet protocol multimedia subsystem), be ITU-T (International Telecommunication Union-TelecommunicationStandardization Sector at present, International Telecommunication Union-Telecommunication Standardization Sector), normal structures such as ETSI (EuropeanTelecommunications Standards Institute, European Telecommunication Standard mechanism), 3GPP2 are accepted.IMS can provide more business to use neatly, as: IMS not only can unify in planning, also can accomplish unified at QoS (Quality of Service, service quality) aspect; IMS can accomplish that not only carrying separates with control, can also realize and the separating of user interface; IMS not only can realize the mode of all accesses, can also accomplish concentrating of data.From the angle of integrated services, IMS has very big attraction and advantage.No matter theoretically still in practice, proved that all IMS is the basis of NGN (NextGeneration Network, next generation network) development.
Along with information technology and development of internet technology, more and more enterprises is recognized, with IMS network application and the IT of enterprise (Information Technology, information technology) fusion of system, use and communicate by letter when carrying out seamless integrated solution as enterprise, can provide an approach more easily for the user obtains its needed information, and can provide more application services, thereby can effectively improve the operating efficiency and the IT cost of enterprise for the user.So, have more and more enterprises to introduce the integration technology of IMS network application and enterprise's IT system.
When introducing the integration technology of IMS network application and enterprise's IT system, the application system that the user need login also can correspondingly increase.Because each system all requires the user to follow certain security strategy, such as requiring to import user account number and login password, like this, along with increasing of logging in system by user, the user account number and the login password that need to remember also can be a lot, thereby cause the possibility of makeing mistakes to increase, and be subjected to the illegal possibility of intercepting and capturing and destroying and also can increase, the fail safe of logging in network also can correspondingly reduce.In addition, the user might forget user account number or login password, and just need user request management person's help this moment, up to regaining user account number or login password, just can execute the task.Will waste a lot of times like this, thereby cause system login efficient to reduce, and the management complexity of system is increased.
For avoid above-mentioned situation to take place as far as possible, can adopt the unified mode of logining to realize the login of a plurality of systems, that is to say, the account number of IMS account number and enterprise's IT system is united, adopt same user account number and/or login password to login.In order to realize unified login, usually by simplifying user account number and/or login password, perhaps in a plurality of application systems, use methods such as identical user account number and/or login password to realize, to reduce needed user account number of a plurality of application systems of login and the login password that the user need remember, reduce the complexity of operation, but simplification or single user account number and/or login password often are easy to be cracked or usurp, and this mode also is absolutely unsafe; In addition, when these security risks progressively reflect, the keeper can increase some new safety measures, but these measure meetings reduce the availability of systems, and can increase the complexity of system management.
Summary of the invention
The invention provides a kind of method, information technology system and communication system that realizes system login, need import user account number one by one when solving a plurality of IMS network application system of login and login password causes logining the problem that efficient is low, fail safe is low and management complexity is high.
The embodiment of the invention is achieved through the following technical solutions:
The embodiment of the invention provides a kind of method that realizes system login, comprising:
The information technology IT system obtains the logging request that the IT system client sends, and comprises the IT system account number in the described logging request;
According to described IT system account number, obtain corresponding internet protocol multimedia subsystem IMS account number, and described IMS account number is sent to the IMS network, ask described IMS network allocation and the corresponding key of described IMS account number;
Key with described IMS account number and described IMS network allocation sends to the IMS client by the IT system client, is used for the IMS client and signs in to the IMS network.
The embodiment of the invention also provides a kind of information technology system, and described information technology system comprises:
Network communication unit is used for the logging request that acquired information technology IT system client sends, and comprises the IT system account number in the described logging request;
Account number obtains the unit, is used for according to described IT system account number, obtains corresponding internet protocol multimedia subsystem IMS account number;
The request of data unit is used for described IMS account number is sent to the IMS network, asks described IMS network allocation and the corresponding key of described IMS account number; And, obtain described IMS network allocation with the corresponding key of described IMS account number;
Described network communication unit also is used for the key with described IMS account number and described IMS network allocation, sends to the IMS client by the IT system client, is used for the IMS client and signs in to the IMS network.
The embodiment of the invention also provides a kind of communication system, and described communication system comprises: information technology IT system and internet protocol multimedia subsystem IMS network;
Wherein, IT system is used to obtain the logging request that the IT system client sends, and comprises the IT system account number in the described logging request; According to described IT system account number, obtain corresponding IMS account number, and described IMS account number is sent to the IMS network, ask described IMS network allocation and the corresponding key of described IMS account number; Key with described IMS account number and described IMS network allocation sends to the IMS client by the IT system client, is used for the IMS client and signs in to the IMS network;
The IMS account number that provides according to described IT system is provided the IMS network, distributes and the corresponding key of described IMS account number.
The present invention passes through technique scheme, when the user need sign in to the IMS network, only need the login IT system, obtain the IMS account number corresponding by IT system with the IT system account number, the Random assignment of request IMS network is used to login IMS network and the key corresponding with this IMS account number, signs in to the IMS network by this IMS account number and corresponding key.By technical solution of the present invention, can reduce the time that the user logins the time of IMS network cost and wastes owing to login failure, improved login efficient; Simultaneously, login IMS network does not need the user to submit to and remembers authentication informations such as user account number and login password, provides users with the convenient and the fail safe when having improved login system; Simultaneously, not be used in the account number cipher database when setting up the login different system in the system, reduced the complexity of system management.
Description of drawings
Fig. 1 is a kind of method flow diagram of realizing system login in the first embodiment of the invention;
Fig. 2 signs in to IMS flow through a network figure in the first embodiment of the invention by the IMS client;
Fig. 3 is the structure chart of IT system in the second embodiment of the invention;
Fig. 4 is the structure chart of communication system in the third embodiment of the invention;
Fig. 5 is second structure chart of communication system in the third embodiment of the invention;
Fig. 6 is the flow chart of user's logging on communication system in the third embodiment of the invention.
Embodiment
The embodiment of the invention provides a kind of method, information technology system and communication system that realizes system login, obtain to be used to login the IMS account number and the corresponding key of IMS network by IT system, utilize this IMS account number and corresponding key can sign in to the IMS network, thereby can improve efficient and fail safe that the user logins a plurality of application systems, and reduce the complexity of management system.Be explained in detail to the main realization principle of technical solution of the present invention, specific implementation process and to the beneficial effect that should be able to reach below in conjunction with Figure of description and specific embodiment.
First embodiment of the invention provides a kind of method that realizes system login, and the method for this realization system login is: IT system obtains the logging request that the IT system client sends, and comprises the IT system account number in the described logging request; According to described IT system account number, obtain corresponding IMS account number, and described IMS account number is sent to the IMS network, ask described IMS network allocation and the corresponding key of described IMS account number; Key with described IMS account number and described IMS network allocation sends to the IMS client by the IT system client, is used for the IMS client and signs in to the IMS network.
The specific implementation process of present embodiment comprises following content as shown in Figure 1:
Step 101, IT system obtain the logging request that the IT system client sends, and comprise the IT system account number in the described logging request.
Can further include the key corresponding in the logging request that this IT system client sends with the IT system account number; IT system is carried out authentication according to the key corresponding with the IT system account number that comprises in the logging request to the IT system client of initiating logging request.
Step 102, IT system be according to the IT system account number that comprises in the described logging request, obtains corresponding IMS account number, and described IMS account number is sent to the IMS network, request IMS network allocation login IMS network and with the corresponding key of described IMS account number.
Before carrying out this step, need in IT system, set up and store the corresponding relation of IT system account number and IMS account number, IT system is by searching this corresponding relation, thus obtain with logging request in the corresponding IMS account number of IT system account number that comprises.
Receive the request that comprises the IMS account number of IT system transmission when the IMS network after, the home subscriber server HSS of IMS network (Home Subscriber Server, home subscriber server) can generate key at random for this IMS account number; Perhaps, the request that comprises the IMS account number that protocol conversion device between IT system and IMS network interception IT system sends for this IMS account number generates a key at random, and offers the key that generates the HSS of IMS network.
Step 103, IT system obtain the key that HSS distributes, and this key also is kept in the subscriber profile data storehouse of HSS.
Step 104, IT system offer the IMS client with the key of IMS account number and HSS distribution by the IT system client, are used for the IMS client and sign in to the IMS network.
Step 104 specifically comprises following process:
Step 1, IT system send to the IT system client with the key of IMS account number and HSS distribution;
Step 2, IT system client call IMS client, and in invoked procedure, the IMS account number of IT system transmission and the key of correspondence are offered the IMS client, be used for the IMS client and sign in to the IMS network.IT system client call IMS client can adopt the standard calls technology, and its call flow is as follows:
IMS?Client.exe%1%2
Wherein, %1 is a user IMS number of the account; %2 is user's a disposal password.
The detailed process that the IMS client signs in to the IMS network comprises following content as shown in Figure 2:
The CSCF of step 201, IMS network (Call Session Control Function, CSCF) server receives the logging request that the IMS client sends.
Comprise in the logging request that the IMS client sends: IMS account number and login mode information, present embodiment is that the single-sign-on mode is an example with the content of login mode information, carries out following explanation.
The logging request that step 202, CSCF server send according to the IMS client obtains corresponding authorization data.
The authorization data that the CSCF server obtains comprises: the authentication arithmetic that key corresponding with described IMS account number and single-sign-on mode require, the authentication arithmetic that the single-sign-on mode requires is generally the md5 encryption algorithm.
The specific implementation of step 202 comprises following process:
S1, judge whether exist corresponding in the CSCF server and meet the authorization data that the single-sign-on mode requires with the IMS account number.
Generally speaking, when the user logins first, do not have any authorization data in the system; And for the user who signs in to the IMS network, more unobstructed in order to guarantee that network connects, need the periodic refreshing network, also promptly refresh login, preserved the authorization data of downloading when logining first this moment in the CSCF server, for refreshing login, this authorization data is still effective.
S2, when in judging the CSCF server, having described authorization data, execution in step S3 then; Otherwise execution in step S4.
Authorization data in S3, the acquisition CSCF server.
The HSS of S4, request IMS network distributes corresponding with the IMS account number and meets the authorization data that the single-sign-on mode requires.
Further, must after the login IT system, could use the single-sign-on mode to login the IMS network in order to guarantee the IMS client, prevent disabled user's Replay Attack, also promptly repeat to send identical information with attacking network, for example, intercepting login Bao Wenhou resends the network to IMS, the disposable feature that needs the key of assurance login IMS network, so need be according to login mode information or user profile, further judge whether one time key is effective, and after one time key is invalid, need to download new authorization data.
Judge that the new authorization data of needs acquisition need satisfy at least one establishment in the following condition:
The login mode that A, user login the IMS network changes.
For example: the preceding IMS network using HTTP Digest login mode of once logining, and this adopts the single-sign-on mode, because be incompatible between the different login modes, and the authorization data that different login modes need also is different, so when login mode changes, just need download authorization data again.
B, user's contact address or log-on message change.
For example, when the user has closed the IT system client and used other terminal login instead, or the user closes or when having restarted the IT system client and having restarted the IMS client, user's contact address or log-on message all can change, so also need to download again authorization data.
Simultaneously, safer in order to guarantee the key corresponding with the IMS account number, after HSS will the authorization data corresponding with the IMS account number distributes to the CSCF server, with be kept at this key corresponding deletion in its subscriber profile data storehouse with the IMS account number or be set to invalid, up to receive once more that IT system sends comprise the request of IMS account number the time, HSS can generate a new key, so, the life cycle of the password that login IMS network needs is limited to the user in the once login cycle on certain terminal, be that the user successfully signs in in the IT system, and trigger the once login of IMS network.
Step 203, CSCF server offer the IMS client with the network information of IMS network correspondence, be used for the IMS client described IMS network is authenticated.
The IMS client can be passed through MAC (Message AuthenticationCheck to the authentication of IMS network, the message authentication checking) algorithm is realized, the IMS network offers in the network information of IMS client and comprises AUTN (Authentication Token, the authentication sign), after the IMS client is received the network information of IMS network transmission, the message authentication code XMAC check value of calculation expectation, the XMAC check value that message authentication code MAC check value and the IMS client by HSS calculating that relatively obtains from AUTN generates, if the MAC check value is consistent with the XMAC check value, then authentication success.
The process that the IMS client is calculated the XMAC check value is as follows:
The client utilization is shared key and is come verification AUTN, if AUTN verification succeeds, client calculates process key A K by random number RA ND, the K of use key A then recovers sequence number SQN, then come the message authentication code XMAC check value of calculation expectation by the AMF (AuthenticationManagement Function, authentication management function) that preserves in the sequence number SQN, the RAND that obtain and the client.
Step 204, judge whether the IMS client is passed through the authentication of IMS network, if pass through, then execution in step 205; Otherwise refuse the information that this IMS network sends.
Step 205, CSCF server offer the IMS client with the authentication arithmetic that comprises in the authorization data that obtains, and utilize key and this authentication arithmetic in the IMS client to generate Authentication Response; And the CSCF server obtains the Authentication Response that the IMS client generates; And utilize the key and the authentication arithmetic that comprise in the local authorization data that obtains to generate Authentication Response.
Step 206, IMS client in the step 205 Authentication Response that generates and the Authentication Response that the CSCF server generates are compared, when two Authentication Responses unanimities being generated, execution in step 207; Otherwise refuse this IMS client and sign in to the IMS network.
Step 207, allow this IMS client to sign in to the IMS network.
Further, in order to guarantee safety of user information, in the said process, carry out to adopt safe the connection alternately (as the safe socket character technology) between client and the IT system, can not leak to guarantee the various information of transmitting (as one time key).
Second embodiment of the invention provides a kind of IT system, and this IT system comprises that network communication unit, account number obtain unit, request of data unit as shown in Figure 3; The IT system that present embodiment provides can further include: the account number memory cell;
Wherein, network communication unit is used to obtain the logging request that the IT system client sends, and comprises the IT system account number in the described logging request;
Account number obtains the unit, is used for according to described IT system account number, obtains corresponding IMS account number;
The request of data unit is used for described IMS account number is sent to the IMS network, asks described IMS network allocation and the corresponding key of described IMS account number; And receive the IMS network allocation with the corresponding key of described IMS account number;
Correspondingly, described network communication unit also is used for the key with described IMS account number and described IMS network allocation, sends to the IMS client by the IT system client, is used for the IMS client and signs in to the IMS network.
The account number memory cell that the IT system that present embodiment provides further comprises is used for and will sets up the corresponding relation of IT system account number and IMS account number, and described corresponding relation is offered account number acquisition unit.
Third embodiment of the invention provides a kind of communication system, and as shown in Figure 4, this communication system comprises following functional entity:
IT system 401 is used to obtain the logging request that the IT system client sends, and comprises the IT system account number in the described logging request; According to described IT system account number, obtain corresponding IMS account number, and described IMS account number is sent to the IMS network, ask described IMS network allocation and the corresponding key of described IMS account number; Key with described IMS account number and described IMS network allocation sends to the IMS client by the IT system client, is used for the IMS client and signs in to the IMS network.
IMS network 402 is used for the request that comprises the IMS account number according to described IT system transmission, distributes and the corresponding key of described IMS account number.
This IMS network comprises: the CSCF server, and this CSCF server is used to obtain the logging request that the IMS client sends, and comprises IMS account number and login mode information in the described logging request; According to described IMS account number, obtain corresponding key; According to described login mode information, obtain the desired authentication arithmetic of described login mode; Described authentication arithmetic is offered the IMS client, and receive the Authentication Response that described IMS client is utilized described authentication arithmetic and generated by the key that the IT system client obtains; Utilize described key and authentication arithmetic, the Authentication Response that described IMS client is generated carries out verification, and after checking is passed through, allows described IMS client to sign in to the IMS network.
Further, this IMS network also comprises: HSS, be used for when receive that described IT system sends comprise the request of IMS account number the time, distribute the key corresponding with this IMS account number;
Above-mentioned CSCF server comprises:
First authorization data obtains the unit, is used for judging whether the CSCF CSCF server of IMS network exists the key corresponding with the IMS account number and the authentication arithmetic of described login mode information requirements; When in determining described CSCF server, having described key and described authentication arithmetic, then from described CSCF server, obtain described key and described authentication arithmetic; Otherwise, from described HSS, obtain described key and described authentication arithmetic;
Or,
Second authorization data obtains the unit, is used for judging whether the CSCF CSCF server of IMS network exists the key corresponding with the IMS account number and the authentication arithmetic of described login mode information requirements; When in determining described CSCF server, having described key and described authentication arithmetic, according to described login mode information or user profile, judge whether to need to obtain new key and authentication arithmetic, when determining to need to obtain new key and authentication arithmetic, then from described HSS, obtain described key and described authentication arithmetic; Otherwise, from described CSCF server, obtain described key and described authentication arithmetic; When in determining described CSCF server, not having described key and described authentication arithmetic, from described HSS, obtain described key and described authentication arithmetic.
When above-mentioned CSCF server comprises that second authorization data obtains the unit, it judges whether that further the purpose that needs to download new authorization data is, assurance IMS client must could use the single-sign-on mode to login the IMS network after the login IT system, prevent disabled user's Replay Attack, also promptly repeat to send identical information, further guarantee the disposable feature of login IMS key that network uses in the present embodiment with attacking network.
The communication system that present embodiment provides can further include interface message processor (IMP) 403 as shown in Figure 5, is used for carrying out protocol conversion between IT system and IMS network.The purpose that this interface message processor (IMP) is set is not have the situation of common factor for the protocol interface that solves IT system support under some situation and IMS, for example IT system is generally all supported HTTP (Hyper-Text Transfer Protocol, HTML (Hypertext Markup Language)), but the HSS in the IMS system is supported protocol not, so an interface equipment need be set.
Further, this interface message processor (IMP) also is used to tackle the request that comprises the IMS account number that described IT system sends, and generates the key corresponding with this IMS account number, and the key that generates is offered described home subscriber server.
Below, for logging on as example first, in the described communication system of present embodiment, the detailed process of logining the IMS network by IT system is elaborated, and as shown in Figure 6, comprises following content with the IMS client:
Step 601, user send logging request by the IT system client of intelligent terminal to IT system, comprise IT system account number and corresponding key in this logging request;
Step 602, IT system are carried out authentication to the IT system client of request login, and after checking is passed through, obtain the IMS account number according to the IT system account number;
Step 603, IT system are included in the user with the IMS account number that obtains and login the HSS that sends to the IMS network in the notice;
After step 604, HSS receive the login notice of IT system transmission,, and this one time key is saved in the subscriber profile data storehouse for the IMS account number that comprises in this login notice generates corresponding key at random;
Step 605, HSS return to IT system with the key that generates;
Step 606, IT system obtain the key that IMS distributes, and IMS account number and this key are offered the IT system client;
Step 607, IT system client are called the IMS client, and in invoked procedure this IMS account number and counterpart keys are offered the IMS client after receiving the IMS account number and counterpart keys that IT system sends;
Step 608, IMS client are initiated logging request to the CSCF of IMS network server after receiving the IMS account number and counterpart keys that the IT system client sends, and comprise IMS account number and single-sign-on information in this logging request;
Step 609, CSCF server are initiated the authorization data download request to HSS, comprise the IMS account number in this download request;
Step 610, HSS offer the CSCF server with the authentication arithmetic that key corresponding with the IMS account number in the subscriber profile data storehouse and single-sign-on mode require, and it is invalid simultaneously this key to be made as;
Step 611, CSCF obtain key and the authentication arithmetic that HSS provides, and initiate the authentication challenge to the IMS client, comprise the network information corresponding with the IMS network and authentication arithmetic in this authentication challenge;
Step 612, IMS client authenticate the IMS network according to the network information in the authentication challenge, and after authentication is passed through, utilize the key of local terminal preservation and the authentication arithmetic in the authentication challenge, generate Authentication Response;
Step 613, IMS client offer the CSCF server with the Authentication Response that generates;
Step 614, CSCF utilize key and the authentication arithmetic that HSS provides that the Authentication Response that the IMS client generates is carried out verification, and when verification by after this IMS client of permission sign in to the IMS network;
Step 615, CSCF are to IMS client feedback login success response.
Intelligent terminal in the present embodiment is used to send logging request, and it comprises: IT system client and IMS client; This intelligent terminal can be personal computer, notebook or a handheld terminal (as mobile phone), and the IT system client that it comprises can be the client of a Web browser or other type.
The present invention passes through technique scheme, when the user need sign in to the IMS network, only need the login IT system, obtain the IMS account number corresponding by IT system with the IT system account number, the Random assignment of request IMS network is used to login IMS network and the key corresponding with this IMS account number, signs in to the IMS network by this IMS account number and corresponding key.By technical solution of the present invention, can reduce the time that the user logins the time of IMS network cost and wastes owing to login failure, improved login efficient; Simultaneously, login IMS network does not need the user to submit to and remembers authentication informations such as user account number and login password, provides users with the convenient and the fail safe when having improved login system; Simultaneously, not be used in the account number cipher database when setting up the login different system in the system, reduced the complexity of system management.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.

Claims (15)

1. a method that realizes system login is characterized in that, comprising:
The information technology IT system obtains the logging request that the IT system client sends, and comprises the IT system account number in the described logging request;
According to described IT system account number, obtain corresponding internet protocol multimedia subsystem IMS account number, and described IMS account number is sent to the IMS network, ask described IMS network allocation and the corresponding key of described IMS account number;
Key with described IMS account number and described IMS network allocation sends to the IMS client by the IT system client, is used for the IMS client and signs in to the IMS network.
2. the method for claim 1 is characterized in that, described key is generated by the home subscriber server HSS of described IMS network; Or described key is generated by the protocol conversion device that is arranged between IT system and the IMS network, offers the HSS of described IMS network by described protocol conversion device.
3. the method for claim 1 is characterized in that, described method also comprises:
The IMS network obtains the logging request that the IMS client sends, and comprises IMS account number and login mode information in the described logging request;
According to described IMS account number, obtain corresponding key; According to described login mode information, obtain the desired authentication arithmetic of described login mode;
Described authentication arithmetic is offered the IMS client, and obtain the Authentication Response that described IMS client is utilized described authentication arithmetic and generated by the key that described IT system client obtains;
Utilize described key and authentication arithmetic, the Authentication Response that described IMS client is generated carries out verification, and after checking is passed through, allows described IMS client to sign in to the IMS network.
4. method as claimed in claim 3 is characterized in that, and is described according to described IMS account number, obtains corresponding key; According to described login mode information, obtain the desired authentication arithmetic of described login mode, comprising:
Judge in the CSCF CSCF server of IMS network and whether have the key corresponding and the authentication arithmetic of described login mode information requirements with the IMS account number; When in determining described CSCF server, having described key and described authentication arithmetic, then from described CSCF server, obtain described key and described authentication arithmetic; Otherwise, from described HSS, obtain described key and described authentication arithmetic;
Or,
Judge in the CSCF server of IMS network and whether have the key corresponding and the authentication arithmetic of described login mode information requirements with the IMS account number; When in determining described CSCF server, having described key and described authentication arithmetic, according to described login mode information or user profile, judge whether to need to obtain new key and authentication arithmetic, when determining to need to obtain new key and authentication arithmetic, then from described HSS, obtain described key and described authentication arithmetic; Otherwise, from described CSCF server, obtain described key and described authentication arithmetic; When in determining described CSCF server, not having described key and described authentication arithmetic, from described HSS, obtain described key and described authentication arithmetic.
5. method as claimed in claim 4 is characterized in that, and is described according to described login mode information or user profile, and judging whether needs to obtain new key and authentication arithmetic, comprising:
Judging whether described login mode information or user profile satisfy the demand obtains the new key and the condition of authentication arithmetic, if satisfy, then determines to need to obtain new key and authentication arithmetic; Otherwise, determine not need to obtain new key and authentication arithmetic; Described condition comprises: the login mode that the user logins the IMS network changes; Or user's contact address or log-on message change.
6. as claim 4 or 5 described methods, it is characterized in that described method also comprises:
After described home subscriber server distributes the key corresponding with described IMS account number, described key deleted or be set to invalid.
7. method as claimed in claim 3 is characterized in that, described method also comprises:
The network information that will be corresponding with the IMS network offers the IMS client, is used for by described IMS client described IMS network being authenticated.
8. the method for claim 1 is characterized in that,
Also comprise in the logging request that described IT system client sends: the key corresponding with the IT system account number;
Described method also comprises: IT system is carried out authentication according to described key to described IT system client.
9. an information technology system is characterized in that, described information technology system comprises:
Network communication unit is used for the logging request that acquired information technology IT system client sends, and comprises the IT system account number in the described logging request;
Account number obtains the unit, is used for according to described IT system account number, obtains corresponding internet protocol multimedia subsystem IMS account number;
The request of data unit is used for described IMS account number is sent to the IMS network, asks described IMS network allocation and the corresponding key of described IMS account number; And, obtain described IMS network allocation with the corresponding key of described IMS account number;
Described network communication unit also is used for the key with described IMS account number and described IMS network allocation, sends to the IMS client by the IT system client, is used for the IMS client and signs in to the IMS network.
10. information technology system as claimed in claim 9 is characterized in that, described information technology system also comprises:
The account number memory cell is used to set up the corresponding relation of IT system account number and IMS account number.
11. a communication system is characterized in that, described communication system comprises: information technology IT system and internet protocol multimedia subsystem IMS network;
Wherein, IT system is used to obtain the logging request that the IT system client sends, and comprises the IT system account number in the described logging request; According to described IT system account number, obtain corresponding IMS account number, and described IMS account number is sent to the IMS network, ask described IMS network allocation and the corresponding key of described IMS account number; Key with described IMS account number and described IMS network allocation sends to the IMS client by the IT system client, is used for the IMS client and signs in to the IMS network;
The IMS account number that provides according to described IT system is provided the IMS network, distributes and the corresponding key of described IMS account number.
12. communication system as claimed in claim 11 is characterized in that, described IMS network comprises:
CSCF CSCF server is used to obtain the logging request that the IMS client sends, and comprises IMS account number and login mode information in the described logging request; According to described IMS account number, obtain corresponding key; According to described login mode information, obtain the desired authentication arithmetic of described login mode; Described authentication arithmetic is offered the IMS client, and obtain the Authentication Response that described IMS client is utilized described authentication arithmetic and generated by the key that described IT system client obtains; Utilize described key and authentication arithmetic, the Authentication Response that described IMS client is generated carries out verification, and after checking is passed through, allows described IMS client to sign in to the IMS network.
13. communication system as claimed in claim 12 is characterized in that,
Described IMS network also comprises: home subscriber server HSS, the IMS account number that provides according to described IT system is provided, and distribute the key corresponding with this IMS account number;
Described CSCF server comprises: first authorization data obtains the unit, is used for judging whether the CSCF server of IMS network exists the key corresponding with the IMS account number and the authentication arithmetic of described login mode information requirements; When in determining described CSCF server, having described key and described authentication arithmetic, then from described CSCF server, obtain described key and described authentication arithmetic; Otherwise, from described HSS, obtain described key and described authentication arithmetic;
Or,
Described IMS network also comprises: HSS, the IMS account number that provides according to described IT system is provided, and distribute the key corresponding with this IMS account number;
Described CSCF server comprises: second authorization data obtains the unit, is used for judging whether the CSCF server of IMS network exists the key corresponding with the IMS account number and the authentication arithmetic of described login mode information requirements; When in determining described CSCF server, having described key and described authentication arithmetic, according to described login mode information or user profile, judge whether to need to obtain new key and authentication arithmetic, when determining to need to obtain new key and authentication arithmetic, then from described HSS, obtain described key and described authentication arithmetic; Otherwise, from described CSCF server, obtain described key and described authentication arithmetic; When in determining described CSCF server, not having described key and described authentication arithmetic, from described HSS, obtain described key and described authentication arithmetic.
14. communication system as claimed in claim 13 is characterized in that, described communication system also comprises:
Interface message processor (IMP) is used for carrying out protocol conversion between described IT system and described IMS network.
15. communication system as claimed in claim 14 is characterized in that, described interface message processor (IMP) also is used to tackle the request that comprises the IMS account number that described IT system sends, and generates and the corresponding key of described IMS account number, and the key that generates is offered described HSS.
CN2008100570832A 2008-01-29 2008-01-29 Method for implementing system login, information technology system and communication system Active CN101232379B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008100570832A CN101232379B (en) 2008-01-29 2008-01-29 Method for implementing system login, information technology system and communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008100570832A CN101232379B (en) 2008-01-29 2008-01-29 Method for implementing system login, information technology system and communication system

Publications (2)

Publication Number Publication Date
CN101232379A true CN101232379A (en) 2008-07-30
CN101232379B CN101232379B (en) 2011-08-31

Family

ID=39898577

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008100570832A Active CN101232379B (en) 2008-01-29 2008-01-29 Method for implementing system login, information technology system and communication system

Country Status (1)

Country Link
CN (1) CN101232379B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101931917A (en) * 2009-06-18 2010-12-29 华为终端有限公司 Method for distributing and acquiring fixed network access account and certification device and terminal
CN102420836A (en) * 2012-01-12 2012-04-18 中国电子科技集团公司第十五研究所 Sign-on method and sign-on management system for service information system
CN106464493A (en) * 2014-03-16 2017-02-22 黑文技术私人有限公司 Persistent authentication system incorporating one time pass codes
CN107770006A (en) * 2017-09-19 2018-03-06 安康鸿天科技开发有限公司 A kind of three-network integration system based on IMS communications

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1812322A (en) * 2005-01-28 2006-08-02 华为技术有限公司 Right discriminating system and processing method
CN100571134C (en) * 2005-04-30 2009-12-16 华为技术有限公司 The method of authenticated user terminal in IP Multimedia System
CN100589388C (en) * 2007-07-26 2010-02-10 中兴通讯股份有限公司 Method and system for logging in C/S system and IP multimedia sub system at same time

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101931917A (en) * 2009-06-18 2010-12-29 华为终端有限公司 Method for distributing and acquiring fixed network access account and certification device and terminal
CN102420836A (en) * 2012-01-12 2012-04-18 中国电子科技集团公司第十五研究所 Sign-on method and sign-on management system for service information system
CN106464493A (en) * 2014-03-16 2017-02-22 黑文技术私人有限公司 Persistent authentication system incorporating one time pass codes
CN106464493B (en) * 2014-03-16 2019-12-10 黑文技术私人有限公司 Permanent authentication system containing one-time pass code
US10541815B2 (en) 2014-03-16 2020-01-21 Haventec Pty Ltd Persistent authentication system incorporating one time pass codes
US11263298B2 (en) 2014-03-16 2022-03-01 Haventec Pty Ltd Persistent authentication system incorporating one time pass codes
CN107770006A (en) * 2017-09-19 2018-03-06 安康鸿天科技开发有限公司 A kind of three-network integration system based on IMS communications
CN107770006B (en) * 2017-09-19 2020-06-16 安康鸿天科技开发有限公司 Three-network integration system based on IMS communication

Also Published As

Publication number Publication date
CN101232379B (en) 2011-08-31

Similar Documents

Publication Publication Date Title
CN101369893B (en) Method for local area network access authentication of casual user
US8613058B2 (en) Systems, methods and computer program products for providing additional authentication beyond user equipment authentication in an IMS network
CN102388638B (en) Identity management services provided by network operator
US9722984B2 (en) Proximity-based authentication
CN101075875B (en) Method and system for realizing monopoint login between gate and system
US10547602B2 (en) Communications methods and apparatus related to web initiated sessions
US9344417B2 (en) Authentication method and system
CN103733701A (en) System and method for subscribing for internet protocol multimedia subsystems (ims) services registration status
WO2013075661A1 (en) Login and open platform identifying method, open platform and system
CN102196426B (en) Method, device and system for accessing IMS (IP multimedia subsystem) network
KR20070009634A (en) A method for verifying a first identity and a second identity of an entity
CN103391197A (en) Web identity authentication method based on mobile token and NFC technology
CN104980434A (en) Security Key Management In IMS-based Multimedia Broadcast And Multicast Services (MBMS)
CN112261022A (en) Security authentication method based on API gateway
CN111405036A (en) Service access method, device, related equipment and computer readable storage medium
CN112492017A (en) Websocket connection method and system based on token authentication
WO2010043134A1 (en) Method and system for realizing third party authentication of trans-system access in a communication system
CN101232379B (en) Method for implementing system login, information technology system and communication system
CN101360107A (en) Method, system and apparatus enhancing security of single system login
CN102255904B (en) Communication network and terminal authentication method thereof
CN112968963B (en) WebSocket-based method for forced real-time offline of user
CN107566396A (en) A kind of method based on dynamic password enhancing server VPN protocol securitys
CN103312673B (en) Enterprise mobile application system and its application process
CN102694779B (en) Combination attestation system and authentication method
KR101133167B1 (en) Method and apparatus for user verifing process with enhanced security

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant