CN101267309B - A network authorization and authentication method, device and system - Google Patents
A network authorization and authentication method, device and system Download PDFInfo
- Publication number
- CN101267309B CN101267309B CN2008100662162A CN200810066216A CN101267309B CN 101267309 B CN101267309 B CN 101267309B CN 2008100662162 A CN2008100662162 A CN 2008100662162A CN 200810066216 A CN200810066216 A CN 200810066216A CN 101267309 B CN101267309 B CN 101267309B
- Authority
- CN
- China
- Prior art keywords
- key
- service provider
- provider system
- wireless terminal
- send
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The present invention provides a network authorization identification method which comprises the following procedures: connecting with a wireless terminal registered on a service providing system; storing a first key of the service providing system of the wireless terminal through the wireless network; obtaining a first key of the service providing system stored on the wireless terminal through a wireless network; and transmitting a first key to the service providing system for identification. At the same time, the invention also provides a network authorization device and a system. Through the invention, the capability of the service providing system for identifying the legal user is increased, and the providing of better service to the legal user is guaranteed.
Description
Technical field
The present invention relates to network communication field, relate in particular to a kind of network authorization and authentication method, device and system.
Background technology
The Internet rapid development of network makes many business to realize through Internet, for user and service provider provide great convenience property, makes efficiency of service also be greatly improved, and has reduced service provider's cost of serving.Yet because the Internet network opening, anyone is easy to just be linked in the Internet network; Therefore, for guaranteeing, take precautions against the disabled user to validated user provides favorable service; Checking user's legitimacy has just become a requisite safe link.
Common verification method is that the user is when the service of using the service provider to provide; Must a proof be provided to the service provider oneself is the information of validated user; After being passed through by checking, the service provider just permits the user and uses its service that provides, and this process is called the authorization identifying process.
But on Internet, the user can forge these proof information, the user validation proof procedure of out-tricking through technological means; The authorization information of perhaps obtaining validated user (for example; Through the trojan horse program, obtain user's number of the account, password, even be kept at certificate on the subscriber's main station or the like); And then utilize these authorization informations to usurp the service of validated user, serious harm user and service provider's interests.
Summary of the invention
The purpose of the embodiment of the invention is to provide a kind of network authorization and authentication method, may further comprise the steps:
Link to each other with wireless terminal in the service provider system registration;
Preparing when said service provider system is initiated logging request, sending request login key information, obtaining key message so that said wireless terminal sends to said service provider system to said wireless terminal;
First key that returns by said service provider system that receives that said wireless terminal sends;
Send said first key and to said service provider system, carry out authentication; If said authentication is passed through; Said service provider system makes said first key invalid; Generate second key, distribute said second key to said wireless terminal, said wireless terminal replaces with said second key with said first key;
Sending said second key provides to said server and carries out authentication in the system.
The embodiment of the invention also provides a kind of network authorization and authentication method, may further comprise the steps:
In service provider system, register;
Link to each other with internet terminal;
Receive the request login key message that said internet terminal is being prepared when said service provider system is initiated logging request, to send;
Obtain key message according to described request login key message to said service provider system transmission;
Receive first key that said service provider system distributes;
Send said first key to said internet terminal; Indicate said internet terminal to send said first key and to said service provider system, carry out authentication; If authentication is passed through; Obtain second key that said service provider system distributes the invalid back of said first key, said first key is replaced with said second key;
Send said second key to said internet terminal, indicate said internet terminal to send said second key and to said service provider system, carry out authentication.
The embodiment of the invention also provides a kind of internet terminal, comprising:
First linkage unit is used for linking to each other with the wireless terminal of registering at service provider system;
Message transmission module is used for preparing when said service provider system is initiated logging request, sends request login key message to said wireless terminal, obtains key message so that said wireless terminal sends to said service provider system;
The first key receiver module is used to receive first key that said wireless terminal sends is returned by said service provider system;
Authentication ' unit; Be used to send said first key and to said service provider system, carry out authentication; If said authentication is passed through, said service provider system makes said first key invalid, generates second key; Distribute said second key to said wireless terminal, said wireless terminal replaces with said second key with said first key.
The embodiment of the invention also provides a kind of wireless terminal that is registered in the service provider system, comprising:
Second linkage unit is used for linking to each other with internet terminal;
The message sink module is used to receive the request login key message that said internet terminal is being prepared when said service provider system is initiated logging request, to send;
Message transmission module is used for obtaining key message according to described request login key message to said service provider system transmission;
The second key receiver module is used to receive first key that said service provider system distributes;
The key transmitting element is used to send said first key to said internet terminal, indicates said internet terminal to send said first key and to said service provider system, carries out authentication;
Second key acquiring unit is passed through if be used for said authentication, obtains second key that said service provider system distributes the invalid back of said first key, and said first key is replaced with said second key;
Said key transmitting element also is used to send said second key to said internet terminal, indicates said internet terminal to send said second key and to said service provider system, carries out authentication.
Embodiment of the present invention can be brought following beneficial effect, has reduced Internet and has gone up the reciprocal process between internet terminal and the service provider system; In the login process, reduced the link that key in the prior art need be verified calculating at internet terminal and service provider system; Various informativeization of key, effective strong significantly increased the difficulty that is cracked and steals; Make full use of wireless network user uniqueness and security features, improved the ability of service provider system identification validated user, for providing better service that assurance is provided to validated user.
Description of drawings
Fig. 1 is the method flow diagram of one embodiment of the present invention;
Fig. 2 is the method flow diagram of one embodiment of the present invention;
Fig. 3 is the structure drawing of device of one embodiment of the present invention;
Fig. 4 is the structure drawing of device of one embodiment of the present invention;
Fig. 5 is the system construction drawing of one embodiment of the present invention.
Embodiment
Fig. 1 is the method flow diagram of one embodiment of the present invention, may further comprise the steps:
S101, link to each other with wireless terminal in service provider system registration;
Connected mode includes but not limited to modes such as data wire, infrared, bluetooth;
S103, obtain first key that the said service provider system that is stored on the said wireless terminal distributes;
Optional, the first initial key is that service provider system just issues first key to user's wireless terminal through mobile radio network when user's registration is opened an account; For guaranteeing the security reliability of key, key can be set have certain actual effect, just when service provider system generates key; Specify a term of validity for this key; In case the term of validity has been crossed, the user just can not use this key to login, and must file an application to service provider system (this execution mode does not relate to application process); Regenerate new key, and be issued on user's the wireless terminal;
Optional, this step specifically comprises:
S1031, preparing when said service provider system is initiated logging request, sending request login key message to said wireless terminal;
S1033, said wireless terminal send to said service provider system and obtain key message;
First key that the said service provider system of S1035, the said wireless terminal storage of reception returns.
In this optional execution mode; Because key is being prepared when said service provider system is initiated logging request by the interim generation of service provider system; Be issued to user's wireless terminal through mobile radio network; Therefore the actual effect of key is short more a lot of than the actual effect of key in first execution mode, and its reliability is higher.
S105, said first key of transmission carry out authentication to said service provider system.
Optional, this execution mode can also may further comprise the steps:
If the said authentication of S107 is passed through, said service provider system makes said first key invalid, generates second key, distributes said second key to said wireless terminal, and said wireless terminal replaces with said second key with said first key.
S109, said second key of transmission carry out authentication to said service provider system.
Fig. 2 is the method flow diagram of one embodiment of the present invention, may further comprise the steps:
S201, in service provider system, register;
S203, link to each other with internet terminal;
S205, obtain first key that said service provider system distributes;
Optional, this step can may further comprise the steps:
S2031, the said internet terminal of reception are being prepared when said service provider system is initiated logging request, the request login key message of transmission;
S2033, send to said service provider system according to described request login key message and to obtain key message;
First key that S2035, the said service provider system of reception distribute.
S207, said first key of transmission are indicated said internet terminal to send said first key and to said service provider system, are carried out authentication to said internet terminal.
Optional, this execution mode can also may further comprise the steps:
If the said authentication of S209 is passed through, obtain second key that said service provider system distributes the invalid back of said first key, said first key is replaced with said second key;
S2011, said second key of transmission are indicated said internet terminal to send said second key and to said service provider system, are carried out authentication to said internet terminal.
Fig. 3 is the structure drawing of device of one embodiment of the present invention, comprising:
First key acquiring unit 303 is used to obtain first key of the service provider system distribution that is stored on the said wireless terminal;
Authentication ' unit 305 is used to send said first key and to said service provider system, carries out authentication.
Optional, first key acquiring unit 303 specifically comprises:
Message transmission module is used for preparing when said service provider system is initiated logging request, sends request login key message to said wireless terminal;
The first key receiver module, the said service provider system that is used to receive said wireless terminal storage sends to said service provider system according to said wireless terminal and obtains first key that key message returns.
Fig. 4 is the structure drawing of device of one embodiment of the present invention, comprising:
Second linkage unit 401 is used for linking to each other with internet terminal;
Second key acquiring unit 403 is used to obtain first key that said service provider system distributes;
Key transmitting element 405 is used to send said first key to said internet terminal, indicates said internet terminal to send said first key and to said service provider system, carries out authentication.
Optional, second key acquiring unit 403 specifically comprises:
The message sink module is used to receive the request login key message that said internet terminal is being prepared when said service provider system is initiated logging request, to send;
Message transmission module is used for obtaining key message according to described request login key message to said service provider system transmission;
The second key receiver module is used to receive first key that said service provider system distributes.
Optional, second key acquiring unit 403 is passed through if also be used for said authentication, obtains second key that said service provider system distributes the invalid back of said first key, and said first key is replaced with said second key; Key transmitting element 405 also is used to send said second key to said internet terminal, indicates said internet terminal to send said second key and to said service provider system, carries out authentication.
Fig. 5 is the system construction drawing of one embodiment of the present invention, comprising:
Optional, service provider system 501 passes through if also be used for said authentication, makes said first key invalid, and generates second key;
In above-mentioned each execution mode of the present invention; User's wireless terminal and the exchanges data between the wireless network can be circuit domain, like GSM (Global System for Mobile Communications; Global system for mobile communications), CDMA (Code-Division Multiple Access; Code division multiple access), WCDMA (WidebandCDMA, broadband demal multiplex (MUX) access), TD-CDMA (TimeDivision-Synchronous Code Division Multiple Access, the CDMA that the time-division is synchronous) etc.; Also can be that data field connects, like GPRS (General Packet Radio Service) etc.Because internet terminal is directly to obtain key information from wireless terminal, do not need the user to go identification, so this key information can be a various ways, have more than and be confined to character string, can be certain certificate, other forms of two-dimension code or the like.
Above-mentioned each execution mode of the present invention has reduced Internet and has gone up the reciprocal process between internet terminal and the service provider system; In the login process, reduced the link that key in the prior art need be verified calculating at internet terminal and service provider system; Various informativeization of key, effective strong significantly increased the difficulty that is cracked and steals; Make full use of wireless network user uniqueness and security features, improved the ability of service provider system identification validated user, for providing better service that assurance is provided to validated user.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, belong within the scope of claim of the present invention and equivalent technologies thereof if of the present invention these are revised with modification, then the present invention also is intended to comprise these changes and modification interior.
Claims (4)
1. a network authorization and authentication method is characterized in that, may further comprise the steps:
Link to each other with wireless terminal in the service provider system registration;
Preparing when said service provider system is initiated logging request, sending request login key message, obtaining key message so that said wireless terminal sends to said service provider system to said wireless terminal;
First key that returns by said service provider system that receives that said wireless terminal sends;
Send said first key and to said service provider system, carry out authentication; If said authentication is passed through; Said service provider system makes said first key invalid; Generate second key, distribute said second key to said wireless terminal, said wireless terminal replaces with said second key with said first key;
Sending said second key provides to said server and carries out authentication in the system.
2. a network authorization and authentication method is characterized in that, may further comprise the steps:
In service provider system, register;
Link to each other with internet terminal; Receive the request login key message that said internet terminal is being prepared when said service provider system is initiated logging request, to send;
Obtain key message according to described request login key message to said service provider system transmission;
Receive first key that said service provider system distributes;
Send said first key to said internet terminal; Indicate said internet terminal to send said first key and to said service provider system, carry out authentication; If authentication is passed through; Obtain second key that said service provider system distributes the invalid back of said first key, said first key is replaced with said second key;
Send said second key to said internet terminal, indicate said internet terminal to send said second key and to said service provider system, carry out authentication.
3. an internet terminal is characterized in that, comprising:
First linkage unit is used for linking to each other with the wireless terminal of registering at service provider system;
Message transmission module is used for preparing when said service provider system is initiated logging request, sends request login key message to said wireless terminal, obtains key message so that said wireless terminal sends to said service provider system;
The first key receiver module is used to receive first key that said wireless terminal sends is returned by said service provider system;
Authentication ' unit; Be used to send said first key and to said service provider system, carry out authentication; If said authentication is passed through, said service provider system makes said first key invalid, generates second key; Distribute said second key to said wireless terminal, said wireless terminal replaces with said second key with said first key.
4. a wireless terminal that is registered in the service provider system is characterized in that, comprising:
Second linkage unit is used for linking to each other with internet terminal;
The message sink module is used to receive the request login key message that said internet terminal is being prepared when said service provider system is initiated logging request, to send;
Message transmission module is used for obtaining key message according to described request login key message to said service provider system transmission;
The second key receiver module is used to receive first key that said service provider system distributes;
The key transmitting element is used to send said first key to said internet terminal, indicates said internet terminal to send said first key and to said service provider system, carries out authentication;
Second key acquiring unit is passed through if be used for said authentication, obtains second key that said service provider system distributes the invalid back of said first key, and said first key is replaced with said second key;
Said key transmitting element also is used to send said second key to said internet terminal, indicates said internet terminal to send said second key and to said service provider system, carries out authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100662162A CN101267309B (en) | 2008-03-29 | 2008-03-29 | A network authorization and authentication method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100662162A CN101267309B (en) | 2008-03-29 | 2008-03-29 | A network authorization and authentication method, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101267309A CN101267309A (en) | 2008-09-17 |
| CN101267309B true CN101267309B (en) | 2012-11-21 |
Family
ID=39989462
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008100662162A Expired - Fee Related CN101267309B (en) | 2008-03-29 | 2008-03-29 | A network authorization and authentication method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101267309B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102694908A (en) * | 2012-03-23 | 2012-09-26 | 青岛百灵信息科技有限公司 | General authentication apparatus |
| CN103369526A (en) * | 2012-03-31 | 2013-10-23 | 华为终端有限公司 | Key information processing method and device |
| WO2021093164A1 (en) * | 2020-01-16 | 2021-05-20 | Zte Corporation | Method, device, and system for updating anchor key in a communication network for encrypted communication with service applications |
-
2008
- 2008-03-29 CN CN2008100662162A patent/CN101267309B/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN101267309A (en) | 2008-09-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105592065B (en) | A kind of Website logging method and its login system based on SMS | |
| CN101010903B (en) | Method for generating and verifying an electronic signature | |
| CN102378170B (en) | Method, device and system of authentication and service calling | |
| CN111062024B (en) | Application login method and device | |
| CN108476223B (en) | Method and apparatus for SIM-based authentication of non-SIM devices | |
| CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
| US20070249375A1 (en) | Method and system for phone-number discovery and phone-number authentication for mobile communications devices | |
| CN112187709B (en) | Authentication method, device and server | |
| CN103117987B (en) | digital certificate updating method | |
| CN101478396A (en) | Uni-directional cross-domain identity verification based on low correlation of private cipher key and application thereof | |
| CN101777978A (en) | Method and system based on wireless terminal for applying digital certificate and wireless terminal | |
| HRP20160140T1 (en) | A qualified electronic signature system, associated method and mobile phone device for a qualified electronic signature | |
| KR20180067183A (en) | System and Method for Creating and Disposal of Identification associated with User Bio Information | |
| CN108055238A (en) | A kind of account verification method and system | |
| CN104782086A (en) | Method for the registration and certification of receipt of electronic mail | |
| CN102217280A (en) | Method, system, and server for user service authentication | |
| CN103210607A (en) | Secure registration to a service provided by a web server | |
| JP2005510951A (en) | How to register and activate the PKI function | |
| CN102984335B (en) | Dial the identity identifying method of landline telephone, equipment and system | |
| CN103401686B (en) | A kind of user's OTP WEB Authentication System and application process thereof | |
| EP1680940B1 (en) | Method of user authentication | |
| CN110149629A (en) | A kind of method and system of fast registration and login application program based on mobile phone | |
| JP2009118110A (en) | Method and system for provisioning meta data of authentication system, its program and recording medium | |
| CN111696244A (en) | Visitor vehicle management method, device and system | |
| JP2020507823A (en) | Authentication server, authentication system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20170817 Address after: 201, room 1, building A, No. 518053, front Bay Road, Qianhai, Shenzhen Shenzhen cooperation zone, Guangdong, China Patentee after: Shenzhen Zhitong World Technology Service Co. Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: Huawei Technologies Co., Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20171221 Address after: 518053 Guangdong city of Shenzhen province Qianhai Shenzhen Hong Kong cooperation area before Bay Street, Qianhai road at the Shenzhen Hong Kong Cooperation Area Management Bureau office building A Building Room 201 Patentee after: Shenzhen Qianhai TengXiang science and Technology Information Co., Ltd. Address before: 201, room 1, building A, No. 518053, front Bay Road, Qianhai, Shenzhen Shenzhen cooperation zone, Guangdong, China Patentee before: Shenzhen Zhitong World Technology Service Co. Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121121 Termination date: 20190329 |