Summary of the invention
The purpose of the embodiment of the invention is to provide a kind of network authorization and authentication method, may further comprise the steps:
Link to each other with wireless terminal in the service provider system registration;
Preparing when said service provider system is initiated logging request, sending request login key information, obtaining key message so that said wireless terminal sends to said service provider system to said wireless terminal;
First key that returns by said service provider system that receives that said wireless terminal sends;
Send said first key and to said service provider system, carry out authentication; If said authentication is passed through; Said service provider system makes said first key invalid; Generate second key, distribute said second key to said wireless terminal, said wireless terminal replaces with said second key with said first key;
Sending said second key provides to said server and carries out authentication in the system.
The embodiment of the invention also provides a kind of network authorization and authentication method, may further comprise the steps:
In service provider system, register;
Link to each other with internet terminal;
Receive the request login key message that said internet terminal is being prepared when said service provider system is initiated logging request, to send;
Obtain key message according to described request login key message to said service provider system transmission;
Receive first key that said service provider system distributes;
Send said first key to said internet terminal; Indicate said internet terminal to send said first key and to said service provider system, carry out authentication; If authentication is passed through; Obtain second key that said service provider system distributes the invalid back of said first key, said first key is replaced with said second key;
Send said second key to said internet terminal, indicate said internet terminal to send said second key and to said service provider system, carry out authentication.
The embodiment of the invention also provides a kind of internet terminal, comprising:
First linkage unit is used for linking to each other with the wireless terminal of registering at service provider system;
Message transmission module is used for preparing when said service provider system is initiated logging request, sends request login key message to said wireless terminal, obtains key message so that said wireless terminal sends to said service provider system;
The first key receiver module is used to receive first key that said wireless terminal sends is returned by said service provider system;
Authentication ' unit; Be used to send said first key and to said service provider system, carry out authentication; If said authentication is passed through, said service provider system makes said first key invalid, generates second key; Distribute said second key to said wireless terminal, said wireless terminal replaces with said second key with said first key.
The embodiment of the invention also provides a kind of wireless terminal that is registered in the service provider system, comprising:
Second linkage unit is used for linking to each other with internet terminal;
The message sink module is used to receive the request login key message that said internet terminal is being prepared when said service provider system is initiated logging request, to send;
Message transmission module is used for obtaining key message according to described request login key message to said service provider system transmission;
The second key receiver module is used to receive first key that said service provider system distributes;
The key transmitting element is used to send said first key to said internet terminal, indicates said internet terminal to send said first key and to said service provider system, carries out authentication;
Second key acquiring unit is passed through if be used for said authentication, obtains second key that said service provider system distributes the invalid back of said first key, and said first key is replaced with said second key;
Said key transmitting element also is used to send said second key to said internet terminal, indicates said internet terminal to send said second key and to said service provider system, carries out authentication.
Embodiment of the present invention can be brought following beneficial effect, has reduced Internet and has gone up the reciprocal process between internet terminal and the service provider system; In the login process, reduced the link that key in the prior art need be verified calculating at internet terminal and service provider system; Various informativeization of key, effective strong significantly increased the difficulty that is cracked and steals; Make full use of wireless network user uniqueness and security features, improved the ability of service provider system identification validated user, for providing better service that assurance is provided to validated user.
Embodiment
Fig. 1 is the method flow diagram of one embodiment of the present invention, may further comprise the steps:
S101, link to each other with wireless terminal in service provider system registration;
Connected mode includes but not limited to modes such as data wire, infrared, bluetooth;
S103, obtain first key that the said service provider system that is stored on the said wireless terminal distributes;
Optional, the first initial key is that service provider system just issues first key to user's wireless terminal through mobile radio network when user's registration is opened an account; For guaranteeing the security reliability of key, key can be set have certain actual effect, just when service provider system generates key; Specify a term of validity for this key; In case the term of validity has been crossed, the user just can not use this key to login, and must file an application to service provider system (this execution mode does not relate to application process); Regenerate new key, and be issued on user's the wireless terminal;
Optional, this step specifically comprises:
S1031, preparing when said service provider system is initiated logging request, sending request login key message to said wireless terminal;
S1033, said wireless terminal send to said service provider system and obtain key message;
First key that the said service provider system of S1035, the said wireless terminal storage of reception returns.
In this optional execution mode; Because key is being prepared when said service provider system is initiated logging request by the interim generation of service provider system; Be issued to user's wireless terminal through mobile radio network; Therefore the actual effect of key is short more a lot of than the actual effect of key in first execution mode, and its reliability is higher.
S105, said first key of transmission carry out authentication to said service provider system.
Optional, this execution mode can also may further comprise the steps:
If the said authentication of S107 is passed through, said service provider system makes said first key invalid, generates second key, distributes said second key to said wireless terminal, and said wireless terminal replaces with said second key with said first key.
S109, said second key of transmission carry out authentication to said service provider system.
Fig. 2 is the method flow diagram of one embodiment of the present invention, may further comprise the steps:
S201, in service provider system, register;
S203, link to each other with internet terminal;
S205, obtain first key that said service provider system distributes;
Optional, this step can may further comprise the steps:
S2031, the said internet terminal of reception are being prepared when said service provider system is initiated logging request, the request login key message of transmission;
S2033, send to said service provider system according to described request login key message and to obtain key message;
First key that S2035, the said service provider system of reception distribute.
S207, said first key of transmission are indicated said internet terminal to send said first key and to said service provider system, are carried out authentication to said internet terminal.
Optional, this execution mode can also may further comprise the steps:
If the said authentication of S209 is passed through, obtain second key that said service provider system distributes the invalid back of said first key, said first key is replaced with said second key;
S2011, said second key of transmission are indicated said internet terminal to send said second key and to said service provider system, are carried out authentication to said internet terminal.
Fig. 3 is the structure drawing of device of one embodiment of the present invention, comprising:
First linkage unit 301 is used for linking to each other with the wireless terminal of registering at service provider system;
First key acquiring unit 303 is used to obtain first key of the service provider system distribution that is stored on the said wireless terminal;
Authentication ' unit 305 is used to send said first key and to said service provider system, carries out authentication.
Optional, first key acquiring unit 303 specifically comprises:
Message transmission module is used for preparing when said service provider system is initiated logging request, sends request login key message to said wireless terminal;
The first key receiver module, the said service provider system that is used to receive said wireless terminal storage sends to said service provider system according to said wireless terminal and obtains first key that key message returns.
Fig. 4 is the structure drawing of device of one embodiment of the present invention, comprising:
Second linkage unit 401 is used for linking to each other with internet terminal;
Second key acquiring unit 403 is used to obtain first key that said service provider system distributes;
Key transmitting element 405 is used to send said first key to said internet terminal, indicates said internet terminal to send said first key and to said service provider system, carries out authentication.
Optional, second key acquiring unit 403 specifically comprises:
The message sink module is used to receive the request login key message that said internet terminal is being prepared when said service provider system is initiated logging request, to send;
Message transmission module is used for obtaining key message according to described request login key message to said service provider system transmission;
The second key receiver module is used to receive first key that said service provider system distributes.
Optional, second key acquiring unit 403 is passed through if also be used for said authentication, obtains second key that said service provider system distributes the invalid back of said first key, and said first key is replaced with said second key; Key transmitting element 405 also is used to send said second key to said internet terminal, indicates said internet terminal to send said second key and to said service provider system, carries out authentication.
Fig. 5 is the system construction drawing of one embodiment of the present invention, comprising:
Service provider system 501 is used to register wireless terminal, generates first key;
Wireless terminal 503 is used for obtaining said first key through the service provider system that wireless network is registered to it in advance;
Internet terminal 505 is used to read said first key, and sends said first key and to said service provider system, carry out authentication.
Optional, service provider system 501 passes through if also be used for said authentication, makes said first key invalid, and generates second key;
Wireless terminal 503 also is used for obtaining said second key through wireless network, and said first key is replaced with said second key;
Internet terminal 505 also is used to read said second key, and sends said second key and to said service provider system, carry out authentication.
In above-mentioned each execution mode of the present invention; User's wireless terminal and the exchanges data between the wireless network can be circuit domain, like GSM (Global System for Mobile Communications; Global system for mobile communications), CDMA (Code-Division Multiple Access; Code division multiple access), WCDMA (WidebandCDMA, broadband demal multiplex (MUX) access), TD-CDMA (TimeDivision-Synchronous Code Division Multiple Access, the CDMA that the time-division is synchronous) etc.; Also can be that data field connects, like GPRS (General Packet Radio Service) etc.Because internet terminal is directly to obtain key information from wireless terminal, do not need the user to go identification, so this key information can be a various ways, have more than and be confined to character string, can be certain certificate, other forms of two-dimension code or the like.
Above-mentioned each execution mode of the present invention has reduced Internet and has gone up the reciprocal process between internet terminal and the service provider system; In the login process, reduced the link that key in the prior art need be verified calculating at internet terminal and service provider system; Various informativeization of key, effective strong significantly increased the difficulty that is cracked and steals; Make full use of wireless network user uniqueness and security features, improved the ability of service provider system identification validated user, for providing better service that assurance is provided to validated user.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, belong within the scope of claim of the present invention and equivalent technologies thereof if of the present invention these are revised with modification, then the present invention also is intended to comprise these changes and modification interior.