CN101296196A - Authentication method and authentication device - Google Patents
Authentication method and authentication device Download PDFInfo
- Publication number
- CN101296196A CN101296196A CN 200810124820 CN200810124820A CN101296196A CN 101296196 A CN101296196 A CN 101296196A CN 200810124820 CN200810124820 CN 200810124820 CN 200810124820 A CN200810124820 A CN 200810124820A CN 101296196 A CN101296196 A CN 101296196A
- Authority
- CN
- China
- Prior art keywords
- authenticating unit
- authentication
- auc
- subelement
- authenticating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The embodiment of the invention discloses an authentication method and an authentication device, wherein, the authentication method comprises the steps that an authentication center receives an authentication request from an application module, and the authentication request is routed to a corresponding authentication unit; the authentication unit carries out authentication operation indicated in the authentication request. By utilizing the authentication method and the authentication device of the invention, the flexibility and the extendibility of the authentication operation can be realized, thus greatly improving the developing efficiency.
Description
Technical field
The present invention relates to the instant messaging field, particularly a kind of method for authenticating and authentication device.
Background technology
The network instant communication instrument develops into today, is accepted by most netizen, and has become the requisite Software tool of user, is used widely not only in amusement and recreation at ordinary times, and in user's work.Simultaneously the user is to the ease for use of IM (instant messaging) software, stability, and aspects such as fail safe have proposed higher requirement.
Utilize IM software, the user can realize and various contact person between session link up, these sessions are linked up based on certain pass tethers or scene, and to require be that secure and trusted is appointed.Therefore needing can be according to the security needs of reality etc., the session that produces under different scenes for the user is provided with different authorities or ability, as be the authority that the session under some scene distributes voice and video, and be the authority that the session under some scene distributes plain text to chat, thereby satisfy the multi-faceted demand of user under different scenes; Equally also needing to provide different operating rights for different users, thereby is reached for the purpose that the user provides personalized service, as distributing more operation and processing authority for the IM user who becomes VIP.
In order to satisfy above demand, just need carry out effective configuration and management to the authentication mechanism of IM software.
In the prior art, the operational processes of authentication is finished by each application module, so just causes a lot of application modules all can have the identical authentication logic of a cover, has caused the waste of program resource.As at present in IM software, control panel module and good friend's list block need all to judge whether the user has the authority of audio frequency and video chat, promptly all need user's audio frequency and video authority is carried out authentication, so just need in control panel module and good friend's list block, all add the authentication logic of audio frequency and video.
When needs increase a new authentication authority, also may in a plurality of application modules, all add the corresponding authentication logic, cause the maintainability of code poor.
As when having increased a new recreation, may in control panel, judge and show whether local IM user has registered this recreation, may also need in buddy list, judge simultaneously and show whether the good friend contact person has registered this recreation, though the object difference of authentication all need be added authentication and whether be registered the logic of this recreation in control panel and buddy list in this case.
Summary of the invention
The embodiment of the invention provides a kind of method for authenticating and authentication device, to improve the flexibility and the extensibility of authentication operations.
The method for authenticating that the embodiment of the invention provides comprises:
AUC receives the authentication request from application module, and authentication request is routed to corresponding authenticating unit;
Described authenticating unit is carried out the authentication operations to indicating in the described authentication request.
The authentication device that the embodiment of the invention provides comprises: AUC and at least one authenticating unit, wherein,
Described AUC is used to receive the authentication request from external application module, and authentication request is routed to corresponding authenticating unit;
Described authenticating unit is used for carrying out the authentication operations that described authentication request is indicated.
Method for authenticating and authentication device that the utilization embodiment of the invention provides, all detach the authentication operations that was distributed to originally in each application module in the authenticating unit, each authenticating unit is responsible for carrying out at least one authentication operations, to finish the authentication at least one authority, ability or identity.AUC is responsible for the management to each authenticating unit, and authentication request is routed to different authenticating unit.When the authentication management that need to increase new authority, ability or identity, only needing increases the corresponding authentication unit, when certain authentication operations no longer needs, only needs the corresponding authenticating unit of deletion to get final product like this.Such authentication operations has great flexibility and extensibility, has improved development efficiency.
Description of drawings
Fig. 1 is the method for authenticating flow chart in the first embodiment of the invention.
Fig. 2 is the method for authenticating flow chart in the second embodiment of the invention.
Fig. 3 is the schematic diagram of the authentication device in the third embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
In embodiments of the present invention, original authentication operations that is dispersed in each module is detached in the authenticating unit from each module respectively, being each authenticating unit finishes judgement at least one authority, ability or identity by at least one cover decision logic, to realize at least one authentication operations.
AUC is responsible for the management to each authenticating unit, and promptly AUC does not carry out concrete authentication operations.AUC according to the type of authentication request, is routed to corresponding authenticating unit with authentication request after receiving the authentication request of a certain application module, and after authenticating unit is finished the corresponding authentication operation, authenticating result is returned to application module.
When the authentication management that need to increase new authority, ability or identity, only needing increases the corresponding authentication unit, can effectively realize the flexibility and the extensibility of authentication operations by the way, has improved development efficiency greatly like this.
Fig. 1 is the method for authenticating flow chart in the first embodiment of the invention.As shown in Figure 1, this method for authenticating specifically may further comprise the steps:
Step 101: AUC receives the authentication request from external application module.
Each authenticating unit all has a unique GUID in the whole world, as the permission ID of this authenticating unit correspondence.This GUID can be that authenticating unit generates automatically, can be its distribution by AUC also, also can obtain by other modes.Registration has each the authenticating unit interface that articulates with it and the mapping relations table of permission ID in the AUC.
When external application module needs certain authority of authentication, ability or identity, can send authentication request to AUC, wherein comprise corresponding permission ID in the authentication request at least, need inform promptly this authentication request of AUC is at which kind of authority.Also need to comprise the necessary parameter of concrete authentication that to be discerned by corresponding authenticating unit in the authentication request, as the contact person's of correspondence IM account number.
Here external application module can be the interface that need get access to AUC to the process that AUC sends authentication request, calls the interface function of search access right ability, wherein with the permission ID of the correspondence parameter as interface function.
Step 102: the authenticating unit interface of preservation on it and the mapping relations table of permission ID are inquired about according to the permission ID in the authentication request by AUC, and this authentication request is routed in the authenticating unit corresponding with this permission ID.
Step 103: authenticating unit is finished authentication, and authenticating result is returned to AUC according to the concrete necessary parameter of authentication in the authentication request.
Step 104: AUC returns to external application module with the authenticating result that receives.
Wherein, in reality realized, corresponding authority ability can be inquired about by calling unified authenticating unit interface function by AUC, thereby completing steps 102 is to step 104.
After external application module receives the authenticating result that AUC returns, can be according to this authenticating result, show or carry out the adjustment of operational capacity accordingly, as according to the corresponding authentication result, the session window administration module can be on session window the authority that has of reality, and the authority that does not have is set to not show, though perhaps show the authority do not have, it is unavailable or the like that corresponding action button is set to.
In actual applications, according to the needs of business, may need to increase authentication operations to a kind of identity, authority or ability, can generate the authenticating unit of a correspondence this moment, to realize logic determines, then this authenticating unit is articulated to AUC to this newly-increased authentication operations.
Fig. 2 is the method for authenticating flow chart in the second embodiment of the invention.As shown in Figure 2, this method for authenticating specifically may further comprise the steps:
Step 201: the authenticating unit initialization, finish articulating of authenticating unit and AUC.
Load its pairing authority during the authenticating unit initialization, and finish and the articulating of AUC from registration by carrying out to AUC.
Authenticating unit can by with AUC finish articulating of authenticating unit from the registration interface function, the mapping relations table of registration authenticating unit interface and permission ID will increase the mapping relations of this authenticating unit interface and its permission ID in the AUC like this.
Here it should be noted that, be not after each user logins IM software, the capital is carried out the initialization of authenticating unit and is articulated action automatically, as long as on the client terminal at this IM software place, finished the action that articulates of authenticating unit before, and the follow-up cancellation operation of also not carrying out authenticating unit, so just can skip this step, directly execution in step 202.
Step 202: AUC receives the authentication request from external application module.
When external application module needs certain authority of authentication, ability or identity, can send authentication request to AUC, wherein comprise corresponding permission ID in the authentication request at least, need inform promptly this authentication request of AUC is at which kind of authority.Also need to comprise the necessary parameter of concrete authentication that to be discerned by corresponding authenticating unit in the authentication request, as the contact person's of correspondence IM account number.
Here external application module can be the interface that need get access to AUC to the process that AUC sends authentication request, calls the interface function of search access right ability, wherein with the permission ID of the correspondence parameter as interface function.
Step 203: the authenticating unit interface of preservation on it and the mapping relations table of permission ID are inquired about according to the permission ID in the authentication request by AUC, and this authentication request is routed in the authenticating unit corresponding with this permission ID.
Step 204: authenticating unit is finished authentication, and authenticating result is returned to AUC according to the concrete necessary parameter of authentication in the authentication request.
Step 205: AUC returns to external application module with the authenticating result that receives.
Wherein, in reality realized, corresponding authority ability can be inquired about by calling unified authenticating unit interface function by AUC, thereby completing steps 203 is to step 205.
External application module can show or carry out the adjustment of operational capacity accordingly according to this authenticating result after receiving the authenticating result that AUC returns.Obviously, this step is an optional step.
In actual applications, according to business demand or under different pattern scenes, also may need to delete certain authenticating unit, just need nullify this authenticating unit this moment from AUC.
The process of nullifying can be that authenticating unit sends de-registration request to AUC, wherein comprises corresponding permission ID in the de-registration request at least, and which kind of authentication request what inform promptly that AUC need delete is.Corresponding permission ID mapping table is deleted according to this de-registration request by AUC from the mapping relations table of setting up.
Authenticating unit can be the cancellation interface function that authenticating unit is called AUC to the process that AUC sends de-registration request, wherein will need the permission ID of the nullifying parameter as interface function.
In addition in the method for authenticating of the embodiment of the invention, each authenticating unit has unique GUID, as permission ID, in practice, some authenticating unit may can be handled plural authority simultaneously, as read right and write permission, this moment can be with this plural authentication as an authority so, for it distributes a GUID, as permission ID, as distributing a permission ID respectively for read right and write permission.Also can be to distribute plural GUID for this authenticating unit, each GUID be as a permission ID, and in the mapping relations table of setting up in AUC like this, an authenticating unit interface can corresponding two permission ID.
In the method for authenticating of the embodiment of the invention, AUC is started according to relevant startup configuration file by the assembly management module in the IM software, and this moment, the user was in logging status.Here the user logins the process of IM client and can be: the user imports number of the account and password in the login panel of IM client, send the protocol command of verifying number of the account and password validity by protocol channel with the IM server, IM server authentication account number and password effectively after, the user both can successfully login the IM client.
Fig. 3 is the schematic diagram of the authentication device in the third embodiment of the invention.Shown in Figure 3, this authentication device comprises AUC 300 and at least one authenticating unit 400.
AUC 300 is used to receive the authentication request from external application module, and authentication request is routed in the corresponding authenticating unit 400, and receives the authenticating result from authenticating unit 300, and authenticating result is returned to external application module.Authenticating unit 400 is used for carrying out at least one authentication operations, and returns authenticating result by AUC 300.
Wherein, AUC 300 comprises the first transmitting-receiving subelement 301, route subelement 302, storing sub-units 303, the second transmitting-receiving subelement 304.Authenticating unit 400 comprises the 3rd transmitting-receiving subelement 401 and authentication execution subelement 402.
Wherein, the first transmitting-receiving subelement 301, be used for the information interaction between AUC 300 and the external application module, be specially the reception authentication request, and authentication request sent to route subelement 302, and from the second transmitting-receiving subelement 304, receive authenticating result, it is returned to external application module.
Route subelement 302 is used to receive the authentication request from the first transmitting-receiving subelement 301, and the authenticating unit interface of storage in the inquiry storing sub-units 303 and the mapping relations table of permission ID, obtains the authenticating unit corresponding with authentication request 400; And with this authentication request by second the transmitting-receiving subelement 304 be routed to authenticating unit 400.
Storing sub-units 303 is used to store it and is articulated in the authenticating unit interface in this AUC 300 and the mapping relations table of permission ID.
The second transmitting-receiving subelement 304, be used for the information interaction between AUC 300 and the authenticating unit 400, be specially authentication request is forwarded in the authenticating unit 400 that route subelement 302 inquired, and reception sends it to the first transmitting-receiving subelement 301 from the authenticating result of authenticating unit 400.
The 3rd transmitting-receiving subelement 401 is used to realize the information interaction between AUC 300 and the authenticating unit 400, is specially the authentication request that reception comes by AUC's 300 routes, and it is transmitted to authentication execution subelement 402; And receive the authenticating result of carrying out subelement 402 from authentication, it is returned to AUC 300.
Authentication is carried out subelement 402, is used for according to the authentication operations of certain decision logic execution to an authority, ability or identity, and authenticating result is returned to the 3rd transmitting-receiving subelement 401.
The method for authenticating and the authentication device that utilize the embodiment of the invention to provide all are drawn into the authentication operations of each module in the system in the authentication device, need not to carry out concrete authentication operations between each module again, have improved the utilance of program resource like this.When needing to introduce a kind of new authentication mechanism, during to certain authority, ability or authenticating identity management, only need the corresponding authenticating unit that increases in addition, be articulated in the AUC, AUC carries out unified management with regard to it to it like this.Can effectively realize the flexibility and the extensibility of authentication operations in this way.
The description of the above embodiment of the present invention is all based on the authentication operations in the IM software, this obviously identical functions is abstracted into an independent functional module, and can also be generalized to by the method that an administrative center manages these functions in other operations of other softwares, and do not limit and authentication operations and IM software, can be generalized to as this method in the authentication operations of E-mail address.
In addition, the embodiment of the invention also provides a kind of computer software, to realize authentication operations.Wherein comprise computer program code in the computer software, when these program codes run on computer, can carry out the one or more steps among the method for authenticating embodiment of the present invention, and one or more parts and function among the authentication device embodiment.For example, when a certain section computer program code runs in the computer, can realize the function of some authenticating unit or AUC.
Computer software can be stored in the computer-readable medium, as read only memory ROM, random access memory ram or flash memory etc.Be understandable that these program codes can be loaded in the computer via suitable data network, and these be loaded into that program code in the computer can be replaced or the update calculation machine on existing program code.
In sum, more than be preferred embodiment of the present invention only, be not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (11)
1, a kind of method for authenticating is characterized in that, comprising:
AUC receives the authentication request from application module, and authentication request is routed to corresponding authenticating unit;
Described authenticating unit is carried out the authentication operations to indicating in the described authentication request.
2, the method for claim 1 is characterized in that, further comprises:
Described authenticating unit returns to described AUC with authenticating result;
Described AUC receives the authenticating result from described authenticating unit, and authenticating result is returned to described application module.
3, method as claimed in claim 1 or 2 is characterized in that, described authenticating unit has at least one identification number, is used for identifying respectively the accessible permission ID of described authenticating unit;
Store the mapping relations of authenticating unit interface and permission ID in the described AUC;
Described authentication request comprises permission ID and the concrete necessary parameter of authentication;
Described AUC is according to the permission ID that comprises in the authentication request, with and go up the authenticating unit interface of storage and the mapping relations of permission ID, search the authenticating unit corresponding with described authentication request; Described authentication request is routed to described authenticating unit;
Described authenticating unit is carried out described authentication operations according to the necessary parameter of described concrete authentication that comprises in the described authentication request.
4, method as claimed in claim 3 is characterized in that, further comprises before described AUC is routed to described authenticating unit with described authentication request:
Described authenticating unit is articulated in the described AUC.
5, method as claimed in claim 4 is characterized in that, after described authenticating unit was articulated to described AUC, described AUC added the mapping relations of described authenticating unit interface and permission ID in the mapping relations table of its storage.
6, method as claimed in claim 3 is characterized in that, further comprises:
Described authenticating unit sends de-registration request to described AUC, and wherein said de-registration request comprises its corresponding permission ID;
The mapping relations of described authenticating unit and permission ID are deleted according to described de-registration request by described AUC from the mapping relations table of setting up.
7, a kind of authentication device is characterized in that, comprising: AUC and at least one authenticating unit, wherein,
Described AUC is used to receive the authentication request from external application module, and described authentication request is routed to corresponding authenticating unit;
Described authenticating unit is used for carrying out the authentication operations that described authentication request is indicated.
8, device as claimed in claim 7 is characterized in that, described AUC comprises:
First subelement is used to receive the authentication request from external application module, and described authentication request is sent to second subelement;
Described second subelement is used to receive the authentication request from described first subelement, and inquires about the authenticating unit interface stored in the 3rd subelement and the mapping relations table of permission ID, obtains the authenticating unit corresponding with authentication request; And this authentication request is routed to described authenticating unit by the 4th subelement;
Described the 3rd subelement is used to store it and is articulated in the authenticating unit interface in the described AUC and the mapping relations table of permission ID;
Described the 4th subelement is used for described authentication request is forwarded to the authenticating unit that described second subelement inquires.
9, as claim 7 or 8 described devices, it is characterized in that described authenticating unit comprises:
The 5th subelement is used to receive the authentication request from described AUC, and it is transmitted to the 6th subelement;
Described the 6th subelement is used for carrying out the authentication operations that described authentication request is indicated according to certain decision logic.
10, device as claimed in claim 9 is characterized in that, described the 6th subelement is further used authenticating result is returned to described the 5th subelement;
Described the 5th subelement is further used for receiving the authenticating result from described the 6th subelement, and it is returned to described AUC.
11, device as claimed in claim 10 is characterized in that, described the 4th subelement is further used for receiving the authenticating result from described authenticating unit, and described authenticating result is sent to described first subelement;
Described first subelement is further used for receiving authenticating result from described second subelement, and it is returned to described external application module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810124820 CN101296196B (en) | 2008-06-13 | 2008-06-13 | Authentication method and authentication device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810124820 CN101296196B (en) | 2008-06-13 | 2008-06-13 | Authentication method and authentication device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101296196A true CN101296196A (en) | 2008-10-29 |
| CN101296196B CN101296196B (en) | 2012-12-12 |
Family
ID=40066213
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200810124820 Active CN101296196B (en) | 2008-06-13 | 2008-06-13 | Authentication method and authentication device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101296196B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108876281A (en) * | 2018-04-25 | 2018-11-23 | 盈东科技(北京)有限公司 | A kind of project management system and device |
| CN109740328A (en) * | 2019-01-08 | 2019-05-10 | 广州虎牙信息科技有限公司 | A kind of right authentication method, device, computer equipment and storage medium |
| CN111787094A (en) * | 2020-06-29 | 2020-10-16 | 腾讯科技(深圳)有限公司 | Data processing method, device, storage medium and equipment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1315302C (en) * | 2003-06-17 | 2007-05-09 | 华为技术有限公司 | Method of route inquiry under condition of wireless local area network and mobile network intercommunication |
| CN1933650A (en) * | 2005-09-12 | 2007-03-21 | 北京三星通信技术研究有限公司 | CDMA2000 unified authentication platform service access method and system |
| CN1913439B (en) * | 2006-09-08 | 2011-05-04 | 中国移动通信集团公司 | Authentication method and method for transmitting successful authentication information |
-
2008
- 2008-06-13 CN CN 200810124820 patent/CN101296196B/en active Active
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108876281A (en) * | 2018-04-25 | 2018-11-23 | 盈东科技(北京)有限公司 | A kind of project management system and device |
| CN109740328A (en) * | 2019-01-08 | 2019-05-10 | 广州虎牙信息科技有限公司 | A kind of right authentication method, device, computer equipment and storage medium |
| CN111787094A (en) * | 2020-06-29 | 2020-10-16 | 腾讯科技(深圳)有限公司 | Data processing method, device, storage medium and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101296196B (en) | 2012-12-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10063547B2 (en) | Authorization authentication method and apparatus | |
| CN101714996B (en) | Authentication system and method based on peer-to-peer computing network | |
| KR101113738B1 (en) | Internet connecting method for mobile communication terminal | |
| JP5309496B2 (en) | Authentication system and authentication method | |
| CN101860534B (en) | Method and system for switching network, access equipment and authentication server | |
| CN102025535A (en) | Virtual machine management method and device and network equipment | |
| US20110119735A1 (en) | Apparatus and system effectively using a plurality of authentication servers | |
| CN102368764A (en) | Method for carrying out communication through multiple points of presence, system and client thereof | |
| CN103384237A (en) | Method for sharing IaaS cloud account, shared platform and network device | |
| EA012640B1 (en) | Arrangement for using erp-system on, preferably, mobile devices | |
| CN110602216A (en) | Method and device for using single account by multiple terminals, cloud server and storage medium | |
| CN101877695A (en) | System and method for controlling access right | |
| CN101820630A (en) | Method and equipment for remotely operating computer through wireless terminal | |
| CN103729590A (en) | Method, device and system for setting equipment access right | |
| CN105939240A (en) | Load balancing method and device | |
| CN102893579B (en) | For provide method, node and the equipment of bill in communication system | |
| CN108377499A (en) | A kind of method for network access, routing device and terminal | |
| CN104270317B (en) | A kind of control method, system and the router of router operation application program | |
| CN101296196B (en) | Authentication method and authentication device | |
| CN103370926B (en) | Relay communications system | |
| CN115150830B (en) | Method and system for guaranteeing terminal public network access when 5G private network access authentication fails | |
| CN103108316B (en) | Air card-writing authentication method, device and system | |
| CN108632355B (en) | Routing method for household appliance network, control terminal, readable storage medium and equipment | |
| CN103138961A (en) | Server control method, controlled server and central control server | |
| CN102299871B (en) | Communication method and gateway equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |