CN101719829A - Processing and system for realizing IDM system interoperation - Google Patents
Processing and system for realizing IDM system interoperation Download PDFInfo
- Publication number
- CN101719829A CN101719829A CN200910086956A CN200910086956A CN101719829A CN 101719829 A CN101719829 A CN 101719829A CN 200910086956 A CN200910086956 A CN 200910086956A CN 200910086956 A CN200910086956 A CN 200910086956A CN 101719829 A CN101719829 A CN 101719829A
- Authority
- CN
- China
- Prior art keywords
- authentication
- visit ground
- authentication result
- ownership place
- idm system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a processing method for realizing the identity management (IDM) system interoperation. A converter at an attribution place converts an authentication result of an IDM system from the attribution place into an intermediate format and sends the converted authentication result with the intermediate format to a converter at a visit place when a user terminal requests service from a service provider (SP) server at the visit place; the converter at the visit place acquires the authentication level of the authentication at the visit place according to the received authentication result, converts the received authentication result and authentication level information into a format of the visit place and sends the authentication result and authentication level information with the converted format to an IDM system at the visit place; the IDM system at the visit place acquires an authorization message according to the received authentication result and authentication level and sends the authorization message to the SP the visit place; and the SP at the visit place verifies and passes the authorization message and then provides terminal service for users. The invention also discloses a processing system for the IDM system interoperation, which realizes the interoperation among IDM systems with different authentication trust levels.
Description
Technical field
The present invention relates to the safety communication technology in the network communicating system, relate in particular to a kind of processing method and system that realizes interoperability between Identity Management (IDM) system.
Background technology
Identity Management (IDM, Identity Management) is meant that based on network and relevant supporting technology to the life cycle (use) of user identity, and the relation between user identity and the network application service manages.For example, the user of access application and resource is authenticated or mandate etc.At present, also be in a kind of separate vertical stratification between the IDM system, and these IDM systems set up at specific application service, can't realize interconnecting between each IDM system, can't realize sharing of user profile (as user's trust information, authentication trust).
Interoperability (Interoperation) is meant that each independently cooperates with each other between the IDM system, carries out the ability of exchange with operations such as communicating by letter of effective information (as user's trust information).Authentication trust grade (AAL, Authentication Assurance Level) is meant in verification process, by the trusting degree that authentication method obtained that adopts.In the IDM system, AAL is meant that mainly (SP, the ServiceProvider) trusting degree of the authentication item that is adopted for the IDM system, AAL have reflected that SP believes that the user is the user's that himself claims a trusting degree to the service provider in user authentication process.
Because the Informatization Development level of each countries and regions has nothing in common with each other; safeguard protection to information (for example: personally identifiable information, ERM etc.) requires also to be not quite similar; this has just caused the division difference of the class of security protection of each countries and regions; the reliability rating that for example regional A adopts is 4 grades, and the reliability rating that regional B adopts is 3 grades.In addition, in highly distributed network environment now, even in same country, technology and framework that different industries is adopted the IDM system also can be different, and this just causes the reliability rating mechanism used also different; Even the IDM system of same type, owing to use different standard criterions, employed reliability rating contents of mechanism is also different, has just produced the interoperability issue of different I DM system thus.The interoperability issue concentrated reflection is the interoperability issue of different reliability ratings between the IDM system between the IDM system.
At present, the principle that realizes interoperability between the different I DM system mainly shows as: two IDM systems that certain commercial relations are arranged, carry out association in twos, by setting up corresponding modular converter between the two agreement is separately exchanged, thereby the mutual trust that reaches communicating pair also can be discerned mutually, and then realizes the interoperability between the different I DM system.As can be seen, in this model, then must set up corresponding relating module between any two when the IDM system will finish with the related of other IDM system, workload is exponential increase.If the certification policy of one of them IDM system changes, so connected IDM system all must carry out corresponding modification, and this is extremely inconvenient to identity provider, also is unfavorable for the expansion of system, and cost is higher.
This shows that the interoperability between the dissimilar IDM systems has become the bottleneck of current I DM technical development; Especially on the interoperability issue between the IDM system that solves the different authentication reliability rating, prior art also can't provide a kind of simple and effective solution, thereby makes troubles to practical application.
Summary of the invention
In view of this, main purpose of the present invention is to provide the processing method and the system of interoperability between a kind of IDM of realization system, to be difficult to realize the problem of interoperability between the IDM system that solves different authentication reliability rating in the prior art.
For achieving the above object, technical scheme of the present invention is achieved in that
The invention provides a kind of processing method that realizes interoperability between Identity Management IDM system, this method comprises:
When user terminal is served to the service provider SP server requests on visit ground, the transducer of described user terminal ownership place will be converted to intermediate form from the authentication result of the IDM system of ownership place, and the authentication result of intermediate form be sent to the transducer on user terminal visit ground;
The transducer on described visit ground is according to authentication result that receives and default authentication grade switching strategy, obtain the authentication grade of this authentication, and the described authentication result that will receive and described authentication grade are converted to the IDM system that sends to visit ground behind the visit ground form on visit ground;
The IDM system on described visit ground judges according to the described authentication result that receives and described authentication grade and authorizes, authorization message sent to the SP server on user terminal visit ground;
The SP server on described visit ground is after passing through the authorization message checking that receives, for described user terminal provides service.
Described authentication result comprises: successfully whether authentication method, authentication.
After the SP server requests service on visit ground, this method further comprises at user terminal:
The IDM system of the SP server requests ownership place on described visit ground carries out authentication;
The IDM system of described ownership place initiates challenge to user terminal, requires user terminal that identity information is provided;
Described user terminal is replied ownership place IDM system, and sends identity information to the IDM of ownership place system;
The IDM system of described ownership place carries out authentication according to the identity information that receives to user terminal, obtains the authentication result of ownership place form, and the authentication result that obtains is sent to the transducer of ownership place.
Described authentication result is converted to intermediate form, is specially:
By security assertion markup language SAML the authentication result of ownership place form is converted to the authentication assertion form, described authentication assertion form is intermediate form;
The transducer on described visit ground is converted to visit ground form with the authentication result that receives, and is specially:
The authentication result of authentication assertion form is converted to visit ground form.
Authentication result that described basis receives and default authentication grade switching strategy obtain the authentication grade of this authentication on visit ground, are specially:
The transducer on described visit ground contrasts authentication result that receives and the authentication trust grade of visiting ground, and obtains the authentication grade of this authentication on visit ground according to default authentication grade switching strategy.
The present invention also provides the treatment system of interoperability between a kind of IDM of realization system, and this system comprises: the transducer on the IDM system of ownership place, the transducer of ownership place, visit ground and the IDM system on visit ground, wherein,
The IDM system of described ownership place is used for external request is authenticated, and authentication result is offered the transducer of described ownership place;
The transducer of described ownership place is used for the authentication result from the IDM system of ownership place is converted to intermediate form, and the authentication result of intermediate form is sent to the transducer on described visit ground;
The transducer on described visit ground, be used for according to authentication result that receives and default authentication grade switching strategy, obtain the authentication grade of this authentication, and the described authentication result that will receive and described authentication grade are converted to the IDM system that sends to visit ground behind the visit ground form on visit ground;
The IDM system on described visit ground after receiving authentication information, judges and authorizes external request.
The transducer of described ownership place further comprises:
The local data parsing module is used for resolving and extract the authentication result from the data flow of the IDM system of ownership place;
The intermediate form data generation module is used for the authentication result that described local data parsing module provides is carried out format conversion, generates the authentication result of intermediate form.
The transducer on described visit ground further comprises:
The intermediate form data resolution module is used for resolving and extract the authentication result from the data flow of the transducer of ownership place;
Authentication result that provides according to described intermediate form data resolution module and the authentication grade switching strategy of presetting are provided the authentication grade acquisition module, obtain the authentication grade of this authentication on visit ground;
The data transaction sending module, be used for authentication grade information translation that authentication result and described authentication grade acquisition module with intermediate form obtain for visit ground form after, send to the IDM system on visit ground.
Described authentication grade acquisition module is further used for, and authentication result that receives and the authentication trust grade of visiting ground is contrasted, and obtain the authentication grade of this authentication on visit ground according to default authentication grade switching strategy.
Described intermediate form data generation module is further used for, and by SAML the authentication result of ownership place form is converted to the authentication assertion form;
Described data transaction sending module is further used for, and the authentication result of described authentication assertion form is converted to visit ground form.
A kind of processing method and system that realizes interoperability between the IDM system provided by the present invention, do not needing to change under the situation of each IDM internal system authentication method and technology, realized the mutual conversion of authentication result between the IDM system of different authentication reliability rating, has stronger extensibility, reduced the cost of realizing interoperability between the existing IDM system, satisfied of the requirement of present different I DM system the authentication grade interoperability.
The present invention has promoted professional deployment and popularization for SP; For Virtual network operator, made things convenient for the operation and management of network; For the terminal use, can bring significant convenience.In addition, the fusion and the unification of dissimilar IDM system also help setting up between the heterogeneous networks application service miscellaneous service association, for different consumers provide personalized service, thereby further develop the technical support effect of playing for what network application was served.
Description of drawings
Fig. 1 is used to handle the system configuration schematic diagram of interoperability between the IDM system for the present invention;
Fig. 2 is a kind of flow chart of realizing the processing method of interoperability between the IDM system of the present invention;
Fig. 3 is a kind of composition structural representation of realizing the treatment system of interoperability between the IDM system of the present invention;
Fig. 4 is the composition structural representation of transducer among the present invention;
Fig. 5 is for being used to handle the distributed network architecture schematic diagram of interoperability between a plurality of IDM system in the embodiment of the invention;
Fig. 6 is for being used to handle the centralized network architecture schematic diagram of interoperability between a plurality of IDM system in the embodiment of the invention.
Embodiment
The technical solution of the present invention is further elaborated below in conjunction with the drawings and specific embodiments.
In order to be difficult to realize the problem of interoperability between the IDM system that solves different authentication reliability rating in the prior art, the present invention proposes a kind of system architecture that is used to handle interoperability between the IDM system.As shown in Figure 1, this system architecture is made up of two parts, and a part is the two or more IDM system of intercommunication mutually, in order to identity management services to be provided; Another part is in order to realize the transducer of authentication grade conversion, data by intermediate form between each transducer communicate, and the IDM system of communicating pair utilizes this transducer to finish the conversion of different authentication grade, thereby solves the interoperability issue of authentication grade.
Based on the system architecture that is proposed among Fig. 1, a kind of processing method that realizes interoperability between the IDM system of the present invention as shown in Figure 2, mainly may further comprise the steps:
Step 201, user terminal provides service to the SP server requests on visit ground.
Step 202, the IDM system of the SP server requests user ascription area on visit ground carries out authentication.
Because the IDM system at the SP server place on user terminal visit ground and the IDM system of user ascription area belong to heterogeneous system, therefore the request of the user terminal IDM system that will be directed into ownership place authenticates, and by the IDM system of ownership place user terminal is carried out authentication.
Step 203, the IDM system of ownership place initiates challenge (authentication request) to user terminal, requires user terminal that identity information is provided.
Step 204, user terminal is replied ownership place IDM system, sends identity information to the IDM of ownership place system.
Step 205, the IDM system of ownership place carries out authentication to user terminal.
Step 206 after the IDM system of ownership place finishes user end certification, sends to authentication result the transducer of ownership place.
Wherein, authentication result comprises authentication method (authentication item), and whether authentication successfully waits information, and authentication result represents with the data format that the IDM system of ownership place is supported, is called for short the ownership place form.
Step 207, the transducer of ownership place is intermediate form with the authentication result that receives by the ownership place format conversion.
The present invention can utilize intermediate language to realize that authentication result is by the conversion of ownership place IDM System Data Format to intermediate form, for example: utilize security assertion markup language (SAML, Security Assertion MarkupLanguage) authentication result of ownership place IDM System Data Format is converted to the authentication result of authentication assertion form, authentication assertion form herein is described intermediate form.Certainly, intermediate language of the present invention is not limited in SAML, and this is a kind of, can also expand according to actual needs.
Step 208, the transducer of ownership place send to the authentication result of intermediate form the transducer on visit ground.
Step 209~210, the transducer on visit ground is according to authentication result that receives and default authentication grade switching strategy, obtain the authentication grade of this authentication, and the authentication result that receives and the authentication grade information translation that obtains are sent to the IDM system on visit ground after for visit ground form on visit ground.
Be the situation of authentication assertion form with authentication result by the ownership place format conversion in the corresponding step 207, need the authentication result of authentication assertion form is converted to visit ground form herein.In addition, this authentication that obtains in the transducer on visit ground, also can be changed if belonged to the data of visit ground form at the authentication grade on visit ground.
In the transducer on visit ground, be preset with the classification of the authentication trust grade in its country one belongs to or zone, and pairing authentication method information such as (authentication items) at different levels; Thereby the transducer on visit ground contrasts the authentication trust grade of the transducer region on the authentication method in the authentication result that receives and this visit ground, thereby can obtain the authentication grade of this authentication in the transducer region on this visit ground.For example: default authentication grade 1 corresponding authentication method A, authentication grade 2 corresponding authentication method B, authentication grade 3 corresponding authentication method C, if comprise authentication method B in the authentication result that the transducer on visit ground receives, obtaining the authentication grade of this authentication in the transducer region on this visit ground so is 2.
Step 211, the IDM system on visit ground judges and authorizes according to receiving authentication result and authentication grade.
Step 212, the IDM system on visit ground sends to authorization message the SP server on visit ground.
Step 213, the SP server on visit ground is verified the authorization message that receives.
Step 214, the SP server on visit ground provide service according to self access control policy to user terminal after checking is passed through.
The IDM system of ownership place is used for handling the authentication to external request, comprising: the request of the request of user terminal, SP server, the request of application server.
For realizing the processing method of interoperability between above-mentioned IDM system, the present invention also provides the treatment system of interoperability between a kind of IDM of realization system, as shown in Figure 3, this system comprises: the transducer 30 on the IDM system 10 of ownership place, the transducer 20 of ownership place, visit ground and the IDM system 40 on visit ground.
The IDM system 10 of ownership place is used for external request is authenticated, and authentication result is offered the transducer 20 of ownership place.Wherein, external request comprises the request of user terminal, the request of SP server and the request of application server etc.
The transducer 20 of ownership place is used for the authentication result from the IDM system 10 of ownership place is converted to intermediate form, and the authentication result of intermediate form is sent to the transducer 30 on visit ground.
The transducer 30 on visit ground, be used for according to authentication result that receives and default authentication grade switching strategy, obtain this and authenticate, and authentication result and the authentication grade that receives sent to the IDM system 40 of visiting ground behind the form with being converted to visit at the authentication grade of visiting ground.
The IDM system 40 on visit ground after receiving authentication information, judges and authorizes external request.
Wherein, the transducer 20 of ownership place further comprises: local data parsing module 21 and intermediate form data generation module 22.Local data parsing module 21 is used for resolving and extract the authentication result from the data flow of the IDM system 10 of ownership place.Intermediate form data generation module 22, the authentication result that is used for local data parsing module 21 is provided is carried out format conversion, generates the authentication result of intermediate form; Preferable, can the authentication result of ownership place form be converted to the authentication assertion form by SAML.
The transducer 30 on visit ground further comprises: intermediate form data resolution module 31, authentication grade acquisition module 32 and data transaction sending module 33.Intermediate form data resolution module 31 is used for resolving and extract the authentication result from the data flow of the transducer 20 of ownership place.Authentication result that provides according to intermediate form data resolution module 31 and the authentication grade switching strategy of presetting are provided authentication grade acquisition module 32, obtain the authentication grade of this authentication on visit ground; Be specially: authentication result that receives and the authentication trust grade of visiting ground are contrasted, and obtain the authentication grade of this authentication on visit ground according to default authentication grade switching strategy.Data transaction sending module 33, be used for authentication grade information translation that authentication result and authentication grade acquisition module 32 with intermediate form obtain for visit ground form (for example: the authentication result of authentication assertion form is converted to visit ground form) after, send to the IDM system 40 on visit ground.
It is to be noted, IDM system in actual applications is to use as the IDM system of ownership place for certain user's terminal, user terminal for other then can be used as the IDM system use of visiting ground, and therefore the transducer that links to each other with the IDM system also is the function that possesses the transducer 20 of ownership place simultaneously and visit the transducer 30 on ground usually.As shown in Figure 4, this transducer comprises: local data parsing module 21 and intermediate form data generation module 22, in order to the function of the transducer 20 of realizing ownership place shown in Figure 3; Also comprise: intermediate form data resolution module 31, authentication grade acquisition module 32 and data transaction sending module 33, in order to realize function of visiting the transducer 30 on ground shown in Figure 3.The functional description of respective modules is similar among the functional description of each module and Fig. 3, repeats no more herein.
In addition, the interface that transducer shown in Figure 4 is connected with the IDM system has two classes, is respectively native format data input class interface and native format data output class interface, and this two class interface can comprise one or more physical or logical interfaces according to actual needs.Wherein, native format data inputs class interface is used for during as the transducer 20 of ownership place, receiving the data flow as the IDM system of ownership place at this transducer; Native format data output class interface is used at this transducer during as the transducer 30 on visit ground, the data flow of output visit ground form.
Transducer shown in Figure 4 also comprises intermediate form data input class interface and intermediate form data output class interface, and this two class interface can comprise one or more physical or logical interfaces according to actual needs.Wherein, intermediate form data inputs class interface is used at this transducer receiving the data flow of intermediate form during as the transducer 30 on visit ground; Intermediate form data output class interface is used at this transducer during as the transducer 20 of ownership place, the data flow of output intermediate form.
In conjunction with actual application scenarios, when needs were handled interoperability between a plurality of IDM system, treatment system networking structure of the present invention can adopt distributed group web frame as shown in Figure 5, and two kinds of centralized networking structures as shown in Figure 6.Distributed group web frame shown in Figure 5 is to set up a transducer at each IDM system, and the communication between each IDM system is to realize by the transducer that links to each other separately with the conversion of different authentication grade.Centralized networking structure shown in Figure 6 is that all IDM systems are connected to a common transducer, when the IDM of isomery system initiates to communicate by letter in pairs, after this transducer receives authentication result by the input interface that links to each other with a side IDM system wherein, be converted into intermediate form in inside, be converted to the authentication grade and the formatted data of the opposing party IDM system region again, send to the opposing party IDM system then, thereby also can solve the interoperability problem between the isomery IDM system.In actual applications, can dispose flexibly in conjunction with these two kinds of networking modes as required.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.
Claims (10)
1. processing method that realizes interoperability between Identity Management IDM system is characterized in that this method comprises:
When user terminal is served to the service provider SP server requests on visit ground, the transducer of described user terminal ownership place will be converted to intermediate form from the authentication result of the IDM system of ownership place, and the authentication result of intermediate form be sent to the transducer on user terminal visit ground;
The transducer on described visit ground is according to authentication result that receives and default authentication grade switching strategy, obtain the authentication grade of this authentication, and the described authentication result that will receive and described authentication grade are converted to the IDM system that sends to visit ground behind the visit ground form on visit ground;
The IDM system on described visit ground judges according to the described authentication result that receives and described authentication grade and authorizes, authorization message sent to the SP server on user terminal visit ground;
The SP server on described visit ground is after passing through the authorization message checking that receives, for described user terminal provides service.
2. according to the processing method of interoperability between the described realization of claim 1 IDM system, it is characterized in that described authentication result comprises: successfully whether authentication method, authentication.
3. according to claim 1 or the 2 described processing methods that realize interoperability between the IDM system, it is characterized in that after the SP server requests service on visit ground, this method further comprises at user terminal:
The IDM system of the SP server requests ownership place on described visit ground carries out authentication;
The IDM system of described ownership place initiates challenge to user terminal, requires user terminal that identity information is provided;
Described user terminal is replied ownership place IDM system, and sends identity information to the IDM of ownership place system;
The IDM system of described ownership place carries out authentication according to the identity information that receives to user terminal, obtains the authentication result of ownership place form, and the authentication result that obtains is sent to the transducer of ownership place.
4. according to the processing methods of interoperability between claim 1 or 2 described realization IDM systems, it is characterized in that, described authentication result be converted to intermediate form, be specially:
By security assertion markup language SAML the authentication result of ownership place form is converted to the authentication assertion form, described authentication assertion form is intermediate form;
The transducer on described visit ground is converted to visit ground form with the authentication result that receives, and is specially:
The authentication result of authentication assertion form is converted to visit ground form.
5. according to claim 1 or the 2 described processing methods that realize interoperability between the IDM system, it is characterized in that authentication result that described basis receives and default authentication grade switching strategy obtain the authentication grade of this authentication on visit ground, are specially:
The transducer on described visit ground contrasts authentication result that receives and the authentication trust grade of visiting ground, and obtains the authentication grade of this authentication on visit ground according to default authentication grade switching strategy.
6. a treatment system that realizes interoperability between the IDM system is characterized in that, this system comprises: the transducer on the IDM system of ownership place, the transducer of ownership place, visit ground and the IDM system on visit ground, wherein,
The IDM system of described ownership place is used for external request is authenticated, and authentication result is offered the transducer of described ownership place;
The transducer of described ownership place is used for the authentication result from the IDM system of ownership place is converted to intermediate form, and the authentication result of intermediate form is sent to the transducer on described visit ground;
The transducer on described visit ground, be used for according to authentication result that receives and default authentication grade switching strategy, obtain the authentication grade of this authentication, and the described authentication result that will receive and described authentication grade are converted to the IDM system that sends to visit ground behind the visit ground form on visit ground;
The IDM system on described visit ground after receiving authentication information, judges and authorizes external request.
7. according to the treatment system of interoperability between the described realization of claim 6 IDM system, it is characterized in that the transducer of described ownership place further comprises:
The local data parsing module is used for resolving and extract the authentication result from the data flow of the IDM system of ownership place;
The intermediate form data generation module is used for the authentication result that described local data parsing module provides is carried out format conversion, generates the authentication result of intermediate form.
8. according to the treatment system of interoperability between the described realization of claim 6 IDM system, it is characterized in that the transducer on described visit ground further comprises:
The intermediate form data resolution module is used for resolving and extract the authentication result from the data flow of the transducer of ownership place;
Authentication result that provides according to described intermediate form data resolution module and the authentication grade switching strategy of presetting are provided the authentication grade acquisition module, obtain the authentication grade of this authentication on visit ground;
The data transaction sending module, be used for authentication grade information translation that authentication result and described authentication grade acquisition module with intermediate form obtain for visit ground form after, send to the IDM system on visit ground.
9. the described according to Claim 8 treatment system that realizes interoperability between the IDM system, it is characterized in that, described authentication grade acquisition module is further used for, authentication result that receives and the authentication trust grade of visiting ground are contrasted, and obtain the authentication grade of this authentication on visit ground according to default authentication grade switching strategy.
10. according to claim 7 or the 8 or 9 described treatment systems that realize interoperability between the IDM system, it is characterized in that,
Described intermediate form data generation module is further used for, and by SAML the authentication result of ownership place form is converted to the authentication assertion form;
Described data transaction sending module is further used for, and the authentication result of described authentication assertion form is converted to visit ground form.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100869567A CN101719829B (en) | 2009-06-11 | 2009-06-11 | Processing and system for realizing IDM system interoperation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100869567A CN101719829B (en) | 2009-06-11 | 2009-06-11 | Processing and system for realizing IDM system interoperation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101719829A true CN101719829A (en) | 2010-06-02 |
| CN101719829B CN101719829B (en) | 2012-02-29 |
Family
ID=42434350
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100869567A Expired - Fee Related CN101719829B (en) | 2009-06-11 | 2009-06-11 | Processing and system for realizing IDM system interoperation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101719829B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012055339A1 (en) * | 2010-10-26 | 2012-05-03 | 中兴通讯股份有限公司 | Authentication routing system, method and authentication router of cloud computing service |
| CN103327044A (en) * | 2012-03-21 | 2013-09-25 | 中兴通讯股份有限公司 | Method and device for querying credit rating |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1298194C (en) * | 2004-03-22 | 2007-01-31 | 西安电子科技大学 | Radio LAN security access method based on roaming key exchange authentication protocal |
| CN100525499C (en) * | 2005-12-07 | 2009-08-05 | 华为技术有限公司 | Authentifying method and system for providing digital broadcast to roaming users |
| CN101272627B (en) * | 2008-04-30 | 2010-12-22 | 杭州华三通信技术有限公司 | Network access control method and apparatus for implementing roaming |
-
2009
- 2009-06-11 CN CN2009100869567A patent/CN101719829B/en not_active Expired - Fee Related
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012055339A1 (en) * | 2010-10-26 | 2012-05-03 | 中兴通讯股份有限公司 | Authentication routing system, method and authentication router of cloud computing service |
| US8898747B2 (en) | 2010-10-26 | 2014-11-25 | Zte Corporation | Authentication routing system and method for cloud computing service and authentication router |
| CN103327044A (en) * | 2012-03-21 | 2013-09-25 | 中兴通讯股份有限公司 | Method and device for querying credit rating |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101719829B (en) | 2012-02-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108650262B (en) | Cloud platform expansion method and system based on micro-service architecture | |
| US10531297B2 (en) | Authentication method and server, and computer storage medium | |
| US8275355B2 (en) | Method for roaming user to establish security association with visited network application server | |
| CN101163010B (en) | Method of authenticating request message and related equipment | |
| CN103188207B (en) | A kind of cross-domain single sign-on realization method and system | |
| US20160352734A1 (en) | Admission of an Individual Session in a Network | |
| CN102457376B (en) | A kind of method and system of cloud computing service unified certification | |
| CN113746633B (en) | Internet of things equipment binding method, device, system, cloud server and storage medium | |
| CN102082771A (en) | Service management middleware based on ESB (enterprise service bus) technology | |
| JP4543322B2 (en) | Mediation server, second authentication server, operation method thereof, and communication system | |
| CN111277549A (en) | Security service method and system adopting block chain | |
| CN103475726A (en) | Virtual desktop management method, server and client side | |
| CN102137069A (en) | Method and system for realizing application of internet of things | |
| CN104467923A (en) | Apparatus interacting method, apparatus and system | |
| CN101867589A (en) | Network identification authentication server and authentication method and system thereof | |
| CN103023856A (en) | Single sign-on method, single sign-on system, information processing method and information processing system | |
| CN109583154A (en) | A kind of system and method based on Web middleware access intelligent code key | |
| CN102420808B (en) | Method for realizing single signon on telecom on-line business hall | |
| CN103414732A (en) | Application integration device and application integration processing method | |
| CN102137102B (en) | Realizing method of service supporting platform for supporting multiclass information publishing modes | |
| CN102255904A (en) | Communication network and terminal authentication method thereof | |
| CN114707976A (en) | Payment method, user terminal, device, equipment, system and medium | |
| CN101719829B (en) | Processing and system for realizing IDM system interoperation | |
| CN113099449B (en) | Authentication method and system of distributed core network and home subscriber server | |
| CN1885768B (en) | Worldwide web authentication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180705 Address after: California, USA Patentee after: Global innovation polymerization LLC Address before: 518057 Nanshan District high tech Industrial Park, Shenzhen, Guangdong, Ministry of justice, Zhongxing Road, South China road. Patentee before: ZTE Corp. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120229 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |