CN101772022A - Method, device and system for controlling access to network terminal - Google Patents
Method, device and system for controlling access to network terminal Download PDFInfo
- Publication number
- CN101772022A CN101772022A CN200810189805A CN200810189805A CN101772022A CN 101772022 A CN101772022 A CN 101772022A CN 200810189805 A CN200810189805 A CN 200810189805A CN 200810189805 A CN200810189805 A CN 200810189805A CN 101772022 A CN101772022 A CN 101772022A
- Authority
- CN
- China
- Prior art keywords
- authentication
- wireless terminal
- terminal
- network
- described wireless
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The embodiment of the invention discloses a method for controlling the access to a network terminal. The method comprises the following steps: a wireless terminal receives a wireless terminal side and authenticates the wireless terminal side; the wireless terminal carries out the CA authentication by using a self-saving private key and a public key certificate corresponding to the wireless terminal on an authentication CA server after the authentication of the wireless terminal is passed; and the access to the network terminal is authorized after the CA authentication is passed. The embodiment of the invention also provides a device and a system for controlling the access to the network terminal. By using the embodiment of the invention, the security level for controlling the access to the network terminal can be improved, thereby ensuring that the access to the network terminal of a user is safer and more reliable.
Description
Technical field
The present invention relates to the network information security technology field, be specifically related to a kind of method, Apparatus and system of controlling the accesses network terminal.
Background technology
Computer security relates to very many fields, but one of the most basic safety problem is exactly the control mode of access rights.In order to protect information security, need user's identity be authenticated, in case disabled user's login system.
The authentication of areas of information technology realizes by an evidence and entity identities are bound.Come experimental evidence by corresponding mechanism, whether consistent to determine this user with the identity that evidence is declared.Form of authentication by authentication divides, and has at present: password authentication, USB Key authentication, biological characteristic authentication etc.
Password authentication is the most general mode, utilizes number of the account and password as the authentication instrument, and login enters computer system.Because number of the account and password are stolen easily or crack, so fail safe is not high.
USB Key authentication mode is to utilize USB Key as the authentication instrument, has built-in personal digital certificate in the equipment of USB interface, is used for doing authentication.
Biological characteristic authentication is to utilize biological characteristic, and as the authentication instrument, login enters computer system.Particularly, high-tech means is close combines by computer and optics, acoustics, biology sensor and biostatistics principle etc., utilizes the intrinsic physiological property of human body, waits the evaluation of carrying out personal identification as fingerprint, face, red film.The advantage of biological characteristic authentication mode is significantly, but its shortcoming is that realization cost height and accuracy of identification are relatively low, occurs the situation of identification error easily.
Because USB Key has safe and reliablely, be easy to carry, advantage easy to use, with low cost, be considered to become the main developing direction of authentication.Along with increasing and complexity that certificate verification (CA, Certification Authority) is used, the USB KEY of larger capacity can more can meet the demands.From market prospects, that follows that certificate uses deepens continuously and the reduction of unit cost, supports the high-end USB KEY of RSA Algorithm will meet the trend of development more.
Provide in the prior art with the scheme of USB Key as the login Key of PC, for the certificate verification of USBKey embedded digital, carry out authentication in conjunction with network C A in the time of login.
But USB Key adopts software and hardware to encrypt the mode that combines, the checkings such as login of starting shooting.Affirmation trust mode for identity is relatively low.
For the certificate verification of USB Key embedded digital, carry out authentication in conjunction with network C A in the time of login.Can't have access to spider lines or carry notebook and go out to handle official business and to have access under the situation of spider lines as PC so, be inconvenient to carry out network authentication.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of method, Apparatus and system of controlling the accesses network terminal, can carry out wireless access and carry out authentication and authentication, has improved the level of security of network terminal access control.
The embodiment of the invention provides a kind of method of controlling the accesses network terminal, comprising:
Wireless terminal is accepted wireless network side to its authentication;
After the authentication of described wireless terminal was passed through, described wireless terminal used private key of self preserving and the public key certificate that authenticates the corresponding described wireless terminal on the CA server to carry out ca authentication; After described ca authentication is passed through, authorize visit to the described network terminal.
The embodiment of the invention provides a kind of system that controls the accesses network terminal, comprises the interconnective wireless terminal and the network terminal, wherein,
Described wireless terminal is used to accept wireless network side to its authentication; After the authentication of described wireless terminal is passed through, use private key of self preserving and the public key certificate that authenticates the corresponding described wireless terminal on the CA server to carry out ca authentication; And after described ca authentication is passed through, authorize visit to the described network terminal.
The embodiment of the invention also provides a kind of wireless terminal, comprising:
Authentication module is used to accept the authentication of wireless network side to described wireless terminal;
Judge module is used to judge whether the authentication to described wireless terminal is passed through;
Authentication module is used for when described judge module judges that the authentication of described wireless terminal is passed through, and uses the private key of described wireless terminal preservation and the public key certificate of the corresponding described wireless terminal on the authentication CA server to carry out ca authentication;
Described judge module is used to also judge whether described ca authentication is passed through;
Authorization module is used for authorizing the visit to the described network terminal when described judge module judges that described ca authentication is passed through.
In sum, in the technical scheme that the embodiment of the invention provides, thereby employing is carried out authentication to wireless terminal and is utilized wireless network access CA server to carry out ca authentication, but only authentication and the authentication by after just the logging in network terminal operate, improved the authentication reliability of network terminal access control like this, made the user safer the accessing operation of the network terminal.Compare with the mode of utilizing USB key to authenticate login in the prior art, improved the level of security of logging in network terminal, and user's operation is more flexible.
Description of drawings
Fig. 1 is the system architecture schematic diagram of control accesses network terminal in the embodiment of the invention;
The method flow diagram of the control accesses network terminal that provides in the embodiment of the invention one is provided Fig. 2;
The method flow diagram of the control accesses network terminal that provides in the embodiment of the invention two is provided Fig. 3;
The method flow diagram of the control accesses network terminal that provides in the embodiment of the invention three is provided Fig. 4;
Fig. 5 constitutes schematic diagram for a kind of wireless terminal that the embodiment of the invention provides.
Embodiment
Along with public key architecture (PKI, Public Key Infrastructure) technology reaches its maturity, bring into use public key certificate to carry out authentication in many application.Public key certificate is to be that sign and issue at certificate verification CA center (server) by the just third-party institution of authority, is the encryption technology of core with the public key certificate, the authenticity of checking entity identities, thus guarantee safety.
The embodiment of the invention is utilized wireless network to carry out authentication and is obtained the public key certificate of wireless terminal by wireless network access CA server, thereby wireless terminal is authenticated, but authentication and the authentication by after just the logging in network terminal operate, improved the level of security of network terminal access control like this, made the user more safe and reliable the accessing operation of the network terminal.
Embodiment one
In the embodiment of the invention, implement the embodiment of the invention method the system group network pattern as shown in Figure 1, this system comprises: wireless terminal (as Wireless USB-Modem), the network terminal (as, PC or portable terminal) and certificate verification CA server.
The wireless terminal and the network terminal interconnect, and wherein wireless terminal is used to accept wireless network side to its authentication; After the authentication of described wireless terminal was passed through, wireless terminal used the private key of self preserving and authenticates public key certificate corresponding on the CA server and carries out ca authentication; And after described ca authentication is passed through, authorize visit to the described network terminal.
Comprise SIM/UIM card or flash memory Flash in the described wireless terminal, described SIM/UIM card or flash memory Flash can be used for preserving described private key.
Comprise special-purpose application programming interface api interface in the described wireless terminal, be used for controlling the visit of the described private key that described wireless terminal is preserved.
Spread its tail at the sign-on access network terminal, network terminal screen locking, the network terminal moment such as curtain guarantor, computer obtains the connection status of wireless terminal and PC by interrupting or inquiry mode, utilizes this opportunity, by wireless network, carries out authentication.
With reference to Fig. 2, a kind of method of controlling the accesses network terminal that the embodiment of the invention provides utilizes wireless terminal to realize the authentication of PC login or visit.
S201, wireless network is to the wireless terminal authentication;
Particularly, wireless terminal sends the request of access of radio network, accepts the authentication of wireless network side to the User Recognition SIM card of this wireless terminal; Pass through when this SIM card authentication, described wireless terminal inserts described wireless network.
S202, after the authentication of described wireless terminal was passed through, described wireless terminal used private key of self preserving and the public key certificate that authenticates the corresponding described wireless terminal on the CA server to carry out ca authentication;
In order to obtain the public key certificate of described wireless terminal, need to apply for public key certificate before, particularly, the process of application public key certificate, wireless terminal by cryptographic algorithm (as, RSA) produce key to (PKI-private key), private key is kept at the secure storage section of wireless terminal, and sends PKI and part personally identifiable information to authentication center (CA server).Authentication center will carry out some necessary steps after examining identity, sent by the user really to be sure of request, then, authentication center will issue public key certificate of user, comprise user's personal information and his public key information in this certificate, also have the signing messages of authentication center simultaneously.The various encrypting and authenticatings that the user just can use the public key certificate of oneself to be correlated with.
Described wireless terminal obtains the public key certificate of described wireless terminal from described CA server, is specially:
After described wireless terminal is activated, to described CA server application public key certificate;
Described wireless terminal is kept at the public key certificate that is received in the wireless terminal after receiving the public key certificate that the CA server sends, and uses for subsequent authentication.
Particularly, the public key certificate after encrypting with the private key of described wireless terminal with by eating dishes without rice or wine deposits in SIM/UIM card or the flash memory Flash.
For the purpose of safe and reliable, special-purpose application programming interface api interface can be set, described api interface is used for controlling private key and public key certificate that described wireless terminal is preserved and conducts interviews.
In the time of the CA authentication, the network terminal authenticates the private key in the wireless terminal, by wireless network access CA server, utilizes the public key certificate on the CA server and the private key of wireless terminal that wireless terminal is authenticated.If PKI in the public key certificate and the private key of wireless terminal coupling are then by authentication.This mode is also referred to as on-line authentication.
Although private key and " public key certificate (PKI) " have been kept in the wireless terminal, PC can directly visit by relevant interfaces such as USB, but also need whether expired at the line justification public key certificate, whether effective etc., so all be to go to visit that the CA server determines one's identity, authority by wireless network when authenticating at every turn, could guarantee safe and reliable like this.
S203 after ca authentication is passed through, authorizes the visit to the described network terminal.
In the technical scheme that the embodiment of the invention provides, wireless terminal user is when activating this terminal equipment, be connected to the CA server by wireless network, to CA server application public key certificate, after the user receives public key certificate, be saved in SIM card/UIM card (or be saved in the terminal flash appointed area, certificate is preserved and decided on the form of wireless terminal, can guarantee that private key is not stolen in the certificate by special purpose interface) by the terminal-specific interface.Wireless terminal device is connected with the PC main frame, reports the USB mouth to be connected to wireless network and CA server interaction automatically to the PC main frame and by default parameters after powering on, and need carry out the SIM card authentication when connecting wireless network, if authentication is passed through then the wireless network successful connection.PC utilizes the public key certificate information that the CA server provides in the wireless network, and this user is carried out authentication, if the verification passes, then authorizes login PC main frame.
Hence one can see that, the embodiment of the invention is utilized the wireless network authentication and is obtained the public key certificate of wireless terminal by wireless network from the CA server, wireless terminal is carried out double authentication, improved the reliability of authentication, realized safety operation management the network terminal.
Embodiment two
As shown in Figure 3, a kind of method of controlling the accesses network terminal that the embodiment of the invention provides is used to realize comprise the steps: the authentication of PC or other network terminals start login
Step S301 is connected to PC with wireless terminal, and passes through network access by wireless terminal;
Wireless terminal device starts, and wireless terminal passes through the default parameters access of radio network, and reports USB port to arrive PC;
Step S302, wireless network carries out authentication to wireless terminal;
Wireless terminal is connected with the PC main frame, need carry out User Recognition (SIM, Subscriber Identity Model) card authentication when connecting wireless network, if authentication is passed through, then wireless network successful connection, by wireless network access CA server, and with the CA server interaction.
Wireless terminal is connected the mode that adopts modal USB connecting line usually with PC.Can certainly the time PCMCIA or Express interface, interaction protocol then can adopt usb protocol.
If, then proceed subsequent step S303 by authentication, otherwise, the prompting failed authentication, and forward step S306 to;
Step S303 obtains the public key certificate that wireless terminal is carried out ca authentication;
Particularly, when wireless terminal activated, wireless terminal was pressed flow process to CA server application public key certificate, and this public key certificate is built in wireless terminal, can take to deposit in the SIM/UIM card or deposit in the Flash, but consider the safety of storage, need special API to conduct interviews;
Perhaps, the PC main frame is connected to the CA server by wireless network, to obtain public key certificate;
Particularly, the PC main frame also is connected to wireless network and CA server interaction automatically by default parameters, can obtain the public key certificate that is used for described wireless terminal is carried out ca authentication like this.
Wherein the start shooting sign-on access network terminal, network terminal screen locking, the network terminal separated in the operating process such as screen lock, the PC authentication need be revised interface at the Logon.dll module of Windows system and realize, and for linux system (MAC OS is similar), this module adopts logon.lib, forms such as logon.so, in starting script/etc/rc.d/rc x.d/, utilize the startup script to call operation, the login authentication of starting shooting.
Step S304, PC utilize the public key certificate information that the CA server provides in the wireless network, and this wireless terminal user is carried out authentication;
If, then carry out follow-up step S105 by authentication to this wireless terminal, otherwise prompting ca authentication failure, and forward step S106 to;
Step S305 enters licensing mode, can login/visit the PC operation;
Step S306 enters unauthorized mode of operation, forbids logining this PC, as screen locking.
Hence one can see that, and the embodiment of the invention is utilized the wireless network authentication and wireless terminal is carried out double authentication, improved the reliability of authentication, carries out effective authentication during start logging in network terminal, realizes the safety operation management to the network terminal.
Embodiment three
In addition, a kind of method of controlling the accesses network terminal that the embodiment of the invention provides also comprises after the disconnection of wireless terminal, forbids the step of logging in network terminal, and is specific as follows:
When the physical connection of user's disconnection of wireless terminal and PC, the PC authentication need detect this wireless terminal and not exist at the Logon.dll module of Windows system, then the direct lock-screen of PC main frame.
As shown in Figure 4, a kind of method of controlling the accesses network terminal that the embodiment of the invention provides comprises that also the PC main frame is in lock state of screen, separates the step of screen protection flow process, and is specific as follows:
Step S401, wireless terminal device starts, and wireless terminal reports USB port to arrive PC and connects online by default parameters;
Step S402, wireless network carries out authentication to wireless terminal;
Wireless terminal device is connected with the PC main frame, reports the USB mouth to the PC main frame after powering on, and is connected to wireless network and CA server interaction automatically by default parameters, need carry out the SIM card authentication when connecting wireless network, if authentication is passed through then wireless network successful connection.
Wireless terminal is connected the mode that can adopt modal USB connecting line with PC.Can certainly the time PCMCIA or Express interface, interaction protocol then can adopt usb protocol.
If, then proceed subsequent step S403 by authentication, otherwise, the prompting failed authentication, and forward step S406 to;
Step S403 obtains the public key certificate that wireless terminal is carried out ca authentication;
Particularly, when wireless terminal activates, press flow process to CA server application public key certificate, public key certificate is built in wireless terminal, its built-in mode can be taked to deposit in the SIM/UIM card or deposit in the Flash, but consider the safety of storage, need special application programming interface (API, Application Programming Interface) to conduct interviews;
Perhaps, the PC main frame is connected to the CA server by wireless network, to obtain public key certificate;
Particularly, the PC main frame also is connected to wireless network and CA server interaction automatically by default parameters, can obtain the public key certificate that is used for described wireless terminal is carried out ca authentication like this.
Step S404, PC utilize the public key certificate information that the CA server provides in the wireless network, and this wireless terminal user is carried out authentication;
If, then carry out follow-up step S405 by authentication to this wireless terminal, otherwise prompting ca authentication failure, and forward step S406 to;
Step S405 enters licensing mode, can login PC and operate;
Step S406 enters unauthorized mode of operation, as, PC is in screen locking.
In order to have prevented that the people from illegally usurping wireless terminal login PC main frame, can be wireless terminal exploitation vertical application DLL (dynamic link library) api interface, control is to the visit of public key certificate, the built-in public key certificate of every visit wireless terminal, all need to import Personal Identification Number (PIN, Personal IdentificationNumber) sign indicating number.
Hence one can see that, and the present invention utilizes the wireless network authentication and wireless terminal is authenticated, and improved the reliability of authentication, effectively controls in the operational network terminal procedures, realizes the safety operation management to the network terminal.
Embodiment four
The embodiment of the invention also provides a kind of system that controls the accesses network terminal, and with reference to Fig. 1, this system comprises: wireless terminal, the network terminal (as, PC main frame or other network-termination devices) and digital authenticating CA server.
Digital authenticating CA server is used to provide the public key certificate that described wireless terminal is authenticated;
The wireless terminal and the network terminal interconnect, and wireless terminal is used to the PC main frame that the link that communicates to connect of access network is provided; Be used to accept wireless network side to its authentication; After the authentication of described wireless terminal is passed through, use private key of self preserving and the public key certificate that authenticates the corresponding described wireless terminal on the CA server to carry out ca authentication; And after described ca authentication is passed through, authorize visit to the described network terminal.
Comprise SIM/UIM card or flash memory Flash in the described wireless terminal, described SIM/UIM card or flash memory Flash are used to preserve described public key certificate and described private key.
Comprise special-purpose application programming interface api interface in the described wireless terminal, be used for controlling the described private key that described wireless terminal is preserved and the visit of public key certificate.
Wireless terminal is connected to the CA server by wireless network, provide public key certificate to the application of CA server, after wireless terminal receives public key certificate, SIM card/UIM the card that is saved in wireless terminal by the wireless terminal special purpose interface (or is saved in the terminal flash appointed area, certificate is preserved and is decided on the form of wireless terminal, and key is to guarantee that private key is not stolen in the certificate by special purpose interface).
Wireless terminal device adopts wired mode to be connected with the PC main frame, after powering on, wireless terminal report the USB mouth to be connected to wireless network and CA server interaction automatically to the PC main frame and by default parameters, need carry out the SIM card authentication when connecting wireless network, if authentication is passed through then the wireless network successful connection.Afterwards, PC utilizes the public key certificate information that the CA server provides in the wireless network, and this user is carried out authentication, if the verification passes, then authorizes login PC main frame.
Be provided with SIM/UIM card or flash memory Flash in the described wireless terminal, described public key certificate is kept in SIM/UIM card or the flash memory Flash.
Be provided with special-purpose application programming interface api interface in the described wireless terminal, be used for controlling the visit of the public key certificate that described wireless terminal is preserved.
In the system that the embodiment of the invention provides, utilize the wireless network authentication and wireless terminal is carried out double authentication, improved the reliability of authentication, in network terminal start login or operating process, can effectively control, realized safety operation management the network terminal.
Embodiment five
With reference to Fig. 5, a kind of wireless terminal 500 that the embodiment of the invention provides comprises:
Particularly, wireless terminal sends the request of access of radio network, and this authentication module is accepted the authentication of wireless network side to the User Recognition SIM card of this wireless terminal;
Pass through when this SIM card authentication, described wireless terminal inserts described wireless network.
Described judge module 520 is used to also judge whether described ca authentication is passed through;
In the time of each CA authentication, the network terminal authenticates the private key in the wireless terminal, by wireless network access CA server, utilizes the public key certificate on the CA server and the private key of wireless terminal that wireless terminal is authenticated.If PKI in the described public key certificate and the private key of wireless terminal coupling, then described judge module 520 are determined ca authentication and are passed through.
Wherein, described acquisition module 530 comprises application module 531, receiver module 532 and preserves module 533.
Described application module 531 is used for when described wireless terminal activates, to described CA server application public key certificate;
Particularly, described application module 531 described PKIs of transmission and wireless terminal identity information are to the ca authentication server, with the application public key certificate.
Described receiver module 532 is used to receive the public key certificate that described CA server sends;
Described preservation module 533 is used for after receiving the public key certificate that the CA server sends the public key certificate that is received being kept in the wireless terminal.
For the purpose of safe and reliable, special-purpose application programming interface api interface is set in wireless terminal, this api interface is used for controlling the visit of the public key certificate that described wireless terminal is preserved.
Preferably, the described public key certificate after described preservation module 533 will be encrypted by eating dishes without rice or wine deposits in SIM/UIM card or the flash memory Flash.
Before carrying out ca authentication, described acquisition module 530 obtains the public key certificate of corresponding described wireless terminal from the CA server by wireless network.
Described wireless terminal also comprises:
Described preservation module 533 is kept at the private key that is produced in the described wireless terminal;
For safety, must just can obtain described private key by the described wireless terminal of application programming interface API Access of described special use.
In sum, the embodiment of the invention is connected wireless terminal with the network terminal, thereby by wireless terminal being carried out authentication and utilizing wireless network access CA server to carry out ca authentication, but authentication and the authentication by after just the logging in network terminal operate, improved the authentication reliability of network terminal access control like this, made the user safer the accessing operation of the network terminal.Compare with USB key authentication login of the prior art, improved the level of security of logging in network terminal, and user's operation is more flexible.When the embodiment of the invention had overcome employing CA server authentication public key certificate, USBKey can't be used for the shortcoming of mobile authentication.Can make PC that can't the access cable network or the portable terminal that moves in using operate safer convenience according to the embodiment of the invention.
Obviously, it will be appreciated by those skilled in the art that, each module of the above-mentioned embodiment of the invention or each step can realize with the general calculation device, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the storage device and carry out by calculation element, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the embodiment of the invention is not restricted to any specific hardware and software combination.
The above is embodiments of the invention only, is not to be used to limit protection scope of the present invention.All any modifications of being done within the spirit and principles in the present invention, be equal to replacement, improvement etc., all be included in protection scope of the present invention.
Claims (12)
1. a method of controlling the accesses network terminal is characterized in that, comprising:
Wireless terminal is accepted wireless network side to its authentication;
After the authentication of described wireless terminal was passed through, described wireless terminal used private key of self preserving and the public key certificate that authenticates the corresponding described wireless terminal on the CA server to carry out ca authentication;
After described ca authentication is passed through, authorize visit to the described network terminal.
2. the method for claim 1 is characterized in that, described wireless terminal is accepted wireless network side to its authentication, comprising:
Wireless terminal is accepted the authentication of wireless network side to the User Recognition SIM card of this wireless terminal after sending the request of access of radio network; Pass through when this SIM card authentication, described wireless terminal inserts described wireless network.
3. the method for claim 1 is characterized in that, the private key of described wireless terminal is kept in SIM/UIM card or the flash memory Flash.
4. method as claimed in claim 3 is characterized in that, further comprises:
Special-purpose application programming interface api interface is set, and described api interface is used for controlling the private key visit that described wireless terminal is preserved.
5. the method for claim 1 is characterized in that, carry out ca authentication before, the public key certificate of the described wireless terminal of described correspondence is downloaded from described CA server by described wireless terminal and is obtained.
6. a system that controls the accesses network terminal is characterized in that, comprises the interconnective wireless terminal and the network terminal, wherein,
Described wireless terminal is used to accept wireless network side to its authentication; After the authentication of described wireless terminal is passed through, use private key of self preserving and the public key certificate that authenticates the corresponding described wireless terminal on the CA server to carry out ca authentication; And after described ca authentication is passed through, authorize visit to the described network terminal.
7. system as claimed in claim 6 is characterized in that, comprises SIM/UIM card or flash memory Flash in the described wireless terminal, and described SIM/UIM card or flash memory Flash are used to preserve described private key.
8. system as claimed in claim 6 is characterized in that, comprises special-purpose application programming interface api interface in the described wireless terminal, is used for controlling the visit of the described private key that described wireless terminal is preserved.
9. a wireless terminal is characterized in that, comprising:
Authentication module is used to accept the authentication of wireless network side to described wireless terminal;
Judge module is used to judge whether the authentication to described wireless terminal is passed through;
Authentication module is used for when described judge module judges that the authentication of described wireless terminal is passed through, and uses the private key of described wireless terminal preservation and the public key certificate of the corresponding described wireless terminal on the authentication CA server to carry out ca authentication;
Described judge module is used to also judge whether described ca authentication is passed through;
Authorization module is used for authorizing the visit to the described network terminal when described judge module judges that described ca authentication is passed through.
10. wireless terminal as claimed in claim 9 is characterized in that,
Described authentication module is further used for accepting the SIM card authentication of wireless network side to described wireless terminal.
11. wireless terminal as claimed in claim 9 is characterized in that,
Described acquisition module also is used for obtaining the public key certificate of the corresponding described wireless terminal on the CA server before carrying out ca authentication.
12. wireless terminal as claimed in claim 9 is characterized in that, also comprises:
The key generation module, it is right to be used for producing public, private key by cryptographic algorithm;
Preserve module, be used to preserve described private key;
Special-purpose application programming interface API is used to control the visit to described private key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810189805.XA CN101772022B (en) | 2008-12-31 | 2008-12-31 | Method, device and system for controlling access to network terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810189805.XA CN101772022B (en) | 2008-12-31 | 2008-12-31 | Method, device and system for controlling access to network terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101772022A true CN101772022A (en) | 2010-07-07 |
| CN101772022B CN101772022B (en) | 2013-04-24 |
Family
ID=42504541
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810189805.XA Active CN101772022B (en) | 2008-12-31 | 2008-12-31 | Method, device and system for controlling access to network terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101772022B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012116519A1 (en) * | 2011-03-01 | 2012-09-07 | 中兴通讯股份有限公司 | Method and system for differentiation authorization of network device |
| CN103944721A (en) * | 2014-04-14 | 2014-07-23 | 天津艾宝卓越科技有限公司 | Method and device for protecting terminal data security on basis of web |
| CN108449759A (en) * | 2018-03-28 | 2018-08-24 | 湖南东方华龙信息科技有限公司 | Radio switch-in method and wireless access authentication method |
| CN113168441A (en) * | 2018-11-15 | 2021-07-23 | 奥迪股份公司 | Authentication of users of software applications |
| CN113691519A (en) * | 2021-08-18 | 2021-11-23 | 绿能慧充数字技术有限公司 | Off-network equipment centralized control method for cloud service unified management of access authority |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2914498Y (en) * | 2006-01-27 | 2007-06-20 | 北京飞天诚信科技有限公司 | Information security device based on universal serial bus human-computer interaction type device |
| CN1838141A (en) * | 2006-02-05 | 2006-09-27 | 刘亚威 | Technology for improving security of accessing computer application system by mobile phone |
| CN101136915B (en) * | 2007-10-16 | 2011-08-10 | 中兴通讯股份有限公司 | Method and system for implementing multi-service united safety authentication |
-
2008
- 2008-12-31 CN CN200810189805.XA patent/CN101772022B/en active Active
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012116519A1 (en) * | 2011-03-01 | 2012-09-07 | 中兴通讯股份有限公司 | Method and system for differentiation authorization of network device |
| CN103944721A (en) * | 2014-04-14 | 2014-07-23 | 天津艾宝卓越科技有限公司 | Method and device for protecting terminal data security on basis of web |
| CN108449759A (en) * | 2018-03-28 | 2018-08-24 | 湖南东方华龙信息科技有限公司 | Radio switch-in method and wireless access authentication method |
| CN108449759B (en) * | 2018-03-28 | 2021-05-04 | 湖南东方华龙信息科技有限公司 | Wireless access method and wireless access authentication method |
| CN113168441A (en) * | 2018-11-15 | 2021-07-23 | 奥迪股份公司 | Authentication of users of software applications |
| CN113168441B (en) * | 2018-11-15 | 2023-11-03 | 奥迪股份公司 | Authentication of a user of a software application |
| CN113691519A (en) * | 2021-08-18 | 2021-11-23 | 绿能慧充数字技术有限公司 | Off-network equipment centralized control method for cloud service unified management of access authority |
| CN113691519B (en) * | 2021-08-18 | 2023-09-01 | 绿能慧充数字技术有限公司 | Off-network equipment centralized control method for unified management of access rights of cloud service |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101772022B (en) | 2013-04-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI667585B (en) | Method and device for safety authentication based on biological characteristics | |
| KR101198120B1 (en) | Iris information based 3-factor user authentication method for otp generation and secure two way authentication system of wireless communication device authentication using otp | |
| EP1360568B1 (en) | Method and system for securing a computer network and personal identification device used therein for controlling access to network components | |
| US8689290B2 (en) | System and method for securing a credential via user and server verification | |
| KR100876003B1 (en) | User Authentication Method Using Biological Information | |
| US9294279B2 (en) | User authentication system | |
| US8386795B2 (en) | Information security device of Universal Serial Bus Human Interface Device class and data transmission method for same | |
| US8769289B1 (en) | Authentication of a user accessing a protected resource using multi-channel protocol | |
| US8132722B2 (en) | System and method for binding a smartcard and a smartcard reader | |
| CN104115464B (en) | Control is accessed | |
| CN101005361B (en) | Server and software protection method and system | |
| US20080134314A1 (en) | Automated security privilege setting for remote system users | |
| US20090037729A1 (en) | Authentication factors with public-key infrastructure | |
| AU2002226231A1 (en) | Method and system for securing a computer network and personal identification device used therein for controlling access to network components | |
| CN109063438A (en) | A kind of data access method, device, local data secure access equipment and terminal | |
| CN101772022B (en) | Method, device and system for controlling access to network terminal | |
| US20070180507A1 (en) | Information security device of universal serial bus human interface device class and data transmission method for same | |
| US20050250472A1 (en) | User authentication using a wireless device | |
| CN101908964A (en) | Method for authenticating remote virtual cryptographic equipment | |
| WO2010128451A2 (en) | Methods of robust multi-factor authentication and authorization and systems thereof | |
| CN115935318B (en) | Information processing method, device, server, client and storage medium | |
| CN106027470B (en) | Identity card card-reading terminal and cloud authentication platform authentication method and system | |
| CN104767728A (en) | Identity authentication method and system based on home-based elderly care | |
| CN115987636B (en) | Information security implementation method, device and storage medium | |
| CN108322439B (en) | Registration method and registration system by using security equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong. Patentee after: Huawei terminal (Shenzhen) Co.,Ltd. Address before: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong. Patentee before: HUAWEI DEVICE Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20181226 Address after: 523808 Southern Factory Building (Phase I) Project B2 Production Plant-5, New Town Avenue, Songshan Lake High-tech Industrial Development Zone, Dongguan City, Guangdong Province Patentee after: HUAWEI DEVICE Co.,Ltd. Address before: 518129 Building 2, B District, Bantian HUAWEI base, Longgang District, Shenzhen, Guangdong. Patentee before: Huawei terminal (Shenzhen) Co.,Ltd. |