CN102843584A - Method and system for authenticating network terminals - Google Patents
Method and system for authenticating network terminals Download PDFInfo
- Publication number
- CN102843584A CN102843584A CN2011104314540A CN201110431454A CN102843584A CN 102843584 A CN102843584 A CN 102843584A CN 2011104314540 A CN2011104314540 A CN 2011104314540A CN 201110431454 A CN201110431454 A CN 201110431454A CN 102843584 A CN102843584 A CN 102843584A
- Authority
- CN
- China
- Prior art keywords
- authentication
- service
- network terminal
- server
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention provides a method for authenticating network terminals, which comprises the following steps: a network terminal sends an authentication request to a management server; after the authentication request passes through the authentication of the management server, the management server returns authentication information to the network terminal, and sends the authorized information of the network terminal to each business server for providing each business for the network terminal; the network terminal sends a service request containing the authentication information to the business server; and the business server carries out legitimacy authentication on the authentication information in the service request according to the authorized information. Correspondingly, the invention also provides an authentication system. By using the authentication method, a process that a network television carries out registration on each business server is omitted, so that when a user accesses the business server, as the business server records authorized network televisions, an operation of judging whether the network television is authorized is only required to be performed, thereby shortening the interaction process implemented between the network television and the business server.
Description
Technical field
The present invention relates to a kind of authentication method and system of the network terminal.
Background technology
Web TV, promptly IPTV is a kind of broadband cabled television network that utilizes, and integrates the Internet, multimedia, communication and multiple technologies, and the brand-new technology of the multiple interactive services that comprises DTV is provided to the domestic consumer.
Different with the pc access public internet; The service that Web TV provides to the user is specialization and customizes; Wherein contain a lot of business models, therefore must provide a kind of technological means of TV user, TV manufacturer and content supplier etc. of protecting to come the key link of whole Web TV industrial chain is managed.
Yet,, have only the open correlation technique of few studies unit to realize authentication management to Web TV at present in field of television.For example; Application publication number is management method and system and the Web TV that CN101795279A discloses a kind of Web TV; Its method comprises: Web TV sends to management server and obtains Resource Server finger URL message; Management server uses authentication code that Web TV is carried out authentication, if authentication is passed through, then management server returns the uniform resource position mark URL tabulation of the Resource Server with Internet resources to Web TV.
Said method is realized the authentication of management server to Web TV, if authentication can obtain the URLs url list through Web TV then.Be understood that, in this case, be easy to make the intransitable Web TV of authentication; Be unauthorized Web TV, obtain said URLs url list through other modes, and directly visit these resources; Make this authentication perform practically no function, fail safe reduces greatly.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of authentication method and Verification System of the network terminal, need can directly obtain authorized network service to avoid unauthorized Web TV.
To achieve these goals, the present invention proposes a kind of authentication method of the network terminal, it is characterized in that, comprise step:
A. the network terminal sends authentication request to management server;
B. the management server authentication is passed through the back to network terminal return authentication information, and to each authorization message that each professional service server sends this network terminal is provided for this network terminal;
C. the network terminal sends the services request that comprises said authentication information to service server;
D. service server carries out the legitimacy authentication according to said authorization message to the authentication information in the said services request.
Draw from the above mentioned; Use this authentication method; Saved the process that Web TV is all registered to each service server, during the user capture service server, service server has recorded the Web TV that is authorized to; Only need judge whether this Web TV has been authorized to get final product, and has shortened the reciprocal process of Web TV and service server.
Preferably, also comprise before the steps A: the network terminal is in each professional step of management server registration; Each business that each business is said registration described in the step B.
Draw from the above mentioned, the user can obtain corresponding network service through registration, has increased the degree of freedom of user to the network services selection.
Preferably, between step B and step C, also comprise: said management server generates the authentication service tabulation that comprises said each address of service server information, and offers the said network terminal.
Draw from the above mentioned, during client television set accessing network resources, only need the relative address information of the service server that tabulation provides with reference to authentication service can be directly linked to corresponding network address, shortened the time of customer access network resource.
Preferably, said authentication service tabulation also comprises the mandate time and/or the term of validity.Thereby help guaranteeing that network television user uses Internet resources in legal time.
Preferably, said authentication information and authorization message comprise the unique identifying information of the network terminal at least; Said authorization message also comprises: authorize permission information key.
Draw from the above mentioned; After the Web TV authentication is passed through; Verification System will produce a password key, and key carries out distribution authorization to service server through this password, and Web TV is through this password key access service server; Thereby help guaranteeing the legitimate interests of TV user, television manufacturer and content supplier, avoid unauthorized Web TV directly to visit these resources.
To achieve these goals, the invention allows for a kind of Verification System of the network terminal, it is characterized in that, comprising:
The network terminal is used for to the management server request authentication with access authentication information, and sends the services request that comprises said authentication information to service server;
Management server is used for the network terminal is carried out authentication, and passes through the back to network terminal return authentication information in authentication, and to provide each each professional service server to send the authorization message at this terminal for this terminal;
Service server is used for the said authorization message that the receiving management server sends, and in view of the above the authentication information in the said services request of network terminal transmission is carried out the legitimacy authentication.
Draw from the above mentioned; In background technology; Only carry out authentication by authentication server, and the service server that each service is provided is concerning authentication is carried out at the terminal, the present invention more possesses fail safe; Make that whether service server is authorized to also carry out authentication to client, has guaranteed by the legitimacy of access client.
Preferably, said management server comprises:
Connect and authorization module, be used for the network terminal is carried out authentication, and pass through the back to network terminal return authentication information in authentication;
The service management module is used for to provide each each professional service server to send the authorization message at this terminal for the said network terminal.
Draw from the above mentioned; By connecting Web TV is authorized with authorization module; Simultaneously also by each network service that Web TV had of service management module, to the above-mentioned relevant information of each this Web TV of service server transmission that each network service is provided according to mandate.
Description of drawings
Fig. 1 representes the theory diagram of Verification System;
Fig. 2 representes the flow chart of authentication method;
Fig. 3 representes the flow chart of authentication method, is a kind of embodiment;
Fig. 4 representes the theory diagram of Verification System, is a kind of embodiment.
Embodiment
With reference to Fig. 1-shown in Figure 4, obtaining resource service with Web TV from service server is example, describes authentication method of the present invention and system in detail below.
Shown in Figure 1 is the theory diagram of Verification System, and shown in Figure 2 is the flow chart of authentication method, specifies respectively below.
In the example as shown in Figure 1, Verification System according to the invention comprises Web TV 10, the management server 20 as client, and service server 30.Wherein, between Web TV 10 and management server 20 and the service server 30, can realize information interaction through wired or wireless network.Management server 20 sends the associated authorization authentication information to service server 30, and Web TV 10 sends the solicited message of obtaining resource service to service server 30.
As the said Web TV 10 of client device, intelligent TV set promptly of the prior art, it can carry out information interaction and message transmission through wired or wireless transport module and extraneous other equipment or server.In addition, in the present invention, said Web TV 10 can also adopt other client devices to replace, for example, PC, mobile phone, MP5 etc., for describing conveniently, back Wen Jun describes as embodiment with Web TV.
The Verification System formed by above-mentioned Web TV 10, management server 20 and service server 30 of focusing on of the present invention; And be prior art for the concrete structure of each device; Be not emphasis of the present invention, do not give unnecessary details so the concrete structure of each device do not done.
Shown in Figure 2 is the flow chart of authentication method, with reference to the theory diagram of Verification System shown in Figure 1.This method comprises the steps:
S11. Web TV 10 sends authentication request to management server 20.Wherein, authentication request can comprise unique identifying information, like ID, the MAC Address of equipment, also can comprise information such as hardware version, software version, network address information, function coding tabulation, user name and password.
S12. 20 pairs of Web TVs of management server 10 carry out authorization identifying, if authorization identifying passes through, then management server 20 sends authorization identifying information to service server 30.
Generally; Web TV 10 is when dispatching from the factory or sell; Its corresponding hardware data, software data and user profile etc. can be stored in management server 20 sides synchronously; When Web TV 10 is carried out authorization identifying, only need on authentication information that comparison Web TV 10 sides send and the management server 20 whether consistent getting final product of canned data, as if unanimity then authentication pass through; If inconsistent then authentication is not passed through, and management server 20 notifies the unsanctioned information of authentication to Web TV 10.
Perhaps; Also can adopt the mode of user end to server registed authorization; Register Web TV 10 as legal terminal at management server 20; Thereby be convenient to the authentication of follow-up above-mentioned steps S12, and when registration, simultaneously (different terminal can have different services) registered in the network service that this terminal had.
Wherein, authorization identifying information comprises that device id, MAC Address, ID, session id, mandate allow information, mandate time and the term of validity, authorize in the permission information to include the encrypted message that has unique corresponding relation with Web TV 10.For example, Web TV 10 to the authentication request information that management server 20 sends is: http: // initialization URL/MAC, management server 20 generate authorization identifying information according to authentication request information and are: http: // initialization URL/MAC+key.
S13. management server 20 returns the authentication service tabulation that includes authorization identifying information to Web TV 10.Wherein, The authentication service tabulation comprises the service list of authorizing successful session information and success to authorize; And address of service information, mandate time and the term of validity of the service of success mandate; Authorize successful session information to comprise device id, MAC Address, ID, session id and mandate permission information, and include the encrypted message (concrete shown in step S12) that has unique corresponding relation with Web TV 10 in the mandate permission information.
S14. Web TV 10 sends to service server 30 and includes the request of obtaining resource service of authorizing permission information.Wherein, obtain and include the encrypted message (concrete shown in step S12) that has unique corresponding relation with Web TV 10 in the mandate permission information included in the request of resource service.
515. service server 30 is judged the qualification whether Web TV 10 has the resource service obtained according to the mandate permission information that the management server that receives 30 sends.On service server 30, store the authorization identifying information that step S12 sends; After service server 30 receives the request of obtaining the Internet resources service of being sent by Web TV 10; Judge this obtain the encrypted message that comprises in the request of Internet resources service whether with its stored authorized authentication information in the encrypted message that comprised whether consistent, if both are consistent, Web TV 10 can obtain required Internet resources; If both are inconsistent, otherwise then.
Between above-mentioned steps S12 and S13, also comprise: management server 20 sends the transmission record of authorization identifying information according to it to service server 30, generates the authentication service tabulation that includes authorization identifying information.Generally, exist several in order to the service server of different types of network service to be provided, for comprising a plurality of service providers again with a kind of network service.Management server 20 is not that all service providers are sent authorization identifying information, but sends targetedly.When different business server 30 sends authorization identifying information, management server 20 will send the record generation according to it and include the authentication service tabulation of writing down the information such as address of service of corresponding to each service server with this transmission at management server 20.The particular content such as the abovementioned steps S13 of said authentication service tabulation are said.
Shown in Figure 3 is the sketch map that uses a kind of embodiment of above-mentioned authentication method.In the present embodiment, said management server is made up of connection and authorization server and service managing server, and concrete authentication method is described below.
S31. start Web TV, send authentication request by the CAE module that is arranged in the Web TV to the connection and the authorization server of Platform Server, request content comprises: the ID of equipment; MAC Address, hardware version, software version; Network address information; The function coding tabulation, user name, password etc.
S32. connect with authorization server according to CAE module information transmitted, Web TV is carried out authorization identifying, and with the authorization identifying distribution of information to service managing server.When the many groups of existence service managing server, connect with authorization server Certificate Authority information is organized on service managing server through complete distribution of information to each.Wherein described in authorization identifying information such as the abovementioned steps S12.
S33. service managing server judgement each business that this Web TV had (as previously mentioned; Can be preassigned; Also can be to register) through network; And correspond to each service server that said each business is provided, the authorization identifying distribution of information is arrived said each service server.Wherein described in the authorization identifying information of same S32, promptly described in abovementioned steps S12.
S34. connect with authorization server the service list information (authentication authorization and accounting service list) of authorizing is returned to the CAE module.Described in the service list information such as abovementioned steps S13 of wherein said mandate.
The S35.CAE module offers the Web TV pusher side that this CAE module is set with feedback information (authentication authorization and accounting service list), and the Web TV band mandate permission information key, session id, the directly service of the service server application in the service list that success is authorized.
S36. receive certain service server of the service request request that Web TV sends, with the authorization identifying information that receives, according to step S33 receive and the stored authorized information comparison errorless after, to this Web TV the Internet resources service is provided.
By on can find out; The present invention authorizes Web TV by connecting with authorization server; Also serve (can be that the user is through registering the corresponding network service that obtains) according to each network that Web TV had of authorizing simultaneously by service managing server; To the above-mentioned relevant information that each service server that each network service is provided sends this Web TV, carry out record by each service server.When Web TV visit corresponding service server, this service server directly carries out authentication according to institute's information recorded to this Web TV.Said process; Saved the process that Web TV is all registered to each service server; During the user capture service server; Service server has recorded the Web TV that is authorized to, and only need judge whether this Web TV has been authorized to get final product, and has shortened the reciprocal process of Web TV and service server.And; In background technology; Only carry out authentication by authentication server, and the service server that each service is provided is concerning authentication is carried out at the terminal, the present invention more possesses fail safe; Make that whether service server is authorized to also carry out authentication to client, has guaranteed by the legitimacy of access client.
Shown in Figure 4 is the theory diagram of a kind of embodiment of above-mentioned Verification System.Said Verification System mainly comprises Web TV 10, management server 20 and service server 30.Specific as follows said:
The 3rd sending module 12 is arranged on the Web TV 10, is used for sending the request of obtaining resource service that comprises mandate permission information to service server 30.
Connect and authorization module 21, the information that the authentication request of sending according to the CAE module on the Web TV 10 11 comprises is carried out authorization identifying to Web TV 10, if authentication is passed through, then generates authorization identifying information.
First sending module 22 is used for will connecting the authorization identifying information that generates with authorization module 21 through wireless transport module and is sent to service management module 23.Said first sending module 22 is nonessential modules, also can directly by connecting with authorization module 21 or service management module 23 authorization identifying information be sent on the service server 30.
Second sending module 24 is in order to send the authentication service tabulation through wireless transport module to Web TV 10.
Authorize judge module 31; Whether the mandate that comprises in the resource service request of obtaining of sending in order to decision network television set 10 allows information to allow information consistent with the mandate that the management server 20 of its reception sends, and draws the qualification whether Web TV 10 has the resource service obtained according to result of determination.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (7)
1. the authentication method of a network terminal is characterized in that, comprises step:
A. the network terminal sends authentication request to management server;
B. the management server authentication is passed through the back to network terminal return authentication information, and to each authorization message that each professional service server sends this network terminal is provided for this network terminal;
C. the network terminal sends the services request that comprises said authentication information to service server;
D. service server carries out the legitimacy authentication according to said authorization message to the authentication information in the said services request.
2. method according to claim 1 is characterized in that,
Also comprise before the steps A: the network terminal is in each professional step of management server registration;
Each business that each business is said registration described in the step B.
3. method according to claim 1 is characterized in that, between step B and step C, also comprises:
Said management server generates the authentication service tabulation that comprises said each address of service server information, and offers the said network terminal.
4. method according to claim 3 is characterized in that, said authentication service tabulation also comprises the mandate time and/or the term of validity.
5. according to claim 1 or 3 described methods, it is characterized in that said authentication information and authorization message comprise the unique identifying information of the network terminal at least;
Said authorization message also comprises: authorize permission information key.
6. the Verification System of a network terminal is characterized in that, comprising:
The network terminal is used for to the management server request authentication with access authentication information, and sends the services request that comprises said authentication information to service server;
Management server is used for the network terminal is carried out authentication, and passes through the back to network terminal return authentication information in authentication, and to provide each each professional service server to send the authorization message at this terminal for this terminal;
Service server is used for the said authorization message that the receiving management server sends, and in view of the above the authentication information in the said services request of network terminal transmission is carried out the legitimacy authentication.
7. system according to claim 6 is characterized in that, said management server comprises:
Connect and authorization module, be used for the network terminal is carried out authentication, and pass through the back to network terminal return authentication information in authentication;
The service management module is used for to provide each each professional service server to send the authorization message at this terminal for the said network terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011104314540A CN102843584A (en) | 2011-06-20 | 2011-12-21 | Method and system for authenticating network terminals |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110166181 | 2011-06-20 | ||
CN201110166181.1 | 2011-06-20 | ||
CN2011104314540A CN102843584A (en) | 2011-06-20 | 2011-12-21 | Method and system for authenticating network terminals |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102843584A true CN102843584A (en) | 2012-12-26 |
Family
ID=47370596
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2011104314540A Pending CN102843584A (en) | 2011-06-20 | 2011-12-21 | Method and system for authenticating network terminals |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102843584A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105657466A (en) * | 2014-12-04 | 2016-06-08 | 中国移动通信集团公司 | Video playing method and apparatus |
CN105722072A (en) * | 2015-05-25 | 2016-06-29 | 乐视致新电子科技(天津)有限公司 | Business authorization method, device, system and router |
CN106060055A (en) * | 2016-06-14 | 2016-10-26 | 天脉聚源(北京)传媒科技有限公司 | Television video playing method and system |
CN107241293A (en) * | 2016-03-28 | 2017-10-10 | 杭州萤石网络有限公司 | A kind of resource access method, apparatus and system |
CN107872688A (en) * | 2017-11-28 | 2018-04-03 | 青岛海尔多媒体有限公司 | The authorization data statistical method and system of a kind of functions of television set item |
CN109547402A (en) * | 2018-09-27 | 2019-03-29 | 天津字节跳动科技有限公司 | Data guard method, device, electronic equipment and readable storage medium storing program for executing |
CN111563249A (en) * | 2020-05-06 | 2020-08-21 | 深圳市图元科技有限公司 | IOT authorization-based terminal verification method and system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1983956A (en) * | 2006-06-07 | 2007-06-20 | 华为技术有限公司 | Method for realizing Internet access and content server access |
CN101202882A (en) * | 2007-07-19 | 2008-06-18 | 深圳市同洲电子股份有限公司 | Method, system for transmitting medium resource and set-top box |
CN101795279A (en) * | 2010-01-25 | 2010-08-04 | 青岛海信电器股份有限公司 | Network television management method, network television management system and network television |
CN101888529A (en) * | 2010-06-28 | 2010-11-17 | 中兴通讯股份有限公司 | Management method and system of multimedia terminal information machine based on interactive television |
US20110276797A1 (en) * | 2010-05-04 | 2011-11-10 | Sony Corporation | Authentication and authorization for internet video client |
-
2011
- 2011-12-21 CN CN2011104314540A patent/CN102843584A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1983956A (en) * | 2006-06-07 | 2007-06-20 | 华为技术有限公司 | Method for realizing Internet access and content server access |
CN101202882A (en) * | 2007-07-19 | 2008-06-18 | 深圳市同洲电子股份有限公司 | Method, system for transmitting medium resource and set-top box |
CN101795279A (en) * | 2010-01-25 | 2010-08-04 | 青岛海信电器股份有限公司 | Network television management method, network television management system and network television |
US20110276797A1 (en) * | 2010-05-04 | 2011-11-10 | Sony Corporation | Authentication and authorization for internet video client |
CN101888529A (en) * | 2010-06-28 | 2010-11-17 | 中兴通讯股份有限公司 | Management method and system of multimedia terminal information machine based on interactive television |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105657466A (en) * | 2014-12-04 | 2016-06-08 | 中国移动通信集团公司 | Video playing method and apparatus |
CN105722072A (en) * | 2015-05-25 | 2016-06-29 | 乐视致新电子科技(天津)有限公司 | Business authorization method, device, system and router |
CN107241293A (en) * | 2016-03-28 | 2017-10-10 | 杭州萤石网络有限公司 | A kind of resource access method, apparatus and system |
CN106060055A (en) * | 2016-06-14 | 2016-10-26 | 天脉聚源(北京)传媒科技有限公司 | Television video playing method and system |
CN106060055B (en) * | 2016-06-14 | 2019-04-30 | 天脉聚源(北京)传媒科技有限公司 | A kind of television video playback method and system |
CN107872688A (en) * | 2017-11-28 | 2018-04-03 | 青岛海尔多媒体有限公司 | The authorization data statistical method and system of a kind of functions of television set item |
CN107872688B (en) * | 2017-11-28 | 2020-09-08 | 青岛海尔多媒体有限公司 | Method and system for counting authorization data of television function items |
CN109547402A (en) * | 2018-09-27 | 2019-03-29 | 天津字节跳动科技有限公司 | Data guard method, device, electronic equipment and readable storage medium storing program for executing |
CN109547402B (en) * | 2018-09-27 | 2021-06-22 | 天津字节跳动科技有限公司 | Data protection method and device, electronic equipment and readable storage medium |
CN111563249A (en) * | 2020-05-06 | 2020-08-21 | 深圳市图元科技有限公司 | IOT authorization-based terminal verification method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10587906B2 (en) | Apparatus and methods for content delivery and message exchange across multiple content delivery networks | |
CN101990183B (en) | Method, device and system for protecting user information | |
CN101796837B (en) | Secure signing method, secure authentication method and IPTV system | |
CN101350717B (en) | Method and system for logging on third party server through instant communication software | |
CN102843584A (en) | Method and system for authenticating network terminals | |
CN101647254B (en) | Method and system for the provision of services for terminal devices | |
CN100588198C (en) | Access control and key management system for streaming media | |
US9787478B2 (en) | Service provider certificate management | |
US20050066353A1 (en) | Method and system to monitor delivery of content to a content destination | |
CN102771102A (en) | Access to a network for distributing digital content | |
CN102597981A (en) | Modular device authentication framework | |
CN103765843A (en) | Method and apparatus for authenticating users of a hybrid terminal | |
CN105430431B (en) | multimedia data playing method and device | |
CN104836782B (en) | Server, client and data access method and system | |
CN102986239A (en) | Systems and methods for authorizing access to network services using information obtained from subscriber equipment | |
CN103023856A (en) | Single sign-on method, single sign-on system, information processing method and information processing system | |
CN104469489A (en) | User migration method, device and system for internet protocol television system | |
CN101257518B (en) | Method and system for preventing lawless ordering without through charging gateway in WAP platform | |
CN104272781A (en) | Method and system for accessing service/data of a first network from a second network for service/data access via the second network | |
CN105141624A (en) | Login method, account management server and client system | |
US20080260154A1 (en) | Method and system for protecting the internet access of a mobile telephone, and corresponding mobile telephone and terminal | |
AU2011214416B2 (en) | Method and device for authenticating users of a hybrid terminal | |
CN102415076B (en) | For method, interception module and network node element that authentication of users associates | |
CN101159846B (en) | Method, device and system of limiting terminal access address | |
CN101257519B (en) | Method and system for preventing lawless order without WAP gateway |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20121226 |