CN102882853A - System and method for internet user authentication - Google Patents
System and method for internet user authentication Download PDFInfo
- Publication number
- CN102882853A CN102882853A CN2012103239439A CN201210323943A CN102882853A CN 102882853 A CN102882853 A CN 102882853A CN 2012103239439 A CN2012103239439 A CN 2012103239439A CN 201210323943 A CN201210323943 A CN 201210323943A CN 102882853 A CN102882853 A CN 102882853A
- Authority
- CN
- China
- Prior art keywords
- address
- authentication
- user
- user terminal
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a system for internet user authentication and a method for internet user authentication. The system for the internet user authentication comprises a user terminal, a website server, an internet protocol (IP) address distribution identifying unit, an information collecting unit and an identification server. The identification server obtains a corresponding relationship between the IP address of the user terminal and the user identification information; the website server sends the terminal IP address to the identification server, obtains the user identification information corresponding to the IP address, and compares the user identification information with a verification method and registration data used when the user is registered; if the user identification information is in accordance with the association between the verification method used when the user is registered and the user identification information used when the data is registered, then the user verification is successful. The authentication method provided by the invention is simple, and high in accuracy and safety, wide in applicablescope.
Description
Technical field
The present invention relates to a kind of safety certifying method, especially relate to the system and method for subscriber authentication on the Internet.
Background technology
The Internet has been widely used in the various aspects such as production, service, life, and the service of widely applying provides on the internet such as ecommerce, financial service, commerce services etc.Along with the business that provides on the Internet is enriched constantly, information and property safety in order to protect the user need to authenticate user identity, with the activity that prevents that people false impersonation identity is harmful on the internet in real time.
Existing site for service often sends the method realization of identifying code to the checking of user identity by communication meanss such as SMS, calls to the user.
It is the patent documentation of CN100466776C that public notification number is authorized on March 4th, 2009 by State Intellectual Property Office of the People's Republic of China, title is the reverse Verification System of identity registration SMS and reverse authentication method, and method wherein comprises: client terminal provides service by network to the application of merchant identity authentication registration system; Behind the merchant identity authentication registration system lock client IP, send the service registry code to client terminal; Client terminal sends to merchant identity authentication registration system with the service registry code with SMS, and merchant identity authentication registration system authorization content service provider provides service to this client terminal.This scheme need to send registration code by SMS, verifies whether this registration code is consistent with the registration code of identity registration Verification System, and complex steps needs the user to pay short-message fee again, is difficult to realize the low expense of Internet service or without expense.
It is the patent documentation of CN101447872B that public notification number is authorized on September 28th, 2011 by State Intellectual Property Office of the People's Republic of China, title is a kind of user ID authentication method, system and identifying code generating maintenance subsystem, method wherein comprises: for the user who logins application system generates the subscriber authentication code, by communication switchboard with the subscriber authentication code as calling number, the calling party can display of calling the communication terminal of number; Application system is obtained being presented at the calling number on the communication terminal and comparing with the subscriber authentication code that generates of user input, carries out subscriber authentication.This scheme need to send authentication code by call, complex steps, need to take telephone communication resources, although free during the phone access failure, but the subscriber authentication code that generates is difficult to consistent with the true calling number of this time calling, upset the standard that the telephone communication network calling number sends, easily tackled by telephone communication network.
Summary of the invention
The present invention solves existing SMS or the telephone communication network of needing of prior art to call out transmission subscriber authentication code, complex steps, need to take the technical problem of note or call resource or expense, provide that a kind of step is simple, the system and method for the authentication of internet user that need not to take note or call resource or expense.
The present invention is directed to above-mentioned technical problem is mainly solved by following technical proposals: a kind of system of authentication of internet user comprises:
User terminal sends the service request comprise self IP address, and receives the service response that Website server returns to Website server, user terminal communicates by the Internet and other nodes;
Website server, be used for receiving the service request of user terminal and return service response, after judging that described service request needs subscriber authentication, send the user rs authentication request to identity server and receive subscriber identity information or the result that identity server is returned, after judging the described subscriber identity information of checking or the result, the service request of user terminal is made service response;
The IP address assignment authentication ' unit is used for specifying or the distributing IP address to user terminal, and the authentication of network insertion is provided to user terminal;
Information acquisition unit be used for to gather that the IP address assignment authentication ' unit has been specified or the IP address distributed and corresponding subscriber identity information thereof and send to identity server;
With the identity server that is provided with identity database, be used for to receive subscriber identity information and IP address that information acquisition unit sends over, set up described subscriber identity information and IP address corresponding relation and be stored in the identity database; After receiving the authentication request that comprises user terminal IP address that Website server sends, carry out the inquiry of subscriber identity information corresponding to user terminal IP address at identity database, and the subscriber identity information that inquires returned to Website server, return to the described the result of Website server after perhaps judging checking.
As preferably, described IP address assignment authentication ' unit comprises allocation unit and the access authentication unit of access network, described allocation unit is fixed address allocation units or dynamic address allocation unit, and described access network is cable access network or Radio Access Network.
As preferably, described IP address assignment unit is the gateway support node (GGSN, Gateway GPRS Support Node) of 2G or 2.5G or 3G or 4G radio communication access network.
A kind of method of authentication of internet user may further comprise the steps:
A, set up identity database in identity server;
B, at identity data library storage subscriber identity information and corresponding user terminal IP address, at least one in the user name that described subscriber identity information uses when comprising user terminal ISDN number and the authentication of user terminal accessing Internet;
C, Website server are accepted user's registration, storage user's registration data, and whether registration data comprises subscriber identity information and need verifies by identity server, generally represents with a marker bit whether the user needs to verify by identity server;
D, user terminal are connected to Website server, and send service request to Website server;
E, described Website server send the user identity request to user terminal after judging that service request need to be verified user identity; If do not need user identity is verified then directly make service response;
F, user terminal send user identity and are returned to Website server, the registration data of Website server inquiring user registration, needing by behind the identity server identifying user identity by the marker bit judgement, Website server is connected to identity server, if do not need by the identity server identifying user identity then database by Website server oneself is verified the information (being generally username and password) that user terminal sends;
G, Website server send authentication request to identity server; Identity server receives authentication request and verifies, identity server sends authentication and is returned to Website server; Website server receives authentication and replys, and according to the result the service request of user terminal is made service response.
As preferably, described step c specifically comprises:
C11, Website server are accepted user registration, send to Website server at user terminal input registration data and phone number and by the Internet;
C12, Website server are that the described user who registers generates the registration identifying code and sends the registration identifying code with the note form to mobile phone corresponding to phone number;
C13, the user who registers are input to user terminal with the registration identifying code on the SMS, and described registration identifying code is sent to Website server by the Internet;
The registration identifying code that c14, Website server relatively send by note and the registration identifying code that returns by the Internet, and if unanimously store enrollment data succeed in registration; Otherwise, registration failure.
As preferably, if subscriber identity information is included by the identity database of identity server then described step c can carry out according to the following steps:
C21, Website server are accepted user's registration, send to Website server at user terminal input registration data and by the Internet;
The authentication request that c22, Website server will comprise user terminal IP address is sent to identity server;
C23, identity server receive authentication request and subscriber identity information corresponding to inquiring user IP address of terminal in identity database; If find subscriber identity information corresponding to this user terminal IP address, then identity server is replied to the authentication that Website server sends the subscriber identity information that comprises IP address and correspondence; If do not find subscriber identity information corresponding to this user terminal IP address, then identity server sends to inquire about unsuccessfully to Website server and replys;
C24, Website server receive authentication and reply, inquire about the registration data of user's registration of described transmission authentication request, and subscriber identity information and registration data during relatively authentication is replied, if the subscriber identity information during authentication is replied and the subscriber identity information of registration data are consistent, then store enrollment data succeeds in registration; Otherwise, registration failure; If Website server receives inquiry and unsuccessfully replys then registration failure.
As preferably, described step g specifically comprises:
The authentication request that g11, Website server will comprise user terminal IP address is sent to identity server;
G12, identity server receive authentication request and subscriber identity information corresponding to inquiring user IP address of terminal in identity database; If find subscriber identity information corresponding to this user terminal IP address, then identity server is replied to the authentication that Website server sends the subscriber identity information that comprises IP address and correspondence; If do not find subscriber identity information corresponding to this user terminal IP address, then identity server sends to inquire about unsuccessfully to Website server and replys;
G13, Website server receive authentication and reply, inquiry sends the registration data of user's registration of authentication request, and the subscriber identity information of relatively authentication answer and the subscriber identity information of registration data, if unanimously the checking pass through, Website server is made service response to the service request of user terminal; If inconsistent then authentication failed, Website server send failure response to user terminal; If Website server receives inquiry and unsuccessfully replys then send failure response to user terminal.
As preferably, described step g can also be carried out as follows:
The authentication request that g21, Website server will comprise user terminal IP address and registration data is sent to identity server;
G22, identity server receive authentication request and subscriber identity information corresponding to inquiring user IP address of terminal in identity database; If find subscriber identity information corresponding to this user terminal IP address, identity server compares the subscriber identity information subscriber identity information corresponding with user terminal IP address of the registration data in the authentication request; If do not find subscriber identity information corresponding to this user terminal IP address, then identity server sends to inquire about to Website server and unsuccessfully replys and jump to step g 24;
If the subscriber identity information that the subscriber identity information of the described registration data of g23 and user terminal IP address are corresponding is consistent, then identity server sends and verifies that the authentication of passing through is returned to Website server, is returned to Website server otherwise identity server sends the authentication of authentication failed;
If the g24 Website server is received the authentication answer that checking is passed through, then the service request of user terminal is made service response; If Website server is received the authentication answer of authentication failed, then user terminal is sent failure response; If Website server receives inquiry and unsuccessfully replys then send failure response to user terminal.
As preferably, described step b specifically comprises:
B11, user apply for the user terminal IP address fixed to the access network provider; The access network provider is the fixing IP address of user assignment in its fixed address allocation units, and definite user name, and the user obtains user name and fixing IP address;
B12, user terminal use described fixing IP address to send username and password or service request arrives the access authentication unit; The access authentication unit authenticates;
B13, information acquisition unit receive described user name and user terminal IP address, and set up the corresponding relation of user name and user terminal IP address;
B14, information acquisition unit are sent to identity server with described user terminal IP address and user name;
B15, identity server are stored described user name and user terminal IP address and corresponding relation between the two in identity database.
As preferably, described step b can also carry out as follows:
B21, user terminal send username and password to the access authentication unit or the dynamic address allocation unit, application IP address;
B22, access authentication unit authentication username and password, dynamic address allocation unit are user terminal distributing user IP address of terminal in its Internet IP address set;
Two kinds of situations are arranged here: one, access authentication unit elder generation authentication username and password, authentication be user terminal distributing user IP address of terminal in its Internet IP address set by dynamic address allocation unit then, authenticates not by then making failure response; Two, the dynamic address allocation unit is user terminal distributing user IP address of terminal in its Internet IP address set first, then user terminal sends username and password to the access authentication unit, access authentication unit authentication username and password, authentication is by then entering step b23, and authentication is not by then making failure response;
B23, information acquisition unit receive user terminal IP address and described user name, and set up the corresponding relation of user terminal IP address and described user name;
B24, information acquisition unit are sent to identity server with described user terminal IP address and user name;
B25, identity server are stored described user name and user terminal IP address and corresponding relation between the two in identity database.
As preferably, described step b can also following mode carry out:
B31, user terminal send and adhere to (Attach) and ask to service support node (SGSN, Serving GPRS SUPPORT NODE);
B32, described service support node (SGSN) carry out authentication to user terminal, after checking, adhere to (Attach) to the user terminal transmission and accept;
B33, user terminal send and activate packet message agreement (PDP, Packet Data Protocol) context request is to service support node (SGSN), service support node (SGSN) sends sets up packet message agreement (PDP) context request to gateway support node (GGSN);
B34, described gateway support node (GGSN) assigned ip address, and send and to set up the packet message context and reply service support node (SGSN), described assigned ip address is gateway support node (GGSN) distributing IP address or Dynamic Host Configuration Protocol server distributing IP address of being connected by gateway support node (GGSN) from the Internet IP address set of described gateway support node (GGSN) specifically;
B35, service support node (SGSN) send activation packet message agreement (PDP) context and receive user terminal;
B36, information acquisition unit receive IP address and the corresponding international mobile subscriber identifier (IMSI of appointment, International Mobile Subscriber Identification Number), information acquisition unit obtains corresponding mobile subscriber ISDN (Integrated Services Digital Network) number (MSISDN, Mobile Subscriber International ISDN number) by international mobile subscriber identifier (IMSI);
B37, described information acquisition unit are set up the corresponding relation of the IP address of mobile subscriber ISDN number (MSISDN) and appointment, and the IP address of mobile subscriber ISDN number (MSISDN) and appointment is sent to identity server;
B38, identity server are stored IP address and the mobile subscriber ISDN number (MSISDN) of described appointment in identity database.
In the Internet or mobile Internet, each network terminal has unique address and other-end or the network equipment to distinguish, and the address of this difference can be the IP address.Current IP address comprises IPV4 and IPV6 address, represents current equipment; In a certain moment in a certain subnet, IP address and the network terminal are one to one; Simultaneously, in the various application data bags of transmission, the IP address is absolutely necessary on the internet.
User terminal is accepted the authentication that operator is provided of Internet access service during by wired or wireless network connection the Internet usually; Need to pass through the authentication of 2G, 2.5G, 3G or 4G link service provider China Mobile or China Telecom or CHINAUNICOM could use such as mobile phone terminal.Subscriber identity information and user terminal that verification process uses are corresponding relations, and an IP address can only be used by the user terminal that same username enters the Internet.Therefore, corresponding subscriber identity information in IP address.
At 2G, 2.5G, 3G or 4G access network, a mobile subscriber ISDN number (MSISDN) only allows a user terminal access, and subscriber identity information of some access networks allows a plurality of user terminal accesses; Therefore, a subscriber identity information can corresponding one or more IP address.
The authentication username of user access network use and the IP address that accessing user terminal to network distributes are obtained and stored to the technical solution adopted in the present invention, identity server; Website server obtains subscriber identity information corresponding to user terminal by sending user terminal IP address to identity server, and then the registration data with subscriber identity information and user's registration compares, and carries out the checking of user identity; Avoided calling out transmission subscriber authentication code based on SMS or telephone communication network, complex steps, need to take the problem of note or call resource expense, provide that a kind of step is simple, the system and method for the authentication of internet user that need not to take the resources such as note or phone.
The invention has the beneficial effects as follows: the identity server of using the third party to set up, for site for service provides the subscriber authentication service, avoid user identity counterfeiting.Particularly, identity server connection 2G, 3G, 4G, WALN, access service wireless or cable access network provide operator's communication network, obtain the corresponding relation of user terminal IP address and subscriber identity information; Website server or its web page program transmitting terminal IP address are to identity server, obtain subscriber identity information corresponding to IP address, and verification mode and registration data when subscriber identity information and user registered compare, if the subscriber identity information the when verification mode when described subscriber identity information is registered with the user and registration data is related consistent, represent that then user rs authentication passes through.This scheme has guaranteed Website server is sent the validated user that the user who asks is this user terminal, and intermediate steps is less, does not need the support of mobile phone or phone in the proof procedure, reduces resource occupation.In the higher network service of some security requirements, can guarantee that each step (or important step) is to be filed a request by validated user, improve fail safe.
Description of drawings
Fig. 1 is the structural representation of the system of a kind of authentication of internet user of the present invention;
Fig. 2 is the schematic flow sheet of the method for a kind of authentication of internet user of the present invention;
Fig. 3 is the flow chart of a kind of method at identity data library storage subscriber identity information and user terminal IP address of the present invention;
Fig. 4 is that another kind of the present invention is at the flow chart of the method for identity data library storage subscriber identity information and user terminal IP address;
Fig. 5 is another flow chart in the method for identity data library storage subscriber identity information and user terminal IP address of the present invention;
Fig. 6 is the flow chart of the method registered in the website of a kind of user of the present invention;
Fig. 7 is the flow chart of the method registered in the website of another kind of user of the present invention;
Fig. 8 is that a kind of Website server of the present invention is to the flow chart of identity server identifying user identity;
Fig. 9 is that another kind of Website server of the present invention is to the flow chart of identity server identifying user identity;
Among the figure: 11, user terminal, 12, the IP address assignment authentication ' unit, 13, identity server, 14, Website server, 15, information acquisition unit, 16, network.
Embodiment
Below by embodiment, and by reference to the accompanying drawings, technical scheme of the present invention is described in further detail.
Embodiment 1
The system of a kind of authentication of internet user of the present embodiment as shown in Figure 1, comprises user terminal 11, IP address assignment authentication ' unit 12, identity server 13, Website server 14 and information acquisition unit 15.User terminal 11 is connected with Website server via network 16 connections, identity server 13 is connected with Website server via network 16 connections, user terminal 11 is connected with the IP address assignment authentication ' unit via network 16 connections, and IP address assignment authentication ' unit 12 connects identity server 13 by information acquisition unit 15.Network 16 is by formations such as internet, dedicated communication line, mobile communications network (comprising the base station), broadband wireless network (comprising AP), gateways.
IP address assignment authentication ' unit 12 can comprise allocation unit and the access authentication unit of access network;
IP address assignment authentication ' unit 12 is used for specifying or the distributing IP address to user terminal 11, and network access authentication is provided for user terminal 11;
Identity database on the identity server 13 is according to the storage IP address of the method for the invention foundation and the database of identity information corresponding relation.
In the present embodiment, the IP address assignment authentication ' unit comprises dynamic address allocation unit and the access authentication unit of access network; Described access network is wired access network or wireless access network, wired access network is ADSL (Asymmetric Digital Subscriber Line) (ADSL for example, Asymmetric Digital Subscriber Loop), wireless access network WLAN (WLAN, Wireless Local Area Networks) for example; Described dynamic address allocation unit can be that the configuration DynamicHost arranges agreement (DHCP, Dynamic Host Configuration Protocol) server, the access authentication unit can be the server that has configured remote customer dialing authentication service agreement (RADIUS, Remote Authentication Dial In User Service).
A kind of method of authentication of internet user may further comprise the steps:
Step a, set up identity database in identity server;
Step b, at identity data library storage subscriber identity information and corresponding user terminal IP address, at least one in the user name that described subscriber identity information uses when comprising user terminal ISDN number and the authentication of user terminal accessing Internet; As shown in Figure 4, step b specifically comprises in the present embodiment:
Step b21, user terminal send username and password to the access authentication unit or the dynamic address allocation unit, application IP address;
Step b22, access authentication unit authentication username and password, dynamic address allocation unit are user terminal distributing user IP address of terminal in its Internet IP address set;
Network to different access authentication modes, two kinds of situations are arranged here: one, user terminal sends first username and password to the access authentication unit, access authentication unit authentication username and password, authentication is passed through then, and the dynamic address allocation unit is user terminal distributing user IP address of terminal in its Internet IP address set, and entering step b23, authentication is not by then making failure response; This kind authentication mode is the IEEE 802.1X authentication of Port-based network access control protocol (Port Based Network Access Control) for example; Two, the dynamic address allocation unit is user terminal distributing user IP address of terminal in its Internet IP address set first, then user terminal sends username and password to the access authentication unit, access authentication unit authentication username and password, authentication is by then entering step b23, and authentication is not by then making failure response; This kind authentication mode is for example based on the web authentication of Web Portal;
Step b23, information acquisition unit receive user terminal IP address and described user name, and set up the corresponding relation of user terminal IP address and described user name;
Information acquisition unit receives the flow process of user terminal IP address and user name, can adopt signal collecting flow process or database to read flow process; Described signal collecting flow process, be information acquisition unit gather that the dynamic address allocation unit is received and the IP packet that sends in information and order, and gather that the access authentication unit is received and the IP packet that sends in information and order, analyze described information and order, obtain the corresponding relation of user terminal IP address and user name.
Described database reads flow process, is that information acquisition unit connects dynamic address allocation unit or the storing IP address of access authentication unit and the database of user name, obtains IP address and user name and sets up corresponding relation; For example be connected TCP/IP with the access authentication unit with the dynamic address allocation unit at information acquisition unit and be connected, access authentication unit or dynamic address allocation unit will be stored in IP address in its database to be connected described TCP/IP and to connect and send to information acquisition unit with user name; For example the database configuration of access authentication unit and dynamic address allocation unit has database service end program again, information acquisition unit disposes the client-side program of database, described database client connects described database service end, and information acquisition unit is by the IP address in the database of database client program reading database service end and user name and set up corresponding relation;
Step b24, information acquisition unit are sent to identity server with described user terminal IP address and user name;
Step b25, identity server are stored described user name and user terminal IP address and corresponding relation between the two in identity database;
So far step b finishes.
Step c, Website server are accepted user's registration, storage user's registration data, whether registration data comprises subscriber identity information and need verifies by identity server, generally represents with a marker bit whether the user needs to verify by identity server;
The subscriber identity information that the registration data of user's registration uses when comprising verification mode and checking, Website server uses the Information Authentication user identity of described registration data, therefore, registration data to user's registration need to be verified, checking is arrived user terminal by then storing in the Website server storage device otherwise send registration failure information;
Take the such Website server of Web bank as example, often require the user at first at Website server registered user name and password, and the verification mode when accounts information and user being set relating to the operation of account fund; When the user uses Web bank to relate to the account fund operation, the verification mode identifying user identity that arranges when the Website server user of Web bank registers; The registered user's of the registration data that the verification mode that arranges and checking are used identity, the Website server of Web bank can be by SMSs, check the modes such as user identity card or residence booklet verify; The present embodiment uses short message mode checking registered user's identity;
As shown in Figure 6, step c specifically comprises in the present embodiment:
Step c11, Website server are accepted user registration, send to Website server at user terminal input registration data and phone number and by the Internet;
Step c12, Website server are that the described user who registers generates the registration identifying code and sends the registration identifying code with the note form to mobile phone corresponding to phone number;
The registration identifying code of described generation can be formed by several numerals or monogram;
Step c13, the user who registers are input to user terminal with the registration identifying code on the SMS, and described registration identifying code is sent to Website server by the Internet;
The registration identifying code that step c14, Website server relatively send by note and the registration identifying code that returns by the Internet, and if unanimously store enrollment data succeed in registration; Otherwise, registration failure;
So far step c finishes.
Subsequent step as shown in Figure 2.
Steps d, user terminal are connected to Website server, and send service request to Website server;
Passing through between the equipment in the Internet sends or receives the IP packet and realize communication, and the IP packet comprises source IP address and purpose IP address, and source IP address is transmit leg IP address, and purpose IP address is recipient's IP address; The service request that user terminal sends to Website server is the IP packet, and its source IP address is the IP address of user terminal; Website server can from the service request that receives user terminal, obtain the IP address of user terminal;
Step e, described Website server send the user identity request to user terminal after judging that service request need to be verified user identity; If do not need user identity is verified then directly make service response;
Step f, user terminal send user identity and are returned to Website server, the registration data of Website server inquiring user registration, needing by behind the identity server identifying user identity by the marker bit judgement, Website server is connected to identity server, if do not need by the identity server identifying user identity then information (being generally username and password) that database by Website server oneself sends user terminal is verified or adopt other modes to verify;
Take the Website server of Web bank as example, when the user sends the service request of the operation that relates to account fund, so that guarantee fund security, just often will carry out authentication and carry out next step the operations such as account transfer by rear permission user the user; The mode of subscriber authentication is registered when the user opens Web bank, can register the mode that sends the short-message verification code to user mobile phone, also can enrollment status server authentication mode, also can register multiple verification mode; The checking selection mode that the Website server of Web bank can arrange according to fund amount or the user of user's operation, the mode of definite checking is also verified;
Step g, Website server send authentication request to identity server; Identity server receives authentication request and verifies, identity server sends authentication and is returned to Website server; Website server receives authentication and replys, and according to the result the service request of user terminal is made service response; As shown in Figure 8, step g specifically comprises in the present embodiment:
The authentication request that step g 11, Website server will comprise user terminal IP address is sent to identity server;
So far step g finishes.
In above step, the subscriber identity information transmission of carrying out on the internet can adopt encryption technology to maintain secrecy.
Embodiment 2
The system of the authentication of internet user of the present embodiment is identical with embodiment 1, in the method for authentication of internet user, the user registers front user profile and is included by the identity database of identity server, and step c is different from the method for embodiment 1, and all the other steps are identical.Step c carries out as shown in Figure 7 in the following manner:
Step c21, Website server are accepted user's registration, send to Website server at user terminal input registration data and by the Internet;
The authentication request that step c22, Website server will comprise user terminal IP address is sent to identity server;
Step c23, identity server receive authentication request and subscriber identity information corresponding to inquiring user IP address of terminal in identity database; If find subscriber identity information corresponding to this user terminal IP address, then identity server is replied to the authentication that Website server sends the subscriber identity information that comprises IP address and correspondence; If do not find subscriber identity information corresponding to this user terminal IP address, then identity server sends to inquire about unsuccessfully to Website server and replys;
Step c24, Website server receive authentication and reply, inquire about the registration data of user's registration of described transmission authentication request, and the subscriber identity information during relatively authentication is replied and the subscriber identity information of registration data, if the subscriber identity information during authentication is replied and the subscriber identity information of registration data are consistent, then store enrollment data succeeds in registration; Otherwise, registration failure; If Website server receives inquiry and unsuccessfully replys then registration failure.
Registered user's identity is used the identity server checking in the present embodiment.
Embodiment 3
The system of the authentication of internet user of the present embodiment is identical with embodiment 1, and in the method for authentication of internet user, step g is different from the method for embodiment 1, and all the other steps are identical.Step g is carried out as shown in Figure 9 in the following manner:
The authentication request that step g 21, Website server will comprise user terminal IP address and registration data is sent to identity server;
Step g 22, identity server receive authentication request and subscriber identity information corresponding to inquiring user IP address of terminal in identity database; If find subscriber identity information corresponding to this user terminal IP address, identity server compares the registration data subscriber identity information corresponding with user terminal IP address in the authentication request; If do not find subscriber identity information corresponding to this user terminal IP address, then identity server sends to inquire about to Website server and unsuccessfully replys and jump to step g 24;
If the subscriber identity information that the subscriber identity information of step g 23 described registration datas and user terminal IP address are corresponding is consistent, then identity server sends and verifies that the authentication of passing through is returned to Website server, is returned to Website server otherwise identity server sends the authentication of authentication failed;
If step g 24 Website servers are received the authentication answer that checking is passed through, then the service request of user terminal is made service response; If Website server is received the authentication answer of authentication failed, then user terminal is sent failure response; If Website server receives inquiry and unsuccessfully replys then send failure response to user terminal.
Embodiment 4
The system of the authentication of internet user of the present embodiment is identical with embodiment 2, and in the method for authentication of internet user, step g is different from the method for embodiment 2, and all the other steps are identical.Step g is undertaken by the mode among the embodiment 3.
Embodiment 5
The system of the authentication of internet user of the present embodiment, IP address assignment authentication ' unit wherein comprise fixed address allocation units and the access authentication unit of cable access network or Radio Access Network, and remainder is identical with embodiment 1.
In the method for authentication of internet user, step b is different from embodiment 1, and all the other steps are identical.Step b is specially as shown in Figure 3:
Step b11, user apply for the user terminal IP address fixed to the access network provider; The access network provider is the fixing IP address of user assignment in its fixed address allocation units, and definite user name, and described fixed address allocation units distribute fixing IP address in its Internet IP address set; The user obtains user name and fixing IP address;
The user is to the access network provider, and for example the provider China Telecom of Chinese broadband internet (CHINANET) obtains fixing IP address after submit applications is granted, and determines that a user name is set in the fixed address allocation units of access network; The user is set in subscriber equipment or the user terminal after obtaining fixing IP address and user name;
Step b12, user terminal use described fixed ip address to send username and password or service request arrives the access authentication unit; The access authentication unit authenticates;
The access authentication of fixed ip address according to the setting of fixed address allocation units, can adopt the authentication mode of username and password authentication, also can adopt other access authentication modes, as adopting the access authentication mode of IP address bundled user facility information;
Step b13, information acquisition unit receive described user name and user terminal IP address, and set up the corresponding relation of user name and user terminal IP address;
Information acquisition unit receives the flow process of user terminal IP address and user name, can adopt database to read flow process; Described database reads flow process, is that information acquisition unit is connected and fixed the storing IP address of allocation unit or access authentication unit and the database of user name, obtains IP address and user name and sets up corresponding relation; For example the database configuration of authentication ' unit and fixed address allocation units has database service end program, information acquisition unit disposes the client-side program of database, described database client connects described database service end, and information acquisition unit is by IP address and user name in the database of database client program reading database service end; Perhaps for example be connected TCP/IP with the access authentication unit with the fixed address allocation units at information acquisition unit and be connected, access authentication unit or fixed address allocation units will be stored in IP address in its database to be connected described TCP/IP and to connect and send to information acquisition unit with user name;
Step b14, information acquisition unit are sent to identity server with described user terminal IP address and user name;
Step b15, identity server are stored described user name and user terminal IP address and corresponding relation between the two in identity database.
Embodiment 6
The system of the authentication of internet user of the present embodiment is identical with embodiment 5, in the method for authentication of internet user, the user registers front user profile and is included by the identity database of identity server, and step c is different from the method for embodiment 5, and all the other steps are identical.Step c is undertaken by the mode among the embodiment 2.
Embodiment 7
The system of the authentication of internet user of the present embodiment is identical with embodiment 5, and in the method for authentication of internet user, step g is different from the method for embodiment 5, and all the other steps are identical.Step g is undertaken by the mode among the embodiment 3.
Embodiment 8
The system of the authentication of internet user of the present embodiment is identical with embodiment 6, and in the method for authentication of internet user, step g is different from the method for embodiment 6, and all the other steps are identical.Step g is undertaken by the mode among the embodiment 3.
Embodiment 9
The system of the authentication of internet user of the present embodiment, IP address assignment authentication ' unit wherein comprise the gateway support node (GGSN) of 2G or 2.5G or 3G or 4G radio communication access network, and remainder is identical with embodiment 1.
In the method for authentication of internet user, step b is different from embodiment 1, and all the other steps are identical.Step b is specially as shown in Figure 5:
Step b31, user terminal send and adhere to (Attach) and ask to service support node (SGSN);
Step b32, described service support node (SGSN) carry out authentication to user terminal, after checking, adhere to (Attach) to the user terminal transmission and accept;
Step b33, user terminal send and activate packet message agreement (PDP) context request to service support node (SGSN), and service support node (SGSN) sends sets up packet message agreement (PDP) context request to gateway support node (GGSN);
Step b34, described gateway support node (GGSN) assigned ip address, and send and to set up packet message agreement (PDP) context and reply service support node (SGSN), the assigned ip address is gateway support node (GGSN) distributing IP address or Dynamic Host Configuration Protocol server distributing IP address of being connected by gateway support node (GGSN) from the Internet IP address set of described gateway support node (GGSN) specifically;
Step b35, service support node (SGSN) send activation packet message agreement (PDP) context and receive user terminal;
Step b36, information acquisition unit receive IP address and the corresponding international mobile subscriber identifier (IMSI) of appointment, and information acquisition unit obtains corresponding mobile subscriber ISDN number (MSISDN) by international mobile subscriber identifier (IMSI);
Step b37, information acquisition unit are set up the corresponding relation of the IP address of mobile subscriber ISDN number (MSISDN) and appointment, and the IP address of mobile subscriber ISDN number (MSISDN) and appointment is sent to identity server;
Step b38, identity server are stored IP address and the mobile subscriber ISDN number (MSISDN) of described appointment in identity database;
Described step b36 information acquisition unit obtains mobile subscriber ISDN number (MSISDN) specifically to be undertaken by following mode: signal collecting unit and gateway support node unit (GGSN) are connected SGSN with service support node) etc. network element be connected, gather, store and analyze the communication signaling of service support node (SGSN) and gateway support node unit (GGSN), obtain the corresponding relation of international mobile subscriber identity (IMSI) and assigned ip address; The signal collecting unit connects HLR or BOSS system, inquiry and mobile subscriber ISDN number (MSISDN) corresponding to reception international mobile subscriber identity (IMSI); The corresponding relation of mobile subscriber ISDN number (MSISDN) and IP address is set up in the signal collecting unit.
Wherein said signal collecting unit obtains the corresponding relation of international mobile subscriber identity (IMSI) and assigned ip address, is specifically undertaken by following mode:
The signaling information that adheres to (Attach) flow process of carrying out between the collection of signal collecting unit, storage and analysis user terminal and the service support node (SGSN), the signaling information of described collection comprises international mobile subscriber identity (IMSI) and network service zone point identification (NSAPI, and the corresponding relation between foundation and storage networking coverage point identification (NSAPI), packet TMSI number (P-TMSI) and the international mobile subscriber identity (IMSI) Network Service Access Point Identifier) etc.; The signal collecting unit gathers, stores and analyze the signaling information of carrying out packet message agreement (PDP) context active flow between service support node (SGSN) and the gateway support node (GGSN), described collection signaling information comprise the information such as network service zone point identification (NSAPI), static PDP address and dynamic PDP addresses, and set up and store corresponding relation between static PDP or dynamic PDP addresses and the regional point identification of network service (NSAPI).International mobile subscriber identity (IMSI) is by network service zone point identification (NSAPI), set up corresponding relation with static PDP address or dynamic PDP addresses, and static PDP or dynamic PDP addresses are the IP addresses of described appointment, therefore, international mobile subscriber identity (IMSI) is set up corresponding relation with the IP address of appointment.
That carries out between described user terminal and the service support node (SGSN) adheres to (Attach) flow process, can be undertaken by following mode: user terminal is being brought into use data service, and carry out parameters such as sending international mobile subscriber identity (IMSI) and network service zone point identification (NSAPI) when adhering to (Attach) flow process between the service support node (SGSN), and receive the packet TMSI number (P-TMSI, Packet Temporary Mobile Subscriber Identity) that service support node (SGSN) returns; User terminal is mobile the switching in the usage data business procedure, and carry out parameters such as sending packet TMSI number (P-TMSI) and network service zone point identification (NSAPI) when adhering to (Attach) flow process between the service support node (SGSN), and receive the packet TMSI number (P-TMSI, Packet Temporary Mobile Subscriber Identity) that service support node (SGSN) returns.Information acquisition unit gathers the signaling information that adheres to (Attach) flow process between user terminal and the service support node (SGSN), and the corresponding relation of storage international mobile subscriber identity (IMSI), the regional point identification (NSAPI) of network service and the packet TMSI number (P-TMSI) that returns at last.
Carry out packet message agreement (PDP) context active flow between described service support node (SGSN) and the gateway support node (GGSN), can be undertaken by following mode: user terminal sends and activates packet message agreement (PDP) context request to service support node (SGSN), and described activation packet message agreement (PDP) context request comprises the parameters such as network service zone point identification (NSAPI); Service support node (SGSN) sends sets up packet message agreement (PDP) context request to gateway support node (GGSN), and described packet message agreement (PDP) context request of setting up comprises the parameters such as network service zone point identification (NSAPI); Described gateway support node (GGSN) assigned ip address, and send and to set up packet message agreement (PDP) context and reply service support node (SGSN), wherein set up the dynamic PDP addresses parameter that packet message agreement (PDP) context replys and be the assigned ip address.
Embodiment 10
The system of the authentication of internet user of the present embodiment is identical with embodiment 5, in the method for authentication of internet user, the user registers front user profile and is included by the identity database of identity server, and step c is different from the method for embodiment 9, and all the other steps are identical.Step c is undertaken by the mode among the embodiment 2.
The system of the authentication of internet user of the present embodiment is identical with embodiment 5, and in the method for authentication of internet user, step g is different from the method for embodiment 9, and all the other steps are identical.Step g is undertaken by the mode among the embodiment 3.
The system of the authentication of internet user of the present embodiment is identical with embodiment 6, and in the method for authentication of internet user, step g is different from the method for embodiment 10, and all the other steps are identical.Step g is undertaken by the mode among the embodiment 3.
Specific embodiment described herein only is to the explanation for example of the present invention's spirit.Those skilled in the art can make various modifications or replenish or adopt similar mode to substitute described specific embodiment, but can't depart from spirit of the present invention or surmount the defined scope of appended claims.
Although this paper has more used the terms such as subscriber identity information, user terminal, identity server, do not get rid of the possibility of using other term.Using these terms only is in order to describe more easily and explain essence of the present invention; They are construed to any additional restriction all is contrary with spirit of the present invention.
Claims (11)
1. the system of an authentication of internet user is characterized in that, comprising:
User terminal sends the service request comprise self IP address, and receives the service response that Website server returns to Website server, user terminal communicates by the Internet and other nodes;
Website server, be used for receiving the service request of user terminal and return service response, after judging that described service request needs subscriber authentication, send the user rs authentication request to identity server and receive subscriber identity information or the result that identity server is returned, after judging the described subscriber identity information of checking or the result, the service request of user terminal is made service response;
The IP address assignment authentication ' unit is used for specifying or the distributing IP address to user terminal, and the authentication of network insertion is provided to user terminal;
Information acquisition unit be used for to gather that the IP address assignment authentication ' unit has been specified or the IP address distributed and corresponding subscriber identity information thereof and send to identity server;
With the identity server that is provided with identity database, be used for to receive subscriber identity information and IP address that information acquisition unit sends over, set up described subscriber identity information and IP address corresponding relation and be stored in the identity database; After receiving the authentication request that comprises user terminal IP address that Website server sends, carry out the inquiry of subscriber identity information corresponding to user terminal IP address at identity database, and the subscriber identity information that inquires returned to Website server, return to the described the result of Website server after perhaps judging checking.
2. the system of a kind of authentication of internet user according to claim 1, it is characterized in that, described IP address assignment authentication ' unit comprises allocation unit and the access authentication unit of access network, described allocation unit is fixed address allocation units or dynamic address allocation unit, and described access network is cable access network or Radio Access Network.
3. the system of a kind of authentication of internet user according to claim 1 is characterized in that, described IP address assignment unit is the gateway support node of 2G or 2.5G or 3G or 4G radio communication access network.
4. the method for an authentication of internet user is characterized in that, may further comprise the steps:
A, set up identity database in identity server;
B, at identity data library storage subscriber identity information and corresponding user terminal IP address, at least one in the user name that described subscriber identity information uses when comprising user terminal ISDN number and the authentication of user terminal accessing Internet;
C, Website server are accepted user's registration, storage user's registration data, and whether registration data comprises subscriber identity information and need verifies by identity server;
D, user terminal are connected to Website server, and send service request to Website server;
E, described Website server send the user identity request to user terminal after judging that service request need to be verified user identity;
F, user terminal send user identity and are returned to Website server, and the registration data of Website server inquiring user registration needs by behind the identity server identifying user identity in judgement, and Website server is connected to identity server;
G, Website server send authentication request to identity server; Identity server receives authentication request and verifies, identity server sends authentication and is returned to Website server; Website server receives authentication and replys, and according to the result the service request of user terminal is made service response.
5. the method for a kind of authentication of internet user according to claim 4 is characterized in that, described step c specifically comprises:
C11, Website server are accepted user registration, send to Website server at user terminal input registration data and phone number and by the Internet;
C12, Website server are that the described user who registers generates the registration identifying code and sends the registration identifying code with the note form to mobile phone corresponding to phone number;
C13, the user who registers are input to user terminal with the registration identifying code on the SMS, and described registration identifying code is sent to Website server by the Internet;
The registration identifying code that c14, Website server relatively send by note and the registration identifying code that returns by the Internet, and if unanimously store enrollment data succeed in registration; Otherwise, registration failure.
6. the method for a kind of authentication of internet user according to claim 4 is characterized in that, described step c specifically comprises:
C21, Website server are accepted user's registration, send to Website server at user terminal input registration data and by the Internet;
The authentication request that c22, Website server will comprise user terminal IP address is sent to identity server;
C23, identity server receive authentication request and subscriber identity information corresponding to inquiring user IP address of terminal in identity database; If find subscriber identity information corresponding to this user terminal IP address, then identity server is replied to the authentication that Website server sends the subscriber identity information that comprises IP address and correspondence;
C24, Website server receive authentication and reply, inquire about the registration data of user's registration of described transmission authentication request, and subscriber identity information and the registration data of relatively authentication answer, if the subscriber identity information that authentication is replied and the subscriber identity information of registration data are consistent, then store enrollment data succeeds in registration; Otherwise, registration failure.
7. the method for a kind of authentication of internet user according to claim 4 is characterized in that, described step g specifically comprises:
The authentication request that g11, Website server will comprise user terminal IP address is sent to identity server;
G12, identity server receive authentication request and subscriber identity information corresponding to inquiring user IP address of terminal in identity database; If find subscriber identity information corresponding to this user terminal IP address, then identity server is replied to the authentication that Website server sends the subscriber identity information that comprises IP address and correspondence;
G13, Website server receive authentication and reply, inquiry sends the registration data of user's registration of authentication request, and the subscriber identity information of relatively authentication answer and the subscriber identity information of registration data, if unanimously the checking pass through, Website server is made service response to the service request of user terminal; If inconsistent then authentication failed, Website server send failure response to user terminal.
8. the method for a kind of authentication of internet user according to claim 4 is characterized in that, described step g specifically comprises:
The authentication request that g21, Website server will comprise user terminal IP address and registration data is sent to identity server;
G22, identity server receive authentication request and subscriber identity information corresponding to inquiring user IP address of terminal in identity database; If find subscriber identity information corresponding to this user terminal IP address, identity server compares the subscriber identity information subscriber identity information corresponding with user terminal IP address of registration data in the authentication request;
If the subscriber identity information that the subscriber identity information of the described registration data of g23 and user terminal IP address are corresponding is consistent, then identity server sends and verifies that the authentication of passing through is returned to Website server, is returned to Website server otherwise identity server sends the authentication of authentication failed;
If the g24 Website server is received the authentication answer that checking is passed through, then the service request of user terminal is made service response; If Website server is received the authentication answer of authentication failed, then user terminal is sent failure response.
9. according to claim 4 or the method for 5 or 6 or 7 or 8 described a kind of authentication of internet users, it is characterized in that, described step b specifically comprises:
B11, user apply for the user terminal IP address fixed to the access network provider; The access network provider is the fixing IP address of user assignment in its fixed address allocation units, and definite user name, and the user obtains user name and fixing IP address;
B12, user terminal use described fixing IP address to send username and password or service request arrives the access authentication unit; The access authentication unit authenticates;
B13, information acquisition unit receive described user name and user terminal IP address, and set up the corresponding relation of user name and user terminal IP address;
B14, information acquisition unit are sent to identity server with described user terminal IP address and user name;
B15, identity server are stored described user name and user terminal IP address and corresponding relation between the two in identity database.
10. according to claim 4 or the method for 5 or 6 or 7 or 8 described a kind of authentication of internet users, it is characterized in that, described step b specifically comprises:
B21, user terminal send username and password to the access authentication unit or the dynamic address allocation unit, application IP address;
B22, access authentication unit authentication username and password, dynamic address allocation unit are user terminal distributing user IP address of terminal in its Internet IP address set;
B23, information acquisition unit receive user terminal IP address and described user name, and set up the corresponding relation of user terminal IP address and described user name;
B24, information acquisition unit are sent to identity server with described user terminal IP address and user name;
B25, identity server are stored described user name and user terminal IP address and corresponding relation between the two in identity database.
11. according to claim 4 or the method for 5 or 6 or 7 or 8 described a kind of authentication of internet users, it is characterized in that, described step b specifically comprises:
B31, user terminal send to adhere to and ask to service support node;
B32, described service support node carry out authentication to user terminal, after checking, adhere to acceptance to the user terminal transmission;
B33, user terminal send and activate the packet message protocol context request to service support node, and service support node sends sets up the packet message protocol context request to gateway support node;
B34, described gateway support node assigned ip address, and send and to set up the packet message context and reply service support node, described assigned ip address is gateway support node distributing IP address or Dynamic Host Configuration Protocol server distributing IP address of being connected by gateway support node from the Internet IP address set of described gateway support node specifically;
B35, service support node send activation packet message context and receive user terminal;
B36, information acquisition unit receive IP address and the corresponding international mobile subscriber identifier of appointment, and information acquisition unit obtains corresponding mobile subscriber ISDN number by the international mobile subscriber identifier;
B37, described information acquisition unit are set up the corresponding relation of the IP address of mobile subscriber ISDN number and appointment, and the IP address of mobile subscriber ISDN number and appointment is sent to identity server;
B38, identity server are stored IP address and the mobile subscriber ISDN number of described appointment in identity database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012103239439A CN102882853A (en) | 2012-09-05 | 2012-09-05 | System and method for internet user authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012103239439A CN102882853A (en) | 2012-09-05 | 2012-09-05 | System and method for internet user authentication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102882853A true CN102882853A (en) | 2013-01-16 |
Family
ID=47483997
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012103239439A Pending CN102882853A (en) | 2012-09-05 | 2012-09-05 | System and method for internet user authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102882853A (en) |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103227795A (en) * | 2013-04-28 | 2013-07-31 | 北京敏锐度信息技术有限责任公司 | System and method for achieving user Internet access authentication and message labeling |
| CN103345601A (en) * | 2013-06-28 | 2013-10-09 | 无锡华御信息技术有限公司 | Identity recording and verification system based on radio frequency |
| CN103533530A (en) * | 2013-09-26 | 2014-01-22 | 林毅 | Cross-device user corresponding and user tracking methods and systems |
| CN104640114A (en) * | 2015-01-04 | 2015-05-20 | 中国联合网络通信集团有限公司 | Verification method and device of access request |
| CN105024980A (en) * | 2014-04-29 | 2015-11-04 | 孙银海 | On-line near-field payment system and method based on cell phone number |
| CN105915517A (en) * | 2016-04-18 | 2016-08-31 | 杭州诚智天扬科技有限公司 | Realization method for voice verification code service |
| CN106470200A (en) * | 2015-08-21 | 2017-03-01 | 方正国际软件(北京)有限公司 | A kind of auth method and relevant apparatus |
| CN106685945A (en) * | 2016-12-21 | 2017-05-17 | 深圳市金立通信设备有限公司 | Service request processing method, verifying method of service handling number, and terminal thereof |
| CN107257556A (en) * | 2017-08-15 | 2017-10-17 | 世纪龙信息网络有限责任公司 | Verify method, system and the platform of user's loCal number |
| CN107444175A (en) * | 2017-08-28 | 2017-12-08 | 上海蔚来汽车有限公司 | Electric charging station |
| CN107733652A (en) * | 2017-09-13 | 2018-02-23 | 捷德(中国)信息科技有限公司 | For sharing the method for unlocking and system and lock of the vehicles |
| CN108024248A (en) * | 2016-10-31 | 2018-05-11 | 中兴通讯股份有限公司 | The method for authenticating and device of a kind of platform of internet of things |
| CN108111528A (en) * | 2017-12-29 | 2018-06-01 | 中链科技有限公司 | A kind of anti-phishing method and system based on block chain |
| CN108924818A (en) * | 2018-03-08 | 2018-11-30 | 泽成行有限公司 | Mobile subscriber identification method based on SIM card and equipment related parameters |
| CN109257455A (en) * | 2018-09-03 | 2019-01-22 | 广东电网有限责任公司信息中心 | A kind of terminal wealth system of real name method and system |
| CN109495493A (en) * | 2018-12-06 | 2019-03-19 | 安徽云探索网络科技有限公司 | A kind of network link method for building up and device based on network communication |
| CN109544130A (en) * | 2018-11-16 | 2019-03-29 | 合肥汇创知识产权代理有限公司 | Intellectual property resource transaction platform |
| CN111586014A (en) * | 2020-04-29 | 2020-08-25 | 杭州迪普科技股份有限公司 | Network connection management apparatus and method |
| CN112036699A (en) * | 2020-07-29 | 2020-12-04 | 长沙市到家悠享网络科技有限公司 | Service data processing method, server, terminal and medium |
| CN112311793A (en) * | 2020-10-29 | 2021-02-02 | 河南省科学院应用物理研究所有限公司 | Internet of things communication method |
| CN114500066A (en) * | 2022-02-08 | 2022-05-13 | 北京沃东天骏信息技术有限公司 | Information processing method, gateway and communication system |
| CN114666083A (en) * | 2020-12-24 | 2022-06-24 | 中国电信股份有限公司 | Reverse roll call system, reverse roll call method, and computer-readable storage medium |
| CN115242536A (en) * | 2022-07-28 | 2022-10-25 | 中国银行股份有限公司 | Identity authentication method and device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1780206A (en) * | 2004-11-23 | 2006-05-31 | 华为技术有限公司 | Internet identity authentication and system |
| CN1874227A (en) * | 2006-06-09 | 2006-12-06 | 中国民生银行股份有限公司 | Network site system with defensive pseudo network, and defensive method of pseudo network site |
| CN101291217A (en) * | 2007-04-20 | 2008-10-22 | 章灵军 | Network identity authentication method |
| CN101697515A (en) * | 2009-11-06 | 2010-04-21 | 金蝶软件(中国)有限公司 | Web mode-based authentication method, system and device |
| CN101867589A (en) * | 2010-07-21 | 2010-10-20 | 深圳大学 | Network identification authentication server and authentication method and system thereof |
| CN102036209A (en) * | 2010-11-18 | 2011-04-27 | 南京安讯科技有限责任公司 | Method and device for identity authentication and charging of mobile interconnection network user |
| CN102629359A (en) * | 2012-03-27 | 2012-08-08 | 郭少方 | Website trading system and method for gift donation through communication terminal |
-
2012
- 2012-09-05 CN CN2012103239439A patent/CN102882853A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1780206A (en) * | 2004-11-23 | 2006-05-31 | 华为技术有限公司 | Internet identity authentication and system |
| CN1874227A (en) * | 2006-06-09 | 2006-12-06 | 中国民生银行股份有限公司 | Network site system with defensive pseudo network, and defensive method of pseudo network site |
| CN101291217A (en) * | 2007-04-20 | 2008-10-22 | 章灵军 | Network identity authentication method |
| CN101697515A (en) * | 2009-11-06 | 2010-04-21 | 金蝶软件(中国)有限公司 | Web mode-based authentication method, system and device |
| CN101867589A (en) * | 2010-07-21 | 2010-10-20 | 深圳大学 | Network identification authentication server and authentication method and system thereof |
| CN102036209A (en) * | 2010-11-18 | 2011-04-27 | 南京安讯科技有限责任公司 | Method and device for identity authentication and charging of mobile interconnection network user |
| CN102629359A (en) * | 2012-03-27 | 2012-08-08 | 郭少方 | Website trading system and method for gift donation through communication terminal |
Non-Patent Citations (1)
| Title |
|---|
| 沈仲明等: ""基于终端认证的电子商务安全解决方案"", 《电信科学(2009)》 * |
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103227795B (en) * | 2013-04-28 | 2015-08-26 | 北京敏锐度信息技术有限责任公司 | A kind of system and method thereof realizing user's network access authentication authentication and message label |
| CN103227795A (en) * | 2013-04-28 | 2013-07-31 | 北京敏锐度信息技术有限责任公司 | System and method for achieving user Internet access authentication and message labeling |
| CN103345601A (en) * | 2013-06-28 | 2013-10-09 | 无锡华御信息技术有限公司 | Identity recording and verification system based on radio frequency |
| CN103533530B (en) * | 2013-09-26 | 2017-09-26 | 余飞 | The user's correspondence and user tracking method, system of a kind of striding equipment |
| CN103533530A (en) * | 2013-09-26 | 2014-01-22 | 林毅 | Cross-device user corresponding and user tracking methods and systems |
| CN105024980B (en) * | 2014-04-29 | 2019-02-15 | 孙银海 | A kind of online near-field payment system and method based on phone number |
| CN105024980A (en) * | 2014-04-29 | 2015-11-04 | 孙银海 | On-line near-field payment system and method based on cell phone number |
| CN104640114B (en) * | 2015-01-04 | 2018-09-11 | 中国联合网络通信集团有限公司 | A kind of verification method and device of access request |
| CN104640114A (en) * | 2015-01-04 | 2015-05-20 | 中国联合网络通信集团有限公司 | Verification method and device of access request |
| CN106470200A (en) * | 2015-08-21 | 2017-03-01 | 方正国际软件(北京)有限公司 | A kind of auth method and relevant apparatus |
| CN105915517A (en) * | 2016-04-18 | 2016-08-31 | 杭州诚智天扬科技有限公司 | Realization method for voice verification code service |
| CN108024248A (en) * | 2016-10-31 | 2018-05-11 | 中兴通讯股份有限公司 | The method for authenticating and device of a kind of platform of internet of things |
| CN108024248B (en) * | 2016-10-31 | 2022-11-08 | 中兴通讯股份有限公司 | Authentication method and device for Internet of things platform |
| CN106685945A (en) * | 2016-12-21 | 2017-05-17 | 深圳市金立通信设备有限公司 | Service request processing method, verifying method of service handling number, and terminal thereof |
| CN106685945B (en) * | 2016-12-21 | 2020-12-22 | 深圳市金立通信设备有限公司 | Service request processing method, service handling number verification method and terminal thereof |
| CN107257556A (en) * | 2017-08-15 | 2017-10-17 | 世纪龙信息网络有限责任公司 | Verify method, system and the platform of user's loCal number |
| CN107444175A (en) * | 2017-08-28 | 2017-12-08 | 上海蔚来汽车有限公司 | Electric charging station |
| CN107733652A (en) * | 2017-09-13 | 2018-02-23 | 捷德(中国)信息科技有限公司 | For sharing the method for unlocking and system and lock of the vehicles |
| CN107733652B (en) * | 2017-09-13 | 2021-05-25 | 捷德(中国)科技有限公司 | Unlocking method and system for shared vehicle and vehicle lock |
| CN108111528A (en) * | 2017-12-29 | 2018-06-01 | 中链科技有限公司 | A kind of anti-phishing method and system based on block chain |
| CN108924818A (en) * | 2018-03-08 | 2018-11-30 | 泽成行有限公司 | Mobile subscriber identification method based on SIM card and equipment related parameters |
| CN109257455A (en) * | 2018-09-03 | 2019-01-22 | 广东电网有限责任公司信息中心 | A kind of terminal wealth system of real name method and system |
| CN109544130A (en) * | 2018-11-16 | 2019-03-29 | 合肥汇创知识产权代理有限公司 | Intellectual property resource transaction platform |
| CN109495493A (en) * | 2018-12-06 | 2019-03-19 | 安徽云探索网络科技有限公司 | A kind of network link method for building up and device based on network communication |
| CN111586014A (en) * | 2020-04-29 | 2020-08-25 | 杭州迪普科技股份有限公司 | Network connection management apparatus and method |
| CN111586014B (en) * | 2020-04-29 | 2023-01-24 | 杭州迪普科技股份有限公司 | Network connection management apparatus and method |
| CN112036699A (en) * | 2020-07-29 | 2020-12-04 | 长沙市到家悠享网络科技有限公司 | Service data processing method, server, terminal and medium |
| CN112311793A (en) * | 2020-10-29 | 2021-02-02 | 河南省科学院应用物理研究所有限公司 | Internet of things communication method |
| CN114666083A (en) * | 2020-12-24 | 2022-06-24 | 中国电信股份有限公司 | Reverse roll call system, reverse roll call method, and computer-readable storage medium |
| CN114500066A (en) * | 2022-02-08 | 2022-05-13 | 北京沃东天骏信息技术有限公司 | Information processing method, gateway and communication system |
| WO2023151445A1 (en) * | 2022-02-08 | 2023-08-17 | 北京沃东天骏信息技术有限公司 | Information processing method, gateway and communication system |
| CN115242536A (en) * | 2022-07-28 | 2022-10-25 | 中国银行股份有限公司 | Identity authentication method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102882853A (en) | System and method for internet user authentication | |
| US9197639B2 (en) | Method for sharing data of device in M2M communication and system therefor | |
| CN104158824B (en) | Genuine cyber identification authentication method and system | |
| CN103812836B (en) | A kind of website sends the system and method that user reserves information | |
| US8533798B2 (en) | Method and system for controlling access to networks | |
| CN1813457B (en) | Apparatus and method for a single sign-on authentication through a non-trusted access network | |
| CN105024980B (en) | A kind of online near-field payment system and method based on phone number | |
| US20040081173A1 (en) | Configuration of enterprise gateways | |
| CN106465096B (en) | It accesses network and obtains method, terminal and the core net of client identification module information | |
| CN102172062B (en) | Communication system, connection control device, mobile terminal, base station control method, service request method and program | |
| CN104735027B (en) | A kind of safety certifying method and authentication server | |
| CN104780536B (en) | A kind of authentication method and terminal of internet of things equipment | |
| CN102421098A (en) | User authentication method, device and system | |
| CN102474722B (en) | Method and equipment for authenticating subscriber terminal | |
| KR20160055130A (en) | Method and system related to authentication of users for accessing data networks | |
| CN108712440A (en) | User information management method, device, server and storage medium | |
| CN102857485B (en) | A kind ofly show website by the system and method for certification | |
| CN102215486B (en) | Network access method, system, network authentication method, equipment and terminal | |
| CN103906055A (en) | Service data distribution method and service data distribution system | |
| CN106954213A (en) | A kind of system of real name wireless authentication cut-in method and system | |
| CN101217569A (en) | A webpage push method, system and device | |
| US10299121B2 (en) | System and method for providing differential service scheme | |
| CN102572763B (en) | Billing processing method, device and system | |
| CN108462962B (en) | Method and device for connecting access point | |
| CN101163056B (en) | Method of processing monitor sign of microwave access global intercommunication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130116 |