CN102891828A - IMS user authentication method, equipment and system - Google Patents

IMS user authentication method, equipment and system Download PDF

Info

Publication number
CN102891828A
CN102891828A CN 201110200969 CN201110200969A CN102891828A CN 102891828 A CN102891828 A CN 102891828A CN 201110200969 CN201110200969 CN 201110200969 CN 201110200969 A CN201110200969 A CN 201110200969A CN 102891828 A CN102891828 A CN 102891828A
Authority
CN
China
Prior art keywords
code
user
request
picture validation
identifying code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 201110200969
Other languages
Chinese (zh)
Inventor
郭继宾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Huawei Software Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN 201110200969 priority Critical patent/CN102891828A/en
Publication of CN102891828A publication Critical patent/CN102891828A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Telephonic Communication Services (AREA)

Abstract

The invention discloses an IMS (Internet protocol multimedia subsystem) user authentication method, equipment and system. The IMS user authentication method comprises the steps as follows: sending an SIP (session initiation protocol) request to an application server; when receiving an SIP response carrying an authentication code input instruction returned by the application server, sending an authentication code obtaining request to the authentication code server to obtain a picture authentication code; after displaying the picture authentication code, obtaining a text authentication code inputted by a user; and sending the text authentication code inputted by the user to the application server through the SIP request. According to the embodiment of the invention, the user of an IMS network is authenticated by the picture authentication code, so as to prevent the user in the IMS network from using a ''robot program'' and a brute decipherment program to send a large amount of spam requests and guarantee the network safety.

Description

IMS user authentication method, equipment and system
Technical field
The embodiment of the invention relates to communication technical field, relates in particular to a kind of Internet protocol (Internet Protocol; Be called for short: IP) IP multimedia subsystem, IMS (IP Multimedia Subsystem; Be called for short: IMS) user authentication method, equipment and system.
Background technology
Along with the development that the communication technology and information are used, the integrated information service transformation that the telecommunication service demand combines with internet, applications to fixedly Mobile Convergence, voice, Incumbent faces the keen competition of mobile operator and internet, applications provider.IMS is the core of next generation network control technology.In the IMS international standard, defined Multimedia session class business norms substantially comprise: multimedia conferencing, PTT (Push-to-talk over Cellular; Be called for short: PoC), present, organize management, instant message etc.On the basic technology that adopts, IMS is based on the IP Packet Based Network, has realized control and separating of carrying.IMS adopts session initiation protocol (Session Initiation Protocol; Be called for short: SIP) as the agreement of calling out control and Service control.
More and more incorporate people's work and life based on the various application of IMS.Also various standards have been formulated by standardization bodies such as 3GPP, OMA, RCS take IM, Presence and Group as main application.Each large operator has also released the various communication tools based on the IMS network.By these instruments, the user can send note, multimedia message and instant message, can make a phone call, and can also present by query State.Simultaneously, some users accomplish the object of profit making, and send a large amount of advertisements, marketing and swindle category information by " robot program "; Or utilize " robot program " constantly to send service request, carry out " saturation attack " to reach the purpose that makes servers go down; Or utilize Brute Force supervisor means to carry out the virtual assets theft.The existence of above " robot program ", Brute Force illegal request has caused tremendous influence also for other users to system's build-up of pressure.
Picture validation code can be used as differentiate the network service user be the mankind or machine identity assert instrument, by using picture validation code, can very effectively prevent that violence and " robot program " from cracking the supervisor means.Existing picture validation code because http protocol possesses the ability of carrying text, picture, can carry out the transmission of picture, text between Web browser and the Web server based on http protocol.Web browser can receive that Web server returns the http response of carrying picture validation code after sending the HTTP request to Web server; Web browser shows the user with the picture validation code of receiving, then verifies by to HTTP request the identifying code of the textual form of user's input being sent to Web server.
But, Session Initiation Protocol does not possess the ability of carrying picture validation code, can't directly adopt picture validation code to verify based on Session Initiation Protocol, and in the IMS network, have the illegal request problem of Brute Force and " robot program " class, affect the safety of IMS network.
Summary of the invention
The embodiment of the invention provides a kind of IMS user authentication method, equipment and system, affects the defective of network security in order to solve the illegal request in the IMS network in the prior art, realizes improving the fail safe of IMS network.
The embodiment of the invention provides a kind of MS user authentication method, comprising:
Send session initiation protocol SIP request to application server;
Receive that described application server returns carry the sip response of identifying code input indication the time, send identifying code to described identifying code server and obtain request, to obtain picture validation code;
After presenting described picture validation code, obtain the text authentication code of user's input;
By the SIP request text authentication code that described user inputs is sent to described application server.
The embodiment of the invention also provides a kind of IMS user authentication method, comprising:
Receive the SIP request that the IMS client sends;
When in described SIP request, carrying the text authentication code of user's input, the text authentication code of described user's input is verified according to picture validation code by the identifying code server, if the result is for being proved to be successful, then return success response to described IMS client, allow the user to use the business of asking.
The embodiment of the invention also provides a kind of IMS user authentication method, comprising:
The identifying code that receives the transmission of IMS client obtains request, sends the picture validation code that generates to described IMS client;
When the identifying code checking request that receives the application server transmission, according to described picture validation code the text authentication code that the user who carries in the described identifying code checking request inputs is verified, and returned the result to described application server.
The embodiment of the invention also provides a kind of IMS client, comprising:
The SIP request sending module is used for sending the SIP request to application server;
The picture validation code acquisition module, be used for receive that described application server returns carry the sip response of identifying code input indication the time, send identifying code to described identifying code server and obtain request, to obtain picture validation code;
Present module, be used for presenting the picture validation code that described picture validation code acquisition module obtains;
Text authentication code acquisition module, be used for described present module and present described picture validation code after, obtain the text authentication code of user's input;
Described SIP request sending module also is used for being sent to described application server by the text authentication code that the user that described text authentication code acquisition module is obtained in the SIP request inputs.
The embodiment of the invention also provides a kind of application server, comprising:
SIP request receiving module is used for receiving the SIP request that the IMS client sends;
The checking request module, be used for when the text authentication code of user's input is carried in described SIP request, the text authentication code of described user's input is verified according to picture validation code by the identifying code server, if the result is for being proved to be successful, then return success response to described IMS client, allow the user to use the business of asking.
The embodiment of the invention also provides a kind of identifying code server, comprising:
The picture validation code generation module, the identifying code that is used for the transmission of reception IMS client obtains request, sends the picture validation code that generates to described IMS client;
Text authentication code authentication module, be used for when the identifying code checking request that receives the application server transmission, according to described picture validation code the text authentication code that the user who carries in the described identifying code checking request inputs is verified, and returned the result to described application server.
The embodiment of the invention also provides a kind of IMS subscriber authentication system, comprising: IMS client, application server and identifying code server;
Described IMS client is used for sending session initiation protocol SIP request to described application server; Receive that described application server returns carry the sip response of identifying code input indication the time, send identifying code to described identifying code server and obtain request;
Described application server is used for receiving the SIP request that described IMS client sends; When in described SIP request, carrying the text authentication code of user's input, the text authentication code of described user's input is verified or the text authentication code of described user's input is sent to described identifying code server according to picture validation code and verify;
Described identifying code server, the identifying code that is used for the transmission of reception IMS client obtains request, sends the picture validation code that generates to described IMS client; When the identifying code checking request that receives the application server transmission, according to described picture validation code the text authentication code that the user who carries in the described identifying code checking request inputs is verified, and returned the result to described application server.
IMS user authentication method, equipment and the system of the embodiment of the invention, if the IMS client is received the sip response of the identifying code input indication that application server returns, can send identifying code to the identifying code server and obtain request, to obtain picture validation code, thereby realize adopting the user to the IMS network of picture validation code to verify, prevent a large amount of rubbish requests that the user in the IMS network utilizes " robot program " and brute force crack utility to send, guarantee network security.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, the below will do one to the accompanying drawing of required use in embodiment or the description of the Prior Art and introduce simply, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The flow chart of the IMS user authentication method that Fig. 1 provides for the embodiment of the invention one;
The flow chart of the IMS user authentication method that Fig. 2 provides for the embodiment of the invention two;
The flow chart of the IMS user authentication method that Fig. 3 provides for the embodiment of the invention three;
The flow chart of the IMS user authentication method that Fig. 4 provides for the embodiment of the invention four;
The structural representation of the IMS client that Fig. 5 provides for the embodiment of the invention five;
The structural representation of the application server that Fig. 6 provides for the embodiment of the invention six;
The structural representation of the identifying code server that Fig. 7 provides for the embodiment of the invention seven;
The structural representation of the IMS subscriber authentication system that Fig. 8 provides for the embodiment of the invention eight.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
Embodiment one
The flow chart of the IMS user authentication method that Fig. 1 provides for the embodiment of the invention one, as shown in Figure 1, what this embodiment described is the handling process of IMS client, this IMS user authentication method specifically can may further comprise the steps:
Step 101, send the SIP request to application server;
Step 102, receive that this application server returns carry the sip response of identifying code input indication the time, send identifying code to this identifying code server and obtain request, to obtain picture validation code.
Wherein, after the IMS client sends the SIP request to application server, if judging, application server need to carry out the identifying code checking to this SIP request, and do not carry the text authentication code of user's input in this SIP request, then the IMS client can be received the sip response that carries identifying code input indication that application server returns, then, the IMS client can send identifying code to pre-configured identifying code server (for example: can be a web page address) and obtain request, specifically can comprise with the step of obtaining picture validation code:
Send identifying code to this identifying code server and obtain request, this identifying code obtains and carries user ID and application identities in the request;
Receive the picture validation code according to this user ID and application identities generation that this identifying code server returns.
Further, after step 102, the IMS client can be presented to the user with the picture validation code of receiving, makes the user can input text authentication code corresponding to picture validation code, and then, the IMS client can also be carried out following steps in this IMS user authentication method:
Step 103, after presenting this picture validation code, obtain the text authentication code of user input;
Step 104, by SIP request the text authentication code of this user's input is sent to this application server.
If the present embodiment IMS client is received the sip response of the identifying code input indication that application server returns, can send identifying code to the identifying code server and obtain request, to obtain picture validation code, thereby realize adopting the user to the IMS network of picture validation code to verify, prevent a large amount of rubbish requests that the user in the IMS network utilizes " robot program " and brute force crack utility to send, guarantee network security.
Embodiment two
The flow chart of the IMS user authentication method that Fig. 2 provides for the embodiment of the invention two, as shown in Figure 2, what this embodiment described is the handling process of application server, this IMS user authentication method specifically can may further comprise the steps:
The SIP request that step 201, reception IMS client send;
Step 202, when in this SIP request, carrying the text authentication code of user's input, the text authentication code of this user's input is verified according to picture validation code by the identifying code server, if the result is for being proved to be successful, then return success response to this IMS client, allow the user to use the business of asking.
Wherein, after application server receives IMS client transmission SIP request, can judge whether that needs carry out the identifying code checking according to this SIP request, for example: same user repeatedly sends the SIP request in the short time, application server can be judged and need to carry out the identifying code checking to this application of this user for demand for security.And application server needs also to check whether this SIP request has carried the text authentication code of user's input.If need to carry out the text authentication code that user's input has been carried in identifying code checking and SIP request, application server can be sent to the identifying code server with the text authentication code of this user's input, so that this identifying code server is verified the text authentication code of this user's input according to picture validation code; When the text authentication code of user's input was not carried in this SIP request, application server can return the sip response that carries identifying code input indication to this IMS client, need to obtain identifying code with indication IMS client.Application server also can receive text authentication code corresponding to user ID, application identities and picture validation code that this identifying code server sends, according to user ID and the application identities of carrying in this SIP request, search text authentication code corresponding to this picture validation code; According to the text authentication code that this picture validation code is corresponding the text authentication code of this user's input is verified, then the result is returned to the IMS client.
After step 202, this IMS user authentication method can comprise the step that the result that application server returns according to the identifying code server is controlled the user, specifically can also comprise:
If the result is authentication failed, then return failure response to this IMS client, stop to allow the user to use and ask professional or proceed the checking of picture validation code.
After the SIP request of the IMS client that the present embodiment application server is received, can indicate this SIP request need to carry out the identifying code checking, if carry the user according to the text authentication code of picture validation code input in the SIP request, then application server can be verified the text authentication code of user's input by the identifying code server, thereby realize adopting the user to the IMS network of picture validation code to verify, prevent a large amount of rubbish requests that the user in the IMS network utilizes " robot program " and brute force crack utility to send, guarantee network security.
Embodiment three
The flow chart of the IMS user authentication method that Fig. 3 provides for the embodiment of the invention three, as shown in Figure 3, what this embodiment described is the handling process of identifying code server, this IMS user authentication method specifically can may further comprise the steps:
The identifying code that step 301, reception IMS client send obtains request, sends the picture validation code that generates to this IMS client;
Wherein, identifying code server execution in step 301 specifically can comprise:
The identifying code that receives the transmission of IMS client obtains request, and this identifying code obtains and carries user ID and application identities in the request;
The generating pictures identifying code is preserved the picture validation code of generation and the corresponding relation between user ID and the application identities, and this picture validation code is sent to this IMS client;
Preserve text authentication code corresponding to this user ID, application identities and this picture validation code.
Step 302, when receiving the identifying code checking request that application server sends, according to this picture validation code the text authentication code of user's input of carrying in this identifying code checking request is verified, and is returned the result to this application server.
Wherein, identifying code server execution in step 302 specifically can comprise:
Receive the identifying code checking request that application server sends, the text authentication code of user ID, application identities and user's input is carried in this identifying code checking request;
Carry user ID and application identities according to this identifying code checking request, search text authentication code corresponding to this picture validation code; Particularly, can be first according to user ID and application identities, and the picture validation code of preserving finds corresponding picture validation code with corresponding relation between user ID and the application identities, finds the text authentication code according to picture validation code again;
According to text authentication code corresponding to this picture validation code the text authentication code of this user's input is verified, if text authentication code corresponding to this picture validation code is identical with the text authentication code that this user inputs, then be proved to be successful, otherwise authentication failed.
In addition, also can carry out the identifying code checking at application server, the identifying code server only need to be sent to the relevant information of picture validation code application server and get final product, therefore, this IMS user authentication method can also comprise: the text authentication code that this user ID, application identities and this picture validation code is corresponding is sent to this application server, so that this application server is verified the text authentication code that the user who carries in the follow-up SIP request of receiving inputs.
The present embodiment identifying code server can send to the IMS client picture validation code of its request, and the user verified according to the text authentication code of this picture validation code input, thereby realize adopting the user to the IMS network of picture validation code to verify, prevent a large amount of rubbish requests that the user in the IMS network utilizes " robot program " and brute force crack utility to send, guarantee network security.
Embodiment four
The flow chart of the IMS user authentication method that Fig. 4 provides for the embodiment of the invention four, as shown in Figure 4, this IMS user authentication method specifically can may further comprise the steps:
After step 401, IMS client (IMS Client) receive user's service request, send the SIP request to application server.
Wherein, IMS adopts session initiation protocol (SIP) as the basic agreement of calling out control and Service control, and take the SIP request that sends as signaling as example, the below is a kind of example of MESSAGE signaling, does not wherein carry the text authentication code that the user inputs:
MESSAGE?sip:imsuser01@ims.com?SIP/2.0
Via:SIP/2.0/UDP?192.168.242.247:5063;rport;branch=z9hG4bK2655044401
Route:<sip:192.168.112.4;lr=true>
Route:<sip:192.168.112.4:5060;transport=udp;lr>
From:<sip:imsuser02@ims.com>;tag=609057A1DCC24F879C83AEDBDBD0BA2C
To:<sip:imsuser01@ims.com>
Call-ID:2086BA34F72A4B1799B9F01DFA47F738
CSeq:20MESSAGE
Content-Type:Message/CPIM
Max-Forwards:70
User-Agent:im
Accept-Contact:*;+g.oma.sip-im.short-message
Date:Tue,31?Aug?2010?9:47:35?GMT
P-Asserted-Identity:<sip:imsuser02@ims.com>
Content-Length:231
NS:MsgExt<http://www.message.com/msgExtensions/>
MsgExt.localMsgID:288636091842
MsgExt.msgReport:NO
MsgExt.msgType:IM
Subject:notimpl
Content-Type:text/plain;charset=GB2312
content-transfer-encoding:base64
bXNn
After step 402, application server are received the SIP request, judge whether to carry out the identifying code checking, for example: same user has sent ten SIP requests in 1 second, and application server is determined and need to be carried out the identifying code checking to this application of this user for demand for security.If need to carry out the identifying code checking, and in the SIP request, do not carry the text authentication code that the user inputs, then can return sip response to the user by the IMS client, refuse this time SIP request, and this SIP request of explanation need to be verified to the identifying code server in sip response.
Below be a kind of message examples of sip response:
SIP/2.0?403?Forbidden
Via:SIP/2.0/UDP192.168.242.247:5063;received=192.168.242.247;rport=5063;branch=z9hG4bK2655044401
To:<sip:imsuser01@ims.ah.chinamobile.com>;tag=h7g4Esbg_1651583949.1183507720
From:<sip:imsuser02@ims.ah.chinamobile.com>;tag=609057A1DCC24F879C83AEDBDBD0BA2C
Call-ID:2086BA34F72A4B1799B9F01DFA47F738
CSeq:20MESSAGE
Warning:399im.ims.fj.ims.com″121?Request?need?Verify?Code″
Content-Length:0
Server:Msg-serv/3GPP
Date:Tue,31?Aug?2010?09:47:20?GMT
In the message examples of sip response, adopt Warning:399 im.ims.fj.ims.com " 121Request need Verify Code " to show that this SIP of user asks to carry out the checking of picture validation code.
The sip response that step 403, IMS client are returned according to application server is initiated identifying code to the identifying code server and is obtained request, obtains picture validation code.
The IMS client is initiated the identifying code request of obtaining to the identifying code server can initiate access request to a web page address for the IMS client, and this web page address can be pre-configured in the IMS client, for example:
http://uniportal.ims.com/uniportal/jsp/image.jsp
The IMS client is obtained at identifying code and is carried user ID and application identities in the request.Wherein, user ID for example: sip:imsuser02@ims.com; Application identities is for example: IM.
After step 404, identifying code server receive that identifying code obtains request, can the generating pictures identifying code, and the picture validation code that generates is obtained response by identifying code return to the IMS client, and the information such as the text authentication code that picture validation code is corresponding, user ID, application identities are carried out buffer memory.
Wherein, system cache for example can adopt: hashmap carries out buffer memory, and the Key among the hashmap can represent user ID # application identities; Value can represent that the identifying code of the corresponding textual form of picture validation code is the text authentication code.
After step 405, IMS client are successfully obtained picture validation code, can show this picture validation code to the user, the user according to this picture validation code input text identifying code after, the IMS client can resubmit the SIP request of carrying verification code information, the example of below asking for the SIP that carries verification code information.
MESSAGE?sip:imsuser01@ims.com?SIP/2.0
Via:SIP/2.0/UDP?192.168.242.247:5063;rport;branch=z9hG4bK2655044401
Route:<sip:192.168.112.4;lr=true>
Route:<sip:192.168.112.4:5060;transport=udp;lr>
From:<sip:imsuser02@ims.com>;tag=609057A1DCC24F879C83AEDBDBD0BA2C
To:<sip:imsuser01@ims.com>
Call-ID:2086BA34F72A4B1799B9F01DFA47F738
CSeq:21?MESSAGE
Content-Type:Message/CPIM
Max-Forwards:70
User-Agent:im
Accept-Contact:*;+g.oma.sip-im.short-message
Verify-Code:7854
Date:Tue,31?Aug?2010?9:47:35?GMT
P-Asserted-Identity:<sip:imsuser02@ims.com>
Content-Length:231
NS:MsgExt<http://www.message.com/msgExtensions/>
MsgExt.localMsgID:288636091842
MsgExt.msgReport:NO?MsgExt.msgType:IM
Subject:notimpl
Content-Type:text/plain;charset=GB2312
content-transfer-encoding:base64
bXNn
In this message examples, Verify-Code:7854 represents that the text authentication code of user's input of carrying in this SIP request is " 7854 ".In addition, can need to carry out the identifying code checking to the SIP request at the application server indicating.
Step 406, application server judge that the SIP request needs identifying code, and detect the text authentication code that has carried user's input in the SIP request, for example: application server asks to carry out string searching to SIP, find " Verify-Code: ", " 7854 " thereafter are the text authentication code of user's input; Then, the identifying code that application server can call the identifying code server to be provided detects interface, sends identifying code checking request to the identifying code server, detects the correctness of the text authentication code of user's input.
Wherein, in identifying code checking request, can carry following 3 parameters: the text authentication code of application identities, user ID and user's input.
After the identifying code server receives identifying code checking request, with user ID and application identities as Key, the text authentication code that the picture validation code of this user ID and application identities is corresponding in the query caching, after inquiring, compare with the text authentication code of user's input in the identifying code checking request, if identical, think that then the text authentication code that the user inputs is legal, if not identical, think that then the text authentication code that the user inputs is illegal.Then, the identifying code server can return to application server with the result.No matter be proved to be successful or failure, after checking was finished, the identifying code server can be deleted the cache information of identifying code from buffer memory.
In addition, the term of validity of the text authentication code that the picture validation code in the identifying code server buffer is corresponding can configure, and the time that a certain text authentication code exists, the identifying code server was deleted text identifying code from buffer memory above after the term of validity.
Step 407, identifying code server return the result to application server.
Step 408, application server carry out flow processing according to the result, determine whether to allow the user to continue to use this business.If the verification passes, should return success response to the IMS client by server; If authentication failed also can continue to return " the SIP/2.0 403 Forbidden " message in the step 202, proceed the checking of picture validation code.
Wherein, the message examples of success response is as follows:
SIP/2.0?200?OK
Via:SIP/2.0/UDP192.168.242.247:5063;received=192.168.242.247;rport=5063;branch=z9hG4bK2655044401
To:<sip:imsuser01@ims.ah.chinamobile.com>;tag=h7g4Esbg_1651583949.1183507720
From:<sip:imsuser02@ims.ah.chinamobile.com>;tag=609057A1DCC24F879C83AEDBDBD0BA2C
Call-ID:2086BA34F72A4B1799B9F01DFA47F738
CSeq:21?MESSAGE
Content-Length:0
Server:Msg-serv/3GPP
Date:Tue,31?Aug?2010?09:47:20?GMT
The present embodiment application server judges whether to carry out the identifying code checking by the SIP request, the identifying code server can return to picture validation code the IMS client, when the IMS client initiates to carry the SIP request of text authentication code of user's input, can be verified the text authentication code of user's input by application server or identifying code server, can prevent a large amount of rubbish requests that the user in the IMS network utilizes " robot program " and adopts brute force crack utility to send, guarantee network security.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; Aforesaid storage medium comprises: the various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
Embodiment five
The structural representation of the IMS client that Fig. 5 provides for the embodiment of the invention five, as shown in Figure 5, this IMS client can comprise:
SIP request sending module 51 is used for sending the SIP request to application server;
Picture validation code acquisition module 53, be used for receive that this application server returns carry the sip response of identifying code input indication the time, send identifying code to this identifying code server and obtain request, to obtain picture validation code;
Present module 55, be connected with picture validation code acquisition module 53, be used for presenting the picture validation code that this picture validation code acquisition module 53 obtains;
Text authentication code acquisition module 57 and presents module 55 and is connected, and is used for obtaining the text authentication code of user's input after this presents module 55 and presents this picture validation code;
Wherein, SIP request sending module 51 is connected with text authentication code acquisition module 57, also is used for being sent to this application server by the text authentication code that the user that text identifying code acquisition module 57 is obtained in the SIP request inputs.
Further, the picture validation code acquisition module 53 of this IMS client specifically can comprise:
Obtain request transmitting unit 531, be used for sending identifying code to this identifying code server and obtain request, this identifying code obtains and carries user ID and application identities in the request;
Picture validation code receiving element 533 is used for receiving the picture validation code according to this user ID and application identities generation that this identifying code server returns.
If the picture validation code acquisition module of the present embodiment IMS client is received the sip response of the identifying code input indication that application server returns, can send identifying code to the identifying code server and obtain request, to obtain picture validation code, thereby realize adopting the user to the IMS network of picture validation code to verify, prevent a large amount of rubbish requests that the user in the IMS network utilizes " robot program " and brute force crack utility to send, guarantee network security.
Embodiment six
The structural representation of the application server that Fig. 6 provides for the embodiment of the invention six, as shown in Figure 6, this application server can comprise:
SIP request receiving module 61 is used for receiving the SIP request that the IMS client sends;
Checking request module 63, be connected with SIP request receiving module 61, when the text authentication code of user's input is carried in the SIP request that is used for receiving in this SIP request receiving module 61, the text authentication code of this user's input is verified according to this picture validation code by the identifying code server, if the result is for being proved to be successful, then return success response to this IMS client, allow the user to use the business of asking.
Further, this application server can also comprise:
Input indicating module 65 is connected with SIP request receiving module 61, when the text authentication code of user's input is not carried in this SIP request that is used for receiving in SIP request receiving module 61, returns the sip response that carries identifying code input indication to this IMS client.
In addition, this application server can also comprise:
Stopping modular 67, be connected with checking request module 63, if being used for the result that checking request module 63 obtains is authentication failed, then return failure response to this IMS client, stop to allow the user to use and ask professional or proceed the checking of picture validation code.
In addition, the checking request module 63 of this application server specifically can comprise:
Transmitting element 631 is used for the text authentication code of this user's input is sent to the identifying code server, so that this identifying code server is verified the text authentication code of this user's input according to picture validation code; And/or
Authentication unit 633, be used for receiving text authentication code corresponding to user ID, application identities and picture validation code that this identifying code server sends, according to user ID and the application identities of carrying in this SIP request, search text authentication code corresponding to this picture validation code; According to the text authentication code that this picture validation code is corresponding the text authentication code of this user's input is verified.
After the SIP request receiving module of the present embodiment application server is received the SIP request of IMS client, can indicate this SIP request need to carry out the identifying code checking, if carry the user according to the text authentication code of picture validation code input in the SIP request, then application server can be verified the text authentication code of user's input by the identifying code server, thereby realize adopting the user to the IMS network of picture validation code to verify, prevent a large amount of rubbish requests that the user in the IMS network utilizes " robot program " and brute force crack utility to send, guarantee network security.
Embodiment seven
The structural representation of the identifying code server that Fig. 7 provides for the embodiment of the invention seven, as shown in Figure 7, this identifying code server can comprise:
Picture validation code generation module 71, the identifying code that is used for the transmission of reception IMS client obtains request, sends the picture validation code that generates to this IMS client;
Text authentication code authentication module 73, be used for when the identifying code checking request that receives the application server transmission, according to this picture validation code the text authentication code that the user who carries in this identifying code checking request inputs is verified, and returned the result to this application server.
Wherein, picture validation code generation module 71 can comprise:
Obtain request receiving unit 711, the identifying code that is used for the transmission of reception IMS client obtains request, and this identifying code obtains and carries user ID and application identities in the request;
Picture validation code generation unit 713 and obtains request receiving unit 711 and is connected, and is used for according to this user ID and application identities generating pictures identifying code, and this picture validation code is sent to this IMS client;
Storage unit 715 is connected with picture validation code generation unit 713, is used for preserving this user ID, application identities and text authentication code corresponding to this picture validation code.
Further, text authentication code authentication module 73 can comprise:
Checking request receiving unit 731 is used for receiving the identifying code checking request that application server sends, and the text authentication code of user ID, application identities and user's input is carried in this identifying code checking request;
Search unit 733, be connected with checking request receiving unit 731, be used for carrying user ID and application identities according to this identifying code checking request, search text authentication code corresponding to this picture validation code;
Authentication unit 735, with search unit 733 and be connected, be used for according to text authentication code corresponding to this picture validation code the text authentication code of this user's input being verified, if the text authentication code that this picture validation code is corresponding is identical with the text authentication code of this user's input, then be proved to be successful, otherwise authentication failed.
Again further, this identifying code server can also comprise:
Text authentication code sending module 75, be connected with picture validation code generation module 71, be used for the text authentication code that this user ID, application identities and this picture validation code is corresponding and be sent to this application server, so that this application server is verified the text authentication code that the user who carries in the follow-up SIP request of receiving inputs.
The picture validation code generation module of the present embodiment identifying code server can send to the IMS client picture validation code of its request, text authentication code authentication module can be verified according to the text authentication code of this picture validation code input the user, thereby realize adopting the user to the IMS network of picture validation code to verify, prevent a large amount of rubbish requests that the user in the IMS network utilizes " robot program " and brute force crack utility to send, guarantee network security.
Embodiment eight
The structural representation of the IMS subscriber authentication system that Fig. 8 provides for the embodiment of the invention eight, as shown in Figure 8, this IMS subscriber authentication system can comprise: IMS client 81, application server 83 and identifying code server 85;
Wherein, IMS client 81 is used for sending session initiation protocol SIP request to this application server 83; Receive that this application server 83 returns carry the sip response of identifying code input indication the time, send identifying codes to this identifying code server 85 and obtain request; IMS client 81 in the present embodiment can be referring to the IMS client 81 of any one structure in above-described embodiment.
Application server 83 is used for receiving the SIP request that this IMS client 81 sends; When in this SIP request, carrying the text authentication code of user's input, according to picture validation code the text authentication code of this user's input is verified that the text authentication code of maybe this user being inputted is sent to this identifying code server 85 and verifies; Application server 83 in the present embodiment can be referring to the application server 83 of any one structure in above-described embodiment.
Identifying code server 85, the identifying code that is used for 81 transmissions of reception IMS client obtains request, sends the picture validation code that generates to this IMS client 81; When the identifying code checking request that receives application server 83 transmissions, according to this picture validation code the text authentication code that the user who carries in this identifying code checking request inputs is verified, and returned the result to this application server 83.Identifying code server 85 in the present embodiment can be referring to the identifying code server 85 of any one structure in above-described embodiment.
Particularly, in IP Multimedia System (IMS) application layer identifying code server 85 is set, verifies in order to the generating pictures identifying code and to the text authentication code of user's input.In IMS, identifying code server 85 provides the identifying code of picture form to generate, obtain function, and text authentication code caching function and identifying code authentication function are provided.IMS client 81 provides function from picture validation code to identifying code server 85 that obtain, can return to application server 83 analysis of error code, the input function of text authentication code is provided for the user, and submits the text authentication code of users' input to application server 83 to.Application server 83 (comprising Call AS, Presence AS, Message AS etc.) provides and returns the errored response function (for example: carry identifying code input indication) that needs the identifying code checking, text authentication code in the SIP request is analyzed, obtained, and to identifying code server 85 checking text authentication codes, then carry out follow-up flow processing according to the result.Particularly, when IMS client 81 application identifying code, the identifying code of identifying code server 85 generating pictures types (being picture validation code) and by application server 83 (such as: comprise Call AS, Presence AS and Message AS etc.) be back to IMS client 81, and the identifying code of textual form that will be corresponding with picture validation code (being the text authentication code), user ID and application identities are carried out buffer memory.When an application server 83 carries out identifying code when checking, the user ID that this application server 83 is imported into, application identities and compare with the information in the buffer memory with the text authentication code of user's input judge whether the identifying code that the user inputs is correct.If the text authentication code of the user that application server 83 imports into input is correct, then identifying code server 85 can return and verify the result who passes through to the application server 83 that calls, and application server 83 can allow the user to continue to use the business of asking.If the text authentication code mistake of user's input, then identifying code server 85 can return the result of authentication failed to the application server 83 that calls, the business that 83 of application servers can stop to allow the user to use asks also can allow the user to proceed the picture validation code checking.
After the present embodiment IMS client sends the SIP request to application server, application server can indicate whether the identifying code checking is carried out in this SIP request, if need to carry out the identifying code checking, then the identifying code server can return to picture validation code the IMS client, when the IMS client initiates to carry the IP request of text authentication code of user's input, application server or identifying code server can be verified the text authentication code of user's input, thereby prevent a large amount of rubbish requests that the user in the IMS network utilizes " robot program " and adopts brute force crack utility to send, guarantee network security.
The workflow of modules and unit and operation principle do not repeat them here referring to the description in above-mentioned each embodiment of the method in apparatus of the present invention and the system embodiment.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment puts down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (20)

1. an internet protocol multi-media sub-system IMS user authentication method is characterized in that, comprising:
Send session initiation protocol SIP request to application server;
Receive that described application server returns carry the sip response of identifying code input indication the time, send identifying code to described identifying code server and obtain request, to obtain picture validation code;
After presenting described picture validation code, obtain the text authentication code of user's input;
By the SIP request text authentication code that described user inputs is sent to described application server.
2. IMS user authentication method according to claim 1 is characterized in that, describedly sends identifying code to described identifying code server and obtains request, to obtain picture validation code, comprising:
Send identifying code to described identifying code server and obtain request, described identifying code obtains and carries user ID and application identities in the request;
Receive the picture validation code according to described user ID and application identities generation that described identifying code server returns.
3. an IMS user authentication method is characterized in that, comprising:
Receive the SIP request that the IMS client sends;
When in described SIP request, carrying the text authentication code of user's input, the text authentication code of described user's input is verified according to picture validation code by the identifying code server, if the result is for being proved to be successful, then return success response to described IMS client, allow the user to use the business of asking.
4. IMS user authentication method according to claim 3 is characterized in that, also comprises:
When the text authentication code of user's input is not carried in described SIP request, return the sip response that carries identifying code input indication to described IMS client.
5. according to claim 3 or 4 described IMS user authentication methods, it is characterized in that, describedly the text authentication code of described user's input verified according to picture validation code by the identifying code server, comprising:
The text authentication code of described user's input is sent to the identifying code server, so that described identifying code server is verified the text authentication code of described user's input according to picture validation code; Or
Receive text authentication code corresponding to user ID, application identities and picture validation code that described identifying code server sends, according to user ID and the application identities of carrying in the described SIP request, search text authentication code corresponding to described picture validation code; According to the text authentication code that described picture validation code is corresponding the text authentication code of described user's input is verified.
6. according to claim 3 or 4 described IMS user authentication methods, it is characterized in that, also comprise:
If the result is authentication failed, then return failure response to described IMS client, stop to allow the user to use and ask professional or proceed the checking of picture validation code.
7. an IMS user authentication method is characterized in that, comprising:
The identifying code that receives the transmission of IMS client obtains request, sends the picture validation code that generates to described IMS client;
When the identifying code checking request that receives the application server transmission, according to described picture validation code the text authentication code that the user who carries in the described identifying code checking request inputs is verified, and returned the result to described application server.
8. IMS user authentication method according to claim 7 is characterized in that, the identifying code that described reception IMS client sends obtains request, sends the picture validation code that generates to described IMS client, comprising:
The identifying code that receives the transmission of IMS client obtains request, and described identifying code obtains and carries user ID and application identities in the request;
According to described user ID and application identities generating pictures identifying code, and described picture validation code is sent to described IMS client;
Preserve text authentication code corresponding to described user ID, application identities and described picture validation code.
9. IMS user authentication method according to claim 8 is characterized in that, also comprises:
The text authentication code that described user ID, application identities and described picture validation code is corresponding is sent to described application server, so that described application server is verified the text authentication code that the user who carries in the follow-up SIP request of receiving inputs.
10. according to claim 7 or 8 described IMS user authentication methods, it is characterized in that, described when the identifying code checking request that receives the application server transmission, according to described picture validation code the text authentication code that the user who carries in the described identifying code checking request inputs is verified, and return the result to described application server, comprising:
Receive the identifying code checking request that application server sends, the text authentication code of user ID, application identities and user's input is carried in described identifying code checking request;
Carry user ID and application identities according to described identifying code checking request, search text authentication code corresponding to described picture validation code;
According to text authentication code corresponding to described picture validation code the text authentication code of described user's input is verified, if text authentication code corresponding to described picture validation code is identical with the text authentication code that described user inputs, then be proved to be successful, otherwise authentication failed.
11. an IMS client is characterized in that, comprising:
The SIP request sending module is used for sending the SIP request to application server;
The picture validation code acquisition module, be used for receive that described application server returns carry the sip response of identifying code input indication the time, send identifying code to described identifying code server and obtain request, to obtain picture validation code;
Present module, be used for presenting the picture validation code that described picture validation code acquisition module obtains;
Text authentication code acquisition module, be used for described present module and present described picture validation code after, obtain the text authentication code of user's input;
Described SIP request sending module also is used for being sent to described application server by the text authentication code that the user that described text authentication code acquisition module is obtained in the SIP request inputs.
12. IMS client according to claim 11 is characterized in that, described picture validation code acquisition module comprises:
Obtain request transmitting unit, be used for sending identifying code to described identifying code server and obtain request, described identifying code obtains and carries user ID and application identities in the request;
The picture validation code receiving element is used for receiving the picture validation code according to described user ID and application identities generation that described identifying code server returns.
13. an application server is characterized in that, comprising:
SIP request receiving module is used for receiving the SIP request that the IMS client sends;
The checking request module, be used for when the text authentication code of user's input is carried in described SIP request, the text authentication code of described user's input is verified according to described picture validation code by the identifying code server, if the result is for being proved to be successful, then return success response to described IMS client, allow the user to use the business of asking.
14. application server according to claim 13 is characterized in that, also comprise with lower module any one or a plurality of:
The input indicating module is used for returning the sip response that carries identifying code input indication to described IMS client when the text authentication code of user's input is not carried in described SIP request;
Stopping modular is authentication failed if be used for the result, then returns failure response to described IMS client, stop to allow the user to use and ask professional or proceed the checking of picture validation code.
15. application server according to claim 14 is characterized in that, described checking request module comprises:
Transmitting element is used for the text authentication code of described user's input is sent to the identifying code server, so that described identifying code server is verified the text authentication code of described user's input according to picture validation code; And/or
Authentication unit, be used for receiving text authentication code corresponding to user ID, application identities and picture validation code that described identifying code server sends, according to user ID and the application identities of carrying in the described SIP request, search text authentication code corresponding to described picture validation code; According to the text authentication code that described picture validation code is corresponding the text authentication code of described user's input is verified.
16. an identifying code server is characterized in that, comprising:
The picture validation code generation module, the identifying code that is used for the transmission of reception IMS client obtains request, sends the picture validation code that generates to described IMS client;
Text authentication code authentication module, be used for when the identifying code checking request that receives the application server transmission, according to described picture validation code the text authentication code that the user who carries in the described identifying code checking request inputs is verified, and returned the result to described application server.
17. identifying code server according to claim 16 is characterized in that, described picture validation code generation module comprises:
Obtain the request receiving unit, the identifying code that is used for the transmission of reception IMS client obtains request, and described identifying code obtains and carries user ID and application identities in the request;
The picture validation code generation unit is used for according to described user ID and application identities generating pictures identifying code, and described picture validation code is sent to described IMS client;
Storage unit is used for preserving text authentication code corresponding to described user ID, application identities and described picture validation code.
18. according to claim 16 or 17 described identifying code servers, it is characterized in that, described text authentication code authentication module comprises:
Checking request receiving unit is used for receiving the identifying code checking request that application server sends, and the text authentication code of user ID, application identities and user's input is carried in described identifying code checking request;
Search the unit, be used for carrying user ID and application identities according to described identifying code checking request, search text authentication code corresponding to described picture validation code;
Authentication unit, be used for according to text authentication code corresponding to described picture validation code the text authentication code of described user's input being verified, if the text authentication code that described picture validation code is corresponding is identical with the text authentication code of described user's input, then be proved to be successful, otherwise authentication failed.
19. identifying code server according to claim 17 is characterized in that, also comprises:
Text authentication code sending module, be used for the text authentication code that described user ID, application identities and described picture validation code is corresponding and be sent to described application server, so that described application server is verified the text authentication code that the user who carries in the follow-up SIP request of receiving inputs.
20. an IMS subscriber authentication system is characterized in that, comprising: IMS client, application server and identifying code server;
Described IMS client is used for sending session initiation protocol SIP request to described application server; Receive that described application server returns carry the sip response of identifying code input indication the time, send identifying code to described identifying code server and obtain request;
Described application server is used for receiving the SIP request that described IMS client sends; When in described SIP request, carrying the text authentication code of user's input, the text authentication code of described user's input is verified or the text authentication code of described user's input is sent to described identifying code server according to picture validation code and verify;
Described identifying code server, the identifying code that is used for the transmission of reception IMS client obtains request, sends the picture validation code that generates to described IMS client; When the identifying code checking request that receives the application server transmission, according to described picture validation code the text authentication code that the user who carries in the described identifying code checking request inputs is verified, and returned the result to described application server.
CN 201110200969 2011-07-18 2011-07-18 IMS user authentication method, equipment and system Pending CN102891828A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201110200969 CN102891828A (en) 2011-07-18 2011-07-18 IMS user authentication method, equipment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201110200969 CN102891828A (en) 2011-07-18 2011-07-18 IMS user authentication method, equipment and system

Publications (1)

Publication Number Publication Date
CN102891828A true CN102891828A (en) 2013-01-23

Family

ID=47535197

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201110200969 Pending CN102891828A (en) 2011-07-18 2011-07-18 IMS user authentication method, equipment and system

Country Status (1)

Country Link
CN (1) CN102891828A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105282115A (en) * 2014-07-18 2016-01-27 中兴通讯股份有限公司 Method and device for realization of RCS (Rich Communication Suite) system communication
CN107204959A (en) * 2016-03-16 2017-09-26 阿里巴巴集团控股有限公司 Verification method, the apparatus and system of identifying code
CN108881044A (en) * 2018-05-23 2018-11-23 新华三信息安全技术有限公司 A kind of message processing method and device
CN109033800A (en) * 2018-07-20 2018-12-18 北京云测信息技术有限公司 A kind of extracting method and device of verification information
CN110798433A (en) * 2018-08-03 2020-02-14 广州小鹏汽车科技有限公司 Verification code verification method and device
CN112688943A (en) * 2020-12-23 2021-04-20 南方电网数字电网研究院有限公司 Dynamic password generation method, server, terminal device and storage medium
CN113505360A (en) * 2021-07-16 2021-10-15 湖南快乐阳光互动娱乐传媒有限公司 Verification code request processing method and related equipment

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105282115A (en) * 2014-07-18 2016-01-27 中兴通讯股份有限公司 Method and device for realization of RCS (Rich Communication Suite) system communication
CN107204959A (en) * 2016-03-16 2017-09-26 阿里巴巴集团控股有限公司 Verification method, the apparatus and system of identifying code
CN107204959B (en) * 2016-03-16 2020-07-24 阿里巴巴集团控股有限公司 Verification method, device and system of verification code
CN108881044A (en) * 2018-05-23 2018-11-23 新华三信息安全技术有限公司 A kind of message processing method and device
CN109033800A (en) * 2018-07-20 2018-12-18 北京云测信息技术有限公司 A kind of extracting method and device of verification information
CN110798433A (en) * 2018-08-03 2020-02-14 广州小鹏汽车科技有限公司 Verification code verification method and device
CN112688943A (en) * 2020-12-23 2021-04-20 南方电网数字电网研究院有限公司 Dynamic password generation method, server, terminal device and storage medium
CN112688943B (en) * 2020-12-23 2023-10-10 南方电网数字平台科技(广东)有限公司 Dynamic password generation method, server, terminal device and storage medium
CN113505360A (en) * 2021-07-16 2021-10-15 湖南快乐阳光互动娱乐传媒有限公司 Verification code request processing method and related equipment

Similar Documents

Publication Publication Date Title
CN109274583B (en) Converged communication system and interaction method thereof
CN102891828A (en) IMS user authentication method, equipment and system
US10063547B2 (en) Authorization authentication method and apparatus
CN104125062B (en) Login method and device, login authentication device, server, terminal and system
KR101195651B1 (en) System and method for authenticating remote server access
US20170149982A1 (en) Social networking-based teleconferencing system and method
CA3062580A1 (en) An enterprise group establishing method and computer device in an instant messaging system
CN103891246A (en) Method and device for transferring web real-time communication session
CN103733701A (en) System and method for subscribing for internet protocol multimedia subsystems (ims) services registration status
US20120297031A1 (en) Anonymous Signalling
CN102638473A (en) User data authorization method, device and system
CN101346634A (en) System and method for a gatekeeper in a communications network
CN101212717B (en) Service management device, converged service system and service implementation method
CN103905399A (en) Account registration management method and apparatus
CN106549763A (en) A kind of method and device for realizing real-name authentication
CN108513267A (en) Safe verification method, authentication server and the service terminal of communication service
CN104753872A (en) Authentication method, authentication platform, service platform, network elements and system
US20060069783A1 (en) Program, method and device for managing information shared among components, recording medium and communication apparatus
CN101272260B (en) Service authentication method, universal service subscription management equipment and communication system
CN104283925A (en) Interactive type QR code managing system
MXPA02005700A (en) Telephone fraud detection and prevention.
CN101742011A (en) Lawful interception method for internetwork telephone domain and system thereof
CN105429978B (en) Data access method, equipment and system
CN101321136B (en) Transmission-receiving proxy method for conversation initial protocol message and corresponding processor
CN112200654A (en) Service method, client, system, electronic device and readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20130123