CN103124252B - Client application access authentication treating method and apparatus - Google Patents

Client application access authentication treating method and apparatus Download PDF

Info

Publication number
CN103124252B
CN103124252B CN201110367609.9A CN201110367609A CN103124252B CN 103124252 B CN103124252 B CN 103124252B CN 201110367609 A CN201110367609 A CN 201110367609A CN 103124252 B CN103124252 B CN 103124252B
Authority
CN
China
Prior art keywords
client application
specific user
business
access
authentication processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201110367609.9A
Other languages
Chinese (zh)
Other versions
CN103124252A (en
Inventor
陈耿华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201110367609.9A priority Critical patent/CN103124252B/en
Priority to PCT/CN2012/084290 priority patent/WO2013071836A1/en
Publication of CN103124252A publication Critical patent/CN103124252A/en
Application granted granted Critical
Publication of CN103124252B publication Critical patent/CN103124252B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the present invention provides a kind of client application access authentication treating method and apparatus, and client application business processing device and client application equipment, wherein method includes: receive that client application equipment sends for asking specific user or third party to license the first authorization request message of client application business;Sending the second authorization request message to subscriber equipment or the third party device of described specific user, described second authorization request message is used for asking described specific user or third party to license described client application business;Receive subscriber equipment or the Authorization result of third party device return of described specific user, determine whether that described client application equipment provides described client application business to described specific user according to described Authorization result.Technical scheme, it is possible to increase SP utilizes the telecommunication network capability of operator to provide the safety of service for targeted customer.

Description

Client application access authentication treating method and apparatus
Technical field
The present embodiments relate to communication technical field, particularly relate to a kind of client application access authentication treating method and apparatus.
Background technology
Along with the arrival in mobile Internet epoch, the Internet and communication network are fused together the most closely.On the Internet and user terminal, more and more colourful internet, applications and terminal applies are emerged in large numbers, such as Web application, the application of terminal Widget, primary terminal applies etc..These application typically require the telecommunication network route ability of access operator, to realize specific business function characteristic, such as, the Widget application of certain traffic information inquiry, it is desirable to be able to send the multimedia message of carrying traffic route figure to certain terminal phone user.Therefore, operator needs a kind of safe, open, controlled means, it is allowed to the telecommunication network capability of client application access operator.
In prior art, the opening of operator's telecommunication network capability, mainly towards service provider (ServiceProvider trusty, service application service device hereinafter referred to as: SP), the various internet, applications of SP and terminal applies provide the user service, its access operator network capabilities mainly includes that the service application service device of following flow process: SP sends access request to the network operation platform of operator, the telecommunication network capability of request call operator, such as can be SP web application server request call telecommunication network capability send multimedia message form mobile phone newspaper.The access request that the service application service device of SP sends can be carried the phone number of the identity of SP, password and targeted customer, the network operation platform of operator after carrying out authentication confirmation to SP, will be according to the requirement of SP service application service device, utilize the service that telecommunication network capability provides SP to require to targeted customer, and further the service provided to targeted customer is carried out charging.
In prior art, SP utilizes the telecommunication network capability of operator to provide the solution security of service poor for targeted customer, is easily utilized by SP and provides some illegal traffic.
Summary of the invention
The embodiment of the present invention provides a kind of client application access authentication treating method and apparatus, and client application business processing device and client application equipment, utilize the telecommunication network capability of operator to provide the solution security of service for targeted customer in order to improve SP.
Embodiments provide a kind of client application access authentication processing method, including:
Receive the first authorization request message being used for asking specific user or third party to license client application business that client application equipment sends;
Sending the second authorization request message to subscriber equipment or the third party device of described specific user, described second authorization request message is used for asking described specific user or third party to license described client application business;
Receive subscriber equipment or the Authorization result of third party device return of described specific user, determine whether that described client application equipment provides described client application business to described specific user according to described Authorization result.
The embodiment of the present invention additionally provides a kind of client application access authentication processing means, including:
First receiver module, for receive client application equipment send for asking specific user or third party to license the first authorization request message of client application business;
First sending module, for sending the second authorization request message to subscriber equipment or the third party device of described specific user, described second authorization request message is used for asking described specific user or third party to license described client application business;
Service authorization module, the Authorization result that the subscriber equipment or third party device for receiving described specific user returns, determine whether that described client application equipment provides described client application business to described specific user according to described Authorization result.
The embodiment of the present invention additionally provides a kind of client application business processing device, including the open gateway module of above-mentioned client application access authentication processing means and communication network, the open gateway module of described communication network is for after receiving the call request message carrying access password that client application equipment sends, to client application access authentication processing means send request described access password is authenticated authentication request message, and in certification by rear for client application equipment calls telecommunication network capability.
The embodiment of the present invention additionally provides a kind of client application equipment, including communication network access authentication processing module and telecommunication network services calling module, described communication network access authentication processing module is for sending for asking specific user to authorize or third party uses the first authorization request message of client application business to the network system of telecom operators, when specific user accepts described client application business, acquisition allows to call telecommunication network capability, provides the access password of client application business to described specific user;Described telecommunication network services calling module carries the call request message of described access password to the network system of telecom operators for sending, and described call request message provides client application business for request call telecommunication network capability for described specific user.
nullTechnique scheme of the present invention,Wherein,If client application equipment client application the to be provided a user with business of SP,First the first authorization request message is sent,Then processed by the client application access authentication processing means in the network system being arranged on telecom operators,It is by sending the second authorization request message to the subscriber equipment of specific user or third party device,Inquire whether this specific user or third party license this client application business,Then the Authorization result returned according to subscriber equipment or the third party device of specific user determines whether that client application equipment provides described client application business to described specific user,And then the client application business making client application equipment provide for specific user all authorizes through this specific user or third party,Improve SP and provide the user the safety of client application business.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, the accompanying drawing used required in embodiment or description of the prior art will be briefly described below, apparently, accompanying drawing in describing below is some embodiments of the present invention, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of client application access authentication processing method embodiment one of the present invention;
Fig. 2 is the schematic flow sheet of client application access authentication processing method embodiment two of the present invention;
Fig. 3 is the schematic flow sheet of client application access authentication processing method embodiment three of the present invention;
Fig. 4 is the structural representation of client application access authentication processing means embodiment one of the present invention;
Fig. 5 is the structural representation of client application access authentication processing means embodiment two of the present invention;
Fig. 6 is the structural representation of client application business processing device embodiment of the present invention;
Fig. 7 is the structural representation of client application apparatus embodiments of the present invention.
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is a part of embodiment of the present invention rather than whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art are obtained under not making creative work premise, broadly fall into the scope of protection of the invention.
The problem of poor stability when utilizing the telecommunication network capability of operator to provide the user service for SP in prior art, embodiments provide a solution, it is by increasing the realization of client application access authentication processing means in the network system of telecom operators, Fig. 1 is the schematic flow sheet of client application access authentication processing method embodiment one of the present invention, as it is shown in figure 1, comprise the following steps that
The first authorization request message being used for asking specific user or third party to license client application business that step 101, reception client application equipment send;
Step 102, sending the second authorization request message to subscriber equipment or the third party device of described specific user, described second authorization request message is used for asking described specific user or third party to license described client application business;
According to described Authorization result, the Authorization result that step 103, the subscriber equipment receiving described specific user or third party device return, determines whether that described client application equipment provides described client application business to described specific user.
nullIn the above embodiment of the present invention,If the client application equipment of SP to provide client application business to this client user,First the first authorization request message is sent,Then processed by the client application access authentication processing means in the network system being arranged on telecom operators,It is by sending the second authorization request message to the subscriber equipment of specific user or third party device,Inquire whether this specific user or third party license this client application business,Then the Authorization result returned according to subscriber equipment or the third party device of specific user determines whether that client application equipment provides described client application business to described specific user,And then the client application business making client application equipment provide for specific user all authorizes through this specific user or third party,Improve SP and provide the user the safety of client application business.
The second authorization request message in the above embodiment of the present invention can be the subscriber equipment that specific user is held, to be confirmed whether to accept client application business by specific user self, can also be to be confirmed by third party, third party device as escribed above can be the equipment that the manager of specific user is held, confirmed whether specific user accepts client application business by the manager of this specific user, or by the server of operator as third party device, operator determine whether specific user accepts client application business.
In the above embodiment of the present invention, operator can determine whether to provide client application business for it according to specific user or third-party wish, namely determine whether that client application equipment accesses telecommunication network capability, corresponding communication network access authentication processing means can be set in client application equipment and perform corresponding process, in concrete implementation process, can be by the way of to client application equipment distribution access password, controlling the access to communication network of the client application equipment, concrete can include two kinds of embodiments.
A kind of be client application equipment send before asking the first authorization request message that specific user licenses client application business, first the client application access authentication processing means in the network system of telecom operators sends the first password solicitation message, after client application access authentication processing means receives the first password solicitation message that client application equipment sends, it is returned as described first access password of its distribution to described client application equipment.The first above-mentioned access password can be regarded as an occasional password, and Pending The Entry Into Force, and client application equipment cannot be according to the telecommunication network capability of this occasional password access operator.Only subscriber equipment or third party device specific user returns Authorization result, and described Authorization result is that described specific user is when accepting described client application business, just in local system, the character of the first above-mentioned access password can be changed into formal password, to authorize the first access password described in described client application equipment utilization to access telecommunication network capability, provide described client application business to described specific user.And then client application equipment can utilize this first access password to perform client application business, particularly the client application equipment the first Service Processing Module in the network system of telecom operators sends the business request information carrying the first access password, above-mentioned first Service Processing Module is receiving business request information, and when confirming that above-mentioned first access password can use, client application equipment is allowed to access telecommunication network capability, client application business is provided to described specific user, to the client application access authentication processing means in the network system of telecom operators, concrete can confirm whether described first access password can be used.
Additionally also has a kind of embodiment, part unlike the embodiments above is, the client application access authentication processing means of operator above-mentioned Authorization result be described specific user accept described client application business time, it not the character changing the first access password, but generate the identifying code corresponding with described first access password, and described identifying code is sent to described client application equipment, after receiving the second password solicitation message carrying described first access password and described identifying code that client application equipment sends, the second access password is returned to client application equipment, this second access password is formal password, to authorize the second access password described in described client application equipment utilization to access telecommunication network capability, described client application business is provided to described specific user.
Concrete, when using the second access password, the client application equipment the second Service Processing Module in the network system of telecom operators sends the business request information carrying the second access password, above-mentioned second Business Processing receives business request information, and when confirming that described second access password can use, client application equipment is allowed to access telecommunication network capability, described client application business is provided to described specific user, to the client application access authentication processing means in the network system of telecom operators, concrete can confirm whether described second access password can be used.
In the above embodiment of the present invention, at the Authorization result that the subscriber equipment or third party device that receive described specific user return, and confirm that described Authorization result is after described specific user accepts described client application business, further described specific user can also be carried out authentication, and return Authorization result to client application equipment after certification is passed through, concrete, embodiment for above-mentioned use the second access password, can be first to generate the identifying code corresponding with the first access password, again described identifying code is carried in Authorization result, be sent to described client application equipment.
Fig. 2 is the schematic flow sheet of client application access authentication processing method embodiment two of the present invention, as in figure 2 it is shown, comprise the following steps that
Step 201, client application equipment communication network access authentication processing means before access operator telecommunication network capability, arrive first the client application access authentication processing means application occasional password in the network system of telecom operators, i.e. send the first password solicitation message, client application equipment in the embodiment of the present invention, divide according to terminal type, can be divided into mobile terminal client terminal, such as mobile phone, PDA, or computer client etc.;According to client application development language, Widge applications client, JAVA applications client, Brew applications client, Web client etc. can be divided into.Communication network access authentication processing means therein is that client application device interior is arranged, and is exclusively used in the functional module being authenticated to communication network;
Client application equipment is being authenticated by rear by step 202, the client application access authentication processing means of operator network system, the first access password of its distribution it is returned as to communication network access authentication processing means, this first access password is an occasional password, and Pending The Entry Into Force, namely client application equipment can not directly use this first access password to access communication network;
Step 203, communication network access authentication processing means send the first authorization request message to client application access authentication processing means, and request specific user or third party license client application business;
Step 204, client application access authentication processing means send the second authorization request message to subscriber equipment or the third party device of specific user, and this second authorization request message is used for asking described specific user to license described client application business;Concrete, this request method can be according to Web mode, WAP (WirelessApplicationProtocol, hereinafter referred to as: WAP) mode, unstructured supplementary data traffic (UnstructuredSupplementaryServiceData, hereinafter referred to as: USSD) mode, interactive voice answering (InteractiveVoiceResponse, hereinafter referred to as: IVR) or short message way sends the second authorization request message to the subscriber equipment with described specific user.Optionally, this second authorization request message can include telecommunication network capability information corresponding to client application business, uses the tariff information of described telecommunication network capability and license the time limit type of described client application business, such as, authorize and be intended for single use above-mentioned client application business, authorize and above-mentioned client application business is used for multiple times, authorizes and use above-mentioned client application business before one sets the time limit or authorize and use above-mentioned client application business in one sets time range;
Step 205, specific user or third party carry out Authorized operation, Authorization result is returned to client application access authentication processing means, for different request methods, user can differently submit authentication information to and authorize, such as Web or WAP web page, user can submit personal user's name and password on Web or WAP web page to, and confirms to agree to use client application business on the page;For the request method of short message, user can be by the way of confirming replying short message, and the client application access authentication processing means in the network system of telecom operators returns Authorization result;
The Authorization result that step 206, the subscriber equipment of client application access authentication processing means identification specific user or third party device return, and when specific user accepts above-mentioned client application business, specific user is carried out authentication;
Step 207, after the authentication of specific user is passed through, client application access authentication processing means returns Authorization result to communication network access authentication processing means, the character of the first access password returned in step 202 is revised as formal password, so that client application equipment can access communication network and provide service for specific user simultaneously;
Step 208, client application equipment utilization the first access password initiate call request message, concrete, can be that the telecommunication network services calling module of the client application equipment communication network in the network system of telecom operators opens gateway module and sends call request message, call telecommunication network capability, the communication network of access operator;
nullStep 209、The open gateway module of communication network is after receiving above-mentioned call request message,Obtain the first access password carried in call request message,And send authentication request message to client application access authentication processing means,Further,For the first access password,It is after receiving the Authorization result of specific user,Its character is changed into formal password,Each this first access password is corresponding with specific user,Therefore,This first access password only allows to provide service to specific user,In call request message in a step 208,Can also further carry ID,Such as user uses the SIM number of mobile phone,This ID can be authenticated by this step further,Corresponding with the first access password to determine if,To prevent client application equipment utilization the first access password from providing service for other users;
ID and the legitimacy of the first access password, effect duration are authenticated by step 210, client application access authentication processing means;
Step 211, client application access authentication processing means open gateway module to communication network and return authentication result;
The open gateway module of step 212, communication network, after certification is passed through, calls telecommunication network capability, and will call result and return to client application equipment, provides service for specific user.
In the above embodiment of the present invention, wherein in step 206 after specific user accepts client application business, the user identity of specific user has been carried out authentication, in actual applications, this step is optional step, above-mentioned authentication procedures can not be performed, or can also be before the subscriber equipment of specific user or third party device send the second authorization request message, to carry out authentication in above-mentioned steps 204, and after authentication is passed through, then perform the subscriber equipment to specific user or third party device sends the step of the second authorization request message.In the above embodiment of the present invention, client application access authentication processing means therein can be arranged in each gateway device of operator network system, and what it was concrete arranges position does not affect the enforcement of technical solution of the present invention.The present embodiment is calling telecommunication network capability, before providing client application business for specific user, first go request to authorize to specific user or third party, after authorized, reoffer client application business, it is possible to increase SP provides the user the safety of business.
Embodiment shown in above-mentioned Fig. 2 is the corresponding embodiment only distributing the first access password, Fig. 3 is the schematic flow sheet of client application access authentication processing method embodiment three of the present invention, in this embodiment, client application access authentication processing means can distribute the second access password further as formal password, as it is shown on figure 3, comprise the following steps that
Step 301~step 306 complete essentially identical function with the step 201 in above-described embodiment~step 206.
Step 307, after the authentication of specific user is passed through, generate the identifying code corresponding with described first access password;
Step 308, to communication network access authentication processing means return Authorization result, this Authorization result carries above-mentioned identifying code;
Step 309, communication network access authentication processing means send the second password solicitation message carrying described first access password and described identifying code to the client application access authentication processing means of operator;
Step 310, client application access authentication processing means distribute the second access password, this second access password is formal password, for authorizing this second access password of described client application equipment utilization to access telecommunication network capability, and provide described client application business to above-mentioned specific user;
Step 311, client application access authentication processing means return the second access password to communication network access authentication processing means;
Step 312~step 316 complete essentially identical function with step 208~the step 212 of above-described embodiment, differ only in communication network access authentication processing means and utilize the second access password to initiate call request message.
In the present embodiment, the first access password and the second access password is distributed by respectively client application equipment, finally called electric energy network capabilities by client application equipment according to the second access password, client application business is provided, it is possible to increase SP provides the user the safety of client's list applied business for specific user.
The embodiment of the present invention additionally provides a kind of client application access authentication processing means, Fig. 4 is the structural representation of client application access authentication processing means embodiment one of the present invention, as shown in Figure 4, this client application access authentication processing means 40 includes the first receiver module the 11, first sending module 12 and service authorization module 13, wherein the first receiver module 11 for receive that client application equipment sends for asking specific user or third party to license the first authorization request message of client application business;First sending module 12 is for sending the second authorization request message to subscriber equipment or the third party device of described specific user, and described second authorization request message is used for asking described specific user or third party to license described client application business;According to described Authorization result, the Authorization result that service authorization module 13 returns for the subscriber equipment or third party device receiving described specific user, determines whether that described client application equipment provides described client application business to described specific user.
In the embodiment of the present invention, after being received the first authorization request message by the client application access authentication processing means in the network system being arranged on telecom operators, the second authorization request message is sent to subscriber equipment or the third party device of specific user, inquire whether this specific user or third party license this client application business, then the Authorization result returned according to subscriber equipment or the third party device of specific user determines whether that client application equipment provides described client application business to described specific user, and then the client's list applied business making client application equipment provide for specific user all authorizes through this specific user, improve SP and provide the user the safety of business.
Above-mentioned embodiment of the method has been described above, client application equipment access communication network can be controlled by the way of password and provide service for specific user, concrete can including only distributes an access password and the situation of twice access password of distribution, the embodiment of the method shown in corresponding diagram 2 and Fig. 3 respectively.
For the embodiment shown in above-mentioned Fig. 2, for the situation of the first access password only need to be distributed, can be as shown in Figure 5, client application access authentication processing means 50 farther includes the first password distribution module 14, this first password distribution module 14 for receive that client application equipment sends before asking the first authorization request message that specific user or third party license client application business, receive the first password solicitation message that client application equipment sends, and be returned as described first access password of its distribution to described client application equipment;And above-mentioned service authorization module 13 specifically for described Authorization result be described specific user accept described client application business time, authorize the first access password described in described client application equipment utilization to access telecommunication network capability, provide described client application business to described specific user.
For the embodiment shown in above-mentioned Fig. 3, need to distribute the first access password and the situation of the second access password, also the first above-mentioned password distribution module 14 is included, the first access password is distributed for client application equipment, and service authorization module 13 therein specifically for Authorization result be described specific user accept described client application business time, generate the identifying code corresponding with described first access password, and described identifying code is sent to described client application equipment, and after receiving the second password solicitation message carrying described first access password and described identifying code that client application equipment sends, the second access password is returned to client application equipment, to authorize the second access password described in described client application equipment utilization to access telecommunication network capability, described client application business is provided to described specific user.
Additionally, the identity of specific user can also be further authenticated by the embodiment of the present invention, i.e. authenticating user identification module 15 is set in client application access authentication processing means, this authenticating user identification module 15 is after the Authorization result returned at the subscriber equipment or third party device that receive described specific user, and described Authorization result is that described specific user is when accepting described client application business, described specific user is carried out authentication, and return Authorization result to client application equipment after certification is passed through, if generating the identifying code corresponding with described first access password, and described identifying code carried in described Authorization result, be sent to described client application equipment.
nullFurther,The embodiment of the present invention additionally provides a kind of client application business processing device,Fig. 6 is the structural representation of client application business processing device embodiment of the present invention,As shown in Figure 6,Client application business processing device 60 includes client application access authentication processing means 21 and the open gateway module 22 of communication network,Wherein client application access authentication processing means 21 can use the client application access authentication processing means that any of the above-described embodiment provides,And the open gateway module 22 of communication network is for after receiving the call request message carrying access password that client application equipment sends,The authentication request message that described access password is authenticated by request is sent to client application access authentication processing means,And in certification by rear for client application equipment calls telecommunication network capability.
The embodiment of the present invention additionally provides a kind of client application equipment, Fig. 7 is the structural representation of client application apparatus embodiments of the present invention, as shown in Figure 7, client application equipment 70 includes communication network access authentication processing module 31 and telecommunication network services calling module 32, described communication network access authentication processing module 31 for sending the first authorization request message for asking specific user to license client application business to the network system of telecom operators, when specific user accepts described client application business, acquisition allows to call telecommunication network capability, the access password of client application business is provided to described specific user;Telecommunication network services calling module 32 carries the call request message of described access password to the network system of telecom operators for sending, and described call request message provides client application business for request call telecommunication network capability for described specific user.
The client application access authentication processing method that the above embodiment of the present invention provides, device, and client application business processing device, client application equipment, wherein before calling telecommunication network capability and providing the user client application business, first the subscriber equipment used to specific user or third party device send authorization request message, this specific user is authorized to use above-mentioned client application business with request, after user accepts above-mentioned client application business, described client application equipment is authorized to access telecommunication network capability again, described client application business is provided to described specific user, pass through technique scheme, SP can be improved and provide the user the safety of client application business.It addition, operator can also be to provide service for it in the case of obtaining user's agreement, and carry out charging according to service, it is possible to effectively prevent the telecommunication network capability of third-party application operator from carrying out charging swindle.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can be completed by the hardware that programmed instruction is relevant, aforesaid program can be stored in a computer read/write memory medium, this program upon execution, performs to include the step of said method embodiment;And aforesaid storage medium includes: the various media that can store program code such as ROM, RAM, magnetic disc or CDs.
Last it is noted that above example is only in order to illustrate technical scheme, it is not intended to limit;Although the present invention being described in detail with reference to previous embodiment, it will be understood by those within the art that: the technical scheme described in foregoing embodiments still can be modified by it, or wherein portion of techniques feature is carried out equivalent;And these amendments or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (11)

1. a client application access authentication processing method, it is characterised in that including:
Client application access authentication processing means receives the first authorization request message being used for asking specific user or third party to license client application business that client application equipment sends;
Described client application access authentication processing means sends the second authorization request message to subscriber equipment or the third party device of described specific user, and described second authorization request message is used for asking described specific user or third party to license described client application business;
Described client application access authentication processing means receives subscriber equipment or the Authorization result of third party device return of described specific user, determines whether that described client application equipment provides described client application business to described specific user according to described Authorization result;
Wherein, described client application access authentication processing means also includes before receiving the first authorization request message being used for asking specific user or third party to license client application business that client application equipment sends:
Described client application access authentication processing means receives the first password solicitation message that client application equipment sends, and is returned as the first access password of its distribution to described client application equipment;
According to Authorization result, described client application access authentication processing means determines whether that described client application equipment provides described client application business to include to described specific user:
Described Authorization result be described specific user accept described client application business time, described in client application equipment utilization described in client application access authentication processing means mandate, the first access password accesses telecommunication network capability, provides described client application business to described specific user;Or, described Authorization result be described specific user accept described client application business time, generate the identifying code corresponding with described first access password, and described identifying code is sent to described client application equipment, and after receiving the second password solicitation message carrying described first access password and described identifying code that client application equipment sends, the second access password is returned to client application equipment, to authorize the second access password described in described client application equipment utilization to access telecommunication network capability, described client application business is provided to described specific user.
Client application access authentication processing method the most according to claim 1, it is characterized in that, receive the subscriber equipment of described specific user or the Authorization result of third party device return in described client application access authentication processing means after, and described Authorization result is described specific user when accepting described client application business, described method also includes:
Described client application access authentication processing means carries out authentication to described specific user, and returns Authorization result to client application equipment after certification is passed through.
Client application access authentication processing method the most according to claim 1, it is characterized in that, if according to Authorization result, described client application access authentication processing means determines whether that described client application equipment provides described client application business to include to described specific user: described Authorization result be described specific user accept described client application business time, described in client application equipment utilization described in client application access authentication processing means mandate, the first access password accesses telecommunication network capability, described client application business is provided to described specific user, described method also includes:
Described client application access authentication processing means receives the call request message carrying the first access password that client application equipment sends, and when confirming that described first access password can use, allow client application equipment calls telecommunication network capability, provide described client application business to described specific user.
nullClient application access authentication processing method the most according to claim 1,It is characterized in that,If according to Authorization result, described client application access authentication processing means determines whether that described client application equipment provides described client application business to include to described specific user: described Authorization result be described specific user accept described client application business time,Generate the identifying code corresponding with described first access password,And described identifying code is sent to described client application equipment,And after receiving the second password solicitation message carrying described first access password and described identifying code that client application equipment sends,The second access password is returned to client application equipment,To authorize the second access password described in described client application equipment utilization to access telecommunication network capability,Described client application business is provided to described specific user,Described method also includes:
Described client application access authentication processing means receives the business request information carrying the second access password that client application equipment sends, and when confirming that described second access password can use, allow client application equipment to access telecommunication network capability, provide described client application business to described specific user.
Client application access authentication processing method the most according to claim 1, it is characterised in that described client application access authentication processing means sends the second authorization request message include to subscriber equipment or the third party device of specific user:
Described client application access authentication processing means sends the second authorization request message according to Web mode, WAP mode, unstructured supplementary data traffic mode, interactive voice answering or short message way to the subscriber equipment or third party device with described specific user.
Client application access authentication processing method the most according to claim 1, it is characterized in that, described second authorization request message includes telecommunication network capability information corresponding to described client application business, uses the tariff information of described network capabilities and license the time limit type of described client application business.
Client application access authentication processing method the most according to claim 6, it is characterised in that described in license the time limit type of described client application business and include:
Mandate is intended for single use described client application business, mandate is used for multiple times described client application business, mandate uses described client application business or mandate to use described client application business in one sets time range before one sets the time limit.
8. a client application access authentication processing means, it is characterised in that including:
First receiver module, for receive client application equipment send for asking specific user or third party to license the first authorization request message of client application business;
First sending module, for sending the second authorization request message to subscriber equipment or the third party device of described specific user, described second authorization request message is used for asking described specific user or third party to license described client application business;
Service authorization module, the Authorization result that the subscriber equipment or third party device for receiving described specific user returns, determine whether that described client application equipment provides described client application business to described specific user according to described Authorization result;
First password distribution module, for receive that client application equipment sends before ask the first authorization request message that specific user or third party license client application business, receive the first password solicitation message that client application equipment sends, and be returned as the first access password of its distribution to described client application equipment;
Described service authorization module specifically for described Authorization result be described specific user accept described client application business time, authorize the first access password described in described client application equipment utilization to access telecommunication network capability, provide described client application business to described specific user;Or, described Authorization result be described specific user accept described client application business time, generate the identifying code corresponding with described first access password, and described identifying code is sent to described client application equipment, and after receiving the second password solicitation message carrying described first access password and described identifying code that client application equipment sends, the second access password is returned to client application equipment, to authorize the second access password described in described client application equipment utilization to access telecommunication network capability, described client application business is provided to described specific user.
Client application access authentication processing means the most according to claim 8, it is characterised in that also include:
Authenticating user identification module, after the Authorization result returned at the subscriber equipment or third party device that receive described specific user, and described Authorization result is that described specific user is when accepting described client application business, described specific user is carried out authentication, and return Authorization result to client application equipment after certification is passed through, if generating the identifying code corresponding with described first access password, and described identifying code is carried in described Authorization result, it is sent to described client application equipment.
10. a client application business processing device, it is characterized in that, including the open gateway module of the client application access authentication processing means described in claim 8 or 9 and communication network, the open gateway module of described communication network is for after receiving the call request message carrying access password that client application equipment sends, to client application access authentication processing means send request described access password is authenticated authentication request message, and in certification by rear for client application equipment calls telecommunication network capability.
11. 1 kinds of client application equipment, it is characterized in that, including communication network access authentication processing module and telecommunication network services calling module, described communication network access authentication processing module for sending the first authorization request message for asking specific user or third party to license client application business to the network system of telecom operators, when specific user accepts described client application business, acquisition allows to call telecommunication network capability, provides the access password of client application business to described specific user;Described telecommunication network services calling module carries the call request message of described access password to the network system of telecom operators for sending, and described call request message provides client application business for request call telecommunication network capability for described specific user.
CN201110367609.9A 2011-11-18 2011-11-18 Client application access authentication treating method and apparatus Expired - Fee Related CN103124252B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201110367609.9A CN103124252B (en) 2011-11-18 2011-11-18 Client application access authentication treating method and apparatus
PCT/CN2012/084290 WO2013071836A1 (en) 2011-11-18 2012-11-08 Method and apparatus for processing client application access authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110367609.9A CN103124252B (en) 2011-11-18 2011-11-18 Client application access authentication treating method and apparatus

Publications (2)

Publication Number Publication Date
CN103124252A CN103124252A (en) 2013-05-29
CN103124252B true CN103124252B (en) 2016-08-03

Family

ID=48428977

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110367609.9A Expired - Fee Related CN103124252B (en) 2011-11-18 2011-11-18 Client application access authentication treating method and apparatus

Country Status (2)

Country Link
CN (1) CN103124252B (en)
WO (1) WO2013071836A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468487B (en) * 2013-09-23 2018-10-19 华为技术有限公司 Communication authentication method and device, terminal device
CN103532982A (en) * 2013-11-04 2014-01-22 祝贺 Wearable device based authorization method, device and system
CN104703162B (en) * 2014-12-27 2018-11-30 华为技术有限公司 A kind of method, apparatus and system by application access third party's resource
CN104715188B (en) * 2015-03-27 2019-10-01 百度在线网络技术(北京)有限公司 A kind of application implementation method and device based on binding terminal
CN107566322A (en) * 2016-06-30 2018-01-09 惠州华阳通用电子有限公司 A kind of onboard system multi-user access method and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1466308A (en) * 2002-06-15 2004-01-07 华为技术有限公司 Method for realizing content fee-conunting process
CN101083528A (en) * 2007-06-08 2007-12-05 中兴通讯股份有限公司南京分公司 Dynamic host configuring protocol based security access method and system
CN101282505A (en) * 2007-04-04 2008-10-08 中国电信股份有限公司 Method for managing service of telecommunication system
WO2010081256A1 (en) * 2009-01-16 2010-07-22 Telefonktiebolaget Lm Ericsson (Publ) Method of and message service gateway for controlling delivery of a message service to an end user
CN102004987A (en) * 2010-10-21 2011-04-06 中国移动通信集团北京有限公司 Method, device and system for realizing application service
CN102202300A (en) * 2011-06-14 2011-09-28 上海众人网络安全技术有限公司 System and method for dynamic password authentication based on dual channels

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1466308A (en) * 2002-06-15 2004-01-07 华为技术有限公司 Method for realizing content fee-conunting process
CN101282505A (en) * 2007-04-04 2008-10-08 中国电信股份有限公司 Method for managing service of telecommunication system
CN101083528A (en) * 2007-06-08 2007-12-05 中兴通讯股份有限公司南京分公司 Dynamic host configuring protocol based security access method and system
WO2010081256A1 (en) * 2009-01-16 2010-07-22 Telefonktiebolaget Lm Ericsson (Publ) Method of and message service gateway for controlling delivery of a message service to an end user
CN102004987A (en) * 2010-10-21 2011-04-06 中国移动通信集团北京有限公司 Method, device and system for realizing application service
CN102202300A (en) * 2011-06-14 2011-09-28 上海众人网络安全技术有限公司 System and method for dynamic password authentication based on dual channels

Also Published As

Publication number Publication date
CN103124252A (en) 2013-05-29
WO2013071836A1 (en) 2013-05-23

Similar Documents

Publication Publication Date Title
CN111131242B (en) Authority control method, device and system
CN102724647B (en) Method and system for access capability authorization
EP2854433B1 (en) Method, system and related device for realizing virtual sim card
CN104158824B (en) Genuine cyber identification authentication method and system
US9380038B2 (en) Bootstrap authentication framework
CN103944737A (en) User identity authentication method, third-party authentication platform and operator authentication platform
CN103124252B (en) Client application access authentication treating method and apparatus
JP2010507842A (en) System and method for authenticating remote server access
EP2039050A1 (en) Method and arrangement for authentication procedures in a communication network
CN106953831A (en) A kind of authorization method of user resources, apparatus and system
CN103179176B (en) The call method that web applies under cloud/cluster environment, device and system
CN105681259A (en) Open authorization method and apparatus and open platform
CN105307158A (en) Identity verification method of mobile phone number of communication terminal
CN107113613A (en) Server, mobile terminal, real-name network authentication system and method
CN103944861A (en) Voice verification system
CN103026659A (en) Method and system for routing communications
WO2013009191A1 (en) System and method for alternative distribution of a pin code
CN101841814A (en) Terminal authentication method and system
CN103428161A (en) Phone authentication service system
CN109150864B (en) Anti-cheating method and device based on secondary authentication
CN102149079B (en) Method, device and system for obtaining user identity identifier
CN102572762A (en) Method for scheduling service capacity by application, charging method and device
CN105392112B (en) Guard method, equipment and the system of MTC device information
CN101860521B (en) Authentication treatment method and system
CN106487776B (en) Method, network entity and system for protecting machine type communication equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200213

Address after: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee after: HUAWEI TECHNOLOGIES Co.,Ltd.

Address before: Kokusai Hotel No. 11 Nanjing Avenue in the flora of 210012 cities in Jiangsu Province

Patentee before: HUAWEI SOFTWARE TECHNOLOGIES Co.,Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20160803