CN103516677A - Authentication and authorization method through cooperation of data network and telephone network - Google Patents
Authentication and authorization method through cooperation of data network and telephone network Download PDFInfo
- Publication number
- CN103516677A CN103516677A CN201210210765.9A CN201210210765A CN103516677A CN 103516677 A CN103516677 A CN 103516677A CN 201210210765 A CN201210210765 A CN 201210210765A CN 103516677 A CN103516677 A CN 103516677A
- Authority
- CN
- China
- Prior art keywords
- authentication
- network
- user
- telephone
- application system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The invention provides an authentication and authorization method through cooperation of a data network and a telephone network. The method comprises introducing an authentication cooperation unit during an authentication and authorization process. When an application system needs authentication or authorization of the identity of a user, the user inputs his/her own user identification mark via a data network. The application system sends an authentication request to the authentication cooperation unit, the authentication cooperation unit, by employing signaling abilities provided by a telephone network, initiates information interaction with a telephone terminal bound with the user, and then authorization information collected from the telephone terminal and network attributes of the telephone terminal in the telephone network are sent back by the authentication cooperation unit to the application system. The application system, based on the information obtained from the authentication cooperation unit, authenticates and authorizes the user to finish the process. Therefore, without changes of an authentication method of an application system, network separation in a user authentication and authorization process is achieved and security of authentication is further enhanced through utilization of attributes provided by a telephone network.
Description
Technical field
The present invention relates to the security credential way of application access, more particularly, two independent input approach of a kind of combination data network and telephone network carry out combination attestation method for authenticating.
Background technology
In recent years, network has been deep into the every aspect of user's life, and user often arrives all kinds of services of types of applications system acquisition by network entry.Most application systems adopt the authentication mode at consolidated network input user's identification mark and password; Internet is now upper, and the serious threat users such as wooden horse, virus, fishing website, hacker login safety, and when single network is attacked, the event that all information materials of account are revealed happens occasionally.
If there is a kind of authentication method, support user's identification mark and password to be inputted by different approaches, can reduce to a great extent the probability that user's identification mark and password are stolen simultaneously; Meanwhile, increased the difficulty of falsely using user's identification mark and password success login system.
Summary of the invention
The present invention proposes a kind of method of data network and telephone network combination attestation authentication, realize the identification mark from data network input user, the authentication of inputting the association of described user's identification mark from telephone network requires the content of replying, and in application system inside, completes final authentication.The method can be used for the various network application systems that have authentication demand.
The object of the present invention is achieved like this, adopt data network and telephone network combination attestation method for authenticating to carry out the user identity of authentication application system, it is characterized in that, described method comprises that user is provided by the service that user (1) uses application system (3) to provide through IP network (2), when described application system (3) requires the authenticating identity to described user, described user inputs user's identification mark by described user (1); Described application system (3) offers the collaborative unit (4) of authentication by the telephone terminal number of described user's identification mark binding, the authentication reciprocal process of unit (4) between the telephone terminal (6) that telephone network (5) is initiated and application system provides is worked in coordination with in described authentication, and require described user in the upper authentication verification information of replying of described telephone terminal (6), described authentication is worked in coordination with unit (4) and is collected described authentication verification information from described telephone terminal (6), and described application system (3) is given in loopback; Described application system (3) is checked by described user's identification mark of receiving from described user (1) with from the collaborative unit (4) of described the authentication described authentication verification information of receiving and the authentication information that is kept in advance described application system (3), according to checked result, determine described user identity, complete the authentication to described user.
Accompanying drawing explanation
Fig. 1 is the flow chart that user of the present invention logins application system
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with embodiment and accompanying drawing, the present invention is described in more detail.
With reference to Fig. 1, collaborative authentication method of the present invention, application system Wei the Internet provides the system of application service, and it is online that the collaborative unit of authentication is connected to telephone exchange by signaling method, and application system is connected by special line or VPN mode with the collaborative unit of authentication.
The collaborative authentication method of data network of the present invention and telephone network comprises the following steps while specifically processing:
Step 101: user is in the upper request login of the network terminal (PC, custom terminal) application system;
Step 102: application system, according to internal authentication method for authenticating, is initiated collaborative authentication request to the collaborative unit of authentication, and collaborative authentication request at least comprises a telephone number and an authentication requirement information;
Step 103: the collaborative unit of authentication, according to telephone number and authentication requirement in collaborative authentication request, is initiated to the authentication request reciprocal process of this telephone number on telephone network;
Step 104: user responds the reciprocal process of being initiated by the collaborative unit of authentication on telephone terminal, the authentication information that input application system requires, is uploaded to the collaborative unit of authentication by telephone network;
Step 105: authenticate collaborative unit and receive the authentication information that user uploads by telephone terminal, combine the interior adeditive attribute of telephone network of this telephone terminal simultaneously, the response as to collaborative authentication request, is recycled to application system;
Step 106: the information that application system is returned according to the collaborative unit of authentication, judgement user's legitimacy and rights of using, determine whether allow user to login application system.
In the collaborative authentication method of data network of the present invention and telephone network, the heterogeneous networks of user's login and checking use is realized in the collaborative unit of application system utilization authentication, and further can utilize the network attribute of telephone terminal, design safer authentication flow process.Therefore, when not affecting original application system authentication process, the method for the collaborative authentication of data network of the present invention and telephone network realized user's secure log, existing equipment and algorithm without transformation application system, solved user's problem that account is stolen by wooden horse when consolidated network authentication, utilize the build-in attribute of telephone network simultaneously, promoted the fail safe of user's login.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add necessary general hardware platform by software and realizes.Understanding based on such, technical scheme of the present invention can embody with the form of software product, it (can be CD-ROM that this software product can be stored in a non-volatile memory medium, USB flash disk, portable hard drive etc.) in, comprise some instructions with so that computer equipment (can be personal computer, server, or the network equipment etc.) carry out the method described in each embodiment of the present invention.
The foregoing is only the preferred embodiments of the present invention; be not limited to the present invention; for a person skilled in the art; can carry out various changes and modification to the present invention; within the spirit and principles in the present invention all; any modification of doing, be equal to replacement, improvement etc., within protection scope of the present invention all should be included in.
Claims (14)
1. the collaborative authentication method of a data network and telephone network, for the user's of access application system (3) (1) identity is carried out to authentication, it is characterized in that, the service that user (1) uses described application system (3) to provide through data network (2) is provided described method, when described application system (3) requires the authenticating identity to described user, described user (1) inputs customer identification information; Described application system (3) passes to the collaborative unit (4) of authentication by authentication mode and relevant parameter, the authentication reciprocal process of unit (4) between the telephone terminal (6) that telephone network (5) is initiated and application system provides is worked in coordination with in described authentication, obtain the upper authentication verification information of replying of described telephone terminal (6), described authentication is worked in coordination with unit (4) and is collected described authentication verification information from described telephone terminal (6), and described application system (3) is given in loopback; Described application system (3) is checked by described user's identification mark of receiving from described user (1) with from the collaborative unit (4) of described the authentication described authentication verification information of receiving and the authentication information that is kept in advance described application system (3), according to checked result, determine described user identity, complete the authentication to described user.
2. the combination attestation method for authenticating of data network as claimed in claim 1 and telephone network, in described application system (3), preserve the many tuple information for authentication, polynary group of information described in each comprises user's identification mark, user cipher and associated telephone terminal number and additional authentication information.User's identification mark includes but not limited to: user name, email address, telephone number, identification card number, instant messaging account number, social network account, bank card account number etc.
3. the combination attestation method for authenticating of data network as claimed in claim 1 and telephone network, when described application system (3) is initiated identification authentication to described user, described user (1) inputs user's identification mark as claimed in claim 2 of described user-association on data network.
4. the combination attestation method for authenticating of data network as claimed in claim 1 and telephone network, when described application system (3) is initiated identification authentication to described user, described application system (3), after receiving user's identification mark as claimed in claim 3, requires to send to the collaborative unit (4) of described authentication by the telephone terminal number as claimed in claim 2 of described user's identification mark association, authentication additional information and authentication.
5. the combination attestation method for authenticating of data network as claimed in claim 1 and telephone network, described authentication is worked in coordination with unit (4) after receiving telephone terminal number as claimed in claim 4, described authentication additional information and described authentication and requiring, described authentication is worked in coordination with unit (4) and is utilized the signalling capability of described telephone network (5) to initiate the reciprocal process of described telephone terminal number (6), and user works in coordination with unit (4) in the upper authentication information of replying of described telephone terminal (6) to described authentication as claimed in claim 3.
6. the combination attestation method for authenticating of data network as claimed in claim 1 and telephone network, described authentication is worked in coordination with unit (4) according to the further user authentication mode and the annex network authentication mode that indicate in authentication requirement as claimed in claim 4, carry out additional authentication authentication, gather additional authentication authentication result.
7. additional authentication mode as claimed in claim 6, described annex subscription authentication result includes but not limited to:
Described in 7.1, the safety problem of setting in described application system (3) is in advance pointed out described user in the collaborative unit (4) of authentication, and the answer that described user that unit (4) receives replys on described telephone terminal is worked in coordination with in described authentication;
Described in 7.2, the personal information appointed information item arranging in described user's described application system in advance (3) is pointed out in the collaborative unit (4) of authentication, and the content that described user that unit (4) receives replys on described telephone terminal is worked in coordination with in described authentication.
8. additional authentication mode as claimed in claim 6, described complementary network authenticating result also includes but not limited to:
Described in 8.1, the collaborative unit (4) of authentication collects the positional information of described telephone terminal from described telephone network (5);
Described in 8.2, the collaborative unit (4) of authentication collects the hardware identifier information of described telephone terminal from described telephone network (5);
Described in 8.3, the collaborative unit (4) of authentication collects the historical message registration information of described telephone terminal from described telephone network (5).
9. the combination attestation method for authenticating of data network as claimed in claim 1 and telephone network, described authentication is worked in coordination with the authentication information of the user as claimed in claim 5 who receives being replied unit (4) and further user authenticating result as claimed in claim 7 and complementary network authenticating result as claimed in claim 8 loopback to described application system (3).
10. the combination attestation method for authenticating of data network as claimed in claim 1 and telephone network, described application system (3) by user's identification mark as claimed in claim 3, user replys as claimed in claim 9 authentication information and described further user authentication information and complementary network authentication information carry out authentication calculations with certain authentication arithmetic and many tuple information as claimed in claim 2, obtains authenticating result.
The collaborative authentication method of 11. data networks as claimed in claim 1 and telephone network, described telephone network
(5) be PSTN (PSTN) net, described telephone terminal is landline telephone;
Or
Described telephone network (5) is GSM mobile phone network network diagram, and described telephone terminal is GSM mobile handset;
Or
Described telephone network (5) is CDMA mobile telephone network network diagram, and described telephone terminal is CDMA mobile phone;
Or
Described telephone network (5) is WCDMA mobile telephone network network diagram, and described telephone terminal is WCDMA mobile phone;
Or
Described telephone network (5) is CDMA2000 mobile telephone network network diagram, and described telephone terminal is CDMA2000 handset;
Or
Described telephone network (5) is TD-SCMDA mobile telephone network network diagram, and described telephone terminal is TD-SCDMA mobile phone;
Or
Described telephone network (5) is LTE mobile telephone network network diagram, and described telephone terminal is LTE mobile phone.
The collaborative authentication method of 12. data networks as claimed in claim 1 and telephone network, described data network includes but not limited to: IP network, atm network, frame-relay network, DDN network etc.
The signalling capability of the telephone network that the collaborative unit of 13. authentications as claimed in claim 5 is used, includes but not limited to: USSD mode, UserToUser signaling, note, IVR etc.
The collaborative authentication method of 14. data networks as claimed in claim 1 and telephone network, described application system includes but not limited to: e-commerce website, Web bank, Internet securities, online game, social networks etc.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210210765.9A CN103516677A (en) | 2012-06-26 | 2012-06-26 | Authentication and authorization method through cooperation of data network and telephone network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210210765.9A CN103516677A (en) | 2012-06-26 | 2012-06-26 | Authentication and authorization method through cooperation of data network and telephone network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103516677A true CN103516677A (en) | 2014-01-15 |
Family
ID=49898726
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210210765.9A Pending CN103516677A (en) | 2012-06-26 | 2012-06-26 | Authentication and authorization method through cooperation of data network and telephone network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103516677A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016106535A1 (en) * | 2014-12-28 | 2016-07-07 | 高剑青 | Cellular network system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003030464A1 (en) * | 2001-09-29 | 2003-04-10 | Huawei Technologies Co., Ltd. | A method for pc client security authentication |
| EP1680720A1 (en) * | 2003-11-07 | 2006-07-19 | TELECOM ITALIA S.p.A. | Method and system for the authentication of a user of a data processing system |
| CN101409880A (en) * | 2007-10-09 | 2009-04-15 | 中国电信股份有限公司 | System and method for account authentication and cryptogram management between communication networks |
| CN101795454A (en) * | 2010-02-10 | 2010-08-04 | 熊文俊 | Method and system of double identity authentication based on mobile communication independent channel |
| CN101834834A (en) * | 2009-03-09 | 2010-09-15 | 华为软件技术有限公司 | Authentication method, device and system |
| CN101895831A (en) * | 2009-05-20 | 2010-11-24 | 中国电信股份有限公司 | Realization method for wireless local area network (WLAN) verification and communication terminal |
-
2012
- 2012-06-26 CN CN201210210765.9A patent/CN103516677A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003030464A1 (en) * | 2001-09-29 | 2003-04-10 | Huawei Technologies Co., Ltd. | A method for pc client security authentication |
| EP1680720A1 (en) * | 2003-11-07 | 2006-07-19 | TELECOM ITALIA S.p.A. | Method and system for the authentication of a user of a data processing system |
| CN101409880A (en) * | 2007-10-09 | 2009-04-15 | 中国电信股份有限公司 | System and method for account authentication and cryptogram management between communication networks |
| CN101834834A (en) * | 2009-03-09 | 2010-09-15 | 华为软件技术有限公司 | Authentication method, device and system |
| CN101895831A (en) * | 2009-05-20 | 2010-11-24 | 中国电信股份有限公司 | Realization method for wireless local area network (WLAN) verification and communication terminal |
| CN101795454A (en) * | 2010-02-10 | 2010-08-04 | 熊文俊 | Method and system of double identity authentication based on mobile communication independent channel |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016106535A1 (en) * | 2014-12-28 | 2016-07-07 | 高剑青 | Cellular network system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11405380B2 (en) | Systems and methods for using imaging to authenticate online users | |
| US10275582B2 (en) | Online account access control by mobile device | |
| CN103856472B (en) | A kind of method and device of Account Logon | |
| JP5514200B2 (en) | Improved biometric authentication and identification | |
| US20150096004A1 (en) | Method and apparatus for service login based on third party's information | |
| EP2924944B1 (en) | Network authentication | |
| US20190303929A1 (en) | Using out-of-band mobile device possession attestation to release verified user identity attributes during internet transactions | |
| CA2557143C (en) | Trust inheritance in network authentication | |
| CN107210916A (en) | Condition, which is logged in, to be promoted | |
| JP2014527374A (en) | Identification device and method | |
| TWI632798B (en) | Server, mobile terminal, and network real-name authentication system and method | |
| JP2007264835A (en) | Authentication method and system | |
| US20140053251A1 (en) | User account recovery | |
| CN107809438A (en) | A kind of network authentication method, system and its user agent device used | |
| CN103200150A (en) | Identity authentication method and system | |
| CN107454064A (en) | A kind of visitor's authentication method and system based on public number | |
| CN102868702A (en) | System login device and system login method | |
| JP2015099470A (en) | System, method, and server for authentication, and program | |
| CN106453321A (en) | Authentication server, system and method, and to-be-authenticated terminal | |
| CN103428698B (en) | Mobile interchange participant's identity strong authentication method | |
| KR101133167B1 (en) | Method and apparatus for user verifing process with enhanced security | |
| CN105897726A (en) | Associated account data sharing method and device | |
| CN103516677A (en) | Authentication and authorization method through cooperation of data network and telephone network | |
| KR101221728B1 (en) | The certification process server and the method for graphic OTP certification | |
| CN107317808A (en) | A kind of safety certifying method based on device pairing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140115 |