CN103701763A - System, method and device for verifying client-side equipment - Google Patents
System, method and device for verifying client-side equipment Download PDFInfo
- Publication number
- CN103701763A CN103701763A CN201210370219.1A CN201210370219A CN103701763A CN 103701763 A CN103701763 A CN 103701763A CN 201210370219 A CN201210370219 A CN 201210370219A CN 103701763 A CN103701763 A CN 103701763A
- Authority
- CN
- China
- Prior art keywords
- password
- side equipment
- user side
- interim
- permanent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a system, a method and a device for verifying client-side equipment. The device for verifying the client-side equipment comprises a verifying information acquisition module, a registering module and a verifying module, wherein the pre-generated verifying and registering information of the client-side equipment is acquired by the verifying information acquisition module, and the pre-generated verifying and registering information of the client-side equipment comprises the equipment ID (Identity), the temporary password and the permanent password of the client-side equipment; a registering request containing the equipment ID and the temporary password is received by the registering module from the client-side equipment; whether an equipment ID and a temporary password which are matched and consistent with the equipment ID and the temporary password which are received from the client-side equipment exist in the pre-generated verifying and registering information or not is verified by the verifying module, and if the equipment ID and the temporary password exist, the permanent password corresponding to the equipment ID and the temporary password which are matched and consistent is sent to the client-side equipment by the verifying module, so that the registering request is sent to the registering module by the client-side equipment through the equipment ID and the permanent password.
Description
Technical field
The application relates to for the system of authentication of users side apparatus, method and apparatus.
Background technology
In NGN, IMS network, user side equipment comprises that SIP phone, IP PBX, IAD, AG etc. are multiple, is responsible for service accesses such as user's speech, faxes to core net.User side equipment needs configure user code number, and is using this code number can use business after NGN, IMS registers kernel network.
Business support system is accepted after business, generates the user data comprise code number, by ACS(Access Control Service; Access control service) server issues user code number to user side equipment.And then user side equipment is used this code number to be registered to NGN, IMS core net, use business.
Due to user side equipment One's name is legion, and IP mode accesses, and ac server needed the legitimacy of authenticated user side apparatus before lower signaling number, prevented code number to write counterfeit equipment.
At present, ac server is most by device id, cipher authentication user side equipment legitimacy.When business support system is accepted business, generate device id, password, be issued to ac server, and output to construction work order, in the deployed with devices stage, with manual type, be configured to user side equipment.Power on backward ac server of user side equipment is initiated registration, the authentication of finishing equipment legitimacy.Owing to opening at user side equipment, in layoutprocedure, device id and code data circulate in work order with clear-text way, therefore have disclosure risk.
Summary of the invention
The application's object is to provide a kind of system for authentication of users side apparatus, method and apparatus that at least can partly improve above-mentioned defect of the prior art.
The application's a aspect provides a kind of device for authentication of users side apparatus, comprising:
Authorization information acquisition module, obtains pregenerated user side equipment registration authorization information, and described registration authorization information comprises the device id of user side equipment, interim password and permanent password;
Registering modules, receives the registration request that comprises described device id and described interim password from described user side equipment; And
Authentication module, whether checking exists with the device id receiving from described user side equipment and interim password in described pregenerated registration authorization information mates consistent device id and interim password,
If existed, described authentication module sends to described user side equipment by the device id consistent with coupling and the corresponding permanent password of interim password, thereby makes described user side equipment to described Registering modules, send registration request by described device id and described permanent password.
Another aspect of the application provides a kind of method for authentication of users side apparatus, comprising:
From user side equipment, receive device id and the interim password for user side equipment;
Determine received device id and interim password and the multipair device id obtaining in advance and temporarily a pair of in password match consistent; And
The permanent password corresponding with the consistent device id that matches sent to described user side equipment, thereby make described user side equipment to network side, send registration request by described permanent password and described device id.
According to another aspect of the application, a kind of system for authentication of users side apparatus is also provided, comprising:
Ac server; And
Business support system, for user side equipment generates mutually corresponding device id, interim password and permanent password, wherein, described business support system sends to described device id and described interim password respectively user's side of described ac server and described user side equipment, and described permanent password is only sent to described ac server
Wherein, described ac server is configured to receive from described user side equipment the registration request that comprises described device id and described interim password, and mate checking with the device id receiving from described business support system and interim password, if consistent, described ac server sends to described user side equipment by the corresponding permanent password of the ID with configuration consistency, thereby makes described user side equipment to described ac server, send registration request by described device id and described permanent password.
Accompanying drawing explanation
Fig. 1 shows according to the system for authentication of users side apparatus of an execution mode of the application.
Shown in Fig. 2 according to the method flow diagram for authentication of users side apparatus of an execution mode of the application.
Embodiment
In order to understand better the application, with reference to accompanying drawing, the various aspects to the application are made to more detailed description.Be appreciated that the just description to the application's preferred embodiment of described drawings and detailed description, but not limit by any way the application's scope.
Fig. 1 shows the system 1000 for authentication of users side apparatus according to an execution mode of the application.As shown in the figure, this system 1000 comprises business support subsystem 100 and ac server 200.
As shown in Figure 1, ac server 200 further comprises authorization information acquisition module 21, Registering modules 22 and authentication module 23.Below with reference to the method 2000 for authentication of users side apparatus according to an execution mode of the application shown in Fig. 2, further describe the mutual cooperation relation between memory module 21, Registering modules 22 and authentication module 23.
In step S210, authorization information acquisition module 21 is for obtain the pregenerated registration authorization information of user side equipment from example business support subsystem 100 described above, and pregenerated registration authorization information comprises the device id of user side equipment, interim password and permanent password.In one embodiment, ac server 200 also can comprise memory module (not shown), for corresponding stored, has the device id generating by business support subsystem 100, interim password and permanent password.Configured its device id and interim password to user side equipment after, during registration process for the first time after this user side equipment powers on, to ac server 200, send and comprise the device id of this user side equipment and the registration request of interim password.22 of Registering modules receive this registration request from user side equipment, and therefrom obtain device id and interim password.
In step S220, whether authentication module 23 checkings have with the device id receiving from user side equipment and interim password in pregenerated registration authorization information mates consistent device id and interim password, if existed, will in step S230, the device id consistent with coupling and the corresponding permanent password of interim password be sent to user side equipment, in one embodiment can be by the mode of encrypting, for example TLS encrypts, and permanent password is sent to user side equipment.In step S240, user side equipment sends registration request by device id and permanent password to Registering modules 22, thereby user side equipment is registered to ac server 200.
In one embodiment, abolish interim password after being registered to ac server, user side equipment can only be initiated registration by permanent password.Like this, interim password, only for the registration for the first time after device power, has been registered rear inefficacy.Therefore, even plaintext device id, interim password are revealed and also can not produced free call on sb. else's expense through illegal means problem in the process of configuration deployment user side equipment.And permanent password sends to user side equipment by encrypted link, cannot check, can not produce password leakage problem.By the cooperation flow process of above-mentioned interim password, permanent password, solve password leakage, free call on sb. else's expense through illegal means security risk.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can complete by the relevant hardware of program command, aforesaid program can be stored in computer read/write memory medium, this program, when carrying out, is carried out the step that comprises said method execution mode; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CDs.
Although the application utilizes foregoing description and embodiment to illustrate, the application is not so limited.The claim of the application's protection range in appended claims limits, any technical characterictic in claim is carried out be equal to replacement, all should belong to the application's limited range.
Claims (10)
1. for a device for authentication of users side apparatus, comprising:
Authorization information acquisition module, obtains pregenerated user side equipment registration authorization information, and described pregenerated user side equipment registration authorization information comprises the device id of user side equipment, interim password and permanent password;
Registering modules, receives the registration request that comprises described device id and described interim password from described user side equipment; And
Authentication module, whether checking exists with the device id receiving from described user side equipment and interim password in described pregenerated registration authorization information mates consistent device id and interim password,
If existed, described authentication module sends to described user side equipment by the device id consistent with coupling and the corresponding permanent password of interim password, thereby makes described user side equipment to described Registering modules, send registration request by described device id and described permanent password.
2. device as claimed in claim 1, also comprises:
Memory module, corresponding stored has the device id of user side equipment, interim password and permanent password
3. device as claimed in claim 1 or 2, wherein, described Registering modules is configured to, by encrypted link, described permanent password is sent to described user side equipment.
4. device as claimed in claim 1 or 2, wherein, described authentication module is configured to, when checking, determining and in described pregenerated registration authorization information, have while mating consistent device id and interim password with the device id receiving from described user side equipment and interim password, is invalid by this interim pin marker.
5. for a method for authentication of users side apparatus, comprising:
From user side equipment, receive device id and the interim password for user side equipment;
Determine received device id and interim password and the multipair device id obtaining in advance and temporarily a pair of in password match consistent; And
The permanent password corresponding with the consistent device id that matches sent to described user side equipment, thereby make described user side equipment to network side, send registration request by described permanent password and described device id.
6. method as claimed in claim 5, wherein, described device id, described interim password and described permanent password are generated by business support system, and described interim password and described permanent password corresponding one by one with described device id.
7. the method as described in claim 5 or 6, wherein, receives for the device id of user side equipment and the step of interim password and comprises from user side equipment:
With clear-text way, obtain described device id and described interim password;
Obtained device id and interim Password Input are arrived to described subscriber equipment; And
Described subscriber equipment is initiated to the registration request of described network side by device id and the interim password of input, thereby makes to obtain described device id and interim password at network side.
8. method as claimed in claim 5, also comprises:
That obtains in advance is set to invalid step through the interim password of verifying.
9. the method as described in claim 5 or 6, wherein, sends to described user side equipment by encrypted link by described permanent password.
10. for a system for authentication of users side apparatus, comprising:
Ac server; And
Business support subsystem, for user side equipment generates mutually corresponding device id, interim password and permanent password, wherein, described business support system sends to described device id and described interim password respectively user's side of described ac server and described user side equipment, and described permanent password is only sent to described ac server
Wherein, described ac server is configured to receive from described user side equipment the registration request that comprises described device id and described interim password, and mate checking with the device id receiving from described business support subsystem and interim password, if consistent, described ac server sends to described user side equipment by the corresponding permanent password of the ID with configuration consistency, thereby makes described user side equipment to described ac server, send registration request by described device id and described permanent password.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210370219.1A CN103701763B (en) | 2012-09-27 | 2012-09-27 | System, method and device for verifying client-side equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210370219.1A CN103701763B (en) | 2012-09-27 | 2012-09-27 | System, method and device for verifying client-side equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103701763A true CN103701763A (en) | 2014-04-02 |
| CN103701763B CN103701763B (en) | 2017-03-22 |
Family
ID=50363162
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210370219.1A Active CN103701763B (en) | 2012-09-27 | 2012-09-27 | System, method and device for verifying client-side equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103701763B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106878020A (en) * | 2017-01-24 | 2017-06-20 | 广州弘度信息科技有限公司 | Network system, the authentication method of the network equipment and device |
| CN107347054A (en) * | 2016-05-05 | 2017-11-14 | 腾讯科技(深圳)有限公司 | A kind of auth method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002011466A2 (en) * | 2000-07-27 | 2002-02-07 | Ipwireless, Inc. | Use of internet technology to register wireless access customers |
| CN101262368A (en) * | 2008-03-17 | 2008-09-10 | 中兴通讯股份有限公司 | Method and device for configuration and configuration in home gateway routing mode |
| CN101557406A (en) * | 2009-06-01 | 2009-10-14 | 杭州华三通信技术有限公司 | User terminal authentication method, device and system thereof |
| CN102325322A (en) * | 2011-05-18 | 2012-01-18 | 西安电子科技大学 | Multi-way access gateway device supporting wireless network and certification method |
| CN102347936A (en) * | 2010-07-30 | 2012-02-08 | 国基电子(上海)有限公司 | Network access device and network access method thereof |
-
2012
- 2012-09-27 CN CN201210370219.1A patent/CN103701763B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002011466A2 (en) * | 2000-07-27 | 2002-02-07 | Ipwireless, Inc. | Use of internet technology to register wireless access customers |
| CN101262368A (en) * | 2008-03-17 | 2008-09-10 | 中兴通讯股份有限公司 | Method and device for configuration and configuration in home gateway routing mode |
| CN101557406A (en) * | 2009-06-01 | 2009-10-14 | 杭州华三通信技术有限公司 | User terminal authentication method, device and system thereof |
| CN102347936A (en) * | 2010-07-30 | 2012-02-08 | 国基电子(上海)有限公司 | Network access device and network access method thereof |
| CN102325322A (en) * | 2011-05-18 | 2012-01-18 | 西安电子科技大学 | Multi-way access gateway device supporting wireless network and certification method |
Non-Patent Citations (1)
| Title |
|---|
| 张瑞利: "IMS网络接入设备运维管理分析与研究", 《中国优秀硕士学位论文全文数据库 经济与管理科学辑》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107347054A (en) * | 2016-05-05 | 2017-11-14 | 腾讯科技(深圳)有限公司 | A kind of auth method and device |
| CN106878020A (en) * | 2017-01-24 | 2017-06-20 | 广州弘度信息科技有限公司 | Network system, the authentication method of the network equipment and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103701763B (en) | 2017-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10292049B2 (en) | Enabling a software application to be executed on a mobile station | |
| CN104113534B (en) | The login system and method for application APP | |
| CN102546532B (en) | Capacity calling method, request unit, platform and system | |
| CN104735065B (en) | A kind of data processing method, electronic equipment and server | |
| CN104869102B (en) | Authorization method, device and system based on xAuth agreement | |
| CN104125565A (en) | Method for realizing terminal authentication based on OMA DM, terminal and server | |
| CN102378170A (en) | Method, device and system of authentication and service calling | |
| CN107689870A (en) | Client method for authenticating and system | |
| CN106034104A (en) | Verification method, verification device and verification system for network application accessing | |
| CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
| CN101841525A (en) | Secure access method, system and client | |
| CN105790962B (en) | Method, device and system for acquiring conference document | |
| CN104917766A (en) | Security authentication method for two-dimension code | |
| CN104717224B (en) | A kind of login method and device | |
| CN103853950A (en) | Authentication method based on mobile terminal and mobile terminal | |
| CN104717648A (en) | Unified authentication method and device based on SIM card | |
| CN103179176B (en) | The call method that web applies under cloud/cluster environment, device and system | |
| CN105447715A (en) | Method and apparatus for anti-theft electronic coupon sweeping by cooperating with third party | |
| CN104753674A (en) | Application identity authentication method and device | |
| CN105516135A (en) | Method and device used for account login | |
| CN102984335B (en) | Dial the identity identifying method of landline telephone, equipment and system | |
| CN103905194A (en) | Identity traceability authentication method and system | |
| CN105703910A (en) | Dynamic password verifying method based on Wechat service number | |
| CN109525565A (en) | A kind of defence method and system for SMS interception attack | |
| CN114499975A (en) | Method for verifying login server, server and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |