CN106453199A - Unified authentication method and system based on subscriber identity module card - Google Patents

Unified authentication method and system based on subscriber identity module card Download PDF

Info

Publication number
CN106453199A
CN106453199A CN201510474991.1A CN201510474991A CN106453199A CN 106453199 A CN106453199 A CN 106453199A CN 201510474991 A CN201510474991 A CN 201510474991A CN 106453199 A CN106453199 A CN 106453199A
Authority
CN
China
Prior art keywords
client terminal
authentication
business platform
request
certificate server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510474991.1A
Other languages
Chinese (zh)
Inventor
庄永昌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN201510474991.1A priority Critical patent/CN106453199A/en
Publication of CN106453199A publication Critical patent/CN106453199A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Abstract

The invention discloses a unified authentication method and system based on a subscriber identity module card. The method comprises the steps that a client terminal sends a logging-in request to a business platform, wherein the logging-in request comprises the authentication information based on the subscriber identity module card; the business platform transmits a subscriber authentication request to an authentication server, wherein the subscriber authentication request comprises the authentication information; the authentication server carries out the authentication of the identity of a subscriber according to the authentication information, and returns an authentication result to the business platform; and the business platform decides whether to pass the logging-in request of the client terminal or not according to the authentication result. According to the invention, when the client terminal logs in the business platform through a wireless local area network, the authentication service based on the subscriber identity module card can still be provided for the business platform, thereby improving the safety level of the authentication of the client terminal.

Description

Uniform authentication method based on Subscriber Identity Module and system
Technical field
The present invention relates to internet arena, recognized based on the unification of Subscriber Identity Module particularly to a kind of Card method and system.
Background technology
At present, be disclosure satisfy that based on the uniform authentication method of Subscriber Identity Module (abbreviation subscriber card) Client accesses mobile operator network (2G/3G/4G), registering service platform by mobile terminal High safety rank authentication requesting, its safety is by based on Subscriber Identity Module and public mobile communication The Verification System of net is ensured.Its principle is, when the user that client is passed through in mobile terminal knows When other clamping enters public mobile network, public mobile network will be to Subscriber Identity Module and signing industry Service type is authenticated, and 4G Subscriber Identity Module is then authenticated to public mobile network simultaneously, Realize the two-way authentication of more high safety rank.When business platform receives the service request of client When, send certification request to the certificate server of public mobile network operator, the public is mobile logical The certificate server of letter network operation business passes back through the confirmation of certification to business platform.
But, when client does not pass through public mobile network, but by mobile terminal When WiFi is connected to business platform, due to Subscriber Identity Module and public mobile network and be not involved in Above-mentioned login process, public mobile network does not grasp the login behavior of mobile terminal and related letter Breath, also just cannot provide the certification clothes based on public mobile network access authentication for business platform Business.Client in the WiFi access service platform by mobile terminal, in mobile terminal even Subscriber Identity Module can be not inserted into.
Content of the invention
A kind of in view of above technical problem, the invention provides unified certification based on Subscriber Identity Module Method and system, when client terminal signs in business platform by WLAN, authentication service Device remains able to provide the authentication service of high safety rank for business platform.
According to an aspect of the present invention, provide a kind of unified certification side based on Subscriber Identity Module Method, including:
Client terminal sends logging request to business platform, and wherein, logging request is included based on use The authentication information of family identification card;
Business platform sends user authentication request, wherein, user authentication request to certificate server Include described authentication information;
Certificate server carries out authenticating user identification according to described authentication information, and by authentication result Return to business platform;
Business platform decides whether the logging request by client terminal according to authentication result.
In one embodiment of the invention, methods described also includes:If client terminal passes through public affairs Many mobile radio communications send logging request to business platform, then described authentication information includes client eventually End ID, user's identification card number, Service Ticket and authenticated time;Described authenticating user identification is Certification based on subscriber identification card;
If client terminal passes through WLAN and sends logging request to business platform, described recognize It is nearest that card information includes client terminal ID, user's identification card number, Service Ticket and client terminal Once pass through the time of public mobile network certification.
In one embodiment of the invention, if client terminal passes through WLAN and puts down to business Platform sends logging request, then certificate server carries out authenticating user identification according to described authentication information Step include:
Certificate server judges whether client terminal is registered to public mobile network;
If client terminal is registered to public mobile network, certificate server the inquiry public move The log-on message of communication network, and the log-on message according to the client terminal inquiring, are based on The authenticating user identification of Subscriber Identity Module.
In one embodiment of the invention, certificate server is used according to described authentication information The step of family authentication also includes:
If client terminal is not registered to public mobile network, certificate server is recognized according to described Card information is compared with the authentication record in certificate server, carries out recognizing based on Subscriber Identity Module The authenticating user identification of card record.
In one embodiment of the invention, methods described also includes:
Client terminal is encrypted to the authentication information based on Subscriber Identity Module, executes afterwards The step sending logging request to business platform;
After business platform sends the step of user authentication request to certificate server, described side Method also includes:
Certificate server is decrypted to the authentication information in user authentication request, executes root afterwards The step carrying out authenticating user identification according to described authentication information.
In one embodiment of the invention, user authentication request includes secondary checking request;
Methods described also includes:Certificate server is recognized by user identity according to described authentication information After card, secondary checking is sent to client terminal according to secondary checking request and requires;
The secondary checking information that certificate server returns according to client terminal, is carried out to user identity Secondary checking, and using secondary the result as authentication result, execute afterwards and authentication result is returned Step back to business platform.
According to a further aspect in the invention, provide a kind of unified certification system based on Subscriber Identity Module System, including client terminal, business platform and certificate server, wherein:
Client terminal, for sending logging request to business platform, wherein, logging request includes Authentication information based on Subscriber Identity Module;
Business platform, for sending user authentication request to certificate server, wherein, user recognizes Card request includes described authentication information;And determined according to the authentication result of certificate server return Whether by the logging request of client terminal.
Certificate server, carries out authenticating user identification for described authentication information, and certification is tied Fruit returns to business platform.
In one embodiment of the invention, if client terminal passes through public mobile network to industry Business platform sends logging request, then described authentication information includes client terminal ID, Subscriber Identity Module Number, Service Ticket and authenticated time;Described authenticating user identification is based on user identity identification The certification of card;
If client terminal passes through WLAN and sends logging request to business platform, described recognize It is nearest that card information includes client terminal ID, user's identification card number, Service Ticket and client terminal Once pass through the time of public mobile network certification.
In one embodiment of the invention, certificate server includes enquiry module and authentication module, Wherein:
Enquiry module, sends login for passing through WLAN in client terminal to business platform During request, whether it is registered to public mobile network to public mobile network inquiry client terminal; And when client terminal is registered to public mobile network, obtain the log-on message of client terminal;
Authentication module, for the Query Result according to enquiry module, is registered to public affairs in client terminal During many mobile radio communications, the log-on message of the client terminal being got according to enquiry module, carry out Authenticating user identification based on Subscriber Identity Module.
In one embodiment of the invention, authentication module is additionally operable to the inquiry according to enquiry module As a result, when client terminal is not registered to public mobile network, according to described authentication information with Authentication record in certificate server is compared, and carries out based on Subscriber Identity Module authentication record Authenticating user identification.
In one embodiment of the invention, client terminal is additionally operable to based on Subscriber Identity Module Authentication information is encrypted, and executes the operation sending logging request to business platform afterwards;
Certificate server is additionally operable to after receiving the user authentication request of business platform transmission, Authentication information in user authentication request is decrypted, executes afterwards according to described authentication information Carry out the operation of authenticating user identification.
In one embodiment of the invention, user authentication request includes secondary checking request;
Certificate server is additionally operable to after authenticating user identification passes through, according to secondary checking request to Client terminal sends secondary checking and requires;The secondary checking information being returned according to client terminal is right User identity carries out secondary checking;And using secondary the result as authentication result, execute afterwards Authentication result is returned to the operation of business platform.
The uniform authentication method based on Subscriber Identity Module for the present invention and system, pass through in client terminal When WLAN signs in business platform, remain able to provide for business platform and known based on user The authentication service of not other card, thus improve the level of security to client terminal certification.
Brief description
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will The accompanying drawing of required use in embodiment or description of the prior art is briefly described it is clear that Ground, drawings in the following description are only some embodiments of the present invention, the common skill for this area For art personnel, without having to pay creative labor, can also be obtained according to these accompanying drawings Obtain other accompanying drawings.
Fig. 1 is the signal based on one embodiment of uniform authentication method of Subscriber Identity Module for the present invention Figure.
Fig. 2 is that in one embodiment of the invention, certificate server is used according to described authentication information The schematic diagram of family authentication.
Fig. 3 is the schematic diagram based on the Centralized Authentication System of Subscriber Identity Module for the present invention.
Fig. 4 is the schematic diagram of certificate server in one embodiment of the invention.
Fig. 5 is the signal of another embodiment of the uniform authentication method based on Subscriber Identity Module for the present invention Figure.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, to the technical scheme in the embodiment of the present invention It is clearly and completely described it is clear that described embodiment is only present invention part reality Apply example, rather than whole embodiments.Description at least one exemplary embodiment is actual below On be merely illustrative, never as any restriction to the present invention and its application or use.Base Embodiment in the present invention, those of ordinary skill in the art are not making creative work premise Lower obtained every other embodiment, broadly falls into the scope of protection of the invention.
Unless specifically stated otherwise, the part otherwise illustrating in these embodiments is relative with step Arrangement, numerical expression and numerical value do not limit the scope of the invention.
Simultaneously it should be appreciated that for the ease of description, the size of the various pieces shown in accompanying drawing It is not to draw according to actual proportionate relationship.
May not make in detail for technology, method and apparatus known to person of ordinary skill in the relevant Discuss, but in the appropriate case, described technology, method and apparatus should be considered to authorize description A part.
In all examples with discussion shown here, any occurrence should be construed as merely and show Example property, not as restriction.Therefore, the other examples of exemplary embodiment can have not Same value.
It should be noted that:Similar label and letter represent similar terms in following accompanying drawing, therefore, Once being defined in a certain Xiang Yi accompanying drawing, then do not need it is entered to advance in subsequent accompanying drawing One step discussion.
Fig. 1 is the signal based on one embodiment of uniform authentication method of Subscriber Identity Module for the present invention Figure.Preferably, the present embodiment can be executed by the Centralized Authentication System based on Subscriber Identity Module for the present invention. The method comprises the following steps:
Step 101, client terminal passes through WLAN (WLAN), public mobile communication The networks such as net, send logging request to business platform, wherein, client terminal can be stepped on for mobile phone Mobile terminal;Logging request includes the IP address of client terminal and based on Subscriber Identity Module Authentication information.
When client terminal passes through WLAN to business platform transmission logging request, described certification It is nearest that information includes client terminal ID, user's identification card number, Service Ticket and client terminal Once pass through time of public mobile network certification etc..
When user passes through client terminal and Subscriber Identity Module access public mobile network (mobile fortune Battalion's business's network), during with registering service platform, certificate server and client terminal all record login The relevant information of certification, including:Mobile terminal ID, user's identification card number, Service Ticket, recognize The card time.Thus, client terminal record have client terminal ID, user's identification card number, certification with The certification letter such as card and the client terminal the last time by public mobile network certification Breath.
Step 102, business platform extracts described authentication information from the logging request of client terminal, And to certificate server send user authentication request, wherein, business platform can be operator or Third-party business platform, user authentication request includes the IP address of client terminal and described Authentication information.
Step 103, certificate server, according to described authentication information, carries out user to client terminal Authentication, and authentication result is returned to business platform, wherein, authentication result includes client The authenticating user identification by certificate server for the terminal, or the not authenticated service of client terminal The authenticating user identification of device.
Step 104, business platform decides whether the login by client terminal according to authentication result Request.
In one embodiment of the invention, step 104 can include:If client terminal passes through The authenticating user identification of certificate server, then business platform permission client terminal login, otherwise, If the authenticating user identification of the not authenticated server of client terminal, business platform refuses client The logging request of terminal.
The uniform authentication method being provided based on the above embodiment of the present invention, when client terminal passes through no When line LAN signs in business platform, remain able to provide based on user's identification for business platform The authentication service of card, thus, improves the level of security to client terminal certification, can be business Platform provides the authenticated client service of more high safety rank.
In one embodiment of the invention, before step 101, methods described can also be wrapped Include:Client terminal is packaged encryption to the authentication information based on Subscriber Identity Module.
Meanwhile, after step 102, methods described can also include:Certificate server to Authentication information in the certification request of family is decrypted, afterwards execution step 103.
In the described embodiment of the present invention, the authentication information after encryption can only be by public mobile communication The certificate server deciphering of net, does not open to business platform, thereby ensures that Subscriber Identity Module is believed The safety of breath, user's identification card information is not obtained by third party's business platform.
In one embodiment of the invention, user authentication request can also include secondary checking please Ask, the type of secondary checking in secondary checking request, can be included, for example, request sends note Identifying code or digital signature.
By this certificate server according to described authentication information after authenticating user identification, described side Method can also include:Send secondary checking according to secondary checking request to client terminal to require, such as Answer answer or the digital signature information of reserved problem;Certificate server returns according to client terminal The secondary checking information (as answer or the digital signature information of reserved problem) returned, to user Identity carries out secondary checking, and using secondary the result as authentication result, execution afterwards will be recognized The step that card result returns to business platform.
The above embodiment of the present invention, by the secondary checking to user identity, can prevent client In authentication record stolen, thus further increasing the level of security of authenticating user identification.
The uniform authentication method of the above embodiment of the present invention can also be applied to client terminal and pass through Certification during public mobile network registering service platform.
In one embodiment of the invention, if client terminal passes through public mobile network to business Platform send logging request, then described authentication information include client terminal ID, user's identification card number, Service Ticket and authenticated time;Described authenticating user identification is based on subscriber identification card Certification.
Thus, the uniform authentication method based on Subscriber Identity Module for the present invention, goes in visitor When family terminal passes through public mobile network or WLAN registering service platform, it is that business is put down Platform provides the client identity authentication service based on Subscriber Identity Module.
In some embodiments of the invention, the present invention is simultaneously suitable for client terminal by wired network During other non-public mobile radio communication registering service platform such as network, provide to business platform and be based on user The client identity authentication service of identification card.Wherein, client terminal record has client terminal ID, use Family identification card number, Service Ticket and client terminal the last time pass through public mobile network The authentication informations such as the time of certification.
Fig. 2 is that in one embodiment of the invention, certificate server is used according to described authentication information The schematic diagram of family authentication.Preferably, the present embodiment can be executed by the certificate server of the present invention. As shown in Fig. 2 the step 103 in Fig. 1 embodiment can include:
Step 201, certificate server judges whether client terminal is registered to public mobile network. If client terminal is registered to public mobile network and (can be called by public mobile network Mobile terminal), then execution step 202;Otherwise, if client terminal is not registered to the public and moves Communication network (cannot call mobile terminal by public mobile network), then execution step 203.
Step 202, certificate server inquires about the log-on message of public mobile network, and according to The log-on message of the client terminal inquiring, carries out the authenticating user identification based on Subscriber Identity Module. That is, certificate server can be provided and by public mobile network registering service platform identical Authentication service, no longer executes other steps of the present embodiment afterwards.
Step 203, certificate server (forwards according to business platform according to described authentication information The last time is by the authentication information of public mobile network) remember with the certification in certificate server Record carries out verification and compares, and carries out the authenticating user identification based on Subscriber Identity Module authentication record.
By the WiFi equipment of client terminal, WLAN is connected for client terminal, logs in During business platform, prior art can only provide the authentication service based on web, and level of security is low.
The above embodiment of the present invention, passes through WLAN registering service platform for client terminal Scene, if mobile terminal is registered to public mobile network simultaneously, looked into by certificate server Ask the log-on message of public mobile network, the certification based on Subscriber Identity Module for the execution, thus may be used To provide higher certification level of security;If mobile terminal is not registered to public mobile communication Net, then provide the certification based on Subscriber Identity Module authentication record, its safe level by certificate server It is not much higher than the rank of the authentication method based on web, and based on Subscriber Identity Module authenticating party yet The level of security of method is close.
Fig. 3 is the schematic diagram based on the Centralized Authentication System of Subscriber Identity Module for the present invention.As Fig. 3 institute Show, described Centralized Authentication System includes client terminal 301, business platform 302 and authentication service Device 303, wherein:
Client terminal 301, for sending logging request, wherein client eventually to business platform 302 Mobile terminal can be stepped on for mobile phone in end;Logging request includes the IP address of client terminal and based on use The authentication information of family identification card, described authentication information include client terminal ID, user's identification card number, Service Ticket and the client terminal the last time by public mobile network certification etc..
Business platform 302, for extracting described authentication information from the logging request of client terminal, Send user authentication request to certificate server 303, wherein, user authentication request includes visitor The IP address of family terminal and described authentication information;And the certification according to certificate server 303 return Result decides whether the logging request by client terminal 301.
In one embodiment of the invention, business platform 302 is specifically for leading in client terminal Cross certificate server authenticating user identification when it is allowed to client terminal log in;In client terminal not During by the authenticating user identification of certificate server, the logging request of refusal client terminal.
Certificate server 303, carries out authenticating user identification for described authentication information, and will recognize Card result returns to business platform 302.
The Centralized Authentication System being provided based on the above embodiment of the present invention, when client terminal passes through no When line LAN signs in business platform, remain able to provide based on user's identification for business platform The authentication service of card, thus, improves the level of security to client terminal certification, can be business Platform provides the authenticated client service of more high safety rank.
In one embodiment of the invention, client terminal 301 is additionally operable to based on user's identification The authentication information of card is encrypted, and executes afterwards and sends logging request to business platform 302 Operation;The user that certificate server 303 is additionally operable to receiving business platform 302 transmission recognizes After card request, the authentication information in user authentication request is decrypted, executes basis afterwards Described authentication information carries out the operation of authenticating user identification.
In the described embodiment of the present invention, the authentication information after encryption can only be by public mobile communication The certificate server deciphering of net, does not open to business platform, thereby ensures that Subscriber Identity Module is believed The safety of breath, user's identification card information is not obtained by third party's business platform.
In one embodiment of the invention, user authentication request can also include secondary checking please Ask, the type of secondary checking in secondary checking request, can be included, for example, request sends note Identifying code or digital signature.
In one embodiment of the invention, certificate server 303 is additionally operable to recognize in user identity After card passes through, secondary checking is sent to client terminal 301 according to secondary checking request and requires, such as Answer answer or the digital signature information of reserved problem;Two being returned according to client terminal 301 Secondary checking information (as answer or the digital signature information of reserved problem), enters to user identity The secondary checking of row;And using secondary the result as authentication result, execute authentication result afterwards Return to the operation of business platform 302.
The above embodiment of the present invention, by the secondary checking to user identity, can prevent client In authentication record stolen, thus further increasing the level of security of authenticating user identification.
The Centralized Authentication System of the above embodiment of the present invention can also be applied to client terminal to be passed through Certification during public mobile network registering service platform.Wherein, the login that client terminal sends please In asking, described authentication information include client terminal ID, user's identification card number, Service Ticket and Authenticated time;Described authenticating user identification is the certification based on subscriber identification card.
Thus, the Centralized Authentication System based on Subscriber Identity Module for the present invention, goes in visitor When family terminal passes through public mobile network or WLAN registering service platform, it is that business is put down Platform provides the client identity authentication service based on Subscriber Identity Module.
In some embodiments of the invention, the present invention is simultaneously suitable for client terminal by wired network During other non-public mobile radio communication registering service platform such as network, provide to business platform and be based on user The client identity authentication service of identification card.Wherein, client terminal record has client terminal ID, use Family identification card number, Service Ticket and client terminal the last time pass through public mobile network The authentication informations such as the time of certification.
Fig. 4 is the schematic diagram of certificate server in one embodiment of the invention.As shown in figure 4, figure Certificate server 303 in 3 can include enquiry module 401 and authentication module 402, wherein:
Enquiry module 401, for passing through WLAN to business platform in client terminal 301 During 302 transmission logging request, inquire about whether client terminal 301 is registered to public mobile network To public mobile network;And when client terminal is registered to public mobile network, obtain visitor The log-on message of family terminal 301.
Authentication module 402, for the judged result according to enquiry module 401, in client terminal 301 when being registered to public mobile network, and the client being got according to enquiry module 401 is eventually The log-on message at end 301, carries out the authenticating user identification based on Subscriber Identity Module.
In one embodiment of the invention, authentication module 402 can be also used for according to inquiry mould The Query Result of block 401, when client terminal 301 is not registered to public mobile network, root It is compared with the authentication record in certificate server 303 according to described authentication information, be based on The authenticating user identification of Subscriber Identity Module authentication record.
The above embodiment of the present invention, passes through WLAN registering service platform for client terminal Scene, if mobile terminal is registered to public mobile network simultaneously, looked into by certificate server Ask the log-on message of public mobile network, the certification based on Subscriber Identity Module for the execution, thus may be used To provide higher certification level of security;If mobile terminal is not registered to public mobile communication Net, then provide the certification based on Subscriber Identity Module authentication record, its safe level by certificate server It is not much higher than the rank of the authentication method based on web, and based on Subscriber Identity Module authenticating party yet The level of security of method is close.
Fig. 5 is the signal of another embodiment of the uniform authentication method based on Subscriber Identity Module for the present invention Figure.Preferably, the present embodiment can be executed by the Centralized Authentication System based on Subscriber Identity Module for the present invention. The method comprises the following steps:
Step 501, client terminal is packaged encrypting to based on the authentication information of Subscriber Identity Module Process.
Step 502, client terminal passes through WLAN, public mobile network, wired network The networks such as network, send logging request to business platform.Wherein, logging request includes client terminal IP address and encryption after authentication information.
Step 503, extracts client terminal in the logging request that business platform client terminal sends The authentication information based on Subscriber Identity Module after IP address and described encryption.
Step 504, business platform sends user authentication request, wherein, industry to certificate server Business platform can be operator or third-party business platform, and user authentication request includes client The IP address of terminal and described authentication information.
In one embodiment of the invention, user authentication request can also include secondary checking please Ask, the type of secondary checking in secondary checking request, can be included, for example, request sends note Identifying code or digital signature.
Step 505, certificate server is decrypted to the authentication information in user authentication request.
Step 506, certificate server, according to the authentication information after deciphering, is carried out to client terminal Authenticating user identification.
In one embodiment of the invention, if user authentication request includes secondary checking request, Then certificate server according to described authentication information after authenticating user identification, also may be used by methods described To include:Send secondary checking according to secondary checking request to client terminal to require, such as answer pre- Stay answer or the digital signature information of problem;Certificate server returned according to client terminal two Secondary checking information (as answer or the digital signature information of reserved problem), enters to user identity The secondary checking of row, and using secondary the result as authentication result, execution step 507 afterwards.
Step 507, authentication result is returned to business platform, wherein, certification by certificate server Result includes the authenticating user identification by certificate server for the client terminal, or client terminal is not By the authenticating user identification of certificate server.
Step 508, business platform decides whether the login by client terminal according to authentication result Request.
In one embodiment of the invention, step 508 can include:If client terminal passes through The authenticating user identification of certificate server, then business platform permission client terminal login, otherwise, If the authenticating user identification of the not authenticated server of client terminal, business platform refuses client The logging request of terminal.
The uniform authentication method based on Subscriber Identity Module for the present invention and system, can not have user to know Ka not participate in, in the environment of WiFi access authentication, provide based on Subscriber Identity Module for business platform Authentication service;By using technical scheme so that client passes through mobile terminal WiFi signs in although mobile terminal is not registered to mobile network during business platform, and the public moves The certificate server of communication network remains able to provide recognizing based on subscriber card authentication record for business platform Card service, thus can provide the authentication service of high safety rank.
The dress such as client terminal 301 described above, business platform 302 and certificate server 303 Put can be implemented as execute function described herein general processor, FPGA control Device (PLC) processed, digital signal processor (DSP), special IC (ASIC), scene Programmable gate array (FPGA) or other PLDs, discrete gate or transistor Logical device, discrete hardware components or it is arbitrarily appropriately combined.
So far, the present invention is described in detail.In order to avoid covering the design of the present invention, do not have Some details known in the field are described.Those skilled in the art as described above, completely It can be appreciated how implementing technical scheme disclosed herein.
One of ordinary skill in the art will appreciate that realizing all or part of step of above-described embodiment Can be completed it is also possible to the hardware being instructed correlation by program is completed by hardware, described Program can be stored in a kind of computer-readable recording medium, and storage medium mentioned above is permissible It is read only memory, disk or CD etc..
Description of the invention is given for the sake of example and description, and is not exhaustively Or limit the invention to disclosed form.Many modifications and variations are for the common skill of this area It is obvious for art personnel.Select and describe the principle that embodiment is in order to the present invention is more preferably described And practical application, and make those of ordinary skill in the art it will be appreciated that the present invention is thus design is suitable In the various embodiments with various modifications for the special-purpose.

Claims (12)

1. a kind of uniform authentication method based on Subscriber Identity Module is it is characterised in that include:
Client terminal sends logging request to business platform, and wherein, logging request is included based on use The authentication information of family identification card;
Business platform sends user authentication request, wherein, user authentication request to certificate server Include described authentication information;
Certificate server carries out authenticating user identification according to described authentication information, and by authentication result Return to business platform;
Business platform decides whether the logging request by client terminal according to authentication result.
2. method according to claim 1 is it is characterised in that also include:
If client terminal passes through public mobile network sends logging request, institute to business platform State authentication information and include client terminal ID, user's identification card number, Service Ticket and authenticated time; Described authenticating user identification is the certification based on subscriber identification card;
If client terminal passes through WLAN and sends logging request to business platform, described recognize It is nearest that card information includes client terminal ID, user's identification card number, Service Ticket and client terminal Once pass through the time of public mobile network certification.
If 3. method according to claim 1 and 2 is it is characterised in that client terminal leads to Cross WLAN and send logging request to business platform, then certificate server is according to described certification The step that information carries out authenticating user identification includes:
Certificate server judges whether client terminal is registered to public mobile network;
If client terminal is registered to public mobile network, certificate server the inquiry public move The log-on message of communication network, and the log-on message according to the client terminal inquiring, are based on The authenticating user identification of Subscriber Identity Module.
4. method according to claim 3 is it is characterised in that certificate server is according to institute State authentication information and carry out the step of authenticating user identification and also include:
If client terminal is not registered to public mobile network, certificate server is recognized according to described Card information is compared with the authentication record in certificate server, carries out recognizing based on Subscriber Identity Module The authenticating user identification of card record.
5. the method according to any one of claim 1-4 is it is characterised in that also include:
Client terminal is encrypted to the authentication information based on Subscriber Identity Module, executes afterwards The step sending logging request to business platform;
After business platform sends the step of user authentication request to certificate server, described side Method also includes:
Certificate server is decrypted to the authentication information in user authentication request, executes root afterwards The step carrying out authenticating user identification according to described authentication information.
6. the method according to any one of claim 1-5 it is characterised in that
User authentication request includes secondary checking request;
Methods described also includes:Certificate server is recognized by user identity according to described authentication information After card, secondary checking is sent to client terminal according to secondary checking request and requires;
The secondary checking information that certificate server returns according to client terminal, is carried out to user identity Secondary checking, and using secondary the result as authentication result, execute afterwards and authentication result is returned Step back to business platform.
7. a kind of Centralized Authentication System based on Subscriber Identity Module is it is characterised in that include client Terminal, business platform and certificate server, wherein:
Client terminal, for sending logging request to business platform, wherein, logging request includes Authentication information based on Subscriber Identity Module;
Business platform, for sending user authentication request to certificate server, wherein, user recognizes Card request includes described authentication information;And determined according to the authentication result of certificate server return Whether by the logging request of client terminal.
Certificate server, carries out authenticating user identification for described authentication information, and certification is tied Fruit returns to business platform.
8. system according to claim 7 it is characterised in that
If client terminal passes through public mobile network sends logging request, institute to business platform State authentication information and include client terminal ID, user's identification card number, Service Ticket and authenticated time; Described authenticating user identification is the certification based on subscriber identification card;
If client terminal passes through WLAN and sends logging request to business platform, described recognize It is nearest that card information includes client terminal ID, user's identification card number, Service Ticket and client terminal Once pass through the time of public mobile network certification.
9. the system according to claim 7 or 8 is it is characterised in that certificate server bag Include enquiry module and authentication module, wherein:
Enquiry module, sends login for passing through WLAN in client terminal to business platform During request, whether it is registered to public mobile network to public mobile network inquiry client terminal; And when client terminal is registered to public mobile network, obtain the log-on message of client terminal;
Authentication module, for the Query Result according to enquiry module, is registered to public affairs in client terminal During many mobile radio communications, the log-on message of the client terminal being got according to enquiry module, carry out Authenticating user identification based on Subscriber Identity Module.
10. system according to claim 9 it is characterised in that
Authentication module is additionally operable to the Query Result according to enquiry module, is not registered in client terminal During public mobile network, entered with the authentication record in certificate server according to described authentication information Row compares, and carries out the authenticating user identification based on Subscriber Identity Module authentication record.
11. systems according to any one of claim 7-10 it is characterised in that
Client terminal is additionally operable to the authentication information based on Subscriber Identity Module is encrypted, it Execute the operation sending logging request to business platform afterwards;
Certificate server is additionally operable to after receiving the user authentication request of business platform transmission, Authentication information in user authentication request is decrypted, executes afterwards according to described authentication information Carry out the operation of authenticating user identification.
12. systems according to any one of claim 7-11 it is characterised in that
User authentication request includes secondary checking request;
Certificate server is additionally operable to after authenticating user identification passes through, according to secondary checking request to Client terminal sends secondary checking and requires;The secondary checking information being returned according to client terminal is right User identity carries out secondary checking;And using secondary the result as authentication result, execute afterwards Authentication result is returned to the operation of business platform.
CN201510474991.1A 2015-08-06 2015-08-06 Unified authentication method and system based on subscriber identity module card Pending CN106453199A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510474991.1A CN106453199A (en) 2015-08-06 2015-08-06 Unified authentication method and system based on subscriber identity module card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510474991.1A CN106453199A (en) 2015-08-06 2015-08-06 Unified authentication method and system based on subscriber identity module card

Publications (1)

Publication Number Publication Date
CN106453199A true CN106453199A (en) 2017-02-22

Family

ID=58092333

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510474991.1A Pending CN106453199A (en) 2015-08-06 2015-08-06 Unified authentication method and system based on subscriber identity module card

Country Status (1)

Country Link
CN (1) CN106453199A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109587098A (en) * 2017-09-29 2019-04-05 阿里巴巴集团控股有限公司 A kind of Verification System and method, authorization server
CN113347179A (en) * 2021-05-28 2021-09-03 世纪龙信息网络有限责任公司 Authentication server, card authentication system, secret-free authentication method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1849003A (en) * 2005-07-21 2006-10-18 华为技术有限公司 Method for right discrimination to user
CN101990204A (en) * 2009-08-07 2011-03-23 中国移动通信集团公司 Method and device for accessing service by using card inserted terminal
US8369831B2 (en) * 2009-02-03 2013-02-05 Broadcom Corporation Single operator, single SIM, single billing entity supporting simultaneous use of multi-radio device and/or phone
CN103052064A (en) * 2011-10-13 2013-04-17 中国移动通信集团公司 Method, equipment and system for accessing private services of operator

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1849003A (en) * 2005-07-21 2006-10-18 华为技术有限公司 Method for right discrimination to user
US8369831B2 (en) * 2009-02-03 2013-02-05 Broadcom Corporation Single operator, single SIM, single billing entity supporting simultaneous use of multi-radio device and/or phone
CN101990204A (en) * 2009-08-07 2011-03-23 中国移动通信集团公司 Method and device for accessing service by using card inserted terminal
CN103052064A (en) * 2011-10-13 2013-04-17 中国移动通信集团公司 Method, equipment and system for accessing private services of operator

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109587098A (en) * 2017-09-29 2019-04-05 阿里巴巴集团控股有限公司 A kind of Verification System and method, authorization server
CN109587098B (en) * 2017-09-29 2022-04-08 阿里巴巴集团控股有限公司 Authentication system and method, and authorization server
CN113347179A (en) * 2021-05-28 2021-09-03 世纪龙信息网络有限责任公司 Authentication server, card authentication system, secret-free authentication method and system

Similar Documents

Publication Publication Date Title
KR102466166B1 (en) Processing electronic tokens
CN104519020B (en) Manage method, server and the system of wireless network login password sharing function
CN103249045B (en) A kind of methods, devices and systems of identification
CN106559783B (en) Authentication method, device and system for WIFI network
CN110266642A (en) Identity identifying method and server, electronic equipment
CN104270250B (en) WiFi internets online connection authentication method based on asymmetric whole encryption
CN103905194B (en) Identity traceability authentication method and system
US11337067B2 (en) Systems and methods for providing wireless access security by interrogation
CN107026813A (en) Access authentication method, system and the portal server of WiFi network
CN105721412A (en) Method and device for authenticating identity between multiple systems
CN110266656A (en) Exempt from close authenticating identity recognition methods, device and computer equipment
CN111800377B (en) Mobile terminal identity authentication system based on safe multi-party calculation
CN107277812A (en) A kind of wireless network authentication method and system based on Quick Response Code
CN104469736B (en) A kind of data processing method, server and terminal
CN106302332A (en) The access control method of user data, Apparatus and system
CN105813072A (en) Terminal authentication method, system and cloud server
CN109561429A (en) A kind of method for authenticating and equipment
CN106304264A (en) A kind of wireless network access method and device
CN106559785A (en) Authentication method, equipment and system and access device and terminal
CN107846676A (en) Safety communicating method and system based on network section security architecture
CN107659935A (en) A kind of authentication method, certificate server, network management system and Verification System
CN110278084B (en) eID establishing method, related device and system
CN107786978B (en) NFC authentication system based on quantum encryption
CN106453199A (en) Unified authentication method and system based on subscriber identity module card
CN105873035A (en) Safe AP (access point) information processing method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170222

RJ01 Rejection of invention patent application after publication