CN106453199A - Unified authentication method and system based on subscriber identity module card - Google Patents
Unified authentication method and system based on subscriber identity module card Download PDFInfo
- Publication number
- CN106453199A CN106453199A CN201510474991.1A CN201510474991A CN106453199A CN 106453199 A CN106453199 A CN 106453199A CN 201510474991 A CN201510474991 A CN 201510474991A CN 106453199 A CN106453199 A CN 106453199A
- Authority
- CN
- China
- Prior art keywords
- client terminal
- authentication
- business platform
- request
- certificate server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
Abstract
The invention discloses a unified authentication method and system based on a subscriber identity module card. The method comprises the steps that a client terminal sends a logging-in request to a business platform, wherein the logging-in request comprises the authentication information based on the subscriber identity module card; the business platform transmits a subscriber authentication request to an authentication server, wherein the subscriber authentication request comprises the authentication information; the authentication server carries out the authentication of the identity of a subscriber according to the authentication information, and returns an authentication result to the business platform; and the business platform decides whether to pass the logging-in request of the client terminal or not according to the authentication result. According to the invention, when the client terminal logs in the business platform through a wireless local area network, the authentication service based on the subscriber identity module card can still be provided for the business platform, thereby improving the safety level of the authentication of the client terminal.
Description
Technical field
The present invention relates to internet arena, recognized based on the unification of Subscriber Identity Module particularly to a kind of
Card method and system.
Background technology
At present, be disclosure satisfy that based on the uniform authentication method of Subscriber Identity Module (abbreviation subscriber card)
Client accesses mobile operator network (2G/3G/4G), registering service platform by mobile terminal
High safety rank authentication requesting, its safety is by based on Subscriber Identity Module and public mobile communication
The Verification System of net is ensured.Its principle is, when the user that client is passed through in mobile terminal knows
When other clamping enters public mobile network, public mobile network will be to Subscriber Identity Module and signing industry
Service type is authenticated, and 4G Subscriber Identity Module is then authenticated to public mobile network simultaneously,
Realize the two-way authentication of more high safety rank.When business platform receives the service request of client
When, send certification request to the certificate server of public mobile network operator, the public is mobile logical
The certificate server of letter network operation business passes back through the confirmation of certification to business platform.
But, when client does not pass through public mobile network, but by mobile terminal
When WiFi is connected to business platform, due to Subscriber Identity Module and public mobile network and be not involved in
Above-mentioned login process, public mobile network does not grasp the login behavior of mobile terminal and related letter
Breath, also just cannot provide the certification clothes based on public mobile network access authentication for business platform
Business.Client in the WiFi access service platform by mobile terminal, in mobile terminal even
Subscriber Identity Module can be not inserted into.
Content of the invention
A kind of in view of above technical problem, the invention provides unified certification based on Subscriber Identity Module
Method and system, when client terminal signs in business platform by WLAN, authentication service
Device remains able to provide the authentication service of high safety rank for business platform.
According to an aspect of the present invention, provide a kind of unified certification side based on Subscriber Identity Module
Method, including:
Client terminal sends logging request to business platform, and wherein, logging request is included based on use
The authentication information of family identification card;
Business platform sends user authentication request, wherein, user authentication request to certificate server
Include described authentication information;
Certificate server carries out authenticating user identification according to described authentication information, and by authentication result
Return to business platform;
Business platform decides whether the logging request by client terminal according to authentication result.
In one embodiment of the invention, methods described also includes:If client terminal passes through public affairs
Many mobile radio communications send logging request to business platform, then described authentication information includes client eventually
End ID, user's identification card number, Service Ticket and authenticated time;Described authenticating user identification is
Certification based on subscriber identification card;
If client terminal passes through WLAN and sends logging request to business platform, described recognize
It is nearest that card information includes client terminal ID, user's identification card number, Service Ticket and client terminal
Once pass through the time of public mobile network certification.
In one embodiment of the invention, if client terminal passes through WLAN and puts down to business
Platform sends logging request, then certificate server carries out authenticating user identification according to described authentication information
Step include:
Certificate server judges whether client terminal is registered to public mobile network;
If client terminal is registered to public mobile network, certificate server the inquiry public move
The log-on message of communication network, and the log-on message according to the client terminal inquiring, are based on
The authenticating user identification of Subscriber Identity Module.
In one embodiment of the invention, certificate server is used according to described authentication information
The step of family authentication also includes:
If client terminal is not registered to public mobile network, certificate server is recognized according to described
Card information is compared with the authentication record in certificate server, carries out recognizing based on Subscriber Identity Module
The authenticating user identification of card record.
In one embodiment of the invention, methods described also includes:
Client terminal is encrypted to the authentication information based on Subscriber Identity Module, executes afterwards
The step sending logging request to business platform;
After business platform sends the step of user authentication request to certificate server, described side
Method also includes:
Certificate server is decrypted to the authentication information in user authentication request, executes root afterwards
The step carrying out authenticating user identification according to described authentication information.
In one embodiment of the invention, user authentication request includes secondary checking request;
Methods described also includes:Certificate server is recognized by user identity according to described authentication information
After card, secondary checking is sent to client terminal according to secondary checking request and requires;
The secondary checking information that certificate server returns according to client terminal, is carried out to user identity
Secondary checking, and using secondary the result as authentication result, execute afterwards and authentication result is returned
Step back to business platform.
According to a further aspect in the invention, provide a kind of unified certification system based on Subscriber Identity Module
System, including client terminal, business platform and certificate server, wherein:
Client terminal, for sending logging request to business platform, wherein, logging request includes
Authentication information based on Subscriber Identity Module;
Business platform, for sending user authentication request to certificate server, wherein, user recognizes
Card request includes described authentication information;And determined according to the authentication result of certificate server return
Whether by the logging request of client terminal.
Certificate server, carries out authenticating user identification for described authentication information, and certification is tied
Fruit returns to business platform.
In one embodiment of the invention, if client terminal passes through public mobile network to industry
Business platform sends logging request, then described authentication information includes client terminal ID, Subscriber Identity Module
Number, Service Ticket and authenticated time;Described authenticating user identification is based on user identity identification
The certification of card;
If client terminal passes through WLAN and sends logging request to business platform, described recognize
It is nearest that card information includes client terminal ID, user's identification card number, Service Ticket and client terminal
Once pass through the time of public mobile network certification.
In one embodiment of the invention, certificate server includes enquiry module and authentication module,
Wherein:
Enquiry module, sends login for passing through WLAN in client terminal to business platform
During request, whether it is registered to public mobile network to public mobile network inquiry client terminal;
And when client terminal is registered to public mobile network, obtain the log-on message of client terminal;
Authentication module, for the Query Result according to enquiry module, is registered to public affairs in client terminal
During many mobile radio communications, the log-on message of the client terminal being got according to enquiry module, carry out
Authenticating user identification based on Subscriber Identity Module.
In one embodiment of the invention, authentication module is additionally operable to the inquiry according to enquiry module
As a result, when client terminal is not registered to public mobile network, according to described authentication information with
Authentication record in certificate server is compared, and carries out based on Subscriber Identity Module authentication record
Authenticating user identification.
In one embodiment of the invention, client terminal is additionally operable to based on Subscriber Identity Module
Authentication information is encrypted, and executes the operation sending logging request to business platform afterwards;
Certificate server is additionally operable to after receiving the user authentication request of business platform transmission,
Authentication information in user authentication request is decrypted, executes afterwards according to described authentication information
Carry out the operation of authenticating user identification.
In one embodiment of the invention, user authentication request includes secondary checking request;
Certificate server is additionally operable to after authenticating user identification passes through, according to secondary checking request to
Client terminal sends secondary checking and requires;The secondary checking information being returned according to client terminal is right
User identity carries out secondary checking;And using secondary the result as authentication result, execute afterwards
Authentication result is returned to the operation of business platform.
The uniform authentication method based on Subscriber Identity Module for the present invention and system, pass through in client terminal
When WLAN signs in business platform, remain able to provide for business platform and known based on user
The authentication service of not other card, thus improve the level of security to client terminal certification.
Brief description
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will
The accompanying drawing of required use in embodiment or description of the prior art is briefly described it is clear that
Ground, drawings in the following description are only some embodiments of the present invention, the common skill for this area
For art personnel, without having to pay creative labor, can also be obtained according to these accompanying drawings
Obtain other accompanying drawings.
Fig. 1 is the signal based on one embodiment of uniform authentication method of Subscriber Identity Module for the present invention
Figure.
Fig. 2 is that in one embodiment of the invention, certificate server is used according to described authentication information
The schematic diagram of family authentication.
Fig. 3 is the schematic diagram based on the Centralized Authentication System of Subscriber Identity Module for the present invention.
Fig. 4 is the schematic diagram of certificate server in one embodiment of the invention.
Fig. 5 is the signal of another embodiment of the uniform authentication method based on Subscriber Identity Module for the present invention
Figure.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, to the technical scheme in the embodiment of the present invention
It is clearly and completely described it is clear that described embodiment is only present invention part reality
Apply example, rather than whole embodiments.Description at least one exemplary embodiment is actual below
On be merely illustrative, never as any restriction to the present invention and its application or use.Base
Embodiment in the present invention, those of ordinary skill in the art are not making creative work premise
Lower obtained every other embodiment, broadly falls into the scope of protection of the invention.
Unless specifically stated otherwise, the part otherwise illustrating in these embodiments is relative with step
Arrangement, numerical expression and numerical value do not limit the scope of the invention.
Simultaneously it should be appreciated that for the ease of description, the size of the various pieces shown in accompanying drawing
It is not to draw according to actual proportionate relationship.
May not make in detail for technology, method and apparatus known to person of ordinary skill in the relevant
Discuss, but in the appropriate case, described technology, method and apparatus should be considered to authorize description
A part.
In all examples with discussion shown here, any occurrence should be construed as merely and show
Example property, not as restriction.Therefore, the other examples of exemplary embodiment can have not
Same value.
It should be noted that:Similar label and letter represent similar terms in following accompanying drawing, therefore,
Once being defined in a certain Xiang Yi accompanying drawing, then do not need it is entered to advance in subsequent accompanying drawing
One step discussion.
Fig. 1 is the signal based on one embodiment of uniform authentication method of Subscriber Identity Module for the present invention
Figure.Preferably, the present embodiment can be executed by the Centralized Authentication System based on Subscriber Identity Module for the present invention.
The method comprises the following steps:
Step 101, client terminal passes through WLAN (WLAN), public mobile communication
The networks such as net, send logging request to business platform, wherein, client terminal can be stepped on for mobile phone
Mobile terminal;Logging request includes the IP address of client terminal and based on Subscriber Identity Module
Authentication information.
When client terminal passes through WLAN to business platform transmission logging request, described certification
It is nearest that information includes client terminal ID, user's identification card number, Service Ticket and client terminal
Once pass through time of public mobile network certification etc..
When user passes through client terminal and Subscriber Identity Module access public mobile network (mobile fortune
Battalion's business's network), during with registering service platform, certificate server and client terminal all record login
The relevant information of certification, including:Mobile terminal ID, user's identification card number, Service Ticket, recognize
The card time.Thus, client terminal record have client terminal ID, user's identification card number, certification with
The certification letter such as card and the client terminal the last time by public mobile network certification
Breath.
Step 102, business platform extracts described authentication information from the logging request of client terminal,
And to certificate server send user authentication request, wherein, business platform can be operator or
Third-party business platform, user authentication request includes the IP address of client terminal and described
Authentication information.
Step 103, certificate server, according to described authentication information, carries out user to client terminal
Authentication, and authentication result is returned to business platform, wherein, authentication result includes client
The authenticating user identification by certificate server for the terminal, or the not authenticated service of client terminal
The authenticating user identification of device.
Step 104, business platform decides whether the login by client terminal according to authentication result
Request.
In one embodiment of the invention, step 104 can include:If client terminal passes through
The authenticating user identification of certificate server, then business platform permission client terminal login, otherwise,
If the authenticating user identification of the not authenticated server of client terminal, business platform refuses client
The logging request of terminal.
The uniform authentication method being provided based on the above embodiment of the present invention, when client terminal passes through no
When line LAN signs in business platform, remain able to provide based on user's identification for business platform
The authentication service of card, thus, improves the level of security to client terminal certification, can be business
Platform provides the authenticated client service of more high safety rank.
In one embodiment of the invention, before step 101, methods described can also be wrapped
Include:Client terminal is packaged encryption to the authentication information based on Subscriber Identity Module.
Meanwhile, after step 102, methods described can also include:Certificate server to
Authentication information in the certification request of family is decrypted, afterwards execution step 103.
In the described embodiment of the present invention, the authentication information after encryption can only be by public mobile communication
The certificate server deciphering of net, does not open to business platform, thereby ensures that Subscriber Identity Module is believed
The safety of breath, user's identification card information is not obtained by third party's business platform.
In one embodiment of the invention, user authentication request can also include secondary checking please
Ask, the type of secondary checking in secondary checking request, can be included, for example, request sends note
Identifying code or digital signature.
By this certificate server according to described authentication information after authenticating user identification, described side
Method can also include:Send secondary checking according to secondary checking request to client terminal to require, such as
Answer answer or the digital signature information of reserved problem;Certificate server returns according to client terminal
The secondary checking information (as answer or the digital signature information of reserved problem) returned, to user
Identity carries out secondary checking, and using secondary the result as authentication result, execution afterwards will be recognized
The step that card result returns to business platform.
The above embodiment of the present invention, by the secondary checking to user identity, can prevent client
In authentication record stolen, thus further increasing the level of security of authenticating user identification.
The uniform authentication method of the above embodiment of the present invention can also be applied to client terminal and pass through
Certification during public mobile network registering service platform.
In one embodiment of the invention, if client terminal passes through public mobile network to business
Platform send logging request, then described authentication information include client terminal ID, user's identification card number,
Service Ticket and authenticated time;Described authenticating user identification is based on subscriber identification card
Certification.
Thus, the uniform authentication method based on Subscriber Identity Module for the present invention, goes in visitor
When family terminal passes through public mobile network or WLAN registering service platform, it is that business is put down
Platform provides the client identity authentication service based on Subscriber Identity Module.
In some embodiments of the invention, the present invention is simultaneously suitable for client terminal by wired network
During other non-public mobile radio communication registering service platform such as network, provide to business platform and be based on user
The client identity authentication service of identification card.Wherein, client terminal record has client terminal ID, use
Family identification card number, Service Ticket and client terminal the last time pass through public mobile network
The authentication informations such as the time of certification.
Fig. 2 is that in one embodiment of the invention, certificate server is used according to described authentication information
The schematic diagram of family authentication.Preferably, the present embodiment can be executed by the certificate server of the present invention.
As shown in Fig. 2 the step 103 in Fig. 1 embodiment can include:
Step 201, certificate server judges whether client terminal is registered to public mobile network.
If client terminal is registered to public mobile network and (can be called by public mobile network
Mobile terminal), then execution step 202;Otherwise, if client terminal is not registered to the public and moves
Communication network (cannot call mobile terminal by public mobile network), then execution step 203.
Step 202, certificate server inquires about the log-on message of public mobile network, and according to
The log-on message of the client terminal inquiring, carries out the authenticating user identification based on Subscriber Identity Module.
That is, certificate server can be provided and by public mobile network registering service platform identical
Authentication service, no longer executes other steps of the present embodiment afterwards.
Step 203, certificate server (forwards according to business platform according to described authentication information
The last time is by the authentication information of public mobile network) remember with the certification in certificate server
Record carries out verification and compares, and carries out the authenticating user identification based on Subscriber Identity Module authentication record.
By the WiFi equipment of client terminal, WLAN is connected for client terminal, logs in
During business platform, prior art can only provide the authentication service based on web, and level of security is low.
The above embodiment of the present invention, passes through WLAN registering service platform for client terminal
Scene, if mobile terminal is registered to public mobile network simultaneously, looked into by certificate server
Ask the log-on message of public mobile network, the certification based on Subscriber Identity Module for the execution, thus may be used
To provide higher certification level of security;If mobile terminal is not registered to public mobile communication
Net, then provide the certification based on Subscriber Identity Module authentication record, its safe level by certificate server
It is not much higher than the rank of the authentication method based on web, and based on Subscriber Identity Module authenticating party yet
The level of security of method is close.
Fig. 3 is the schematic diagram based on the Centralized Authentication System of Subscriber Identity Module for the present invention.As Fig. 3 institute
Show, described Centralized Authentication System includes client terminal 301, business platform 302 and authentication service
Device 303, wherein:
Client terminal 301, for sending logging request, wherein client eventually to business platform 302
Mobile terminal can be stepped on for mobile phone in end;Logging request includes the IP address of client terminal and based on use
The authentication information of family identification card, described authentication information include client terminal ID, user's identification card number,
Service Ticket and the client terminal the last time by public mobile network certification etc..
Business platform 302, for extracting described authentication information from the logging request of client terminal,
Send user authentication request to certificate server 303, wherein, user authentication request includes visitor
The IP address of family terminal and described authentication information;And the certification according to certificate server 303 return
Result decides whether the logging request by client terminal 301.
In one embodiment of the invention, business platform 302 is specifically for leading in client terminal
Cross certificate server authenticating user identification when it is allowed to client terminal log in;In client terminal not
During by the authenticating user identification of certificate server, the logging request of refusal client terminal.
Certificate server 303, carries out authenticating user identification for described authentication information, and will recognize
Card result returns to business platform 302.
The Centralized Authentication System being provided based on the above embodiment of the present invention, when client terminal passes through no
When line LAN signs in business platform, remain able to provide based on user's identification for business platform
The authentication service of card, thus, improves the level of security to client terminal certification, can be business
Platform provides the authenticated client service of more high safety rank.
In one embodiment of the invention, client terminal 301 is additionally operable to based on user's identification
The authentication information of card is encrypted, and executes afterwards and sends logging request to business platform 302
Operation;The user that certificate server 303 is additionally operable to receiving business platform 302 transmission recognizes
After card request, the authentication information in user authentication request is decrypted, executes basis afterwards
Described authentication information carries out the operation of authenticating user identification.
In the described embodiment of the present invention, the authentication information after encryption can only be by public mobile communication
The certificate server deciphering of net, does not open to business platform, thereby ensures that Subscriber Identity Module is believed
The safety of breath, user's identification card information is not obtained by third party's business platform.
In one embodiment of the invention, user authentication request can also include secondary checking please
Ask, the type of secondary checking in secondary checking request, can be included, for example, request sends note
Identifying code or digital signature.
In one embodiment of the invention, certificate server 303 is additionally operable to recognize in user identity
After card passes through, secondary checking is sent to client terminal 301 according to secondary checking request and requires, such as
Answer answer or the digital signature information of reserved problem;Two being returned according to client terminal 301
Secondary checking information (as answer or the digital signature information of reserved problem), enters to user identity
The secondary checking of row;And using secondary the result as authentication result, execute authentication result afterwards
Return to the operation of business platform 302.
The above embodiment of the present invention, by the secondary checking to user identity, can prevent client
In authentication record stolen, thus further increasing the level of security of authenticating user identification.
The Centralized Authentication System of the above embodiment of the present invention can also be applied to client terminal to be passed through
Certification during public mobile network registering service platform.Wherein, the login that client terminal sends please
In asking, described authentication information include client terminal ID, user's identification card number, Service Ticket and
Authenticated time;Described authenticating user identification is the certification based on subscriber identification card.
Thus, the Centralized Authentication System based on Subscriber Identity Module for the present invention, goes in visitor
When family terminal passes through public mobile network or WLAN registering service platform, it is that business is put down
Platform provides the client identity authentication service based on Subscriber Identity Module.
In some embodiments of the invention, the present invention is simultaneously suitable for client terminal by wired network
During other non-public mobile radio communication registering service platform such as network, provide to business platform and be based on user
The client identity authentication service of identification card.Wherein, client terminal record has client terminal ID, use
Family identification card number, Service Ticket and client terminal the last time pass through public mobile network
The authentication informations such as the time of certification.
Fig. 4 is the schematic diagram of certificate server in one embodiment of the invention.As shown in figure 4, figure
Certificate server 303 in 3 can include enquiry module 401 and authentication module 402, wherein:
Enquiry module 401, for passing through WLAN to business platform in client terminal 301
During 302 transmission logging request, inquire about whether client terminal 301 is registered to public mobile network
To public mobile network;And when client terminal is registered to public mobile network, obtain visitor
The log-on message of family terminal 301.
Authentication module 402, for the judged result according to enquiry module 401, in client terminal
301 when being registered to public mobile network, and the client being got according to enquiry module 401 is eventually
The log-on message at end 301, carries out the authenticating user identification based on Subscriber Identity Module.
In one embodiment of the invention, authentication module 402 can be also used for according to inquiry mould
The Query Result of block 401, when client terminal 301 is not registered to public mobile network, root
It is compared with the authentication record in certificate server 303 according to described authentication information, be based on
The authenticating user identification of Subscriber Identity Module authentication record.
The above embodiment of the present invention, passes through WLAN registering service platform for client terminal
Scene, if mobile terminal is registered to public mobile network simultaneously, looked into by certificate server
Ask the log-on message of public mobile network, the certification based on Subscriber Identity Module for the execution, thus may be used
To provide higher certification level of security;If mobile terminal is not registered to public mobile communication
Net, then provide the certification based on Subscriber Identity Module authentication record, its safe level by certificate server
It is not much higher than the rank of the authentication method based on web, and based on Subscriber Identity Module authenticating party yet
The level of security of method is close.
Fig. 5 is the signal of another embodiment of the uniform authentication method based on Subscriber Identity Module for the present invention
Figure.Preferably, the present embodiment can be executed by the Centralized Authentication System based on Subscriber Identity Module for the present invention.
The method comprises the following steps:
Step 501, client terminal is packaged encrypting to based on the authentication information of Subscriber Identity Module
Process.
Step 502, client terminal passes through WLAN, public mobile network, wired network
The networks such as network, send logging request to business platform.Wherein, logging request includes client terminal
IP address and encryption after authentication information.
Step 503, extracts client terminal in the logging request that business platform client terminal sends
The authentication information based on Subscriber Identity Module after IP address and described encryption.
Step 504, business platform sends user authentication request, wherein, industry to certificate server
Business platform can be operator or third-party business platform, and user authentication request includes client
The IP address of terminal and described authentication information.
In one embodiment of the invention, user authentication request can also include secondary checking please
Ask, the type of secondary checking in secondary checking request, can be included, for example, request sends note
Identifying code or digital signature.
Step 505, certificate server is decrypted to the authentication information in user authentication request.
Step 506, certificate server, according to the authentication information after deciphering, is carried out to client terminal
Authenticating user identification.
In one embodiment of the invention, if user authentication request includes secondary checking request,
Then certificate server according to described authentication information after authenticating user identification, also may be used by methods described
To include:Send secondary checking according to secondary checking request to client terminal to require, such as answer pre-
Stay answer or the digital signature information of problem;Certificate server returned according to client terminal two
Secondary checking information (as answer or the digital signature information of reserved problem), enters to user identity
The secondary checking of row, and using secondary the result as authentication result, execution step 507 afterwards.
Step 507, authentication result is returned to business platform, wherein, certification by certificate server
Result includes the authenticating user identification by certificate server for the client terminal, or client terminal is not
By the authenticating user identification of certificate server.
Step 508, business platform decides whether the login by client terminal according to authentication result
Request.
In one embodiment of the invention, step 508 can include:If client terminal passes through
The authenticating user identification of certificate server, then business platform permission client terminal login, otherwise,
If the authenticating user identification of the not authenticated server of client terminal, business platform refuses client
The logging request of terminal.
The uniform authentication method based on Subscriber Identity Module for the present invention and system, can not have user to know
Ka not participate in, in the environment of WiFi access authentication, provide based on Subscriber Identity Module for business platform
Authentication service;By using technical scheme so that client passes through mobile terminal
WiFi signs in although mobile terminal is not registered to mobile network during business platform, and the public moves
The certificate server of communication network remains able to provide recognizing based on subscriber card authentication record for business platform
Card service, thus can provide the authentication service of high safety rank.
The dress such as client terminal 301 described above, business platform 302 and certificate server 303
Put can be implemented as execute function described herein general processor, FPGA control
Device (PLC) processed, digital signal processor (DSP), special IC (ASIC), scene
Programmable gate array (FPGA) or other PLDs, discrete gate or transistor
Logical device, discrete hardware components or it is arbitrarily appropriately combined.
So far, the present invention is described in detail.In order to avoid covering the design of the present invention, do not have
Some details known in the field are described.Those skilled in the art as described above, completely
It can be appreciated how implementing technical scheme disclosed herein.
One of ordinary skill in the art will appreciate that realizing all or part of step of above-described embodiment
Can be completed it is also possible to the hardware being instructed correlation by program is completed by hardware, described
Program can be stored in a kind of computer-readable recording medium, and storage medium mentioned above is permissible
It is read only memory, disk or CD etc..
Description of the invention is given for the sake of example and description, and is not exhaustively
Or limit the invention to disclosed form.Many modifications and variations are for the common skill of this area
It is obvious for art personnel.Select and describe the principle that embodiment is in order to the present invention is more preferably described
And practical application, and make those of ordinary skill in the art it will be appreciated that the present invention is thus design is suitable
In the various embodiments with various modifications for the special-purpose.
Claims (12)
1. a kind of uniform authentication method based on Subscriber Identity Module is it is characterised in that include:
Client terminal sends logging request to business platform, and wherein, logging request is included based on use
The authentication information of family identification card;
Business platform sends user authentication request, wherein, user authentication request to certificate server
Include described authentication information;
Certificate server carries out authenticating user identification according to described authentication information, and by authentication result
Return to business platform;
Business platform decides whether the logging request by client terminal according to authentication result.
2. method according to claim 1 is it is characterised in that also include:
If client terminal passes through public mobile network sends logging request, institute to business platform
State authentication information and include client terminal ID, user's identification card number, Service Ticket and authenticated time;
Described authenticating user identification is the certification based on subscriber identification card;
If client terminal passes through WLAN and sends logging request to business platform, described recognize
It is nearest that card information includes client terminal ID, user's identification card number, Service Ticket and client terminal
Once pass through the time of public mobile network certification.
If 3. method according to claim 1 and 2 is it is characterised in that client terminal leads to
Cross WLAN and send logging request to business platform, then certificate server is according to described certification
The step that information carries out authenticating user identification includes:
Certificate server judges whether client terminal is registered to public mobile network;
If client terminal is registered to public mobile network, certificate server the inquiry public move
The log-on message of communication network, and the log-on message according to the client terminal inquiring, are based on
The authenticating user identification of Subscriber Identity Module.
4. method according to claim 3 is it is characterised in that certificate server is according to institute
State authentication information and carry out the step of authenticating user identification and also include:
If client terminal is not registered to public mobile network, certificate server is recognized according to described
Card information is compared with the authentication record in certificate server, carries out recognizing based on Subscriber Identity Module
The authenticating user identification of card record.
5. the method according to any one of claim 1-4 is it is characterised in that also include:
Client terminal is encrypted to the authentication information based on Subscriber Identity Module, executes afterwards
The step sending logging request to business platform;
After business platform sends the step of user authentication request to certificate server, described side
Method also includes:
Certificate server is decrypted to the authentication information in user authentication request, executes root afterwards
The step carrying out authenticating user identification according to described authentication information.
6. the method according to any one of claim 1-5 it is characterised in that
User authentication request includes secondary checking request;
Methods described also includes:Certificate server is recognized by user identity according to described authentication information
After card, secondary checking is sent to client terminal according to secondary checking request and requires;
The secondary checking information that certificate server returns according to client terminal, is carried out to user identity
Secondary checking, and using secondary the result as authentication result, execute afterwards and authentication result is returned
Step back to business platform.
7. a kind of Centralized Authentication System based on Subscriber Identity Module is it is characterised in that include client
Terminal, business platform and certificate server, wherein:
Client terminal, for sending logging request to business platform, wherein, logging request includes
Authentication information based on Subscriber Identity Module;
Business platform, for sending user authentication request to certificate server, wherein, user recognizes
Card request includes described authentication information;And determined according to the authentication result of certificate server return
Whether by the logging request of client terminal.
Certificate server, carries out authenticating user identification for described authentication information, and certification is tied
Fruit returns to business platform.
8. system according to claim 7 it is characterised in that
If client terminal passes through public mobile network sends logging request, institute to business platform
State authentication information and include client terminal ID, user's identification card number, Service Ticket and authenticated time;
Described authenticating user identification is the certification based on subscriber identification card;
If client terminal passes through WLAN and sends logging request to business platform, described recognize
It is nearest that card information includes client terminal ID, user's identification card number, Service Ticket and client terminal
Once pass through the time of public mobile network certification.
9. the system according to claim 7 or 8 is it is characterised in that certificate server bag
Include enquiry module and authentication module, wherein:
Enquiry module, sends login for passing through WLAN in client terminal to business platform
During request, whether it is registered to public mobile network to public mobile network inquiry client terminal;
And when client terminal is registered to public mobile network, obtain the log-on message of client terminal;
Authentication module, for the Query Result according to enquiry module, is registered to public affairs in client terminal
During many mobile radio communications, the log-on message of the client terminal being got according to enquiry module, carry out
Authenticating user identification based on Subscriber Identity Module.
10. system according to claim 9 it is characterised in that
Authentication module is additionally operable to the Query Result according to enquiry module, is not registered in client terminal
During public mobile network, entered with the authentication record in certificate server according to described authentication information
Row compares, and carries out the authenticating user identification based on Subscriber Identity Module authentication record.
11. systems according to any one of claim 7-10 it is characterised in that
Client terminal is additionally operable to the authentication information based on Subscriber Identity Module is encrypted, it
Execute the operation sending logging request to business platform afterwards;
Certificate server is additionally operable to after receiving the user authentication request of business platform transmission,
Authentication information in user authentication request is decrypted, executes afterwards according to described authentication information
Carry out the operation of authenticating user identification.
12. systems according to any one of claim 7-11 it is characterised in that
User authentication request includes secondary checking request;
Certificate server is additionally operable to after authenticating user identification passes through, according to secondary checking request to
Client terminal sends secondary checking and requires;The secondary checking information being returned according to client terminal is right
User identity carries out secondary checking;And using secondary the result as authentication result, execute afterwards
Authentication result is returned to the operation of business platform.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510474991.1A CN106453199A (en) | 2015-08-06 | 2015-08-06 | Unified authentication method and system based on subscriber identity module card |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510474991.1A CN106453199A (en) | 2015-08-06 | 2015-08-06 | Unified authentication method and system based on subscriber identity module card |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106453199A true CN106453199A (en) | 2017-02-22 |
Family
ID=58092333
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510474991.1A Pending CN106453199A (en) | 2015-08-06 | 2015-08-06 | Unified authentication method and system based on subscriber identity module card |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106453199A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109587098A (en) * | 2017-09-29 | 2019-04-05 | 阿里巴巴集团控股有限公司 | A kind of Verification System and method, authorization server |
CN113347179A (en) * | 2021-05-28 | 2021-09-03 | 世纪龙信息网络有限责任公司 | Authentication server, card authentication system, secret-free authentication method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1849003A (en) * | 2005-07-21 | 2006-10-18 | 华为技术有限公司 | Method for right discrimination to user |
CN101990204A (en) * | 2009-08-07 | 2011-03-23 | 中国移动通信集团公司 | Method and device for accessing service by using card inserted terminal |
US8369831B2 (en) * | 2009-02-03 | 2013-02-05 | Broadcom Corporation | Single operator, single SIM, single billing entity supporting simultaneous use of multi-radio device and/or phone |
CN103052064A (en) * | 2011-10-13 | 2013-04-17 | 中国移动通信集团公司 | Method, equipment and system for accessing private services of operator |
-
2015
- 2015-08-06 CN CN201510474991.1A patent/CN106453199A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1849003A (en) * | 2005-07-21 | 2006-10-18 | 华为技术有限公司 | Method for right discrimination to user |
US8369831B2 (en) * | 2009-02-03 | 2013-02-05 | Broadcom Corporation | Single operator, single SIM, single billing entity supporting simultaneous use of multi-radio device and/or phone |
CN101990204A (en) * | 2009-08-07 | 2011-03-23 | 中国移动通信集团公司 | Method and device for accessing service by using card inserted terminal |
CN103052064A (en) * | 2011-10-13 | 2013-04-17 | 中国移动通信集团公司 | Method, equipment and system for accessing private services of operator |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109587098A (en) * | 2017-09-29 | 2019-04-05 | 阿里巴巴集团控股有限公司 | A kind of Verification System and method, authorization server |
CN109587098B (en) * | 2017-09-29 | 2022-04-08 | 阿里巴巴集团控股有限公司 | Authentication system and method, and authorization server |
CN113347179A (en) * | 2021-05-28 | 2021-09-03 | 世纪龙信息网络有限责任公司 | Authentication server, card authentication system, secret-free authentication method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR102466166B1 (en) | Processing electronic tokens | |
CN104519020B (en) | Manage method, server and the system of wireless network login password sharing function | |
CN103249045B (en) | A kind of methods, devices and systems of identification | |
CN106559783B (en) | Authentication method, device and system for WIFI network | |
CN110266642A (en) | Identity identifying method and server, electronic equipment | |
CN104270250B (en) | WiFi internets online connection authentication method based on asymmetric whole encryption | |
CN103905194B (en) | Identity traceability authentication method and system | |
US11337067B2 (en) | Systems and methods for providing wireless access security by interrogation | |
CN107026813A (en) | Access authentication method, system and the portal server of WiFi network | |
CN105721412A (en) | Method and device for authenticating identity between multiple systems | |
CN110266656A (en) | Exempt from close authenticating identity recognition methods, device and computer equipment | |
CN111800377B (en) | Mobile terminal identity authentication system based on safe multi-party calculation | |
CN107277812A (en) | A kind of wireless network authentication method and system based on Quick Response Code | |
CN104469736B (en) | A kind of data processing method, server and terminal | |
CN106302332A (en) | The access control method of user data, Apparatus and system | |
CN105813072A (en) | Terminal authentication method, system and cloud server | |
CN109561429A (en) | A kind of method for authenticating and equipment | |
CN106304264A (en) | A kind of wireless network access method and device | |
CN106559785A (en) | Authentication method, equipment and system and access device and terminal | |
CN107846676A (en) | Safety communicating method and system based on network section security architecture | |
CN107659935A (en) | A kind of authentication method, certificate server, network management system and Verification System | |
CN110278084B (en) | eID establishing method, related device and system | |
CN107786978B (en) | NFC authentication system based on quantum encryption | |
CN106453199A (en) | Unified authentication method and system based on subscriber identity module card | |
CN105873035A (en) | Safe AP (access point) information processing method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170222 |
|
RJ01 | Rejection of invention patent application after publication |