CN107332819A - A kind of method for authenticating and device for conference system - Google Patents

A kind of method for authenticating and device for conference system Download PDF

Info

Publication number
CN107332819A
CN107332819A CN201710378390.XA CN201710378390A CN107332819A CN 107332819 A CN107332819 A CN 107332819A CN 201710378390 A CN201710378390 A CN 201710378390A CN 107332819 A CN107332819 A CN 107332819A
Authority
CN
China
Prior art keywords
password
conference
conference terminal
dynamic
login account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710378390.XA
Other languages
Chinese (zh)
Inventor
顾志松
王超
顾振华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Keda Technology Co Ltd
Original Assignee
Suzhou Keda Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Keda Technology Co Ltd filed Critical Suzhou Keda Technology Co Ltd
Priority to CN201710378390.XA priority Critical patent/CN107332819A/en
Publication of CN107332819A publication Critical patent/CN107332819A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/14Systems for two-way working
    • H04N7/15Conference systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Multimedia (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a kind of method for authenticating and device for conference system, wherein method includes:Login account, password and the dynamic password transmitted by the first conference terminal are received, the password that the dynamic token that dynamic password user corresponding with login account holds is currently generated is consistent, and the password that dynamic token is generated is regularly updated;The identity of the first conference terminal is authenticated based on login account and password;Certification by when, obtain corresponding with login account checking password;Judge whether dynamic password is consistent with checking password;When dynamic password is consistent with checking password, determine that the first conference terminal has lawful authority.Dynamic password in this method can not be obtained directly from outside;By the password that dynamic token is generated is regularly updated, this used dynamic password can not be verified in next time, thus intercept and capture even if other people dynamic password that this uses also can not accessing conference accordingly, improve the security of conference system access.

Description

A kind of method for authenticating and device for conference system
Technical field
The present invention relates to audio/video conference technical field, and in particular to a kind of method for authenticating and dress for conference system Put.
Background technology
In order to ensure the security of audio/video conference system, it is necessary to authentication be carried out to conference terminal, to determine to attempt to The conference terminal of accessing conference has access authority.
In existing authentication mode, the first user inputs login account and password, the first conference terminal from the first conference terminal The login account and password are sent to Conference server, Conference server searches the login account from default access list Whether there is access authority, and verify whether the password is correct.When the login account has access authority and the password is correct When, determine that the first conference terminal has access authority.
However, the first user itself needs record login account and password, its login account recorded and password hold Easily obtained by other people;Moreover, other people are after login account is known, it is easy to crack its password;In addition, the first conference terminal Easily it is trapped during login account and password are sent to Conference server, so that other people can be in utilization next time The login account and password intercepted and captured are in the second conference terminal or the first conference terminal accessing conference server.
It is a kind of ripe identification authentication mode using " USBkey/SDkey+ digital certificates ", is commonly used to bank finance System, or the higher application system of other security level requireds.Wherein USBkey is generally used for PC computers, and SDkey is general For mobile terminals such as mobile phone/flat boards with TF necks.Private keys of the USBkey/SDkey inside hardware guarantee can not be read, And communicating pair all carries out authentication by private key signature, therefore with high security.But, USBkey/SDkey Using above there is many inconvenience, such as:Need to sign and issue digital certificate, it is necessary to be manually inserted into terminal device in advance, be typically necessary Driver is installed, and some mobile terminals (such as iPhone/iPad) do not have TF necks also, it is impossible to use SDkey.
The content of the invention
In view of this, the embodiments of the invention provide a kind of method for authenticating and device for conference system, to solve to step on Land account and the authentication mode security of password are low, and the authentication mode of " USBkey/SDkey+ digital certificates " is to conference terminal Applicability it is not high the problem of.
According in a first aspect, the embodiments of the invention provide a kind of method for authenticating for conference system, including:Receive the Login account, password and dynamic password transmitted by one conference terminal, the dynamic password is corresponding with the login account to be used The password that the dynamic token that family is held is currently generated is consistent, and the password that the dynamic token is generated is regularly updated;Based on described Login account and the password are authenticated to the identity of first conference terminal;Certification by when, acquisition stepped on described The corresponding checking password of land account;Judge whether the dynamic password is consistent with the checking password;When the dynamic password with It is described checking password it is consistent when, determine that first conference terminal has lawful authority.
Alternatively, the dynamic token generates the dynamic password by the first password algorithm;The acquisition is stepped on described Land account it is corresponding checking password the step of include:Search the second password algorithm corresponding with the login account;Described second Password algorithm is consistent with the password that first password algorithm is generated in same period;Given birth to by second password algorithm Into the checking password.
Alternatively, it is described obtain it is corresponding with the login account verify password the step of include:Sent out to certificate server Send the login account and the dynamic password;Checking password corresponding with the login account is obtained by certificate server, and After judging whether the dynamic password is consistent with the checking password, and return to judged result;Receive the certificate server institute The judged result sent;When the judged result indicates that the dynamic password is consistent with the checking password, institute is determined Stating the first conference terminal has lawful authority.
Alternatively, the dynamic token generates the dynamic password by the first password algorithm;Certificate server obtain with The corresponding checking password of the login account, and after judging whether the dynamic password consistent with the checking password, and return The step of judged result, includes:The certificate server receives the login account and the dynamic password;The authentication service Device searches the 3rd password algorithm corresponding with the login account;3rd password algorithm exists with first password algorithm The password of generation is consistent in same period;The certificate server generates the checking password by the 3rd password algorithm; The certificate server judges whether the dynamic password is consistent with the checking password;The certificate server will determine that knot Fruit is sent to the Conference server.
Alternatively, after the step of determination first conference terminal has lawful authority, in addition to:The meeting Server receives the link acknowledgement request of first conference terminal, and the link acknowledgement request carries the second conference terminal Identification information, first conference terminal and second conference terminal is participate in the conference terminal of same conference;The meeting It is whole that link acknowledgement request is transmitted to second meeting by view identification information of the server based on second conference terminal End;The link acknowledgement request triggering second conference terminal returns to identity information;The identity information is used for described the Two conference terminals are authenticated;The Conference server judges whether to receive the identity letter that second conference terminal is sent Breath;When receiving the identity information, the Conference server enters according to the identity information to second conference terminal Row certification;The Conference server sends the authentication result of second conference terminal to first conference terminal.
According to second aspect, the embodiments of the invention provide a kind of authentication device for conference system, including:First connects Unit is received, for receiving login account, password and dynamic password transmitted by the first conference terminal, the dynamic password and institute State the password that the dynamic token that the corresponding user of login account holds is currently generated consistent, the mouth that the dynamic token is generated Order is regularly updated;First authentication unit, for based on the body of the login account and the password to first conference terminal Part is authenticated;First acquisition unit, for certification by when, obtain corresponding with login account checking password;The One judging unit, for judging whether the dynamic password is consistent with the checking password;Determining unit, for when described dynamic When state password is consistent with the checking password, determine that first conference terminal has lawful authority.
Alternatively, the dynamic token generates the dynamic password by the first password algorithm;The first acquisition unit Including:Subelement is searched, for searching the second password algorithm corresponding with the login account;Second password algorithm with The password that first password algorithm is generated in same period is consistent;Subelement is generated, for being calculated by second password Method generates the checking password.
Alternatively, the first acquisition unit includes:Transmission sub-unit, for certificate server send described in log in account Number and the dynamic password;Checking password corresponding with the login account is obtained by certificate server, and judges the dynamic After whether password is consistent with the checking password, and return to judged result;Receiving subelement, for receiving the authentication service The judged result transmitted by device;Determination subelement, for indicating that the dynamic password is tested with described when the judged result When card password is consistent, determine that first conference terminal has lawful authority.
Alternatively, the dynamic token generates the dynamic password by the first password algorithm;Described device also includes:The Two receiving units, for receiving the login account and the dynamic password;Searching unit, account is logged in for searching with described Number corresponding 3rd password algorithm;The mouth that 3rd password algorithm is generated with first password algorithm in same period Order is consistent;Generation unit, for generating the checking password by the 3rd password algorithm;Second judging unit, for sentencing Whether the dynamic password that breaks is consistent with the checking password;First transmitting element, for will determine that result is sent to the meeting Discuss server.
Alternatively, described device also includes:3rd receiving unit, the link acknowledgement for receiving first conference terminal Request, the link acknowledgement request carries the identification information of the second conference terminal, first conference terminal and described second Conference terminal is the conference terminal for participating in same conference;Retransmission unit, for the identification information based on second conference terminal Link acknowledgement request is transmitted to second conference terminal;The link acknowledgement request triggering second meeting is whole End returns to identity information;The identity information is used to be authenticated second conference terminal;3rd judging unit, is used for Judge whether to receive the identity information that second conference terminal is sent;Second authentication unit, the body is received for working as During part information, second conference terminal is authenticated according to the identity information;Second transmitting element, for by described in The authentication result of second conference terminal is sent to first conference terminal.
The method for authenticating and device for conference system that the embodiment of the present invention is provided, by user is in conference terminal institute The dynamic password of input is that dynamic token is generated, and the dynamic password can only check dynamic token to conference terminal from user Middle input can be obtained by conference terminal, and outside can not directly be obtained;By the password that dynamic token is generated is regular more Newly, this used dynamic password can not be verified in next time, even if therefore other people intercept and capture this dynamic password used Also can not accessing conference accordingly, improve the security of conference system access.
Brief description of the drawings
The features and advantages of the present invention can be more clearly understood from by reference to accompanying drawing, accompanying drawing is schematical without that should manage Solve to carry out any limitation to the present invention, in the accompanying drawings:
Fig. 1 shows a kind of method for authenticating for conference system according to embodiments of the present invention;
Fig. 2 shows another method for authenticating for conference system according to embodiments of the present invention;
Fig. 3 shows that another according to embodiments of the present invention is used for the method for authenticating of conference system;
Fig. 4 shows that another according to embodiments of the present invention is used for the method for authenticating of conference system;
Fig. 5 shows a kind of implementation environment schematic diagram according to embodiments of the present invention;
Fig. 6 shows another implementation environment schematic diagram according to embodiments of the present invention;
Fig. 7 shows that according to embodiments of the present invention another is used for the flow chart of the authentication method of conference system;
Fig. 8 shows a kind of theory diagram of authentication device for conference system according to embodiments of the present invention;
Fig. 9 shows the theory diagram of another authentication device for conference system according to embodiments of the present invention;
Figure 10 shows that according to embodiments of the present invention another is used for the theory diagram of the authentication device of conference system.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is A part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those skilled in the art exist The every other embodiment obtained under the premise of creative work is not made, the scope of protection of the invention is belonged to.
The embodiments of the invention provide a kind of method for authenticating for conference system.Wherein, as shown in figure 5, conference system Including Conference server and conference terminal;Further, as shown in fig. 6, conference system can also include being used for user or The certificate server that conference terminal is authenticated;Further, conference system can also include the dynamic order that user is held Board.Conference system described in the embodiment of the present invention can be video conferencing system, can be TeleConference Bridge.
Embodiment one
Fig. 1 shows a kind of method for authenticating for conference system according to embodiments of the present invention, comprises the following steps:
S101:Login account, password and the dynamic password transmitted by the first conference terminal are received, dynamic password is with logging in account The password that the dynamic token that number corresponding user holds is currently generated is consistent, and the password that dynamic token is generated is regularly updated.
The dynamic token is hardware device, built-in encryption chip, and be configured with display screen.The display screen of dynamic token is shown The password generated, and the password regularly updates (i.e. dynamic password).
The user for holding the dynamic token (uses to dynamic password shown on the first conference terminal input dynamic token The dynamic password that family is inputted is consistent with the password that dynamic token is generated), and input login account and password, the first meeting Terminal sends login account, password and dynamic password to Conference server.
Before this step, dynamic password and the corresponding relation of login account are pre-established.
Alternatively, before this step, TLS (Transport are passed through between the first conference terminal and Conference server Layer Security) the safe encrypted tunnel of agreement foundation, the information transfer between the first conference terminal and Conference server Carried out in safe encrypted tunnel, so as to ensure that login account, password and dynamic password are not stolen.Tls protocol utilizes number According to encryption technology, it can be ensured that data are not intercepted or eavesdropped in network transmission process.
For example, login account and dynamic password can be in TLS encrypted tunnels with SIP (Session Initial Protocol, session initiation protocol) mode of signaling sends Conference server to.
S102:The identity of the first conference terminal is authenticated based on login account and password.
S103:Certification by when, obtain corresponding with login account checking password.
S104:Judge whether dynamic password is consistent with checking password.When dynamic password is consistent with checking password, step is performed Rapid S105;Otherwise, it determines the first conference terminal does not have lawful authority.
Above-mentioned steps S103 and S104, Conference server can obtain checking password from therein, and itself performs S104 Judgment step;Or Conference server can also obtain checking mouth from the external equipment (such as certificate server) beyond itself Order;In addition, further, checking password can also be obtained by external equipment (such as certificate server), and perform S104 judgement Step, will determine that result is sent to Conference server.
S105:Determine that the first conference terminal has lawful authority.
Above-mentioned steps S101 to S105 can be performed by Conference server;Can also be step S103 and S104 by recognizing Server is demonstrate,proved to perform, and S101, S102 and S105 are performed by Conference server;Can also be step S103 by certificate server Perform, and S101, S102, S104 and S105 are performed by Conference server.
In the above-mentioned method for authenticating for conference system, by user in the dynamic password that the first conference terminal is inputted is What dynamic token was generated, equipment need not be inserted on the first conference terminal and driving is installed, various terminals can be used as first Conference terminal, user only needs to the client installed from it or the direct login authentication of WEB terminal, such as various operating systems Mobile phone, tablet personal computer of PC computers, Android or IOS systems etc.;The dynamic password can only check dynamic token to first from user Input can be obtained by the first conference terminal in conference terminal, and outside can not directly be obtained;Generated by dynamic token Password is regularly updated, and this used dynamic password can not be verified in next time, even if therefore other people intercept and capture this and use Dynamic password also can not accessing conference accordingly, improve the security of conference system access.
Embodiment two
Fig. 2 shows another method for authenticating for conference system according to embodiments of the present invention, for the first meeting The Conference server of terminal communication connection is discussed, as shown in Figure 5.The first conference terminal in the application can be PC computers, hand Machine, tablet personal computer, special video conference terminal product;Can also be phone and telephony gateway, wherein, phone be used for input Shown dynamic password in login account and dynamic token, telephony gateway is used to login account and dynamic password being forwarded to Conference server.
According to Fig. 2, the method for authenticating comprises the following steps:
S201:Conference server receives login account, password and the dynamic password transmitted by the first conference terminal, dynamic mouth The password that the dynamic token that order user corresponding with login account holds is currently generated is consistent, the password that dynamic token is generated Regularly update.Wherein, dynamic token generates dynamic password by the first password algorithm.
Security encryption chip of first password algorithm inside dynamic token is performed, and generates password, and the password is fixed Phase updates, and for example first password algorithm can regard the time as parameter.Algorithm in security encryption chip can not be obtained from outside Take.
S202:Conference server is authenticated based on login account and password to the identity of the first conference terminal.
S203:Certification by when, Conference server searches corresponding with login account the second password algorithm.
The password algorithm corresponding to multiple login accounts can be prestored inside Conference server.
Conference server is internally provided with the second password algorithm of safety encryption, and second password algorithm and the first password are calculated The password that method is generated in same period is consistent.
S204:Conference server passes through the second password algorithm generation checking password.
S205:Conference server judges whether dynamic password is consistent with checking password.When dynamic password and checking password one During cause, step S206 is performed;Otherwise, Conference server determines that the first conference terminal does not have lawful authority.
S206:Conference server determines that the first conference terminal has lawful authority.
Embodiment three
Fig. 3 shows that another according to embodiments of the present invention is used for the method for authenticating of conference system, for shown in Fig. 6 System, the system include dynamic token, certificate server, at least one Conference server be connected with certificate server, and At least one conference terminal of each Conference server connection, wherein Conference server directly passes through with certificate server Radius agreements (a kind of remote authentication agreement) are transmitted.According to Fig. 3, the method for authenticating comprises the following steps:
S301:Conference server receives login account, password and the dynamic password transmitted by the first conference terminal, dynamic mouth The password that the dynamic token that order user corresponding with login account holds is currently generated is consistent, the password that dynamic token is generated Regularly update.Wherein, dynamic token generates dynamic password by the first password algorithm.
S302:Conference server is authenticated based on login account and password to the identity of the first conference terminal.
S303:Certification by when, Conference server sends login account and dynamic password to certificate server.
S304:Certificate server receives the login account and dynamic password transmitted by Conference server.
S305:Certificate server obtains checking password corresponding with login account.
S306:Certificate server judges whether dynamic password is consistent with checking password.
S307:Certificate server will determine that result is sent to Conference server.
S308:Conference server receives the judged result transmitted by certificate server.
S309:Conference server determines whether judged result indicates that dynamic password is consistent with checking password.Work as judged result When indicating that dynamic password is consistent with checking password, step S310 is performed;Otherwise Conference server determines the first conference terminal not With lawful authority.
S310:Conference server determines that the first conference terminal has lawful authority.
The above-mentioned method for authenticating for conference system, the login account and password of Conference server first to the first conference terminal Verified, the login account and dynamic password of the first conference terminal are sent to certificate server again after being verified and carried out Compared with checking, the scheme for receiving the login account and dynamic password of the first conference terminal with certificate server to verify, Neng Goufang Only other people disguise oneself as the first conference terminal frequently to certificate server transmission login account and dynamic password requests verification, cause Certificate server cannot respond to the checking request of normal first conference terminal, i.e. distributed denial of service attack, cause the first meeting Discussing terminal can not accessing conference.
Example IV
Fig. 4 shows that another according to embodiments of the present invention is used for the method for authenticating of conference system, for shown in Fig. 6 System, the system include dynamic token, certificate server, at least one Conference server be connected with certificate server, and At least one first conference terminal of each Conference server connection.According to Fig. 4, the method for authenticating comprises the following steps:
S401:Conference server receives login account, password and the dynamic password transmitted by the first conference terminal, dynamic mouth The password that the dynamic token that order user corresponding with login account holds is currently generated is consistent, the password that dynamic token is generated Regularly update.Wherein, dynamic token generates dynamic password by the first password algorithm.
S402:Conference server is authenticated based on login account and password to the identity of the first conference terminal.
S403:Certification by when, Conference server sends login account and dynamic password to certificate server.
S404:Certificate server receives the login account and dynamic password transmitted by Conference server.
S405:Certificate server searches the 3rd password algorithm corresponding with login account.
The password algorithm corresponding to multiple login accounts can be prestored inside certificate server.
Certificate server is internally provided with the 3rd password algorithm of safety encryption, and the 3rd password algorithm and the first password are calculated The password that method is generated in same period is consistent.
S406:Certificate server passes through the 3rd password algorithm generation checking password.
S407:Certificate server judges whether dynamic password is consistent with checking password.
S408:Certificate server will determine that result is sent to Conference server.
S409:Conference server receives the judged result transmitted by certificate server.
S410:Conference server determines whether judged result indicates that dynamic password is consistent with checking password.Work as judged result When indicating that dynamic password is consistent with checking password, step S411 is performed;Otherwise, Conference server determines the first conference terminal not With lawful authority.
S411:Conference server determines that the first conference terminal has lawful authority.
Embodiment five
Fig. 7 shows that according to embodiments of the present invention another is used for the flow chart of the authentication method of conference system, is used for Conference system shown in Fig. 5.As shown in fig. 7, this method comprises the following steps:
S501:Conference server receives login account, password and the dynamic password transmitted by the first conference terminal, dynamic mouth The password that the dynamic token that order user corresponding with login account holds is currently generated is consistent, the password that dynamic token is generated Regularly update.
S502:Conference server is authenticated based on login account and password to the identity of the first conference terminal.
S503:Certification by when, obtain corresponding with login account checking password.
S504:Judge whether dynamic password is consistent with checking password.When dynamic password is consistent with checking password, step is performed Rapid S505;Otherwise, it determines the first conference terminal does not have lawful authority.
Above-mentioned steps S503 and S504, Conference server can obtain checking password from therein, and itself performs S504 Judgment step;Or Conference server can also obtain checking mouth from the external equipment (such as certificate server) beyond itself Order;In addition, further, checking password can also be obtained by external equipment (such as certificate server), and perform S504 judgement Step, will determine that result is sent to Conference server.
S505:Conference server determines that the first conference terminal has lawful authority.
S506:Conference server receives the link acknowledgement request of the first conference terminal, and link acknowledgement request carries second The identification information of conference terminal, the first conference terminal and the second conference terminal are the conference terminal for participating in same conference.
S507:Identification information of the Conference server based on the second conference terminal asks link acknowledgement and the first conference terminal Authentication result be transmitted to the second conference terminal.Link acknowledgement request the second conference terminal of triggering returns to identity information, identity letter Cease for being authenticated to the second conference terminal.
S508:Conference server judges whether to receive the identity information of the second conference terminal transmission.When receiving identity During information, step S509 is performed;Otherwise, other operations are performed.
S509:Conference server is authenticated according to the identity information to the second conference terminal.
Authentication is carried out to the second conference terminal herein and refers to that Conference server certification sends the meeting of the identity information Whether terminal is conference terminal corresponding to the identification information of the second conference terminal in link acknowledgement request, i.e. the second meeting is whole Whether the identity at end is credible.If the identity of the second conference terminal is credible, certification passes through;Otherwise certification does not pass through.
The mode that Conference server carries out authentication to the second conference terminal can be obtained by the second conference terminal Dynamic password, shown password on the dynamic token that the dynamic password is held by user;Can also be by the second meeting Discuss the certificate transmitted by terminal and authentication is carried out to the second conference terminal, the application is not specifically limited.
The mode that above-mentioned Conference server carries out authentication to the first conference terminal and the second conference terminal can be phase It is same or different.
S510:Conference server sends the authentication result of the second conference terminal to the first conference terminal.
It should be added that, the authentication result of the first conference terminal is sent to the second meeting in above-mentioned steps S503 The step of terminal, can perform before any one step of the first conference terminal authentication after, however it is not limited to Performed in step S503.
On the one hand, Conference server carries out authentication to the first conference terminal, and certification passes through conference service by rear Device sends the authentication result of the first conference terminal to the second conference terminal, so that the second conference terminal can confirm that the first meeting View terminal whether be its send code stream target meeting terminal.On the other hand, Conference server receives the chain of the first conference terminal Road confirmation request, the link acknowledgement asks to carry the mark of the second conference terminal;Then Conference server is based on the second meeting The mark of terminal sends link acknowledgement request to the second conference terminal;Conference terminal response link acknowledgement request, identity is believed Breath is sent to Conference server;Conference server carries out authentication, and recognizing the second conference terminal to the second conference terminal Card result is sent to the first conference terminal, so that the first conference terminal can confirm that whether the second conference terminal is that it sends code The target meeting terminal of stream.When the first conference terminal does not set up data link with other conference terminals, or it is whole with the first meeting When the conference terminal that data link is set up at end is not its target meeting terminal, the first conference terminal can confirm data link Error.Therefore, the authentication method for the conference system that the embodiment of the present invention is provided can realize the first conference terminal and the second meeting The two-way authentication of terminal-pair data link is discussed, to ensure the security of the mutual signaling stream of both sides.
Alternatively, the Conference server in the conference system is the meeting of multiple cascades, the conference service of the plurality of cascade Data link between device the first conference terminal of formation and the second conference terminal, for forwarding the first conference terminal and the second meeting Discuss the first Conference server and the second Conference server in the code stream between terminal, such as Fig. 5.Alternatively, the first meeting is whole Pass through SSL (Secure Sockets between end and the first Conference server, between the second conference terminal and the second Conference server Layer, SSL) transmission information, the information such as identification information or authentication result to prevent conference terminal changed.The Pass through TLS (Transport Layer Security, secure transport layers between one Conference server and the second Conference server Agreement) agreement transmission information.
Wherein, authentication method also includes:Data link between first conference terminal and the second conference terminal is recognized Card.
Further, the data link between the first conference terminal and the second conference terminal is authenticated including:Currently When Conference server receives the message that a Conference server is forwarded, authentication is carried out to a upper Conference server; Message includes link acknowledgement request or authentication result.A upper Conference server certification by when, active conference server will Message sends next equipment into data link.
When the authentication of the first Conference server or the second Conference server in data link is obstructed out-of-date, link is true Recognizing request or authentication result just can not send next equipment into data link, and then final first conference terminal can not The information that the authentication of the second conference terminal passes through is received, so that the first conference terminal can confirm that data link malfunctions.
Therefore, the embodiment of the present invention can confirm that equipment in data link (such as the first Conference server and the second meeting Server) identity it is whether true, prevent data-link equipment from being pretended by other equipment, threaten conference system safety.
Alternatively, in the embodiment of the present invention, INVITE and INFO message in Session Initiation Protocol can be used to implement State method for authenticating.Specifically include:
S601:First conference terminal is sent in the first INVITE message, the first INVITE message to the first Conference server Including link acknowledgement request, the link acknowledgement asks to carry the identification information of the second conference terminal, the first conference terminal and the Two conference terminals are the conference terminal for participating in same conference.
Alternatively, before this step, the first conference terminal sends REGISTER message to Conference server, should Login account and password are carried in REGISTER message, when Conference server is verified to the login account and password.Test After card passes through, then perform step S601.
S602:Conference server is received after the first INVITE message, is believed according to the mark of the second conference terminal therein Cease to the second conference terminal and send the second INVITE message, the second INVITE message includes link acknowledgement request.
S603:Second conference terminal is got after the link acknowledgement request in the second INVITE message, to Conference server Send and the second link acknowledgement request is carried in the first 200OK message, the first 200OK message, second link acknowledgement request Carry the identification information of the first conference terminal.
S604:Conference server is received after the first 200OK message, is believed according to the mark of the first conference terminal therein Breath, the 2nd 200OK message is sent to the first conference terminal, and the 2nd 200OK message is asked including the secondth link acknowledgement.
After above-mentioned steps S603, the second conference terminal also performs the following steps S605.
S605:Second conference terminal is got after the link acknowledgement request in the second INVITE message, to Conference server The first INFO message is sent, first INFO message includes the identity information of the second conference terminal, the identity information is used for the Two conference terminals are authenticated.
S606:Conference server judges whether to receive first INFO message.When receiving first INFO message When, perform step S607;Otherwise other operations are performed.
S607:Identity information of the Conference server in the first INFO message carries out identity to the second conference terminal to be recognized Card.
S608:Conference server sends the second INFO message to the first conference terminal, and second INFO message includes the The authentication result of two conference terminals.
After the second link request in getting the 2nd 200OK message, the first conference terminal also performs the following steps S609。
S609:First conference terminal sends the 3rd INFO message to Conference server, and the 3rd INFO message includes the The identity information of one conference terminal.
S610:Conference server is according to the identity information of the first conference terminal in the 3rd INFO message to the first conference terminal Carry out authentication.
S611:Conference server sends the 4th INFO message to the second conference terminal, and the 4th INFO message includes the The authentication result of one conference terminal.
The authentication method of above-mentioned conference system, by the information to be sent be arranged on Session Initiation Protocol INVITE message signaling, It is transmitted in INFO message signaling, so as to additionally set special message signaling to transmit information, so as to reduce network Transinformation, prevents network congestion.
Embodiment five
Fig. 8 shows a kind of theory diagram of authentication device for conference system according to embodiments of the present invention.The dress Put including the first receiving unit 10, the first authentication unit 20, first acquisition unit 30, the first judging unit 40 and determining unit 50。
First receiving unit 10, for receiving login account, password and dynamic password transmitted by the first conference terminal, is moved The password that the dynamic token that state password user corresponding with login account holds is currently generated is consistent, what dynamic token was generated Password is regularly updated.
First authentication unit 20, for being authenticated based on login account and password to the identity of the first conference terminal.
First acquisition unit 30, for obtaining checking password corresponding with login account.
First judging unit 40, for judging whether dynamic password is consistent with checking password.
Determining unit 50, for when dynamic password is consistent with checking password, determining that the first conference terminal has legal power Limit.
Step performed by above-mentioned each unit specifically refers to embodiment one to embodiment five.
In the above-mentioned authentication device for conference system, the dynamic password can only be checked dynamic token to the first meeting from user Input and can be obtained by the first conference terminal in view terminal, outside can not directly be obtained;The mouth generated by dynamic token Order is regularly updated, and this used dynamic password can not be verified in next time, even if therefore other people intercept and capture what this was used Dynamic password also can not accessing conference accordingly, improve the security of conference system access.
Embodiment six
Fig. 9 shows the theory diagram of another authentication device for conference system according to embodiments of the present invention.Should Device includes the first receiving unit 10, the first authentication unit 20, first acquisition unit 30, the first judging unit 40 and determined single Member 50.
First receiving unit 10, for receiving login account and dynamic password transmitted by the first conference terminal, dynamic mouth The password that the dynamic token that order user corresponding with login account holds is generated is consistent, and the password that dynamic token is generated is determined Phase updates.
First authentication unit 20, for being authenticated based on login account and password to the identity of the first conference terminal.
First acquisition unit 30, for obtaining checking password corresponding with login account.
First judging unit 40, for judging whether dynamic password is consistent with checking password.
Determining unit 50, for when dynamic password is consistent with checking password, determining that the first conference terminal has legal power Limit.
As a kind of optional embodiment of the present embodiment, dynamic token generates dynamic password by the first password algorithm. First acquisition unit 30 includes searching subelement 31 and generation subelement 32.
Subelement 31 is searched, for searching the second password algorithm corresponding with login account.Second password algorithm and first The password that password algorithm is generated in same period is consistent.
Subelement 32 is generated, for passing through the second password algorithm generation checking password.
As a kind of optional embodiment of the present embodiment, first acquisition unit 30 includes transmission sub-unit 33, receives son Unit 34 and determination subelement 35.
Transmission sub-unit 33, for sending login account and dynamic password to certificate server.Obtained by certificate server Checking password corresponding with login account, and after judging whether dynamic password consistent with checking password, and return to judged result.
Receiving subelement 34, for receiving the judged result transmitted by certificate server.
Determination subelement 35, for when judged result indicates that dynamic password is consistent with checking password, determining the first meeting Terminal has lawful authority.
As a kind of optional embodiment of the present embodiment, dynamic token generates dynamic password by the first password algorithm. Described device also includes the second receiving unit 60, searching unit 70, generation unit 80, the second judging unit 90 and transmitting element 100, it is arranged in certificate server.
Second receiving unit 60, for receiving login account and dynamic password transmitted by Conference server.
Searching unit 70, the 3rd password algorithm corresponding with login account is searched for certificate server.3rd password is calculated Method is consistent with the password that the first password algorithm is generated in same period.
Generation unit 80, for generating the checking password by the 3rd password algorithm.
Second judging unit 90, for judging whether dynamic password is consistent with checking password.
Transmitting element 100, for will determine that result is sent to Conference server.
It should be added that, except the second receiving unit 60, searching unit 70, generation unit 80, second judge single Member 90 and transmitting element 100 be arranged at outside certificate server, other each units, subelement be respectively provided with Conference server.
As a kind of optional embodiment of the present embodiment, described device also includes the 3rd receiving unit 110, retransmission unit 120th, the 3rd judging unit 130, the second authentication unit 140 and the second transmitting element 150.
3rd receiving unit 110, the link acknowledgement request for receiving the first conference terminal, link acknowledgement request is carried The identification information of second conference terminal, the first conference terminal and the second conference terminal are the conference terminal for participating in same conference.
Retransmission unit 120, the second meeting is transmitted to for the identification information based on the second conference terminal by link acknowledgement request Discuss terminal.Link acknowledgement request the second conference terminal of triggering returns to identity information.Identity information is used to enter the second conference terminal Row certification.
3rd judging unit 130, for judging whether to receive the identity information that the second conference terminal is sent.
Second authentication unit 140, for when receiving identity information, being carried out according to identity information to the second conference terminal Certification.
Second transmitting element 150, for the authentication result of the second conference terminal to be sent to the first conference terminal.
Specific steps performed by above-mentioned each unit, subelement refer to embodiment one in the application to embodiment five.
Embodiment seven
Figure 10 shows that according to embodiments of the present invention another is used for the theory diagram of the authentication device of conference system.With The difference of embodiment five is that described device also includes the 3rd receiving unit 110, retransmission unit 120, the 3rd judging unit 130th, the second authentication unit 140 and the second transmitting element 150.
3rd receiving unit 110, the link acknowledgement request for receiving the first conference terminal, link acknowledgement request is carried The identification information of second conference terminal, the first conference terminal and the second conference terminal are the conference terminal for participating in same conference.
Retransmission unit 120, the second meeting is transmitted to for the identification information based on the second conference terminal by link acknowledgement request Discuss terminal.Link acknowledgement request the second conference terminal of triggering returns to identity information.Identity information is used to enter the second conference terminal Row certification.
3rd judging unit 130, for judging whether to receive the identity information that the second conference terminal is sent.
Second authentication unit 140, for when receiving identity information, being carried out according to identity information to the second conference terminal Certification.
Second transmitting element 150, for the authentication result of the second conference terminal to be sent to the first conference terminal.
Step performed by above-mentioned each unit specifically refers to embodiment one to embodiment five.
Although being described in conjunction with the accompanying embodiments of the invention, those skilled in the art can not depart from the present invention Spirit and scope in the case of various modification can be adapted and modification, such modifications and variations are each fallen within by appended claims Within limited range.

Claims (10)

1. a kind of method for authenticating for conference system, it is characterised in that including:
Login account, password and the dynamic password transmitted by the first conference terminal are received, the dynamic password logs in account with described The password that the dynamic token that number corresponding user holds is currently generated is consistent, and the password that the dynamic token is generated is periodically more Newly;
The identity of first conference terminal is authenticated based on the login account and the password;
Certification by when, obtain corresponding with login account checking password;
Judge whether the dynamic password is consistent with the checking password;
When the dynamic password is consistent with the checking password, determine that first conference terminal has lawful authority.
2. method for authenticating according to claim 1, it is characterised in that the dynamic token is generated by the first password algorithm The dynamic password;It is described obtain it is corresponding with the login account verify password the step of include:
Search the second password algorithm corresponding with the login account;Second password algorithm exists with first password algorithm The password of generation is consistent in same period;
The checking password is generated by second password algorithm.
3. method for authenticating according to claim 1, it is characterised in that acquisition checking corresponding with the login account The step of password, includes:
The login account and the dynamic password are sent to certificate server;Obtained and the login account by certificate server Corresponding checking password, and after judging whether the dynamic password consistent with the checking password, and return to judged result;
Receive the judged result transmitted by the certificate server;
When the judged result indicates that the dynamic password is consistent with the checking password, the first conference terminal tool is determined There is lawful authority.
4. method for authenticating according to claim 3, it is characterised in that the dynamic token is generated by the first password algorithm The dynamic password;Certificate server obtains corresponding with login account checking password, and judge the dynamic password and After whether the checking password is consistent, and include the step of return to judged result:
The certificate server receives the login account and the dynamic password;
The certificate server searches the 3rd password algorithm corresponding with the login account;3rd password algorithm with it is described The password that first password algorithm is generated in same period is consistent;
The certificate server generates the checking password by the 3rd password algorithm;
The certificate server judges whether the dynamic password is consistent with the checking password;
The certificate server will determine that result is sent to Conference server.
5. the method for authenticating according to claim any one of 1-4, it is characterised in that determination first conference terminal After the step of with lawful authority, in addition to:
The Conference server receives the link acknowledgement request of first conference terminal, and the link acknowledgement request carries the The identification information of two conference terminals, meeting of first conference terminal with second conference terminal to participate in same conference is whole End;
Link acknowledgement request is transmitted to described by identification information of the Conference server based on second conference terminal Second conference terminal;The link acknowledgement request triggering second conference terminal returns to identity information;The identity information is used It is authenticated in second conference terminal;
The Conference server judges whether to receive the identity information that second conference terminal is sent;
When receiving the identity information, the Conference server enters according to the identity information to second conference terminal Row certification;
The Conference server sends the authentication result of second conference terminal to first conference terminal.
6. a kind of authentication device for conference system, it is characterised in that including:
First receiving unit, for receiving login account, password and dynamic password transmitted by the first conference terminal, the dynamic The password that the dynamic token that password user corresponding with the login account holds is currently generated is consistent, and the dynamic token is given birth to Into password regularly update;
First authentication unit, for being recognized based on the login account and the password the identity of first conference terminal Card;
First acquisition unit, for certification by when, obtain corresponding with login account checking password;
First judging unit, for judging whether the dynamic password is consistent with the checking password;
Determining unit, for when the dynamic password is consistent with the checking password, determining that first conference terminal has Lawful authority.
7. authentication device according to claim 6, it is characterised in that the dynamic token is generated by the first password algorithm The dynamic password;The first acquisition unit includes:
Subelement is searched, for searching the second password algorithm corresponding with the login account;Second password algorithm and institute State the password that the first password algorithm generates in same period consistent;
Subelement is generated, for generating the checking password by second password algorithm.
8. authentication device according to claim 6, it is characterised in that the first acquisition unit includes:
Transmission sub-unit, for sending the login account and the dynamic password to certificate server;Obtained by certificate server Take checking password corresponding with the login account, and after judging whether the dynamic password consistent with the checking password, and Return to judged result;
Receiving subelement, for receiving the judged result transmitted by the certificate server;
Determination subelement, for when the judged result indicates that the dynamic password is consistent with the checking password, determining institute Stating the first conference terminal has lawful authority.
9. authentication device according to claim 8, it is characterised in that the dynamic token is generated by the first password algorithm The dynamic password;Described device also includes:
Second receiving unit, for receiving the login account and the dynamic password;
Searching unit, for searching the 3rd password algorithm corresponding with the login account;3rd password algorithm with it is described The password that first password algorithm is generated in same period is consistent;
Generation unit, for generating the checking password by the 3rd password algorithm;
Second judging unit, for judging whether the dynamic password is consistent with the checking password;
First transmitting element, for will determine that result is sent to Conference server.
10. the authentication device according to any one of claim 6 or 9, it is characterised in that described device also includes:
3rd receiving unit, the link acknowledgement for receiving first conference terminal is asked, and the link acknowledgement request is carried There are the identification information of the second conference terminal, first conference terminal and meeting of second conference terminal for participation same conference Discuss terminal;
Retransmission unit, described the is transmitted to for the identification information based on second conference terminal by link acknowledgement request Two conference terminals;The link acknowledgement request triggering second conference terminal returns to identity information;The identity information is used for Second conference terminal is authenticated;
3rd judging unit, for judging whether to receive the identity information that second conference terminal is sent;
Second authentication unit, it is whole to second meeting according to the identity information for when receiving the identity information End is authenticated;
Second transmitting element, for the authentication result of second conference terminal to be sent to first conference terminal.
CN201710378390.XA 2017-05-25 2017-05-25 A kind of method for authenticating and device for conference system Pending CN107332819A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710378390.XA CN107332819A (en) 2017-05-25 2017-05-25 A kind of method for authenticating and device for conference system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710378390.XA CN107332819A (en) 2017-05-25 2017-05-25 A kind of method for authenticating and device for conference system

Publications (1)

Publication Number Publication Date
CN107332819A true CN107332819A (en) 2017-11-07

Family

ID=60193050

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710378390.XA Pending CN107332819A (en) 2017-05-25 2017-05-25 A kind of method for authenticating and device for conference system

Country Status (1)

Country Link
CN (1) CN107332819A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108418834A (en) * 2018-04-04 2018-08-17 成都鹏业软件股份有限公司 A kind of internet of things equipment auth method
CN108718401A (en) * 2018-08-09 2018-10-30 Oppo广东移动通信有限公司 Video meeting implementing method and relevant apparatus
CN110519545A (en) * 2018-05-22 2019-11-29 中兴通讯股份有限公司 Meeting authority control method and system, server, terminal, storage medium
CN112668059A (en) * 2021-03-16 2021-04-16 浙江华创视讯科技有限公司 Conference authorization control method, device, electronic equipment, system and storage medium
CN112818329A (en) * 2021-04-19 2021-05-18 上海银基信息安全技术股份有限公司 Authentication method and device, user side, equipment side and storage medium
CN112953936A (en) * 2021-02-18 2021-06-11 泰州中科树人信息科技有限公司 Encrypted video playing technology based on ZKSR protocol
CN113132315A (en) * 2019-12-31 2021-07-16 中国移动通信集团山西有限公司 Online conference authentication method, device, equipment, medium and system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101163014A (en) * 2007-11-30 2008-04-16 中国电信股份有限公司 Dynamic password identification authenticating system and method
CN101582764A (en) * 2009-04-02 2009-11-18 北京飞天诚信科技有限公司 Method and system for identity authentication based on dynamic password
CN103391195A (en) * 2013-07-01 2013-11-13 飞天诚信科技股份有限公司 Working method for dynamic token
CN103475791A (en) * 2005-02-25 2013-12-25 西门子通讯公司 Systems and methods for routing a communications link
CN103716165A (en) * 2013-12-18 2014-04-09 北京海泰方圆科技有限公司 Time factor generation methods of dynamic password token and authentication system, and calibration method
CN104168116A (en) * 2014-08-19 2014-11-26 天地(常州)自动化股份有限公司 Database identity authentication method and system
CN104657860A (en) * 2015-01-28 2015-05-27 郑州大学 Mobile banking security authentication method
CN105721159A (en) * 2016-01-20 2016-06-29 浪潮(北京)电子信息产业有限公司 Operation system identity authentication method and operation system identity authentication system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103475791A (en) * 2005-02-25 2013-12-25 西门子通讯公司 Systems and methods for routing a communications link
CN101163014A (en) * 2007-11-30 2008-04-16 中国电信股份有限公司 Dynamic password identification authenticating system and method
CN101582764A (en) * 2009-04-02 2009-11-18 北京飞天诚信科技有限公司 Method and system for identity authentication based on dynamic password
CN103391195A (en) * 2013-07-01 2013-11-13 飞天诚信科技股份有限公司 Working method for dynamic token
CN103716165A (en) * 2013-12-18 2014-04-09 北京海泰方圆科技有限公司 Time factor generation methods of dynamic password token and authentication system, and calibration method
CN104168116A (en) * 2014-08-19 2014-11-26 天地(常州)自动化股份有限公司 Database identity authentication method and system
CN104657860A (en) * 2015-01-28 2015-05-27 郑州大学 Mobile banking security authentication method
CN105721159A (en) * 2016-01-20 2016-06-29 浪潮(北京)电子信息产业有限公司 Operation system identity authentication method and operation system identity authentication system

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108418834A (en) * 2018-04-04 2018-08-17 成都鹏业软件股份有限公司 A kind of internet of things equipment auth method
CN110519545A (en) * 2018-05-22 2019-11-29 中兴通讯股份有限公司 Meeting authority control method and system, server, terminal, storage medium
CN110519545B (en) * 2018-05-22 2021-11-23 中兴通讯股份有限公司 Conference authority control method and system, server, terminal and storage medium
CN108718401A (en) * 2018-08-09 2018-10-30 Oppo广东移动通信有限公司 Video meeting implementing method and relevant apparatus
CN108718401B (en) * 2018-08-09 2020-09-01 Oppo广东移动通信有限公司 Video conference implementation method and related device
CN113132315A (en) * 2019-12-31 2021-07-16 中国移动通信集团山西有限公司 Online conference authentication method, device, equipment, medium and system
CN113132315B (en) * 2019-12-31 2023-07-11 中国移动通信集团山西有限公司 Online conference authentication method, device, equipment, medium and system
CN112953936A (en) * 2021-02-18 2021-06-11 泰州中科树人信息科技有限公司 Encrypted video playing technology based on ZKSR protocol
CN112668059A (en) * 2021-03-16 2021-04-16 浙江华创视讯科技有限公司 Conference authorization control method, device, electronic equipment, system and storage medium
CN112818329A (en) * 2021-04-19 2021-05-18 上海银基信息安全技术股份有限公司 Authentication method and device, user side, equipment side and storage medium

Similar Documents

Publication Publication Date Title
CN107332819A (en) A kind of method for authenticating and device for conference system
Swamy et al. Security threats in the application layer in IOT applications
CN105187431B (en) Login method, server, client and the communication system of third-party application
CN102638473B (en) User data authorization method, device and system
CN104158824B (en) Genuine cyber identification authentication method and system
CN109981639B (en) Block chain based distributed trusted network connection method
US9444801B2 (en) Method, device and system for verifying communication sessions
CN107689944A (en) Identity identifying method, device and system
CN107733852A (en) A kind of auth method and device, electronic equipment
CN102946384B (en) User authentication method and equipment
JP2005509977A5 (en)
CN107113319A (en) Method, device, system and the proxy server of response in a kind of Virtual Networking Computing certification
US11388159B2 (en) Variable-step authentication for communications in controlled environment
CN104125230B (en) A kind of short message certification service system and authentication method
US20110078784A1 (en) Vpn system and method of controlling operation of same
CN102685749A (en) Wireless safety authentication method orienting to mobile terminal
CN108023873A (en) channel establishing method and terminal device
US20160197921A1 (en) Secure Data Transmission System
CN106330828A (en) Method for network secure access, terminal device and authentication server
CN107453871A (en) Password generated method, password authentication method, method of payment and device
CN106921677A (en) A kind of multiple encryption system of block chain houseclearing
CN106789845A (en) A kind of method of network data security transmission
CN109088729A (en) Key storage method and device
DE60224391T2 (en) Secure access to a subscriber module
TW201328280A (en) Instant communication identity authentication system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171107