CN117768874A - Processing method, terminal, system and storage medium for authentication capability - Google Patents

Processing method, terminal, system and storage medium for authentication capability Download PDF

Info

Publication number
CN117768874A
CN117768874A CN202211174410.9A CN202211174410A CN117768874A CN 117768874 A CN117768874 A CN 117768874A CN 202211174410 A CN202211174410 A CN 202211174410A CN 117768874 A CN117768874 A CN 117768874A
Authority
CN
China
Prior art keywords
authentication
capability
application
terminal
request message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211174410.9A
Other languages
Chinese (zh)
Inventor
黎艳
郭茂文
张�荣
卢燕青
胡鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202211174410.9A priority Critical patent/CN117768874A/en
Priority to PCT/CN2023/119124 priority patent/WO2024067165A1/en
Publication of CN117768874A publication Critical patent/CN117768874A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present disclosure provides a processing method, terminal, system and storage medium for authentication capability. The method comprises the following steps: the method comprises the steps that a capability acquisition module of a terminal receives a capability detection requirement message from a capability detection platform, wherein the capability detection requirement message carries an authentication capability parameter, the capability detection platform receives the authentication capability parameter from an authentication application background, the authentication capability parameter comprises a calling instruction corresponding to an authentication application, an expected calling result and an authentication application identifier, the calling instruction and the expected calling result are associated with the authentication application identifier, and the authentication capability parameter is stored in a detection instruction library; the capability acquisition module invokes a corresponding authentication module according to the authentication capability parameter; and the capability acquisition module receives the returned actual calling result, determines whether the corresponding authentication capability is available according to the actual calling result and the expected calling result, and stores the available authentication capability information.

Description

Processing method, terminal, system and storage medium for authentication capability
Technical Field
The disclosure relates to the technical field of communication security, and in particular relates to a processing method, a terminal, a system and a storage medium for authentication capability.
Background
At present, when application authentication or identity authentication relates to a terminal and a user card, strict requirements are required for a software and hardware environment of the terminal, the user card and the like, for example:
(1) The type of card, such as Java card/NFC (Near Field Communication ) card, GBA (Generic Bootstrapping Architecture, generic bootstrapping architecture) card, or whether a specified card application is preset, etc.;
(2) Whether the terminal environment satisfies a corresponding OS (Operating System) version, whether a specified APP (Application) or an integrated specified SDK (Software Development Kit ) has been installed;
(3) Whether the terminal card channel is valid, especially the mobile card channel of the universal terminal (e.g. vehicle-mounted terminal, etc.) except the mobile phone.
In the related art, if these complex requirements are to be satisfied, it is generally necessary to replace a terminal/user card and pre-install an application, and even then it is difficult to control the user terminal market, it is impossible to ensure that all terminals and cards satisfy the requirements, and in the case that the coverage rate of the terminal is difficult to increase, it is difficult to develop authentication applications or services in a large scale.
Disclosure of Invention
One technical problem solved by the present disclosure is: the processing method for the authentication capability is provided to realize detection and acquisition of the authentication capability of the terminal, grasp the supporting condition of the authentication capability of the terminal, and facilitate the improvement of the terminal coverage rate of the authentication application and the usability of the application during the application popularization.
According to one aspect of the present disclosure, there is provided a processing method for authentication capability, applied to a terminal, including: the capability acquisition module of the terminal receives a capability detection requirement message from a capability detection platform, wherein the capability detection requirement message carries the authentication capability parameter, the capability detection platform receives the authentication capability parameter from an authentication application background, the authentication capability parameter comprises a calling instruction, an expected calling result and an authentication application identifier corresponding to the authentication application, and the calling instruction and the expected calling result are associated with the authentication application identifier and stored in a detection instruction library; the capability acquisition module invokes a corresponding authentication module according to the authentication capability parameter; and the capability acquisition module receives the returned actual calling result, determines whether the corresponding authentication capability is available according to the actual calling result and the expected calling result, and stores the available authentication capability information.
In some embodiments, determining whether the corresponding authentication capability is available based on the actual call result and the expected call result comprises: determining that the corresponding authentication capability is available under the condition that the actual calling result and the expected calling result are the same; and determining that the corresponding authentication capability is not available in the case that the actual call result and the expected call result are different.
In some embodiments, the available authentication capability information includes: an authentication application identification, and information that an authentication capability corresponding to the authentication application identification is marked as available.
In some embodiments, the processing method further comprises: the application client of the terminal acquires authentication capability information supported by the terminal; the application client sends a first application request message to a network application functional entity, wherein the first application request message carries service request data and authentication capability information supported by the terminal; the network application functional entity determines an authentication mode to be adopted according to a service strategy corresponding to the application client and authentication capability information supported by the terminal, and returns an authentication and authorization request message to the application client, wherein the authentication and authorization request message carries the authentication mode and/or authentication parameters corresponding to the authentication mode; the application client executes an authentication and authorization process corresponding to the authentication mode through an authentication platform according to the authentication and authorization request message; after the application client executes the authentication and authorization process, a second application request message is sent to the network application functional entity, wherein the second application request message carries authentication and authorization passing information; the network application functional entity obtains corresponding authentication data from the authentication platform according to the authentication passing information, generates an application key according to the authentication data, and sends the service request data and the application key to an application server; and the application client generates an application key consistent with the application key generated by the network application function entity according to the authentication data, and communicates with the application server through the application key.
In some embodiments, the obtaining, by the application client of the terminal, authentication capability information supported by the terminal includes: the application client sends a capability query request message to a capability acquisition module of the terminal; and the capability acquisition module reads authentication capability information supported by the locally stored terminal after receiving the capability query request message, and returns the authentication capability information to the application client.
According to another aspect of the present disclosure, there is provided a processing method for authenticating capability, including: the capability detection platform receives authentication capability parameters from an authentication application background, wherein the authentication capability parameters comprise a calling instruction, an expected calling result and an authentication application identifier corresponding to the authentication application; the capability detection platform associates the calling instruction and the expected calling result with the authentication application identifier and stores the calling instruction and the expected calling result into a detection instruction library; the capability detection platform issues a capability detection requirement message to a capability acquisition module of the terminal, wherein the capability detection requirement message carries the authentication capability parameter; the capability acquisition module invokes a corresponding authentication module according to the authentication capability parameter; and the capability acquisition module receives the returned actual calling result, determines whether the corresponding authentication capability is available according to the actual calling result and the expected calling result, and stores the available authentication capability information.
In some embodiments, the capability collection module determining whether the corresponding authentication capability is available based on the actual call result and the expected call result comprises: the capability acquisition module determines that the corresponding authentication capability is available under the condition that the actual calling result is the same as the expected calling result; and the capability acquisition module determines that the corresponding authentication capability is not available under the condition that the actual calling result and the expected calling result are different.
In some embodiments, the available authentication capability information includes: an authentication application identification, and information that an authentication capability corresponding to the authentication application identification is marked as available.
In some embodiments, the processing method further comprises: the application client of the terminal acquires authentication capability information supported by the terminal; the application client sends a first application request message to a network application functional entity, wherein the first application request message carries service request data and authentication capability information supported by the terminal; the network application functional entity determines an authentication mode to be adopted according to a service strategy corresponding to the application client and authentication capability information supported by the terminal, and returns an authentication and authorization request message to the application client, wherein the authentication and authorization request message carries the authentication mode and/or authentication parameters corresponding to the authentication mode; the application client executes an authentication and authorization process corresponding to the authentication mode through an authentication platform according to the authentication and authorization request message; after the application client executes the authentication and authorization process, a second application request message is sent to the network application functional entity, wherein the second application request message carries authentication and authorization passing information; the network application functional entity obtains corresponding authentication data from the authentication platform according to the authentication passing information, generates an application key according to the authentication data, and sends the service request data and the application key to an application server; and the application client generates an application key consistent with the application key generated by the network application function entity according to the authentication data, and communicates with the application server through the application key.
In some embodiments, the obtaining, by the application client of the terminal, authentication capability information supported by the terminal includes: the application client sends a capability query request message to a capability acquisition module of the terminal; and the capability acquisition module reads authentication capability information supported by the locally stored terminal after receiving the capability query request message, and returns the authentication capability information to the application client.
According to another aspect of the present disclosure, there is provided a terminal including: a capability collection module, wherein the capability collection module comprises: a receiving unit, configured to receive a capability detection requirement message from a capability detection platform, where the capability detection requirement message carries the authentication capability parameter, where the capability detection platform receives the authentication capability parameter from an authentication application background, the authentication capability parameter includes a call instruction corresponding to an authentication application, an expected call result, and an authentication application identifier, and associates the call instruction and the expected call result with the authentication application identifier, and stores the call instruction and the expected call result in a detection instruction library; the calling unit is used for calling a corresponding authentication module according to the authentication capability parameter; and the determining unit is used for receiving the returned actual calling result, determining whether the corresponding authentication capability is available according to the actual calling result and the expected calling result, and storing the available authentication capability information.
According to another aspect of the present disclosure, there is provided a terminal including: a memory; and a processor coupled to the memory, the processor configured to perform the method as described above based on instructions stored in the memory.
According to another aspect of the present disclosure, there is provided a system for secure communication, comprising: a terminal as hereinbefore described.
In some embodiments, the system further comprises: the capability detection platform is used for receiving the authentication capability parameters from the authentication application background, wherein the authentication capability parameters comprise a calling instruction, an expected calling result and an authentication application identifier corresponding to the authentication application, associating the calling instruction and the expected calling result with the authentication application identifier, storing the calling instruction and the expected calling result into a detection instruction library, and issuing a capability detection requirement message to a capability acquisition module of the terminal, wherein the capability detection requirement message carries the authentication capability parameters.
In some embodiments, the system further comprises: the network application function entity is used for determining an authentication mode to be adopted according to a service strategy corresponding to an application client of the terminal and authentication capability information supported by the terminal, and returning an authentication request message to the application client, wherein the authentication request message carries the authentication mode and/or authentication parameters corresponding to the authentication mode, corresponding authentication data is acquired from the authentication platform according to the authentication passing information returned by the application client, an application key is generated according to the authentication data, and the service request data and the application key are sent to an application server.
According to another aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement a method as described above.
In the method, a capability acquisition module of the terminal receives a capability detection request message from a capability detection platform, wherein the capability detection request message carries an authentication capability parameter, the capability detection platform receives the authentication capability parameter from an authentication application background, the authentication capability parameter comprises a calling instruction corresponding to an authentication application, an expected calling result and an authentication application identifier, and the calling instruction and the expected calling result are associated with the authentication application identifier and are stored in a detection instruction library; the capability acquisition module invokes a corresponding authentication module according to the authentication capability parameter; and the capability acquisition module receives the returned actual calling result, determines whether the corresponding authentication capability is available according to the actual calling result and the expected calling result, and stores the available authentication capability information. The method can realize acquisition and storage of the authentication capability of the terminal, fully grasp the supporting condition of the authentication capability of the terminal, and facilitate the use of the subsequent authentication capability, thereby improving the terminal coverage rate of the authentication application and the usability of the application when the application is popularized.
Other features of the present disclosure and its advantages will become apparent from the following detailed description of exemplary embodiments of the disclosure, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The disclosure may be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings in which:
FIG. 1 is a flow chart illustrating a processing method for authenticating capabilities according to some embodiments of the present disclosure;
FIG. 2 is a flow chart illustrating a method of processing for authenticating capabilities according to further embodiments of the present disclosure;
FIG. 3 is a flow chart illustrating a process method for authenticating capabilities according to further embodiments of the present disclosure;
FIG. 4 is a flow chart illustrating a processing method for authenticating capabilities according to further embodiments of the present disclosure;
FIG. 5 is a flow chart illustrating a process method for authenticating capabilities according to further embodiments of the present disclosure;
fig. 6 is a block diagram schematically illustrating a structure of a terminal according to some embodiments of the present disclosure;
fig. 7 is a block diagram schematically illustrating a structure of a terminal according to other embodiments of the present disclosure;
Fig. 8 is a block diagram schematically illustrating a structure of a terminal according to other embodiments of the present disclosure;
fig. 9 is a block diagram schematically illustrating a system according to some embodiments of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless it is specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective parts shown in the drawings are not drawn in actual scale for convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any specific values should be construed as merely illustrative, and not a limitation. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.
Fig. 1 is a flowchart illustrating a processing method for authenticating capabilities according to some embodiments of the present disclosure. The method is applied to the terminal. As shown in fig. 1, the method includes steps S102 to S106.
In step S102, the capability collection module of the terminal receives a capability detection request message from the capability detection platform, where the capability detection request message carries an authentication capability parameter.
Here, the capability detection platform receives the authentication capability parameters from the authentication application background, the authentication capability parameters include a call instruction, an expected call result and an authentication application identifier corresponding to the authentication application, associates the call instruction and the expected call result with the authentication application identifier, and stores the call instruction and the expected call result in the detection instruction library. And the capability detection platform issues a capability detection request message to a capability acquisition module of the terminal.
In step S104, the capability collection module invokes a corresponding authentication module according to the authentication capability parameter.
In step S106, the capability collection module receives the returned actual call result, determines whether the corresponding authentication capability is available according to the actual call result and the expected call result, and stores the available authentication capability information.
For example, available authentication capability information includes: an authentication application identification, and information that an authentication capability corresponding to the authentication application identification is marked as available. For example, the available authentication capability information may be stored in a data table, e.g., as shown in table 1.
Table 1 authentication capability information table
Authentication application identification 1 Can be used
Authentication application identification 2 Can be used
Authentication application identification 3 Can be used
…… ……
In some embodiments, determining whether the corresponding authentication capability is available based on the actual call result and the expected call result comprises: in the case that the actual call result and the expected call result are the same, determining that the corresponding authentication capability is available (i.e., the terminal supports the corresponding authentication capability); and determining that the corresponding authentication capability is not available (i.e., the terminal does not support the corresponding authentication capability) in the case that the actual call result and the expected call result are different.
Thus, methods for secure communications according to further embodiments of the present disclosure are provided. The method comprises the following steps: the method comprises the steps that a capability acquisition module of a terminal receives a capability detection requirement message from a capability detection platform, wherein the capability detection requirement message carries an authentication capability parameter, the capability detection platform receives the authentication capability parameter from an authentication application background, the authentication capability parameter comprises a calling instruction corresponding to an authentication application, an expected calling result and an authentication application identifier, the calling instruction and the expected calling result are associated with the authentication application identifier, and the authentication capability parameter is stored in a detection instruction library; the capability acquisition module invokes a corresponding authentication module according to the authentication capability parameter; and the capability acquisition module receives the returned actual calling result, determines whether the corresponding authentication capability is available according to the actual calling result and the expected calling result, and stores the available authentication capability information. The method can realize acquisition and storage of the authentication capability of the terminal, fully grasp the supporting condition of the authentication capability of the terminal, and facilitate the use of the subsequent authentication capability, thereby improving the terminal coverage rate of the authentication application and the usability of the application when the application is popularized.
The method can realize dynamic capability collection, thereby adapting to various terminal environment requirements, and configuring a plurality of corresponding calling instructions aiming at different terminal environments or capability requirements, and realizing the full grasp of the authentication capability supporting condition of the terminal.
Fig. 2 is a flowchart illustrating a processing method for authenticating capabilities according to further embodiments of the present disclosure. The method is applied to the terminal. As shown in fig. 2, the method includes steps S202 to S210.
In step S202, the application client of the terminal acquires authentication capability information supported by the terminal.
In some embodiments, step S202 includes: the application client sends a capability query request message to a capability acquisition module of the terminal; and the capability acquisition module reads authentication capability information supported by the locally stored terminal after receiving the capability query request message, and returns the authentication capability information to the application client.
In step S204, the application client sends a first application request message to the network application functional entity, where the first application request message carries service request data and authentication capability information supported by the terminal.
The network application functional entity determines an authentication mode to be adopted according to the service strategy corresponding to the application client and the authentication capability information supported by the terminal, and returns an authentication request message to the application client, wherein the authentication request message carries the authentication mode and/or authentication parameters corresponding to the authentication mode.
For example, the network application function entity may have stored in advance a service policy corresponding to the application client. For example, the traffic policy may include an authentication security level of the application client, and the like. For example, if the terminal supports authentication capabilities such as mobile phone number authentication and SIM card shield digital certificate authentication. According to the service strategy corresponding to the application client, the application client can use common security-level authentication modes such as mobile phone number authentication and the like when logging in; when the application client performs important transaction, authentication modes with high security level such as SIM card shield digital certificate authentication are adopted. Therefore, the network application functional entity can determine the authentication mode to be adopted according to the service strategy corresponding to the application client and the authentication capability information supported by the terminal.
The authentication parameter is a parameter related to performing an authentication procedure. For example, the authentication parameters include a random number, etc. Of course, the scope of the present disclosure is not limited in this regard. The authentication parameters may also include other parameters for authentication.
In step S206, the application client executes an authentication and authorization process corresponding to the authentication mode through the authentication platform according to the authentication and authorization request message.
Here, the application client obtains the authentication means and/or authentication parameters from the authentication request message. For example, the application client may operate on the random number, thereby performing an authentication procedure corresponding to the authentication manner through the authentication platform. It should be noted that the authentication procedure described above uses an authentication procedure known to those skilled in the art, and will not be described in detail here.
In step S208, after executing the authentication and authorization procedure, the application client sends a second application request message to the network application functional entity, where the second application request message carries authorization passing information.
The network application function entity obtains the corresponding authentication data from the authentication platform according to the authentication passing information, generates an application key according to the authentication data, and sends the service request data and the application key to an application server (Application Server, abbreviated AS AS).
The authentication passing information includes identification information corresponding to the authentication process, and thus, the network application function entity can acquire corresponding authentication data from the authentication platform according to the authentication passing information. The authentication data is data generated after the authentication process is completed, and includes, for example, a key or other parameters. The network application function entity derives the application key according to the authentication data, so that the application server can communicate with the application client according to the application key without acquiring the authentication data, thereby improving confidentiality.
It should be noted that, the network application functional entity may use a known key generation method to derive the application key according to the authentication data.
In step S210, the application client generates an application key according to the authentication data, which corresponds to the application key generated by the network application function entity, and communicates with the application server through the application key.
For example, the application client may derive an application key from the authentication data using the same key generation method as the network application function entity, the application key being consistent with the application key derived by the network application function entity. In this way, the application client can implement secure communication with the application server through the application key.
Thus, methods for secure communications according to some embodiments of the present disclosure are provided. The method comprises the following steps: the method comprises the steps that an application client of a terminal obtains authentication capability information supported by the terminal; the application client sends a first application request message to the network application functional entity, wherein the first application request message carries service request data and authentication capability information supported by the terminal; the network application functional entity determines an authentication mode to be adopted according to a service strategy corresponding to the application client and authentication capability information supported by the terminal, and returns an authentication request message to the application client, wherein the authentication request message carries an authentication mode and/or authentication parameters corresponding to the authentication mode; the application client executes an authentication and authorization process corresponding to the authentication mode through the authentication platform according to the authentication and authorization request message; after the application client executes the authentication and authorization process, the application client sends a second application request message to the network application functional entity, wherein the second application request message carries authentication and authorization passing information; the network application function entity obtains corresponding authentication data from the authentication platform according to the authentication passing information, generates an application key according to the authentication data, and sends service request data and the application key to the application server; and the application client generates an application key consistent with the application key generated by the network application function entity according to the authentication data, and communicates with the application server through the application key. In the method, the authentication capability supported by the terminal is carried when the terminal sends the first application request, and the server (network application functional entity) can determine the authentication mode to be adopted according to the authentication capability supporting condition of the terminal and the application demand strategy and return corresponding authentication requirements to the terminal, so that the self-adaption of the authentication mode is realized on the basis of grasping the authentication capability supporting condition of the terminal, and the terminal coverage rate of the authentication application and the application availability can be improved when the application is popularized.
Fig. 3 is a flowchart illustrating a processing method for authenticating capabilities according to further embodiments of the present disclosure. As shown in fig. 3, the method includes steps S302 to S310.
In step S302, the capability detection platform receives an authentication capability parameter from the authentication application background, where the authentication capability parameter includes a call instruction, an expected call result, and an authentication application identifier corresponding to the authentication application.
In step S304, the capability detection platform associates the call instruction, the expected call result, with the authentication application identification, and stores the same in the detection instruction library.
In step S306, the capability detection platform issues a capability detection request message to the capability collection module of the terminal, where the capability detection request message carries an authentication capability parameter.
For example, the capability detection platform periodically (or when the capability collection module of the terminal is awakened) issues capability detection requirements to the capability collection module within the terminal, carrying the latest call instruction set for each authentication application.
In step S308, the capability collection module invokes a corresponding authentication module according to the authentication capability parameter.
In step S310, the capability collection module receives the returned actual call result, determines whether the corresponding authentication capability is available according to the actual call result and the expected call result, and stores the available authentication capability information.
In some embodiments, the capability collection module determining whether the corresponding authentication capability is available based on the actual call result and the expected call result comprises: the capability acquisition module determines that the corresponding authentication capability is available under the condition that the actual calling result is the same as the expected calling result; and the capability acquisition module determines that the corresponding authentication capability is not available under the condition that the actual calling result and the expected calling result are different.
In some embodiments, the available authentication capability information includes: an authentication application identification, and information that an authentication capability corresponding to the authentication application identification is marked as available.
Thus, methods for secure communications according to further embodiments of the present disclosure are provided. The method can realize acquisition and storage of the authentication capability of the terminal, fully grasp the supporting condition of the authentication capability of the terminal and facilitate the use of the subsequent authentication capability. In the method, the dynamic capability collection can adapt to various terminal environment requirements, and corresponding multiple standard calling instructions can be configured according to different terminal environments or capability requirements, so that the authentication capability supporting condition of the terminal can be fully mastered, and the terminal coverage rate of authentication application and the availability of the application can be improved during application popularization.
Fig. 4 is a flowchart illustrating a processing method for authenticating capabilities according to further embodiments of the present disclosure. As shown in fig. 4, the method includes steps S402 to S414.
In step S402, the application client of the terminal acquires authentication capability information supported by the terminal.
In some embodiments, step S402 includes: the application client sends a capability query request message to a capability acquisition module of the terminal; and the capability acquisition module reads authentication capability information supported by the locally stored terminal after receiving the capability query request message, and returns the authentication capability information to the application client.
In step S404, the application client sends a first application request message to the network application functional entity, where the first application request message carries service request data and authentication capability information supported by the terminal.
In step S406, the network application functional entity determines an authentication mode to be adopted according to the service policy corresponding to the application client and the authentication capability information supported by the terminal, and returns an authentication request message to the application client, where the authentication request message carries the authentication mode and/or authentication parameters corresponding to the authentication mode.
In step S408, the application client performs an authentication procedure corresponding to the authentication mode through the authentication platform according to the authentication request message.
In step S410, the application client sends a second application request message to the network application function entity after performing the authentication and authorization procedure, where the second application request message carries authorization passing information.
In step S412, the network application functional entity obtains corresponding authentication data from the authentication platform according to the authentication passing information, generates an application key according to the authentication data, and sends the service request data and the application key to the application server.
In step S414, the application client generates an application key according to the authentication data, which corresponds to the application key generated by the network application function entity, and communicates with the application server through the application key.
Thus, methods for secure communications according to further embodiments of the present disclosure are provided. In the method, when the terminal sends out the first application request, the authentication capability supported by the terminal is carried, and the server can return corresponding authentication requirements to the terminal according to the authentication capability support condition of the terminal and the application demand policy. Thus, the self-adaption of the authentication mode is realized on the basis of grasping the authentication capability supporting condition of the terminal, and the terminal coverage rate of the authentication application and the usability of the application can be improved during application popularization.
In the method of the embodiment of the disclosure, a unified interface can be used for providing applicable terminal authentication schemes for various terminal types, so that the application range of the terminal for authentication application is enlarged, high-quality service use guarantee is provided for users, and the consistency of user service experience is ensured. Besides terminals such as mobile phones and computers, the method can be further applied to more types of universal terminals such as vehicle-mounted terminals or internet of things (IoT) terminals, and the terminal capabilities often have a lot of differences, and the terminals cannot be subjected to one-to-one butt-joint adjustment when authentication and authorization are carried out.
Fig. 5 is a flowchart illustrating a processing method for authenticating capabilities according to further embodiments of the present disclosure. As shown in fig. 5, the method includes steps S501 to S521. In this method, steps S501 to S507 belong to an authentication capability collection process, and steps S508 to S521 belong to an authentication capability use process.
In step S501, when a new authentication capability needs to be accessed, the authentication application background performs application access through an authentication capability access module provided by the capability detection platform, and carries authentication capability parameters such as call instruction content, expected call result content, authentication application identifier and the like corresponding to the authentication application.
In step S502, the capability detection platform associates the call instruction content and the expected call result content with the authentication application identifier, and stores the call instruction content and the expected call result content in the detection instruction library.
In step S503, the capability detection platform periodically (or when the capability collection module in the terminal is awakened) issues a capability detection requirement to the capability collection module in the terminal, and carries the latest call instruction set of each authentication application (i.e. the authentication capability parameters described above).
In step S504, after receiving the call instruction set, the capability collection module in the terminal sequentially executes each call instruction to attempt to call the corresponding authentication module.
In step S505, the capability collection module in the terminal receives the returned call result.
In step S506, the capability collection module determines the availability of the authentication capability according to the returned call result. For example, if the returned call result is consistent with the expected call result content, then the authentication capability is present and available on behalf of the user.
In step S507, the capability collection module stores available authentication capability related data. I.e. storing available authentication capability information.
The above steps S501 to S507 describe the authentication capability collection process.
In step S508, the user initiates a service authentication request through the application client.
In step S509, the application client acquires a local authentication capability from a capability acquisition module local to the terminal.
In step S510, the capability collection module local to the terminal reads available authentication capability data (i.e., authentication capability information supported by the terminal) stored locally.
In step S511, the capability collection module returns the local authentication capability set to the application client.
In step S512, the application client sends a first application request message (which may also be referred to as an initial application request) to the network application function entity, where the first application request message carries service request related data and authentication capability information supported by the terminal side, and so on.
In step S513, the network application functional entity determines an authentication mode to be adopted according to the applied service policy and the terminal local authentication capability information.
In step S514, the network application functional entity returns an authentication request to the application client, carrying the required authentication mode or authentication parameters (if any), etc. Of course, if there is no authentication parameter, the authentication request may not carry the authentication parameter.
In step S515, the application client completes authentication in a corresponding manner according to the returned authentication request.
In step S516, the application client sends again an application request (second application request message) to the network application function entity, carrying the related data (e.g. authentication pass information) obtained after authentication is completed.
In step S517, the network application functional entity obtains authentication data corresponding to the authentication from the corresponding authentication platform, and completes authentication on the terminal.
In step S518, the network application function entity generates an application key according to the authentication data, and forwards the service request of the application and the application key to the application server.
In step S519, the network application function entity returns a response to the application client.
In step S520, the application client derives a corresponding application key according to the authentication data of the present time.
In step S521, the application client and the application server have a consistent application key, and may perform secure communication based on the application key.
The above steps S508 to S521 describe the authentication capability use procedure.
Thus, methods for secure communications according to further embodiments of the present disclosure are provided. Aiming at the problems that the existing authentication modes mostly relate to a terminal and a user card, strict requirements are provided for the type of the card, the environment of the terminal, a machine card channel and the like, and the terminal or the user card is always required to be replaced or the application is required to be preloaded in the application deployment process, and the high coverage rate of the terminal is difficult to ensure, so that the application is difficult to develop on a large scale. In the method, a terminal capability acquisition module is introduced, a standard calling instruction set of an accessed authentication application is pushed to the capability acquisition module of the terminal, and after the terminal executes the instruction set, a corresponding return result is analyzed, so that whether the terminal locally has corresponding authentication capability or not is judged, and a corresponding authentication capability identifier is stored; when the terminal sends out the initial application request, the terminal carries the authentication capability supported by the terminal, and the server can return corresponding authentication requirements to the terminal according to the authentication capability support condition and the application demand strategy of the terminal. The self-adaption of the authentication mode is realized on the basis of grasping the authentication capability supporting condition of the terminal, and the coverage rate of the terminal and the availability of the application are improved when the application is popularized.
When a user uses terminals/universal terminals with different capabilities or user cards with different capabilities to perform security authentication, the local authentication capabilities of the terminals and the user cards can be acquired through capability acquisition in advance, and when authentication is performed, a corresponding authentication mode is selected according to service requirements and capability types of the terminals, so that different authentication application services are not limited by the capability deployment condition of the terminals in the deployment and popularization processes, and high availability of service applications and high coverage rate of the terminals are realized.
In the above method, standard instructions (such as APDU (Application Protocol Data Unit, application protocol data unit) instructions/AT (Attention) instructions/software call instructions) of each authentication application are periodically pushed to the terminal, and after the terminal sequentially executes the standard instructions, the returned result is analyzed, and if the returned result meets the normal returned result, the corresponding authentication capability can be considered to be met. After the acquisition of the authentication capability is completed, the initial application request of the terminal carries the authentication capability supported by the terminal, and the server can return corresponding authentication requirements according to the authentication capability support condition and the application requirement of the terminal, so that the deployment and popularization of different authentication application services are not limited by the capability deployment condition of the terminal any more, and the coverage rate and the availability of the application are improved.
Therefore, in the method, the periodic dynamic capacity collection can adapt to various terminal environment requirements, and a plurality of corresponding standard calling instructions can be configured according to different terminal environments or capacity requirements, so that the authentication capacity supporting condition of the terminal can be fully mastered. Moreover, the method can realize an adaptively supported authentication mode, improves the terminal coverage rate of the authentication application, and the server returns corresponding authentication requirements to the terminal according to the authentication capability support condition and the application demand strategy reported by the terminal, and the authentication of the terminal by the application and the availability of the application on the terminal are not basically influenced by the fact that certain terminal authentication capability is not supported.
Fig. 6 is a block diagram schematically illustrating a structure of a terminal according to some embodiments of the present disclosure.
As shown in fig. 6, the terminal includes a capability collection module 620. The capability collection module 620 includes: a receiving unit 621, a calling unit 622, and a determining unit 623.
The receiving unit 621 is configured to receive a capability detection request message from the capability detection platform, where the capability detection request message carries an authentication capability parameter. The capability detection platform receives the authentication capability parameters from the authentication application background, wherein the authentication capability parameters comprise a calling instruction, an expected calling result and an authentication application identifier corresponding to the authentication application, associates the calling instruction and the expected calling result with the authentication application identifier, and stores the calling instruction and the expected calling result in a detection instruction library.
The calling unit 622 is configured to call a corresponding authentication module according to the authentication capability parameter.
The determining unit 623 is configured to receive the returned actual call result, determine whether the corresponding authentication capability is available according to the actual call result and the expected call result, and store the available authentication capability information.
To this end, a terminal according to some embodiments of the present disclosure is provided. The method can realize acquisition and storage of the authentication capability of the terminal, fully grasp the supporting condition of the authentication capability of the terminal, and facilitate the use of the subsequent authentication capability, thereby improving the terminal coverage rate of the authentication application and the usability of the application during application popularization.
In some embodiments, the determining unit 623 may be configured to determine that the corresponding authentication capability is available in case the actual call result and the expected call result are the same, and determine that the corresponding authentication capability is not available in case the actual call result and the expected call result are different.
In some embodiments, the capability collection module may be integrated in the terminal OS side or an application program in the form of an SDK, or exist in the form of a separate APP, and is responsible for sending a standard call instruction for each authentication capability and analyzing the returned result to determine the validity of the authentication capability.
In some embodiments, the available authentication capability information includes: an authentication application identification, and information that an authentication capability corresponding to the authentication application identification is marked as available.
In some embodiments, as shown in fig. 6, the terminal further comprises an application client 610. The application client 610 includes: an acquisition unit 611, a first transmission unit 612, an authentication unit 613, a second transmission unit 614, and a communication unit 615.
The acquisition unit 611 is configured to acquire authentication capability information supported by the terminal.
The first sending unit 612 is configured to send a first application request message to the network application functional entity, where the first application request message carries service request data and authentication capability information supported by the terminal. The network application functional entity determines an authentication mode to be adopted according to the service strategy corresponding to the application client and the authentication capability information supported by the terminal, and returns an authentication request message to the application client, wherein the authentication request message carries the authentication mode and/or authentication parameters corresponding to the authentication mode.
The authentication unit 613 is configured to perform an authentication and authorization process corresponding to the authentication mode through the authentication platform according to the authentication and authorization request message.
The second sending unit 614 is configured to send a second application request message to the network application functional entity after performing the authentication and authorization procedure, where the second application request message carries authorization passing information. The network application functional entity obtains corresponding authentication data from the authentication platform according to the authentication passing information, generates an application key according to the authentication data, and sends service request data and the application key to the application server.
The communication unit 615 is configured to generate an application key consistent with an application key generated by a network application function entity according to authentication data, and communicate with an application server through the application key.
To this end, terminals according to further embodiments of the present disclosure are provided. The terminal can realize self-adaption of the authentication mode, and can improve terminal coverage rate of authentication application and usability of the application when the application is popularized.
In some embodiments, as shown in fig. 6, the application client 610 may further include a third transmitting unit 616. The third sending unit 616 is configured to send a capability query request message to the capability collection module 620 of the terminal.
In some embodiments, the capability collection module 620 may further include a reading unit (not shown in fig. 6) for reading authentication capability information supported by the locally stored terminal after receiving the capability query request message, and returning the authentication capability information to the application client 610.
Fig. 7 is a block diagram schematically illustrating a structure of a terminal according to other embodiments of the present disclosure. The terminal includes a memory 710 and a processor 720. Wherein:
memory 710 may be a magnetic disk, flash memory, or any other non-volatile storage medium. The memory is used to store instructions in the corresponding embodiments of fig. 1 and/or fig. 2.
Processor 720, coupled to memory 710, may be implemented as one or more integrated circuits, such as a microprocessor or microcontroller. The processor 720 is used for executing instructions stored in the memory, so that the acquisition and storage of the authentication capability of the terminal can be realized, the full grasp of the supporting condition of the authentication capability of the terminal is realized, the use of the subsequent authentication capability is facilitated, and the terminal coverage rate of the authentication application and the usability of the application can be improved during application popularization.
In one embodiment, as also shown in FIG. 8, terminal 800 includes memory 810 and processor 820. Processor 820 is coupled to memory 810 through BUS 830. Terminal 800 may also be coupled to external storage device 850 via storage interface 840 for retrieving external data, and to a network or another computer system (not shown) via network interface 860, which is not described in detail herein.
In the embodiment, the data instruction is stored by the memory, and then the instruction is processed by the processor, so that the acquisition and storage of the authentication capability of the terminal can be realized, the full grasp of the authentication capability supporting condition of the terminal is realized, the subsequent use of the authentication capability is convenient, and the terminal coverage rate of the authentication application and the usability of the application can be improved during application popularization.
Fig. 9 is a block diagram schematically illustrating a system according to some embodiments of the present disclosure.
As shown in fig. 9, the system includes a terminal 910. For example, the terminal 910 may be a terminal as shown in fig. 6, 7, or 8. As shown in fig. 9, the terminal 910 includes an application client 912 and a capability collection module 914.
In some embodiments, as shown in fig. 9, the system further includes a capability detection platform 930. The capability detection platform 930 is configured to receive an authentication capability parameter from an authentication application background, where the authentication capability parameter includes a call instruction, an expected call result, and an authentication application identifier corresponding to the authentication application, associate the call instruction and the expected call result with the authentication application identifier, store the call instruction and the expected call result in a detection instruction library, and send a capability detection requirement message to a capability collection module of the terminal, where the capability detection requirement message carries the authentication capability parameter. That is, the capability detection platform manages authentication application information and its standard call instruction set, pushing the standard call instruction set (e.g., periodically) to the terminal capability collection module for terminal authentication capability detection.
The capability collection module 914 is configured to call a corresponding authentication module according to the authentication capability parameter, receive a returned actual call result, determine whether the corresponding authentication capability is available according to the actual call result and the expected call result, and store available authentication capability information.
In some embodiments, as shown in fig. 9, terminal 910 may also include an authentication capability memory 916. Authentication capability store 916 is used to store available authentication capability information. That is, the capability collection module 914 stores the available authentication capability information to the authentication capability store 916.
It should be noted that, in some embodiments, the authentication capability store 916 may be internal to the capability collection module 914 as part of the capability collection module 914; in other embodiments, the authentication capability store 916 may also be external to the capability collection module 914 and not be part of the capability collection module 914.
In some embodiments, as shown in fig. 9, the terminal 910 may further include authentication modules 1 to N, where N is a positive integer. Each authentication module is used for implementing authentication and authorization operation with the corresponding authentication platform.
In some embodiments, as shown in fig. 9, the system may further include an authentication capability access module 950, the authentication capability access module 950 configured to receive authentication capabilities from an authentication application background (not shown in fig. 9).
In some embodiments, as shown in FIG. 9, the system may further include a probe instruction library 960. The probe instruction library 960 is used to store call instruction content, expected call result content, and authentication application identification.
It should be noted that, in some embodiments, the authentication capability access module 950 and the detection instruction library 960 may be disposed inside the capability detection platform 930 as part of the capability detection platform 930; in other embodiments, the authentication capability access module 950 and the detection instruction library 960 may also be disposed external to the capability detection platform 930, not as part of the capability detection platform 930.
In some embodiments, the application client 912 is to: acquiring authentication capability information supported by a terminal; sending a first application request message to a network application functional entity, wherein the first application request message carries service request data and authentication capability information supported by a terminal; performing an authentication procedure corresponding to the authentication mode through an authentication platform (e.g., at least one of authentication platforms 1 to N) according to the authentication request message; after the authentication and authorization process is performed, a second application request message is sent to the network application functional entity 920, where the second application request message carries authentication passing information; and generates an application key in accordance with the application key generated by the network application function entity 920 according to the authentication data and communicates with the application server 940 through the application key.
In some embodiments, as shown in fig. 9, the system further includes a network application function entity 920. The network application function entity 920 is configured to determine an authentication mode to be adopted according to a service policy corresponding to the application client 912 of the terminal 910 and authentication capability information supported by the terminal 910, and return an authentication request message to the application client, where the authentication request message carries the authentication mode and/or an authentication parameter corresponding to the authentication mode, obtain corresponding authentication data from the authentication platform according to authentication passing information returned by the application client, generate an application key according to the authentication data, and send service request data and the application key to the application server. That is, the network application function entity receives the application request of the terminal, and forwards the application request to the application server after the terminal is guided to complete authentication.
In some embodiments, the application client 912 is configured to send a capability query request message to the capability collection module 914 of the terminal. The capability collection module 914 is configured to read authentication capability information supported by the locally stored terminal after receiving the capability query request message, and return the authentication capability information to the application client.
In some embodiments, as shown in fig. 9, the system may further include authentication platforms 1 to N, where N is a positive integer. The authentication platforms are in one-to-one correspondence with the authentication modules. Each authentication platform is used for implementing authentication and authorization operation with the corresponding authentication module.
In some embodiments, as shown in fig. 9, the system may further include an application server 940. The application server 940 is used to provide application services by communicating with the application client 912.
In another embodiment, the present disclosure also provides a computer-readable storage medium (e.g., a non-transitory computer-readable storage medium) having stored thereon computer program instructions that, when executed by a processor, implement the steps of the method in at least one corresponding embodiment of fig. 1-5. It will be apparent to those skilled in the art that embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Thus far, the present disclosure has been described in detail. In order to avoid obscuring the concepts of the present disclosure, some details known in the art are not described. How to implement the solutions disclosed herein will be fully apparent to those skilled in the art from the above description.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the above examples are for illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the disclosure. The scope of the present disclosure is defined by the appended claims.

Claims (16)

1. A processing method for authentication capability is applied to a terminal and comprises the following steps:
The capability acquisition module of the terminal receives a capability detection requirement message from a capability detection platform, wherein the capability detection requirement message carries the authentication capability parameter, the capability detection platform receives the authentication capability parameter from an authentication application background, the authentication capability parameter comprises a calling instruction, an expected calling result and an authentication application identifier corresponding to the authentication application, and the calling instruction and the expected calling result are associated with the authentication application identifier and stored in a detection instruction library;
the capability acquisition module invokes a corresponding authentication module according to the authentication capability parameter; and
the capability collection module receives the returned actual calling result, determines whether the corresponding authentication capability is available according to the actual calling result and the expected calling result, and stores the available authentication capability information.
2. The processing method of claim 1, wherein determining whether the respective authentication capabilities are available based on the actual call result and the expected call result comprises:
determining that the corresponding authentication capability is available under the condition that the actual calling result and the expected calling result are the same; and
And determining that the corresponding authentication capability is not available under the condition that the actual calling result and the expected calling result are different.
3. The process according to claim 1, wherein,
the available authentication capability information includes: an authentication application identification, and information that an authentication capability corresponding to the authentication application identification is marked as available.
4. The processing method according to claim 1, further comprising:
the application client of the terminal acquires authentication capability information supported by the terminal;
the application client sends a first application request message to a network application functional entity, wherein the first application request message carries service request data and authentication capability information supported by the terminal; the network application functional entity determines an authentication mode to be adopted according to a service strategy corresponding to the application client and authentication capability information supported by the terminal, and returns an authentication and authorization request message to the application client, wherein the authentication and authorization request message carries the authentication mode and/or authentication parameters corresponding to the authentication mode;
the application client executes an authentication and authorization process corresponding to the authentication mode through an authentication platform according to the authentication and authorization request message;
After the application client executes the authentication and authorization process, a second application request message is sent to the network application functional entity, wherein the second application request message carries authentication and authorization passing information; the network application functional entity obtains corresponding authentication data from the authentication platform according to the authentication passing information, generates an application key according to the authentication data, and sends the service request data and the application key to an application server; and
the application client generates an application key consistent with the application key generated by the network application function entity according to the authentication data, and communicates with the application server through the application key.
5. The method of claim 4, wherein the obtaining, by the application client of the terminal, authentication capability information supported by the terminal comprises:
the application client sends a capability query request message to a capability acquisition module of the terminal; and
and the capability acquisition module reads authentication capability information supported by the locally stored terminal after receiving the capability inquiry request message, and returns the authentication capability information to the application client.
6. A processing method for authenticating capabilities, comprising:
the capability detection platform receives authentication capability parameters from an authentication application background, wherein the authentication capability parameters comprise a calling instruction, an expected calling result and an authentication application identifier corresponding to the authentication application;
the capability detection platform associates the calling instruction and the expected calling result with the authentication application identifier and stores the calling instruction and the expected calling result into a detection instruction library;
the capability detection platform issues a capability detection requirement message to a capability acquisition module of the terminal, wherein the capability detection requirement message carries the authentication capability parameter;
the capability acquisition module invokes a corresponding authentication module according to the authentication capability parameter; and
the capability collection module receives the returned actual calling result, determines whether the corresponding authentication capability is available according to the actual calling result and the expected calling result, and stores the available authentication capability information.
7. The processing method of claim 6, wherein the capability collection module determining whether the respective authentication capability is available based on the actual call result and the expected call result comprises:
the capability acquisition module determines that the corresponding authentication capability is available under the condition that the actual calling result is the same as the expected calling result; and
And the capability acquisition module determines that the corresponding authentication capability is not available under the condition that the actual calling result and the expected calling result are different.
8. The process according to claim 6, wherein,
the available authentication capability information includes: an authentication application identification, and information that an authentication capability corresponding to the authentication application identification is marked as available.
9. The processing method of claim 6, further comprising:
the application client of the terminal acquires authentication capability information supported by the terminal;
the application client sends a first application request message to a network application functional entity, wherein the first application request message carries service request data and authentication capability information supported by the terminal;
the network application functional entity determines an authentication mode to be adopted according to a service strategy corresponding to the application client and authentication capability information supported by the terminal, and returns an authentication and authorization request message to the application client, wherein the authentication and authorization request message carries the authentication mode and/or authentication parameters corresponding to the authentication mode;
the application client executes an authentication and authorization process corresponding to the authentication mode through an authentication platform according to the authentication and authorization request message;
After the application client executes the authentication and authorization process, a second application request message is sent to the network application functional entity, wherein the second application request message carries authentication and authorization passing information;
the network application functional entity obtains corresponding authentication data from the authentication platform according to the authentication passing information, generates an application key according to the authentication data, and sends the service request data and the application key to an application server; and
the application client generates an application key consistent with the application key generated by the network application function entity according to the authentication data, and communicates with the application server through the application key.
10. The method of claim 9, wherein the obtaining, by the application client of the terminal, authentication capability information supported by the terminal comprises:
the application client sends a capability query request message to a capability acquisition module of the terminal; and
and the capability acquisition module reads authentication capability information supported by the locally stored terminal after receiving the capability inquiry request message, and returns the authentication capability information to the application client.
11. A terminal, comprising: a capability collection module, wherein the capability collection module comprises:
A receiving unit, configured to receive a capability detection requirement message from a capability detection platform, where the capability detection requirement message carries the authentication capability parameter, where the capability detection platform receives the authentication capability parameter from an authentication application background, the authentication capability parameter includes a call instruction corresponding to an authentication application, an expected call result, and an authentication application identifier, and associates the call instruction and the expected call result with the authentication application identifier, and stores the call instruction and the expected call result in a detection instruction library;
the calling unit is used for calling a corresponding authentication module according to the authentication capability parameter; and
and the determining unit is used for receiving the returned actual calling result, determining whether the corresponding authentication capability is available according to the actual calling result and the expected calling result, and storing the available authentication capability information.
12. A terminal, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of any of claims 1-5 based on instructions stored in the memory.
13. A system, comprising: a terminal as claimed in claim 11 or 12.
14. The system of claim 13, further comprising:
The capability detection platform is used for receiving the authentication capability parameters from the authentication application background, wherein the authentication capability parameters comprise a calling instruction, an expected calling result and an authentication application identifier corresponding to the authentication application, associating the calling instruction and the expected calling result with the authentication application identifier, storing the calling instruction and the expected calling result into a detection instruction library, and issuing a capability detection requirement message to a capability acquisition module of the terminal, wherein the capability detection requirement message carries the authentication capability parameters.
15. The system of claim 13 or 14, further comprising:
the network application function entity is used for determining an authentication mode to be adopted according to a service strategy corresponding to an application client of the terminal and authentication capability information supported by the terminal, and returning an authentication request message to the application client, wherein the authentication request message carries the authentication mode and/or authentication parameters corresponding to the authentication mode, corresponding authentication data is acquired from the authentication platform according to the authentication passing information returned by the application client, an application key is generated according to the authentication data, and the service request data and the application key are sent to an application server.
16. A computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the method of any of claims 1 to 10.
CN202211174410.9A 2022-09-26 2022-09-26 Processing method, terminal, system and storage medium for authentication capability Pending CN117768874A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202211174410.9A CN117768874A (en) 2022-09-26 2022-09-26 Processing method, terminal, system and storage medium for authentication capability
PCT/CN2023/119124 WO2024067165A1 (en) 2022-09-26 2023-09-15 Method for processing authentication capability, and terminal, system and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211174410.9A CN117768874A (en) 2022-09-26 2022-09-26 Processing method, terminal, system and storage medium for authentication capability

Publications (1)

Publication Number Publication Date
CN117768874A true CN117768874A (en) 2024-03-26

Family

ID=90313057

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211174410.9A Pending CN117768874A (en) 2022-09-26 2022-09-26 Processing method, terminal, system and storage medium for authentication capability

Country Status (2)

Country Link
CN (1) CN117768874A (en)
WO (1) WO2024067165A1 (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100729729B1 (en) * 2005-12-10 2007-06-18 한국전자통신연구원 authentication device and method of access point in wireless portable internet system
WO2015177398A1 (en) * 2014-05-20 2015-11-26 Nokia Technologies Oy Cellular network authentication control
US10057770B2 (en) * 2016-07-28 2018-08-21 Hewlett Packard Enterprise Development Lp Deauthenticate a client device during an association validation phase based on a plurality of capabilities associated with the client device
CN114978556A (en) * 2021-02-19 2022-08-30 华为技术有限公司 Slice authentication method, device and system

Also Published As

Publication number Publication date
WO2024067165A1 (en) 2024-04-04

Similar Documents

Publication Publication Date Title
US10387134B2 (en) Method and device for downloading profile of operator
US10462647B2 (en) Communication control method and apparatus, terminal, and network platform
CN103118356B (en) Embedded smart card eUICC Activiation method, system, terminal and platform
US11206534B2 (en) Method and apparatus for managing bundles of smart secure platform
US11449319B2 (en) Method and apparatus for downloading bundle to smart secure platform by using activation code
US11422786B2 (en) Method for interoperating between bundle download process and eSIM profile download process by SSP terminal
US11889586B2 (en) Method and apparatus for negotiating EUICC version
CN104980420A (en) Business processing method, device, terminal and server
CN102158863B (en) Based on the mobile terminal authentication system and method for JAVA, server and terminal
US20220053029A1 (en) Apparatus and method for managing concurrent activation of bundle installed in smart security platform
US20240129727A1 (en) Method and apparatus for managing event for smart secure platform
US20240015508A1 (en) Method and device for remote management and verification of remote management authority
CN103313245A (en) Network service access method, equipment and system based on mobile phone terminal
CN111132131A (en) Number copying method, terminal and storage medium
US20230030914A1 (en) Electronic device and method for transferring subscription by using embedded sim in the electronic device
CN117768874A (en) Processing method, terminal, system and storage medium for authentication capability
CN113055254B (en) Address configuration method, device, access server and storage medium
CN112584378A (en) Identity card information reading method and system
CN105207980A (en) Information processing method and electronic equipment
CN115860017B (en) Data processing method and related device
CN113950036B (en) NFC capability synchronization method, UICC, terminal, equipment and medium
EP3993343A1 (en) Method and device for moving bundle between devices
CN117938986A (en) Sharing method, system, equipment and storage medium of digital car key
KR101717239B1 (en) Method for providing multi number service
CN113455035A (en) Method and apparatus for downloading bundle package to intelligent security platform by using activation code

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination