CN1266954C - Identity and authority identifying method for information providing end - Google Patents

Identity and authority identifying method for information providing end Download PDF

Info

Publication number
CN1266954C
CN1266954C CNB021539278A CN02153927A CN1266954C CN 1266954 C CN1266954 C CN 1266954C CN B021539278 A CNB021539278 A CN B021539278A CN 02153927 A CN02153927 A CN 02153927A CN 1266954 C CN1266954 C CN 1266954C
Authority
CN
China
Prior art keywords
information
network system
provides
identification authentication
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CNB021539278A
Other languages
Chinese (zh)
Other versions
CN1507287A (en
Inventor
段小琴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=32477215&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=CN1266954(C) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB021539278A priority Critical patent/CN1266954C/en
Priority to AU2003255103A priority patent/AU2003255103A1/en
Priority to PCT/CN2003/000647 priority patent/WO2004054288A1/en
Publication of CN1507287A publication Critical patent/CN1507287A/en
Application granted granted Critical
Publication of CN1266954C publication Critical patent/CN1266954C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention discloses a method for executing identity validity authentication to an information offer terminal when the information offer terminal starts service. The present invention is suitable for the position service (LCS) of wireless communication, and comprises the following procedure that the information offer terminal starts service request, and a network system executes identity validity authentication to the information offer terminal. If the authentication is successful, the procedure is continued, or the present invention returns information prompting failure. The present invention ensures safety through an authentication mechanism, and prevents the control information of the information offer terminal from being stolen by a third party so that the third party can not maliciously control the information offer of the information offer terminal when the information offer terminal inquires or cancels the request of the position information of the information offer terminal by an information access terminal, or activates or deactivates the offer of the own position information.

Description

A kind ofly provide end to carry out the method for identification authentication to information
Technical field
The present invention relates to the data security technical field, being meant especially a kind ofly provides end to carry out the method for identification authentication to information.
Background technology
At mobile communication third generation partner program (3GPP, 3rd Generation PartnershipProject) location service (LCS, Location Service) in, can provide the respondent of data such as certain information and resource to be commonly referred to information end is provided, and provide the visitor of data such as end solicited message and resource to be commonly referred to the message reference end to information.The message reference end provides information that the positional information of end is provided to the request of LCS network system, the LCS network system obtains provides the geographical location information at end place to offer the message reference end as a kind of resource information after information provides the end agreement, like this, the message reference end just can obtain the positional information that information provides end by the LCS network system.Wherein, the technical specification TS22.071 of 3GPP has defined the business norms of LCS, and TS 23.271 has defined the aspects such as functional mode, system configuration, state description and message flow of LCS whole system.In described TS 23.271 standards, it is exactly target UE (Target UE, Target User Equipment) that information provides end, the UE that promptly is positioned.
Proposing at present message reference end solicited message among TS 22.071 and the TS 23.271, to provide the mode of the positional information of end to have following several: 1) type position requests immediately: information provides end to make an immediate response message reference end request position information after, and promptly information provides end that self current position information just is provided immediately after the message reference end sends position requests; 2) delaying type position request: the request of message reference end be that information provides end at time point in the future, positional information when perhaps certain incident takes place, promptly after the message reference end sent position requests, information provided end that self current position information is provided after delay after a while again; 3) preiodic type position requests: the periodic solicited message of message reference end provides end position information, be start time point of message reference end definition and concluding time point and certain periodicity logic, require information to provide end to provide its positional information according to the periodicity logic in the period at this section.
Thus, the purposes of LCS is exactly the message reference end provides the positional information of end by solicited message, provides the position of end to determine or follow the tracks of to information.Permission information provides the effective position requests that current activation was inquired about, cancelled to end at any time in TS 22.071, cancels the request of message reference end to its positional information; Simultaneously stipulated that also information provides the function that end can activate or the deexcitation positional information provides, whether the positional information of self outwards is provided with decision; In addition, stipulated that also information provides end that inquiry is arranged or revises the function that self user data is provided with.
But not proposition information provides end to provide the end identity legitimacy to carry out the security mechanism of authentication to information when inquiring about, cancelling the location information request of message reference end in TS 22.071.If this moment, information was stolen end, i.e. the stealer of data such as information and resource, the information of having stolen provides the certain information of end and is enough to control information when end is provided, and information is stolen end also can inquire about or cancel the message reference end provides end position information to information request.So, when the information that will cause the message reference end to provide end to provide according to information is monitored,, information can not reach the purpose of monitoring because stealing illegally involving in of end.
Equally, in TS 22.071, also do not provide end to activate or the operation of himself positional information of deexcitation provides any safety measure to information, so, when information is stolen end and has been stolen information and certain information of end is provided and can control information provides end, information is stolen end and also can be finished and activate or the function that provides of end position information is provided deexcitation information, causing provides client information that the interference of normal activation or deexcitation is provided to information, destruction information provides end to provide situation to external information, causes information to provide end and the visit of message reference client information alternately unusually.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of provides end to carry out the method for identification authentication to information when providing end to initiate operation to information, make information provide end when the information of carrying out such as provides at associative operation, have authentication mechanism to carry out safety guarantee, information provides end to be controlled by malice to prevent information from providing client information to be stolen afterwards.
Realize the present invention, need following steps:
The operation that provides end to initiate to information is set in the network system that location service LCS is provided carries out the information of identification authentication; This method is further comprising the steps of: after information provides end to initiate operation requests, the identification authentication information that network system is initiated solicit operation according to set correspondence determines that information provides the end identity whether legal, the information legal to identity provides end, and network system execution information provides end to initiate requested operation.
Wherein, describedly the operation that provides end to initiate to information is set carries out the information of identification authentication and be: provide end to be provided with by information and self initiate the corresponding identification authentication information of each operation, and with set identification authentication information stores in network system.
Wherein, information provides end to be the different identical identification authentication information of initiation operation setting, or information provides end to initiate the different identification authentication information of operation setting for each.
Wherein, this method further comprises: for each identification authentication information of initiating operation setting can provide end to change at any time by information.
Wherein, described network system determines information to provide the end identity, and whether legal step comprises: information provides end that the required identification authentication information of current initiation operation is offered network system, and network system compares the identification authentication information that information provides the corresponding current initiation that is provided with in identification authentication information that end provides and the network system to operate definite.
Wherein, the operation that described information provides end to initiate comprises: inquiry or cancellation message reference end provide the request of end position information to information, activate or providing of end self-position information is provided deexcitation information, and inquiry or modification information provide the user data setting of end.
Wherein, this method further comprises: information provides end that each operation is set in advance identification authentication information, and network system is finished storage to set identification authentication information by the authentication information memory function module; After information provided end that the identification authentication information of current operation is provided, network system was finished by authentication information authentication function module the checking of this identification authentication information is compared; After authentication is passed through, the subsequent operation after network system is carried out functional module and finished authentication and pass through by operation.
Wherein, this method further comprises: when network system determined that information provides the identity of end legal, network system provided end to send authentication success information to information.
Wherein, this method further comprises: network system determines that information provides the identity of end illegal, and network system refusal execution information provides the end requested operation.
Wherein, network system refusal execution information comprises further when the end requested operation is provided that network system provides end to return miscue information to information.
Wherein, described information provides end to be target UE.
By said method as can be seen, the method that authentication is provided when providing end to initiate operation to information provided by the present invention, when information provides the end associative operation that the information of carrying out provides, having increased provides end to carry out the security mechanism of identification authentication to information, the information that prevented is stolen end and carry out malicious operation after steal information is provided certain information of end and resource and control information that end is provided, avoided information to steal that end disturbs or destruction information provides end external information is provided or the message reference end provides the location information access of end to information, monitoring etc., the information that improved provides the positional information mutual fail safe of end with the message reference end.
Description of drawings
Fig. 1 finishes the realization flow figure of authentication operations for information of the present invention provides end.
Fig. 2 is for supporting the building-block of logic of the embodiment of authentication operations network side among the present invention.
Embodiment
Below by specific embodiment with reference to accompanying drawing, the present invention is described in more detail.
To be applied in the LCS network is example, the present invention is before realizing authentication mode, need information to provide end that identification authentication information used when carrying out every kind of operation is set in the LCS network system in advance, every kind of corresponding identification authentication information of operation of set initiation can be the same or different.The LCS network system is stored all identification authentication information that this information provides end to be provided with, and permission information provides end at any time this authentication information to be changed.
Fig. 1 finishes the realization flow figure of authentication operations for information of the present invention provides end, and as shown in Figure 1, it is as follows that information provides end and network to carry out mutual process:
Step 101: when information provided end to initiate certain operation, information provided end to LCS network system transmit operation request, and the LCS network system receives that this request back responds this operation, activates the flow process of differentiating this operation validity.
Step 102~103:LCS network system provides end to send out the authentication information request to information, requirement information provides end to provide and carries out the required identification authentication information of current operation, information sends to the LCS network system with the pairing identification authentication information of current operation after providing end to receive password request.
After step 104~105:LCS network system receives that information provides the identification authentication information sent of end, authentication information provides the legitimacy of end identity, that is: provide end in the LSC network system, to be provided with the identification authentication information received and information in advance and the identification authentication information of storing compares, if relatively by being the authentication success, then network provides end to return the prompting successful information to information, and carry out the operation requests that corresponding information provides end, network can not provide end to return the authentication successful information to information yet, and directly carries out the operation requests that corresponding information provides end.Otherwise, failed authentication is described, network refusal information provides the operation requests of end, to providing end to return corresponding error responses information.
Authentication mechanism when providing end to initiate operation for realization information should comprise three functional modules in the LCS network system at least: functional module is carried out in authentication information authentication function module, authentication information memory function module and operation.These three functional blocks can exist in the LCS network system as independent entity respectively, also can be used as three independently functional module be integrated in the entity in the LCS network system or be arranged at respectively in a plurality of entities.Fig. 2 is for supporting an embodiment building-block of logic of authentication operations network side among the present invention, as shown in Figure 2, in the present embodiment, authentication information checking, authentication information storage and operation are carried out three functional modules and be respectively three independent entity, promptly are respectively: server is carried out in authentication information authentication server, authentication information storage server and operation.Wherein, the authentication information authentication server is used for providing end to initiate to carry out when certain is operated identification authentication to information; The authentication information storage server is used for stored information provides relevant identification authentication information required when holding certain operation of carrying out that is provided with; Certain operation that server execution information provides end to initiate is carried out in operation.
When information provides end to carry out certain operation, the authentication information authentication server compares the corresponding identification authentication information that information provides the identification authentication information that provides of end and authentication information storage server to store, when the relevant identification authentication information of authentication information storage server storage and information provide when holding the identification authentication information that provides identical, the authentication information authentication server accepts request, and notifying operation is carried out the relevant subsequent operation of server execution; Otherwise authentication information authentication server refusal is asked, and provides end to return corresponding error responses information to information.
When providing end inquiry or cancellation message reference end, information information is provided the request of end position information, when providing of end self-position information is provided for activation or deexcitation information, the LCS network system is in the response inquiry, cancellation, before the operation requests of activation or deexcitation, all require information to provide end to provide the current request operation corresponding identification authentication information, such as: require the required authentication password of input inquiry operation, the authentication password that the cancellation operation is required, the authentication password that authentication password that activation manipulation is required or deactivating operation are required etc., network compares the password to should operate of the operator password of current input with storage in advance, judge that information provides the identity of end whether legal, whether carry out this operation with decision.
The above embodiment mainly discloses the mode that accesses to your password provides the end identity legitimacy to carry out the method for authentication to information, for the mode of other authentications, as end certain specific database of visit being provided by LCS network system requirement information and providing proof of identification to carry out authentication; Perhaps the LCS network system needs information to provide the user of end to show corresponding proof of identification to some specific places to carry out methods such as authentication and no longer describe in detail.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (11)

1, a kind of information is provided held the method for carrying out identification authentication, it is characterized in that, the information that identification authentication is carried out in the operation that provides end to initiate to information is set in the network system that location service LCS is provided; This method is further comprising the steps of: after information provides end to initiate operation requests, the identification authentication information that network system is initiated solicit operation according to set correspondence determines that information provides the end identity whether legal, the information legal to identity provides end, and network system execution information provides end to initiate requested operation.
2, method according to claim 1, it is characterized in that, describedly the operation that provides end to initiate to information is set carries out the information of identification authentication and be: provide end to be provided with by information and self initiate the corresponding identification authentication information of each operation, and with set identification authentication information stores in network system.
3, method according to claim 2 is characterized in that: information provides end to be the different identical identification authentication information of initiation operation setting, or information provides end to initiate the different identification authentication information of operation setting for each.
4, method according to claim 2 is characterized in that, this method further comprises: for each identification authentication information of initiating operation setting can provide end to change at any time by information.
5, method according to claim 1 is characterized in that, described network system determines information to provide the end identity, and whether legal step comprises:
Information provides end that the required identification authentication information of current initiation operation is offered network system, and network system compares the identification authentication information that information provides the corresponding current initiation that is provided with in identification authentication information that end provides and the network system to operate definite.
6, method according to claim 1, it is characterized in that, the operation that described information provides end to initiate comprises: inquiry or cancellation message reference end provide the request of end position information to information, providing of end self-position information is provided for activation or deexcitation information, and inquiry or modification information provide the user data setting of end.
7, method according to claim 1, it is characterized in that, this method further comprises: information provides end that each operation is set in advance identification authentication information, and network system is finished storage to set identification authentication information by the authentication information memory function module;
After information provided end that the identification authentication information of current operation is provided, network system was finished by authentication information authentication function module the checking of this identification authentication information is compared;
After authentication is passed through, the subsequent operation after network system is carried out functional module and finished authentication and pass through by operation.
8, method according to claim 1 is characterized in that, this method further comprises: when network system determined that information provides the identity of end legal, network system provided end to send authentication success information to information.
9, method according to claim 1 is characterized in that, this method further comprises: network system determines that information provides the identity of end illegal, and network system refusal execution information provides the end requested operation.
10, method according to claim 9 is characterized in that, network system refusal execution information comprises further when the end requested operation is provided that network system provides end to return miscue information to information.
11, method according to claim 1 is characterized in that, described information provides end to be target UE.
CNB021539278A 2002-12-06 2002-12-06 Identity and authority identifying method for information providing end Expired - Lifetime CN1266954C (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CNB021539278A CN1266954C (en) 2002-12-06 2002-12-06 Identity and authority identifying method for information providing end
AU2003255103A AU2003255103A1 (en) 2002-12-06 2003-08-08 A method for authenticating the identity of information provider
PCT/CN2003/000647 WO2004054288A1 (en) 2002-12-06 2003-08-08 A method for authenticating the identity of information provider

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB021539278A CN1266954C (en) 2002-12-06 2002-12-06 Identity and authority identifying method for information providing end

Publications (2)

Publication Number Publication Date
CN1507287A CN1507287A (en) 2004-06-23
CN1266954C true CN1266954C (en) 2006-07-26

Family

ID=32477215

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB021539278A Expired - Lifetime CN1266954C (en) 2002-12-06 2002-12-06 Identity and authority identifying method for information providing end

Country Status (3)

Country Link
CN (1) CN1266954C (en)
AU (1) AU2003255103A1 (en)
WO (1) WO2004054288A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103377336A (en) * 2013-01-21 2013-10-30 航天数联信息技术(深圳)有限公司 Method and system for controlling computer system user rights

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102004038588A1 (en) * 2004-08-06 2006-03-16 Deutsche Telekom Ag A method for providing services of different service providers and a central, computer-based platform for carrying out such a method
KR100620055B1 (en) * 2004-12-06 2006-09-08 엘지전자 주식회사 Method of canceling location information request

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB9903124D0 (en) * 1999-02-11 1999-04-07 Nokia Telecommunications Oy An authentication method
US6532290B1 (en) * 1999-02-26 2003-03-11 Ericsson Inc. Authentication methods
FI110558B (en) * 2000-05-24 2003-02-14 Nokia Corp Method for processing location information of a terminal connected to a packet data network via a cellular network

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103377336A (en) * 2013-01-21 2013-10-30 航天数联信息技术(深圳)有限公司 Method and system for controlling computer system user rights
CN103377336B (en) * 2013-01-21 2016-12-28 航天数联信息技术(深圳)有限公司 The control method of a kind of computer system user authority and system

Also Published As

Publication number Publication date
WO2004054288A1 (en) 2004-06-24
AU2003255103A1 (en) 2004-06-30
CN1507287A (en) 2004-06-23

Similar Documents

Publication Publication Date Title
EP2196045B1 (en) System and method for protecting data in wireless devices
US8135385B2 (en) Mobile terminal, access control management device, and access control management method
JP4880699B2 (en) Method, system, and apparatus for protecting a service account
US9248807B2 (en) Car control system
KR102394287B1 (en) Method and apparatus for increasing reliability in monitoring systems
US7591004B2 (en) Using trusted communication channel to combat user name/password theft
JP3305336B2 (en) Operation and maintenance system for mobile radio networks
CN109547458B (en) Login verification method and device, computer equipment and storage medium
KR101314445B1 (en) Unified network and physical premises access control server
CN102318314B (en) Method and devices for handling access authorities
US8320883B2 (en) Method to dynamically authenticate and control mobile devices
US20110289564A1 (en) System and method for providing authentication continuity
KR101910605B1 (en) System and method for controlling network access of wireless terminal
CN1376371A (en) A security procedure in universal mobile telephone service
CN100375431C (en) Communication network and management for immigration of mobile agents
JP2000507057A (en) Method and apparatus for confirming a subscriber terminal on a communication network
CN112685718A (en) Method for invalidating original access token during multi-terminal login of same account based on OAuth protocol
CN1266954C (en) Identity and authority identifying method for information providing end
CN100349495C (en) Adaptive hierarchical discrimination algorithm in LCS system
KR101473719B1 (en) Intelligent login authentication system and method thereof
CN109922058B (en) Intranet protection method for preventing illegal access to intranet
KR20040041195A (en) Method for Prevention of Using Illegal Mobile Equipment in Mobile Communication Network
CN112669490A (en) Emergency unlocking method, terminal equipment, server and system
CN1277366C (en) Method of information providing end data protection
EP2355028A1 (en) Authentication apparatus

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1066677

Country of ref document: HK

C14 Grant of patent or utility model
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20040623

Assignee: APPLE Inc.

Assignor: HUAWEI TECHNOLOGIES Co.,Ltd.

Contract record no.: 2015990000755

Denomination of invention: Identity and authority identifying method for information providing end

Granted publication date: 20060726

License type: Common License

Record date: 20150827

LICC Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model
CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20060726