CN1482827A - Method and system for mobile phone user authentication - Google Patents
Method and system for mobile phone user authentication Download PDFInfo
- Publication number
- CN1482827A CN1482827A CNA021317593A CN02131759A CN1482827A CN 1482827 A CN1482827 A CN 1482827A CN A021317593 A CNA021317593 A CN A021317593A CN 02131759 A CN02131759 A CN 02131759A CN 1482827 A CN1482827 A CN 1482827A
- Authority
- CN
- China
- Prior art keywords
- html
- markup language
- hypertext markup
- proxy module
- terminal equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to a cell phone user identification system and method thereof, wherein a hyper-text transmission protocol proxy module is arranged between the terminal equipment and the gateway server for for realizing storing, management, and loading relevant conversation mark into the service request, thus accomplishing the single spot identification for the user of the cell phone without the need for the support of the COOKIE management. The advantages of the invention are less communication flow, flexible ICP business service, and conformability to the needs of most cell phone users.
Description
Technical field
The present invention relates to cellphone subscriber's authentication techniques, more particularly, relate to a kind of method and system of cellphone subscriber's Single Sign On.
Background technology
Along with the arriving of information age, increasing cellphone subscriber wishes to use surfing Internet with cell phone, also the convenience of surfing Internet with cell phone is had higher requirement simultaneously.
The WAP standard is the protocol specification that is surfed the web by the mobile subscriber that the WAP Forum normal structure is formulated, and two kinds of versions of WAP1.X and WAP2.0 are arranged.
In the WAP2.0 model, except cellphone subscriber's terminal equipment directly with pattern that ICP (ICP) application server links to each other, also can dispose acting server between terminal equipment and ICP application server, acting server is optional intermediate equipment.The deployment of acting server is applied in the issue handling that separates wireless network and cable network both sides, improves aspects such as network performance, bells and whistles service and bring certain benefit to WAP2.0.
Portal server is for mobile subscriber's set a kind of equipment of surfing the Net, played the effect of mobile Internet door, can become the information navigation of ICP application server, also can be for the ICP application server provide authentification of user, the support of abilities such as service distribution.Cookie is meant a small text file that is stored on the user terminal, and its content can be any information, mainly is used in transmit mode information between client and the server.
When the cellphone subscriber surfs the Net, in order to judge the user whether the content that authority is browsed needs charge is arranged, need ICP application server identification user's identity, the user is authenticated.User for convenience, he only needs portal server of login to authenticate, and during visit other and this portal server is contracted after login ICP application server, the ICP application server does not need he is authenticated again.At this moment the ICP application server is finished authentication to the user by specific interaction mechanism, and this authentication mode is called Single Sign On (SSO).
Industry has two kinds of cellphone subscribers' Single Sign On mode at present:
Mode one:
Under this mode, the pattern that system adopts is that cellphone subscriber's terminal equipment directly links to each other with the ICP application server, carries out cellphone subscriber's Single Sign On by following steps by this pattern:
The cellphone subscriber logins to portal server;
Portal server distributes a session identification to give mobile phone terminal equipment;
During mobile phone terminal equipment browse ICP application server, session identification is sent to the ICP application server;
The ICP application server sends this session identification to portal server, obtains user ID from portal server.
This authentication mode requires terminal equipment to support the COOKIE management, so terminal equipment cost height.And because present most mobile subscriber terminal equipment are not supported the COOKIE management, therefore difficult carrying out.
Mode two:
Under this mode, the pattern that system adopts is still cellphone subscriber's terminal equipment and directly links to each other with the ICP application server, but realizes cellphone subscriber's Single Sign On by following steps by this pattern:
Cellphone subscriber's terminal equipment connects portal server, and portal server is that terminal equipment distributes a session identification:
When cellphone subscriber's terminal equipment was redirected to the application server of ICP by portal server, portal server carried this session identification and gives the ICP application server in parameter;
After the ICP application server is received this session identification, search the corresponding relation of session identification and user ID,, just send a SSO checking request, carry session identification and inquire user ID to portal server to portal server if can not find;
Because after the user redirect to the ICP application server, the user conversation sign of preserving on portal server may be overtime, when so the user consumes on the ICP application server, the response message of user conversation sign also need the transmission when user conversation identifies overtime predetermination carries to portal server in service provider, is in effective status with the user conversation sign that keeps the portal server end.
Though this kind mode does not require terminal equipment and supports the COOKIE management that need ICP application server and portal server to closely cooperate, it is tighter to be coupled, and is unfavorable for that ICP commences business flexibly.And the ICP application server will be before portal server end subscriber session identification be overtime the timed sending response message, communication traffic is big, thereby influences network transfer speeds, easily causes the congested of network.
Summary of the invention
The objective of the invention is to, a kind of method and system of cellphone subscriber's Single Sign On is provided, be convenient to ICP and commence business flexibly, adapt to most of cellphone subscribers' needs.
For achieving the above object, technology of the present invention specifically is achieved in that
A kind of system of cellphone subscriber's Single Sign On, comprise terminal equipment, ICP application server, portal server, the HTML (Hypertext Markup Language) proxy module is set between terminal equipment and portal server, be used for the managing conversation sign, by being connected of described session identification marking terminal equipment and HTML (Hypertext Markup Language) proxy module.
This HTML (Hypertext Markup Language) proxy module is provided with the session identification memory module and is used for store session sign and terminal equipment that is identified and the annexation between the HTML (Hypertext Markup Language) proxy module;
This HTML (Hypertext Markup Language) proxy module is provided with session load module, and the session sign is inserted in the packet of terminal equipment transmission.
The system of described cellphone subscriber's Single Sign On, this system also can comprise an accounting server.
The present invention also provides a kind of method of cellphone subscriber's Single Sign On, may further comprise the steps:
A. terminal equipment is by HTML (Hypertext Markup Language) proxy module login portal server, portal server assign sessions sign;
B. described session identification is stored and managed to the HTML (Hypertext Markup Language) proxy module;
C. terminal equipment sends the service request that is loaded with described session identification by the HTML (Hypertext Markup Language) proxy module to the ICP application server;
D.ICP application server identification session identification is made corresponding response according to the session identification recognition result.
This cellphone subscriber's Single Sign On method when carrying out described step D, can also comprise the steps:
The E.ICP application server was sent to accounting server with charge information and finishes charging before or after making corresponding service response.
The method of this cellphone subscriber's Single Sign On, steps A further comprises:
A1. terminal equipment sends logging request to the HTML (Hypertext Markup Language) proxy module;
A2. the HTML (Hypertext Markup Language) proxy module is transmitted logging request to portal server, requires the user to import user profile and finishes login;
A3. portal server returns the successful result of login, and for user's assign sessions sign, is sent to the HTML (Hypertext Markup Language) proxy module.
The method of this cellphone subscriber's Single Sign On, step C further comprises:
C1. terminal equipment sends service request to the HTML (Hypertext Markup Language) proxy module;
C2. the HTML (Hypertext Markup Language) proxy module is transmitted service request to the ICP application server, and is written into described session identification in service request;
The method of this cellphone subscriber's Single Sign On, step D further comprises:
The D1.ICP application server judges according to described session identification whether the user discerns;
If D2. discern, the ICP application server is made service response by the HTML (Hypertext Markup Language) proxy module to terminal equipment according to this session identification and service request;
If D3. without identification, by the identification information of session identification to the portal server inquiring user;
D4. portal server returns user totem information, the corresponding relation between ICP application server for storage user ID and session identification;
The D5.ICP application server is made service response by the HTML (Hypertext Markup Language) proxy module to terminal equipment according to this session identification and service request.
The present invention, by the HTML (Hypertext Markup Language) proxy module is set between terminal equipment and portal server, and finish storage and in service request, be written into corresponding session identification by this module, make cellphone subscriber's finishing of Single Sign On not need terminal equipment to support COOKIE, do not require that ICP application server and portal server closely cooperate and the timed sending response message yet, communication traffic is few, improve network transfer speeds, be convenient to ICP and commence business flexibly, adapt to most of cellphone subscribers' needs.
Description of drawings
Fig. 1 is cellphone subscriber's Single Sign On system diagram of the present invention;
Fig. 2 is the flow chart of assign sessions sign in cellphone subscriber's Single Sign On method of the present invention;
Fig. 3 is that the user browses ICP application server flow chart first in cellphone subscriber's Single Sign On method of the present invention.
Embodiment
The present invention is described in further detail with embodiment with reference to the accompanying drawings below:
With reference to figure 1, the present invention realizes that the system of cellphone subscriber's Single Sign On comprises terminal equipment, ICP application server, portal server and HTML (Hypertext Markup Language) proxy module.Between terminal equipment and the ICP application server portal server is set, can be the information navigation of ICP application server, also can be for the ICP application server provide authentification of user, the support of abilities such as service distribution.The HTML (Hypertext Markup Language) proxy module is set between terminal equipment and portal server, and this HTML (Hypertext Markup Language) proxy module is provided with session identification memory module and session identification load module.The session identification memory module is used for store session sign and terminal equipment to the connection of HTML (Hypertext Markup Language) proxy module and the corresponding relation between the session identification.Session load module is inserted the session sign in the packet of terminal equipment transmission.In this system, can also be connected into accounting server, finish the charging of service request response.
Consult Fig. 2, in the process of Fig. 2 for realization cellphone subscriber Single Sign On, the flow chart of assign sessions sign:
1. terminal equipment sends logging request to the HTML (Hypertext Markup Language) proxy module;
2. the HTML (Hypertext Markup Language) proxy module is transmitted logging request to portal server, requires the user to input user profile and password, finishes login;
3. portal server returns the successful result of login, and for user's assign sessions sign, sends to the HTML (Hypertext Markup Language) proxy module;
4. the session identification memory module in the HTML (Hypertext Markup Language) proxy module is stored this session identification, and this session identification is used for being connected of marking terminal equipment and HTML (Hypertext Markup Language) proxy module.
When the user surfs the Net the page that browsing content service provider first provides, consult Fig. 3, its step is as follows:
1. terminal equipment sends the request of browsing pages to the HTML (Hypertext Markup Language) proxy module;
2. the HTML (Hypertext Markup Language) proxy module is transmitted the ICP application server that content and service provider is arrived in the browsing pages request that is loaded with session identification;
3.ICP the session identification of application server by relatively storing judges whether the user discerns;
4. if discern, the ICP application server sends user's personalized browsing pages to terminal equipment by the HTML (Hypertext Markup Language) proxy module according to user ID (can be user name or phone number);
5. if without identification, the ICP application server identifies (can be user name or phone number) according to session identification to the portal server inquiring user, portal server returns user ID (can be user name or phone number), the corresponding relation of ICP application server stored user sign (can be user name or phone number) and session identification;
6.ICP the personalized browsing pages that application server returns the user according to user ID (can be user name or phone number) is given the HTML (Hypertext Markup Language) proxy module;
7. the HTML (Hypertext Markup Language) proxy module is transmitted user's personalized browsing pages to terminal equipment.
User's follow-up just browsing do not need to have inquired to portal server so before the deadline.If the term of validity arrives, then this session identification can be eliminated.The corresponding relation of session identification and user ID also is eliminated.
As another embodiment of the present invention, the user obtains session identification according to aforementioned flow process, promptly finishes login, and existing user wants download pictures from the ICP application server, and it can be finished as follows:
1. terminal equipment sends the request of obtaining picture to the HTML (Hypertext Markup Language) proxy service module;
2. the HTML (Hypertext Markup Language) proxy service module forwards the request in the application server of ICP, and is written into the session identification that has distributed in request;
3.ICP relatively the session identification of Chu Cuning judges whether the user discerns;
4. if discern, the ICP application server sends the charge information that comprises user ID (phone number) earlier and finishes charging to accounting server, sends the picture of customer requirements again to terminal equipment by the HTML (Hypertext Markup Language) proxy module according to user ID (phone number);
5. if find the user, then to the phone number of portal server inquiring user without identification;
6. portal server returns user's phone number, and ICP stores the corresponding relation of phone number and session identification;
7.ICP application server sends the charge information that comprises phone number and finishes charging to accounting server;
8.ICP application server sends the picture of downloading to the HTML (Hypertext Markup Language) proxy module;
9. the HTML (Hypertext Markup Language) proxy module is transmitted picture and is given terminal equipment.
As another embodiment of the present invention, the user obtains session identification according to aforementioned flow process, promptly finishes login, and existing user wants to be provided with the personalization hobby of its recreation, and it can be realized as follows:
1. terminal equipment sends the request that is provided with to the HTML (Hypertext Markup Language) proxy module;
2. the HTML (Hypertext Markup Language) proxy module forwards the request to the ICP application server, and is written into the session identification that has distributed in request;
3.ICP the session identification that application server relatively stores judges whether the user discerns;
4. if discern, the ICP application server sends to terminal equipment by the HTML (Hypertext Markup Language) proxy module according to user ID (phone number) page is set, and terminal equipment is finished setting;
5. if find that the user is without identification, to the phone number of portal server inquiring user;
6. portal server returns subscriber phone number, and stores the corresponding relation of phone number and session identification;
7.ICP application server sends the page is set;
8. the HTML (Hypertext Markup Language) proxy module is transmitted and the page is set to terminal equipment;
9. terminal equipment is finished setting.
In the system of the present invention, between terminal equipment and portal server, dispose the HTML (Hypertext Markup Language) proxy module, rely on session identification memory module and session identification load module are set in this module, with store session sign and session identification and the corresponding corresponding relation that is connected, and in ICP application server data packets for transmission, be written into corresponding session identification by the HTML (Hypertext Markup Language) proxy module the user, realize cellphone subscriber's Single Sign On.Make the user after login once on the portal server, before the deadline, it proposes service request to the ICP application server again, do not need regularly to send response message again as browse request, download pictures request etc. to portal server, communication traffic is few, do not require that ICP and portal server closely cooperate, and are convenient to ICP and commence business flexibly yet.The present invention simultaneously realizes that cellphone subscriber's Single Sign On does not need terminal equipment to support COOKIE yet, can adapt to most of cellphone subscribers' needs.
Though more than in conjunction with the embodiments, the present invention has been done detailed description, those skilled in the art are easy to make according to the present invention various conspicuous change and the remodeling to the foregoing description.So being not limited to the foregoing description, protection range of the present invention should determine by the claims that cover its all equivalents.
Claims (9)
1. the system of cellphone subscriber's Single Sign On, comprise terminal equipment, ICP application server, portal server, it is characterized in that: the HTML (Hypertext Markup Language) proxy module is set between terminal equipment and portal server, be used for the managing conversation sign, by being connected of described session identification identification terminal equipment and HTML (Hypertext Markup Language) proxy module.
2. the system of cellphone subscriber's Single Sign On according to claim 1 is characterized in that: described HTML (Hypertext Markup Language) proxy module be provided with the session identification memory module be used between store session sign and terminal equipment that is identified and the HTML (Hypertext Markup Language) proxy module annexation.
3. the system of cellphone subscriber's Single Sign On according to claim 2 is characterized in that: described HTML (Hypertext Markup Language) proxy module is provided with session load module, and the session sign is inserted in the packet of terminal equipment transmission.
4. according to the system of claim 1 or 2 or 3 described cellphone subscriber's Single Sign Ons, it is characterized in that: this system also comprises an accounting server.
5. the method for cellphone subscriber's Single Sign On is characterized in that: may further comprise the steps:
A. terminal equipment is by HTML (Hypertext Markup Language) proxy module login portal server, portal server assign sessions sign;
B. described session identification is stored and managed to the HTML (Hypertext Markup Language) proxy module;
C. terminal equipment sends the service request that is loaded with described session identification by the HTML (Hypertext Markup Language) proxy module to the ICP application server;
D.ICP application server identification session identification is made corresponding response according to the session identification recognition result.
6. cellphone subscriber's Single Sign On method according to claim 5 is characterized in that: when carrying out described step D, also comprise the steps:
The E:ICP application server was sent to accounting server with charge information and finishes charging before or after making corresponding service response.
7. according to claim 5 or 6 described cellphone subscriber's Single Sign On methods, it is characterized in that: described steps A further comprises the steps:
A1. terminal equipment sends logging request to the HTML (Hypertext Markup Language) proxy module;
A2. the HTML (Hypertext Markup Language) proxy module is transmitted logging request to portal server, requires the user to input user profile and password is finished login;
A3. portal server returns the successful result of login, and for user's assign sessions sign, is sent to the HTML (Hypertext Markup Language) proxy module.
8. according to the method for claim 5 or 6 described cellphone subscriber's Single Sign Ons, it is characterized in that: described step C further comprises:
C1. terminal equipment sends service request to the HTML (Hypertext Markup Language) proxy module;
C2. the HTML (Hypertext Markup Language) proxy module is transmitted service request to the ICP application server, and is written into described session identification in service request;
9. according to the method for claim 5 or 6 described cellphone subscriber's Single Sign Ons, it is characterized in that: described step D further comprises:
The D1.ICP application server judges according to described session identification whether the user discerns;
If D2. discern, the ICP application server is made service response by the HTML (Hypertext Markup Language) proxy module to terminal equipment according to this session identification and service request;
If D3. without identification, by the identification information of session identification to the portal server inquiring user;
D4. portal server returns user totem information, the corresponding relation between ICP application server for storage user ID and session identification;
The D5.ICP application server is made service response by the HTML (Hypertext Markup Language) proxy module to terminal equipment according to this session identification and service request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN02131759.3A CN1225935C (en) | 2002-09-15 | 2002-09-15 | Method and system for mobile phone user authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN02131759.3A CN1225935C (en) | 2002-09-15 | 2002-09-15 | Method and system for mobile phone user authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1482827A true CN1482827A (en) | 2004-03-17 |
| CN1225935C CN1225935C (en) | 2005-11-02 |
Family
ID=34145021
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN02131759.3A Expired - Fee Related CN1225935C (en) | 2002-09-15 | 2002-09-15 | Method and system for mobile phone user authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1225935C (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102065573A (en) * | 2010-12-28 | 2011-05-18 | 北京高信达通信技术有限公司福州分公司 | WAP gateway agent service data processing method and server |
| CN103001934A (en) * | 2011-09-16 | 2013-03-27 | 腾讯科技(深圳)有限公司 | Terminal application login method and terminal application login system |
| CN103139758A (en) * | 2011-11-28 | 2013-06-05 | 中国电信股份有限公司 | Mobile Socket type application system, server, method and wireless application protocol (WPA) gateway |
| US8699490B2 (en) | 2008-09-28 | 2014-04-15 | Huawei Technologies Co., Ltd. | Data transmission method, network node, and data transmission system |
-
2002
- 2002-09-15 CN CN02131759.3A patent/CN1225935C/en not_active Expired - Fee Related
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8699490B2 (en) | 2008-09-28 | 2014-04-15 | Huawei Technologies Co., Ltd. | Data transmission method, network node, and data transmission system |
| CN102065573A (en) * | 2010-12-28 | 2011-05-18 | 北京高信达通信技术有限公司福州分公司 | WAP gateway agent service data processing method and server |
| CN103001934A (en) * | 2011-09-16 | 2013-03-27 | 腾讯科技(深圳)有限公司 | Terminal application login method and terminal application login system |
| CN103001934B (en) * | 2011-09-16 | 2016-09-07 | 腾讯科技(深圳)有限公司 | The method and system that terminal applies logs in |
| CN103139758A (en) * | 2011-11-28 | 2013-06-05 | 中国电信股份有限公司 | Mobile Socket type application system, server, method and wireless application protocol (WPA) gateway |
| CN103139758B (en) * | 2011-11-28 | 2016-03-02 | 中国电信股份有限公司 | Mobile Socket class application system, server, method and WAP gateway |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1225935C (en) | 2005-11-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1145111C (en) | Method for pushing customized web page to network users | |
| CN1232088C (en) | Method for supporting mobility on internet | |
| CN1143563C (en) | System and host arrangement for transmission of electronic mail | |
| US7814483B2 (en) | Cache server at hotspots for downloading services | |
| CN1575021A (en) | System for providing roaming service | |
| CN1471259A (en) | User authentication system and user authentication method | |
| CN1728638A (en) | Cordless communication network, wireless terminal, access server and method thereof | |
| CN1275286A (en) | Method and apparatus for controlling network connections based on destination locations | |
| CN1788244A (en) | An arrangement and a method relating to IP network access | |
| CN1197297C (en) | A platform information switch | |
| CN1256847A (en) | Data service in mobile communications network | |
| CN1713623A (en) | Network connection system, network connection method, and switch used therefor | |
| CN1647559A (en) | System and method for pushing data in an internet protocol network environment | |
| CN101039309A (en) | Link sharing service apparatus and communication method thereof | |
| CN102571941B (en) | Cloud point-to-point data transmission method and system | |
| CN1456009A (en) | Method and device for limiting call accompanying execution of application | |
| CN1713629A (en) | Realization of user login name and IP address binding | |
| CN101047576A (en) | Contents control method and system | |
| CN101039310A (en) | Link sharing service apparatus and communication method thereof | |
| CN1397129A (en) | Mail system, server and mail transmitting/receiving device | |
| CN101997822A (en) | Streaming media content delivery method, system and equipment | |
| CN1801811A (en) | Mobile mail terminal adapting method and system | |
| CN1976322A (en) | Method and system for realizing multimedia immediate communicating and control flow | |
| CN1992603A (en) | Method and system for implementing data-transmission under wireless network environment | |
| CN1825845A (en) | Universal mobile inquiring method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20051102 Termination date: 20210915 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |