WO2004054288A1 - Procede d'authentification de l'identite d'un fournisseur d'informations - Google Patents
Procede d'authentification de l'identite d'un fournisseur d'informations Download PDFInfo
- Publication number
- WO2004054288A1 WO2004054288A1 PCT/CN2003/000647 CN0300647W WO2004054288A1 WO 2004054288 A1 WO2004054288 A1 WO 2004054288A1 CN 0300647 W CN0300647 W CN 0300647W WO 2004054288 A1 WO2004054288 A1 WO 2004054288A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- information provider
- authentication
- network system
- provider
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
Definitions
- the present invention relates to the field of data security technology, and in particular, to a method for performing identity authentication on an information provider. Background of the invention
- a respondent who can provide data such as certain information and resources is usually referred to as an information provider, and The visitor who provides data such as information and resources is usually called an information access end.
- the information access terminal requests the location information of the information provider from the LCS network system. After the LCS network system obtains the consent of the information provider, the geographic location information of the information provider is provided to the information access terminal as a resource. In this way, the information access terminal passes the LCS.
- the network system can obtain the location information of the information provider.
- the 3GPP technical specification TS 22.071 defines the service specifications of the LCS
- TS 23.271 defines the functional mode, system structure, status description, and message flow of the entire LCS system.
- TS 22.071 and TS 23.271 propose the following methods for the information access terminal to request the location information of the information provider: 1) Immediate location request: The information provider responds immediately after the information access terminal requests the location information, that is, during the information access After the terminal sends a location request, the information provider immediately provides its current location information; 2) Delay type location request: The information access terminal requests the location information of the information provider at a future point in time or when a certain event occurs, that is, After the information access terminal sends a location request, the information providing terminal provides its current location information after a period of delay; 3) Periodic location request: The information access terminal periodically requests the information providing terminal location information, that is, the information access terminal Define a start time point and an end time point, and a certain periodic logic, and require the information provider to Provides its location information within a periodic logic.
- one use of the LCS is to determine or track the location of the information provider by requesting the location information of the information provider.
- the information provider is allowed to query and cancel the currently activated valid location request at any time, and cancel the information access terminal's request for its location information. It also specifies that the information provider can activate or deactivate the location information provision function. To decide whether to provide its own location information.
- TS 22.071 does not propose a security mechanism for the information provider to authenticate the identity of the information provider when querying and canceling the location information request of the information access terminal. If at this time the information stealing end, that is, the stealer of data such as information and resources, steals certain information from the information providing end and is sufficient to control the information providing end, the information stealing end may also query or cancel the location information of the information providing end by the information accessing end. request. In this way, when the information access end performs monitoring based on the information provided by the information providing end, the monitoring purpose cannot be achieved due to the illegal involvement of the information stealing end.
- the main object of the present invention is to provide a method for identity authentication of an information provider when an operation is initiated on the information provider, so that the information provider has an authentication mechanism for security when performing related operations such as information provision. Guarantee to prevent the information provider from being maliciously manipulated after the information provider's information is stolen. To implement the present invention, the following steps are required:
- the information provider sets the authentication information used in advance for each initiation operation. Different initiation operations can set the same authentication information or different authentication information.
- the authentication information is stored in the network system and can be changed by the information provider at any time.
- the network system requests the corresponding authentication information from the information provider, the information provider provides the identity authentication information required for the current initiated operation to the network, and the network provides this authentication provided by the information provider
- the information is compared with the authentication information corresponding to the currently initiated operation, which is set in the network by the information provider in advance. Determine whether the identity of the information provider is legal. If it is legal, the network system performs the corresponding operation to the information provider, and even returns authentication success information; otherwise, the network returns an error message to the information provider and rejects the operation request of the information provider .
- the operation initiated by the information provider in the method further includes: querying or canceling the request of the information access terminal for the location information of the information provider, and activating or deactivating the provision of the location information of the information provider.
- the method further includes: after the information provider sets the authentication information in advance for each initiating operation, the network system stores the authentication information through the authentication information storage function module; the information providing terminal provides the identity authentication information of the currently initiated operation Then, the network completes the verification and comparison of the authentication information through the authentication information verification function module; after the authentication is passed, the network performs the subsequent operations after the authentication is passed through the operation execution function module.
- the method for performing authentication on an information provider when initiating an operation adds a security mechanism for identity authentication on the information provider when performing operations related to information provision by the information provider To prevent the information stealing end from stealing certain information and resources of the information providing end and controlling the information providing end to perform malicious operations, and to prevent the information stealing end from interfering with or damaging the external information provision of the information providing end or the information access end's location information on the information providing end Access, monitoring, etc., improving the position of the information provider and information access end Security of information interaction.
- FIG. 1 is a flowchart of an authentication operation performed by an information providing terminal according to the present invention.
- FIG. 2 is a logical structural diagram of an embodiment of a network side supporting an authentication operation in the present invention. Mode of Carrying Out the Invention
- the information provider needs to set the authentication information used in the LCS network system to perform each operation in advance, and the authentication that is set to initiate each operation is set.
- the weight information can be the same or different.
- the LCS network system stores all authentication information set by the information provider, and allows the information provider to change this authentication information at any time.
- FIG. 1 is a flowchart of the implementation of the authentication operation performed by the information provider of the present invention. As shown in FIG. 1, the process of interaction between the information provider and the network is as follows:
- Step 101 When an information provider initiates an operation, the information provider sends an operation request to the LCS network system. After receiving the request, the LCS network system responds to the operation and activates a process for identifying the legitimacy of the operation.
- Steps 102 to 103 The LCS network system sends an authentication information request to the information provider, and requests the information provider to provide the authentication information required to perform the current operation. After the information provider receives the password request, it authenticates the authentication corresponding to the current operation. The information is sent to the LCS network system.
- Steps 104 to 105 After the LCS network system receives the authentication information from the information provider, it verifies the legitimacy of the identity of the information provider, that is, sets the received authentication information and the prior information provider in the LSC network system. And compare the stored authentication information. If the comparison is successful, that is, the authentication is successful, the network returns a success message to the information provider and executes the corresponding information. The operation request of the provider may be performed by the network without returning the authentication success information to the information provider. Otherwise, it indicates that the authentication fails, and the network rejects the operation request of the information provider, and returns corresponding error response information to the provider.
- the LCS network system should include at least three functional modules: an authentication information verification function module, an authentication information storage function module, and an operation execution function module. These three functional blocks can exist as independent entities in the LCS network system, or can be integrated as three independent functional modules in an entity in an LCS network system or separately set in multiple entities.
- FIG. 2 is a logical structure diagram of an embodiment of a network side supporting an authentication operation in the present invention. As shown in FIG. 2, in this embodiment, three functional modules of authentication information verification, authentication information storage, and operation execution are three, respectively.
- the independent entities are: an authentication information verification server, an authentication information storage server, and an operation execution server.
- the authentication information verification server is used to perform identity authentication when an operation is performed on the information provider; the authentication information storage server is used to store related authentication information required by the information provider to perform certain operations; operation The execution server performs certain operations initiated by the information provider.
- the authentication information verification server compares the authentication information provided by the information provider with the corresponding authentication information stored by the authentication information storage server.
- the relevant authentication stored by the authentication information storage server is When the authentication information is the same as the authentication information provided by the information provider, the authentication information verification service server accepts the request and notifies the operation execution server to perform related subsequent operations; otherwise, the authentication information verification server rejects the request and sends the request to the information provider. Returns the corresponding error response message.
- the LCS network system responds to the query, cancel, activate or deactivate operation request before Both require the information provider to provide the authentication information corresponding to the currently requested operation, for example: require the authentication required for the query operation to be entered The password, the authentication password required for the cancel operation, the authentication password required for the activation operation, or the authentication password required for the deactivation operation, etc., the network compares the currently entered operation password with a previously stored password corresponding to the operation, Determine whether the identity of the information provider is legitimate and whether to perform the operation.
- the embodiments described above mainly disclose a method for authenticating the identity of an information provider using a password.
- Other authentication methods such as requiring the information provider to access a specific database and provide identity certification through the LCS network system Perform authentication; or the LCS network system requires the user of the information provider to present a corresponding identity certificate to a specific place for authentication and other methods are not described in detail.
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2003255103A AU2003255103A1 (en) | 2002-12-06 | 2003-08-08 | A method for authenticating the identity of information provider |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN02153927.8 | 2002-12-06 | ||
CNB021539278A CN1266954C (zh) | 2002-12-06 | 2002-12-06 | 一种对信息提供端进行身份鉴权的方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2004054288A1 true WO2004054288A1 (fr) | 2004-06-24 |
Family
ID=32477215
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2003/000647 WO2004054288A1 (fr) | 2002-12-06 | 2003-08-08 | Procede d'authentification de l'identite d'un fournisseur d'informations |
Country Status (3)
Country | Link |
---|---|
CN (1) | CN1266954C (zh) |
AU (1) | AU2003255103A1 (zh) |
WO (1) | WO2004054288A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102004038588A1 (de) * | 2004-08-06 | 2006-03-16 | Deutsche Telekom Ag | Verfahren zum Bereitstellen von Diensten verschiedener Diensteanbieter und zentrale, rechnerbasierte Plattform zur Durchführung eines solchen Verfahrens |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100620055B1 (ko) * | 2004-12-06 | 2006-09-08 | 엘지전자 주식회사 | 위치정보요청 취소방법 |
CN103377336B (zh) * | 2013-01-21 | 2016-12-28 | 航天数联信息技术(深圳)有限公司 | 一种计算机系统用户权限的控制方法和系统 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2000048358A1 (en) * | 1999-02-11 | 2000-08-17 | Nokia Netwoks Oy | An authentication method |
WO2000052949A1 (en) * | 1999-02-26 | 2000-09-08 | Ericsson, Inc. | Authentication methods for cellular communications systems |
CN1325242A (zh) * | 2000-05-24 | 2001-12-05 | 诺基亚移动电话有限公司 | 处理有关经蜂窝网连接到分组数据网的终端的位置信息的方法 |
-
2002
- 2002-12-06 CN CNB021539278A patent/CN1266954C/zh not_active Expired - Lifetime
-
2003
- 2003-08-08 AU AU2003255103A patent/AU2003255103A1/en not_active Abandoned
- 2003-08-08 WO PCT/CN2003/000647 patent/WO2004054288A1/zh not_active Application Discontinuation
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2000048358A1 (en) * | 1999-02-11 | 2000-08-17 | Nokia Netwoks Oy | An authentication method |
WO2000052949A1 (en) * | 1999-02-26 | 2000-09-08 | Ericsson, Inc. | Authentication methods for cellular communications systems |
CN1325242A (zh) * | 2000-05-24 | 2001-12-05 | 诺基亚移动电话有限公司 | 处理有关经蜂窝网连接到分组数据网的终端的位置信息的方法 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102004038588A1 (de) * | 2004-08-06 | 2006-03-16 | Deutsche Telekom Ag | Verfahren zum Bereitstellen von Diensten verschiedener Diensteanbieter und zentrale, rechnerbasierte Plattform zur Durchführung eines solchen Verfahrens |
Also Published As
Publication number | Publication date |
---|---|
CN1266954C (zh) | 2006-07-26 |
CN1507287A (zh) | 2004-06-23 |
AU2003255103A1 (en) | 2004-06-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3691215B1 (en) | Access token management method, terminal and server | |
JP5579938B2 (ja) | ローミングネットワークにおけるアクセス端末識別情報の認証 | |
JP4880699B2 (ja) | サービスアカウントを保護するための方法、システム、及び装置 | |
US8600355B1 (en) | Systems and methods for authenticating applications for access to secure data using identity modules | |
CN102265255B (zh) | 通过凭证的逐步到期来提供联合认证服务的系统和方法 | |
CN105162777B (zh) | 一种无线网络登录方法及装置 | |
US10271213B2 (en) | Methods and apparatus for providing management capabilities for access control clients | |
CN110324287A (zh) | 接入认证方法、装置及服务器 | |
US20070198834A1 (en) | Method For The Authentication Of Applications | |
WO2007104243A1 (en) | The managing system of accounts security based on the instant message and its method | |
JP2007511122A (ja) | セキュリティモジュールによるアプリケーションのセキュリティの管理方法 | |
JP2004185623A (ja) | ネットワーク・ロケーション中のサブ・ロケーションについてのユーザの認証の方法およびシステム | |
JP2016524248A (ja) | 身元情報の窃盗又は複製行為から保護する方法及びシステム | |
CN101986598B (zh) | 认证方法、服务器及系统 | |
JP2013541908A (ja) | ユーザアカウント回復 | |
WO2006079282A1 (fr) | Procede pour le reglage de la cle et reglage du code de securite initial dans le terminal mobile | |
WO2019056971A1 (zh) | 一种鉴权方法及设备 | |
WO2013185709A1 (zh) | 一种呼叫认证方法、设备和系统 | |
CN105763517A (zh) | 一种路由器安全接入和控制的方法及系统 | |
CN107534674B (zh) | 管理对服务的访问的方法 | |
JP7100561B2 (ja) | 認証システム、認証サーバおよび認証方法 | |
WO2004054288A1 (fr) | Procede d'authentification de l'identite d'un fournisseur d'informations | |
JP2023030009A (ja) | 請求管理デバイスのロックアウトのための装置、方法、およびコンピュータプログラム製品 | |
JP2001282667A (ja) | 認証サーバ・クライアントシステム | |
CN116743472A (zh) | 一种资源访问方法、装置、设备及介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |