WO2006081742A1 - Méthode pour effectuer l’unification des informations utilisateur et l’authentification de l’extrémité utilisateur - Google Patents

Méthode pour effectuer l’unification des informations utilisateur et l’authentification de l’extrémité utilisateur Download PDF

Info

Publication number
WO2006081742A1
WO2006081742A1 PCT/CN2006/000100 CN2006000100W WO2006081742A1 WO 2006081742 A1 WO2006081742 A1 WO 2006081742A1 CN 2006000100 W CN2006000100 W CN 2006000100W WO 2006081742 A1 WO2006081742 A1 WO 2006081742A1
Authority
WO
WIPO (PCT)
Prior art keywords
bsf
authentication
user
information
user terminal
Prior art date
Application number
PCT/CN2006/000100
Other languages
English (en)
Chinese (zh)
Inventor
Yingxin Huang
Wenlin Zhang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2006081742A1 publication Critical patent/WO2006081742A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to the field of general authentication framework technology in the third generation wireless communication, and particularly relates to a method for realizing user information synchronization and authenticating a user terminal when a plurality of BSFs are included in the same home network.
  • Background of the invention
  • the universal authentication framework is a general structure used by various application service entities to complete the verification of the user identity, and the universal authentication framework can be used to check and verify the users of the application service.
  • Identity may be a multicast/broadcast service, a user certificate service, an information immediate service, or an agent service.
  • FIG. 1 shows the structure of the general framework.
  • the universal authentication framework typically consists of a User Terminal (UE) 101, an entity (BSF) 102 performing UE Identity Initial Check Verification, a User Home Network Server (HSS) 103, and a Network Application Entity (NAF) 104.
  • the BSF 102 is configured to mutually authenticate the identity with the user terminal 101, and simultaneously generate a shared key of the BSF 102 and the user terminal 101.
  • the HSS 103 stores a profile file for describing user information, and the profile includes all the user identity and the like. The description information related to the user, and the HSS 103 also has the function of generating authentication vector information.
  • a user When a user needs to use a certain service, if it knows that it needs to authenticate to the BSF, it directly interacts with the BSF to perform mutual authentication. Otherwise, the user first contacts the NAF corresponding to the service, if the NAF applies universal authentication.
  • the framework requires the user to authenticate to the BSF, and then informs the user to apply the universal authentication framework for authentication, otherwise it handles it accordingly.
  • the mutual authentication process between the UE and the BSF is:
  • the UE passes the default domain name.
  • BSF.MCC.MNC.3GPPnetwork.org sends a request for authentication to the BSF.
  • the BSF After receiving the authentication request from the UE, the BSF first obtains the authentication information of the UE from the HSS, and the HSS returns a group to the BSF according to the identifier of the UE. Or multiple sets of reference vectors. Since each group of authentication vectors can only be used once, the HSS can return the authentication vector information that is used only once for the BSF, but from the perspective of saving interface signaling resources, the HSS usually returns multiple sets of authentication vectors to the BSF. The information is used for multiple authentications.
  • the HSS returns the user description information of the user to the BSF while returning to the BSF authentication vector.
  • the BSF performs mutual authentication by performing an authentication and key agreement protocol (AKA) with the UE based on the obtained authentication vector information.
  • AKA authentication and key agreement protocol
  • the UE and the BSF mutually authenticate the identity and simultaneously generate the shared key Ks.
  • the BSF allocates a session transaction identifier (B-TID) to the UE, the format of the B-TID is RAND@BSF_server_domain_name, and the B-TID is associated with Ks, and has an expiration date. .
  • B-TID session transaction identifier
  • the UE After receiving the B-TID, the UE sends a connection request to the NAF.
  • the B-TID is carried in the request message, and the UE side calculates the derived key Ks_NAF according to Ks.
  • the NAF that has received the request confirms that the B-TID carried by the UE is not in the local area and then queries the BSF. After the BSF queries the B-TID, the BSF uses the same algorithm as the UE side to calculate the derived key Ks_NAF of the key Ks, and then gives the NAF.
  • the successful response includes a B-TID required by the NAF, a derived key Ks_NAF corresponding to the B-TID, and an expiration date set by the BSF for the key, if necessary, Includes user description information for the user.
  • the NAF After receiving the success response message of the BSF, the NAF considers that the UE is a BSF-authenticated UE, and the NAF and the UE also share the Ks-NAF derived from the Ks. The NAF and the UE perform communication protection through Ks-NAF in the subsequent communication process.
  • the UE When the UE finds that the key Ks or Ks_NAF is about to expire, or the NAF requires the UE to re-authenticate to the BSF, the UE repeats the above steps to re-authenticate to the BSF to obtain a new Ks and B-TID.
  • the above description is based on the case where only one BSF is included in the general authentication framework. Multiple BSFs can also be included in the common authentication framework to avoid bottlenecks caused by a BSF overload. In a general authentication framework, that is, in a home network, the existence of multiple BSFs has become a development trend.
  • the UE sends a request for authentication to the BSF through the default domain name BSF.MCC.MNC.3GPPnetwork.org.
  • the domain name is resolved to the actual BSF address by the Domain Name Resolution Server (DNS).
  • DNS Domain Name Resolution Server
  • the UE After the resolution of the DNS, the UE returns a BSF address, and the UE connects to the BSF according to the address, and performs subsequent operations; in the case of multiple BSFs, the DNS may return multiple BSF addresses.
  • the DNS selects one of the multiple BSF addresses to be returned to the UE according to the pre-configured policy, and the UE connects to the UE according to the address.
  • the multiple sets of authentication vectors for the UE are usually obtained in the BSF1, and the multiple groups are respectively assumed to be the authentication vector 1, the authentication vector 2, and the authentication.
  • Vector 3 This is because in order to save interface signaling resources, the HSS usually returns multiple sets of authentication vector information to the BSF for multiple authentication purposes.
  • the authentication vector group 1 is definitely used when the UE authenticates with the BSF1 because the order of use of the authentication vectors is limited, that is, it must be used in the order of the number of the authentication vectors.
  • the UE When the UE needs to re-authenticate, if for some reason, for example, the UE does not receive the response of the BSF1 within a predetermined period of time after contacting the BSF1, the UE and the BSF2 The interaction is performed to perform mutual authentication, and the BSF2 still obtains multiple sets of authentication vectors for the UE from the HSS, assuming that the multiple groups are the authentication vector 4, the authentication vector 5, and the authentication vector 6, respectively. At this time, the authentication vector 4 is definitely used when the mutual authentication operation is performed. Since the numbering sequence of the applied authentication vector can be monitored in the UE, the UE must detect that the number of the currently applied authentication vector is not continuous with the previous number, which may result in authentication failure.
  • the root cause of the authentication failure is due to the fact that the user information between the BSF1 and the BSF2 for the UE is not synchronized. It can be seen that it is very likely that a normal UE cannot use the service due to authentication due to the network side itself, and this phenomenon is unreasonable.
  • the NAF since the format of the B-TID is RAND@BSF_server_domain_name, when the NAF queries the BSF for B-TID information after the authentication is passed, in the case of a BSF, the NAF only needs to go to the BSF in the home network. In the case of multiple BSFs, NAF randomly finds a BSF according to the domain name of the B-TID, and requests B-TID information from the BSF. If the BSF confirms that there is no information queried by the NAF, Then, the BSF that receives the request from the NAF will send a query request to other BSFs in the home network in turn until the information required by the NAF is queried, or until the BSFs in the home network are not found.
  • an object of the present invention is to provide a method for synchronizing user information between multiple BSFs, so that user information of a TUE that initiates an authentication request is kept synchronized in different BSFs.
  • Another object of the present invention is to provide a method for implementing an authentication method in the case of multiple BSFs to ensure that normal UEs can pass authentication.
  • the multiple BSFs belong to the same home network, and the method includes the following steps:
  • the user terminal sends an authentication request to the first BSF that has performed the mutual authentication operation with the user terminal.
  • the user terminal receives the information indicating that the first BSF cannot process the authentication request or determines that the response information from the first BSF is not received within a predetermined time, reselects a second BSF, and reselects the second BSF.
  • the second BSF sends an authentication request, where the authentication request includes information identifying the first BSF, and the second BSF obtains and saves the user information of the user terminal from the first BSF according to the received authentication request.
  • the obtaining, by the second BSF, the user information of the user terminal from the first BSF includes the following steps:
  • the second BSF sends a query request for the IMPI of the user terminal to be queried to the first BSF, and the first BSF directly queries the user information of the user terminal according to the pre-stored relationship between the IMPI and the user information, and queries the user information of the user terminal. User information is returned to the second BSF; or,
  • the second BSF sends a query request to the first BSF that includes the B-TID corresponding to the user terminal to be queried, and the first BSF first queries the IMPI of the user terminal according to the pre-stored correspondence between the B-TID and the IMPI, and then saves according to the pre-preservation. Corresponding relationship between the IMPI and the user information, querying the user information of the user terminal, and returning the queried user information to the second BSF.
  • a method for realizing multiple BSFs when a user terminal UE needs to perform mutual authentication with a BSF The method for synchronizing the user information, the multiple BSFs belong to the same home network, and the method includes the following steps:
  • the user terminal sends an authentication request to the first BSF that has performed the mutual authentication operation with the user terminal. After the first BSF determines that the request cannot be processed by the user, the first BSF sends the request to the second B SF in the home network.
  • the second BSF obtains and saves the user information of the UE from the proxy authentication request message.
  • the method further includes: separately setting an identifier for multiple BSFs in the same home network; the identifier is a sequence number, or a number determined by a numbering rule of the home network, or a name recognizable by the home network.
  • the user information is an authentication vector, a B-TID, information related to the B-TID, and description information of the user, or the user information is a B-TID, a B-TID-related information, and a description of the user. information.
  • the method further includes: deleting, by the first BSF, the authentication vector in the user information saved by the first BSF. .
  • the user terminal sends a right request to the first BSF that has performed the mutual authentication operation with the user terminal;
  • the user terminal After receiving the information indicating that the first BSF cannot process the authentication request or determining that the response information from the first BSF is not received within a predetermined time, the user terminal reselects a second BSF and sends the second BSF to the second BSF. Sending an authentication request including identifying the first BSF information, and the second BSF obtains and saves the user end from the first BSF according to the received authentication request. End user information;
  • the second BSF > obtains the authentication vector of the mutual authentication right according to the user information of the user terminal acquired from the first BSF, and performs mutual authentication operation with the user terminal.
  • A2 The user terminal sends an authentication request to the first BSF that has performed the mutual authentication operation with the user terminal, and the first BSF determines that the user cannot process the request, and provides the user to the second BSF in the home network.
  • User information of the terminal and notifying the user terminal to perform mutual authentication in the second BSF;
  • the user terminal sends an authentication request to the second BSF according to the received notification.
  • the second BSF obtains the authentication vector of the mutual authentication right according to the user information of the user terminal provided by the first BSF, and the user The terminal performs mutual authentication operations.
  • the obtaining, by the second BSF, the authentication vector of the current mutual authentication includes the following steps: the second BSF determines whether there is an unused authentication vector in the user information of the locally saved user terminal, and if yes, The unused authentication vector is used as the authentication vector of the mutual mutual right; otherwise, the second BSF obtains the authentication vector of the user terminal from the HSS, and uses the obtained authentication vector as the authentication of the mutual authentication right. Vector.
  • the method further includes: setting an identifier for each of the multiple BSFs in the same home network in advance, and after the authentication succeeds, the domain name of the B-TID allocated by the BSF for the user terminal includes its own identification information;
  • the identifiers set by the multiple BSFs in the network are sequential numbers, or numbers determined by the numbering rules of the home network, or names that the home network can recognize.
  • the method further includes: when the NAF in the network queries the BSF for the B-TID information of the user terminal, the method further includes: according to the identifier of the BSF in the B-TID domain name, the NAF directly points to The BSF with the B-TID sends a request to query the B-TID.
  • the step of the first BSF providing the user information of the user terminal to the second BSF in step A2 includes the following steps:
  • the first 38 to the second proxy 88 transmits a request message including the user authentication information to the user terminal;
  • the second BSF After the second BSF confirms that it can process the authentication request, it acquires and saves the user information of the user terminal in the end of the proxy authentication request, and returns a successful response to the first BSF.
  • the step of informing the user terminal to perform mutual authentication in the second BSF according to step A2 includes the following steps:
  • the first BSF receives a notification to the user terminal that the second BSF that can identify the second BSF information is authenticated for authentication.
  • the user information is an authentication vector, a B-TID, information related to the B-TID, and description information of the user, or the user information is a B-TID, a B-TID-related information, and a description of the user. information.
  • the present invention also provides a method for implementing an authentication method in the case of multiple BSFs. On the basis of user information synchronization, it is ensured that normal UEs can pass authentication.
  • the present invention also provides an identifier for each of the multiple BSFs, and the domain name of the B-TID reflects the identity of the BSF, so that it can indicate which BSF is allocated by the B-TID, which facilitates the NAF search, thereby reducing The traffic between the BSFs speeds up the processing and saves network resources.
  • Figure 1 shows the structure of the general authentication framework
  • Embodiment 1 of the present invention is a schematic flow chart showing Embodiment 1 of the present invention.
  • FIG. 3 is a schematic flow chart of a second embodiment to which the present invention is applied. Mode for carrying out the invention
  • the idea of the present invention is: when the second BSF of the different last authentication is used when the user terminal re-authenticates, the second BSF can acquire the user from the first BSF that has performed the mutual authentication operation with the user terminal. User information of the terminal, thereby ensuring that the user information of the UE that initiated the authentication request is kept synchronized in different BSFs.
  • the present invention also provides a method for implementing an authentication method in the case of multiple BSFs, which ensures that normal UEs can pass authentication.
  • the present invention further sets an identifier for a plurality of BSFs, and the domain name of the B-TID reflects the BSF identifier, so that it can indicate which BSF is allocated by the B-TID, which facilitates NAF search and improves network processing. effectiveness.
  • the UE finds that the key applied by itself is about to expire, or receives the information from the NAF that requires re-authentication, it performs the authentication operation again, that is, the condition for triggering the re-authentication is the same as the prior art. No longer detailed.
  • FIG. 2 is a schematic flow chart showing the first embodiment of the present invention.
  • multiple BSFs exist in the same home network, and the UE has successfully performed the mutual authentication operation with a certain BSF.
  • the following is convenient for description, and the mutual authentication operation has been performed with a certain user terminal.
  • the original BSF is referred to as a first BSF, denoted as BSFo
  • a new BSF that is different from the first BSF and has not performed a mutual authentication operation with the user terminal is referred to as a second BSF, and is referred to as BSFn.
  • Step 201 When the UE performs the mutual authentication operation again, it first sends an authentication request to the BSFo. Since the UE stores the information of the BSF that has performed the mutual authentication operation, the UE can It is enough to find the BSFo that successfully performed the mutual authentication operation last time. In this embodiment, since the BSFo determines that it cannot process the current request according to its current state, according to the previous configuration, no response is returned to the UE.
  • step 202 is performed.
  • Step 202 The UE selects a new BSF, that is, a BSF, that is different from the first BSF and does not perform a mutual authentication operation with the user terminal, and sends an authentication request to the BSF, where the authentication request includes the identifier that can be identified and executed by itself. BSFo information for mutual authentication operations.
  • the method for the UE to select the BSFn is: the UE reselects an IP address from the IP addresses of the multiple BSFs that have been saved by the UE, and the BSF corresponding to the IP address is the BSFn; or the UE provides the default domain name of the BSF by the DNS. Returning the address of the BSF, the UE randomly selects a BSF address or uses the BSF corresponding to the address returned by the DNS to be BSFn.
  • the information included in the authentication request that can identify the BSFo that has performed the mutual authentication operation with itself is the IP address of the BSFo. Or the identity of the BSFo that has been set.
  • the identifier of the BSF that has been set may be the serial number of the bill, such as 1, 2, 3, etc., or may be a number determined by the numbering rule of the home network, or may be a name that the home network can recognize.
  • Step 203 After receiving the authentication request of the IP address or the identifier of the BSFo from the UE, the BSFn sends the BSFo the user information of the UE that sends the authentication request, if the received authentication request includes the user identity identifier ( IMPI), the query request message also includes IMPI. If the received authentication request includes a B-TID, the query request message also includes B-TIDo.
  • IMPI user identity identifier
  • the user information includes an authentication vector, and a B-TID, information related to the B-TID and user description information; if there is no target for the UE in the BSFo
  • the authentication vector used the user information includes a B-TID, information related to the B-TID, and user description information.
  • Step 204 After receiving the query request from the BSFn, if the BSFo determines that the query request includes the IMPI, the BSFo directly queries the user information of the UE according to the pre-stored relationship between the IMPI and the user information, and if the query is determined, If the B-TID is included in the request, the IMPI of the UE is first queried according to the pre-stored correspondence between the B-TID and the IMPI, and the user information of the UE is queried according to the correspondence between the pre-stored IMPI and the user information. BSFo sends the obtained user information to BSFn.
  • the BSFo immediately returns the user-saved authentication vector for the UE after the BSFn returns the user information, and other user information, such as the B-TID and the information related to the B-TID, It can be temporarily deleted, to facilitate the B-TID that the NAF query is still valid.
  • the BSFo deletes the B-TID and related information for the UE. After all B-TIDs saved by the BSF for one IMPI, that is, one UE, are deleted, the BSFo deletes the IMPI and user description information of the UE, and does not completely save any description information of the UE.
  • Step 205 After receiving the user information returned by the BSFo and saving, the BSFn determines whether there is an unused authentication vector in the user information. If yes, step 207 is performed; otherwise, step 206 is performed.
  • Step 206 The BSFn requests the HSS for the authentication vector and the user description information of the UE.
  • the user description information is requested to update the description information that may be transformed at the same time.
  • Step 207 The BSFn performs a mutual authentication operation with the UE. After the authentication succeeds, the BSFn assigns the i3-TID to the UE.
  • the BSFn can obtain the user information of the UE from the BSFo, the implementation is implemented.
  • the user information of the UE requesting the authentication is synchronized in different BSFs, and the situation that normal users cannot pass the authentication is avoided.
  • FIG. 3 is a schematic flow chart of a second embodiment to which the present invention is applied.
  • multiple BSFs exist in the same home network, and the UE has successfully performed the mutual authentication operation with a certain BSF.
  • the following is convenient for description, and the mutual authentication operation has been performed with a certain user terminal.
  • the original BSF is referred to as a first BSF, denoted as BSFo
  • a new BSF that is different from the first BSF and has not performed a mutual authentication operation with the user terminal is referred to as a second BSF, and is referred to as BSFn.
  • Step 301 When the UE performs the mutual authentication operation again, it first sends an authentication request to the BSFo. Since the UE stores the information of the BSF that has performed the mutual authentication operation, the UE can find the BSFo that successfully performed the mutual authentication operation last time.
  • Step 302 After receiving the authentication request from the UE, the BSFo determines that the authentication request cannot be processed by itself, for example, if the load is too heavy, for example, the BSFo is configured to notify the BSFn to authenticate the UE according to the pre-configuration. That is, a request message for proxy authentication is sent to the BSFn, and the request message includes user information of the UE.
  • the user information includes an authentication vector, B-TID, information related to the B-TID, and user description information; if there is no unused for the UE in the BSFo
  • the authentication vector the user information includes a B-TID, information related to the B-TID, and user description information.
  • Step 303 After receiving the request message from the BSFo, the BSFn confirms that it can perform the operation, saves the end message information of the request message, and then returns a successful response message to the BSFo.
  • Step 304 After receiving the success response message from the BSFn, the BSFo determines whether the user information sent to the BSFn includes an authentication vector, and if so, immediately deletes the authentication vector saved for the UE, and other users Information such as B-TID and B-TID related information can be temporarily deleted, so that the NAF query is still valid B-TID, when After the expiration of the validity period of the B-TID, the BSFo deletes the B-TID and related information for the UE. After all the B-TIDs saved by the BSF for one IMPI, that is, one UE, are deleted, the BSFo deletes the IMPI and the user description information of the UE, and does not completely save any description information of the UE.
  • B-TID and B-TID related information can be temporarily deleted, so that the NAF query is still valid B-TID
  • the BSFo notifies the UE to perform a mutual authentication operation to the BSFn, and the notification message includes the IP address of the BSFn.
  • the notification may include the IP address of the BSFo or the identifier of the BSFo that has been set.
  • the method for specifically setting the identifier of the BSF is the same as the method in the previous embodiment, and the description thereof will not be repeated here.
  • Step 305 The UE sends an authentication request to the BSFn, where the authentication request is the same as the information included in the existing authentication request, and no information needs to be added.
  • Step 306 After receiving the authentication request from the UE, the BSFn determines whether there is an unused authentication vector stored in the user information of the UE locally. If yes, step 307 is performed. Otherwise, step 308 is performed.
  • Step 307 The BSFn requests the HSS for the authentication vector and the user description information of the UE.
  • the user description information is requested to update the description information that may be transformed at the same time.
  • Step 308 The BSFn performs a mutual authentication operation with the UE. After the authentication succeeds, the BSFn allocates a B-TID to the UE.
  • the BSFn can obtain the user information of the UE from the BSFo, the user information of the UE that initiates the authentication request is synchronized in different BSFs, and the normal user cannot be authenticated.
  • the BSF identifier can be reflected in the domain name of the B-TID, so that it can clearly indicate which BSF is allocated by the B-TID, which facilitates the NAF search. For example, suppose the identity of the BSFn to which the UE is connected is 11, and the B-TID assigned by the BSFn to the UE is expressed as RAND@11.BSF_servers_domain_name 0 In this way, when the NAF locates the BSF through the domain name of the B-TID, it is easy to find the BSF that stores the required information, and the BSF in the network is no longer required to search in turn, thereby improving the network processing efficiency.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L’invention concerne une méthode pour effectuer l’unification des informations utilisateur parmi une pluralité de BSF se déroulant ainsi : si l’extrémité utilisateur s’authentifie de nouveau et néanmoins utilise le deuxième BSF différent de la dernière authentification, le deuxième BSF peut obtenir les informations utilisateur de l’extrémité utilisateur du premier BSF qui a réalisé l’authentification de l’extrémité utilisateur. Cela garantit que les informations utilisateur de l’UE à l’origine de la requête d’authentification seront unifiées dans les différentes BSF. Une autre méthode de réalisation de l’authentification dans une pluralité de BSF garantit que l’UE normal peut transmettre l’authentification basée sur l’unification des informations utilisateur. Sinon, la présente invention définit également les identificateurs d’une pluralité de BSF, respectivement, et crée l’identificateur de BSF dans le nom de domaine du B-TID. De cette manière, cela peut indiquer quel BSF a affecté le B-TID et la requête est facile par le NAF. Cela réduit ainsi le trafic entre les BSF, augmente la vitesse de processus et économise les ressources du réseau.
PCT/CN2006/000100 2005-02-05 2006-01-20 Méthode pour effectuer l’unification des informations utilisateur et l’authentification de l’extrémité utilisateur WO2006081742A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNB2005100075136A CN100563156C (zh) 2005-02-05 2005-02-05 实现用户信息同步及对用户终端鉴权的方法
CN200510007513.6 2005-02-05

Publications (1)

Publication Number Publication Date
WO2006081742A1 true WO2006081742A1 (fr) 2006-08-10

Family

ID=36776953

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/000100 WO2006081742A1 (fr) 2005-02-05 2006-01-20 Méthode pour effectuer l’unification des informations utilisateur et l’authentification de l’extrémité utilisateur

Country Status (2)

Country Link
CN (1) CN100563156C (fr)
WO (1) WO2006081742A1 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100466835C (zh) * 2006-09-22 2009-03-04 华为技术有限公司 鉴权设备的识别方法和鉴权方法、通信系统以及设备
CN101193424B (zh) * 2006-11-28 2010-10-13 中国移动通信集团公司 一种鉴权方法以及设备
CN109803261B (zh) * 2017-11-17 2021-06-22 华为技术有限公司 鉴权方法、设备及系统
CN113596830B (zh) * 2021-07-27 2023-03-24 中国联合网络通信集团有限公司 通信方法、装置、电子设备、存储介质及程序产品

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2293989A1 (fr) * 2000-01-07 2001-07-07 Sedona Networks Corporation Gestion repartie d'abonnes
WO2003010669A1 (fr) * 2001-07-24 2003-02-06 Barry Porozni Systeme, procede, signal, et programme informatique pour acces sans fil
WO2004023712A1 (fr) * 2002-09-09 2004-03-18 U.S. Encode Corporation Systemes et procedes d'authentification securisee de transactions electroniques

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2293989A1 (fr) * 2000-01-07 2001-07-07 Sedona Networks Corporation Gestion repartie d'abonnes
WO2003010669A1 (fr) * 2001-07-24 2003-02-06 Barry Porozni Systeme, procede, signal, et programme informatique pour acces sans fil
WO2004023712A1 (fr) * 2002-09-09 2004-03-18 U.S. Encode Corporation Systemes et procedes d'authentification securisee de transactions electroniques

Also Published As

Publication number Publication date
CN1815954A (zh) 2006-08-09
CN100563156C (zh) 2009-11-25

Similar Documents

Publication Publication Date Title
CN110800331B (zh) 网络验证方法、相关设备及系统
JP5651313B2 (ja) 連続する再認証を必要としないsipシグナリング
CN101127600B (zh) 一种用户接入认证的方法
JP4768720B2 (ja) ネットワークにアクセスするユーザ端末に対してジェネリック認証アーキテクチャーを応用して管理する方法及びシステム
US8275355B2 (en) Method for roaming user to establish security association with visited network application server
KR101505590B1 (ko) 유선 근거리 통신망을 위한 보안 액세스 제어 방법 및 시스템
WO2006097041A1 (fr) Forme d'authentification generale et procede pour mettre en place l'authentification
WO2005046118A1 (fr) Procede pour verifier la validite d'un abonne
WO2008006306A1 (fr) Procédé et dispositif de dérivation d'une clé interface locale
EP2981022B1 (fr) Procédé et système de transmission et de réception de données, procédé et dispositif de traitement de message
WO2005074188A1 (fr) Procede d'obtention d'une identification utilisateur pour entite d'application du reseau
WO2007022731A1 (fr) Procede, systeme et equipement de negociation de cle de cryptage dans une trame de verification universelle amelioree
WO2013056619A1 (fr) Procédé, idp, sp et système pour la fédération d'identités
WO2014117600A1 (fr) Procédé et système basés sur le dns et permettant une authentification de l'utilisateur et un contrôle d'accès à un nom de domaine
WO2006047956A1 (fr) Cadre d'authentification general et procede de mise a jour des informations de description de securite utilisateur dans le bsf
WO2009155787A1 (fr) Procédé, système et serveur d'authentification de terminal
WO2010000157A1 (fr) Procédé de configuration, équipement et système de dispositif d'accès
WO2011006320A1 (fr) Procédé et système de connexion avec dédoublement d’identifiant et d’emplacement dans un réseau de nouvelle génération
WO2006081742A1 (fr) Méthode pour effectuer l’unification des informations utilisateur et l’authentification de l’extrémité utilisateur
WO2009006854A1 (fr) Procédé et système d'authentification de gestion basée sur le sous-système de rattachement au réseau
WO2007147354A1 (fr) Procédé et système pour extraire une clé de messagerie instantanée
US8615591B2 (en) Termination of a communication session between a client and a server
WO2011120365A1 (fr) Procédé et système d'établissement de connexion entre terminaux multiconnectés
WO2005104432A1 (fr) Procede permettant de supprimer l'identificateur de trafic de session ainsi que des informations correspondantes
WO2011134134A1 (fr) Procédé, dispositif et système de collaboration entre un réseau wifi et un réseau wimax

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06705521

Country of ref document: EP

Kind code of ref document: A1

WWW Wipo information: withdrawn in national office

Ref document number: 6705521

Country of ref document: EP