WO2010048805A1 - An application service accessing authenticity method and an application service accessing authenticity agent server - Google Patents

An application service accessing authenticity method and an application service accessing authenticity agent server Download PDF

Info

Publication number
WO2010048805A1
WO2010048805A1 PCT/CN2009/071728 CN2009071728W WO2010048805A1 WO 2010048805 A1 WO2010048805 A1 WO 2010048805A1 CN 2009071728 W CN2009071728 W CN 2009071728W WO 2010048805 A1 WO2010048805 A1 WO 2010048805A1
Authority
WO
WIPO (PCT)
Prior art keywords
application service
password
access
access authentication
provider
Prior art date
Application number
PCT/CN2009/071728
Other languages
French (fr)
Chinese (zh)
Inventor
王伟
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2010048805A1 publication Critical patent/WO2010048805A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to an application service access authentication method and an access authentication proxy server.
  • ICT Information Communication Technology
  • Information and Communication Technology Yueliang.
  • ICT Information Communication Technology
  • the key to ICT services is how to better open up telecommunications capabilities, enabling telecommunications capabilities and the rich application services on the Internet to be more convenient and easier to combine, thus providing users with more colorful telecom value-added services.
  • Parlay/OSA Parlay/Open Service Architecture, Parlay Development Service Architecture
  • SLA Service Level Agreement
  • the application service developer (or individual) can apply to the operator as an SP (Service Provider), and the operator assigns the SPID (Service Provider ID) and password to the SP;
  • SP Service Provider
  • SPID Service Provider ID
  • password password
  • the SP application service When accessing the telecom service capability interface function entity, the SP application service encrypts the SPID + password + time stamp, the form string, and transmits the encrypted string to the telecommunication service capability interface function entity, where the telecommunications
  • the service capability interface function entity may be an Open Service Gateway (OSG);
  • the telecommunication service capability interface function entity queries the SP password through the SPID passed by the SP, and performs verification using the same encryption algorithm as the SP;
  • the telecommunication service capability interface function entity may perform access control on the application request of the SP according to a preset SLA policy. For example, limiting the number of times the application service of the SP or the SP is used within a prescribed time period, and the like.
  • the embodiment of the present invention provides an application service access authentication method and an access authentication proxy server, so as to directly perform access authentication on a single application service, and increase the openness of the telecommunication service capability, and the technical solution. as follows:
  • An application service access authentication method after registering an application service and obtaining a password of an application service, the method includes:
  • An application service access authentication proxy server includes:
  • a registration management unit configured to register an application service and obtain a password of the application service
  • an access authentication unit configured to receive an access request sent by the provider of the registered application service, where the access request carries the The password of the application service is used to perform access authentication on the application service according to the password of the application service.
  • access authentication for a single application service can be realized, application service development by an ordinary developer, or application for accessing an application service access authentication proxy server and trial use of a telecommunication service capability can be directly expanded.
  • the scope of access authentication has increased the openness of telecommunications services.
  • the access authentication proxy server is used to complete the access authentication control, so that the telecom service capability interface functional entity is not directly opened to the public network, which improves the security and reduces the performance burden of the telecom service capability interface functional entity.
  • FIG. 1 is a flow chart showing a specific embodiment of the method of the present invention
  • 2 is a schematic structural diagram of an application service access proxy server according to an embodiment of the present invention
  • FIG. 3 is a schematic structural diagram of a registration management unit according to an embodiment of the present invention
  • FIG. 4 is a schematic structural diagram of an access authentication unit according to an embodiment of the present invention, and FIG. 4a and FIG. 4b are schematic structural diagrams of two different access authentication units;
  • FIG. 5 is a schematic structural diagram of another application service access authentication proxy server according to an embodiment of the present invention.
  • FIG. 6 is another schematic structural diagram of an access authentication unit according to an embodiment of the present invention.
  • the method includes: receiving an access request sent by the provider of the registered application service, where the access request carries a password of the application service, according to the Apply the password of the service to perform access authentication on the application service.
  • FIG. 1 is a flowchart of a method according to an embodiment of the present invention, which specifically includes the following steps: S101: An application service provider sends an application service registration request to an application service access authentication proxy server, where the registration request carries an application service. The address of the provider and the address of the application service.
  • the account number may be an SPID assigned by the operator, or may be a mobile phone number or an email address.
  • the address of the application service may be a unique identifier of the application service, which may be a URL (Uniform Resource Locator) corresponding to the application service, or an Internet Protocol address: port number (IP: corresponding to the application service). Port ),, and other forms.
  • the application service access authentication proxy server generates a password according to an address of the application service.
  • the application service access proxy server generates a password through an irreversible encryption algorithm according to the address of the application service, and saves the correspondence between the generated password and the application service address information and the provider account of the application service.
  • the manner of the storage is as shown in Table 1. It should be noted that the form of Table 1 is merely illustrative, and the embodiment of the present invention does not limit this.
  • the application service access authentication proxy server sends a registration response to the provider end of the application service, and sends the generated password to the application service provider.
  • the application service access proxy server can notify the application service provider of the generated password by means of short message or email.
  • the provider of the application service sends an access request to the application service access authentication proxy server, where the access request carries the password of the application service.
  • the application service to be accessed should be an already-registered application service.
  • the access request can be sent to the service access authentication proxy server in accordance with a secure HTTP (Hyper Text Transfer Protocol).
  • HTTP Hyper Text Transfer Protocol
  • the service access authentication proxy server performs access authentication on the application service according to the access request.
  • the account and the password of the application service are carried, and the service access authentication proxy server queries the corresponding address information according to the account and the password. For example, through Table 1, the account "Namel" can be queried. The address information corresponding to the password "Pwdl" is URL1. The queried address information is matched with the address of the application service that is currently requested to be accessed. If the matching is successful, the access authentication of the application service is performed.
  • the access request may also carry only the password of the application service.
  • the service access authentication proxy server can query the corresponding address information only according to the password, and further perform address matching to implement access authentication of the application service.
  • the access authentication proxy server can send the access request to the telecommunication service capability.
  • the port function entity such as the OSG, accesses the application service to the telecommunication network by the OSG.
  • the above embodiment includes both the registration process of the application service (S101-S103) and the process of access authentication (S104-S105).
  • the access authentication step of S104-S105 can be directly performed.
  • the service access authentication proxy server may also perform policy configuration on the application service that is authenticated by access, for example, may set an application service that restricts all access or a single The number of times the application service access is used within a specified time, such as N times/day, or N times/month. If the access authentication proxy server has previously configured the policy for the application service when the application service requests access, in the foregoing S105, after the password matching is successful, the application may be applied according to the pre-configured policy. The service performs a policy check. If the policy check is passed, the access authentication of the application service is considered to pass.
  • access authentication can be implemented for a single application service, and an application service developer can access the telecommunication network without applying to become an SP. Even an application developer developed by an ordinary developer can directly apply for access.
  • the access to the telecom service access authentication proxy server and the trial of the telecommunication service capability expand the scope of access authentication, increase the openness of the telecommunication service capability, and facilitate the provision of richer value-added services to end users.
  • the access authentication proxy server completes the access authentication control, so that the telecommunication service capability interface function entity is not directly opened to the public network, which improves the security and reduces the performance burden of the telecommunication service capability interface functional entity.
  • the embodiment of the present invention further provides an application service access authentication proxy server, as shown in FIG. 2, including:
  • the registration management unit 201 is configured to register an application service and obtain a password of the application service.
  • the access authentication unit 202 is configured to receive an access request sent by the provider of the registered application service, where the access request is carried in the access request.
  • the password of the application service is used to perform access authentication on the application service according to the password of the application service.
  • the registration management unit 201 may specifically include:
  • the password generating sub-unit 301 is configured to receive a registration request sent by the provider of the application service, where the registration request carries an account of the provider end of the application service and an address of the application service, according to the application industry.
  • the address of the service generates a password
  • the password management sub-unit 302 is configured to save a correspondence between the password generated by the password generating sub-unit 301 and the application service address information and the provider account of the application service;
  • the password sending subunit 303 is configured to send the password generated by the password generating subunit 302 to the provider end of the application service.
  • the access authentication unit 202 may specifically include:
  • the first password query sub-unit 401 is configured to receive an access request sent by the provider of the registered application service, and query the corresponding address information according to the password of the application service carried in the access request and the corresponding relationship;
  • the first password matching sub-unit 402 is configured to match the address information queried by the first cryptographic query sub-unit 401 with the address of the application service, and if the matching is successful, access authentication through the application service .
  • the access request received by the cipher generation sub-unit 301 further includes an account of the Provider of the application service, and the composition of the access authentication unit may also be as shown in FIG. 4b, specifically including:
  • the query sub-unit 403 is configured to receive an access request sent by the provider of the registered application service, according to the account of the application end of the application service carried in the access request, the password of the application service, and the corresponding relationship, and the corresponding query is performed. Address information;
  • the second password matching sub-unit 404 is configured to match the address information queried by the second cryptographic query sub-unit 403 with the address of the application service, and if the matching is successful, access authentication through the application service .
  • the embodiment of the present invention further provides another application service access authentication proxy server. Referring to FIG. 5, compared with the application service access authentication proxy server shown in FIG. 2, the difference is that the access profile is The proxy server further includes:
  • a policy configuration unit 503, configured to perform policy configuration on an application service authenticated by the access authentication unit 502;
  • the registration management unit 501 is the same as the registration management unit 201 described above;
  • the access authentication unit 502 may specifically include:
  • the password query subunit 601 is configured to receive the access sent by the provider of the registered application service. And requesting, according to the password of the application service carried in the access request and the corresponding relationship, querying the corresponding address information;
  • a password matching subunit 602 configured to match address information queried by the password query subunit with an address of the application service
  • the above application service access authentication proxy server can provide functions such as registration management, access authentication, and policy management of the application service. Access authentication can be implemented for a single application service, thereby expanding the scope of access authentication and increasing the openness of the telecommunications service capability.
  • the authentication proxy server can be deployed as a module, the telecom service capability interface function entity can be directly opened to the public network, which improves security and reduces the performance burden of the telecom service capability interface functional entity.
  • the authentication proxy server provided by the embodiment of the present invention may be deployed as a single module or as an extended function module of a telecommunication service capability interface functional entity, where the registration management unit, the access authentication unit or the policy
  • the configuration unit can be used as part of the telecommunications service capability interface functional entity function.
  • the units described as the separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. .
  • Some or all of the modules may be selected according to actual needs to achieve the objectives of the solution of the embodiment. Those of ordinary skill in the art can understand and implement without the creative labor.
  • the foregoing program may be stored in a computer readable storage medium, and the program is executed when executed.
  • the foregoing steps include the steps of the foregoing method embodiments; and the foregoing storage medium includes: a medium that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)

Abstract

An application service accessing authenticity method and an application service accessing authenticity agent server are provided. The application service accessing authenticity method includes: an access request transmitted from the registered application service provider terminal is received after registering an application service and obtaining the password of the application service, the password of the application service is carried on the access request, and access authenticity to the application service is preformed based on the password of the application service. The application of the above technique scheme can realize the access authenticity of the single application service, extend the scope of the access authenticity, and increase the open size of the telecommunication service ability.

Description

应用业务接入鉴权方法及接入鉴权代理服务器  Application service access authentication method and access authentication proxy server
本申请要求于 2008 年 10 月 27 日提交中国专利局、 申请号为 200810171219.2、 发明名称为"应用业务接入鉴权方法及接入鉴权代理"的中国 专利申请的优先权, 其全部内容通过引用结合在本申请中。  This application claims the priority of the Chinese patent application filed on October 27, 2008, the Chinese Patent Office, the application number is 200810171219.2, and the invention is entitled "Application Service Access Authentication Method and Access Authentication Agent". The citations are incorporated herein by reference.
技术领域 Technical field
本发明涉及通信技术领域,特别是涉及一种应用业务接入鉴权方法及接入 鉴权代理服务器。  The present invention relates to the field of communications technologies, and in particular, to an application service access authentication method and an access authentication proxy server.
背景技术 Background technique
随着电信技术的发展, 日益开放的电信业务市场不断进入新的竟争者, 为 了寻找新的业务发展空间, 电信运营商除了提供传统的网络通信服务之外, 已 经开始提供 ICT ( Information Communication Technology, 信息通信技术 )月良 务。 ICT 是信息技术与通信技术相融合而形成的一个新的概念和新的技术领 域,发展 ICT业务已经成为信息服务提供商以及电信运营商的共识。 ICT服务 的关键是如何更好地开放电信能力,使电信能力与互联网上丰富的应用业务能 够更方便、 更容易地相结合, 从而向用户提供更加丰富多彩的电信增值业务。  With the development of telecommunications technology, the increasingly open telecom service market continues to enter new competitors. In order to find new business development space, telecom operators have begun to provide ICT (Information Communication Technology) in addition to providing traditional network communication services. , Information and Communication Technology) Yueliang. ICT is a new concept and new technology field formed by the integration of information technology and communication technology. The development of ICT service has become the consensus of information service providers and telecom operators. The key to ICT services is how to better open up telecommunications capabilities, enabling telecommunications capabilities and the rich application services on the Internet to be more convenient and easier to combine, thus providing users with more colorful telecom value-added services.
2005年 Parlay组织推出 Parlay X Web Services规范, Parlay X Web Services 是功能强大但简单、 高度抽象的电信网络能力标准构件。 无论开发人员是否具 备电信专业知识都能够快速理解 Parlay X Web Services并且利用它开发出各具 特色的应用。 Parlay/OSA ( Parlay/Open Service Architecture , Parlay开发业务架 构 )提供以下的接入鉴权认证以及 SLA ( Service Level Agreement, 服务等级 协议)策略控制机制:  In 2005 Parlay organized the Parlay X Web Services specification, a powerful but simple, highly abstract standard component of telecommunications network capabilities. Whether developers have telecommunications expertise or not, they can quickly understand Parlay X Web Services and use it to develop unique applications. Parlay/OSA (Parlay/Open Service Architecture, Parlay Development Service Architecture) provides the following access authentication and SLA (Service Level Agreement) policy control mechanisms:
应用业务开发商 (或个人)可以向运营商申请成为 SP ( Service Provider, 业务提供商 ), 运营商为 SP分配 SPID (业务提供商标识)和密码;  The application service developer (or individual) can apply to the operator as an SP (Service Provider), and the operator assigns the SPID (Service Provider ID) and password to the SP;
SP应用业务在接入电信业务能力接口功能实体时,将" SPID +密码 +时间 戳,,形式的字符串进行加密, 并将加密后的字符串传给电信业务能力接口功能 实体,这里的电信业务能力接口功能实体,可以是 OSG( Open Service Gateway, 开放业务网关);  When accessing the telecom service capability interface function entity, the SP application service encrypts the SPID + password + time stamp, the form string, and transmits the encrypted string to the telecommunication service capability interface function entity, where the telecommunications The service capability interface function entity may be an Open Service Gateway (OSG);
电信业务能力接口功能实体通过 SP传递的 SPID查询出 SP的密码,并使 用与 SP相同的加密算法进行校验; 电信业务能力接口功能实体可根据预先设置的 SLA策略对该 SP的应用请 求进行接入控制。 例如, 限制该 SP或该 SP的应用业务在规定的时间内的使 用次数等。 The telecommunication service capability interface function entity queries the SP password through the SPID passed by the SP, and performs verification using the same encryption algorithm as the SP; The telecommunication service capability interface function entity may perform access control on the application request of the SP according to a preset SLA policy. For example, limiting the number of times the application service of the SP or the SP is used within a prescribed time period, and the like.
在实现本发明过程中,发明人发现以上现有技术中至少存在如下问题: 按 现有的鉴权方式, 只能对 SP的接入进行鉴权, 因此应用业务开发商(或个人) 必须首先申请成为 SP才能够接入电信网络, 这在很大程度上限制了电信业务 能力的开放性, 不利于电信增值业务的发展。 此外, 将电信业务能力接口功能 实体(例如 OSG ) 直接暴露在公网上, 也存在较大的安全隐患和性能压力。 发明内容  In the process of implementing the present invention, the inventor has found that at least the following problems exist in the prior art: According to the existing authentication method, only the access of the SP can be authenticated, so the application service developer (or individual) must first Applying to become an SP can access the telecommunications network, which greatly limits the openness of the telecommunications service capability and is not conducive to the development of telecom value-added services. In addition, direct exposure of telecom service capability interface functional entities (such as OSG) to the public network also poses significant security risks and performance pressures. Summary of the invention
有鉴于此,本发明实施例提供了一种应用业务接入鉴权方法及接入鉴权代 理服务器, 以实现直接对单个应用业务进行接入鉴权,增加电信业务能力的开 放性, 技术方案如下:  In view of this, the embodiment of the present invention provides an application service access authentication method and an access authentication proxy server, so as to directly perform access authentication on a single application service, and increase the openness of the telecommunication service capability, and the technical solution. as follows:
一种应用业务接入鉴权方法,在对应用业务进行注册并获取应用业务的密 码之后, 该方法包括:  An application service access authentication method, after registering an application service and obtaining a password of an application service, the method includes:
接收已注册的应用业务的提供端发送的接入请求,所述接入请求中携带所 述应用业务的密码, 根据所述应用业务的密码, 对应用业务进行接入鉴权。  Receiving an access request sent by the provider of the registered application service, where the access request carries a password of the application service, and performs access authentication on the application service according to the password of the application service.
一种应用业务接入鉴权代理服务器, 包括:  An application service access authentication proxy server includes:
注册管理单元, 用于对应用业务进行注册并获取应用业务的密码; 接入鉴权单元, 用于接收已注册的应用业务的提供端发送的接入请求, 所 述接入请求中携带所述应用业务的密码,才艮据所述应用业务的密码,对应用业 务进行接入鉴权。  a registration management unit, configured to register an application service and obtain a password of the application service; and an access authentication unit, configured to receive an access request sent by the provider of the registered application service, where the access request carries the The password of the application service is used to perform access authentication on the application service according to the password of the application service.
通过应用以上技术方案, 可以实现对单个应用业务进行接入鉴权,普通开 发者进行的应用业务开发,也可直接申请接入应用业务接入鉴权代理服务器并 进行电信业务能力的试用,扩大了接入鉴权的范围,增加了电信业务能力的开 放性。 此外, 由接入鉴权代理服务器来完成接入鉴权控制, 可以使电信业务能 力接口功能实体不直接开放到公网,提高了安全性,也减轻了电信业务能力接 口功能实体的性能负担。  By applying the above technical solutions, access authentication for a single application service can be realized, application service development by an ordinary developer, or application for accessing an application service access authentication proxy server and trial use of a telecommunication service capability can be directly expanded. The scope of access authentication has increased the openness of telecommunications services. In addition, the access authentication proxy server is used to complete the access authentication control, so that the telecom service capability interface functional entity is not directly opened to the public network, which improves the security and reduces the performance burden of the telecom service capability interface functional entity.
附图说明 DRAWINGS
图 1为实现本发明方法具体实施例的流程图; 图 2为本发明实施例的应用业务接入鉴权代理服务器的结构示意图 图 3为本发明实施例的注册管理单元的结构示意图; Figure 1 is a flow chart showing a specific embodiment of the method of the present invention; 2 is a schematic structural diagram of an application service access proxy server according to an embodiment of the present invention; FIG. 3 is a schematic structural diagram of a registration management unit according to an embodiment of the present invention;
图 4为本发明实施例的接入鉴权单元的结构示意图,图 4a和图 4b分别为 两种不同的接入鉴权单元结构示意图;  4 is a schematic structural diagram of an access authentication unit according to an embodiment of the present invention, and FIG. 4a and FIG. 4b are schematic structural diagrams of two different access authentication units;
图 5 为本发明实施例的应用业务接入鉴权代理服务器的另一种结构示意 图;  FIG. 5 is a schematic structural diagram of another application service access authentication proxy server according to an embodiment of the present invention; FIG.
图 6为本发明实施例的接入鉴权单元的另一种结构示意图。  FIG. 6 is another schematic structural diagram of an access authentication unit according to an embodiment of the present invention.
具体实施方式 detailed description
首先对本发明实施例的应用业务接入鉴权方法进行说明:  First, an application service access authentication method according to an embodiment of the present invention is described:
在对应用业务进行注册并获取应用业务的密码之后, 该方法包括: 接收已注册的应用业务的提供端发送的接入请求 ,所述接入请求中携带所 述应用业务的密码, 根据所述应用业务的密码, 对应用业务进行接入鉴权。  After the application service is registered and the password of the application service is obtained, the method includes: receiving an access request sent by the provider of the registered application service, where the access request carries a password of the application service, according to the Apply the password of the service to perform access authentication on the application service.
下面结合附图, 对本发明的实施方案进行详细描述。  The embodiments of the present invention are described in detail below with reference to the accompanying drawings.
图 1所示为本发明实施例提供的方法流程图, 具体包括以下步骤: S101 ,应用业务的提供端向应用业务接入鉴权代理服务器发送应用业务注 册请求, 所述注册请求中携带应用业务的提供端的账号和应用业务的地址。  FIG. 1 is a flowchart of a method according to an embodiment of the present invention, which specifically includes the following steps: S101: An application service provider sends an application service registration request to an application service access authentication proxy server, where the registration request carries an application service. The address of the provider and the address of the application service.
所述账号可以是运营商分配的 SPID, 也可以是手机号码或电子邮箱地址 等。 所述应用业务的地址可以唯一标识该应用业务, 具体可以是应用业务所对 应的 URL ( Uniform Resource Locator, 统一资源定位符), 或者是应用业务所 对应的 "互联网协议地址: 端口号 (IP: Port ),,等形式。  The account number may be an SPID assigned by the operator, or may be a mobile phone number or an email address. The address of the application service may be a unique identifier of the application service, which may be a URL (Uniform Resource Locator) corresponding to the application service, or an Internet Protocol address: port number (IP: corresponding to the application service). Port ),, and other forms.
S102, 应用业务接入鉴权代理服务器根据应用业务的地址生成密码。 应用业务接入鉴权代理服务器根据应用业务的地址,通过不可逆加密算法 生成密码,并且保存所生成的密码与应用业务地址信息及应用业务的提供端账 号的对应关系。 保存的方式如表 1所示, 需要说明的是, 表 1的形式仅仅是示 意性的, 本发明实施例对此不加以限制。 应用业务地址信息 密码 账号 S102. The application service access authentication proxy server generates a password according to an address of the application service. The application service access proxy server generates a password through an irreversible encryption algorithm according to the address of the application service, and saves the correspondence between the generated password and the application service address information and the provider account of the application service. The manner of the storage is as shown in Table 1. It should be noted that the form of Table 1 is merely illustrative, and the embodiment of the present invention does not limit this. Application service address information password account
URL1 Pwdl Namel  URL1 Pwdl Namel
URL2 Pwd2 Namel  URL2 Pwd2 Namel
IP: Portl Pwd3 Name2 IP: Portl Pwd3 Name2
IP: Port2 Pwd4 Name3 表 1 IP: Port2 Pwd4 Name3 Table 1
5103 , 应用业务接入鉴权代理服务器向应用业务的提供端发送注册响应 , 将所生成的密码发送至应用业务提供端。  5103. The application service access authentication proxy server sends a registration response to the provider end of the application service, and sends the generated password to the application service provider.
应用业务接入鉴权代理服务器可以通过短信、 电子邮件等方式,将所生成 的密码通知应用业务提供端。  The application service access proxy server can notify the application service provider of the generated password by means of short message or email.
5104, 应用业务的提供端向应用业务接入鉴权代理服务器发送接入请求, 所述接入请求中携带应用业务的密码。  5104. The provider of the application service sends an access request to the application service access authentication proxy server, where the access request carries the password of the application service.
请求接入的应用业务, 应该是已经注册过的应用业务, 为保证安全传输, 接入请求可以遵照安全的 HTTP ( Hyper Text Transfer Protocol, 超文本传输协 议)发送至业务接入鉴权代理服务器。  The application service to be accessed should be an already-registered application service. To ensure secure transmission, the access request can be sent to the service access authentication proxy server in accordance with a secure HTTP (Hyper Text Transfer Protocol).
5105 , 业务接入鉴权代理服务器根据所述接入请求,对应用业务进行接入 鉴权。  5105. The service access authentication proxy server performs access authentication on the application service according to the access request.
在接入请求中,携带有应用业务的账号及密码, 业务接入鉴权代理服务器 根据所述账号及密码, 查询所对应的地址信息, 例如, 通过表 1 , 可以查询到 账号" Namel"与密码" Pwdl"所对应的地址信息为 URL1。 将所查询到的地址信 息与所述当前请求接入的应用业务的地址进行匹配,如果匹配成功, 则通过所 述应用业务的接入鉴权。  In the access request, the account and the password of the application service are carried, and the service access authentication proxy server queries the corresponding address information according to the account and the password. For example, through Table 1, the account "Namel" can be queried. The address information corresponding to the password "Pwdl" is URL1. The queried address information is matched with the address of the application service that is currently requested to be accessed. If the matching is successful, the access authentication of the application service is performed.
需要说明的是, 由于所述密码是根据应用业务的地址,使用不可逆算法所 生成的, 因此, 在接入请求, 也可以只携带应用业务的密码。 业务接入鉴权代 理服务器仅根据密码,也可以查询所对应的地址信息, 并进一步进行地址的匹 配, 实现应用业务的接入鉴权。  It should be noted that, because the password is generated according to the address of the application service and is generated by using an irreversible algorithm, the access request may also carry only the password of the application service. The service access authentication proxy server can query the corresponding address information only according to the password, and further perform address matching to implement access authentication of the application service.
鉴权通过后,接入鉴权代理服务器可以将接入请求发送至电信业务能力接 口功能实体, 例如 OSG, 由 OSG将所述应用业务接入电信网络。 After the authentication is passed, the access authentication proxy server can send the access request to the telecommunication service capability. The port function entity, such as the OSG, accesses the application service to the telecommunication network by the OSG.
需要说明的是, 为了表述方便, 上面的实施例同时包含了应用业务的注册 过程(S101-S103 ) 与接入鉴权的过程(S104-S105 )。 在实际应用中, 如果准 备接入的应用业务已经成功注册过,就可以直接执行 S104-S105的接入鉴权的 步骤。  It should be noted that, for convenience of description, the above embodiment includes both the registration process of the application service (S101-S103) and the process of access authentication (S104-S105). In the actual application, if the application service that is ready to access has been successfully registered, the access authentication step of S104-S105 can be directly performed.
在本发明的优选实施方案中,在鉴权通过后, 业务接入鉴权代理服务器还 可以对通过接入鉴权的应用业务进行策略配置, 例如, 可以设置限制所有接入 的应用业务或者单个应用业务访问在规定时间内的使用次数, 如 N次 /天, 或 N次 /月。 如果在应用业务请求接入的时候, 接入鉴权代理服务器已经预先对 该应用业务进行了策略配置, 则在上述 S105中, 可以在密码匹配成功后, 根 据预先配置的策略, 对所述应用业务进行策略检查, 如果策略检查通过, 则认 为所述应用业务的接入鉴权通过。  In a preferred embodiment of the present invention, after the authentication is passed, the service access authentication proxy server may also perform policy configuration on the application service that is authenticated by access, for example, may set an application service that restricts all access or a single The number of times the application service access is used within a specified time, such as N times/day, or N times/month. If the access authentication proxy server has previously configured the policy for the application service when the application service requests access, in the foregoing S105, after the password matching is successful, the application may be applied according to the pre-configured policy. The service performs a policy check. If the policy check is passed, the access authentication of the application service is considered to pass.
可见, 应用上述方法, 可以实现对单个应用业务进行接入鉴权, 应用业务 开发者不需要申请成为 SP就可以接入电信网络, 即使是普通开发者进行的应 用业务开发,也可直接申请接入电信业务接入鉴权代理服务器并进行电信业务 能力的试用, 扩大了接入鉴权的范围, 增加了电信业务能力的开放性, 有利于 向最终用户提供更加丰富的增值业务。 此外, 由接入鉴权代理服务器来完成接 入鉴权控制, 可以使电信业务能力接口功能实体不直接开放到公网,提高了安 全性, 也减轻了电信业务能力接口功能实体的性能负担。 本发明实施例还提供一种应用业务接入鉴权代理服务器, 参见图 2所示, 包括:  It can be seen that, by applying the above method, access authentication can be implemented for a single application service, and an application service developer can access the telecommunication network without applying to become an SP. Even an application developer developed by an ordinary developer can directly apply for access. The access to the telecom service access authentication proxy server and the trial of the telecommunication service capability expand the scope of access authentication, increase the openness of the telecommunication service capability, and facilitate the provision of richer value-added services to end users. In addition, the access authentication proxy server completes the access authentication control, so that the telecommunication service capability interface function entity is not directly opened to the public network, which improves the security and reduces the performance burden of the telecommunication service capability interface functional entity. The embodiment of the present invention further provides an application service access authentication proxy server, as shown in FIG. 2, including:
注册管理单元 201 , 用于对应用业务进行注册并获取应用业务的密码; 接入鉴权单元 202 , 用于接收已注册的应用业务的提供端发送的接入请 求, 所述接入请求中携带所述应用业务的密码, 根据所述应用业务的密码, 对 应用业务进行接入鉴权。  The registration management unit 201 is configured to register an application service and obtain a password of the application service. The access authentication unit 202 is configured to receive an access request sent by the provider of the registered application service, where the access request is carried in the access request. The password of the application service is used to perform access authentication on the application service according to the password of the application service.
参见图 3所示, 所述注册管理单元 201 , 具体可以包括:  Referring to FIG. 3, the registration management unit 201 may specifically include:
密码生成子单元 301 , 用于接收应用业务的提供端发送的注册请求, 所述 注册请求中携带应用业务的提供端的账号和应用业务的地址 ,根据所述应用业 务的地址生成密码; The password generating sub-unit 301 is configured to receive a registration request sent by the provider of the application service, where the registration request carries an account of the provider end of the application service and an address of the application service, according to the application industry. The address of the service generates a password;
密码管理子单元 302 , 用于保存所述密码生成子单元 301生成的密码与应 用业务地址信息及应用业务的提供端账号的对应关系;  The password management sub-unit 302 is configured to save a correspondence between the password generated by the password generating sub-unit 301 and the application service address information and the provider account of the application service;
密码发送子单元 303 , 用于将所述密码生成子单元 302生成的密码发送至 应用业务的提供端。  The password sending subunit 303 is configured to send the password generated by the password generating subunit 302 to the provider end of the application service.
参见图 4a所示, 所述接入鉴权单元 202 , 具体可以包括:  As shown in FIG. 4a, the access authentication unit 202 may specifically include:
第一密码查询子单元 401 , 用于接收已注册的应用业务的提供端发送的接 入请求,根据接入请求中携带的应用业务的密码与所述对应关系, 查询所对应 的地址信息;  The first password query sub-unit 401 is configured to receive an access request sent by the provider of the registered application service, and query the corresponding address information according to the password of the application service carried in the access request and the corresponding relationship;
第一密码匹配子单元 402, 用于将所述第一密码查询子单元 401查询到的 地址信息与所述应用业务的地址进行匹配,如果匹配成功, 则通过所述应用业 务的接入鉴权。  The first password matching sub-unit 402 is configured to match the address information queried by the first cryptographic query sub-unit 401 with the address of the application service, and if the matching is successful, access authentication through the application service .
所述密码生成子单元 301所接收的接入请求中,还包括所述应用业务的提 供端的账号, 则所述接入鉴权单元的组成还可以如图 4b所示, 具体包括: 第二密码查询子单元 403 , 用于接收已注册的应用业务的提供端发送的接 入请求,根据接入请求中携带的应用业务的提供端的账号、应用业务的密码与 所述对应关系, 查询所对应的地址信息;  The access request received by the cipher generation sub-unit 301 further includes an account of the Provider of the application service, and the composition of the access authentication unit may also be as shown in FIG. 4b, specifically including: The query sub-unit 403 is configured to receive an access request sent by the provider of the registered application service, according to the account of the application end of the application service carried in the access request, the password of the application service, and the corresponding relationship, and the corresponding query is performed. Address information;
第二密码匹配子单元 404, 用于将所述第二密码查询子单元 403查询到的 地址信息与所述应用业务的地址进行匹配,如果匹配成功, 则通过所述应用业 务的接入鉴权。 本发明实施例还提供另一种应用业务接入鉴权代理服务器, 参见图 5 所 示, 与图 2所示的应用业务接入鉴权代理服务器相比, 不同之处在于, 该接入 鉴权代理服务器进一步包括:  The second password matching sub-unit 404 is configured to match the address information queried by the second cryptographic query sub-unit 403 with the address of the application service, and if the matching is successful, access authentication through the application service . The embodiment of the present invention further provides another application service access authentication proxy server. Referring to FIG. 5, compared with the application service access authentication proxy server shown in FIG. 2, the difference is that the access profile is The proxy server further includes:
策略配置单元 503 , 用于对通过所述接入鉴权单元 502鉴权的应用业务进 行策略配置;  a policy configuration unit 503, configured to perform policy configuration on an application service authenticated by the access authentication unit 502;
其中, 注册管理单元 501与上述的注册管理单元 201相同;  The registration management unit 501 is the same as the registration management unit 201 described above;
参见图 6所示, 接入鉴权单元 502 , 具体可以包括:  As shown in FIG. 6, the access authentication unit 502 may specifically include:
密码查询子单元 601 , 用于接收已注册的应用业务的提供端发送的接入请 求,根据接入请求中携带的应用业务的密码和所述对应关系, 查询所对应的地 址信息; The password query subunit 601 is configured to receive the access sent by the provider of the registered application service. And requesting, according to the password of the application service carried in the access request and the corresponding relationship, querying the corresponding address information;
密码匹配子单元 602 , 用于将所述密码查询子单元查询到的地址信息与所 述应用业务的地址进行匹配;  a password matching subunit 602, configured to match address information queried by the password query subunit with an address of the application service;
策略检查子单元 603 , 如果所述密码匹配子单元匹配成功, 则根据所述策 略配置单元 503预先配置的策略,对所述应用业务进行策略检查,如果策略检 查通过, 则通过所述应用业务的接入鉴权。  The policy check sub-unit 603, if the password matching sub-units are successfully matched, perform a policy check on the application service according to a policy pre-configured by the policy configuration unit 503, and if the policy check passes, pass the application service. Access authentication.
对于装置实施例而言, 由于其基本相应于方法实施例, 所以描述得比较简 单,相关之处参见方法实施例的部分说明即可。上述的应用业务接入鉴权代理 服务器, 可以提供应用业务的注册管理、接入鉴权及策略管理等功能。 可实现 对单个应用业务进行接入鉴权,从而扩大了接入鉴权的范围,增加了电信业务 能力的开放性。 当该鉴权代理服务器可单独作为一个模块部署时, 可以使电信 业务能力接口功能实体不直接开放到公网,提高了安全性, 也减轻了电信业务 能力接口功能实体的性能负担。  For the device embodiment, since it basically corresponds to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment. The above application service access authentication proxy server can provide functions such as registration management, access authentication, and policy management of the application service. Access authentication can be implemented for a single application service, thereby expanding the scope of access authentication and increasing the openness of the telecommunications service capability. When the authentication proxy server can be deployed as a module, the telecom service capability interface function entity can be directly opened to the public network, which improves security and reduces the performance burden of the telecom service capability interface functional entity.
需要说明的是,本发明实施例所提供的鉴权代理服务器既可单独作为一个 模块部署, 也可作为电信业务能力接口功能实体的扩展功能模块, 其中注册管 理单元,接入鉴权单元或策略配置单元都可以作为电信业务能力接口功能实体 功能的一部分。其中所述作为分离部件说明的单元可以是或者也可以不是物理 上分开的,作为单元显示的部件可以是或者也可以不是物理单元, 即可以位于 一个地方, 或者也可以分布到多个网络单元上。可以根据实际的需要选择其中 的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付 出创造性的劳动的情况下, 即可以理解并实施。  It should be noted that the authentication proxy server provided by the embodiment of the present invention may be deployed as a single module or as an extended function module of a telecommunication service capability interface functional entity, where the registration management unit, the access authentication unit or the policy The configuration unit can be used as part of the telecommunications service capability interface functional entity function. The units described as the separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. . Some or all of the modules may be selected according to actual needs to achieve the objectives of the solution of the embodiment. Those of ordinary skill in the art can understand and implement without the creative labor.
本领域普通技术人员可以理解:实现上述方法实施例的全部或部分步骤可 以通过程序指令相关的硬件来完成,前述的程序可以存储于一计算机可读取存 储介质中, 该程序在执行时, 执行包括上述方法实施例的步骤; 而前述的存储 介质包括: ROM、 RAM, 磁碟或者光盘等各种可以存储程序代码的介质。  A person skilled in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by using hardware related to the program instructions. The foregoing program may be stored in a computer readable storage medium, and the program is executed when executed. The foregoing steps include the steps of the foregoing method embodiments; and the foregoing storage medium includes: a medium that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk.
以上所述仅是本发明的具体实施方式,应当指出,对于本技术领域的普通 技术人员来说, 在不脱离本发明原理的前提下, 还可以做出若干改进和润饰, 这些改进和润饰也应视为本发明的保护范围。  The above is only a specific embodiment of the present invention, and it should be noted that those skilled in the art can also make several improvements and retouchings without departing from the principles of the present invention. It should be considered as the scope of protection of the present invention.

Claims

权 利 要 求 Rights request
1、 一种应用业务接入鉴权方法, 其特征在于, 在对应用业务进行注册并 获取应用业务的密码之后, 该方法包括:  An application service access authentication method, characterized in that after registering an application service and obtaining a password of an application service, the method includes:
接收已注册的应用业务的提供端发送的接入请求 ,所述接入请求中携带所 述应用业务的密码, 根据所述应用业务的密码, 对应用业务进行接入鉴权。  Receiving an access request sent by the provider of the registered application service, where the access request carries a password of the application service, and performs access authentication on the application service according to the password of the application service.
2、 根据权利要求 1所述的方法, 其特征在于, 所述对应用业务进行注册 并获取应用业务的密码, 包括:  The method according to claim 1, wherein the registering the application service and obtaining the password of the application service includes:
接收所述应用业务的提供端发送的注册请求,所述注册请求中携带所述应 用业务的提供端的账号和应用业务的地址,才艮据所述应用业务的地址生成所述 密码;  Receiving a registration request sent by the provider of the application service, where the registration request carries an account of the provider of the application service and an address of the application service, and generates the password according to the address of the application service;
保存所生成的密码与应用业务地址信息及所述应用业务的提供端账号的 对应关系, 并将所生成的密码发送至所述应用业务的提供端。  Corresponding relationship between the generated password and the application service address information and the provider account of the application service is saved, and the generated password is sent to the provider end of the application service.
3、 根据权利要求 2所述的方法, 其特征在于, 所述根据应用业务的密码, 对应用业务进行接入鉴权, 包括:  The method according to claim 2, wherein the performing access authentication on the application service according to the password of the application service includes:
根据所述接入请求中携带的密码和所述对应关系, 查询所对应的地址信 息, 将所查询到的地址信息与所述应用业务的地址进行匹配, 如果匹配成功, 则通过所述应用业务的接入鉴权。  Querying the corresponding address information according to the password and the corresponding relationship carried in the access request, and matching the queried address information with the address of the application service. If the matching succeeds, the application service is adopted. Access authentication.
4、 根据权利要求 3所述的方法, 其特征在于, 所述接入请求中还携带所 述应用业务的提供端的账号, 所述方法还包括:  The method according to claim 3, wherein the access request further carries an account of the provider of the application service, and the method further includes:
根据所述应用业务的提供端的账号对所述应用业务的提供端进行鉴权。 And authenticating the provider end of the application service according to the account of the provider end of the application service.
5、 根据权利要求 2所述的方法, 其特征在于, 还包括, 对通过接入鉴权 的应用业务进行策略配置。 The method according to claim 2, further comprising: performing policy configuration on an application service that is authenticated by access.
6、 根据权利要求 5所述的方法, 其特征在于, 所述对通过接入鉴权的应 用业务进行策略配置, 包括: 对在规定时间内, 允许所述应用业务的使用次数 进行配置。  The method according to claim 5, wherein the performing the policy configuration on the application service that is authenticated by the access includes: configuring the number of times the application service is used within a specified time.
7、 根据权利要求 5或 6所述的方法, 其特征在于, 所述根据应用业务的 密码, 对应用业务进行接入鉴权, 包括:  The method according to claim 5 or 6, wherein the performing access authentication on the application service according to the password of the application service includes:
才艮据所述密码和所述对应关系, 查询所对应的地址信息, 将所查询到的地 址信息与所述应用业务的地址进行匹配; 如果匹配成功, 则根据预先配置的策 略, 对所述应用业务进行策略检查, 如果策略检查通过, 则通过所述应用业务 的接入鉴权。 According to the password and the corresponding relationship, query the corresponding address information, and match the queried address information with the address of the application service; if the matching is successful, according to the pre-configured policy The policy check is performed on the application service. If the policy check is passed, the access authentication of the application service is performed.
8、 一种应用业务接入鉴权代理服务器, 其特征在于, 包括:  8. An application service access authentication proxy server, comprising:
注册管理单元, 用于对应用业务进行注册并获取应用业务的密码; 接入鉴权单元, 用于接收已注册的应用业务的提供端发送的接入请求, 所 述接入请求中携带所述应用业务的密码,才艮据所述应用业务的密码,对应用业 务进行接入鉴权。  a registration management unit, configured to register an application service and obtain a password of the application service; and an access authentication unit, configured to receive an access request sent by the provider of the registered application service, where the access request carries the The password of the application service is used to perform access authentication on the application service according to the password of the application service.
9、 根据权利要求 8所述的接入鉴权代理服务器, 其特征在于, 所述注册 管理单元, 包括:  The access authentication proxy server according to claim 8, wherein the registration management unit comprises:
密码生成子单元, 用于接收所述应用业务的提供端发送的注册请求, 所述 注册请求中携带所述应用业务的提供端的账号和应用业务的地址,根据所述应 用业务的地址生成所述密码;  a password generating subunit, configured to receive a registration request sent by the provider of the application service, where the registration request carries an account of the provider end of the application service and an address of an application service, and generates the identifier according to the address of the application service. Password
密码管理子单元,用于保存所述密码生成子单元生成的密码与应用业务地 址信息及所述应用业务的提供端账号的对应关系;  a password management subunit, configured to store a correspondence between a password generated by the password generation subunit and an application service address information and a provider account of the application service;
密码发送子单元,用于将所述密码生成子单元生成的密码发送至所述应用 业务的提供端。  a password sending subunit, configured to send a password generated by the password generating subunit to a provider end of the application service.
10、 根据权利要求 9所述的接入鉴权代理服务器, 其特征在于, 所述接入 鉴权单元, 包括:  The access authentication proxy server according to claim 9, wherein the access authentication unit comprises:
第一密码查询子单元,用于接收已注册的应用业务的提供端发送的接入请 求,根据接入请求中携带的应用业务的密码与所述对应关系, 查询所对应的地 址信息;  The first password query sub-unit is configured to receive an access request sent by the provider of the registered application service, and query the corresponding address information according to the password of the application service carried in the access request and the corresponding relationship;
第一密码匹配子单元,用于将所述第一密码查询子单元查询到的地址信息 与所述应用业务的地址进行匹配,如果匹配成功, 则通过所述应用业务的接入 鉴权。  The first password matching sub-unit is configured to match the address information queried by the first cryptographic query sub-unit with the address of the application service, and if the matching is successful, pass the access authentication of the application service.
11、 根据权利要求 9所述的接入鉴权代理服务器, 其特征在于, 所述密码 生成子单元所接收的接入请求中,还携带所述应用业务的提供端的账号, 则所 述接入鉴权单元, 包括:  The access authentication proxy server according to claim 9, wherein the access request received by the cryptographic generating subunit further carries an account of the Provider of the application service, and the access The authentication unit, including:
第二密码查询子单元,用于接收已注册的应用业务的提供端发送的接入请 求,根据接入请求中携带的应用业务的提供端的账号、应用业务的密码与所述 对应关系, 查询所对应的地址信息; a second password query sub-unit, configured to receive an access request sent by the provider of the registered application service, according to the account of the application end of the application service carried in the access request, the password of the application service, and the Corresponding relationship, querying the corresponding address information;
第二密码匹配子单元,用于将所述第二密码查询子单元查询到的地址信息 与所述应用业务的地址进行匹配,如果匹配成功, 则通过所述应用业务的接入 鉴权。  The second password matching sub-unit is configured to match the address information queried by the second cryptographic query sub-unit with the address of the application service, and if the matching is successful, pass the access authentication of the application service.
12、 根据权利要求 9所述的接入鉴权代理服务器, 其特征在于, 该接入鉴 权代理服务器进一步包括:  The access authentication proxy server according to claim 9, wherein the access authentication proxy server further comprises:
策略配置单元,用于对通过所述接入鉴权单元鉴权的应用业务进行策略配 置。  The policy configuration unit is configured to perform policy configuration on the application service authenticated by the access authentication unit.
13、 根据权利要求 12所述的接入鉴权代理服务器, 其特征在于, 所述接 入鉴权单元, 包括:  The access authentication proxy server according to claim 12, wherein the access authentication unit comprises:
密码查询子单元, 用于接收已注册的应用业务的提供端发送的接入请求, 根据接入请求中携带的应用业务的密码和所述对应关系,查询所对应的地址信 息;  a password query subunit, configured to receive an access request sent by a provider of the registered application service, and query the corresponding address information according to the password of the application service carried in the access request and the corresponding relationship;
密码匹配子单元,用于将所述密码查询子单元查询到的地址信息与所述应 用业务的地址进行匹配;  a password matching subunit, configured to match address information queried by the password query subunit with an address of the application service;
策略检查子单元, 如果所述密码匹配子单元匹配成功, 则根据所述策略配 置单元预先配置的策略, 对所述应用业务进行策略检查, 如果策略检查通过, 则通过所述应用业务的接入鉴权。  a policy check sub-unit, if the password matching sub-units are successfully matched, performing a policy check on the application service according to a policy pre-configured by the policy configuration unit, and if the policy check passes, accessing the application service Authentication.
PCT/CN2009/071728 2008-10-27 2009-05-11 An application service accessing authenticity method and an application service accessing authenticity agent server WO2010048805A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810171219.2 2008-10-27
CN 200810171219 CN101729578B (en) 2008-10-27 2008-10-27 Application service access authentication method and application service access authentication agent

Publications (1)

Publication Number Publication Date
WO2010048805A1 true WO2010048805A1 (en) 2010-05-06

Family

ID=42128211

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/071728 WO2010048805A1 (en) 2008-10-27 2009-05-11 An application service accessing authenticity method and an application service accessing authenticity agent server

Country Status (2)

Country Link
CN (1) CN101729578B (en)
WO (1) WO2010048805A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105744520B (en) * 2016-03-30 2019-12-24 华为技术有限公司 Method, device and system for issuing and verifying application service

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1802016A (en) * 2005-06-21 2006-07-12 华为技术有限公司 Method for carrying out authentication on user terminal
CN1929370A (en) * 2005-09-05 2007-03-14 华为技术有限公司 Method and system for confirming identification using key when user accessing identification proxy
CN1954581A (en) * 2004-05-18 2007-04-25 西门子公司 Method for authenticating a communications unit while using a lasting programmed secret code word
US20080178273A1 (en) * 2007-01-23 2008-07-24 Elmar Weber Automated Authentication Process for Application Clients

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1954581A (en) * 2004-05-18 2007-04-25 西门子公司 Method for authenticating a communications unit while using a lasting programmed secret code word
CN1802016A (en) * 2005-06-21 2006-07-12 华为技术有限公司 Method for carrying out authentication on user terminal
CN1929370A (en) * 2005-09-05 2007-03-14 华为技术有限公司 Method and system for confirming identification using key when user accessing identification proxy
US20080178273A1 (en) * 2007-01-23 2008-07-24 Elmar Weber Automated Authentication Process for Application Clients

Also Published As

Publication number Publication date
CN101729578A (en) 2010-06-09
CN101729578B (en) 2013-01-23

Similar Documents

Publication Publication Date Title
JP4673364B2 (en) Method for verifying first ID and second ID of entity
JP4782139B2 (en) Method and system for transparently authenticating mobile users and accessing web services
US7221935B2 (en) System, method and apparatus for federated single sign-on services
CN102388638B (en) Identity management services provided by network operator
RU2414086C2 (en) Application authentication
US20210021598A1 (en) Gtld domain name registries rdap architecture
JP2007528650A5 (en)
US20020035685A1 (en) Client-server system with security function intermediary
US20100131764A1 (en) System and method for secured data transfer over a network from a mobile device
WO2007041918A1 (en) Method and system for obtaining ssh host key of managed device
CN106254386B (en) A kind of information processing method and name mapping server
WO2011128183A2 (en) Method and apparatus for interworking with single sign-on authentication architecture
WO2009115017A1 (en) Network certifying service system and method
WO2007104245A1 (en) An identity web service framework system and authentication method thereof
US8788821B2 (en) Method and apparatus for securing communication between a mobile node and a network
WO2012058896A1 (en) Method and system for single sign-on
CN105429962B (en) A kind of general go-between service construction method and system towards encryption data
WO2009129753A1 (en) A method and apparatus for enhancing the security of the network identity authentication
JP2016021765A (en) Method and apparatus for authenticated user-access to kerberos-enabled application based on authentication and key agreement (aka) mechanism
US20130183934A1 (en) Methods for initializing and/or activating at least one user account for carrying out a transaction, as well as terminal device
JP2013513268A (en) System and method for accessing private digital content
WO2010048805A1 (en) An application service accessing authenticity method and an application service accessing authenticity agent server
KR101869584B1 (en) Method and system for cloud-based identity management (c-idm) implementation
Takeda et al. Avoidance of performance bottlenecks caused by http redirect in identity management protocols
TWI755951B (en) Communication system and communication method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09822998

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09822998

Country of ref document: EP

Kind code of ref document: A1