WO2011063658A1 - Procédé et système d'authentification de sécurité unifiée - Google Patents

Procédé et système d'authentification de sécurité unifiée Download PDF

Info

Publication number
WO2011063658A1
WO2011063658A1 PCT/CN2010/075667 CN2010075667W WO2011063658A1 WO 2011063658 A1 WO2011063658 A1 WO 2011063658A1 CN 2010075667 W CN2010075667 W CN 2010075667W WO 2011063658 A1 WO2011063658 A1 WO 2011063658A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
ass
identity information
authentication
secure channel
Prior art date
Application number
PCT/CN2010/075667
Other languages
English (en)
Chinese (zh)
Inventor
颜正清
张世伟
符涛
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011063658A1 publication Critical patent/WO2011063658A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority

Definitions

  • the present invention relates to the field of mobile communications and the Internet, and relates to a method and system for unified security authentication.
  • many unified authentication logins (or single-point authentication and login) technologies are widely used in various government, enterprises, and schools.
  • Unified authentication and login technology means that users only need to remember a pair of accounts and passwords. Once they log in, they can directly access a variety of application services.
  • the benefits of unified login technology are as follows:
  • the account and password pairs that the user needs to memorize are reduced, thereby improving the security of the system; unified identity management for multiple applications facilitates the system administrator to manage the user identity and improve the feedback performance of the system.
  • Unified authentication and login technology has great advantages at present. However, for some sensitive services that require secondary authentication, there is still an authentication process that requires terminal participation, so that unified authentication cannot be achieved at all, and the security cannot be guaranteed.
  • the invention provides a method and system for unified security authentication to ensure the security of secondary authentication.
  • the present invention provides a method for unified security authentication, the method comprising:
  • the authentication center AC After the authentication center AC authenticates the application server ASS, it establishes a relationship with the ASS. Exit;
  • the terminal accesses the ASS.
  • the ASS obtains the identity information of the terminal from the AC, and performs secondary authentication according to the identity information of the terminal returned by the AC through the secure channel.
  • the steps of the AC establishing a secure channel with the ASS in step A include:
  • the AC initiates a secure channel negotiation request to the ASS, where the security channel type is carried;
  • A2 The ASS sends a secure channel negotiation response to the AC, where the encrypted authentication parameter is carried;
  • the AC After receiving the response of the ASS, the AC returns an acknowledgement message to the ASS.
  • the IIC of the identity information center is preset with type information of each application server and terminal;
  • the method further includes: after the AC authenticates the ASS or the terminal, querying the IIC for the type of the authentication object, and if the IIC replies that the authentication object is an application server, establishing the secure channel.
  • the IIC further stores the privilege level information of each ASS, and the identity information stored by each terminal in a hierarchical manner.
  • the identity information acquired by the ASS is the terminal.
  • the identity information of the terminal includes the registration information and the service information.
  • the method further includes: after the terminal registers or subscribes to the service, the AAS sends the identity information of the terminal to the AC. To the IIC.
  • the method is implemented based on a user identity identifier and a location separation network, where the ASS and the terminal have a unique access identity AID of the entire network, and the step of acquiring the identity information of the terminal from the AC includes:
  • the AAS sends a terminal identity information query request to the AC, where the AID of the ASS and the AID of the terminal are carried;
  • the AC forwards the query request to the IIC, and the IIC queries the privilege level of the AAS according to the AID of the AAS, and queries the identity information of the terminal according to the AID of the terminal, and sends a query to the AC.
  • the AC forwards the query response to the ASS through the secure channel;
  • the present invention also provides a unified security authentication system, which includes an application server ASS, a certification center AC, and an identity information center IIC connected through a network, where
  • the ASS includes a connected access authentication module, a first secure channel negotiation module, and a secondary authentication module, where the access authentication module is configured to interact with the AC to complete access authentication; the first secure channel
  • the negotiation module is configured to negotiate with the AC to establish a secure channel; the secondary authentication module is configured to request, by the AC, the identity information of the terminal that needs to be authenticated twice, and perform the secondary according to the acquired identity information of the terminal.
  • the AC includes a connected authentication module, a second secure channel negotiation module, and a terminal identity information forwarding module, where the authentication module is configured to authenticate the terminal and the application server; and the second secure channel negotiation module is configured to The AAS negotiates to establish a secure channel; the terminal identity information forwarding module is configured to forward the identity information of the terminal acquired by the IIC to the ASS through the secure channel according to the request of the ASS;
  • the IIC is arranged to store identity information of the terminal and to provide the identity information to the AC.
  • the IIC is further configured to save the type information of the ASS and the terminal;
  • the AC further includes an authentication object identification module connected to the authentication module and the second secure channel negotiation module, where the authentication object identification module is configured to:
  • the identification information of the authentication object obtains the type of the authentication object from the IIC.
  • the second secure channel negotiation module is notified to initiate a secure channel negotiation process.
  • the IIC is configured to save the identity information of the terminal in a hierarchical manner, and the IIC is further configured to save the privilege level information of the AAS; the terminal identity information forwarding module And setting, according to the request of the ASS, the identity information corresponding to the level of the terminal and the privilege level of the ASS to the AAS through a secure channel.
  • the system is implemented based on a user identity identifier and a location separation network, where the ASS and the terminal have a unique access identity AID of the entire network, and the secondary authentication module of the AAS is set to
  • the AC requests the identity information of the terminal that needs to be re-authenticated: sends a terminal identity information query request to the AC, where the AID of the ASS and the AID of the terminal are carried;
  • the terminal identity information forwarding module of the AC is further configured to forward the query request to the IIC; the IIC is configured to provide the identity information to the AC by: first querying according to the AID of the AAS Querying the privilege level of the ASS and querying the identity information of the terminal according to the AID of the terminal, and sending a query response to the AC, where the identity information of the terminal and corresponding to the privilege level of the AAS is carried.
  • the present invention further provides an application server ASS supporting unified security authentication
  • the ASS includes a connected access authentication module, a secure channel negotiation module, and a secondary authentication module, where the access authentication module is set to be a certificate center.
  • the AC channel completes the access authentication;
  • the secure channel negotiation module is configured to establish a secure channel with the AC;
  • the secondary authentication module is configured to request, by the AC, the identity information of the terminal that needs secondary authentication, and according to The acquired identity information of the terminal is subjected to secondary authentication.
  • the present invention also provides an authentication center AC that supports a unified security authentication.
  • the AC includes a connected authentication module, a secure channel negotiation module, and a terminal identity information forwarding module.
  • the authentication module is configured as a pair of terminals and an application server ASS.
  • the secure channel negotiation module is configured to negotiate with the ASS to establish a secure channel;
  • the terminal identity information forwarding module is configured to pass the identity information of the terminal acquired from the identity information center IIC through the secure channel according to the request of the ASS Forwarded to the ASS.
  • the method and system for unified security authentication of the present invention establish a secure channel between ASS and AC,
  • the AC sends the terminal-related identity information to the ASS through the secure channel, so that the ASS performs secondary authentication on the sensitive service accessed by the terminal, so as to ensure that the terminal identity information is not intercepted in the authentication process based on the unified authentication, thereby improving the Terminal business security.
  • the user identity information and the AIS identity information read permission are classified to ensure that the ASS does not obtain the permission.
  • Identity Information Compared with the unified authentication technology of the previous IP network, the method and system for implementing the present invention are implemented by using the identity identification and the location separation architecture network, and the uniqueness of the entire network of the user AID can be utilized to implement unified security authentication for the bearer and the service, which is no longer limited. Single point authentication and login for the scope application layer.
  • FIG. 1 is a schematic diagram of a method for unified security authentication according to the present invention
  • FIG. 2 is a system architecture diagram of a SILSN implementing the unified security authentication of the present invention
  • FIG. 3 is a schematic diagram of hierarchical storage of terminal identity information according to the present invention.
  • FIG. 4 is a schematic diagram of an authentication process for authenticating an application server by the authentication center of the present invention
  • FIG. 5 is a schematic diagram of a secondary authentication process for accessing a sensitive service of the terminal of the present invention
  • FIG. 6 is a schematic diagram of a system for unified security authentication of the present invention.
  • the main idea of the unified security authentication of the present invention is to establish a secure channel between the Authentication Center (AC) and the Application Server System (ASS).
  • the authentication center sends the terminal-related identity information to the application server through the secure channel.
  • the application server performs secondary authentication on the sensitive service accessed by the terminal, so as to ensure the security of the terminal service on the basis of achieving unified authentication.
  • the method for unified security authentication of the present invention includes:
  • Step 101 The authentication center (AC) authenticates the application server (ASS) and establishes a secure channel with the ASS.
  • Step 102 After the AC authenticates the terminal, the terminal accesses the ASS.
  • the identity information center (IIC) presets the type information of each application server and the terminal. After the AC authenticates the ASS or the terminal, the AC The IIC queries the type of the authentication object, and if the IIC replies that the authentication object is an application server, the secure channel is established.
  • the method and system of the present invention are applicable to existing communication networks.
  • the AC queries the IIC to confirm the type of the authentication object (ASS) according to the identification information of the ASS or the terminal (such as the username). Or ordinary terminal), if ASS, AC negotiates with ASS to establish a secure channel.
  • ASS authentication object
  • the AC and ASS negotiate content including the type of secure channel, encryption and authentication parameters, and so on.
  • Step 103 When the terminal is required to perform secondary authentication, the AAS obtains the identity information of the terminal from the AC, and performs secondary authentication according to the identity information of the terminal returned by the AC through the secure channel. .
  • the IIC stores the privilege level information of each AAS, and the identity information of each terminal is stored in a hierarchical manner.
  • the identity information acquired by the AAS is the terminal of the level corresponding to the privilege level of the AAS.
  • terminal identity information can be stored in three levels, namely confidential information, secret information, and public information.
  • the query of the terminal identity information must be performed according to the read permission of the queryer.
  • the regulatory agency that is, the public security and other state agencies, can query all levels of information in the terminal information table, while other inquirers, such as application servers, can query other levels of identity information of the user according to their own query levels.
  • the identity information of the terminal includes registration information and service information, and is sent by the ASS to the IIC by the ASS after the terminal registers or subscribes to the service.
  • the technology requires application layer software support, it can only be deployed in a small scope, such as unified authentication and login of internal resources of the enterprise, unified authentication and login of the government government system, etc., but cannot be unified across enterprises and organizations. Certification and login.
  • the IP address has the ambiguity of identity and location, that is, the IP address cannot determine the identity of a user, making the technology unable to perform unified login authentication at the bearer (network layer) and service (application layer).
  • the present invention also provides a network implementation method and system based on the user identity identifier and the location separation architecture.
  • the user identity identifier and the location separation network are simply referred to as SILSN (Subscriber Identifier). & Locator Separation Network ).
  • the SILSN will be described below with reference to FIG.
  • the network shown in Figure 2 has the following characteristics: Each user in the network can only access after strict authentication. When sending each data packet, the user carries its own real access identity AID. This symbol is only assigned to the network. The user uses the network and is unique. The data packets sent by users in various services always carry this identifier.
  • Each data packet sent by the user must be authenticated by the access server ASN to ensure that the data packets sent by the user are carried.
  • the own access identity does not impersonate other users' AIDs to access the network, and this identifier will remain unchanged when transmitted within the network. This identifier will not change when the user moves or switches.
  • the identity and location separation architecture network shown in FIG. 2 is composed of an access server (ASN) and a user equipment UE (User Equipment), an identity and location register (ILR), and an identity information center IIC. (Identification Information Center) and Certification Center (AC). among them:
  • the UE has a unique Access Identification (AID);
  • the access server ASN is used to access the user terminal equipment UE, and is responsible for implementing access for the user terminal, and is responsible for charging, switching, and the like;
  • the ILR assumes the user's location registration and identification functions
  • the AC is used for strict authentication of the terminal and the application server, and the authorization of the application server is artificially defined.
  • a secure channel needs to be established between the authentication center and the application server to prevent the identity information from being intercepted by the attacker during the transmission.
  • the authority to confirm the identity of other terminals needs to be confirmed;
  • the IIC is used to store the identity information of the terminal and the ASS that are entered in advance.
  • the identity information of the ASS includes its privilege level.
  • the identity information of the terminal is stored in the IIC hierarchically, and is used to respond to the ASS query of different privilege levels.
  • the terminal information table is based on the terminal. AID is searched.
  • the IIC can also store terminal identity information in three levels: confidential information, secret information, and public information, as shown in FIG.
  • the confidential information is manually entered by the network administrator in advance.
  • the secret information is usually the user information such as the SID ordered by the user, which is usually paid, and sent by the ASS to the AC and sent to the IIC for storage.
  • the public information is usually some of the user's interests and hobbies, and is also registered by the user, sent by the ASS to the AC and sent to the IIC for storage.
  • Secret information and public information are sent by ASS and are marked differently for AC and IIC identification. In the specific implementation, it can be added or subtracted according to the actual situation. Less level.
  • the IIC and AC can be set separately or in combination, which has no effect on the implementation of the present invention.
  • ASS Application Server System
  • the UE is an ASS user.
  • the ASS After the terminal successfully subscribes to the ASS or successfully subscribes to the service (such as video, technical data, etc.), the ASS sends the user's identity information and order information to the IIC store via the certificate authority.
  • the ASS After the terminal successfully accesses the network, after strict authentication by the authentication center, if accessing the ASS service, the ASS only needs to query the local database to see if the terminal subscribes to the service. If the service belongs to the sensitive service, the ASS will query the IIC for the identity information of the terminal through the AC.
  • the identity information center IIC sends the corresponding level of identity information to the ASS according to the ASS permission level of the application server, and the ASS further confirms the The real identity of the terminal, achieving secondary authentication.
  • the AC When the user accesses the network, the AC carries out strict and strict authentication of the bearer and service, and no need to perform service authentication.
  • the strict authentication mentioned here can also be called access authentication. It refers to the authentication of the user identity of the AC of the SILSN network to ensure that the user can access the network.
  • the AID of the UE is bound to the SIM card, and the key K is pre-stored in the SIM card.
  • the AID and the key K of the UE are also stored in the AC.
  • AKA Authentication and Key Agreement
  • other authentication methods such as shared key authentication, can be used.
  • FIG. 4 shows the certification process for the ASS by the Certification Authority AC.
  • the AC performs access authentication and identification for the ASS. Identifying the identity as ASS establishes a secure channel with ASS. Specifically, the following steps are included:
  • the authentication center carries the AID of the ASS, and sends an AID type query to the identity information center IIC.
  • the authentication center After the ASS passes the access authentication (bearer layer authentication), the authentication center reads the AID of the ASS.
  • S410 The IIC queries the type according to the AID, and returns a query response message, indicating that the AID belongs to the ASS;
  • the AID type is divided into two types: the server and the common terminal.
  • the AC receives the response packet and learns that the type of the AID is ASS, it initiates a secure channel negotiation process to the ASS.
  • the content of the negotiation includes the type of secure channel, encryption and authentication parameters, and so on.
  • ASS responds to the secure channel negotiation request message
  • the ASS does not support the secure channel type, it returns a message indicating that it is not supported. If the secure channel type is supported, the ASS returns a response message and carries parameters such as encrypted authentication.
  • the AC receives the response message of the ASS, and returns a confirmation message to the ASS.
  • the secure channel negotiation process ends and a secure channel is established between the AC and the ASS.
  • the invention is not limited to defining the type of secure channel, such as IPSec IP Security, TLS Transport
  • Figure 5 shows the enhanced authentication process performed by the ASS on the terminal when the terminal accesses the sensitive service. Due to the uniqueness of the terminal AID, the bearer and the service are uniformly authenticated, so that once the terminal is stolen by the bearer authentication, the user's service will have no precautions. For the user's important business, it needs to be strengthened. When a user accesses sensitive services on the ASS, such as a user accessing banking services through the network, and performing sensitive operations such as transferring funds, the ASS needs to perform further authentication on the user.
  • sensitive services on the ASS such as a user accessing banking services through the network, and performing sensitive operations such as transferring funds
  • the UE has passed the bearer access authentication, and the ASS has also passed the access authentication, and a secure channel has been established with the AC.
  • the AC After the UE and the AC complete the authentication, the AC also needs to query the IIC for the type of the AID of the UE. Since the type of the query is an ordinary terminal, it is not necessary to establish a secure channel.
  • the process of secondary certification includes:
  • S500 The UE sends a service request to the ASS.
  • the UE applies for sensitive services to the ASS, for example, the UE requests a bank transfer operation.
  • the UE fills in some private identity information, such as the user's bank card password.
  • the ASS receives the service request, and sends a UE identity information query request to the AC, where Carrying the AID of the UE and the AID of the ASS;
  • the ASS judges that the UE applies for the sensitive service, and then queries the AC for the partial identity information of the UE for comparison and authentication with the personal information submitted by the user.
  • S520 The AC forwards the query information to the IIC.
  • the IIC receives the identity query message forwarded by the AC, identifies the identity of the ASS, and according to
  • the AID of the ASS checks the privilege level of the ASS, and the IIC checks the identity information of the UE according to the AID of the UE carried in the query message, and sends the identity information of the UE that can be read by the ASS to the AC according to the query authority of the ASS;
  • S540 The AC forwards the response message of the IIC to the ASS through the established secure channel
  • the ASS receives the response message of the IIC, and reads the identity information of the UE, and compares with the personal identity information submitted by the UE. If the identity information is consistent, the message that the operation succeeds is sent to the UE; if not, the rejection message is sent to the UE.
  • the present invention further provides a system for unified security authentication.
  • the system includes an application server (ASS), an authentication center (AC), and an identity information center (IIC) connected through a network, where ,
  • the ASS includes a connected access authentication module, a secure channel negotiation module, and a secondary authentication module, where the access authentication module is configured to interact with the AC to complete access authentication;
  • the AC negotiation establishes a secure channel;
  • the secondary authentication module is configured to request, by the AC, the identity information of the terminal that needs to be authenticated twice, and perform secondary authentication according to the obtained identity information of the terminal;
  • the AC includes a connected authentication module, a secure channel negotiation module, a terminal identity information forwarding module, and an authentication object identification module, where:
  • the authentication module is configured to authenticate the terminal and the application server;
  • the secure channel negotiation module is configured to establish a secure channel by negotiating with the ASS;
  • the terminal identity information forwarding module is configured to be based on the request of the ASS Obtaining the identity information of the terminal by the IIC to the ASS through the secure channel;
  • the authentication object identification module is configured to acquire the content from the IIC according to the identification information of the authentication object.
  • the type of the authentication object when the type of the authentication object is ASS, notifies the secure channel negotiation module of the ASS to initiate a secure channel negotiation process.
  • the IIC is configured to store identity information of the terminal and provide the identity information to the AC, and the identity information of the terminal is stored in a hierarchical manner.
  • the IIC is further configured to save the type information of the ASS and the terminal, and the privilege level information of the ASS; and the identity information of the terminal at a corresponding level of the level.
  • the system may be implemented based on the user identity identifier and the location separation network, where the ASS and the terminal have a unique access identity (AID) of the entire network, and the second ASS
  • the secondary authentication module requests the AC to obtain the identity information of the terminal that needs to be re-authenticated, it sends a terminal identity information query request to the AC, where the AID of the ASS and the AID of the terminal are carried;
  • the terminal identity information forwarding module of the AC forwards the query request to the IIC, and when the IIC provides the identity information to the AC, first querying the ASI permission level according to the AID of the AAS and according to the The AID of the terminal queries the identity information of the terminal, and then sends the AC information.
  • the ASS referred to in the present invention includes an application server for various services such as a mailbox, a BBS, and an internet banking, but the ASS suitable for performing the secondary authentication of FIG. 4 specifically refers to an application server of an online banking or business transaction website that involves a sensitive business pair.
  • the method and system for the unified security authentication of the present invention establish a secure channel between the ASS and the AC, and the AC sends the terminal-related identity information to the ASS through the secure channel, so that the ASS can perform secondary authentication on the sensitive service accessed by the terminal, thereby achieving uniformity.
  • the terminal identity information is not intercepted in the authentication process, which improves the security of the terminal service.
  • the user identity information and the AGS identity information read permission are classified, so as to ensure that the ASS does not obtain the identity information beyond the authority.
  • the method and system for implementing the invention by using the identity identification and location separation architecture network can utilize the uniqueness of the whole network using the user AID.
  • Uniform security authentication for bearers and services is no longer limited to single-point authentication and login for small-scale application layers.
  • the method and system of the present invention can utilize the uniqueness of the entire network of the user AID to implement unified security authentication for the bearer and the service, and is no longer limited to single-point authentication and login with a small-scale application layer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention porte sur un procédé et sur un système d'authentification de sécurité unifiée. Le procédé comporte les opérations suivantes : un passage de sécurité est établi entre un centre d'authentification (AC) et un système serveur d'application (ASS) après que celui-ci a été authentifié par le centre d'authentification (101); après l'authentification d'un terminal par le centre d'authentification, le terminal accède au système serveur d'application (102); le système serveur d'application obtient les informations d'identification du terminal du centre d'authentification, et effectue une seconde authentification selon les informations d'identification du terminal qui sont renvoyées par l'intermédiaire du passage de sécurité par le centre d'authentification (103). La solution permet d'obtenir une authentification de sécurité unifiée, et de ne pas être seulement limitée à l'authentification et à l'ouverture de session par point unique de la couche d'application dans une courte portée.
PCT/CN2010/075667 2009-11-26 2010-08-03 Procédé et système d'authentification de sécurité unifiée WO2011063658A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910246722.4 2009-11-26
CN200910246722.4A CN102083066B (zh) 2009-11-26 2009-11-26 统一安全认证的方法和系统

Publications (1)

Publication Number Publication Date
WO2011063658A1 true WO2011063658A1 (fr) 2011-06-03

Family

ID=44065845

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/075667 WO2011063658A1 (fr) 2009-11-26 2010-08-03 Procédé et système d'authentification de sécurité unifiée

Country Status (2)

Country Link
CN (1) CN102083066B (fr)
WO (1) WO2011063658A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114389896A (zh) * 2022-02-16 2022-04-22 郑州富铭环保科技股份有限公司 一种建立安全数据通讯的方法及装置

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103297437B (zh) * 2013-06-20 2016-03-16 中国软件与技术服务股份有限公司 一种移动智能终端安全访问服务器的方法
CN106610966A (zh) * 2015-10-21 2017-05-03 阿里巴巴集团控股有限公司 一种信息提供方法及装置
CN105873059A (zh) * 2016-06-08 2016-08-17 中国南方电网有限责任公司电网技术研究中心 配电通信无线专网的联合身份认证方法和系统
CN111737499B (zh) * 2020-07-27 2020-11-27 平安国际智慧城市科技股份有限公司 基于自然语言处理的数据搜索方法及相关设备

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101018129A (zh) * 2006-12-31 2007-08-15 华东师范大学 公共安全播控媒体管理与识别其完整未被篡改的认证方法
CN101083530A (zh) * 2007-07-13 2007-12-05 北京工业大学 利用短消息实现的移动实体间的认证与密钥协商方法
CN101150472A (zh) * 2007-10-22 2008-03-26 华为技术有限公司 Wimax中实现认证的方法、认证服务器和终端

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009001447A1 (fr) * 2007-06-27 2008-12-31 Fujitsu Limited Procédé d'authentification, système d'authentification, dispositif d'authentification, et programme d'ordinateur

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101018129A (zh) * 2006-12-31 2007-08-15 华东师范大学 公共安全播控媒体管理与识别其完整未被篡改的认证方法
CN101083530A (zh) * 2007-07-13 2007-12-05 北京工业大学 利用短消息实现的移动实体间的认证与密钥协商方法
CN101150472A (zh) * 2007-10-22 2008-03-26 华为技术有限公司 Wimax中实现认证的方法、认证服务器和终端

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114389896A (zh) * 2022-02-16 2022-04-22 郑州富铭环保科技股份有限公司 一种建立安全数据通讯的方法及装置

Also Published As

Publication number Publication date
CN102083066A (zh) 2011-06-01
CN102083066B (zh) 2014-04-09

Similar Documents

Publication Publication Date Title
US7913080B2 (en) Setting information distribution apparatus, method, program, and medium, authentication setting transfer apparatus, method, program, and medium, and setting information reception program
US9398012B2 (en) Secure authentication in a multi-party system
KR101202671B1 (ko) 사용자가 가입자 단말에서 단말 장치에 원격으로 접속할 수있게 하기 위한 원격 접속 시스템 및 방법
US20090063851A1 (en) Establishing communications
US20130104204A1 (en) Mobile host using a virtual single account client and server system for network access and management
WO2005096644A1 (fr) Procede d'etablissement d'une association de securite entre l'abonne itinerant et le serveur du reseau visite
US20040054905A1 (en) Local private authentication for semi-public LAN
JP5239341B2 (ja) ゲートウェイ、中継方法及びプログラム
KR20070032805A (ko) 복수의 네트워크를 액세스하기 위한 싱글-사인-온을실현하도록 사용자 인증 및 승인을 관리하는 시스템 및방법
DK2924944T3 (en) Presence authentication
WO2009129753A1 (fr) Procédé et appareil pour améliorer la sécurité de l'authentification d'identité de réseau
WO2015089996A1 (fr) Procédé d'authentification de sécurité et serveur d'authentification d'autorisation
WO2013040957A1 (fr) Procédé et système d'authentification unique, et procédé et système de traitement d'informations
WO2011063658A1 (fr) Procédé et système d'authentification de sécurité unifiée
WO2011131002A1 (fr) Procédé et système pour la gestion d'identités
KR20060094453A (ko) Eap 를 이용한 시간제 서비스에 대한 인증 방법 및 그시스템
JP5670926B2 (ja) 無線lanのアクセスポイントの端末アクセス制御システム及び認可サーバ装置
WO2011017851A1 (fr) Procédé permettant à un client d’accéder de manière sécurisée à un serveur de stockage de messages, et dispositifs correspondants
JP2019165291A (ja) 端末装置、通信路確立方法、端末装置用のプログラム、および、認証システム
JP2019003317A (ja) 本人認証装置、本人認証システム、本人認証プログラム、および、本人認証方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10832565

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10832565

Country of ref document: EP

Kind code of ref document: A1