WO2011097849A1 - Authentication method, system, terminal, server and method and device for data downloading - Google Patents

Authentication method, system, terminal, server and method and device for data downloading Download PDF

Info

Publication number
WO2011097849A1
WO2011097849A1 PCT/CN2010/073137 CN2010073137W WO2011097849A1 WO 2011097849 A1 WO2011097849 A1 WO 2011097849A1 CN 2010073137 W CN2010073137 W CN 2010073137W WO 2011097849 A1 WO2011097849 A1 WO 2011097849A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
user terminal
server
information
backup data
Prior art date
Application number
PCT/CN2010/073137
Other languages
French (fr)
Chinese (zh)
Inventor
蒲竞春
鞠飞
谢鑫
陈程
付丽琴
练煜
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011097849A1 publication Critical patent/WO2011097849A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to an authentication method and system, a user terminal and a server, and a method and an apparatus for downloading backup data.
  • personal data (including business card holder data, short message data, schedule data, email data, etc.) stored in a user terminal (such as a mobile phone) can be backed up to a server on the network side, thereby replacing the user terminal or user at the user.
  • the backup data in the server can be conveniently downloaded to the user terminal. Since the data backed up by the user in the server is often important, when the subsequent user terminal downloads the backup data from the server, it is necessary to use security and effective measures to prevent the illegal user terminal from obtaining the backup data backed up by the customer on the server.
  • the user terminal is generally used to authenticate the user terminal to ensure that the backup data can be securely provided to the corresponding legal user terminal.
  • the three existing authentication methods are as follows:
  • the server-level authentication mode that is, the user terminal needs to provide the server with the first authentication information (which may be user name information and password information) of the user terminal before establishing a connection with the server, and the server determines the first authentication according to the first authentication.
  • the information determines that the user terminal has the right to establish a connection with the server, and then establishes a connection with the user terminal and allows the user terminal to download the corresponding backup data;
  • the authentication mode at the database level that is, when the user terminal establishes a connection with the server, and needs to download the backup data from the database of the server, the second authentication information of the user terminal needs to be provided to the server, and the server is configured according to the second The right information determines that the user terminal has the right to download the backup data from the database of the server, and then allows the user terminal to download the corresponding backup data;
  • Data object level authentication mode that is, the user terminal establishes a connection with the server, and needs to download the specified backup data from the server database (the specified backup data here is generally some special backup data, such as the user's secret.
  • the third authentication information of the user terminal needs to be provided to the server, and the server determines, according to the third authentication information, that the user terminal has the next When the permission of the specified backup data is carried, the user terminal is allowed to download the specified backup data.
  • the authentication mode used by the user is set by the server according to the type of the user. For example, if the server allocates the first authentication information to the ordinary user, the security level is higher.
  • the user assigns the second or third authentication information, and the defect that the above-mentioned server sets the authentication information according to the type of the user is that the user cannot flexibly set the authentication mode according to his own needs, for example, the ordinary user cannot follow the authentication method. Set your own requirements to set a higher security level of authentication.
  • the embodiments of the present invention provide an authentication method and system, which are used to solve the problem that the authentication mode setting scheme provided by the prior art enables the user to flexibly set the authentication mode according to his own needs.
  • the embodiment of the invention further provides a user terminal and a server.
  • the embodiment of the invention further provides a backup data downloading method and device.
  • An authentication method includes: the user terminal selects a preset authentication mode information that matches different authentication modes; and sends the selected authentication mode information to a server on the network side; and the server selection and location Determining the authentication information matched by the authentication mode information sent by the user terminal, and sending the selected authentication information to the user terminal; when the user terminal needs to be authenticated, the user terminal will receive the authentication The right information is sent to the server; the server completes the authentication of the user terminal based on the authentication information sent by the user terminal.
  • the step of the user terminal selecting a preset authentication mode information that matches different authentication modes includes: selecting at least one profile from a webpage provided by the server for selecting authentication mode information matching different authentication modes.
  • the method further includes: the user terminal sending the identifier of the specified backup data to the server And the identifier of the designated backup data by the server and the third The correspondence of the rights information is stored.
  • a backup data downloading method includes:
  • the server on the network side receives the identifier of the specified backup data sent by the user terminal, and stores the correspondence between the third authentication information corresponding to the authentication mode of the data object level and the identifier that is sent to the user terminal in advance.
  • the server receives a backup data download request message that is sent by the user terminal and includes an identifier of the backup data.
  • the server searches for the identifier of the backup data included in the request message from the stored correspondence relationship.
  • Corresponding third authentication information when the search result is no, the server sends the backup data indicated by the identifier of the backup data included in the request message to the user terminal; and when the search result is yes, The server instructs the user terminal to provide the third authentication information, and compares the third authentication information provided by the user terminal with the identifier of the backup data included in the request message stored by the server. When the three authentication information matches are consistent, the identifier of the backup data included in the request message is Backup data sending indication to the user terminal.
  • An authentication system includes a user terminal and a server on the network side, where the user terminal is configured to: select a preset authentication mode information that matches different authentication modes; and select the selected authentication mode information. Sending to the server; receiving the authentication information sent by the server, and sending the authentication information to the server when the user terminal needs to be authenticated; the server is configured to: receive the user terminal Sending authentication mode information, selecting authentication information matching the authentication mode information sent by the user terminal, and transmitting the selected authentication information to the user terminal; and authenticating based on the user terminal Information, completing authentication of the user terminal.
  • the user terminal is configured to select a preset authentication mode information that matches different authentication modes in the following manner:
  • At least one authentication mode information is selected from the authentication mode information that is previously stored in the user terminal and matched to different authentication modes.
  • the authentication information selected by the server is corresponding to the authentication mode of the data object level
  • the third authentication information is
  • the user terminal is further configured to: send an identifier of the specified backup data to the server; the server is further configured to: store a correspondence between the identifier of the specified backup data and the third authentication information.
  • a user terminal comprising: a selecting unit, configured to select a preset authentication mode information that matches different authentication modes; and an authentication mode information sending unit configured to provide the authentication mode information selected by the selecting unit to a server on the network side; and a receiving unit, configured to: receive the authentication information fed back by the server according to the authentication mode information sent by the authentication mode information sending unit.
  • a server comprising: a receiving unit, configured to: receive authentication mode information sent by a user terminal; a selecting unit configured to: select authentication information that matches an authentication mode information received by the receiving unit; and a sending unit And setting: sending the authentication information selected by the selection unit to the user terminal.
  • the selection unit is set to:
  • At least one authentication mode information is selected from the authentication mode information that is pre-stored in the user terminal and matched to different authentication modes.
  • the authentication information is the third authentication information corresponding to the authentication mode of the data object level
  • the user terminal further includes:
  • a data identification transmitting unit is configured to: send an identifier specifying the backup data to the server.
  • a backup data downloading device comprising: an identifier receiving unit, configured to: receive an identifier of the specified backup data sent by the user terminal; and a storage unit configured to: send the data object level to the user terminal in advance The corresponding relationship between the third authentication information corresponding to the authentication mode and the identifier received by the identifier receiving unit is stored; the request message receiving unit is configured to: receive the backup data download request that is sent by the user terminal and includes the identifier of the backup data.
  • a search unit configured to: from the correspondence stored in the storage unit, find whether there is a request message The third authentication information corresponding to the identifier of the backup data included in the request message received by the receiving unit; the first sending unit is configured to: when the search result obtained by the searching unit is no, the backup included in the request message The backup data indicated by the identifier of the data is sent to the user terminal, and the indication unit is configured to: when the search result obtained by the search unit is yes, instruct the user terminal to provide the third authentication information; the authentication information receiving unit
  • the setting is: receiving the third authentication information that is provided by the user terminal according to the indication of the indication unit; and the comparing unit, configured to: compare the third authentication information received by the authentication information receiving unit with the storage stored by the storage unit Whether the third authentication information corresponding to the identifier of the backup data included in the request message matches; and the second sending unit is configured to: when the comparison result obtained by the comparing unit is yes, the backup included in the request message
  • the backup data indicated by the identification of the data is
  • the user terminal selects a preset authentication mode information that matches different authentication modes, and provides the selected authentication mode information to the server on the network side, and after receiving the authentication mode information, the server according to the The authentication mode information selects the matching authentication information, and sends the selected authentication information to the user terminal, thereby realizing the purpose that the user can flexibly implement the authentication mode according to his own needs by using the user terminal.
  • FIG. 1 is a schematic flowchart of a method for authenticating an authentication method according to an embodiment of the present disclosure
  • FIG. 2 is a schematic flowchart of a backup data downloading method according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of an application flow of a backup data downloading method according to an embodiment of the present invention
  • FIG. 4 is a schematic diagram of another application flow of a backup data downloading method according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of an authentication system according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic structural diagram of a user terminal according to an embodiment of the present disclosure.
  • FIG. 7 is a schematic structural diagram of a server according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic structural diagram of a backup data downloading apparatus according to an embodiment of the present invention. Preferred embodiment of the invention
  • the user terminal selects a preset authentication mode information that matches different authentication modes, and provides the selected authentication mode information to the server on the network side, and then the receiving server sends the information according to the authentication mode information.
  • the authentication information solves the problem that the user existing in the prior art cannot flexibly implement the authentication mode according to his own needs.
  • the embodiment of the present invention first provides a method for obtaining authentication information.
  • the specific process diagram of the method is shown in FIG. 1 and includes the following steps:
  • Step 11 The user terminal selects a preset authentication mode information that is matched with different authentication modes.
  • the user terminal may provide information about the authentication mode that is matched by the different authentication modes from the server under the control of the user. Selecting at least one authentication mode information in the webpage, or the user terminal may select at least one authentication mode information from the authentication mode information that is pre-stored in the user terminal and matched with different authentication modes, where the authentication mode information may be Different identification information is matched with the three authentication methods mentioned in the background, respectively.
  • the user can control the user terminal to select an authentication mode information matched by an authentication mode according to its own needs, or select multiple templates. Information about the authentication method matched by the right mode;
  • Step 12 The user terminal sends the selected authentication mode information to the server on the network side, and the user terminal provides the selected authentication mode information to the network side to obtain the authentication matched by the server and matched with the authentication mode information.
  • Step 13 The server selects the authentication information that matches the authentication mode information according to the authentication mode information provided by the user terminal, and sends the selected authentication information to the user terminal.
  • the server may determine the authentication mode sent by the user terminal from the correspondence between the pre-stored authentication mode information and the authentication information.
  • the first authentication information corresponding to the information is sent to the user terminal, and if the user selects the authentication information corresponding to the authentication mode of the data object level introduced in the background art, the server may And determining the third authentication information corresponding to the authentication mode information sent by the user terminal, and transmitting the third authentication information to the user terminal, where the authentication information is sent to the user terminal.
  • the server selects the authentication information that matches the authentication mode information sent by the user terminal. After that, the corresponding relationship between the selected authentication information and the user terminal identifier may be stored. Since the server may have previously assigned the default authentication mode information and the authentication information according to the type of the user, the server is in the pair. Before the selected authentication information is stored, the method may further include the following steps:
  • the server compares the authentication mode information sent by the user terminal with the default authentication mode information previously allocated to the user according to the type of the user;
  • the server stores the correspondence between the authentication information assigned to the user terminal by default and the user terminal identifier, and when the comparison result is inconsistent, the server further determines whether the user terminal can be provided by using the user terminal. Specifically, the server may determine, from the identifier of the preset user terminal and the authentication mode information that can be used by the user terminal, the authentication mode information that can be used by the user terminal, and determine the user terminal.
  • the provided authentication mode information is the authentication mode information that can be used by the user terminal
  • the correspondence between the authentication information of the selected user terminal and the user terminal identifier is stored, and the authentication mode provided by the user terminal is determined.
  • the information is not the authentication mode information that can be used by the user terminal
  • the correspondence between the authentication information of the user terminal and the user terminal identifier is not stored, and the notification message that the authentication mode setting is unsuccessful is sent to the user terminal, so that User terminal can know the user Set times for authentication methods fail;
  • Step 14 When the user terminal needs to be authenticated, the user terminal sends the received authentication information to the server.
  • the embodiment of the present invention further provides a backup data downloading method.
  • the specific process of the method is as shown in FIG. 2, and includes the following steps:
  • Step 21 The server on the network side receives the identifier of the specified backup data sent by the user terminal, and the third authentication information corresponding to the authentication mode of the data object level and the identifier of the designated backup data that are sent to the user terminal in advance. Corresponding relationship is stored;
  • Step 22 The server on the network side receives a backup data download request message that is sent by the user terminal and includes an identifier of the backup data.
  • Step 23 The server searches for a third authentication corresponding to the identifier of the backup data included in the backup data download request message sent by the user terminal, from the stored correspondence between the identifier of the specified backup data and the third authentication information. Information, and when the search result is no, step 24 is performed, and when the search result is yes, step 25 is performed;
  • Step 24 The server sends the backup data indicated by the identifier of the backup data included in the backup data download request message to the user terminal.
  • Step 25 The server instructs the user terminal to provide the third authentication information, and compares the third authentication information provided by the user terminal with the third authentication corresponding to the identifier of the backup data included in the backup data download request message stored by the server. When the information matching is consistent, the backup data indicated by the identifier of the backup data included in the backup data download request message is sent to the user terminal.
  • the method for downloading the backup data provided by the embodiment of the present invention may be implemented based on the method for obtaining authentication information provided by the embodiment of the present invention, or may be implemented independently.
  • Step 31 The user terminal sends a connection establishment request message to the server, where the request message includes an identifier of the user terminal.
  • Step 32 The server receives the connection establishment request message, and according to the identifier of the user terminal, the identifier of the user terminal and the first authentication information corresponding to the authentication mode of the server level are determined according to the identifier of the user terminal. In the corresponding relationship, determining whether there is first authentication information corresponding to the identifier of the user terminal, and when the determination result is yes, performing step 33; otherwise, the server directly establishes a connection with the user terminal, and allows the user terminal to access the server. And sending a connection establishment confirmation message to the user terminal, and jumping to step 37;
  • Step 33 The server sends a notification message to the user terminal indicating that the user terminal provides the first authentication information.
  • Step 34 The user terminal sends the first authentication information to the server.
  • Step 35 The server determines, according to the identifier of the user terminal, the first authentication information corresponding to the user terminal from the correspondence between the identifier of the pre-stored user terminal and the first authentication information, and determines the sent by the user terminal. If the first authentication information is consistent with the determined first authentication information, if the determination result is yes, step 36 is performed; otherwise, the server does not allow the user terminal to access the server, and feeds back the connection failure notification message to the user terminal, thereby ending Process;
  • Step 36 The server establishes a connection with the user terminal, allows the user terminal to access the server, and sends a connection establishment confirmation message to the user terminal.
  • Step 37 Assuming that the user terminal needs to download the backup data from the database of the server, the user terminal sends a backup data download request message containing the identifier of the backup data to the server, where the request message includes the identifier of the user terminal and the backup to be downloaded. Identification of the data;
  • Step 38 After receiving the backup data download request message sent by the user terminal, the server parses the identifier of the user terminal and the identifier of the backup data to be downloaded from the request message, and parses the user terminal according to the request message. And determining, by the correspondence between the identifier of the preset user terminal and the second authentication information corresponding to the authentication mode of the database level, whether there is second authentication information corresponding to the identifier of the user terminal, when If the result of the determination is yes, step 39 is performed; otherwise, the server allows the user terminal to access the database, and sends a notification message to the user terminal to allow access to the database, and jumps to step 312; Step 39: The server sends a notification message to the user terminal indicating that the user terminal provides the second authentication information.
  • Step 310 The user terminal sends second authentication information to the server.
  • Step 311 The server determines, according to the identifier of the user terminal, the second authentication information corresponding to the user terminal from the pre-stored correspondence between the identifier of the user terminal and the second authentication information, and determines the sending by the user terminal. If the second authentication information is consistent with the determined second authentication information, if the determination result is yes, step 312 is performed; otherwise, the server does not allow the user terminal to access the database, and accesses the database failure notification message to the user terminal, thereby End the process;
  • Step 312 The server determines, according to the identifier of the user terminal, the identifier of the backup data corresponding to the identifier of the user terminal from the correspondence between the identifier of the user terminal and the identifier of the backup data, and further, according to the needs of the analysis.
  • the identifier of the downloaded backup data from the correspondence between the identifier of the preset backup data and the third authentication information, whether there is a third authentication information corresponding to the identifier of the backup data to be downloaded, when the search result is If yes, go to step 313. Otherwise, the server sends the backup data corresponding to the identifier of the backup data to be downloaded to the user terminal, and the process of downloading the backup data by the user terminal ends;
  • Step 313 The server sends a notification message to the user terminal indicating that the user terminal provides the third authentication information.
  • Step 314 The user terminal sends third authentication information to the server.
  • Step 315 The server compares the received third authentication information with the third authentication information corresponding to the identifier of the backup data to be downloaded. If the comparison result is consistent, go to step 316. Otherwise, send the backup to the user terminal. The notification message of the data failure, the process ends;
  • Step 316 The server sends the backup data corresponding to the identifier of the backup data to be downloaded to the user terminal, and the process of downloading the backup data by the user terminal ends.
  • the user terminal passively provides the corresponding authentication information to the server after receiving the notification message sent by the server indicating that the user terminal provides the authentication information, but actually, the user
  • the terminal may also actively provide authentication information to the server while transmitting a request message such as downloading backup data to the server.
  • a request message such as downloading backup data to the server.
  • the foregoing backup data downloading method provided by the embodiment of the present invention is another in practice.
  • An application flow diagram is shown in Figure 4, including the following steps:
  • Step 41 The user terminal sends a connection establishment request message to the server, where the request message includes an identifier of the user terminal and first authentication information corresponding to an authentication mode of the server level.
  • Step 42 The server receives the connection establishment request message, and obtains the identifier of the user terminal and the first authentication information included in the request message by parsing the request message.
  • Step 43 The server determines, according to the identifier of the user terminal, the first authentication information corresponding to the user terminal from the correspondence between the identifier of the pre-stored user terminal and the first authentication information.
  • Step 44 The server determines to establish a connection. Whether the first authentication information included in the request message matches the first authentication information determined above, and if the determination result is yes, step 45 is performed; otherwise, the server does not allow the user terminal to access the server, and feeds back the connection to the user terminal.
  • the failure notification message ends the process;
  • Step 45 The server establishes a connection with the user terminal, allows the user terminal to access the server, and sends a connection establishment confirmation message to the user terminal.
  • Step 46 assuming that the user terminal needs to download the backup data from the database of the server, the user terminal sends a backup data download request message containing the identifier of the backup data to the server, where the request message includes the identifier of the user terminal and the backup to be downloaded.
  • Step 47 After receiving the backup data download request message sent by the user terminal, the server parses the identifier of the user terminal, the identifier of the backup data to be downloaded, and the second authentication information from the request message, and according to the user terminal. Identifying, from the corresponding relationship between the identifier of the stored user terminal and the second authentication information, determining second authentication information corresponding to the identifier of the user terminal, and comparing the determined second authentication information with the parsed second Whether the authentication information is consistent, and when the comparison result is consistent, step 48 is performed. Otherwise, the server does not allow the user terminal to download the backup data from the database, and feeds back to the user terminal a notification message for accessing the database failure, and ends the process;
  • Step 48 The server determines, according to the identifier of the user terminal, the identifier of the backup data corresponding to the identifier of the user terminal from the correspondence between the identifier of the user terminal and the identifier of the backup data, and further, according to the needs of the analysis.
  • the identifier of the downloaded backup data from the correspondence between the identifier of the preset backup data and the third authentication information, whether there is a backup to be downloaded
  • the third authentication information corresponding to the identifier of the data when the search result is yes, step 49 is performed. Otherwise, the server sends the backup data corresponding to the identifier of the backup data to be downloaded to the user terminal, and the user terminal downloads the backup data. End;
  • Step 49 The server sends a notification message to the user terminal indicating that the user terminal provides the third authentication information.
  • Step 410 The user terminal sends third authentication information to the server.
  • Step 411 The server compares the received third authentication information with the third authentication information corresponding to the identifier of the backup data to be downloaded. If the comparison result is consistent, go to step 412. Otherwise, send the backup to the user terminal. The notification message of the data failure, the process ends;
  • Step 412 The server sends the backup data corresponding to the identifier of the backup data to be downloaded to the user terminal, and the process of downloading the backup data by the user terminal ends.
  • the embodiment of the present invention further provides an authentication system for solving the problem that the authentication mode setting scheme provided by the prior art enables the user to flexibly set the authentication mode according to his own needs.
  • FIG. 5 A schematic diagram of a specific structure is shown in FIG. 5, including a user terminal 51 and a server 52 on the network side, where:
  • the user terminal 51 is configured to select preset authentication mode information that matches different authentication modes; and send the selected authentication mode information to the server 52; and receive the authentication information sent by the server 52, and need to use the user terminal.
  • the authentication information is sent to the server 52, where the user terminal 51 can select at least one authentication mode information from the webpage provided by the server 52 for selecting the authentication mode information that matches the different authentication modes.
  • the user terminal 51 may also select at least one authentication mode information from the authentication mode information matched in different authentication modes stored in the user terminal 51 in advance;
  • the server 52 is configured to receive the authentication mode information sent by the user terminal 51, and select the authentication information that matches the authentication mode information sent by the user terminal 51, and send the selected authentication information to the user terminal 51; The authentication information sent by the terminal 51 completes the authentication of the 51 user terminal.
  • the user terminal 51 should also send the identifier of the specified backup data to the identifier. After the server 52 receives the identifier of the specified backup data, the server 52 also needs to store the correspondence between the identifier of the specified backup data and the third authentication information.
  • the embodiment of the present invention further provides a user terminal as shown in FIG. 6, and the user terminal includes the following functional units:
  • the selecting unit 61 is configured to select a preset authentication mode information that is matched with different authentication modes, where the selecting unit 61 may specifically select the authentication mode information from the webpage provided by the server for selecting the authentication mode information, or The at least one authentication mode information may be selected from the authentication mode information pre-stored in the user terminal;
  • the authentication mode information sending unit 62 is configured to send the authentication mode information selected by the selecting unit 61 to the server on the network side;
  • the receiving unit 63 is configured to receive the authentication information fed back by the server according to the authentication mode information sent by the authentication mode information sending unit 62.
  • the user terminal provided by the embodiment of the present invention may further include a data identifier sending unit, where The data identification sending unit is configured to send the identifier of the specified backup data to the server.
  • the embodiment of the present invention further provides a server.
  • the specific structure of the server is shown in FIG. 7, and includes the following functional units:
  • the receiving unit 71 is configured to receive authentication mode information sent by the user terminal.
  • the selecting unit 72 is configured to select authentication information that matches the authentication mode information received by the receiving unit 71;
  • the sending unit 73 is configured to send the authentication information selected by the selecting unit 72 to the user terminal.
  • a backup data downloading method is provided in the embodiment of the present invention.
  • the embodiment of the present invention further provides a backup data downloading apparatus.
  • the specific structure of the apparatus is as shown in FIG. 8, and includes the following functional units:
  • the identifier receiving unit 81 is configured to receive the identifier of the specified backup data sent by the user terminal, and the storage unit 82 is configured to receive the third authentication information and the identifier that is corresponding to the data object level authentication manner that is sent to the user terminal in advance.
  • the correspondence between the identifiers received by the unit 81 is stored;
  • a request message receiving unit 83 configured to receive a backup data download request message that is sent by the user terminal and includes an identifier of the backup data;
  • the searching unit 84 is configured to search, from the correspondence relationship stored by the storage unit 82, whether there is third authentication information corresponding to the identifier of the backup data included in the request message received by the request message receiving unit 83;
  • the first sending unit 85 is configured to: when the search result obtained by the searching unit 84 is negative, send the backup data indicated by the identifier of the backup data included in the request message to the user terminal;
  • the indicating unit 86 is configured to: when the search result obtained by the searching unit 84 is YES, instruct the user terminal to provide the third authentication information;
  • the authentication information receiving unit 87 is configured to receive third authentication information that is provided by the user terminal according to the indication of the indication unit 86;
  • the comparing unit 88 is configured to compare the third authentication information received by the authentication information receiving unit 87 with the third authentication information corresponding to the identifier of the backup data included in the request message stored by the storage unit 82;
  • the second sending unit 89 is configured to: when the comparison result obtained by the comparing unit 88 is YES, send the backup data indicated by the identifier of the backup data included in the request message to the user terminal.
  • the function of the backup data downloading device can be implemented based on the authentication system provided by the embodiment of the present invention, but the implementation of the function of the backup data downloading device can also be independent of the function of the authentication system.
  • a user can flexibly realize setting of an authentication method according to his/her own needs by using a user terminal.

Abstract

An authentication method, a system, a terminal, a server and a method and a device for data downloading are provided. The method for authentication comprises the following steps: a user terminal selects preset authentication mode information matched with different authentication modes, and sends the selected authentication mode information to a server of a network side; the server selects the authentication information matched with the authentication mode information sent by the user terminal, and sends the selected authentication information to the user terminal; the user terminal sends the received authentication information to the server when it is in need of authenticating the user terminal; and the server finishes the authentication of the user terminal based on the authentication information sent by the user terminal. The method enables the user to set the authentication mode according to personal requirements.

Description

鉴权方法及系统、 终端、 服务器与数据下载方法及装置  Authentication method and system, terminal, server and data downloading method and device
技术领域 Technical field
本发明涉及通信技术领域, 尤其涉及一种鉴权方法及系统、 用户终端与 服务器、 备份数据的下载方法及装置。  The present invention relates to the field of communications technologies, and in particular, to an authentication method and system, a user terminal and a server, and a method and an apparatus for downloading backup data.
背景技术 Background technique
目前, 用户终端 (比如手机) 中存储的个人数据(包括名片夹数据、 短 消息数据、 日程安排数据、 电子邮件数据等)可以备份到网络侧的服务器中, 从而在用户更换了用户终端或者用户终端中的数据发生变化的时候, 可以方 便地将服务器中的备份数据下载到用户终端。 由于用户备份在服务器中的数 据往往比较重要, 因此, 后续用户终端从服务器中下载备份数据时, 有必要 釆用安全有效的措施以防止不合法的用户终端获取客户备份在服务器上的备 份数据。  At present, personal data (including business card holder data, short message data, schedule data, email data, etc.) stored in a user terminal (such as a mobile phone) can be backed up to a server on the network side, thereby replacing the user terminal or user at the user. When the data in the terminal changes, the backup data in the server can be conveniently downloaded to the user terminal. Since the data backed up by the user in the server is often important, when the subsequent user terminal downloads the backup data from the server, it is necessary to use security and effective measures to prevent the illegal user terminal from obtaining the backup data backed up by the customer on the server.
现有技术中, 一般釆用服务器对用户终端进行鉴权的方式, 以保证备份 数据能够安全地提供给对应的合法用户终端,现有的三种鉴权方式分别如下: In the prior art, the user terminal is generally used to authenticate the user terminal to ensure that the backup data can be securely provided to the corresponding legal user terminal. The three existing authentication methods are as follows:
A、 服务器级别的鉴权方式, 即用户终端在与服务器建立连接之前, 需 要向服务器提供用户终端的第一鉴权信息(可以是用户名信息和密码信息), 待服务器根据该第一鉴权信息确定出用户终端具有与服务器建立连接的权限 后, 再与用户终端建立连接并允许用户终端下载对应的备份数据; A. The server-level authentication mode, that is, the user terminal needs to provide the server with the first authentication information (which may be user name information and password information) of the user terminal before establishing a connection with the server, and the server determines the first authentication according to the first authentication. The information determines that the user terminal has the right to establish a connection with the server, and then establishes a connection with the user terminal and allows the user terminal to download the corresponding backup data;
B、数据库级别的鉴权方式, 即用户终端与服务器建立起连接, 并需要从 服务器的数据库中下载备份数据时, 需要向服务器提供用户终端的第二鉴权 信息, 待服务器根据该第二鉴权信息确定出用户终端具有从服务器的数据库 中下载备份数据的权限时, 再允许用户终端下载对应的备份数据;  B. The authentication mode at the database level, that is, when the user terminal establishes a connection with the server, and needs to download the backup data from the database of the server, the second authentication information of the user terminal needs to be provided to the server, and the server is configured according to the second The right information determines that the user terminal has the right to download the backup data from the database of the server, and then allows the user terminal to download the corresponding backup data;
C、数据对象级别的鉴权方式, 即用户终端与服务器建立起连接, 并需要 从服务器的数据库中下载指定的备份数据 (这里的指定的备份数据一般为一 些特别的备份数据, 比如用户的机密备份数据) 时, 需要向服务器提供用户 终端的第三鉴权信息, 待服务器根据该第三鉴权信息确定出用户终端具有下 载该指定的备份数据的权限时, 再允许用户终端下载该指定的备份数据。 现有技术提供的上述鉴权方式中, 用户使用哪种鉴权方式是服务器根据 用户的类型而设置的, 比如, 若服务器会为普通用户分配第一鉴权信息, 而 为安全级别较高的用户分配第二或第三鉴权信息, 釆用上述服务器根据用户 的类型设置鉴权信息的方式存在的缺陷在于, 用户无法灵活地按照自己的需 求来设置鉴权方式, 比如普通用户就无法按照自己的需求来设定安全级别较 高的鉴权方式。 C. Data object level authentication mode, that is, the user terminal establishes a connection with the server, and needs to download the specified backup data from the server database (the specified backup data here is generally some special backup data, such as the user's secret. When the data is backed up, the third authentication information of the user terminal needs to be provided to the server, and the server determines, according to the third authentication information, that the user terminal has the next When the permission of the specified backup data is carried, the user terminal is allowed to download the specified backup data. In the above authentication method provided by the prior art, the authentication mode used by the user is set by the server according to the type of the user. For example, if the server allocates the first authentication information to the ordinary user, the security level is higher. The user assigns the second or third authentication information, and the defect that the above-mentioned server sets the authentication information according to the type of the user is that the user cannot flexibly set the authentication mode according to his own needs, for example, the ordinary user cannot follow the authentication method. Set your own requirements to set a higher security level of authentication.
发明内容 Summary of the invention
本发明实施例提供一种鉴权方法及系统, 用以解决釆用现有技术提供的 鉴权方式设置方案使得用户无法灵活地按照自己的需求来设置鉴权方式的问 题。  The embodiments of the present invention provide an authentication method and system, which are used to solve the problem that the authentication mode setting scheme provided by the prior art enables the user to flexibly set the authentication mode according to his own needs.
本发明实施例还提供一种用户终端、 服务器。  The embodiment of the invention further provides a user terminal and a server.
本发明实施例还提供一种备份数据下载方法及装置。  The embodiment of the invention further provides a backup data downloading method and device.
本发明实施例釆用以下技术方案:  The following technical solutions are used in the embodiments of the present invention:
一种鉴权方法, 包括: 用户终端选择预设的匹配于不同鉴权方式的鉴权 方式信息; 并将选择的所述鉴权方式信息发送给网络侧的服务器; 以及所述 服务器选择与所述用户终端发送来的鉴权方式信息相匹配的鉴权信息, 并发 送选择的鉴权信息至所述用户终端; 在需要对所述用户终端进行鉴权时, 所 述用户终端将接收到的鉴权信息发送给服务器; 所述服务器基于用户终端发 送的鉴权信息, 完成对所述用户终端的鉴权。  An authentication method includes: the user terminal selects a preset authentication mode information that matches different authentication modes; and sends the selected authentication mode information to a server on the network side; and the server selection and location Determining the authentication information matched by the authentication mode information sent by the user terminal, and sending the selected authentication information to the user terminal; when the user terminal needs to be authenticated, the user terminal will receive the authentication The right information is sent to the server; the server completes the authentication of the user terminal based on the authentication information sent by the user terminal.
所述用户终端选择预设的匹配于不同鉴权方式的鉴权方式信息的步骤包 括: 从所述服务器提供的用于选择匹配于不同鉴权方式的鉴权方式信息的网 页中选择至少一个鉴权方式信息; 或从预先存储在所述用户终端中的匹配于 不同鉴权方式的鉴权方式信息中选择至少一个鉴权方式信息。  The step of the user terminal selecting a preset authentication mode information that matches different authentication modes includes: selecting at least one profile from a webpage provided by the server for selecting authentication mode information matching different authentication modes. The right mode information; or select at least one authentication mode information from the authentication mode information matched in different authentication modes pre-stored in the user terminal.
当所述服务器选择的所述鉴权信息为与数据对象级别的鉴权方式对应的 第三鉴权信息时, 所述方法还包括: 所述用户终端将指定备份数据的标识发 送给所述服务器; 以及所述服务器对所述指定备份数据的标识与所述第三鉴 权信息的对应关系进行存储。 When the authentication information selected by the server is the third authentication information corresponding to the authentication mode of the data object level, the method further includes: the user terminal sending the identifier of the specified backup data to the server And the identifier of the designated backup data by the server and the third The correspondence of the rights information is stored.
一种备份数据下载方法, 包括:  A backup data downloading method includes:
网络侧的服务器接收用户终端发送来的指定备份数据的标识, 并对预先 发送给所述用户终端的与数据对象级别的鉴权方式对应的第三鉴权信息与所 述标识的对应关系进行存储; 所述服务器接收用户终端发送来的包含有备份 数据的标识的备份数据下载请求消息;所述服务器从存储的所述对应关系中, 查找是否存在与所述请求消息中包含的备份数据的标识对应的第三鉴权信 息; 在查找结果为否时, 所述服务器将所述请求消息中包含的备份数据的标 识所指示的备份数据发送给所述用户终端; 以及在查找结果为是时, 所述服 务器指示所述用户终端提供第三鉴权信息, 并在比较出所述用户终端提供的 第三鉴权信息与所述服务器存储的所述请求消息中包含的备份数据的标识对 应的第三鉴权信息匹配一致时, 将所述请求消息中包含的备份数据的标识所 指示的备份数据发送给所述用户终端。  The server on the network side receives the identifier of the specified backup data sent by the user terminal, and stores the correspondence between the third authentication information corresponding to the authentication mode of the data object level and the identifier that is sent to the user terminal in advance. The server receives a backup data download request message that is sent by the user terminal and includes an identifier of the backup data. The server searches for the identifier of the backup data included in the request message from the stored correspondence relationship. Corresponding third authentication information; when the search result is no, the server sends the backup data indicated by the identifier of the backup data included in the request message to the user terminal; and when the search result is yes, The server instructs the user terminal to provide the third authentication information, and compares the third authentication information provided by the user terminal with the identifier of the backup data included in the request message stored by the server. When the three authentication information matches are consistent, the identifier of the backup data included in the request message is Backup data sending indication to the user terminal.
一种鉴权系统, 包括用户终端和网络侧的服务器, 其中, 所述用户终端 设置为: 选择预设的匹配于不同鉴权方式的鉴权方式信息; 并将选择的所述 鉴权方式信息发送给所述服务器; 以及接收所述服务器发送的鉴权信息, 并 在需要对所述用户终端进行鉴权时, 将所述鉴权信息发送给服务器; 所述服 务器设置为: 接收所述用户终端发送的鉴权方式信息, 选择与所述用户终端 发送来的鉴权方式信息相匹配的鉴权信息, 并发送选择的鉴权信息至所述用 户终端; 以及基于所述用户终端发送的鉴权信息, 完成对所述用户终端的鉴 权。  An authentication system includes a user terminal and a server on the network side, where the user terminal is configured to: select a preset authentication mode information that matches different authentication modes; and select the selected authentication mode information. Sending to the server; receiving the authentication information sent by the server, and sending the authentication information to the server when the user terminal needs to be authenticated; the server is configured to: receive the user terminal Sending authentication mode information, selecting authentication information matching the authentication mode information sent by the user terminal, and transmitting the selected authentication information to the user terminal; and authenticating based on the user terminal Information, completing authentication of the user terminal.
所述用户终端是设置为以如下方式选择预设的匹配于不同鉴权方式的鉴 权方式信息:  The user terminal is configured to select a preset authentication mode information that matches different authentication modes in the following manner:
从所述服务器提供的用于选择匹配于不同鉴权方式的鉴权方式信息的网 页中选择至少一个鉴权方式信息; 或  Selecting at least one authentication mode information from a webpage provided by the server for selecting authentication mode information matching different authentication modes; or
从预先存储在所述用户终端中的匹配于不同鉴权方式的鉴权方式信息中 选择至少一个鉴权方式信息。 当所述服务器选择的所述鉴权信息为与数据对象级别的鉴权方式对应的 第三鉴权信息时, At least one authentication mode information is selected from the authentication mode information that is previously stored in the user terminal and matched to different authentication modes. When the authentication information selected by the server is corresponding to the authentication mode of the data object level When the third authentication information is
所述用户终端还设置为: 将指定备份数据的标识发送给所述服务器; 所述服务器还设置为: 对所述指定备份数据的标识与所述第三鉴权信息 的对应关系进行存储。  The user terminal is further configured to: send an identifier of the specified backup data to the server; the server is further configured to: store a correspondence between the identifier of the specified backup data and the third authentication information.
一种用户终端, 包括: 选择单元, 其设置为选择预设的匹配于不同鉴权 方式的鉴权方式信息; 鉴权方式信息发送单元, 其设置为将选择单元选择的 鉴权方式信息提供给网络侧的服务器; 以及接收单元, 其设置为: 接收所述 服务器根据鉴权方式信息发送单元发送的所述鉴权方式信息反馈的鉴权信 息。  A user terminal, comprising: a selecting unit, configured to select a preset authentication mode information that matches different authentication modes; and an authentication mode information sending unit configured to provide the authentication mode information selected by the selecting unit to a server on the network side; and a receiving unit, configured to: receive the authentication information fed back by the server according to the authentication mode information sent by the authentication mode information sending unit.
一种服务器, 包括: 接收单元, 其设置为: 接收用户终端发送的鉴权方 式信息; 选择单元, 其设置为: 选择与接收单元接收的鉴权方式信息相匹配 的鉴权信息; 以及发送单元, 其设置为: 将选择单元选择的鉴权信息发送至 所述用户终端。  A server, comprising: a receiving unit, configured to: receive authentication mode information sent by a user terminal; a selecting unit configured to: select authentication information that matches an authentication mode information received by the receiving unit; and a sending unit And setting: sending the authentication information selected by the selection unit to the user terminal.
所述选择单元是设置为:  The selection unit is set to:
从所述服务器提供的用于选择匹配于不同鉴权方式的鉴权方式信息的网 页中选择至少一个鉴权方式信息; 或  Selecting at least one authentication mode information from a webpage provided by the server for selecting authentication mode information matching different authentication modes; or
从预先存储在所述用户终端中的匹配于不同鉴权方式的鉴权方式信息中 选择至少一个鉴权方式信息。 当所述鉴权信息为与数据对象级别的鉴权方式对应的第三鉴权信息时, 所述用户终端还包括:  At least one authentication mode information is selected from the authentication mode information that is pre-stored in the user terminal and matched to different authentication modes. When the authentication information is the third authentication information corresponding to the authentication mode of the data object level, the user terminal further includes:
数据标识发送单元, 其设置为: 将指定备份数据的标识发送给所述服务 器。  A data identification transmitting unit is configured to: send an identifier specifying the backup data to the server.
一种备份数据下载装置, 包括: 标识接收单元, 其设置为: 接收用户终 端发送来的指定备份数据的标识; 存储单元, 其设置为: 对预先发送给所述 用户终端的与数据对象级别的鉴权方式对应的第三鉴权信息与标识接收单元 接收到的标识的对应关系进行存储; 请求消息接收单元, 其设置为: 接收用 户终端发送来的包含有备份数据的标识的备份数据下载请求消息;查找单元, 其设置为: 从所述存储单元存储的对应关系中, 查找是否存在与请求消息接 收单元接收的请求消息中包含的备份数据的标识对应的第三鉴权信息; 第一 发送单元, 其设置为: 在查找单元得到的查找结果为否时, 将所述请求消息 中包含的备份数据的标识所指示的备份数据发送给所述用户终端;指示单元, 其设置为: 在查找单元得到的查找结果为是时, 指示所述用户终端提供第三 鉴权信息; 鉴权信息接收单元, 其设置为: 接收用户终端根据指示单元的指 示提供的第三鉴权信息; 比较单元, 其设置为: 比较鉴权信息接收单元接收 的第三鉴权信息与所述存储单元存储的所述请求消息中包含的备份数据的标 识对应的第三鉴权信息是否匹配一致; 以及第二发送单元, 其设置为: 在比 较单元得到的比较结果为是时, 将所述请求消息中包含的备份数据的标识所 指示的备份数据发送给所述用户终端。 A backup data downloading device, comprising: an identifier receiving unit, configured to: receive an identifier of the specified backup data sent by the user terminal; and a storage unit configured to: send the data object level to the user terminal in advance The corresponding relationship between the third authentication information corresponding to the authentication mode and the identifier received by the identifier receiving unit is stored; the request message receiving unit is configured to: receive the backup data download request that is sent by the user terminal and includes the identifier of the backup data. a message; a search unit, configured to: from the correspondence stored in the storage unit, find whether there is a request message The third authentication information corresponding to the identifier of the backup data included in the request message received by the receiving unit; the first sending unit is configured to: when the search result obtained by the searching unit is no, the backup included in the request message The backup data indicated by the identifier of the data is sent to the user terminal, and the indication unit is configured to: when the search result obtained by the search unit is yes, instruct the user terminal to provide the third authentication information; the authentication information receiving unit The setting is: receiving the third authentication information that is provided by the user terminal according to the indication of the indication unit; and the comparing unit, configured to: compare the third authentication information received by the authentication information receiving unit with the storage stored by the storage unit Whether the third authentication information corresponding to the identifier of the backup data included in the request message matches; and the second sending unit is configured to: when the comparison result obtained by the comparing unit is yes, the backup included in the request message The backup data indicated by the identification of the data is sent to the user terminal.
本发明实施例通过用户终端选择预设的匹配于不同鉴权方式的鉴权方式 信息, 并将选择的鉴权方式信息提供给网络侧的服务器, 而服务器在接收到 鉴权方式信息后, 根据该鉴权方式信息选择对应匹配的鉴权信息, 并发送选 择的鉴权信息给用户终端, 从而实现了用户能够利用用户终端灵活地实现按 照自己的需求来设置鉴权方式的目的。  In the embodiment of the present invention, the user terminal selects a preset authentication mode information that matches different authentication modes, and provides the selected authentication mode information to the server on the network side, and after receiving the authentication mode information, the server according to the The authentication mode information selects the matching authentication information, and sends the selected authentication information to the user terminal, thereby realizing the purpose that the user can flexibly implement the authentication mode according to his own needs by using the user terminal.
附图概述 BRIEF abstract
图 1为本发明实施例提供的一种鉴权方法的具体流程示意图;  FIG. 1 is a schematic flowchart of a method for authenticating an authentication method according to an embodiment of the present disclosure;
图 2为本发明实施例提供的一种备份数据下载方法的具体流程示意图; 图 3为本发明实施例提供的备份数据下载方法在实际中的一种应用流程 示意图;  2 is a schematic flowchart of a backup data downloading method according to an embodiment of the present invention; FIG. 3 is a schematic diagram of an application flow of a backup data downloading method according to an embodiment of the present invention;
图 4为本发明实施例提供的备份数据下载方法在实际中的另一种应用流 程示意图;  FIG. 4 is a schematic diagram of another application flow of a backup data downloading method according to an embodiment of the present invention;
图 5为本发明实施例提供的一种鉴权系统的具体结构示意图;  FIG. 5 is a schematic structural diagram of an authentication system according to an embodiment of the present disclosure;
图 6为本发明实施例提供的一种用户终端的具体结构示意图;  FIG. 6 is a schematic structural diagram of a user terminal according to an embodiment of the present disclosure;
图 7为本发明实施例提供的一种服务器的具体结构示意图;  FIG. 7 is a schematic structural diagram of a server according to an embodiment of the present disclosure;
图 8为本发明实施例提供的一种备份数据下载装置的具体结构示意图。 本发明的较佳实施方式 FIG. 8 is a schematic structural diagram of a backup data downloading apparatus according to an embodiment of the present invention. Preferred embodiment of the invention
本发明实施例通过用户终端选择预设的匹配于不同鉴权方式的鉴权方式 信息, 并将选择的该鉴权方式信息提供给网络侧的服务器, 再接收服务器根 据该鉴权方式信息发送来的鉴权信息, 从而解决了现有技术存在的用户不能 够灵活地实现按照自己的需求来设置鉴权方式的问题。  In the embodiment of the present invention, the user terminal selects a preset authentication mode information that matches different authentication modes, and provides the selected authentication mode information to the server on the network side, and then the receiving server sends the information according to the authentication mode information. The authentication information solves the problem that the user existing in the prior art cannot flexibly implement the authentication mode according to his own needs.
下面结合各个附图对本发明实施例技术方案的主要实现原理、 具体实施 方式及其对应能够达到的有益效果进行详细的阐述。  The main implementation principles, specific implementation manners, and the corresponding beneficial effects that can be achieved by the technical solutions of the embodiments of the present invention are described in detail below with reference to the accompanying drawings.
本发明实施例首先提供一种鉴权信息获得方法, 该方法的具体流程示意 图如图 1所示, 包括以下步骤:  The embodiment of the present invention first provides a method for obtaining authentication information. The specific process diagram of the method is shown in FIG. 1 and includes the following steps:
步骤 11 , 用户终端选择预设的匹配于不同鉴权方式的鉴权方式信息, 比 如, 用户终端可以在用户的控制下从服务器提供的用于选择匹配于不同鉴权 方式的鉴权方式信息的网页中选择至少一个鉴权方式信息, 或者用户终端也 可以从预先存储在用户终端中的匹配于不同鉴权方式的鉴权方式信息中选择 至少一个鉴权方式信息, 这里的鉴权方式信息可以是分别匹配于背景技术中 提及的三种鉴权方式的不同标识信息, 用户可以根据自身的需求, 控制用户 终端选择一种鉴权方式所匹配的鉴权方式信息, 也可以选择多个鉴权方式所 匹配的鉴权方式信息;  Step 11: The user terminal selects a preset authentication mode information that is matched with different authentication modes. For example, the user terminal may provide information about the authentication mode that is matched by the different authentication modes from the server under the control of the user. Selecting at least one authentication mode information in the webpage, or the user terminal may select at least one authentication mode information from the authentication mode information that is pre-stored in the user terminal and matched with different authentication modes, where the authentication mode information may be Different identification information is matched with the three authentication methods mentioned in the background, respectively. The user can control the user terminal to select an authentication mode information matched by an authentication mode according to its own needs, or select multiple templates. Information about the authentication method matched by the right mode;
步骤 12, 用户终端将选择的鉴权方式信息发送给网络侧的服务器, 用户 终端将选择的鉴权方式信息提供给网络侧的目的在于获得服务器反馈来的匹 配于该鉴权方式信息的鉴权信息;  Step 12: The user terminal sends the selected authentication mode information to the server on the network side, and the user terminal provides the selected authentication mode information to the network side to obtain the authentication matched by the server and matched with the authentication mode information. Information
步骤 13 , 服务器根据用户终端提供的鉴权方式信息, 选择与该鉴权方式 信息相匹配的鉴权信息, 并将选择的鉴权信息发送给用户终端, 在本步骤 13 中, 若用户选择的是对应于背景技术中介绍的服务器级别的鉴权方式的鉴权 方式信息, 则服务器可以从预先存储的鉴权方式信息与鉴权信息的对应关系 中, 确定出与用户终端发送的鉴权方式信息对应的第一鉴权信息, 并将该第 一鉴权信息发送给用户终端, 而若用户选择的是对应于背景技术中介绍的数 据对象级别的鉴权方式的鉴权信息, 则服务器可以从预先存储的上述对应关 系中, 确定出与用户终端发送的鉴权方式信息对应的第三鉴权信息, 并将该 第三鉴权信息发送给用户终端,关于发送给用户终端的鉴权信息的使用方式, 将在本发明实施例提供的一种备份数据下载方法中具体介绍,在此不再赘述, 在本步骤 13中,服务器在选择出与用户终端发送来的鉴权方式信息相匹配的 鉴权信息后,还可以对选择的鉴权信息与用户终端标识的对应关系进行存储, 由于服务器可能已经预先根据用户的类型为用户分配了默认的鉴权方式信息 与鉴权信息, 因此, 在服务器在对选择的鉴权信息进行存储前, 还可以进一 步包括步骤: Step 13: The server selects the authentication information that matches the authentication mode information according to the authentication mode information provided by the user terminal, and sends the selected authentication information to the user terminal. In this step 13, if the user selects The authentication mode information corresponding to the server-level authentication mode introduced in the background art, the server may determine the authentication mode sent by the user terminal from the correspondence between the pre-stored authentication mode information and the authentication information. The first authentication information corresponding to the information is sent to the user terminal, and if the user selects the authentication information corresponding to the authentication mode of the data object level introduced in the background art, the server may And determining the third authentication information corresponding to the authentication mode information sent by the user terminal, and transmitting the third authentication information to the user terminal, where the authentication information is sent to the user terminal. Way of use, The method for downloading the backup data provided by the embodiment of the present invention is specifically described, and details are not described herein again. In this step 13, the server selects the authentication information that matches the authentication mode information sent by the user terminal. After that, the corresponding relationship between the selected authentication information and the user terminal identifier may be stored. Since the server may have previously assigned the default authentication mode information and the authentication information according to the type of the user, the server is in the pair. Before the selected authentication information is stored, the method may further include the following steps:
首先, 服务器比较用户终端发送来的鉴权方式信息与预先根据用户的类 型为用户分配的默认的鉴权方式信息是否一致;  First, the server compares the authentication mode information sent by the user terminal with the default authentication mode information previously allocated to the user according to the type of the user;
然后, 在比较结果为一致时, 服务器对默认分配给用户终端的鉴权信息 与用户终端标识的对应关系进行存储, 而在比较结果为不一致时, 服务器进 一步判断该用户终端是否能使用用户终端提供的该鉴权方式信息, 具体地, 服务器可以从预先设置的用户终端的标识与用户终端能够使用的鉴权方式信 息中确定该用户终端能够使用的鉴权方式信息, 并在判断得到该用户终端提 供的鉴权方式信息为该用户终端能够使用的鉴权方式信息时, 对选择的用户 终端的鉴权信息与用户终端标识的对应关系进行存储, 而在判断得到该用户 终端提供的鉴权方式信息不是该用户终端能够使用的鉴权方式信息时, 不对 该用户终端的鉴权信息与用户终端标识的对应关系进行存储, 并向该用户终 端发送鉴权方式设置不成功的通知消息, 从而使用户终端能够获知用户本次 对鉴权方式的设置失败;  Then, when the comparison result is consistent, the server stores the correspondence between the authentication information assigned to the user terminal by default and the user terminal identifier, and when the comparison result is inconsistent, the server further determines whether the user terminal can be provided by using the user terminal. Specifically, the server may determine, from the identifier of the preset user terminal and the authentication mode information that can be used by the user terminal, the authentication mode information that can be used by the user terminal, and determine the user terminal. When the provided authentication mode information is the authentication mode information that can be used by the user terminal, the correspondence between the authentication information of the selected user terminal and the user terminal identifier is stored, and the authentication mode provided by the user terminal is determined. When the information is not the authentication mode information that can be used by the user terminal, the correspondence between the authentication information of the user terminal and the user terminal identifier is not stored, and the notification message that the authentication mode setting is unsuccessful is sent to the user terminal, so that User terminal can know the user Set times for authentication methods fail;
步骤 14, 在需要对用户终端进行鉴权时, 用户终端将接收到的鉴权信息 发送给服务器;  Step 14. When the user terminal needs to be authenticated, the user terminal sends the received authentication information to the server.
步骤 15 ,服务器基于用户终端发送的鉴权信息,完成对用户终端的鉴权, 其中, 服务器基于用户终端发送的鉴权信息对用户终端进行鉴权的过程可以 参照现有技术中提供的流程, 在此不再赘述。  Step 15: The server performs authentication on the user terminal based on the authentication information sent by the user terminal, where the process of authenticating the user terminal based on the authentication information sent by the user terminal may refer to the process provided in the prior art. I will not repeat them here.
需要说明的是, 当用户终端接收到的鉴权信息为与数据对象级别的鉴权 方式对应的第三鉴权信息时, 本发明实施例提供的上述方法还可以进一步包 括:  It should be noted that, when the authentication information received by the user terminal is the third authentication information corresponding to the authentication mode of the data object level, the foregoing method provided by the embodiment of the present invention may further include:
用户终端将指定备份数据的标识发送给服务器; 服务器对该指定备份数据的标识与该第三鉴权信息的对应关系进行存 储, 从而服务器能够获知后续用户终端在请求下载该指定备份数据的标识所 指示的备份数据时, 需要用户终端提供与该第三鉴权信息匹配一致的鉴权信 息后, 才能允许用户终端下载该备份数据。 The user terminal sends the identifier of the specified backup data to the server; The server stores the corresponding relationship between the identifier of the specified backup data and the third authentication information, so that the server can learn that the subsequent user terminal needs to provide the backup data indicated by the identifier of the designated backup data. After the third authentication information matches the consistent authentication information, the user terminal can be allowed to download the backup data.
本发明实施例还提供一种备份数据下载方法, 该方法的具体流程示意如 图 2所示, 包括以下步骤:  The embodiment of the present invention further provides a backup data downloading method. The specific process of the method is as shown in FIG. 2, and includes the following steps:
步骤 21 , 网络侧的服务器接收用户终端发送来的指定备份数据的标识, 并对预先发送给该用户终端的与数据对象级别的鉴权方式对应的第三鉴权信 息与指定备份数据的标识的对应关系进行存储;  Step 21: The server on the network side receives the identifier of the specified backup data sent by the user terminal, and the third authentication information corresponding to the authentication mode of the data object level and the identifier of the designated backup data that are sent to the user terminal in advance. Corresponding relationship is stored;
步骤 22, 网络侧的服务器接收用户终端发送来的包含有备份数据的标识 的备份数据下载请求消息;  Step 22: The server on the network side receives a backup data download request message that is sent by the user terminal and includes an identifier of the backup data.
步骤 23 , 服务器从存储的指定备份数据的标识与第三鉴权信息的对应关 系中, 查找是否存在与用户终端发送来的备份数据下载请求消息中包含的备 份数据的标识对应的第三鉴权信息, 并在查找结果为否时, 执行步骤 24, 而 在查找结果为是时, 执行步骤 25;  Step 23: The server searches for a third authentication corresponding to the identifier of the backup data included in the backup data download request message sent by the user terminal, from the stored correspondence between the identifier of the specified backup data and the third authentication information. Information, and when the search result is no, step 24 is performed, and when the search result is yes, step 25 is performed;
步骤 24, 服务器将上述备份数据下载请求消息中包含的备份数据的标识 所指示的备份数据发送给用户终端;  Step 24: The server sends the backup data indicated by the identifier of the backup data included in the backup data download request message to the user terminal.
步骤 25 , 服务器指示用户终端提供第三鉴权信息, 并在比较出用户终端 提供的第三鉴权信息与服务器存储的上述备份数据下载请求消息中包含的备 份数据的标识对应的第三鉴权信息匹配一致时, 将上述备份数据下载请求消 息中包含的备份数据的标识所指示的备份数据发送给用户终端。  Step 25: The server instructs the user terminal to provide the third authentication information, and compares the third authentication information provided by the user terminal with the third authentication corresponding to the identifier of the backup data included in the backup data download request message stored by the server. When the information matching is consistent, the backup data indicated by the identifier of the backup data included in the backup data download request message is sent to the user terminal.
需要说明的是, 本发明实施例提供的上述备份数据下载方法可以基于本 发明实施例提供的鉴权信息获得方法来实施, 也可以独立实施。  It should be noted that the method for downloading the backup data provided by the embodiment of the present invention may be implemented based on the method for obtaining authentication information provided by the embodiment of the present invention, or may be implemented independently.
以下以本发明实施例提供的上述备份数据下载方法在实际中的应用流程 为例, 详细说明该方法的具体实现流程, 在该具体实现流程中, 假设用户终 端选择了多种鉴权方式(包括服务器级别的鉴权方式、 数据库级别的鉴权方 式以及数据对象级别的鉴权方式)对应的鉴权方式信息, 则该具体实现流程 的一种实现方式的具体示意图如图 3所示, 包括以下步骤: 步骤 31 , 用户终端向服务器发送建立连接请求消息, 该请求消息中包含 有用户终端的标识; In the following, the application flow of the above-mentioned backup data downloading method provided by the embodiment of the present invention is taken as an example, and the specific implementation process of the method is described in detail. In the specific implementation process, it is assumed that the user terminal selects multiple authentication modes (including A specific schematic diagram of an implementation manner of the specific implementation process is shown in FIG. 3, including the following, as shown in FIG. 3, and the following is a schematic diagram of the authentication mode of the server-level authentication mode, the database-level authentication mode, and the data object-level authentication mode. step: Step 31: The user terminal sends a connection establishment request message to the server, where the request message includes an identifier of the user terminal.
步骤 32 , 服务器接收该建立连接请求消息, 并根据从该请求消息中解析 得到用户终端的标识, 从预先设定的用户终端的标识与对应于服务器级别的 鉴权方式的第一鉴权信息的对应关系中, 确定是否存在与该用户终端的标识 对应的第一鉴权信息, 当判断结果为是时, 执行步骤 33 , 否则, 服务器直接 建立起与用户终端的连接, 允许用户终端访问服务器, 并向用户终端发送建 立连接确认消息, 并跳转为执行步骤 37;  Step 32: The server receives the connection establishment request message, and according to the identifier of the user terminal, the identifier of the user terminal and the first authentication information corresponding to the authentication mode of the server level are determined according to the identifier of the user terminal. In the corresponding relationship, determining whether there is first authentication information corresponding to the identifier of the user terminal, and when the determination result is yes, performing step 33; otherwise, the server directly establishes a connection with the user terminal, and allows the user terminal to access the server. And sending a connection establishment confirmation message to the user terminal, and jumping to step 37;
步骤 33 , 服务器向用户终端发送指示用户终端提供第一鉴权信息的通知 消息;  Step 33: The server sends a notification message to the user terminal indicating that the user terminal provides the first authentication information.
步骤 34 , 用户终端向服务器发送第一鉴权信息;  Step 34: The user terminal sends the first authentication information to the server.
步骤 35 , 服务器根据该用户终端的标识, 从预先存储的用户终端的标识 与第一鉴权信息的对应关系中, 确定对应于该用户终端的第一鉴权信息, 并 判断用户终端发送来的第一鉴权信息与确定的第一鉴权信息是否匹配一致, 若判断结果为是, 则执行步骤 36 , 否则,服务器不允许用户终端访问服务器, 并向用户终端反馈连接失败通知消息, 从而结束流程;  Step 35: The server determines, according to the identifier of the user terminal, the first authentication information corresponding to the user terminal from the correspondence between the identifier of the pre-stored user terminal and the first authentication information, and determines the sent by the user terminal. If the first authentication information is consistent with the determined first authentication information, if the determination result is yes, step 36 is performed; otherwise, the server does not allow the user terminal to access the server, and feeds back the connection failure notification message to the user terminal, thereby ending Process;
步骤 36 , 服务器建立起与用户终端之间的连接, 允许用户终端访问服务 器, 并向用户终端发送建立连接确认消息;  Step 36: The server establishes a connection with the user terminal, allows the user terminal to access the server, and sends a connection establishment confirmation message to the user terminal.
步骤 37 , 假设用户终端需要从服务器的数据库中下载备份数据, 则用户 终端向服务器发送包含有备份数据的标识的备份数据下载请求消息, 该请求 消息中包含有用户终端的标识和需下载的备份数据的标识;  Step 37: Assuming that the user terminal needs to download the backup data from the database of the server, the user terminal sends a backup data download request message containing the identifier of the backup data to the server, where the request message includes the identifier of the user terminal and the backup to be downloaded. Identification of the data;
步骤 38 , 服务器在接收到用户终端发送来的备份数据下载请求消息后, 从该请求消息中解析出用户终端的标识和需下载的备份数据的标识, 并根据 从该请求消息中解析得到用户终端的标识, 从预先设定的用户终端的标识与 对应于数据库级别的鉴权方式的第二鉴权信息的对应关系中, 确定是否存在 与该用户终端的标识对应的第二鉴权信息, 当判断结果为是时,执行步骤 39 , 否则, 服务器允许用户终端访问数据库, 向用户终端发送允许访问数据库的 通知消息, 并跳转为执行步骤 312; 步骤 39, 服务器向用户终端发送指示用户终端提供第二鉴权信息的通知 消息; Step 38: After receiving the backup data download request message sent by the user terminal, the server parses the identifier of the user terminal and the identifier of the backup data to be downloaded from the request message, and parses the user terminal according to the request message. And determining, by the correspondence between the identifier of the preset user terminal and the second authentication information corresponding to the authentication mode of the database level, whether there is second authentication information corresponding to the identifier of the user terminal, when If the result of the determination is yes, step 39 is performed; otherwise, the server allows the user terminal to access the database, and sends a notification message to the user terminal to allow access to the database, and jumps to step 312; Step 39: The server sends a notification message to the user terminal indicating that the user terminal provides the second authentication information.
步骤 310, 用户终端向服务器发送第二鉴权信息;  Step 310: The user terminal sends second authentication information to the server.
步骤 311 , 服务器根据该用户终端的标识, 从预先存储的用户终端的标 识与第二鉴权信息的对应关系中, 确定对应于该用户终端的第二鉴权信息, 并判断用户终端发送来的第二鉴权信息与确定的第二鉴权信息是否匹配一 致, 若判断结果为是, 则执行步骤 312, 否则, 服务器不允许用户终端访问 数据库, 并向用户终端访问数据库失败的通知消息, 从而结束流程;  Step 311: The server determines, according to the identifier of the user terminal, the second authentication information corresponding to the user terminal from the pre-stored correspondence between the identifier of the user terminal and the second authentication information, and determines the sending by the user terminal. If the second authentication information is consistent with the determined second authentication information, if the determination result is yes, step 312 is performed; otherwise, the server does not allow the user terminal to access the database, and accesses the database failure notification message to the user terminal, thereby End the process;
步骤 312 , 服务器根据用户终端的标识, 从预先存储的用户终端的标识 和备份数据的标识的对应关系中, 确定与该用户终端的标识对应的备份数据 的标识, 进一步地, 根据解析得到的需下载的备份数据的标识, 从预先设定 的备份数据的标识与第三鉴权信息的对应关系中, 查找是否存在与需下载的 备份数据的标识对应的第三鉴权信息, 当查找结果为是时, 执行步骤 313 , 否则, 服务器将需下载的备份数据的标识对应的备份数据发送给用户终端, 用户终端下载备份数据的流程结束;  Step 312: The server determines, according to the identifier of the user terminal, the identifier of the backup data corresponding to the identifier of the user terminal from the correspondence between the identifier of the user terminal and the identifier of the backup data, and further, according to the needs of the analysis. The identifier of the downloaded backup data, from the correspondence between the identifier of the preset backup data and the third authentication information, whether there is a third authentication information corresponding to the identifier of the backup data to be downloaded, when the search result is If yes, go to step 313. Otherwise, the server sends the backup data corresponding to the identifier of the backup data to be downloaded to the user terminal, and the process of downloading the backup data by the user terminal ends;
步骤 313 , 服务器向用户终端发送指示用户终端提供第三鉴权信息的通 知消息;  Step 313: The server sends a notification message to the user terminal indicating that the user terminal provides the third authentication information.
步骤 314, 用户终端向服务器发送第三鉴权信息;  Step 314: The user terminal sends third authentication information to the server.
步骤 315 , 服务器比较接收到的第三鉴权信息与需下载的备份数据的标 识对应的第三鉴权信息是否一致, 在比较结果为一致时, 执行步骤 316, 否 则, 向用户终端发送获取备份数据失败的通知消息, 流程结束;  Step 315: The server compares the received third authentication information with the third authentication information corresponding to the identifier of the backup data to be downloaded. If the comparison result is consistent, go to step 316. Otherwise, send the backup to the user terminal. The notification message of the data failure, the process ends;
步骤 316 , 服务器将需下载的备份数据的标识对应的备份数据发送给用 户终端, 用户终端下载备份数据的流程结束。  Step 316: The server sends the backup data corresponding to the identifier of the backup data to be downloaded to the user terminal, and the process of downloading the backup data by the user terminal ends.
如图 3所示的上述步骤中, 用户终端都是被动地在接收到服务器发送的 指示用户终端提供鉴权信息的通知消息后, 才将相应的鉴权信息提供给服务 器, 而实际上, 用户终端也可以在向服务器发送诸如下载备份数据的请求消 息的同时, 主动向服务器提供鉴权信息。 针对于用户终端主动向服务器提供 鉴权信息的情况, 本发明实施例提供的上述备份数据下载方法在实际中的另 一个应用流程示意图则如图 4所示, 包括以下步骤: In the above steps shown in FIG. 3, the user terminal passively provides the corresponding authentication information to the server after receiving the notification message sent by the server indicating that the user terminal provides the authentication information, but actually, the user The terminal may also actively provide authentication information to the server while transmitting a request message such as downloading backup data to the server. In the case that the user terminal actively provides the authentication information to the server, the foregoing backup data downloading method provided by the embodiment of the present invention is another in practice. An application flow diagram is shown in Figure 4, including the following steps:
步骤 41 , 用户终端向服务器发送建立连接请求消息, 该请求消息中包含 用户终端的标识以及对应于服务器级别的鉴权方式的第一鉴权信息;  Step 41: The user terminal sends a connection establishment request message to the server, where the request message includes an identifier of the user terminal and first authentication information corresponding to an authentication mode of the server level.
步骤 42, 服务器接收该建立连接请求消息, 并通过解析该请求消息获得 该请求消息中包含的用户终端的标识和第一鉴权信息;  Step 42: The server receives the connection establishment request message, and obtains the identifier of the user terminal and the first authentication information included in the request message by parsing the request message.
步骤 43 , 服务器根据该用户终端的标识, 从预先存储的用户终端的标识 与第一鉴权信息的对应关系中, 确定对应于该用户终端的第一鉴权信息; 步骤 44, 服务器判断建立连接请求消息中包含的第一鉴权信息与上述确 定的第一鉴权信息是否匹配一致, 若判断结果为是, 则执行步骤 45 , 否则, 服务器不允许用户终端访问服务器, 并向用户终端反馈连接失败通知消息, 从而结束流程;  Step 43: The server determines, according to the identifier of the user terminal, the first authentication information corresponding to the user terminal from the correspondence between the identifier of the pre-stored user terminal and the first authentication information. Step 44: The server determines to establish a connection. Whether the first authentication information included in the request message matches the first authentication information determined above, and if the determination result is yes, step 45 is performed; otherwise, the server does not allow the user terminal to access the server, and feeds back the connection to the user terminal. The failure notification message ends the process;
步骤 45 , 服务器建立起与用户终端之间的连接, 允许用户终端访问服务 器, 并向用户终端发送建立连接确认消息;  Step 45: The server establishes a connection with the user terminal, allows the user terminal to access the server, and sends a connection establishment confirmation message to the user terminal.
步骤 46, 假设用户终端需要从服务器的数据库中下载备份数据, 则用户 终端向服务器发送包含有备份数据的标识的备份数据下载请求消息, 该请求 消息中包含有用户终端的标识和需下载的备份数据的标识, 同时还包含对应 于数据库级别的鉴权方式的第二鉴权信息;  Step 46, assuming that the user terminal needs to download the backup data from the database of the server, the user terminal sends a backup data download request message containing the identifier of the backup data to the server, where the request message includes the identifier of the user terminal and the backup to be downloaded. The identifier of the data, and the second authentication information corresponding to the authentication mode at the database level;
步骤 47 , 服务器在接收到用户终端发送来的备份数据下载请求消息后, 从该请求消息中解析出用户终端的标识、 需下载的备份数据的标识以及第二 鉴权信息, 并根据用户终端的标识, 从存储的用户终端的标识与第二鉴权信 息的对应关系中, 确定与该用户终端的标识对应的第二鉴权信息, 并比较确 定的第二鉴权信息与解析出的第二鉴权信息是否对应一致, 并在比较结果为 一致时, 执行步骤 48, 否则, 服务器不允许用户终端从数据库中下载备份数 据, 并向用户终端反馈访问数据库失败的通知消息, 并结束流程;  Step 47: After receiving the backup data download request message sent by the user terminal, the server parses the identifier of the user terminal, the identifier of the backup data to be downloaded, and the second authentication information from the request message, and according to the user terminal. Identifying, from the corresponding relationship between the identifier of the stored user terminal and the second authentication information, determining second authentication information corresponding to the identifier of the user terminal, and comparing the determined second authentication information with the parsed second Whether the authentication information is consistent, and when the comparison result is consistent, step 48 is performed. Otherwise, the server does not allow the user terminal to download the backup data from the database, and feeds back to the user terminal a notification message for accessing the database failure, and ends the process;
步骤 48, 服务器根据用户终端的标识, 从预先存储的用户终端的标识和 备份数据的标识的对应关系中, 确定与该用户终端的标识对应的备份数据的 标识, 进一步地, 根据解析得到的需下载的备份数据的标识, 从预先设定的 备份数据的标识与第三鉴权信息的对应关系中, 查找是否存在与需下载的备 份数据的标识对应的第三鉴权信息, 当查找结果为是时,执行步骤 49, 否则, 服务器将需下载的备份数据的标识对应的备份数据发送给用户终端, 用户终 端下载备份数据的流程结束; Step 48: The server determines, according to the identifier of the user terminal, the identifier of the backup data corresponding to the identifier of the user terminal from the correspondence between the identifier of the user terminal and the identifier of the backup data, and further, according to the needs of the analysis. The identifier of the downloaded backup data, from the correspondence between the identifier of the preset backup data and the third authentication information, whether there is a backup to be downloaded The third authentication information corresponding to the identifier of the data, when the search result is yes, step 49 is performed. Otherwise, the server sends the backup data corresponding to the identifier of the backup data to be downloaded to the user terminal, and the user terminal downloads the backup data. End;
步骤 49, 服务器向用户终端发送指示用户终端提供第三鉴权信息的通知 消息;  Step 49: The server sends a notification message to the user terminal indicating that the user terminal provides the third authentication information.
步骤 410, 用户终端向服务器发送第三鉴权信息;  Step 410: The user terminal sends third authentication information to the server.
步骤 411 , 服务器比较接收到的第三鉴权信息与需下载的备份数据的标 识对应的第三鉴权信息是否一致, 在比较结果为一致时, 执行步骤 412, 否 则, 向用户终端发送获取备份数据失败的通知消息, 流程结束;  Step 411: The server compares the received third authentication information with the third authentication information corresponding to the identifier of the backup data to be downloaded. If the comparison result is consistent, go to step 412. Otherwise, send the backup to the user terminal. The notification message of the data failure, the process ends;
步骤 412 , 服务器将需下载的备份数据的标识对应的备份数据发送给用 户终端, 用户终端下载备份数据的流程结束。  Step 412: The server sends the backup data corresponding to the identifier of the backup data to be downloaded to the user terminal, and the process of downloading the backup data by the user terminal ends.
相应地, 本发明实施例还提供了一种鉴权系统, 用以解决釆用现有技术 提供的鉴权方式设置方案使得用户无法灵活地按照自己的需求来设置鉴权方 式的问题, 该系统的具体结构示意图如图 5所示, 包括用户终端 51和网络侧 的服务器 52, 其中:  Correspondingly, the embodiment of the present invention further provides an authentication system for solving the problem that the authentication mode setting scheme provided by the prior art enables the user to flexibly set the authentication mode according to his own needs. A schematic diagram of a specific structure is shown in FIG. 5, including a user terminal 51 and a server 52 on the network side, where:
用户终端 51用于选择预设的匹配于不同鉴权方式的鉴权方式信息;并将 选择的鉴权方式信息发送给服务器 52; 以及接收服务器 52发送的鉴权信息, 并在需要对用户终端 51进行鉴权时, 将鉴权信息发送给服务器 52, 其中, 用户终端 51可以从服务器 52提供的用于选择匹配于不同鉴权方式的鉴权方 式信息的网页中选择至少一个鉴权方式信息, 或者, 用户终端 51也可以从预 先存储在用户终端 51 中的匹配于不同鉴权方式的鉴权方式信息中选择至少 一个鉴权方式信息;  The user terminal 51 is configured to select preset authentication mode information that matches different authentication modes; and send the selected authentication mode information to the server 52; and receive the authentication information sent by the server 52, and need to use the user terminal. When the authentication is performed, the authentication information is sent to the server 52, where the user terminal 51 can select at least one authentication mode information from the webpage provided by the server 52 for selecting the authentication mode information that matches the different authentication modes. Alternatively, the user terminal 51 may also select at least one authentication mode information from the authentication mode information matched in different authentication modes stored in the user terminal 51 in advance;
服务器 52用于接收用户终端 51发送的鉴权方式信息, 以及选择与用户 终端 51发送来的鉴权方式信息相匹配的鉴权信息,并发送选择的鉴权信息至 用户终端 51 ; 以及基于用户终端 51发送的鉴权信息, 完成对 51用户终端的 鉴权。  The server 52 is configured to receive the authentication mode information sent by the user terminal 51, and select the authentication information that matches the authentication mode information sent by the user terminal 51, and send the selected authentication information to the user terminal 51; The authentication information sent by the terminal 51 completes the authentication of the 51 user terminal.
需要说明的是, 当服务器 52选择的鉴权信息为与数据对象级别的鉴权方 式对应的第三鉴权信息时,用户终端 51还应该将指定备份数据的标识发送给 服务器 52, 而服务器 52在接收到指定备份数据的标识后, 还需要对指定备 份数据的标识与第三鉴权信息的对应关系进行存储。 It should be noted that, when the authentication information selected by the server 52 is the third authentication information corresponding to the authentication mode of the data object level, the user terminal 51 should also send the identifier of the specified backup data to the identifier. After the server 52 receives the identifier of the specified backup data, the server 52 also needs to store the correspondence between the identifier of the specified backup data and the third authentication information.
对应于本发明实施例提供的该系统中包含的用户终端, 本发明实施例还 提供了一种如图 6所示的用户终端, 该用户终端包括以下功能单元:  Corresponding to the user terminal included in the system provided by the embodiment of the present invention, the embodiment of the present invention further provides a user terminal as shown in FIG. 6, and the user terminal includes the following functional units:
选择单元 61 , 用于选择预设的匹配于不同鉴权方式的鉴权方式信息, 其 中,选择单元 61具体可以从服务器提供的用于选择鉴权方式信息的网页中选 择鉴权方式信息, 或者可以从预先存储在该用户终端中的鉴权方式信息中选 择至少一个鉴权方式信息;  The selecting unit 61 is configured to select a preset authentication mode information that is matched with different authentication modes, where the selecting unit 61 may specifically select the authentication mode information from the webpage provided by the server for selecting the authentication mode information, or The at least one authentication mode information may be selected from the authentication mode information pre-stored in the user terminal;
鉴权方式信息发送单元 62, 用于将选择单元 61选择的鉴权方式信息发 送给网络侧的服务器;  The authentication mode information sending unit 62 is configured to send the authentication mode information selected by the selecting unit 61 to the server on the network side;
接收单元 63 , 用于接收服务器根据鉴权方式信息发送单元 62发送的鉴 权方式信息反馈来的鉴权信息。  The receiving unit 63 is configured to receive the authentication information fed back by the server according to the authentication mode information sent by the authentication mode information sending unit 62.
较佳地, 当上述鉴权信息为背景技术中介绍的对应数据对象级别的鉴权 方式的第三鉴权信息时, 本发明实施例提供的上述用户终端还可以进一步包 括数据标识发送单元, 该数据标识发送单元用于将指定备份数据的标识发送 给服务器。  Preferably, when the authentication information is the third authentication information of the authentication mode corresponding to the data object level introduced in the background, the user terminal provided by the embodiment of the present invention may further include a data identifier sending unit, where The data identification sending unit is configured to send the identifier of the specified backup data to the server.
本发明实施例还提供一种服务器, 该服务器的具体结构示意图如图 7所 示, 包括以下功能单元:  The embodiment of the present invention further provides a server. The specific structure of the server is shown in FIG. 7, and includes the following functional units:
接收单元 71 , 用于接收用户终端发送的鉴权方式信息;  The receiving unit 71 is configured to receive authentication mode information sent by the user terminal.
选择单元 72, 用于选择与接收单元 71接收的鉴权方式信息相匹配的鉴 权信息;  The selecting unit 72 is configured to select authentication information that matches the authentication mode information received by the receiving unit 71;
发送单元 73 , 用于将选择单元 72选择的鉴权信息发送至用户终端。 对应于本发明实施例提供的一种备份数据下载方法, 本发明实施例还提 供一种备份数据下载装置, 该装置的具体结构示意图如图 8所示, 包括以下 功能单元:  The sending unit 73 is configured to send the authentication information selected by the selecting unit 72 to the user terminal. A backup data downloading method is provided in the embodiment of the present invention. The embodiment of the present invention further provides a backup data downloading apparatus. The specific structure of the apparatus is as shown in FIG. 8, and includes the following functional units:
标识接收单元 81 , 用于接收用户终端发送来的指定备份数据的标识; 存储单元 82, 用于对预先发送给用户终端的与数据对象级别的鉴权方式 对应的第三鉴权信息与标识接收单元 81接收到的标识的对应关系进行存储; 请求消息接收单元 83 , 用于接收用户终端发送来的包含有备份数据的标 识的备份数据下载请求消息; The identifier receiving unit 81 is configured to receive the identifier of the specified backup data sent by the user terminal, and the storage unit 82 is configured to receive the third authentication information and the identifier that is corresponding to the data object level authentication manner that is sent to the user terminal in advance. The correspondence between the identifiers received by the unit 81 is stored; a request message receiving unit 83, configured to receive a backup data download request message that is sent by the user terminal and includes an identifier of the backup data;
查找单元 84 , 用于从存储单元 82存储的对应关系中, 查找是否存在与 请求消息接收单元 83 接收的请求消息中包含的备份数据的标识对应的第三 鉴权信息;  The searching unit 84 is configured to search, from the correspondence relationship stored by the storage unit 82, whether there is third authentication information corresponding to the identifier of the backup data included in the request message received by the request message receiving unit 83;
第一发送单元 85 , 用于在查找单元 84得到的查找结果为否时, 将上述 请求消息中包含的备份数据的标识所指示的备份数据发送给用户终端;  The first sending unit 85 is configured to: when the search result obtained by the searching unit 84 is negative, send the backup data indicated by the identifier of the backup data included in the request message to the user terminal;
指示单元 86 , 用于在查找单元 84得到的查找结果为是时, 指示用户终 端提供第三鉴权信息;  The indicating unit 86 is configured to: when the search result obtained by the searching unit 84 is YES, instruct the user terminal to provide the third authentication information;
鉴权信息接收单元 87 , 用于接收用户终端根据指示单元 86的指示提供 的第三鉴权信息;  The authentication information receiving unit 87 is configured to receive third authentication information that is provided by the user terminal according to the indication of the indication unit 86;
比较单元 88 , 用于比较鉴权信息接收单元 87接收的第三鉴权信息与存 储单元 82存储的请求消息中包含的备份数据的标识对应的第三鉴权信息是 否匹配一致;  The comparing unit 88 is configured to compare the third authentication information received by the authentication information receiving unit 87 with the third authentication information corresponding to the identifier of the backup data included in the request message stored by the storage unit 82;
第二发送单元 89 , 用于在比较单元 88得到的比较结果为是时, 将请求 消息中包含的备份数据的标识所指示的备份数据发送给用户终端。  The second sending unit 89 is configured to: when the comparison result obtained by the comparing unit 88 is YES, send the backup data indicated by the identifier of the backup data included in the request message to the user terminal.
本发明实施例中, 可以基于本发明实施例提供的鉴权系统来实现备份数 据下载装置的功能, 但该备份数据下载装置功能的实现也可以不依赖于该鉴 权系统的功能。  In the embodiment of the present invention, the function of the backup data downloading device can be implemented based on the authentication system provided by the embodiment of the present invention, but the implementation of the function of the backup data downloading device can also be independent of the function of the authentication system.
显然, 本领域的技术人员可以对本发明进行各种改动和变型而不脱离本 发明的精神和范围。 这样, 倘若本发明的这些修改和变型属于本发明权利要 求及其等同技术的范围之内, 则本发明也意图包含这些改动和变型在内。  It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and variations of the inventions
工业实用性 应用本发明, 用户能够利用用户终端灵活地实现按照自己的需求来设置 鉴权方式。 Industrial Applicability According to the present invention, a user can flexibly realize setting of an authentication method according to his/her own needs by using a user terminal.

Claims

权 利 要 求 书 Claim
1、 一种鉴权方法, 其包括:  1. An authentication method comprising:
用户终端选择预设的匹配于不同鉴权方式的鉴权方式信息; 并  The user terminal selects a preset authentication mode information that matches different authentication modes;
将选择的所述鉴权方式信息发送给网络侧的服务器;  Sending the selected authentication mode information to the server on the network side;
所述服务器选择与所述用户终端发送来的鉴权方式信息相匹配的鉴权信 息, 并发送选择的鉴权信息至所述用户终端;  The server selects authentication information that matches the authentication mode information sent by the user terminal, and sends the selected authentication information to the user terminal;
在需要对所述用户终端进行鉴权时, 所述用户终端将接收到的鉴权信息 发送给服务器; 以及  When the user terminal needs to be authenticated, the user terminal sends the received authentication information to the server;
所述服务器基于用户终端发送的鉴权信息,完成对所述用户终端的鉴权。  The server completes authentication of the user terminal based on the authentication information sent by the user terminal.
2、 如权利要求 1所述的鉴权方法, 其中, 所述用户终端选择预设的匹配 于不同鉴权方式的鉴权方式信息的步骤包括: 2. The authentication method according to claim 1, wherein the step of the user terminal selecting a preset authentication mode information that matches different authentication modes comprises:
从所述服务器提供的用于选择匹配于不同鉴权方式的鉴权方式信息的网 页中选择至少一个鉴权方式信息; 或  Selecting at least one authentication mode information from a webpage provided by the server for selecting authentication mode information matching different authentication modes; or
从预先存储在所述用户终端中的匹配于不同鉴权方式的鉴权方式信息中 选择至少一个鉴权方式信息。  At least one authentication mode information is selected from the authentication mode information that is pre-stored in the user terminal and matched to different authentication modes.
3、 如权利要求 1所述的鉴权方法, , 当所述服务器选择的所述鉴权信息 为与数据对象级别的鉴权方式对应的第三鉴权信息时, 所述方法还包括: 所述用户终端将指定备份数据的标识发送给所述服务器; 以及  The authentication method according to claim 1, wherein when the authentication information selected by the server is the third authentication information corresponding to the authentication mode of the data object level, the method further includes: The user terminal sends an identifier specifying the backup data to the server;
所述服务器对所述指定备份数据的标识与所述第三鉴权信息的对应关系 进行存储。  The server stores a correspondence between the identifier of the specified backup data and the third authentication information.
4、 一种备份数据下载方法, 其包括:  4. A backup data downloading method, comprising:
网络侧的服务器接收用户终端发送来的指定备份数据的标识, 并对预先 发送给所述用户终端的与数据对象级别的鉴权方式对应的第三鉴权信息与所 述标识的对应关系进行存储;  The server on the network side receives the identifier of the specified backup data sent by the user terminal, and stores the correspondence between the third authentication information corresponding to the authentication mode of the data object level and the identifier that is sent to the user terminal in advance. ;
所述服务器接收用户终端发送来的包含有备份数据的标识的备份数据下 载请求消息;  Receiving, by the server, a backup data download request message that is sent by the user terminal and includes an identifier of the backup data;
所述服务器从存储的所述对应关系中, 查找是否存在与所述请求消息中 包含的备份数据的标识对应的第三鉴权信息; The server searches for the presence or absence of the request message from the stored correspondence relationship The third authentication information corresponding to the identifier of the included backup data;
在查找结果为否时, 所述服务器将所述请求消息中包含的备份数据的标 识所指示的备份数据发送给所述用户终端; 以及  When the search result is no, the server sends the backup data indicated by the identifier of the backup data included in the request message to the user terminal;
在查找结果为是时, 所述服务器指示所述用户终端提供第三鉴权信息, 并在比较出所述用户终端提供的第三鉴权信息与所述服务器存储的所述请求 消息中包含的备份数据的标识对应的第三鉴权信息匹配一致时, 将所述请求 消息中包含的备份数据的标识所指示的备份数据发送给所述用户终端。  When the search result is yes, the server instructs the user terminal to provide the third authentication information, and compares the third authentication information provided by the user terminal with the request message stored by the server. When the third authentication information corresponding to the identifier of the backup data is consistent, the backup data indicated by the identifier of the backup data included in the request message is sent to the user terminal.
5、 一种鉴权系统, 包括用户终端和网络侧的服务器,  5. An authentication system, including a user terminal and a server on the network side,
所述用户终端设置为:选择预设的匹配于不同鉴权方式的鉴权方式信息; 并将选择的所述鉴权方式信息发送给所述服务器; 以及接收所述服务器发送 的鉴权信息, 并在需要对所述用户终端进行鉴权时, 将所述鉴权信息发送给 服务器;  The user terminal is configured to: select preset authentication mode information that matches different authentication modes; and send the selected authentication mode information to the server; and receive authentication information sent by the server, And when the user terminal needs to be authenticated, sending the authentication information to the server;
所述服务器设置为: 接收所述用户终端发送的鉴权方式信息, 选择与所 述用户终端发送来的鉴权方式信息相匹配的鉴权信息, 并发送选择的鉴权信 息至所述用户终端; 以及基于所述用户终端发送的鉴权信息, 完成对所述用 户终端的鉴权。  The server is configured to: receive authentication mode information sent by the user terminal, select authentication information that matches the authentication mode information sent by the user terminal, and send the selected authentication information to the user terminal. And authenticating the user terminal based on the authentication information sent by the user terminal.
6、 如权利要求 5所述的鉴权系统, 其中, 所述用户终端是设置为以如下 方式选择预设的匹配于不同鉴权方式的鉴权方式信息:  The authentication system according to claim 5, wherein the user terminal is configured to select a preset authentication mode information matching different authentication modes in the following manner:
从所述服务器提供的用于选择匹配于不同鉴权方式的鉴权方式信息的网 页中选择至少一个鉴权方式信息; 或  Selecting at least one authentication mode information from a webpage provided by the server for selecting authentication mode information matching different authentication modes; or
从预先存储在所述用户终端中的匹配于不同鉴权方式的鉴权方式信息中 选择至少一个鉴权方式信息。  At least one authentication mode information is selected from the authentication mode information that is pre-stored in the user terminal and matched to different authentication modes.
7、 如权利要求 5所述的鉴权系统, 其中, 当所述服务器选择的所述鉴权 信息为与数据对象级别的鉴权方式对应的第三鉴权信息时, The authentication system according to claim 5, wherein, when the authentication information selected by the server is the third authentication information corresponding to the authentication mode of the data object level,
所述用户终端还设置为: 将指定备份数据的标识发送给所述服务器; 所述服务器还设置为: 对所述指定备份数据的标识与所述第三鉴权信息 的对应关系进行存储。  The user terminal is further configured to: send an identifier of the specified backup data to the server; the server is further configured to: store a correspondence between the identifier of the specified backup data and the third authentication information.
8、 一种用户终端, 其包括: 选择单元, 其设置为: 选择预设的匹配于不同鉴权方式的鉴权方式信息; 鉴权方式信息发送单元, 其设置为: 将选择单元选择的鉴权方式信息提 供给网络侧的服务器; 以及 8. A user terminal, comprising: a selection unit, which is configured to: select a preset authentication mode information that matches different authentication modes; and an authentication mode information sending unit, configured to: provide the authentication mode information selected by the selection unit to the server on the network side; as well as
接收单元, 其设置为: 接收所述服务器根据鉴权方式信息发送单元发送 的所述鉴权方式信息反馈的鉴权信息。  And a receiving unit, configured to: receive the authentication information fed back by the server according to the authentication mode information sent by the authentication mode information sending unit.
9、 如权利要求 8所述的用户终端, 其中, 所述选择单元是设置为: 从所述服务器提供的用于选择匹配于不同鉴权方式的鉴权方式信息的网 页中选择至少一个鉴权方式信息; 或  The user terminal according to claim 8, wherein the selecting unit is configured to: select at least one authentication from a webpage provided by the server for selecting authentication mode information matching different authentication modes. Mode information; or
从预先存储在所述用户终端中的匹配于不同鉴权方式的鉴权方式信息中 选择至少一个鉴权方式信息。  At least one authentication mode information is selected from the authentication mode information that is pre-stored in the user terminal and matched to different authentication modes.
10、 如权利要求 8所述的用户终端, 其中, 当所述鉴权信息为与数据对 象级别的鉴权方式对应的第三鉴权信息时, 所述用户终端还包括:  The user terminal according to claim 8, wherein, when the authentication information is the third authentication information corresponding to the authentication mode of the data object level, the user terminal further includes:
数据标识发送单元, 其设置为: 将指定备份数据的标识发送给所述服务 器。  A data identification transmitting unit is configured to: send an identifier specifying the backup data to the server.
11、 一种服务器, 其包括:  11. A server comprising:
接收单元, 其设置为: 接收用户终端发送的鉴权方式信息;  a receiving unit, configured to: receive authentication mode information sent by the user terminal;
选择单元, 其设置为: 选择与接收单元接收的鉴权方式信息相匹配的鉴 权信息; 以及  a selection unit, configured to: select authentication information that matches authentication mode information received by the receiving unit;
发送单元, 其设置为: 将选择单元选择的鉴权信息发送至所述用户终端。  And a sending unit, configured to: send the authentication information selected by the selecting unit to the user terminal.
12、 一种备份数据下载装置, 其包括: 12. A backup data downloading apparatus, comprising:
标识接收单元, 其设置为: 接收用户终端发送来的指定备份数据的标识; 存储单元, 其设置为: 对预先发送给所述用户终端的与数据对象级别的 鉴权方式对应的第三鉴权信息与标识接收单元接收到的标识的对应关系进行 存储;  And an identifier receiving unit, configured to: receive an identifier of the specified backup data sent by the user terminal; and the storage unit is configured to: perform third authentication corresponding to the data object level authentication manner previously sent to the user terminal Corresponding relationship between the information and the identifier received by the identifier receiving unit is stored;
请求消息接收单元, 其设置为: 接收用户终端发送来的包含有备份数据 的标识的备份数据下载请求消息;  a request message receiving unit, configured to: receive a backup data download request message that is sent by the user terminal and includes an identifier of the backup data;
查找单元, 其设置为: 从所述存储单元存储的对应关系中, 查找是否存 在与请求消息接收单元接收的请求消息中包含的备份数据的标识对应的第三 鉴权信息; a search unit, configured to: look up whether to save from the corresponding relationship stored by the storage unit Third authentication information corresponding to the identifier of the backup data included in the request message received by the request message receiving unit;
第一发送单元, 其设置为: 在查找单元得到的查找结果为否时, 将所述 请求消息中包含的备份数据的标识所指示的备份数据发送给所述用户终端; 指示单元, 其设置为: 在查找单元得到的查找结果为是时, 指示所述用 户终端提供第三鉴权信息;  a first sending unit, configured to: when the search result obtained by the searching unit is negative, send backup data indicated by the identifier of the backup data included in the request message to the user terminal; and the indicating unit is set to When the search result obtained by the searching unit is yes, instructing the user terminal to provide third authentication information;
鉴权信息接收单元, 其设置为: 接收用户终端根据指示单元的指示提供 的第三鉴权信息;  An authentication information receiving unit, configured to: receive third authentication information that is provided by the user terminal according to the indication of the indication unit;
比较单元, 其设置为: 比较鉴权信息接收单元接收的第三鉴权信息与所 述存储单元存储的所述请求消息中包含的备份数据的标识对应的第三鉴权信 息是否匹配一致; 以及  a comparison unit, configured to: match whether the third authentication information received by the comparison authentication information receiving unit and the third authentication information corresponding to the identifier of the backup data included in the request message stored by the storage unit are consistent;
第二发送单元, 其设置为: 在比较单元得到的比较结果为是时, 将所述 请求消息中包含的备份数据的标识所指示的备份数据发送给所述用户终端。  And a second sending unit, configured to: when the comparison result obtained by the comparing unit is YES, send the backup data indicated by the identifier of the backup data included in the request message to the user terminal.
PCT/CN2010/073137 2010-02-10 2010-05-24 Authentication method, system, terminal, server and method and device for data downloading WO2011097849A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010112377.8A CN101800985B (en) 2010-02-10 2010-02-10 Authentication method and system, terminal, server and data downloading method and device
CN201010112377.8 2010-02-10

Publications (1)

Publication Number Publication Date
WO2011097849A1 true WO2011097849A1 (en) 2011-08-18

Family

ID=42596418

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/073137 WO2011097849A1 (en) 2010-02-10 2010-05-24 Authentication method, system, terminal, server and method and device for data downloading

Country Status (2)

Country Link
CN (1) CN101800985B (en)
WO (1) WO2011097849A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015143596A1 (en) 2014-03-24 2015-10-01 华为技术有限公司 File downloading method, apparatus and system
CN104954371A (en) * 2015-06-09 2015-09-30 小米科技有限责任公司 Equipment information display method and device
CN106934511A (en) * 2015-12-30 2017-07-07 海能达通信股份有限公司 Method for scheduling task and system, server, user terminal
CN106453278B (en) * 2016-09-23 2019-04-30 财付通支付科技有限公司 Information Authentication method and verification platform
CN109391686B (en) * 2018-09-27 2022-04-12 网宿科技股份有限公司 Processing method of access request and CDN node server

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101083838A (en) * 2007-06-29 2007-12-05 中兴通讯股份有限公司 HTTP abstract authentication method in IP multimedia subsystem
CN101106457A (en) * 2006-07-10 2008-01-16 华为技术有限公司 Method for identifying authentication mode of user terminal in IP multimedia subsystem network
WO2008058144A2 (en) * 2006-11-07 2008-05-15 Fmr Llc Authentication system for service provisioning

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101106457A (en) * 2006-07-10 2008-01-16 华为技术有限公司 Method for identifying authentication mode of user terminal in IP multimedia subsystem network
WO2008058144A2 (en) * 2006-11-07 2008-05-15 Fmr Llc Authentication system for service provisioning
CN101083838A (en) * 2007-06-29 2007-12-05 中兴通讯股份有限公司 HTTP abstract authentication method in IP multimedia subsystem

Also Published As

Publication number Publication date
CN101800985B (en) 2014-12-17
CN101800985A (en) 2010-08-11

Similar Documents

Publication Publication Date Title
JP6612358B2 (en) Method, network access device, application server, and non-volatile computer readable storage medium for causing a network access device to access a wireless network access point
US9736131B2 (en) Secure login for subscriber devices
US8238555B2 (en) Management server, communication apparatus and program implementing key allocation system for encrypted communication
US9451454B2 (en) Mobile device identification for secure device access
WO2011106956A1 (en) Mobile terminal and a data-share method for the mobile terminal
US20070286376A1 (en) Device authentication techniques
US20100299730A1 (en) User authentication method, wireless communication apparatus, base station, and account management apparatus
CN102739642A (en) Permitting access to a network
WO2014194731A1 (en) Virtual user identification data distributing method and obtaining method, and devices
CN107086979B (en) User terminal verification login method and device
WO2014032612A1 (en) Method, device, server, system, and apparatus for preventing information leakage
CN101155212A (en) Method for limiting use of mobile terminal
EP3610603A1 (en) Secure password sharing for wireless networks
CN110336870B (en) Method, device and system for establishing remote office operation and maintenance channel and storage medium
WO2017076216A1 (en) Server, mobile terminal, and internet real name authentication system and method
WO2017088548A1 (en) Communication method based on social identity, and server
WO2011097849A1 (en) Authentication method, system, terminal, server and method and device for data downloading
WO2015113351A1 (en) Information processing method, terminal and server, and communication method and system
CN102685090B (en) System login method
CN105516054A (en) User authentication method and user authentication device
JP2004021686A (en) Verification processing system, verification processor, program, and verification processing method
WO2020029841A1 (en) Network connection method, device, and storage medium
CN109460647B (en) Multi-device secure login method
CN110896399A (en) Authentication method and device, and registration-free login method and device
KR20100053703A (en) System and method for authenticating a user to public wireless lan service networking of otp client based

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10845521

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10845521

Country of ref document: EP

Kind code of ref document: A1