WO2011131002A1 - Procédé et système pour la gestion d'identités - Google Patents

Procédé et système pour la gestion d'identités Download PDF

Info

Publication number
WO2011131002A1
WO2011131002A1 PCT/CN2010/078832 CN2010078832W WO2011131002A1 WO 2011131002 A1 WO2011131002 A1 WO 2011131002A1 CN 2010078832 W CN2010078832 W CN 2010078832W WO 2011131002 A1 WO2011131002 A1 WO 2011131002A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
identity
server
service
idp server
Prior art date
Application number
PCT/CN2010/078832
Other languages
English (en)
Chinese (zh)
Inventor
孙翼舟
黄兵
江华
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011131002A1 publication Critical patent/WO2011131002A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/53Network services using third party service providers

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to an identity management method and system.
  • IDM Identity management
  • IDP identity provider
  • SPs service providers
  • IDP provides identity authentication services for SPs and is responsible for managing user identity information. For example, the user's registration request is accepted, and the user's identity attribute is managed (identity attribute change, revocation, etc.) to ensure the security of the user identity information.
  • the identity services provided by IDP include the following four categories: 1) Identification.
  • the identity can be any tag that can be used to represent an entity's identity. For example: user ID, email address, pseudonym, group name, and so on.
  • Identity security credentials usually used to identify the security parameters of a claimed identity.
  • the credential can be a password, a token, a security prompt, or a PKI.
  • key authentication, signature authentication, and password information.
  • An identity attribute is a description of an entity's characteristics, such as the entity type, preferred IP address, domain name, address information, phone number, and so on. Attributes can also include permissions, proxy lists, and some special restrictions.
  • the identity mode refers to the user's reputation, reputation, trust record, and historical access record.
  • the user requests a service or resource from the SP and provides IDP related information.
  • the SP requests the IDM supervision center to perform address resolution on the domain name of the IDP server submitted by the user, and obtains the network address of the user IDP.
  • the IDM Supervisory Center sends the IDP network address to the SP.
  • the SP locates the IDP based on the network address.
  • IDP sends a login interface to the user, allowing the user to enter an account number and password, as well as other login information for the risk certificate.
  • the user enters an account number and password, and other login information.
  • the SP provides the requested service to the user.
  • an unresolved main problem of the IDM system is what is used as an identity identifier.
  • User ID can be used with user ID, email address, pseudonym, group name, and randomness. There is no uniform identifier.
  • the IDP logo is used for the IDP supervision center, SP, and user addressing of the IDP server.
  • the IDM standard discussion group proposes to use the URL (Uniform I Universal Resource Locator, also known as the web address) for IDP. Addressing, but the URL is based on the DNS domain name resolution system. The resolution of the global root domain name is in the United States. The United States can monitor IDP activities in other countries and endanger national information security. Therefore, it is necessary to establish a user identity and an IDP identifier that are automatically controlled by each country.
  • the TCP/IP protocol widely used on the existing Internet does not support mobility.
  • the terminal IP address will change, causing an interruption in the application and connection.
  • the essential reason why the IP protocol does not support mobility is that the IP address contains both the identity and location attributes.
  • IP address In the TCP/IP protocol stack, the IP address is used to identify the communication peer;
  • the IP address represents which network segment the user is on and is the basis of the route. In a fixed network, there is no problem in the location and identity of the IP address. Because the location of the terminal is unchanged, the IP address will not change and the identity attribute will not change.
  • the movement of the terminal location causes the IP address to change. If it does not change, it cannot be routed. The change of the IP address will cause the upper layer TCP/UDP connection to be disconnected and the service will be interrupted. It is unacceptable for many applications.
  • the concept of the identification network is to separate the terminal IP address into an identity by identity attribute and location attribute.
  • the IP address of the edge router where the terminal is located is used as the location identifier of the terminal, which is called the RID of the terminal.
  • the RID changes.
  • the terminal only perceives its own AID and the AID of the communication peer, and does not perceive the RID information. All upper layer connections are established based on the AID. That is, TCP/AID and UDP/AID are used instead of TCP/IP and UDP/IP. 4)
  • the terminal sends the data packet with the destination AID and the source AID as the destination and the source address, and the edge router converts the AID into the RID after receiving the data packet; the RID is the format of the IP address, and can be addressed to the communication on the existing Internet.
  • the peer edge router the peer edge router converts the RID in the packet into an AID and sends it to the other terminal.
  • the AID encoding format can be defined by the service provider or government agency, but it can be used but is not limited to: IPv4/IPv6.
  • IPv4/IPv6 IPv4/IPv6.
  • the present invention provides an identity management method and system to simplify identity management.
  • the present invention provides an identity management method, characterized in that the method is implemented based on an identification network, and the terminal and identity management (IDP) server of the identification network has an identity (AID) indicating an identity in the identification network.
  • the method includes: when the terminal initiates the identity service process, the access service node (ASN) of the identity network sends the identity service request of the terminal to the IDP of the terminal by using the terminal and the AID of the IDP server to which the terminal belongs.
  • the server by which the IDP server to which the terminal belongs, implements identity management of the terminal according to the identity service request.
  • the terminal and the AID of the IDP server to which the terminal belongs may be provided to the ASN by the terminal when transmitting the identity service request.
  • the AID of the terminal may be provided by the terminal to the ASN when the identity service request is sent, and the ASN may query the monitoring center (IDM) for the IDP server that provides the identity service for the terminal, and obtain the identity of the terminal.
  • the AID of the IDP server may be provided by the terminal to the ASN when the identity service request is sent, and the ASN may query the monitoring center (IDM) for the IDP server that provides the identity service for the terminal, and obtain the identity of the terminal.
  • the AID of the IDP server may be provided by the terminal to the ASN when the identity service request is sent, and the ASN may query the monitoring center (IDM) for the IDP server that provides the identity service for the terminal, and obtain the identity of the terminal.
  • IDM monitoring center
  • the IDP server to which the terminal belongs may perform the process of identity management on the terminal by: sending a login indication to the terminal, inputting identity information in the terminal, performing identity verification according to the input identity information, and sending an identity service response to the terminal through the ASN, where Validation results.
  • the identity service may include any one or more of identity authentication, identity information query, identity information modification, identity information registration, and identity information revocation.
  • the method may further include: when the terminal submits a service request to the service server, the service server initiates an identity authentication process, where the identity authentication process includes: (a) The service server sends an identity authentication request to the IDP to which the terminal belongs, where the terminal carries
  • the IDP server to which the terminal belongs checks whether the terminal has passed the verification according to the AID of the terminal, and if it has passed the verification, step (e) is performed, and if the verification fails, the authentication challenge is sent to the terminal;
  • the IDP server to which the terminal belongs sends an identity authentication response to the service server, where the terminal carries the AID and the identity authentication result;
  • the service server determines whether to authorize the service request of the terminal according to the identity authentication result of the terminal.
  • the present invention also provides an identity management system, which is implemented based on an identification network, including an ASN, a terminal, and an identity management (IDP) server, where:
  • the terminal has an identity (AID) indicating an identity in the network, and the terminal is configured to: send an identity service request to the IDP server to which the terminal belongs by using the ASN, where the identity service request carries the AID of the terminal; And sending identity information to the home IDP server; the ASN is configured to implement an identity service request and an identity service response route between the terminal and the home IDP server according to the AID of the terminal and the AID of the IDP server to which the terminal belongs.
  • AID identity
  • the IDP server has an AID indicating an identity in the identification network, and the IDP server is configured to: receive an identity service request forwarded by the ASN, verify identity information sent by a terminal that belongs to the IDP server, and send the identity information to the ASN.
  • the identity service response carries the AID and the verification result information of the terminal belonging to the IDP server.
  • the identity service request sent by the terminal may also carry the AID of the IDP server to which the terminal belongs.
  • the system may further include a monitoring center (IDM), the IDM may be configured to manage a correspondence between the IDP server and a terminal belonging to the IDP server; the ASN may also be configured to: if the terminal does not know the owned IDP server, according to The AID of the terminal in the identity service request queries the IDM for the IDP server that provides the identity service for the terminal, and obtains the identity of the IDP server to which the terminal belongs. logo.
  • IDM monitoring center
  • the identity service may include any one or more of identity authentication, identity information query, identity information modification, identity information registration, and identity information revocation.
  • the system may further include a service server, where the service server may be configured to send an identity authentication request to the IDP server to which the terminal belongs when the terminal requests the service, where the AID of the terminal is carried; and the identity authentication response sent by the IDP server to which the terminal belongs is received.
  • the IDP server may also be configured to, when receiving the identity authentication request sent by the service server, according to the attribution to the present.
  • the AID of the terminal of the IDP server determines whether to initiate an authentication challenge to the terminal.
  • the IDP server checks whether the identity authentication result information of the terminal belonging to the IDP server is already present, and if yes, may directly send an identity authentication response to the service server according to the identity authentication result information, and if not, may initiate authentication to the terminal. challenge.
  • the terminal may be configured to send the identity information to the home IDP server according to the login indication or authentication challenge sent by the home IDP server.
  • the method and system of the present invention are implemented based on an identification network, and the AID representing the identity is used as the identity management identifier, which can simplify the management of the identity management system.
  • FIG. 1 Schematic diagram of the IDM system
  • Figure 2 Business flow chart of the user applying for identity service
  • Figure 3 is a schematic diagram of identity management based on the identification network
  • Figure 4 is based on the identification network IDM system service flow chart 1;
  • Figure 5 is based on the identification network IDM system service flow chart 2;
  • FIG. 6 Single sign-on service flow chart.
  • the identity management method and system of the present invention is implemented based on an identification network.
  • the terminal and identity management (IDP) server has an identity (AID) indicating an identity within the identity network, and the access service node (ASN) of the identity network utilizes the terminal and the IDP server.
  • the AID implements an identity service interaction between the terminal and the IDP server, and the IDP implements identity management of the terminal according to the identity information provided by the terminal.
  • the topographical schematic shown in Figure 3 depicts key features of the system architecture associated with the present invention.
  • the main network elements and functional entities of the identity network management system based on the identification network technology include:
  • ASN Access Service Node, access service node.
  • the ASN maintains the connection relationship between the terminal and the network, allocates RIDs to the terminals, processes the handover process, processes the registration process, processes the accounting and authentication processes, and maintains and queries the AID-RID mapping relationship of the communication peer.
  • the ASN encapsulates, routes, and forwards data packets sent by the terminal or terminal.
  • the ASN When receiving the data packet sent by the terminal MN, the ASN queries the AID-RID mapping table in the local cache according to the AIDc of the destination CN in the data packet: If the AIDc-RIDc mapping entry corresponding to the AIDc is found, The RIDc is encapsulated in the packet header as the destination address, and the RIDm corresponding to the MN source address AIDm is encapsulated in the packet header and forwarded to the generalized forwarding plane. If the AIDc-RIDc mapping entry corresponding to the AIDc is not found, The data packet is encapsulated and then forwarded to the mapping forwarding plane, and the process of querying the AIDc-RIDc mapping relationship is sent to the mapping forwarding plane.
  • the ASN When receiving the data packet sent by the network to the terminal, the ASN decapsulates the data packet, strips the RID encapsulation of the data packet header, and retains the AID as the data packet header to be sent to the terminal.
  • CR Common Router, general purpose router. Routes and forwards data packets with the RID format as the source or destination address. The function of this general purpose router is no different from that of the prior art routers.
  • ILR/PTF Identity Location Register/Packet Transfer Function
  • ILR is an identity location register that maintains and saves the AID-RID mapping relationship of users in the architecture network. Implement the registration function and process the location query process of the communication peer. Broke ILR is mainly used to visit ILR and attribution Signaling between transit ILRs when there is no direct connection between ILRs.
  • the PTF is a packet forwarding function. After receiving the data packet sent by the ASN, the mapping forwarding plane routes and forwards the PTF according to the destination AID in the mapping forwarding plane. After the PTF node in the mapping forwarding plane finds the mapping relationship of the destination AID-RID, the RID information corresponding to the mapping relationship is encapsulated in the data packet header and forwarded to the generalized forwarding plane, which is routed by the generalized forwarding plane and forwarded to the communication peer. .
  • IDP Identity provider, identity service provider.
  • the IDP records user attributes of the network, including user categories, authentication information, and user service levels, and generates user security information for authentication, integrity protection, and encryption, and performs access control and authorization when the user accesses.
  • IDP supports two-way authentication between the terminal and the network.
  • IDM Monitoring Center IDM's regulatory entity provides IDP query services for users and service providers (SPs), namely IDP discovery, and is also responsible for authorizing IDP server qualifications.
  • SPs service providers
  • the identity management system of the present invention is implemented based on an identification network, including an ASN, a terminal, and an identity management (IDP) server, where:
  • the terminal has an identity (AID) indicating an identity within the identification network, and is set to:
  • the ASN sends an identity service request to the IDP server, where the identity service request carries the AID of the terminal; and sends identity information to the IDP server;
  • the ASN is configured to implement an identity service request and an identity service response route forwarding between the terminal and the IDP server according to the AID of the terminal and the AID of the IDP server;
  • the specific route forwarding method is determined according to the specific network mechanism of the identification network, and the present invention is not specifically described herein.
  • the IDP server has an AID that identifies an identity in the network, and is configured to: receive an identity service request forwarded by the ASN, verify identity information sent by the terminal, and send an identity service response to the ASN, where the identifier is carried.
  • the AID of the terminal and the verification result information is carried.
  • the identity service request sent by the terminal further carries the AID of the IDP server to which the terminal belongs.
  • the system further includes a monitoring center (IDM), and the IDM is configured to: manage a correspondence between the IDP server and a terminal belonging to the IDP server;
  • the ANS is further configured to: if the terminal does not know the IDP server to which the terminal belongs, query the IDM for the IDP server that provides the identity service for the terminal according to the AID of the terminal in the identity service request, and obtain the AID of the IDP server.
  • the identity service includes any one or more of identity authentication, identity information query, identity information modification, identity information registration, and identity information revocation.
  • the system of the present invention further includes a service server, the service server is configured to: when the terminal makes a service request, send an identity authentication request to the IDP server to which the terminal belongs, where the AID of the terminal is carried; and the receiving IDP server sends The identity authentication response, wherein the AID of the terminal and the identity authentication result of the terminal are carried; the service server is further configured to determine whether to request authorization for the service of the terminal according to the identity authentication result of the terminal; the IDP server It is further arranged to decide whether to initiate an authentication challenge to the terminal according to the AID of the terminal.
  • the IDP server checks whether the identity authentication result information of the terminal is already present, and if yes, directly sends an identity authentication response to the service server according to the identity authentication result information, and if not, sends the identity authentication response to the terminal. Certification challenge.
  • the terminal sends the identity information to the IDP server according to the login indication sent by the IDP server or the authentication challenge sent by the IDP server.
  • the identity management method of the present invention is implemented based on an identification network.
  • the terminal and identity management (IDP) server has an identity (AID) indicating an identity within the identity network.
  • the access service node (ASN) of the identity network utilizes The AID of the terminal and the IDP server sends the identity service request of the terminal to the IDP server to which the terminal belongs, and the IDP server to which the terminal belongs implements identity management of the terminal according to the identity service request.
  • the identity identifier AID of the terminal user during the valid legal existence period remains unchanged.
  • IDP's authentication method for user identity uses different methods according to different network systems. It can directly authenticate the user access identifier AID, or it can identify other types of users that identify users in the network (for example, international mobile users). Identify IMSI, network user identification NAI, etc. for authentication. After the user passes the authentication of the IDP server, the user can enter the legal user list of the ASN to access the network resources.
  • users can also apply to IDP for other identity services, such as querying, modifying, registering, and revoking identity information.
  • the process of identity management of the terminal by the IDP server includes:
  • the IDP server sends a login indication to the terminal, the terminal inputs the identity information, and the IDP server performs identity verification according to the identity information input by the terminal;
  • the IDP server sends an identity service response to the terminal through the ASN, which carries the verification result.
  • Application example 1
  • the terminal and the AID of the IDP server to which the terminal belongs are provided to the ASN by the terminal when transmitting the identity service request.
  • the business process of the terminal applying for identity service is shown in Figure 4, including:
  • the terminal M requests an identity service from the ASN, and provides the identity identifier of the terminal, AIDm, and the identity identifier AIDn of the IDP server to which the terminal belongs;
  • the ASN requests an identity service from an IDP server to which the terminal belongs.
  • the IDP server sends a login indication to the terminal M, and causes the terminal M to input an account number and password, and other identity information for verification.
  • Terminal M enters an account number and password, and other identity information.
  • the IDP server After the IDP server verifies the information input by the terminal, it sends an instruction to the ASN to verify (reject).
  • the ASN provides the requested service to the terminal M.
  • the AID of the terminal is provided by the terminal to the ASN when the identity service request is sent, and the ASN queries the regulatory center (IDM) to provide an identity service for the terminal.
  • the IDP server obtains the AID of the IDP to which the terminal belongs.
  • the business process of the terminal applying for identity service is shown in Figure 5, including:
  • the terminal M requests an identity service from the ASN, and provides an identity of the terminal, AIDm.
  • the ASN requests the IDM supervisory center to find the IDP that provides the identity service for the terminal M, and obtains the identity identifier AIDn of the IDP server.
  • the IDM Supervisory Center sends the ID AID of the IDP server to the ASN.
  • the ASN requests an identity service from the IDP server according to the identifier AIDn.
  • the IDP server sends a login indication to the terminal M, and causes the terminal M to input an account number and password, and other login information for verification.
  • Terminal M Enter the account number and password, and other login information.
  • the IDP server After the IDP server verifies the information input by the terminal, it sends an instruction to the ASN to verify (reject).
  • the ASN provides the requested service to the terminal M.
  • the identity management system architecture of the present invention can also implement the single sign-on function, that is, after the terminal passes the identity authentication of the IDP, the terminal can access multiple services without logging in to the network during the effective validity of the terminal identity.
  • the method further includes: when the terminal submits a service request to the service server, the service server initiates an identity authentication process, where the identity authentication process includes:
  • the IDP server checks whether the terminal has passed the verification according to the AID of the terminal, and if the verification has passed, the step (e) is performed, and if the verification fails, the authentication challenge is sent to the terminal;
  • the IDP server sends an identity authentication response to the service server, where the AID of the terminal and the identity authentication result of the terminal are carried;
  • the terminal submits a service request to the service server of the service C (such as the IPTV service), and the carried parameter includes the identity identifier AID of the terminal;
  • the service server of the service C requests the identity authentication service from the IDP server, and the carried parameter includes the identity identifier AID of the terminal;
  • the IDP server issues an authentication challenge to the terminal
  • the terminal requests authentication from the IDP server, and carries the identity information such as the identity AID, password, and credential of the terminal;
  • the IDP server feeds back the authentication result of the terminal to the service server of the service C, and carries the identity AID of the terminal with the parameter;
  • the service server of the service C determines whether the service request of the terminal is authorized according to the authentication result of the IDP server;
  • the terminal further requests the service B (such as the data service), and the terminal sends a service request to the service server of the service B, and the parameter carried by the terminal has the identity identifier AID of the terminal;
  • the service B such as the data service
  • the service server of the service B requests the identity authentication service from the IDP server, and the carried parameter has the identity identifier AID of the terminal;
  • the IDP server checks whether the AID of the terminal has been verified
  • the IDP server feeds back the authentication result of the terminal user to the service server of the service B, and carries the parameter AID of the terminal;
  • the service server of service B determines whether the service request of the terminal is authorized according to the verification result of the IDP server;
  • the terminal further requests the service A (such as the VOIP service), and the terminal sends a service request to the service server of the service A, and the parameter carried by the terminal has the identity identifier AID of the terminal;
  • the service server of the service A requests the identity authentication service from the IDP server, and the parameter carried is the identity identifier AID of the terminal;
  • the IDP server checks whether the AID of the terminal has been verified
  • the IDP server feeds back the authentication result of the terminal user to the service server of the service A, and carries the parameter AID of the terminal;
  • the service server of service A establishes an access link of the terminal to the service server of service A according to the verification result of the IDP server;
  • the user identifier has no unified form, and may be a user name, an email address, or a mobile phone number that the user himself takes.
  • Different identity management systems have different forms of user identification. Therefore, the method of the present invention Uniformity with the system uses the AID that represents the identity as an identifier, which simplifies the management of the identity management system.
  • the IDP identifier in the existing identity management system is located in the URL and DNS domain name service system, and the final control right is in the United States. The ID is used to identify the IDP, which can ensure the national information security.
  • the user identity and IDP identifier of the existing identity management system cannot be used for addressing on the Internet, and the AID of the present invention can be used in the form of IPv4/IPv6, that is, the identifier of the IDP is encoded by the AID, and can be directly used for Internet search. site.
  • the invention is implemented based on the identification network, and the AID representing the identity is used as the identity management identifier, which can simplify the management of the identity management system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé et un système pour la gestion d'identités. Le procédé et le système sont réalisés sur la base du réseau d'identification, les terminaux et le serveur IDP de gestion d'identités dudit réseau d'identification ont des AID d'identifiants d'identité pour indiquer l'identité dans le réseau d'identification; ledit procédé comprend : lorsqu'un terminal commence un flux de service d'identité, un nœud de service d'accès ASN dudit réseau d'identification à l'aide de l'AID du terminal et de l'AID du serveur IDP auquel le terminal appartient envoie la demande de service d'identité du terminal au serveur IDP auquel le terminal appartient, le serveur IDP auquel le terminal appartient met en œuvre la gestion d'identités du terminal selon la demande de service d'identité. L'invention peut simplifier la gestion du système de gestion d'identités.
PCT/CN2010/078832 2010-04-22 2010-11-17 Procédé et système pour la gestion d'identités WO2011131002A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010165120.9A CN102238148B (zh) 2010-04-22 2010-04-22 身份管理方法及系统
CN201010165120.9 2010-04-22

Publications (1)

Publication Number Publication Date
WO2011131002A1 true WO2011131002A1 (fr) 2011-10-27

Family

ID=44833668

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/078832 WO2011131002A1 (fr) 2010-04-22 2010-11-17 Procédé et système pour la gestion d'identités

Country Status (2)

Country Link
CN (1) CN102238148B (fr)
WO (1) WO2011131002A1 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103078932B (zh) * 2012-12-31 2016-01-27 中国移动通信集团江苏有限公司 一种实现通用单点登录的方法、装置和系统
CN105703931A (zh) * 2014-11-26 2016-06-22 中兴通讯股份有限公司 一种标识网网络冗余备份方法及装置
CN105743883B (zh) * 2016-01-21 2019-06-21 兴唐通信科技有限公司 一种网络应用的身份属性获取方法及装置
CN110247917B (zh) * 2019-06-20 2021-09-10 北京百度网讯科技有限公司 用于认证身份的方法和装置

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1656773A (zh) * 2002-05-24 2005-08-17 艾利森电话股份有限公司 用于对服务供应商的服务验证用户的方法
CN101567878A (zh) * 2008-04-26 2009-10-28 华为技术有限公司 提高网络身份认证安全性的方法和装置

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4186512B2 (ja) * 2002-05-20 2008-11-26 ソニー株式会社 サービス提供システム、機器端末およびその処理方法、認証装置および方法、サービス提供装置および方法、並びにプログラム
JPWO2005015422A1 (ja) * 2003-08-11 2006-10-05 ソニー株式会社 認証方法、認証システム及び認証サーバ
CN100428719C (zh) * 2006-01-23 2008-10-22 北京交通大学 一种基于身份与位置分离的互联网接入方法
CN101277513B (zh) * 2007-03-27 2011-07-20 厦门致晟科技有限公司 无线移动终端通讯加密的方法
CN100521660C (zh) * 2007-09-13 2009-07-29 北京交通大学 一种一体化网络移动切换管理的实现方法
CN101119206B (zh) * 2007-09-13 2011-03-02 北京交通大学 基于标识的一体化网络终端统一接入控制方法

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1656773A (zh) * 2002-05-24 2005-08-17 艾利森电话股份有限公司 用于对服务供应商的服务验证用户的方法
CN101567878A (zh) * 2008-04-26 2009-10-28 华为技术有限公司 提高网络身份认证安全性的方法和装置

Also Published As

Publication number Publication date
CN102238148A (zh) 2011-11-09
CN102238148B (zh) 2015-10-21

Similar Documents

Publication Publication Date Title
CN110800331B (zh) 网络验证方法、相关设备及系统
US9356928B2 (en) Mechanisms to use network session identifiers for software-as-a-service authentication
JP4777729B2 (ja) 設定情報配布装置、方法、プログラム及び媒体
KR100927944B1 (ko) 무선 통신 시스템에서의 데이터의 최적 전송 방법 및 장치
US12101416B2 (en) Accessing hosts in a computer network
US11973617B2 (en) Border gateway protocol (BGP) hijacks prefix signing using public/private keys
US20160380999A1 (en) User Identifier Based Device, Identity and Activity Management System
CN103067337B (zh) 一种身份联合的方法、IdP、SP及系统
JP2008518533A (ja) モバイルユーザーをトランスペアレントに認証してウェブサービスにアクセスする方法及びシステム
EP3328023B1 (fr) Authentification d'utilisateurs dans un réseau informatique
WO2013040957A1 (fr) Procédé et système d'authentification unique, et procédé et système de traitement d'informations
CN106790251B (zh) 用户接入方法和用户接入系统
US10523445B2 (en) Accessing hosts in a hybrid computer network
US10791464B2 (en) Method for establishing a secure connection
WO2011131002A1 (fr) Procédé et système pour la gestion d'identités
WO2016202397A1 (fr) Système pki reposant sur un dns
WO2011063658A1 (fr) Procédé et système d'authentification de sécurité unifiée
US20240163271A1 (en) Methods, systems, and computer readable media for detecting stolen access tokens
US10841283B2 (en) Smart sender anonymization in identity enabled networks
US9485654B2 (en) Method and apparatus for supporting single sign-on in a mobile communication system
CN116711387B (zh) 利用边缘数据网络进行认证和授权的方法、设备和系统
CN103078834A (zh) 一种安全连接的方法、系统及网元
KR100904004B1 (ko) 사용자들의 인증
CN116711387A (zh) 利用边缘数据网络进行认证和授权的方法、设备和系统
Protocol draft-hallambaker-omnibroker-02

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10850134

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10850134

Country of ref document: EP

Kind code of ref document: A1