WO2014206316A1 - Procédé et système d'authentification de service - Google Patents

Procédé et système d'authentification de service Download PDF

Info

Publication number
WO2014206316A1
WO2014206316A1 PCT/CN2014/080852 CN2014080852W WO2014206316A1 WO 2014206316 A1 WO2014206316 A1 WO 2014206316A1 CN 2014080852 W CN2014080852 W CN 2014080852W WO 2014206316 A1 WO2014206316 A1 WO 2014206316A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
user token
terminal
server
authentication
Prior art date
Application number
PCT/CN2014/080852
Other languages
English (en)
Chinese (zh)
Inventor
查敏
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2014206316A1 publication Critical patent/WO2014206316A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols

Definitions

  • AAA Authentication, Authorization, Accounting, Authentication, Authorization, and Accounting
  • the user In the authentication process, the user generally needs to input a user name and a password. After the authentication is passed, the user is authenticated. You can use the network service provided by the operator.
  • the user name and password registered by the user in the third-party service provider are also required, and each third-party service provider generally needs a separate user name and The password, so that when the user accesses the network, it may need to remember multiple user names and passwords, which is not only easy to forget, but also requires frequent input of user information, which brings inconvenience to the user.
  • the technical problem to be solved by embodiments of the present invention is to provide a service authentication method and system for facilitating users in using third party services.
  • the embodiment of the invention provides a service authentication method, including:
  • the AAA server generates a user token and saves it; Sending, by the AAA server, the user token to the BNG;
  • the AAA server receives the service request information sent by the server of the third-party service;
  • the service request information includes an Internet Protocol IP address of the terminal, a Transmission Control Protocol TCP/User Datagram Protocol UDP port number, and the third-party service.
  • the AAA server determines whether the user token received by the AAA server is equal to the user token stored by the AAA server. If they are equal, the third party service authentication of the terminal is performed.
  • the embodiment of the present invention further provides a service authentication method, where the method includes: receiving, by the terminal, an instruction for calling a shared user information to perform third-party service authentication; the shared user information is that the user is performing authentication, authorization, The user information used for the AAA authentication is charged; the terminal sends a request message for acquiring the user token token to the security server; and the request message for obtaining the user token carries the user token type;
  • the security server generates an authentication confirmation webpage, and stores authentication confirmation information related to the authentication confirmation webpage;
  • the terminal displays the authentication confirmation webpage, receives authentication confirmation information input by the user, and sends the authentication confirmation information input by the user to the security server;
  • the security server determines whether the received authentication confirmation information input by the user is consistent with the previously saved authentication confirmation information, and if yes, sends a request message for acquiring the user token to the AAA server;
  • the AAA server generates a user token and saves the user token and the user token type
  • the service request information includes an IP address of the terminal, a transmission control protocol TCP/user datagram protocol UDP port number, and the third-party service server receives the User token
  • the AAA server determines that the user token it receives and the user token it holds are No, and determine whether the user token type it receives matches its saved user token type, if the user token it receives is equal to the user token it holds and the user token type it receives and the user token type it holds. Matching, the third party service authentication by the terminal.
  • the embodiment of the present invention further provides a service authentication system, where the system includes: a terminal, a broadband service gateway BNG, and an AAA server, where
  • the terminal is configured to receive an instruction sent by the user to invoke the shared user information to perform third-party service authentication;
  • the shared user information is user information used by the user in performing authentication, authorization, and accounting AAA authentication;
  • the terminal is further configured to send a request message for acquiring a user token token to the broadband network gateway BNG;
  • the BNG is configured to send the request message for acquiring a user token to an AAA server;
  • the AAA server is configured to generate a user token and save the message;
  • the AAA server is further configured to send the user token to the BNG;
  • the BNG is further configured to send the user token to the terminal;
  • the terminal is further configured to send the user token to a server of a third-party service
  • the AAA server is further configured to receive service request information sent by a server of the third-party service;
  • the service request information includes an Internet Protocol IP address of the terminal, a Transmission Control Protocol TCP/User Datagram Protocol UDP port number, and a a user token received by a server of the third-party service;
  • the AAA server is further configured to determine whether the user token received by the AAA server is equal to the user token that is saved, and if they are equal, the third-party service authentication of the terminal.
  • the embodiment of the present invention further provides a service authentication system, where the system includes: a terminal, an AAA server, and a security server;
  • the terminal is configured to receive an instruction sent by the user to invoke the shared user information to perform third-party service authentication;
  • the shared user information is user information used by the user in performing authentication, authorization, and accounting AAA authentication;
  • the terminal is further configured to send a request message for acquiring a user token token to the security server; the request message for obtaining the user token carries a user token type;
  • the security server is configured to generate an authentication confirmation webpage, save authentication confirmation information related to the authentication confirmation webpage, and send the authentication confirmation webpage to the terminal;
  • the terminal is further configured to display the authentication confirmation webpage, and receive authentication confirmation information input by the user, where the terminal is further configured to send the authentication confirmation information input by the user to the security server;
  • the security server is further configured to determine whether the received authentication confirmation information input by the user is consistent with the previously stored authentication confirmation information, and if yes, send a request message for acquiring a user token to the AAA server;
  • the AAA server is further configured to generate a user token and save the user token and the user token type;
  • the AAA server is further configured to send the user token to the security server;
  • the security server is further configured to send the user token to the terminal;
  • the terminal is further configured to send the user token to a server of a third-party service
  • the AAA server is further configured to receive service request information sent by a server of the third-party service; the service request information includes an IP address of the terminal, a TCP/UDP port number, and a user token received by the server of the third-party service. ;
  • the AAA server is further configured to determine whether the user token received by the user token is equal to the user token stored by the user, and whether the type of the user token received by the user token matches the type of the user token it holds, if the user token received by the user is The saved user tokens are equal and the received user token type matches the saved user token type, and the third party service authentication is performed by the terminal.
  • the service authentication method and system provided by the embodiment of the present invention can provide a user with a third-party service without using a user to input a user name and a password, thereby facilitating the use of the user and improving the user.
  • the user token assigned by the AAA server needs to be verified, which can improve the security of the authentication.
  • FIG. 1 is a schematic flowchart of a service authentication method according to Embodiment 1 of the present invention.
  • FIG. 2 is a schematic flowchart of a service authentication method according to Embodiment 2 of the present invention.
  • FIG. 3 is a schematic diagram of an interface of an authentication confirmation webpage in an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a service authentication system according to Embodiment 3 of the present invention.
  • FIG. 5 is a schematic structural diagram of a service authentication system according to Embodiment 4 of the present invention.
  • a service authentication method and system are provided in the embodiments of the present invention, which are respectively described in detail below.
  • Embodiment 1 is a diagrammatic representation of Embodiment 1:
  • the present invention provides a service authentication method, and the network architecture involved in the method includes: a terminal, a BNG, and an AAA server. As shown in FIG. 1, the method includes:
  • the terminal receives an instruction sent by the user to invoke the shared user information to perform third-party service authentication.
  • the shared user information is user information used by the user when performing AAA (Authentication, Authorization, Accounting, Authentication, Authorization, and Accounting) authentication;
  • the shared user information may be an account name and a password used when the network service provided by the network operator is input when the user accesses the network, for example, the user dials using ADSL (Asymmetric Digital Subscriber Line).
  • ADSL Asymmetric Digital Subscriber Line
  • the third-party service of the third-party service may provide a "one-click authentication" function button, and the function button may be invoked.
  • An application interface for sharing user information provided by the network operator. After the user clicks the function button, the terminal receives the call sharing sent by the user.
  • the terminal sends a request message for acquiring a user token (token) to a BNG (Broadband Network Gateway, a broadband network gateway);
  • BNG Broadband Network Gateway, a broadband network gateway
  • the foregoing BNG sends the foregoing request message for acquiring a user token to the AAA server.
  • the BNG forwards or transparently transmits the request message for obtaining the user token to the AAA server;
  • the foregoing AAA server generates a user token and saves the user token.
  • the AAA server After receiving the request message, the AAA server generates a user token and saves it for subsequent verification;
  • the foregoing AAA server sends the user token to the BNG.
  • the foregoing BNG sends the user token to the terminal.
  • BNG forwards or transparently transmits the user token to the terminal
  • the foregoing terminal sends the user token to a server of a third-party service
  • the AAA server receives the service request information sent by the server of the third-party service, where the service request information includes an IP (Internet Protocol) address of the terminal, and a Transmission Control Protocol (TCP) I UDP (User) Datagram Protocol, User Datagram Protocol) port number and the user token received by the server of the above third party service;
  • IP Internet Protocol
  • TCP Transmission Control Protocol
  • I UDP User Datagram Protocol
  • the server of the third-party service when the terminal accesses the server of the third-party service, the server of the third-party service can obtain the IP address of the terminal and the TCP/UDP port number; after the server of the third-party service receives the user token sent by the terminal, The IP address of the terminal, the TCP/UDP port number, and the received user token are carried in the service request information and sent to the AAA server.
  • the AAA server determines whether the user token received by the AAA server is equal to the saved user token, and if yes, step 110 is performed; otherwise, step 111 is performed;
  • the AAA server passes the foregoing third-party service authentication of the terminal; the process ends; preferably, in this embodiment, after the third-party service authentication, the AAA server can delete the previously saved user token, so that each User tokens are only used for one-time service authentication to improve security;
  • the AAA server may return the corresponding confirmation information to the server of the third-party service, and the server of the third-party service may also send an appropriate confirmation message to the terminal accordingly.
  • the user is informed that the business certification is passed; 111.
  • the foregoing AAA server determines that the third-party service authentication fails.
  • the AAA server may return a corresponding prompt message to the server of the third-party service, and the server of the third-party service may correspondingly send an appropriate prompt message to the terminal to enable the user to learn that the service authentication fails.
  • the service authentication method provided in this embodiment provides a scheme for using the shared user information for authentication, so that the user does not need to input a user name and password when using the third-party service, thereby facilitating the user's use and improving the user experience;
  • the user token assigned by the AAA server needs to be verified to improve the security of the authentication.
  • step 104 the method further includes:
  • the above AAA server starts a timer; the timing of the timer may be preset, for example, but not limited to 1 minute;
  • the AAA server deletes the user token generated and saved in step 104.
  • the service request information of the server from the third party service received by the AAA server in step 108 may include at least one of the following request information:
  • the method may further include: the AAA server charging the fee generated by the terminal in the process of using the third-party service according to the IP address and the TCP/UDP port number. .
  • the user can use the account provided by the network operator to consume the third-party service, which facilitates unified billing management.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1:
  • the invention also provides a service authentication method, and the network architecture involved in the method includes: a terminal, a security server, and an AAA server. As shown in FIG. 2, the method includes:
  • the terminal receives an instruction sent by the user to invoke the shared user information to perform third-party service authentication.
  • the shared user information is user information used by the user when performing AAA authentication.
  • the shared user information may be an account name and a password used when the network service provided by the network operator is input when the user accesses the network, for example, the user uses China Telecom ADSL. (Asymmetric Digital Subscriber Line, Asymmetric Digital Subscriber Line) Enter the account name and password when dialing up;
  • the third-party service of the third-party service may provide a "one-click authentication" function button, and the function button may be invoked.
  • An application program interface for sharing user information provided by the network operator after the user clicks the function button, the terminal receives an instruction sent by the user to invoke the shared user information for third-party service authentication;
  • the terminal sends a request message for obtaining a user token to the security server.
  • the request message for obtaining the user token carries the user token type, where the user token type may be at least one of the following types: authentication, accounting, and information. Acquisition, QOS control;
  • the request message or other message that the terminal sends to the security server to obtain the user token may be sent to the BNG first and then forwarded by the BNG or transparently transmitted to the security server, and details are not described herein;
  • the security server generates an authentication confirmation webpage, and stores authentication confirmation information related to the authentication confirmation webpage.
  • the security server sends the authentication confirmation webpage to the terminal.
  • the authentication confirmation webpage or other message sent by the security server to the terminal may be sent to the BNG first and then forwarded to the terminal by the BNG or transparently transmitted to the terminal, and details are not described herein;
  • the terminal displays the authentication confirmation webpage, and receives the authentication confirmation information input by the user.
  • the authentication confirmation webpage may be an interface as shown in FIG. 3, and prompts the user to input a verification code, and the verification code may be in the form of a text. Numbers or other suitable formats are not specifically limited herein;
  • the terminal sends the authentication confirmation information input by the user to the security server.
  • the security server determines whether the received authentication confirmation information input by the user is consistent with the previously stored authentication confirmation information, if yes, step 208 is performed, otherwise step 209 is performed;
  • the security server sends a request message for obtaining a user token to the AAA server; and step 210 is performed;
  • the security server sends a request message for acquiring the user token to the AAA server;
  • the security server returns a prompt message to the terminal, and returns to step 203;
  • the security server may return a prompt message that the verification fails, and returns to step 203 to continue the verification;
  • the AAA server generates a user token and saves the user token and the user token type. Specifically, the AAA server may generate a user token matching the user token type according to the received user token type.
  • the foregoing AAA server sends the user token to the security server.
  • the foregoing security server sends the user token to the terminal.
  • the terminal sends the user token to a server of a third-party service.
  • the foregoing AAA server receives the service request information sent by the server of the third-party service, where the service request information includes an Internet Protocol IP address of the terminal, a Transmission Control Protocol TCP/User Datagram Protocol UDP port number, and a received user token.
  • the server of the third-party service can obtain the IP address of the terminal and the TCP/UDP port number; after receiving the user token sent by the terminal, the server of the third-party service can set the IP of the terminal.
  • the address, the TCP/UDP port number, and the received user token are carried in the service request information and sent to the AAA server;
  • the AAA server determines whether the user token received by the AAA server is equal to the saved user token, and determines whether the type of the user token received by the AAA server matches the type of the user token it holds, if the user token received by the user token is the same as the saved token.
  • the user token is equal and the type of the user token it receives matches the type of the user token it holds, step 216 is performed, otherwise step 217 is performed;
  • the AAA server passes the foregoing third-party service authentication of the terminal, and ends the process. After the third-party service is authenticated, the AAA server may delete the previously saved user token, so that each user token is used only for one service authentication. , improve safety;
  • the AAA server may also return corresponding confirmation information to the server of the third-party service;
  • the AAA server determines that the third-party service authentication of the terminal fails. After determining that the third-party service authentication fails, the AAA server may return the corresponding prompt information to the server of the third-party service.
  • the service authentication method provided in this embodiment provides a scheme for using the shared user information for authentication, so that the user does not need to input the user name and password when using the third-party service, thereby facilitating the use of the user and improving the user experience.
  • the security server can provide security verification for calling third party service authentication by sharing user information, and preventing The user's misoperation or malicious operation of some illegal programs further improves the security of the service authentication method and prevents the user's interests from being lost.
  • the method may further include:
  • the above AAA server starts a timer; the timing of the timer may be preset, for example, but not limited to 1 minute;
  • the AAA server deletes the user token generated and saved in step 210.
  • the service request information of the server from the third party service received by the AAA server in step 214 may include at least one of the following request information:
  • the method may further include: the AAA server charging the fee generated by the terminal in the process of using the third-party service according to the IP address and the TCP/UDP port number. .
  • the user can use the account provided by the network operator to consume the third-party service, which facilitates unified billing management.
  • Embodiment 3 is a diagrammatic representation of Embodiment 3
  • the present invention also provides a service authentication system.
  • the system may include: a terminal 100, a BNG 200, and an AAA server 300, where
  • the terminal 100 may be configured to receive an instruction sent by the user to invoke the shared user information to perform third-party service authentication.
  • the shared user information is user information used by the user in performing authentication, authorization, and accounting AAA authentication; for example, sharing user information may be It is the account name and password used when the network service provided by the network operator is input when the user accesses the network. For example, the account name and password entered when the user dials the Internet using ADSL (Asymmetric Digital Subscriber Line).
  • ADSL Asymmetric Digital Subscriber Line
  • An application program interface for sharing user information provided by the network operator after the user clicks the function button, the terminal receives an instruction sent by the user to invoke the shared user information for third-party service authentication;
  • the terminal 100 is further configured to send a request message for acquiring a user token to the BNG 200.
  • the BNG 200 can be configured to send the foregoing request message for acquiring a user token to the AAA server 300;
  • the AAA server 300 can be used to generate a user token and save; after receiving the request message, the AAA server 300 generates a user token and saves it for subsequent verification;
  • the AAA server 300 can also be configured to send the user token to the BNG 200;
  • the BNG 200 can also be used to send the user token to the terminal 100;
  • the terminal 100 can also be used to send the user token to the server of the third party service;
  • the AAA server 300 is further configured to receive service request information sent by the server of the third-party service, where the service request information includes an Internet Protocol IP address of the terminal, a Transmission Control Protocol TCP/User Datagram Protocol UDP port number, and the foregoing third-party service.
  • the user token received by the server in this embodiment, when the terminal accesses the server of the third-party service, the server of the third-party service can obtain the IP address of the terminal and the TCP/UDP port number; the server of the third-party service receives the After the user token is sent by the terminal, the IP address of the terminal, the TCP/UDP port number, and the received user token are carried in the service request information and sent to the AAA server.
  • the AAA server 300 can also be used to determine whether the user token received by the user token is equal to the user token stored by the terminal. If they are equal, the third-party service authentication of the terminal is determined, otherwise the third-party service authentication fails.
  • the AAA server may delete the previously saved user token, so that each user token can be used only for one service authentication, thereby improving security.
  • the AAA server can also return the corresponding confirmation information to the server of the third-party service.
  • the AAA server may also return corresponding prompt information to the server of the third-party service.
  • the service authentication system provided by the embodiment provides a scheme for using the shared user information for authentication, so that the user does not need to input the user name and password when using the third-party service, thereby facilitating the user's use and improving the user experience;
  • the user token assigned by the AAA server needs to be verified to improve the security of the authentication.
  • the AAA server may further start a timer after the user token is generated and saved, where the timer time may be preset, such as but not limited to 1 minute; the AAA server may also be used to perform the foregoing timing. Timeout, delete the saved user token.
  • the service request message of the server from the third-party service received by the AAA server may include at least one of the following request information:
  • the AAA server may be further configured to: charge the fee generated by the terminal in the process of using the third party service according to the IP address and the TCP/UDP port number. In this way, the user can use the account provided by the network operator to consume the third-party service, which facilitates unified billing management.
  • Embodiment 4 is a diagrammatic representation of Embodiment 4:
  • the present invention further provides a service authentication system.
  • the system may include: a terminal 100, an AAA server 300, and a security server 400, where
  • the terminal 100 is configured to receive an instruction that is sent by the user to invoke the shared user information to perform third-party service authentication.
  • the shared user information is user information used by the user when performing AAA authentication.
  • the shared user information may be when the user accesses the network.
  • the account name and password used when entering the network service provided by the network operator, for example, the account name and password entered by the user when dialing the Internet using ADSL (Asymmetric Digital Subscriber Line);
  • the third-party service provides the function of using the shared user information for third-party service authentication.
  • the third-party service web page or interface displayed by the terminal can provide a "one-click authentication" function button, and the function button can call the sharing provided by the network operator.
  • the application interface of the user information after the user clicks the function button, the terminal receives an instruction sent by the user to invoke the shared user information for third-party service authentication;
  • the terminal 100 is further configured to send a request message for acquiring a user token to the security server; the request message for acquiring the user token carries a user token type;
  • the security server 400 is configured to generate an authentication confirmation webpage, save the authentication confirmation information related to the authentication confirmation webpage, and send the authentication confirmation webpage to the terminal;
  • the terminal 100 is further configured to display the authentication confirmation webpage, and receive the authentication confirmation information input by the user, and send the authentication confirmation information input by the user to the security server.
  • the authentication confirmation webpage may be an interface as shown in FIG. , prompting the user to enter a verification code, the form of the verification code can be It is a text, a number or other suitable format and is not specifically limited herein;
  • the security server 400 is further configured to determine whether the received authentication confirmation information input by the user is consistent with the previously saved authentication confirmation information. If they are consistent, the request message for acquiring the user token may be sent to the AAA server, otherwise the prompt information may be returned to the BNG.
  • the BNG forwards the prompt message to the terminal to prompt the user to perform the re-authentication; the token type; specifically, the user token generated by the AAA server matches the user token type;
  • the AAA server 300 is further configured to send the user token to the terminal 100;
  • the terminal 100 is further configured to send the user token to a server of a third-party service
  • the AAA server 300 is further configured to receive service request information sent by the server of the third-party service, where the service request information includes an Internet Protocol IP address of the terminal, a TCP/User Datagram Protocol (UDP) port number, and a server of the third-party service.
  • the received user token wherein, when the terminal accesses the server of the third-party service, the server of the third-party service can obtain the IP address of the terminal and the TCP/UDP port number; the server of the third-party service receives the user sent by the terminal.
  • the IP address of the terminal, the TCP/UDP port number, and the received user token are carried in the service request information and sent to the AAA server.
  • the AAA server 300 is further configured to determine whether the user token received by the user token is equal to the saved user token, and whether the type of the user token received by the user token matches the type of the user token it holds, if the user token received by the user token is saved. The user tokens are equal and the type of the user token received is matched with the type of the user token that is stored, and the third-party service authentication is performed by the terminal. Otherwise, the third-party service authentication fails.
  • the AAA server 300 can delete the previously saved user token, so that each user token can be used only for one service authentication, thereby improving security; Afterwards, the AAA server 300 can also return corresponding confirmation information to the server of the third-party service;
  • the AAA server 300 may return the corresponding prompt information to the server of the third-party service.
  • the system may further include a BNG, and the BNG may serve as a information relay between the terminal and the security server, that is, the received message from the terminal may be forwarded or transparently transmitted to the terminal.
  • the secure server can also forward or transparently receive the received message from the secure server to Terminal.
  • the service authentication system provided in this embodiment provides a scheme for using the shared user information for authentication, so that the user does not need to input a user name and password when using the third-party service, thereby facilitating the use of the user and improving the user experience.
  • the security server can provide security verification for invoking the shared user information for third-party service authentication, preventing user misoperation or malicious operation of some illegal programs, and further improving the service authentication method. Security, to prevent the loss of the user's interests.
  • the AAA server may further start a timer after the user token is generated and saved, where the timer time may be preset, such as but not limited to 1 minute; the AAA server may also be used to perform the foregoing timing. Timeout, delete the saved user token.
  • the service request message of the server from the third party service received by the AAA server may include at least one of the following request information:
  • the AAA server may be further configured to: charge the fee generated by the terminal in the process of using the third party service according to the IP address and the TCP/UDP port number. In this way, the user can use the account provided by the network operator to consume the third-party service, which facilitates unified billing management.
  • the program may be stored in a computer readable storage medium, and the storage medium may include: Flash disk, read-only memory (Read-Only Memory,
  • ROM Read Only Memory
  • RAM Random Access Memory
  • CD Compact Disc

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Les modes de réalisation de la présente invention appartiennent au domaine technique des communications. L'invention concerne un procédé et un système d'authentification de service. Le procédé comprend les étapes suivantes : un terminal reçoit une instruction d'invoquer des informations d'utilisateur partagées pour exécuter l'authentification d'un service tiers envoyé par un utilisateur ; le terminal envoie à une BNG un message de demande d'acquisition d'un jeton d'utilisateur ; la BNG envoie le message de demande d'acquisition du jeton d'utilisateur, à un serveur AAA ; le serveur AAA génère et enregistre le jeton d'utilisateur ; le serveur AAA envoie le jeton d'utilisateur à la BNG ; la BNG envoie le jeton d'utilisateur au terminal ; le terminal envoie le jeton d'utilisateur à un serveur du service tiers ; le serveur AAA reçoit des informations de demande de service envoyées par le serveur du service tiers ; et le serveur AAA détermine si le jeton d'utilisateur reçu est identique au jeton d'utilisateur qu'il a enregistré et, si c'est le cas, il authentifie le service tiers. La mise en œuvre des modes de réalisation de la présente invention améliore l'expérience de l'utilisateur.
PCT/CN2014/080852 2013-06-26 2014-06-26 Procédé et système d'authentification de service WO2014206316A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310259633.X 2013-06-26
CN201310259633.XA CN104253787A (zh) 2013-06-26 2013-06-26 业务认证方法和系统

Publications (1)

Publication Number Publication Date
WO2014206316A1 true WO2014206316A1 (fr) 2014-12-31

Family

ID=52141092

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/080852 WO2014206316A1 (fr) 2013-06-26 2014-06-26 Procédé et système d'authentification de service

Country Status (2)

Country Link
CN (1) CN104253787A (fr)
WO (1) WO2014206316A1 (fr)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106209522B (zh) * 2015-04-30 2019-08-02 东莞市星东升实业有限公司 基于令牌协议的令牌组网构建方法
CN107493280B (zh) * 2017-08-15 2020-10-09 中国联合网络通信集团有限公司 用户认证的方法、智能网关及认证服务器
CN107682325A (zh) * 2017-09-21 2018-02-09 烽火通信科技股份有限公司 具备鉴权功能的网关设备上网拨号方法及系统
CN110430202B (zh) * 2019-08-09 2022-09-16 百度在线网络技术(北京)有限公司 认证方法及装置
CN112104673B (zh) * 2020-11-12 2021-04-06 中博信息技术研究院有限公司 一种多媒体资源web访问权限认证方法
CN114500066A (zh) * 2022-02-08 2022-05-13 北京沃东天骏信息技术有限公司 信息处理方法、网关和通信系统
CN115242474B (zh) * 2022-07-14 2024-06-07 观澜网络(杭州)有限公司 一种实时通讯系统、方法、终端设备及存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350797A (zh) * 2008-09-17 2009-01-21 腾讯科技(深圳)有限公司 简化用户操作的网站登录方法、系统、客户端和服务器
CN101764806A (zh) * 2009-12-31 2010-06-30 卓望数码技术(深圳)有限公司 一种单点登录方法、系统以及登录服务平台
US20110173105A1 (en) * 2010-01-08 2011-07-14 Nokia Corporation Utilizing AAA/HLR infrastructure for Web-SSO service charging
CN102655494A (zh) * 2011-03-01 2012-09-05 广州从兴电子开发有限公司 一种基于saml的单点登录模式设计的认证平台

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350797A (zh) * 2008-09-17 2009-01-21 腾讯科技(深圳)有限公司 简化用户操作的网站登录方法、系统、客户端和服务器
CN101764806A (zh) * 2009-12-31 2010-06-30 卓望数码技术(深圳)有限公司 一种单点登录方法、系统以及登录服务平台
US20110173105A1 (en) * 2010-01-08 2011-07-14 Nokia Corporation Utilizing AAA/HLR infrastructure for Web-SSO service charging
CN102655494A (zh) * 2011-03-01 2012-09-05 广州从兴电子开发有限公司 一种基于saml的单点登录模式设计的认证平台

Also Published As

Publication number Publication date
CN104253787A (zh) 2014-12-31

Similar Documents

Publication Publication Date Title
WO2014206316A1 (fr) Procédé et système d'authentification de service
WO2016155668A1 (fr) Procédé d'authentification d'application unifiée dans un système à ressources partagées, serveur, et terminal
US7653933B2 (en) System and method of network authentication, authorization and accounting
EP3120591B1 (fr) Dispositif sur la base d'un identifiant d'utilisateur, système de gestion d'identité et d'activité
US9648006B2 (en) System and method for communicating with a client application
US20160127902A1 (en) Mobile device authentication in heterogeneous communication networks scenario
WO2008022589A1 (fr) Système et procédé destinés à authentifier une demande d'accès pour un réseau local
JP4990912B2 (ja) ネットワーク課金方法、システム及び装置
US8422650B2 (en) Authentication in communication systems
US20090043891A1 (en) Mobile WiMax network system including private network and control method thereof
WO2007072121A1 (fr) Integration facilite entre services web et services de telecommunications par mise en collaboration des clients web et des clients de telecommunications
WO2009097778A1 (fr) Procédé, dispositif et système d'appel de l'interface de sécurité
US10129039B2 (en) Method of online charging a guest user of an application content provider
WO2013075661A1 (fr) Procédé d'identification de plate-forme ouverte et de connexion, plateforme ouverte et système
WO2013060129A1 (fr) Procédé d'authentification rapide, contrôleur d'accès et système pour un réseau local sans fil
WO2011023050A1 (fr) Procédé de réglage en ligne de la largeur de bande d’un utilisateur et serveur de service d’authentification distante d’un utilisateur appelant
US20140348029A1 (en) Method and system for providing sponsored service on ims-based mobile communication network
CN106790251B (zh) 用户接入方法和用户接入系统
WO2012089039A1 (fr) Procédé et dispositif pour fournir des informations d'utilisateur à un appareil de traduction d'adresse réseau à grande échelle (cgn)
WO2018045798A1 (fr) Procédé d'authentification de réseau et dispositif associé
CN108200039B (zh) 基于动态创建临时账号密码的无感知认证授权系统和方法
WO2012088995A1 (fr) Procédé et dispositif de commande de service
US10547651B2 (en) System and method for providing telephony services over WiFi for non-cellular devices
EP3025534B1 (fr) Fourniture de services de téléphonie sur wifi pour des dispositifs non cellulaires
CN104394151A (zh) 一种校园网接入运营商网络的方法、设备及系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14818502

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14818502

Country of ref document: EP

Kind code of ref document: A1