WO2017088634A1 - Third-party application authentication method, authentication server, terminal and management server - Google Patents

Third-party application authentication method, authentication server, terminal and management server Download PDF

Info

Publication number
WO2017088634A1
WO2017088634A1 PCT/CN2016/104863 CN2016104863W WO2017088634A1 WO 2017088634 A1 WO2017088634 A1 WO 2017088634A1 CN 2016104863 W CN2016104863 W CN 2016104863W WO 2017088634 A1 WO2017088634 A1 WO 2017088634A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
module
party
information
server
Prior art date
Application number
PCT/CN2016/104863
Other languages
French (fr)
Chinese (zh)
Inventor
高扬
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017088634A1 publication Critical patent/WO2017088634A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to the field of communications, and in particular, to a third-party application authentication method, an authentication server, a terminal, and a management server.
  • the so-called third-party login is to use the existing account of the user on the third-party application platform to quickly complete the login or registration function of the application.
  • the third-party application platform here is generally an application platform that already has a large number of users, such as Sina Weibo, QQ Space, WeChat, Facebook, Twitter, etc. in China.
  • a third-party application platform For example, Sina Weibo and QQ space are good choices. These platforms have a large number of users, and open APIs for us to call.
  • the Weibo open platform encapsulates the Weibo login button, attention button, share button and other components that can be directly deployed on any website, which enables developers to lower the registration threshold of new users and realize the zero cost introduction and high quality content of social relationships. Rapid spread. Therefore, third-party login is very convenient.
  • the main technical problem to be solved by the present invention is to provide a third-party application authentication method, an authentication server, a terminal, and a management server, which solves the problem that the existing third-party login security is low and there are security risks.
  • the present invention provides a third-party application authentication method, including:
  • the third-party application module of the terminal obtains the identity identification information set by the operator for the user from the user identity information module of the terminal;
  • the third-party application module generates an authentication request including the identity identification information and sends the authentication request to the third-party authentication server for authentication.
  • the method further includes:
  • the third-party application module receives authentication challenge information fed back by the third-party authentication server according to the authentication request;
  • the third-party application module receives the authentication challenge response information fed back by the user identity information module, and sends the authentication challenge response information to the third-party authentication server for re-authentication.
  • the acquiring, by the third-party application module, the identity information set by the operator for the user includes:
  • the identity identification information is directly obtained from the user identity information module of the terminal;
  • the method sends an identity information acquisition request to the authentication proxy module of the terminal, and receives the identity identification information that is obtained by the authentication agent module and is obtained from the user identity information module. .
  • the present invention also provides a third-party application authentication method, including:
  • the third-party authentication server receives an authentication request sent by a third-party application from the terminal, where the authentication request includes the identity identification information set by the operator for the user;
  • the third-party authentication server sends the authentication request to the user data management server on the operator side for authentication.
  • the method further includes:
  • the third-party authentication server sends the authentication challenge information to the third-party application module of the terminal;
  • the third-party authentication server receives the authentication challenge response information fed back by the third-party application of the terminal, and sends the authentication challenge response information to the user data management server for authentication.
  • the present invention also provides a third-party application authentication method, including:
  • the user data management server receives an authentication request sent by a third-party authentication server, where the authentication request includes identity identification information set by the operator for the user;
  • the user data management server performs authentication according to the authentication request.
  • the user data management server performs authentication according to the authentication request, including:
  • the authentication challenge response information from the third-party authentication server is received for authentication.
  • the present invention further provides a terminal, including: a third-party application module, where the third-party application module includes an identity information acquiring sub-module and a first processing sub-module;
  • the information obtaining submodule is configured to obtain, from the user identity information module of the terminal, the identity identification information set by the operator for the user;
  • the first processing submodule is configured to generate an authentication request including the identity identification information according to the identity identification information, and send the authentication request to the third party authentication server for authentication.
  • the third-party application module further includes:
  • a challenge information obtaining submodule configured to receive authentication challenge information fed back by the third party authentication server according to the authentication request;
  • An information forwarding submodule configured to send the authentication challenge information to a user identity letter of the terminal Information module
  • the second processing sub-module is configured to receive the authentication challenge response information fed back by the user identity information module and send the authentication challenge information to the third-party authentication server for re-authentication.
  • the present invention also provides a third-party authentication server, including:
  • a request receiving module configured to receive an authentication request sent by a third-party application from the terminal, where the authentication request includes the identity identification information set by the operator for the user;
  • the request sending module is configured to send the authentication request to the user data management server on the operator side for authentication.
  • the method further includes:
  • a challenge information receiving module configured to receive authentication challenge information fed back by the user data management server according to the authentication request
  • a challenge information sending module configured to send the authentication challenge information to a third-party application of the terminal
  • the response information receiving module is configured to receive the authentication challenge response information fed back by the third-party application of the terminal;
  • the response message sending module is configured to send the authentication challenge response information to the user data management server on the operator side for authentication.
  • the present invention also provides a user data management server, including:
  • the request obtaining module is configured to receive an authentication request sent by a third-party authentication server, where the authentication request includes the identity identification information set by the operator for the user;
  • the authentication processing module is configured to perform authentication according to the authentication request.
  • the authentication processing module includes:
  • a challenge information generating submodule configured to generate authentication challenge information according to the identity identification information in the authentication request
  • a challenge information feedback sub-module configured to send the authentication challenge information to the third-party authentication server
  • the authentication submodule is configured to receive authentication challenge response information from the third party authentication server for authentication.
  • the present invention also provides a communication system, including a terminal, a third-party authentication server, and a user data management server;
  • the third-party application module of the terminal obtains the identity identification information set by the operator for the user from the user identity information module of the terminal, and generates an authentication request including the identity identification information and sends the authentication request to the third-party authentication server.
  • the third-party authentication server is configured to receive the authentication request and send it to a user data management server on the operator side;
  • the user data management server is configured to perform authentication according to the authentication request.
  • the authentication proxy server is further configured to process the authentication request format sent by the third-party authentication server into an internal message format of the operator network, and then send the format to the user data management server.
  • the user data management server is a home subscription user server; and/or the user identity information module is a user identification card module or an IP multimedia service identity module.
  • Another embodiment of the present invention provides a computer storage medium storing execution instructions for performing the method in the above embodiments.
  • the third-party application authentication method, the authentication server, the terminal, and the management server provided by the present invention when using a third-party login, the third-party application in the terminal can obtain the identity identification information set by the operator for the user from the user identity information module of the terminal. Then, the authentication request including the identification information is sent to the third-party authentication server for authentication; the third-party authentication server sends the authentication request to the user data management server on the operator side for authentication.
  • the invention is logged in at a third party
  • the identity identification information assigned by the operator to the user is directly authenticated from the terminal, and the user data management server on the operator side is used for authentication; the identity identification information assigned by the operator to the user is information that can truly identify each user, for example, real-name authentication.
  • the number and other user identity information can not only improve the security of the authentication, but also provide the third party with a safer, more reliable and real-name authentication, and also meet the needs of the operator's open capabilities.
  • FIG. 1 is a flowchart of a terminal-side third-party authentication process according to Embodiment 1 of the present invention
  • FIG. 2 is a flowchart of a third-party server-side third-party authentication process according to Embodiment 1 of the present invention
  • FIG. 3 is a flowchart of a third-party authentication process on a user data management server side according to Embodiment 1 of the present invention
  • FIG. 4 is a schematic structural diagram of a communication system according to Embodiment 2 of the present invention.
  • FIG. 5 is a schematic structural diagram of a terminal according to Embodiment 2 of the present invention.
  • FIG. 6 is a schematic structural diagram of a third-party application module in FIG. 5;
  • FIG. 7 is a schematic structural diagram of a third-party authentication server according to Embodiment 2 of the present invention.
  • FIG. 8 is a schematic structural diagram of a user data management server according to Embodiment 2 of the present invention.
  • FIG. 9 is a schematic structural diagram of a communication system based on an IMS architecture according to Embodiment 2 of the present invention.
  • FIG. 10 is a flowchart of a third-party authentication process when an authentication proxy module is provided according to Embodiment 3 of the present invention.
  • FIG. 11 is a flowchart of a third-party authentication process when directly acquiring a user identity according to Embodiment 3 of the present invention.
  • FIG. 12 is a flowchart of a third-party authentication process when an authentication proxy module is provided based on an IMS architecture according to Embodiment 3 of the present invention.
  • FIG. 13 is a flowchart of a third-party authentication process when a user identity is directly obtained based on an IMS architecture according to Embodiment 3 of the present invention.
  • the invention directly uses the identity identification information assigned by the operator for the user and the user data management server on the operator side to perform authentication, which can improve the security of the authentication, provide a safer, more reliable and real-name system for the third party. At the same time of certification, it also meets the needs of operators' openness.
  • Embodiment 1 is a diagrammatic representation of Embodiment 1:
  • the identity information that the operator assigns to the user is generally built in the user identity information module of the terminal, so the third-party application module of the terminal (that is, various third-party application APPs) can directly
  • the user identification information allocated by the operator to the user is obtained in the terminal; the user identification information in this embodiment refers to the identity information in the user that can truly identify the user.
  • the user identification information module may be a user identification card module (SIM module).
  • the user identification information at this time may be each identity information in the user identification card module, such as a phone number, and the user identification card module also stores each Key information; for example, in an IMS (IP Multimedia Subsystem), the user identity information module may also be various identity information included in an IP multimedia service identity module (ISIM module), which is also Includes various key information.
  • IMS IP Multimedia Subsystem
  • IMS IP Multimedia Subsystem
  • ISIM module IP multimedia service identity module
  • the third-party application module in this embodiment may be various applications set by the operator in the terminal, or may be various applications set by the terminal manufacturer or other application providers or terminal users themselves in the terminal.
  • a third-party application module built in the operator such an application can directly interact with the user identity information module in the terminal to obtain corresponding user identification information and corresponding key information; for a third party built by a non-operator
  • the application module the security level of the user identification information assigned by the operator to the user is extremely high, and the user is not directly able to obtain the user identity information module. Therefore, the terminal in this embodiment is also provided with an authentication agent module.
  • the proxy module is configured to interact with the user identity information module to obtain user identification information, obtain a key, etc., and then forward it to a third-party application module.
  • the third-party application module may generate an authentication request including the identity identification information and send the authentication request to the third-party authentication server for authentication.
  • the third-party authentication server generally does not have user data such as identification information allocated by the operator for the user, and has the capability of authenticating and authenticating the identity of the terminal user. Therefore, after receiving the authentication request, the third-party authentication server needs to authenticate with the user data management server (that is, the operator user data center) for managing user data on the carrier side.
  • the user data management server that is, the operator user data center
  • the user data management server After receiving the authentication request, the user data management server on the operator side can use the existing authentication mechanisms to perform authentication according to the identity identification information in the authentication request.
  • the authentication mechanism used by the user data management server to perform authentication in this embodiment may be flexibly selected according to specific scenarios such as different operators or different protocols.
  • the user data management server may be an HSS (Home Subscriber Server).
  • an authentication proxy server may be added in this embodiment to implement the third-party application server and the user.
  • the format conversion and forwarding of the interaction information between the data management servers that is, the protocol conversion on both sides of the third-party application server and the user data management server, for example, converting the information of the HTTP-type protocol used by the third-party application server into an operation
  • the information of the Diameter-like protocol inside the vendor is sent to the user data management server.
  • the following describes the execution process of the terminal, the third-party authentication server, and the user data management server in the authentication process.
  • the process of the terminal in the third-party application authentication process includes:
  • Step 101 The third-party application module of the terminal acquires the identity identification information set by the operator for the user from the user identity information module of the terminal.
  • the identity identification information is directly obtained from the user identity information module of the terminal;
  • the third-party application module is a third-party application module set by a non-operator
  • authentication to the terminal is performed.
  • the agent module sends an identity information obtaining request, and receives the identity identification information obtained by the authentication agent module and obtained from the user identity information module;
  • Step 102 The third-party application module generates an authentication request that includes the identity identification information and sends the authentication request to the third-party authentication server for authentication.
  • Step 103 The third-party application module receives the authentication challenge information fed back by the third-party authentication server according to the authentication request.
  • Step 104 The third-party application module sends the received authentication challenge information to the user identity information module of the terminal, so that the user identity information module generates the authentication challenge response information.
  • Step 105 The third-party application module receives the authentication challenge response information fed back by the user identity information module, and sends the authentication challenge response information to the third-party authentication server for re-authentication. Specifically, an authentication request including the authentication challenge response information may be reconstructed and sent to the third-party authentication server.
  • Step 106 The third-party application module receives the registration success message sent by the third-party authentication server.
  • the execution process of the third-party authentication server in the third-party application authentication process includes:
  • Step 201 The third-party authentication server receives an authentication request sent by a third-party application from the terminal, where the authentication request includes the identity identification information set by the operator for the user.
  • Step 202 The third-party authentication server sends the authentication request to the user data management server on the operator side for authentication;
  • Step 203 The third-party authentication server receives the authentication challenge information fed back by the user data management server according to the authentication request.
  • Step 204 The third-party authentication server sends the authentication challenge information to the third-party application module of the terminal.
  • Step 205 The third-party authentication server receives the authentication challenge response information fed back by the third-party application of the terminal, and sends the authentication challenge response information to the user data management server for authentication.
  • Step 206 The third-party authentication server receives the authentication of the feedback from the user data management server. Gong news.
  • the execution process of the user data management server in the third-party application authentication process includes:
  • Step 301 The user data management server receives an authentication request sent by a third-party authentication server, where the authentication request includes the identity identification information set by the operator for the user.
  • Step 302 The user data management server generates authentication challenge information according to the identity identification information in the authentication request.
  • Step 303 The user data management server sends the authentication challenge information to the third-party authentication server.
  • Step 304 The user data management server receives the authentication challenge response information from the third-party authentication server for authentication.
  • Step 305 The user data management server sends an authentication success message to the third-party authentication server when the authentication is successful.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1:
  • this embodiment provides a communication system, including a terminal 1, a third-party authentication server 2, and a user data management server 4;
  • the third-party application module of the terminal 1 obtains the identity identification information set by the operator for the user from the user identity information module of the terminal, and generates an authentication request including the identity identification information and sends the authentication request to the third-party authentication server.
  • the third-party authentication server 2 is configured to receive the authentication request and send it to the user data management server 4 on the operator side;
  • the user data management server 4 is configured to perform authentication according to the authentication request.
  • an authentication proxy server 3 may be added, which is configured to implement format conversion and forwarding of interaction information between the third-party application server 2 and the user data management server 4, that is, to perform a third-party application server and a user data management server.
  • the protocol conversion on the side for example, converts the information of the HTTP-type protocol used by the third-party application server into the information of the Diameter-like protocol of the operator, and sends the information to the user data management server.
  • the identification information that the operator assigns to the user is generally built in the user identity information module of the terminal 1. Therefore, the third-party application module of the terminal can directly obtain the user identification information allocated by the operator for the user from the terminal when logging in.
  • the third-party application module in this embodiment may be various applications set by the operator in the terminal, or may be various applications set by the terminal manufacturer or other application providers or terminal users themselves in the terminal.
  • the terminal in this embodiment is also provided with an authentication agent module.
  • the proxy module is configured to interact with the user identity information module to obtain user identification information, obtain a key, etc., and then forward it to a third-party application module. Therefore, as shown in FIG. 5, the terminal 1 in this embodiment includes a third-party application module 11, an authentication proxy module 12, and a user identity information module 13.
  • the third-party application module 11 in this embodiment includes an identity information obtaining sub-module 111 and a first processing sub-module 112;
  • the information acquisition sub-module 111 is configured to obtain the identity identification information set by the operator for the user from the user identity information module 13 of the terminal; according to the analysis, it can be obtained directly from the user identity information module 13 or acquired by the authentication agent module 12;
  • the first processing sub-module 112 is configured to generate the identity identifier according to the identity identification information
  • the authentication request of the other information is sent to the third-party authentication server 2 for authentication;
  • the challenge information obtaining sub-module 113 is configured to receive the authentication challenge information fed back by the third-party authentication server 2 according to the authentication request;
  • the information forwarding sub-module 114 is configured to send the authentication challenge information to the user identity information module of the terminal;
  • the second processing sub-module 115 is configured to receive the authentication challenge response information fed back by the user identity information module 13 and send it to the third-party authentication server 2 for re-authentication. Specifically, an authentication request including the authentication challenge response information may be reconstructed and sent to the third-party authentication server 2.
  • the third-party authentication server 2 in this embodiment includes:
  • the request receiving module 21 is configured to receive an authentication request sent by the third-party application from the terminal 1, where the authentication request includes the identity identification information set by the operator for the user;
  • the request sending module 22 is configured to send an authentication request to the user data management server 4 on the operator side for authentication.
  • the challenge information receiving module 23 is configured to receive the authentication challenge information fed back by the user data management server 4 according to the authentication request;
  • the challenge information sending module 24 is configured to send the authentication challenge information to the third-party application of the terminal 1;
  • the response information receiving module 25 is configured to receive the authentication challenge response information fed back by the third party application of the terminal 1;
  • the response message sending module 26 is configured to send the authentication challenge response information to the user data management server 4 on the operator side for authentication.
  • the user data management server 4 includes:
  • the request obtaining module 41 is configured to receive an authentication request sent by the third-party authentication server 2, where the authentication request includes the identity identification information set by the operator for the user;
  • the authentication processing module 42 is configured to perform authentication according to the authentication request.
  • the method includes:
  • the challenge information generation sub-module 421 is configured to generate information according to the identification information in the authentication request. Certified as challenge information;
  • the challenge information feedback sub-module 422 is configured to send the authentication challenge information to the third-party authentication server;
  • the authentication submodule 423 is configured to receive authentication challenge response information from a third party authentication server for authentication.
  • the user identity information module 13 may be an IP multimedia service identity module 131 (ISIM module), and the user data management server 4 may be a home subscriber server 401 (Home Subscriber Server, Referred to as HSS).
  • ISIM module IP multimedia service identity module
  • HSS Home Subscriber Server
  • Embodiment 3 is a diagrammatic representation of Embodiment 3
  • the basic process for providing identity authentication to a third-party application of the telecommunication network proposed by the present invention includes:
  • Step 1001 A third-party application module (App) sends a telecommunications identity query request to the authentication proxy module.
  • Step 1002 The authentication proxy module interactively acquires the user identity from the user identity information module.
  • Step 1003 The authentication proxy module returns a telecommunications identity query response to the third-party application module (App).
  • Step 1004 The third-party application module (App) initiates a registration request to the third-party application server, and constructs an authentication request using the user identity obtained from the authentication proxy module.
  • Step 1005 The third-party application server forwards the authentication request to the authentication proxy server of the operator.
  • Step 1006 The authentication proxy server transforms the authentication request into an authentication request that can be identified by the user data management server inside the operator, and sends the authentication request to the user data management server inside the operator.
  • Step 1007 The user data management server inside the operator fails to perform authentication and carries the authentication challenge information of the user.
  • Step 1008 The third-party application server fails to register the user, including the challenge information obtained from the telecommunication network;
  • Step 1009 The third-party application module (App) receives the registration failure message, and sends the authentication challenge information to the authentication proxy module.
  • Step 1010 The authentication proxy module interacts with the user identity information module to generate an authentication challenge response message.
  • Step 1011 The authentication proxy module sends the challenge response to the third-party application module (App);
  • Step 1012 The third-party application module (App) reconstructs the registration request by using the challenge response message, and sends the registration request to the third-party application server.
  • Step 1013 The third-party application server sends an authentication request to the authentication proxy server according to the newly received registration request.
  • Step 1014 The authentication proxy server forwards the authentication request to the user data management server inside the operator.
  • Step 1015 The user data management server internal to the operator passes the authentication, and the authentication succeeds to the authentication proxy server.
  • Step 1016 The authentication proxy server forwards the authentication to the third-party application server.
  • Step 1017 The third-party application server successfully registers the user back.
  • the interaction process of obtaining the identity of the user directly from the user identity information module is as follows:
  • Step 1101 A third-party application module (generally a native mode application or another application set by another operator) interacts with the user identity information module to obtain a user identity.
  • a third-party application module generally a native mode application or another application set by another operator
  • Step 1102 The third-party application module initiates a registration request to the third-party application server, and constructs the authentication information by using the user identity obtained from the authentication proxy module.
  • Step 1103 The third-party application server forwards the authentication request to the authentication proxy server of the operator.
  • Step 1104 The authentication proxy server transforms the authentication request into an authentication request that can be identified by the user data management server inside the operator, and sends the authentication request to the user data management server inside the operator.
  • Step 1105 The user data management server inside the operator fails to perform authentication and carries the authentication challenge information of the user.
  • Step 1106 The third-party application server fails to register the user, including the authentication challenge information obtained from the telecommunication network;
  • Step 1107 The third-party application module receives the registration failure message, and uses the challenge information to interact with the user identity information module to generate an authentication challenge response message.
  • Step 1108 The third-party application module reconstructs the registration request by using the authentication challenge response, and sends the registration request to the third-party application server.
  • Step 1109 The third-party application server sends an authentication request to the authentication proxy server according to the newly received registration request.
  • Step 1110 The authentication proxy server forwards the authentication request to the user data management server inside the operator.
  • Step 1111 The user data management server inside the operator passes the authentication, and the authentication is successful to the authentication proxy server.
  • Step 1112 The authentication proxy server forwards the authentication to the third-party application server.
  • Step 1113 The third-party application server successfully registers the user back.
  • the process for providing identity authentication to a third-party application based on IMS is as follows:
  • Step 1201 The third-party application module (App) sends a telecommunication identity to the authentication agent module. Request for inquiry;
  • Step 1202 The authentication proxy module interacts with the IP multimedia service identity module (ISIM module) to obtain the user identity. Because it is the ISIM module of the IMS system, the user identity in a non-phone number format, such as the user identity in the format john@abc.com, can be obtained. ;
  • ISIM module IP multimedia service identity module
  • Step 1203 The authentication proxy module returns a telecommunications identity query response to the third-party application module (App).
  • Step 1204 The third-party application module (App) initiates a registration request to the third-party application server, and constructs the authentication information by using the user identity obtained from the authentication proxy module.
  • Step 1205 The third-party application server forwards the authentication request to the authentication proxy server of the operator.
  • Step 1206 The authentication proxy server transforms the authentication request into an authentication request that can be identified by the home subscriber network server of the operator, and sends the authentication request to the home subscription subscriber server inside the operator.
  • Step 1207 The home subscription user server inside the operator fails to authenticate, and carries the authentication challenge information of the user.
  • Step 1208 The third-party application server fails to register the user, including the authentication challenge information obtained from the telecommunication network;
  • Step 1209 The third-party application module (App) receives the registration failure message, and sends the challenge information to the authentication agent module.
  • Step 1210 The authentication proxy module interacts with the ISIM module to generate a challenge response.
  • Step 1211 The authentication proxy module sends an authentication challenge response message to a third-party application module (App);
  • Step 1212 The third-party application module (App) reconstructs the registration request by using the authentication challenge response message, and sends the registration request to the third-party application server.
  • Step 1213 The third-party application server sends an authentication request to the authentication proxy server according to the newly received registration request.
  • Step 1214 The authentication proxy server forwards the authentication request to the home subscription subscriber server inside the operator.
  • Step 1215 The home subscriber network of the operator passes the authentication, and the authentication succeeds to the authentication proxy server.
  • Step 1216 The authentication proxy server forwards the authentication to the third-party application server.
  • Step 1217 The third-party application server registers the user successfully.
  • the interaction process for acquiring the user identity directly from the user identity information module based on the IMS is as follows:
  • Step S1301 A third-party application module (generally a native mode application) interacts with an IP multimedia service identity module (ISIM module) to acquire a user identity;
  • ISIM module IP multimedia service identity module
  • Step S1302 The third-party application module initiates a registration request to the third-party application server, and constructs the authentication information by using the user identity obtained from the authentication proxy module.
  • Step S1303 The third-party application server forwards the authentication request to the authentication proxy server of the operator.
  • Step S1304 The authentication proxy server transforms the authentication request into an authentication request that can be identified by the home subscription subscriber server of the operator, and sends the authentication request to the home subscription subscriber server inside the operator.
  • Step S1305 The home subscription user server inside the operator fails to authenticate, and carries the authentication challenge information of the user.
  • Step S1306 The third-party application server fails to register the user, including the authentication challenge information acquired from the telecommunication network;
  • Step S1307 The third-party application module receives the registration failure message, and uses the challenge information to interact with the ISIM module to generate an authentication challenge response message.
  • Step S1308 The third-party application module reconstructs the registration request by using the authentication challenge response information, and sends the registration request to the third-party application server.
  • Step S1309 The third-party application server constructs the authentication according to the newly received registration request. Request to send to the authentication proxy server;
  • Step S1310 The authentication proxy server forwards the authentication request to the home subscription subscriber server inside the operator;
  • Step S1311 the home subscriber network server internal authentication of the operator passes, and the authentication is successful to the authentication proxy server;
  • Step S1312 the authentication proxy server forwards the authentication to the third-party application server successfully
  • Step S1313 The third-party application server returns the registration to the user successfully.
  • modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices.
  • they may be implemented by program code executable by the computing device such that they may be stored in a storage medium (ROM/RAM, diskette, optical disk) by a computing device, and in some cases
  • the steps shown or described may be performed in an order different than that herein, or they may be separately fabricated into individual integrated circuit modules, or a plurality of the modules or steps may be implemented as a single integrated circuit module. Therefore, the invention is not limited to any particular combination of hardware and software.
  • a third-party application authentication method, an authentication server, a terminal, and a management server provided by the embodiments of the present invention have the following beneficial effects: when a third party logs in, the identity identification information assigned by the operator to the user is directly called from the terminal.
  • the user data management server on the carrier side is used for authentication; the identity information assigned by the operator to the user is information that can truly identify each user, such as the number of the real-name authentication, and the like, thereby improving the security of the authentication. Sex, while providing third parties with safer, more reliable and real-name authentication, It also meets the needs of operators' openness.

Abstract

Disclosed are a third-party application authentication method, an authentication server, a terminal, and a management server. The method comprises: when a third-party login operation is performed, acquiring, by a third-party application in a terminal, and from a user identity information module of the terminal, identity verification information set for a user by an operator, and generating and transmitting an authentication request containing the identity verification information to a third-party authentication server for authentication; and transmitting, by the third-party authentication server, the authentication request to an operator-side user data management server to undergo the authentication. In the invention, when a third-party login is performed, authentication is performed by directly calling identity verification information assigned to a user by an operator from a terminal in cooperation with an operator-side user data management server. The identity verification information assigned to the user by the operator is information which can be used to authentically verify the user, such as a number for use in real-name authentication, thereby improving authentication security, and providing more secure and reliable real-name authentication for a third party while satisfying an open capability requirement of the operator.

Description

第三方应用认证方法、认证服务器、终端及管理服务器Third-party application authentication method, authentication server, terminal, and management server 技术领域Technical field
本发明涉及通信领域,尤其涉及一种第三方应用认证方法、认证服务器、终端及管理服务器。The present invention relates to the field of communications, and in particular, to a third-party application authentication method, an authentication server, a terminal, and a management server.
背景技术Background technique
所谓的第三方登录,就是利用用户在第三方应用平台上已有的账号来快速完成自己应用的登录或者注册的功能。而这里的第三方应用平台,一般是已经有大量用户的应用平台,如国内的新浪微博、QQ空间,微信,外国的Facebook、twitter等等。The so-called third-party login is to use the existing account of the user on the third-party application platform to quickly complete the login or registration function of the application. The third-party application platform here is generally an application platform that already has a large number of users, such as Sina Weibo, QQ Space, WeChat, Facebook, Twitter, etc. in China.
要实现第三方登录,首先你需要选择一个第三方应用平台。例如新浪微博和QQ空间都是好的选择,这些平台拥有大量的用户,而且还开放了API,供我们调用接入。比如微博开放平台封装了可直接部署在任意网站上的微博登录按钮、关注按钮、分享按钮等组件,为开发者降低新用户注册门槛的同时,实现了社交关系的零成本引入和优质内容的快速传播。所以说,第三方登录具有很好的便利性。但是目前基于互联网,如国内的新浪微博、QQ空间,微信等应用,以及外国的Facebook、twitter等等的第三方应用登录存在一个严重的问题,就是第三方登录的安全性不会高于原认证平台的安全性,因为目前的上述第三方应用所采用的认证信息很少是可以真正识别用户的信息,并且后续也无法做实名制,导致采用第三方应用登陆的安全性降低,存在安全隐患。To implement third-party login, you first need to choose a third-party application platform. For example, Sina Weibo and QQ space are good choices. These platforms have a large number of users, and open APIs for us to call. For example, the Weibo open platform encapsulates the Weibo login button, attention button, share button and other components that can be directly deployed on any website, which enables developers to lower the registration threshold of new users and realize the zero cost introduction and high quality content of social relationships. Rapid spread. Therefore, third-party login is very convenient. However, there is a serious problem with third-party application logins based on the Internet, such as Sina Weibo, QQ space, WeChat, and other foreign Facebook, Twitter, etc., that is, the security of third-party login will not be higher than the original. The security of the authentication platform is because the authentication information used by the above-mentioned third-party applications is rarely the information that can truly identify the user, and the real-name system cannot be implemented in the future. As a result, the security of using the third-party application login is reduced, and there is a security risk.
发明内容Summary of the invention
本发明要解决的主要技术问题是,提供一种第三方应用认证方法、认证服务器、终端及管理服务器,解决现有第三方登陆安全性低,存在安全隐患的问题。The main technical problem to be solved by the present invention is to provide a third-party application authentication method, an authentication server, a terminal, and a management server, which solves the problem that the existing third-party login security is low and there are security risks.
为解决上述技术问题,本发明提供一种第三方应用认证方法,包括: To solve the above technical problem, the present invention provides a third-party application authentication method, including:
终端的第三方应用模块从终端的用户身份信息模块获取运营商为用户设置的身份识别信息;The third-party application module of the terminal obtains the identity identification information set by the operator for the user from the user identity information module of the terminal;
所述第三方应用模块生成包含该身份识别信息的认证请求发给第三方认证服务器进行认证。The third-party application module generates an authentication request including the identity identification information and sends the authentication request to the third-party authentication server for authentication.
在本发明的一种实施例中,还包括:In an embodiment of the present invention, the method further includes:
所述第三方应用模块接收所述第三方认证服务器根据所述认证请求反馈的认证挑战信息;The third-party application module receives authentication challenge information fed back by the third-party authentication server according to the authentication request;
所述第三方应用模块将所述认证挑战信息发给终端的用户身份信息模块;Transmitting, by the third-party application module, the authentication challenge information to a user identity information module of the terminal;
所述第三方应用模块接收所述用户身份信息模块反馈的认证挑战响应信息,并发给所述第三方认证服务器进行再次认证。The third-party application module receives the authentication challenge response information fed back by the user identity information module, and sends the authentication challenge response information to the third-party authentication server for re-authentication.
在本发明的一种实施例中,所述第三方应用模块获取运营商为用户设置的身份识别信息包括:In an embodiment of the present invention, the acquiring, by the third-party application module, the identity information set by the operator for the user includes:
所述第三方应用模块为运营商设置的第三方应用模块时,直接从终端的用户身份信息模块获取所述身份识别信息;When the third-party application module is a third-party application module set by the operator, the identity identification information is directly obtained from the user identity information module of the terminal;
所述第三方应用模块为非运营商设置的第三方应用模块时,向终端的认证代理模块发送身份信息获取请求,接收所述认证代理模块反馈的从所述用户身份信息模块获取的身份识别信息。When the third-party application module is a third-party application module that is not set by the operator, the method sends an identity information acquisition request to the authentication proxy module of the terminal, and receives the identity identification information that is obtained by the authentication agent module and is obtained from the user identity information module. .
为解决上述技术问题,本发明还提供了一种第三方应用认证方法,包括:To solve the above technical problem, the present invention also provides a third-party application authentication method, including:
第三方认证服务器接收来自终端的第三方应用发送的认证请求,所述认证请求包含运营商为用户设置的身份识别信息;The third-party authentication server receives an authentication request sent by a third-party application from the terminal, where the authentication request includes the identity identification information set by the operator for the user;
第三方认证服务器将所述认证请求发给运营商侧的用户数据管理服务器进行认证。The third-party authentication server sends the authentication request to the user data management server on the operator side for authentication.
在本发明的一种实施例中,还包括:In an embodiment of the present invention, the method further includes:
第三方认证服务器接收所述用户数据管理服务器根据所述认证请求 反馈的认证挑战信息;Receiving, by the third-party authentication server, the user data management server according to the authentication request Feedback authentication challenge information;
第三方认证服务器将所述认证挑战信息发给所述终端的第三方应用模块;The third-party authentication server sends the authentication challenge information to the third-party application module of the terminal;
第三方认证服务器接收所述终端的第三方应用反馈的认证挑战响应信息,并发给所述用户数据管理服务器进行认证。The third-party authentication server receives the authentication challenge response information fed back by the third-party application of the terminal, and sends the authentication challenge response information to the user data management server for authentication.
为解决上述技术问题,本发明还提供了一种第三方应用认证方法,包括:To solve the above technical problem, the present invention also provides a third-party application authentication method, including:
用户数据管理服务器接收来自第三方认证服务器发送的认证请求,所述认证请求包含运营商为用户设置的身份识别信息;The user data management server receives an authentication request sent by a third-party authentication server, where the authentication request includes identity identification information set by the operator for the user;
所述用户数据管理服务器根据所述认证请求进行认证。The user data management server performs authentication according to the authentication request.
在本发明的一种实施例中,所述用户数据管理服务器根据所述认证请求进行认证包括:In an embodiment of the present invention, the user data management server performs authentication according to the authentication request, including:
根据所述认证请求中的身份识别信息生成认证挑战信息;Generating authentication challenge information according to the identity identification information in the authentication request;
将所述认证挑战信息发给所述第三方认证服务器;Sending the authentication challenge information to the third-party authentication server;
接收来自所述第三方认证服务器的认证挑战响应信息进行认证。The authentication challenge response information from the third-party authentication server is received for authentication.
为解决上述技术问题,本发明还提供了一种终端,包括:第三方应用模块,所述第三方应用模块包括身份信息获取子模块以及第一处理子模块;To solve the above technical problem, the present invention further provides a terminal, including: a third-party application module, where the third-party application module includes an identity information acquiring sub-module and a first processing sub-module;
所述信息获取子模块设置为从终端的用户身份信息模块获取运营商为用户设置的身份识别信息;The information obtaining submodule is configured to obtain, from the user identity information module of the terminal, the identity identification information set by the operator for the user;
所述第一处理子模块设置为根据所述身份识别信息生成包含该身份识别信息的认证请求发给第三方认证服务器进行认证。The first processing submodule is configured to generate an authentication request including the identity identification information according to the identity identification information, and send the authentication request to the third party authentication server for authentication.
在本发明的一种实施例中,所述第三方应用模块还包括:In an embodiment of the present invention, the third-party application module further includes:
挑战信息获取子模块,设置为接收所述第三方认证服务器根据所述认证请求反馈的认证挑战信息;a challenge information obtaining submodule, configured to receive authentication challenge information fed back by the third party authentication server according to the authentication request;
信息转发子模块,设置为将所述认证挑战信息发给终端的用户身份信 息模块;An information forwarding submodule, configured to send the authentication challenge information to a user identity letter of the terminal Information module
第二处理子模块,设置为接收所述用户身份信息模块反馈的认证挑战响应信息并发给所述第三方认证服务器进行再次认证。The second processing sub-module is configured to receive the authentication challenge response information fed back by the user identity information module and send the authentication challenge information to the third-party authentication server for re-authentication.
为解决上述技术问题,本发明还提供了一种第三方认证服务器,包括:To solve the above technical problem, the present invention also provides a third-party authentication server, including:
请求接收模块,设置为接收来自终端的第三方应用发送的认证请求,所述认证请求包含运营商为用户设置的身份识别信息;a request receiving module, configured to receive an authentication request sent by a third-party application from the terminal, where the authentication request includes the identity identification information set by the operator for the user;
请求发送模块,设置为将所述认证请求发给运营商侧的用户数据管理服务器进行认证。The request sending module is configured to send the authentication request to the user data management server on the operator side for authentication.
在本发明的一种实施例中,还包括:In an embodiment of the present invention, the method further includes:
挑战信息接收模块,设置为接收所述用户数据管理服务器根据所述认证请求反馈的认证挑战信息;a challenge information receiving module, configured to receive authentication challenge information fed back by the user data management server according to the authentication request;
挑战信息发送模块,设置为将所述认证挑战信息发给所述终端的第三方应用;a challenge information sending module, configured to send the authentication challenge information to a third-party application of the terminal;
响应信息接收模块,设置为接收所述终端的第三方应用反馈的认证挑战响应信息;The response information receiving module is configured to receive the authentication challenge response information fed back by the third-party application of the terminal;
响应消息发送模块,设置为将所述认证挑战响应信息发给运营商侧的用户数据管理服务器进行认证。The response message sending module is configured to send the authentication challenge response information to the user data management server on the operator side for authentication.
为解决上述技术问题,本发明还提供了一种用户数据管理服务器,包括:To solve the above technical problem, the present invention also provides a user data management server, including:
请求获取模块,设置为接收来自第三方认证服务器发送的认证请求,所述认证请求包含运营商为用户设置的身份识别信息;The request obtaining module is configured to receive an authentication request sent by a third-party authentication server, where the authentication request includes the identity identification information set by the operator for the user;
鉴权处理模块,设置为根据所述认证请求进行认证。The authentication processing module is configured to perform authentication according to the authentication request.
在本发明的一种实施例中,所述鉴权处理模块包括:In an embodiment of the invention, the authentication processing module includes:
挑战信息生成子模块,设置为根据所述认证请求中的身份识别信息生成认证挑战信息; a challenge information generating submodule, configured to generate authentication challenge information according to the identity identification information in the authentication request;
挑战信息反馈子模块,设置为将所述认证挑战信息发给所述第三方认证服务器;a challenge information feedback sub-module, configured to send the authentication challenge information to the third-party authentication server;
认证子模块,设置为接收来自所述第三方认证服务器的认证挑战响应信息进行认证。The authentication submodule is configured to receive authentication challenge response information from the third party authentication server for authentication.
为解决上述技术问题,本发明还提供了一种通信系统,包括终端、第三方认证服务器以及用户数据管理服务器;To solve the above technical problem, the present invention also provides a communication system, including a terminal, a third-party authentication server, and a user data management server;
所述终端的第三方应用模块从终端的用户身份信息模块获取运营商为用户设置的身份识别信息,生成包含该身份识别信息的认证请求发给第三方认证服务器;The third-party application module of the terminal obtains the identity identification information set by the operator for the user from the user identity information module of the terminal, and generates an authentication request including the identity identification information and sends the authentication request to the third-party authentication server.
所述第三方认证服务器设置为接收所述认证请求并发给运营商侧的用户数据管理服务器;The third-party authentication server is configured to receive the authentication request and send it to a user data management server on the operator side;
所述用户数据管理服务器设置为根据所述认证请求进行认证。The user data management server is configured to perform authentication according to the authentication request.
在本发明的一种实施例中,还包括认证代理服务器,设置为将所述第三方认证服务器发送的所述认证请求格式处理为运营商网络内部消息格式后发给所述用户数据管理服务器。In an embodiment of the present invention, the authentication proxy server is further configured to process the authentication request format sent by the third-party authentication server into an internal message format of the operator network, and then send the format to the user data management server.
在本发明的一种实施例中,所述用户数据管理服务器为归属签约用户服务器;和/或,所述用户身份信息模块为用户识别可卡模块或IP多媒体服务身份模块。In an embodiment of the present invention, the user data management server is a home subscription user server; and/or the user identity information module is a user identification card module or an IP multimedia service identity module.
本发明另一实施例提供了一种计算机存储介质,所述计算机存储介质存储有执行指令,所述执行指令用于执行上述实施例中的方法。Another embodiment of the present invention provides a computer storage medium storing execution instructions for performing the method in the above embodiments.
本发明的有益效果是:The beneficial effects of the invention are:
本发明提供的第三方应用认证方法、认证服务器、终端及管理服务器,在采用第三方登陆时,终端中的第三方应用可从终端的用户身份信息模块获取运营商为用户设置的身份识别信息,然后生成包含该身份识别信息的认证请求发给第三方认证服务器进行认证;第三方认证服务器则将该认证请求发给运营商侧的用户数据管理服务器进行认证。本发明在第三方登陆 时,直接从终端中调用运营商为用户分配的身份识别信息结合运营商侧的用户数据管理服务器进行认证;运营商为用户分配的身份识别信息是可以真正识别各用户的信息,例如进行实名制认证的号码等各种用户身份信息,因此既可以提升认证的安全性,为第三方提供更安全、可靠并可以实名制认证的同时,也满足运营商开放能力的需求。The third-party application authentication method, the authentication server, the terminal, and the management server provided by the present invention, when using a third-party login, the third-party application in the terminal can obtain the identity identification information set by the operator for the user from the user identity information module of the terminal. Then, the authentication request including the identification information is sent to the third-party authentication server for authentication; the third-party authentication server sends the authentication request to the user data management server on the operator side for authentication. The invention is logged in at a third party The identity identification information assigned by the operator to the user is directly authenticated from the terminal, and the user data management server on the operator side is used for authentication; the identity identification information assigned by the operator to the user is information that can truly identify each user, for example, real-name authentication. The number and other user identity information can not only improve the security of the authentication, but also provide the third party with a safer, more reliable and real-name authentication, and also meet the needs of the operator's open capabilities.
附图说明DRAWINGS
图1为本发明实施例一提供的终端侧第三方认证过程流程图;1 is a flowchart of a terminal-side third-party authentication process according to Embodiment 1 of the present invention;
图2为本发明实施例一提供的第三方服务器侧第三方认证过程流程图;2 is a flowchart of a third-party server-side third-party authentication process according to Embodiment 1 of the present invention;
图3为本发明实施例一提供的用户数据管理服务器侧第三方认证过程流程图;3 is a flowchart of a third-party authentication process on a user data management server side according to Embodiment 1 of the present invention;
图4为本发明实施例二提供的通信系统结构示意图;4 is a schematic structural diagram of a communication system according to Embodiment 2 of the present invention;
图5为本发明实施例二提供的终端结构示意图;FIG. 5 is a schematic structural diagram of a terminal according to Embodiment 2 of the present invention;
图6为图5中第三方应用模块的结构示意图;6 is a schematic structural diagram of a third-party application module in FIG. 5;
图7为本发明实施例二提供的第三方认证服务器结构示意图;FIG. 7 is a schematic structural diagram of a third-party authentication server according to Embodiment 2 of the present invention;
图8为本发明实施例二提供的用户数据管理服务器结构示意图;8 is a schematic structural diagram of a user data management server according to Embodiment 2 of the present invention;
图9为本发明实施例二提供的基于IMS架构的通信系统结构示意图;9 is a schematic structural diagram of a communication system based on an IMS architecture according to Embodiment 2 of the present invention;
图10为本发明实施例三提供的具有认证代理模块时的第三方认证过程流程图;10 is a flowchart of a third-party authentication process when an authentication proxy module is provided according to Embodiment 3 of the present invention;
图11为本发明实施例三提供的直接获取用户身份时的第三方认证过程流程图;FIG. 11 is a flowchart of a third-party authentication process when directly acquiring a user identity according to Embodiment 3 of the present invention;
图12为本发明实施例三提供的基于IMS架构具有认证代理模块时的第三方认证过程流程图;FIG. 12 is a flowchart of a third-party authentication process when an authentication proxy module is provided based on an IMS architecture according to Embodiment 3 of the present invention;
图13为本发明实施例三提供的基于IMS架构直接获取用户身份时的第三方认证过程流程图。FIG. 13 is a flowchart of a third-party authentication process when a user identity is directly obtained based on an IMS architecture according to Embodiment 3 of the present invention.
具体实施方式 detailed description
本发明在第三方登陆时,直接采用运营商为用户分配的身份识别信息结合运营商侧的用户数据管理服务器进行认证,既可以提升认证的安全性,为第三方提供更安全、可靠并可以实名制认证的同时,也满足运营商开放能力的需求。下面通过具体实施方式结合附图对本发明作进一步详细说明。When the third party logs in, the invention directly uses the identity identification information assigned by the operator for the user and the user data management server on the operator side to perform authentication, which can improve the security of the authentication, provide a safer, more reliable and real-name system for the third party. At the same time of certification, it also meets the needs of operators' openness. The present invention will be further described in detail below with reference to the accompanying drawings.
实施例一:Embodiment 1:
本实施例中,运营商为用户分配的身份识别信息一般是内置在终端的用户身份信息模块中的,因此终端的第三方应用模块(也即各种第三方应用APP)在登陆时可以直接从终端中获取运营商为用户分配的用户识别信息;本实施例中的用户识别信息是指可以真正识别用户的各中身份信息。例如用户身份识别信息模块可以是用户识别卡模块(SIM模块),此时的用户识别信息可以是该用户识别卡模块中的各身份信息,例如电话号码等,用户识别卡模块中还存储有各种密钥信息;又例如,在IMS(IP Multimedia Subsystem,IP多媒体子系统网络)中,用户身份识别信息模块也可以是IP多媒体服务身份模块(ISIM模块)中包含的各种身份信息,其也包括各种密钥信息。In this embodiment, the identity information that the operator assigns to the user is generally built in the user identity information module of the terminal, so the third-party application module of the terminal (that is, various third-party application APPs) can directly The user identification information allocated by the operator to the user is obtained in the terminal; the user identification information in this embodiment refers to the identity information in the user that can truly identify the user. For example, the user identification information module may be a user identification card module (SIM module). The user identification information at this time may be each identity information in the user identification card module, such as a phone number, and the user identification card module also stores each Key information; for example, in an IMS (IP Multimedia Subsystem), the user identity information module may also be various identity information included in an IP multimedia service identity module (ISIM module), which is also Includes various key information.
本实施例中的第三方应用模块可以是运营商在终端中设置的各种应用,也可以是终端厂家或其他应用商或终端用户自己在终端中设置的各种应用。对于运营商内置的第三方应用模块,这类应用一般可直接与终端内的用户身份信息模块交互,获取到相应的用户识别信息和相应的各种密钥信息;对于非运营商内置的第三方应用模块,运营商为用户分配的用户身份识别信息的安全等级是极高的,其一般不能直接与用户身份信息模块交互获取,因此本实施例中的终端中还设置有认证代理模块,该认证代理模块设置为与用户身份信息模块交互进行用户识别信息的获取以及密钥的获取等,然后转发给第三方应用模块。The third-party application module in this embodiment may be various applications set by the operator in the terminal, or may be various applications set by the terminal manufacturer or other application providers or terminal users themselves in the terminal. For a third-party application module built in the operator, such an application can directly interact with the user identity information module in the terminal to obtain corresponding user identification information and corresponding key information; for a third party built by a non-operator The application module, the security level of the user identification information assigned by the operator to the user is extremely high, and the user is not directly able to obtain the user identity information module. Therefore, the terminal in this embodiment is also provided with an authentication agent module. The proxy module is configured to interact with the user identity information module to obtain user identification information, obtain a key, etc., and then forward it to a third-party application module.
第三方应用模块通过上述方式获取到运营商为用户分配的身份识别信息后,即可生成包含该身份识别信息的认证请求发给第三方认证服务器进行认证。 After obtaining the identity information assigned by the operator to the user in the foregoing manner, the third-party application module may generate an authentication request including the identity identification information and send the authentication request to the third-party authentication server for authentication.
本实施例中,第三方认证服务器上一般并不存在运营商为用户分配的身份识别信息等用户数据,其具备对终端用户身份进行认证鉴权的能力。因此第三方认证服务器接收到认证请求后,需借助运营商侧用于管理用户数据的用户数据管理服务器(也即运营商用户数据中心)进行认证。In this embodiment, the third-party authentication server generally does not have user data such as identification information allocated by the operator for the user, and has the capability of authenticating and authenticating the identity of the terminal user. Therefore, after receiving the authentication request, the third-party authentication server needs to authenticate with the user data management server (that is, the operator user data center) for managing user data on the carrier side.
对于运营商而言,其本身就已经具备用户身份认证机制,因此如果可以开放给第三方,则可以将其用户身份认证平台化,更符合目前运营商能力开放的需求,提升运营商的核心竞争力。本实施例中运营商侧的用户数据管理服务器在接收到该认证请求后,可以根据该认证请求中的身份识别信息,采用现有的各种认证机制进行认证。当然,本实施例中用户数据管理服务器进行认证时所采用的认证机制可以根据不同运营商或不同协议等具体场景灵活选择。例如在IMS网络中,用户数据管理服务器具体可以是HSS(Home Subscriber Server,归属签约用户服务器)。For operators, they already have a user identity authentication mechanism. Therefore, if they can be opened to third parties, they can be platform-based for user authentication, which is more in line with the current needs of operators' openness and enhance the core competition of operators. force. After receiving the authentication request, the user data management server on the operator side can use the existing authentication mechanisms to perform authentication according to the identity identification information in the authentication request. Of course, the authentication mechanism used by the user data management server to perform authentication in this embodiment may be flexibly selected according to specific scenarios such as different operators or different protocols. For example, in the IMS network, the user data management server may be an HSS (Home Subscriber Server).
另外,由于第三方应用服务器一般都是基于HTTP一类的协议,无法直接与运营商侧的用户数据管理服务器通信,因此本实施例中可以增设认证代理服务器,用于实现第三方应用服务器和用户数据管理服务器之间交互信息的格式转换和转发,也即进行第三方应用服务器和用户数据管理服务器两侧的协议转换,例如将来自第三方应用服务器使用的HTTP一类协议的信息,转换成运营商内部的Diameter一类协议的信息后发给用户数据管理服务器。In addition, since the third-party application server is generally based on a protocol such as HTTP, and cannot directly communicate with the user data management server on the carrier side, an authentication proxy server may be added in this embodiment to implement the third-party application server and the user. The format conversion and forwarding of the interaction information between the data management servers, that is, the protocol conversion on both sides of the third-party application server and the user data management server, for example, converting the information of the HTTP-type protocol used by the third-party application server into an operation The information of the Diameter-like protocol inside the vendor is sent to the user data management server.
下面分别对认证过程中,终端、第三方认证服务器以及用户数据管理服务器的执行过程进行说明。The following describes the execution process of the terminal, the third-party authentication server, and the user data management server in the authentication process.
请参见图1所示,终端在第三方应用认证过程中的流程包括:Referring to FIG. 1 , the process of the terminal in the third-party application authentication process includes:
步骤101:终端的第三方应用模块从终端的用户身份信息模块获取运营商为用户设置的身份识别信息;Step 101: The third-party application module of the terminal acquires the identity identification information set by the operator for the user from the user identity information module of the terminal.
第三方应用模块为运营商设置的第三方应用模块时,直接从终端的用户身份信息模块获取所述身份识别信息;When the third-party application module is a third-party application module set by the operator, the identity identification information is directly obtained from the user identity information module of the terminal;
第三方应用模块为非运营商设置的第三方应用模块时,向终端的认证 代理模块发送身份信息获取请求,接收所述认证代理模块反馈的从所述用户身份信息模块获取的身份识别信息;When the third-party application module is a third-party application module set by a non-operator, authentication to the terminal is performed. The agent module sends an identity information obtaining request, and receives the identity identification information obtained by the authentication agent module and obtained from the user identity information module;
步骤102:第三方应用模块生成包含该身份识别信息的认证请求发给第三方认证服务器进行认证;Step 102: The third-party application module generates an authentication request that includes the identity identification information and sends the authentication request to the third-party authentication server for authentication.
步骤103:第三方应用模块接收第三方认证服务器根据认证请求反馈的认证挑战信息;Step 103: The third-party application module receives the authentication challenge information fed back by the third-party authentication server according to the authentication request.
步骤104:第三方应用模块将收到的认证挑战信息发给终端的用户身份信息模块,以供用户身份信息模块生成认证挑战响应信息;Step 104: The third-party application module sends the received authentication challenge information to the user identity information module of the terminal, so that the user identity information module generates the authentication challenge response information.
步骤105:第三方应用模块接收用户身份信息模块反馈的认证挑战响应信息,并发给第三方认证服务器进行再次认证;具体可重新构造一个包含该认证挑战响应信息的认证请求发给第三方认证服务器;Step 105: The third-party application module receives the authentication challenge response information fed back by the user identity information module, and sends the authentication challenge response information to the third-party authentication server for re-authentication. Specifically, an authentication request including the authentication challenge response information may be reconstructed and sent to the third-party authentication server.
步骤106:第三方应用模块接收第三方认证服务器发送的注册成功消息。Step 106: The third-party application module receives the registration success message sent by the third-party authentication server.
请参见图2所示,第三方认证服务器在第三方应用认证过程中的执行流程包括:Referring to FIG. 2, the execution process of the third-party authentication server in the third-party application authentication process includes:
步骤201:第三方认证服务器接收来自终端的第三方应用发送的认证请求,该认证请求包含运营商为用户设置的身份识别信息;Step 201: The third-party authentication server receives an authentication request sent by a third-party application from the terminal, where the authentication request includes the identity identification information set by the operator for the user.
步骤202:第三方认证服务器将所认证请求发给运营商侧的用户数据管理服务器进行认证;Step 202: The third-party authentication server sends the authentication request to the user data management server on the operator side for authentication;
步骤203:第三方认证服务器接收用户数据管理服务器根据认证请求反馈的认证挑战信息;Step 203: The third-party authentication server receives the authentication challenge information fed back by the user data management server according to the authentication request.
步骤204:第三方认证服务器将认证挑战信息发给终端的第三方应用模块;Step 204: The third-party authentication server sends the authentication challenge information to the third-party application module of the terminal.
步骤205:第三方认证服务器接收终端的第三方应用反馈的认证挑战响应信息,并发给用户数据管理服务器进行认证;Step 205: The third-party authentication server receives the authentication challenge response information fed back by the third-party application of the terminal, and sends the authentication challenge response information to the user data management server for authentication.
步骤206:第三方认证服务器接收用户数据管理服务器反馈的认证成 功消息。Step 206: The third-party authentication server receives the authentication of the feedback from the user data management server. Gong news.
请参见图3所示,用户数据管理服务器在第三方应用认证过程中的执行流程包括:Referring to FIG. 3, the execution process of the user data management server in the third-party application authentication process includes:
步骤301:用户数据管理服务器接收来自第三方认证服务器发送的认证请求,该认证请求包含运营商为用户设置的身份识别信息;Step 301: The user data management server receives an authentication request sent by a third-party authentication server, where the authentication request includes the identity identification information set by the operator for the user.
步骤302:用户数据管理服务器根据该认证请求中的身份识别信息生成认证挑战信息;Step 302: The user data management server generates authentication challenge information according to the identity identification information in the authentication request.
步骤303:用户数据管理服务器将认证挑战信息发给第三方认证服务器;Step 303: The user data management server sends the authentication challenge information to the third-party authentication server.
步骤304:用户数据管理服务器接收来自第三方认证服务器的认证挑战响应信息进行认证;Step 304: The user data management server receives the authentication challenge response information from the third-party authentication server for authentication.
步骤305:用户数据管理服务器在认证成功时向第三方认证服务器发送认证成功消息。Step 305: The user data management server sends an authentication success message to the third-party authentication server when the authentication is successful.
上述图2和图3中,第三方应用服务器和用户数据管理服务器之间的各消息的交互通过上述认证代理服务器完成。但是应当理解的是,当第三方应用服务器和用户数据管理服务器所采用的通信协议相同时,二者也可直接进行交互,并不需要额外设置认证代理服务器进行格式转换和转发。In the above FIG. 2 and FIG. 3, the interaction of each message between the third-party application server and the user data management server is completed by the above-mentioned authentication proxy server. However, it should be understood that when the communication protocols used by the third-party application server and the user data management server are the same, the two can also directly interact, and there is no need to additionally set the authentication proxy server for format conversion and forwarding.
实施例二:Embodiment 2:
请参见图4所示,本实施例提供了一种通信系统,包括终端1、第三方认证服务器2、用户数据管理服务器4;Referring to FIG. 4, this embodiment provides a communication system, including a terminal 1, a third-party authentication server 2, and a user data management server 4;
终端1的第三方应用模块从终端的用户身份信息模块获取运营商为用户设置的身份识别信息,生成包含该身份识别信息的认证请求发给第三方认证服务器;The third-party application module of the terminal 1 obtains the identity identification information set by the operator for the user from the user identity information module of the terminal, and generates an authentication request including the identity identification information and sends the authentication request to the third-party authentication server.
第三方认证服务器2设置为接收认证请求并发给运营商侧的用户数据管理服务器4;The third-party authentication server 2 is configured to receive the authentication request and send it to the user data management server 4 on the operator side;
用户数据管理服务器4,设置为根据该认证请求进行认证。 The user data management server 4 is configured to perform authentication according to the authentication request.
由于第三方应用服务器2和运营商侧的用户数据管理服务器4采用的通信协议不同,第三方应用服务器2一般都是基于HTTP一类的协议,其无法直接与运营商侧的用户数据管理服务器通信,因此本实施例中可以增设认证代理服务器3,设置为实现第三方应用服务器2和用户数据管理服务器4之间交互信息的格式转换和转发,也即进行第三方应用服务器和用户数据管理服务器两侧的协议转换,例如将来自第三方应用服务器使用的HTTP一类协议的信息,转换成运营商内部的Diameter一类协议的信息后发给用户数据管理服务器。Since the communication protocol used by the third-party application server 2 and the user data management server 4 on the carrier side is different, the third-party application server 2 is generally based on a protocol such as HTTP, and cannot directly communicate with the user data management server on the carrier side. Therefore, in this embodiment, an authentication proxy server 3 may be added, which is configured to implement format conversion and forwarding of interaction information between the third-party application server 2 and the user data management server 4, that is, to perform a third-party application server and a user data management server. The protocol conversion on the side, for example, converts the information of the HTTP-type protocol used by the third-party application server into the information of the Diameter-like protocol of the operator, and sends the information to the user data management server.
运营商为用户分配的身份识别信息一般是内置在终端1的用户身份信息模块中的,因此终端的第三方应用模块在登陆时可以直接从终端中获取运营商为用户分配的用户识别信息。本实施例中的第三方应用模块可以是运营商在终端中设置的各种应用,也可以是终端厂家或其他应用商或终端用户自己在终端中设置的各种应用。对于运营商内置的第三方应用模块,这类应用一般可直接与终端内的用户身份信息模块交互,获取到相应的用户识别信息和相应的各种密钥信息;对于非运营商内置的第三方应用模块,运营商为用户分配的用户身份识别信息的安全等级是极高的,其一般不能直接与用户身份信息模块交互获取,因此本实施例中的终端中还设置有认证代理模块,该认证代理模块设置为与用户身份信息模块交互进行用户识别信息的获取以及密钥的获取等,然后转发给第三方应用模块。因此,请参见图5所示,本实施例中的终端1包括第三方应用模块11、认证代理模块12和用户身份信息模块13。The identification information that the operator assigns to the user is generally built in the user identity information module of the terminal 1. Therefore, the third-party application module of the terminal can directly obtain the user identification information allocated by the operator for the user from the terminal when logging in. The third-party application module in this embodiment may be various applications set by the operator in the terminal, or may be various applications set by the terminal manufacturer or other application providers or terminal users themselves in the terminal. For a third-party application module built in the operator, such an application can directly interact with the user identity information module in the terminal to obtain corresponding user identification information and corresponding key information; for a third party built by a non-operator The application module, the security level of the user identification information assigned by the operator to the user is extremely high, and the user is not directly able to obtain the user identity information module. Therefore, the terminal in this embodiment is also provided with an authentication agent module. The proxy module is configured to interact with the user identity information module to obtain user identification information, obtain a key, etc., and then forward it to a third-party application module. Therefore, as shown in FIG. 5, the terminal 1 in this embodiment includes a third-party application module 11, an authentication proxy module 12, and a user identity information module 13.
请参见图6所示,本实施例中的第三方应用模块11包括身份信息获取子模块111以及第一处理子模块112;Referring to FIG. 6, the third-party application module 11 in this embodiment includes an identity information obtaining sub-module 111 and a first processing sub-module 112;
信息获取子模块111设置为从终端的用户身份信息模块13获取运营商为用户设置的身份识别信息;根据上述分析可知其可直接从用户身份信息模块13获取,也可通过认证代理模块12获取;The information acquisition sub-module 111 is configured to obtain the identity identification information set by the operator for the user from the user identity information module 13 of the terminal; according to the analysis, it can be obtained directly from the user identity information module 13 or acquired by the authentication agent module 12;
第一处理子模块112设置为根据所述身份识别信息生成包含该身份识 别信息的认证请求发给第三方认证服务器2进行认证;The first processing sub-module 112 is configured to generate the identity identifier according to the identity identification information The authentication request of the other information is sent to the third-party authentication server 2 for authentication;
挑战信息获取子模块113,设置为接收第三方认证服务器2根据所述认证请求反馈的认证挑战信息;The challenge information obtaining sub-module 113 is configured to receive the authentication challenge information fed back by the third-party authentication server 2 according to the authentication request;
信息转发子模块114,设置为将认证挑战信息发给终端的用户身份信息模块;The information forwarding sub-module 114 is configured to send the authentication challenge information to the user identity information module of the terminal;
第二处理子模块115,设置为接收用户身份信息模块13反馈的认证挑战响应信息并发给第三方认证服务器2进行再次认证。具体可重新构造一个包含该认证挑战响应信息的认证请求发给第三方认证服务器2。The second processing sub-module 115 is configured to receive the authentication challenge response information fed back by the user identity information module 13 and send it to the third-party authentication server 2 for re-authentication. Specifically, an authentication request including the authentication challenge response information may be reconstructed and sent to the third-party authentication server 2.
请参见图7所示,本实施例中的第三方认证服务器2包括:Referring to FIG. 7, the third-party authentication server 2 in this embodiment includes:
请求接收模块21,设置为接收来自终端1的第三方应用发送的认证请求,认证请求包含运营商为用户设置的身份识别信息;The request receiving module 21 is configured to receive an authentication request sent by the third-party application from the terminal 1, where the authentication request includes the identity identification information set by the operator for the user;
请求发送模块22,设置为将认证请求发给运营商侧的用户数据管理服务器4进行认证。The request sending module 22 is configured to send an authentication request to the user data management server 4 on the operator side for authentication.
挑战信息接收模块23,设置为接收用户数据管理服务器4根据认证请求反馈的认证挑战信息;The challenge information receiving module 23 is configured to receive the authentication challenge information fed back by the user data management server 4 according to the authentication request;
挑战信息发送模块24,设置为将认证挑战信息发给终端1的第三方应用;The challenge information sending module 24 is configured to send the authentication challenge information to the third-party application of the terminal 1;
响应信息接收模块25,设置为接收终端1的第三方应用反馈的认证挑战响应信息;The response information receiving module 25 is configured to receive the authentication challenge response information fed back by the third party application of the terminal 1;
响应消息发送模块26,设置为将认证挑战响应信息发给运营商侧的用户数据管理服务器4进行认证。The response message sending module 26 is configured to send the authentication challenge response information to the user data management server 4 on the operator side for authentication.
请参见图8所示,用户数据管理服务器4包括:Referring to FIG. 8, the user data management server 4 includes:
请求获取模块41,设置为接收来自第三方认证服务器2发送的认证请求,认证请求包含运营商为用户设置的身份识别信息;The request obtaining module 41 is configured to receive an authentication request sent by the third-party authentication server 2, where the authentication request includes the identity identification information set by the operator for the user;
鉴权处理模块42,设置为根据认证请求进行认证,可选的,其包括:The authentication processing module 42 is configured to perform authentication according to the authentication request. Optionally, the method includes:
挑战信息生成子模块421,设置为根据认证请求中的身份识别信息生 成认证挑战信息;The challenge information generation sub-module 421 is configured to generate information according to the identification information in the authentication request. Certified as challenge information;
挑战信息反馈子模块422,设置为将认证挑战信息发给第三方认证服务器;The challenge information feedback sub-module 422 is configured to send the authentication challenge information to the third-party authentication server;
认证子模块423,设置为接收来自第三方认证服务器的认证挑战响应信息进行认证。The authentication submodule 423 is configured to receive authentication challenge response information from a third party authentication server for authentication.
上述第三方应用服务器2和用户数据管理服务器4之间的各消息的交互通过上述认证代理服务器3完成。但是应当理解的是,当第三方应用服务器2和用户数据管理服务器4所采用的通信协议相同时,二者也可直接进行交互,并不需要额外设置认证代理服务器3进行格式转换和转发。The interaction of each message between the third-party application server 2 and the user data management server 4 is completed by the above-described authentication proxy server 3. However, it should be understood that when the communication protocols adopted by the third-party application server 2 and the user data management server 4 are the same, the two can also directly interact, and there is no need to additionally set the authentication proxy server 3 for format conversion and forwarding.
请参见图9所示,在IMS网络中,用户身份信息模块13具体可为IP多媒体服务身份模块131(ISIM模块),用户数据管理服务器4则具体可为归属签约用户服务器401(Home Subscriber Server,简称为HSS)。As shown in FIG. 9, in the IMS network, the user identity information module 13 may be an IP multimedia service identity module 131 (ISIM module), and the user data management server 4 may be a home subscriber server 401 (Home Subscriber Server, Referred to as HSS).
实施例三:Embodiment 3:
为了更好的理解本发明,下面结合几种具体的应用场景对本发明做进一步说明。In order to better understand the present invention, the present invention will be further described below in conjunction with several specific application scenarios.
请参见图10所示,本发明提出的电信网络的向第三方应用提供身份认证的基础流程包括:Referring to FIG. 10, the basic process for providing identity authentication to a third-party application of the telecommunication network proposed by the present invention includes:
步骤1001:第三方应用模块(App)向认证代理模块发送电信身份查询请求;Step 1001: A third-party application module (App) sends a telecommunications identity query request to the authentication proxy module.
步骤1002:认证代理模块向用户身份信息模块交互获取用户身份;Step 1002: The authentication proxy module interactively acquires the user identity from the user identity information module.
步骤1003:认证代理模块向第三方应用模块(App)返回电信身份查询响应;Step 1003: The authentication proxy module returns a telecommunications identity query response to the third-party application module (App).
步骤1004:第三方应用模块(App)向第三方应用服务器发起注册请求,并使用从认证代理模块获取的用户身份构造认证请求;Step 1004: The third-party application module (App) initiates a registration request to the third-party application server, and constructs an authentication request using the user identity obtained from the authentication proxy module.
步骤1005:第三方应用服务器向运营商的认证代理服务器转发认证请求; Step 1005: The third-party application server forwards the authentication request to the authentication proxy server of the operator.
步骤1006:认证代理服务器将认证请求改造为运营商内部的用户数据管理服务器可以识别的认证请求,发送到运营商内部的用户数据管理服务器;Step 1006: The authentication proxy server transforms the authentication request into an authentication request that can be identified by the user data management server inside the operator, and sends the authentication request to the user data management server inside the operator.
步骤1007:运营商内部的用户数据管理服务器回认证失败,并携带该用户的认证挑战信息;Step 1007: The user data management server inside the operator fails to perform authentication and carries the authentication challenge information of the user.
步骤1008:第三方应用服务器向用户回注册失败,含从电信网络获取的挑战信息;Step 1008: The third-party application server fails to register the user, including the challenge information obtained from the telecommunication network;
步骤1009:第三方应用模块(App)收到注册失败消息,将认证挑战信息发送到认证代理模块;Step 1009: The third-party application module (App) receives the registration failure message, and sends the authentication challenge information to the authentication proxy module.
步骤1010:认证代理模块与用户身份信息模块交互,生成认证挑战响应消息;Step 1010: The authentication proxy module interacts with the user identity information module to generate an authentication challenge response message.
步骤1011:认证代理模块将挑战响应发送到第三方应用模块(App);Step 1011: The authentication proxy module sends the challenge response to the third-party application module (App);
步骤1012:第三方应用模块(App)使用挑战响应消息重新构造注册请求,发送到第三方应用服务器;Step 1012: The third-party application module (App) reconstructs the registration request by using the challenge response message, and sends the registration request to the third-party application server.
步骤1013:第三方应用服务器根据新收到的注册请求,构造认证请求发送到认证代理服务器;Step 1013: The third-party application server sends an authentication request to the authentication proxy server according to the newly received registration request.
步骤1014:认证代理服务器转发认证请求到运营商内部的用户数据管理服务器;Step 1014: The authentication proxy server forwards the authentication request to the user data management server inside the operator.
步骤1015:运营商内部的用户数据管理服务器认证通过,回认证成功到认证代理服务器;Step 1015: The user data management server internal to the operator passes the authentication, and the authentication succeeds to the authentication proxy server.
步骤1016:认证代理服务器转发认证成功到第三方应用服务器;Step 1016: The authentication proxy server forwards the authentication to the third-party application server.
步骤1017:第三方应用服务器向用户回注册成功。Step 1017: The third-party application server successfully registers the user back.
请参见图11所示,直接从用户身份信息模块获取用户身份的交互流程,如下:Referring to FIG. 11, the interaction process of obtaining the identity of the user directly from the user identity information module is as follows:
步骤1101:第三方应用模块(一般是Native模式的应用或其他运营商设置的其他应用)与用户身份信息模块交互,获取用户身份; Step 1101: A third-party application module (generally a native mode application or another application set by another operator) interacts with the user identity information module to obtain a user identity.
步骤1102:第三方应用模块向第三方应用服务器发起注册请求,并使用从认证代理模块获取的用户身份构造认证信息;Step 1102: The third-party application module initiates a registration request to the third-party application server, and constructs the authentication information by using the user identity obtained from the authentication proxy module.
步骤1103:第三方应用服务器向运营商的认证代理服务器转发认证请求;Step 1103: The third-party application server forwards the authentication request to the authentication proxy server of the operator.
步骤1104:认证代理服务器将认证请求改造为运营商内部的用户数据管理服务器可以识别的认证请求,发送到运营商内部的用户数据管理服务器;Step 1104: The authentication proxy server transforms the authentication request into an authentication request that can be identified by the user data management server inside the operator, and sends the authentication request to the user data management server inside the operator.
步骤1105:运营商内部的用户数据管理服务器回认证失败,并携带该用户的认证挑战信息;Step 1105: The user data management server inside the operator fails to perform authentication and carries the authentication challenge information of the user.
步骤1106:第三方应用服务器向用户回注册失败,含从电信网络获取的认证挑战信息;Step 1106: The third-party application server fails to register the user, including the authentication challenge information obtained from the telecommunication network;
步骤1107:第三方应用模块收到注册失败消息,使用挑战信息与用户身份信息模块交互,生成认证挑战响应消息;Step 1107: The third-party application module receives the registration failure message, and uses the challenge information to interact with the user identity information module to generate an authentication challenge response message.
步骤1108:第三方应用模块使用认证挑战响应重新构造注册请求,发送到第三方应用服务器;Step 1108: The third-party application module reconstructs the registration request by using the authentication challenge response, and sends the registration request to the third-party application server.
步骤1109:第三方应用服务器根据新收到的注册请求,构造认证请求发送到认证代理服务器;Step 1109: The third-party application server sends an authentication request to the authentication proxy server according to the newly received registration request.
步骤1110:认证代理服务器转发认证请求到运营商内部的用户数据管理服务器;Step 1110: The authentication proxy server forwards the authentication request to the user data management server inside the operator.
步骤1111:运营商内部的用户数据管理服务器认证通过,回认证成功到认证代理服务器;Step 1111: The user data management server inside the operator passes the authentication, and the authentication is successful to the authentication proxy server.
步骤1112:认证代理服务器转发认证成功到第三方应用服务器;Step 1112: The authentication proxy server forwards the authentication to the third-party application server.
步骤1113:第三方应用服务器向用户回注册成功。Step 1113: The third-party application server successfully registers the user back.
请参见图12所示,为基于IMS向第三方应用提供身份认证的流程,具体实施过程如下:Referring to FIG. 12, the process for providing identity authentication to a third-party application based on IMS is as follows:
步骤1201:第三方应用模块(App)向认证代理模块发送电信身份查 询请求;Step 1201: The third-party application module (App) sends a telecommunication identity to the authentication agent module. Request for inquiry;
步骤1202:认证代理模块向IP多媒体服务身份模块(ISIM模块)交互,获取用户身份,因为是IMS系统的ISIM模块,可以获取非电话号码格式的用户身份,如john@abc.com格式的用户身份;Step 1202: The authentication proxy module interacts with the IP multimedia service identity module (ISIM module) to obtain the user identity. Because it is the ISIM module of the IMS system, the user identity in a non-phone number format, such as the user identity in the format john@abc.com, can be obtained. ;
步骤1203:认证代理模块向第三方应用模块(App)返回电信身份查询响应;Step 1203: The authentication proxy module returns a telecommunications identity query response to the third-party application module (App).
步骤1204:第三方应用模块(App)向第三方应用服务器发起注册请求,并使用从认证代理模块获取的用户身份构造认证信息;Step 1204: The third-party application module (App) initiates a registration request to the third-party application server, and constructs the authentication information by using the user identity obtained from the authentication proxy module.
步骤1205:第三方应用服务器向运营商的认证代理服务器转发认证请求;Step 1205: The third-party application server forwards the authentication request to the authentication proxy server of the operator.
步骤1206:认证代理服务器将认证请求改造为运营商内部的归属签约用户服务器可以识别的认证请求,发送到运营商内部的归属签约用户服务器;Step 1206: The authentication proxy server transforms the authentication request into an authentication request that can be identified by the home subscriber network server of the operator, and sends the authentication request to the home subscription subscriber server inside the operator.
步骤1207:运营商内部的归属签约用户服务器回认证失败,并携带该用户的认证挑战信息;Step 1207: The home subscription user server inside the operator fails to authenticate, and carries the authentication challenge information of the user.
步骤1208:第三方应用服务器向用户回注册失败,含从电信网络获取的认证挑战信息;Step 1208: The third-party application server fails to register the user, including the authentication challenge information obtained from the telecommunication network;
步骤1209:第三方应用模块(App)收到注册失败消息,将挑战信息发送到认证代理模块;Step 1209: The third-party application module (App) receives the registration failure message, and sends the challenge information to the authentication agent module.
步骤1210:认证代理模块与ISIM模块交互,生成挑战响应;Step 1210: The authentication proxy module interacts with the ISIM module to generate a challenge response.
步骤1211:认证代理模块将认证挑战响应消息发送到第三方应用模块(App);Step 1211: The authentication proxy module sends an authentication challenge response message to a third-party application module (App);
步骤1212:第三方应用模块(App)使用认证挑战响应消息重新构造注册请求,发送到第三方应用服务器;Step 1212: The third-party application module (App) reconstructs the registration request by using the authentication challenge response message, and sends the registration request to the third-party application server.
步骤1213:第三方应用服务器根据新收到的注册请求,构造认证请求发送到认证代理服务器; Step 1213: The third-party application server sends an authentication request to the authentication proxy server according to the newly received registration request.
步骤1214:认证代理服务器转发认证请求到运营商内部的归属签约用户服务器;Step 1214: The authentication proxy server forwards the authentication request to the home subscription subscriber server inside the operator.
步骤1215:运营商内部的归属签约用户服务器认证通过,回认证成功到认证代理服务器;Step 1215: The home subscriber network of the operator passes the authentication, and the authentication succeeds to the authentication proxy server.
步骤1216:认证代理服务器转发认证成功到第三方应用服务器;Step 1216: The authentication proxy server forwards the authentication to the third-party application server.
步骤1217:第三方应用服务器向用户回注册成功。Step 1217: The third-party application server registers the user successfully.
请参见图13所示,为基于IMS直接从用户身份信息模块获取用户身份的交互流程,具体实施过程如下:Referring to FIG. 13, the interaction process for acquiring the user identity directly from the user identity information module based on the IMS is as follows:
步骤S1301:第三方应用模块(一般是Native模式的应用)与IP多媒体服务身份模块(ISIM模块)交互,获取用户身份;Step S1301: A third-party application module (generally a native mode application) interacts with an IP multimedia service identity module (ISIM module) to acquire a user identity;
步骤S1302:第三方应用模块向第三方应用服务器发起注册请求,并使用从认证代理模块获取的用户身份构造认证信息;Step S1302: The third-party application module initiates a registration request to the third-party application server, and constructs the authentication information by using the user identity obtained from the authentication proxy module.
步骤S1303:第三方应用服务器向运营商的认证代理服务器转发认证请求;Step S1303: The third-party application server forwards the authentication request to the authentication proxy server of the operator.
步骤S1304:认证代理服务器将认证请求改造为运营商内部的归属签约用户服务器可以识别的认证请求,发送到运营商内部的归属签约用户服务器;Step S1304: The authentication proxy server transforms the authentication request into an authentication request that can be identified by the home subscription subscriber server of the operator, and sends the authentication request to the home subscription subscriber server inside the operator.
步骤S1305:运营商内部的归属签约用户服务器回认证失败,并携带该用户的认证挑战信息;Step S1305: The home subscription user server inside the operator fails to authenticate, and carries the authentication challenge information of the user.
步骤S1306:第三方应用服务器向用户回注册失败,含从电信网络获取的认证挑战信息;Step S1306: The third-party application server fails to register the user, including the authentication challenge information acquired from the telecommunication network;
步骤S1307:第三方应用模块收到注册失败消息,使用挑战信息与ISIM模块交互,生成认证挑战响应信息;Step S1307: The third-party application module receives the registration failure message, and uses the challenge information to interact with the ISIM module to generate an authentication challenge response message.
步骤S1308:第三方应用模块使用认证挑战响应信息重新构造注册请求,发送到第三方应用服务器;Step S1308: The third-party application module reconstructs the registration request by using the authentication challenge response information, and sends the registration request to the third-party application server.
步骤S1309:第三方应用服务器根据新收到的注册请求,构造认证请 求发送到认证代理服务器;Step S1309: The third-party application server constructs the authentication according to the newly received registration request. Request to send to the authentication proxy server;
步骤S1310:认证代理服务器转发认证请求到运营商内部的归属签约用户服务器;Step S1310: The authentication proxy server forwards the authentication request to the home subscription subscriber server inside the operator;
步骤S1311:运营商内部的归属签约用户服务器认证通过,回认证成功到认证代理服务器;Step S1311: the home subscriber network server internal authentication of the operator passes, and the authentication is successful to the authentication proxy server;
步骤S1312:认证代理服务器转发认证成功到第三方应用服务器;Step S1312: the authentication proxy server forwards the authentication to the third-party application server successfully;
步骤S1313:第三方应用服务器向用户回注册成功。Step S1313: The third-party application server returns the registration to the user successfully.
显然,本领域的技术人员应该明白,上述本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储介质(ROM/RAM、磁碟、光盘)中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。所以,本发明不限制于任何特定的硬件和软件结合。Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in a storage medium (ROM/RAM, diskette, optical disk) by a computing device, and in some cases The steps shown or described may be performed in an order different than that herein, or they may be separately fabricated into individual integrated circuit modules, or a plurality of the modules or steps may be implemented as a single integrated circuit module. Therefore, the invention is not limited to any particular combination of hardware and software.
以上内容是结合具体的实施方式对本发明所作的进一步详细说明,不能认定本发明的具体实施只局限于这些说明。对于本发明所属技术领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干简单推演或替换,都应当视为属于本发明的保护范围。The above is a further detailed description of the present invention in connection with the specific embodiments, and the specific embodiments of the present invention are not limited to the description. It will be apparent to those skilled in the art that the present invention may be made without departing from the spirit and scope of the invention.
工业实用性Industrial applicability
如上所述,本发明实施例提供的一种第三方应用认证方法、认证服务器、终端及管理服务器具有以下有益效果:在第三方登陆时,直接从终端中调用运营商为用户分配的身份识别信息结合运营商侧的用户数据管理服务器进行认证;运营商为用户分配的身份识别信息是可以真正识别各用户的信息,例如进行实名制认证的号码等各种用户身份信息,因此既可以提升认证的安全性,为第三方提供更安全、可靠并可以实名制认证的同时, 也满足运营商开放能力的需求。 As described above, a third-party application authentication method, an authentication server, a terminal, and a management server provided by the embodiments of the present invention have the following beneficial effects: when a third party logs in, the identity identification information assigned by the operator to the user is directly called from the terminal. The user data management server on the carrier side is used for authentication; the identity information assigned by the operator to the user is information that can truly identify each user, such as the number of the real-name authentication, and the like, thereby improving the security of the authentication. Sex, while providing third parties with safer, more reliable and real-name authentication, It also meets the needs of operators' openness.

Claims (16)

  1. 一种第三方应用认证方法,包括:A third-party application authentication method, including:
    终端的第三方应用模块从终端的用户身份信息模块获取运营商为用户设置的身份识别信息;The third-party application module of the terminal obtains the identity identification information set by the operator for the user from the user identity information module of the terminal;
    所述第三方应用模块生成包含该身份识别信息的认证请求发给第三方认证服务器进行认证。The third-party application module generates an authentication request including the identity identification information and sends the authentication request to the third-party authentication server for authentication.
  2. 如权利要求1所述的第三方应用认证方法,其中,还包括:The third-party application authentication method according to claim 1, further comprising:
    所述第三方应用模块接收所述第三方认证服务器根据所述认证请求反馈的认证挑战信息;The third-party application module receives authentication challenge information fed back by the third-party authentication server according to the authentication request;
    所述第三方应用模块将所述认证挑战信息发给终端的用户身份信息模块;Transmitting, by the third-party application module, the authentication challenge information to a user identity information module of the terminal;
    所述第三方应用模块接收所述用户身份信息模块反馈的认证挑战响应信息,并发给所述第三方认证服务器进行再次认证。The third-party application module receives the authentication challenge response information fed back by the user identity information module, and sends the authentication challenge response information to the third-party authentication server for re-authentication.
  3. 如权利要求1或2所述的第三方应用认证方法,其中,所述第三方应用模块获取运营商为用户设置的身份识别信息包括:The third-party application authentication method according to claim 1 or 2, wherein the third-party application module acquires the identity identification information set by the operator for the user, including:
    所述第三方应用模块为运营商设置的第三方应用模块时,直接从终端的用户身份信息模块获取所述身份识别信息;When the third-party application module is a third-party application module set by the operator, the identity identification information is directly obtained from the user identity information module of the terminal;
    所述第三方应用模块为非运营商设置的第三方应用模块时,向终端的认证代理模块发送身份信息获取请求,接收所述认证代理模块反馈的从所述用户身份信息模块获取的身份识别信息。When the third-party application module is a third-party application module that is not set by the operator, the method sends an identity information acquisition request to the authentication proxy module of the terminal, and receives the identity identification information that is obtained by the authentication agent module and is obtained from the user identity information module. .
  4. 一种第三方应用认证方法,包括:A third-party application authentication method, including:
    第三方认证服务器接收来自终端的第三方应用发送的认证请求,所述认证请求包含运营商为用户设置的身份识别信息;The third-party authentication server receives an authentication request sent by a third-party application from the terminal, where the authentication request includes the identity identification information set by the operator for the user;
    第三方认证服务器将所述认证请求发给运营商侧的用户数据管理服务器进行认证。The third-party authentication server sends the authentication request to the user data management server on the operator side for authentication.
  5. 如权利要求4所述的第三方应用认证方法,其中,还包括: The third-party application authentication method of claim 4, further comprising:
    第三方认证服务器接收所述用户数据管理服务器根据所述认证请求反馈的认证挑战信息;Receiving, by the third-party authentication server, authentication challenge information fed back by the user data management server according to the authentication request;
    第三方认证服务器将所述认证挑战信息发给所述终端的第三方应用模块;The third-party authentication server sends the authentication challenge information to the third-party application module of the terminal;
    第三方认证服务器接收所述终端的第三方应用反馈的认证挑战响应信息,并发给所述用户数据管理服务器进行认证。The third-party authentication server receives the authentication challenge response information fed back by the third-party application of the terminal, and sends the authentication challenge response information to the user data management server for authentication.
  6. 一种第三方应用认证方法,包括:A third-party application authentication method, including:
    用户数据管理服务器接收来自第三方认证服务器发送的认证请求,所述认证请求包含运营商为用户设置的身份识别信息;The user data management server receives an authentication request sent by a third-party authentication server, where the authentication request includes identity identification information set by the operator for the user;
    所述用户数据管理服务器根据所述认证请求进行认证。The user data management server performs authentication according to the authentication request.
  7. 如权利要求6所述的第三方应用认证方法,其中,所述用户数据管理服务器根据所述认证请求进行认证包括:The third-party application authentication method according to claim 6, wherein the user data management server performs authentication according to the authentication request, including:
    根据所述认证请求中的身份识别信息生成认证挑战信息;Generating authentication challenge information according to the identity identification information in the authentication request;
    将所述认证挑战信息发给所述第三方认证服务器;Sending the authentication challenge information to the third-party authentication server;
    接收来自所述第三方认证服务器的认证挑战响应信息进行认证。The authentication challenge response information from the third-party authentication server is received for authentication.
  8. 一种终端,包括:第三方应用模块,所述第三方应用模块包括身份信息获取子模块以及第一处理子模块;A terminal includes: a third-party application module, where the third-party application module includes an identity information obtaining sub-module and a first processing sub-module;
    所述信息获取子模块设置为从终端的用户身份信息模块获取运营商为用户设置的身份识别信息;The information obtaining submodule is configured to obtain, from the user identity information module of the terminal, the identity identification information set by the operator for the user;
    所述第一处理子模块设置为根据所述身份识别信息生成包含该身份识别信息的认证请求发给第三方认证服务器进行认证。The first processing submodule is configured to generate an authentication request including the identity identification information according to the identity identification information, and send the authentication request to the third party authentication server for authentication.
  9. 如权利要求8所述的终端,其中,所述第三方应用模块还包括:The terminal of claim 8, wherein the third-party application module further comprises:
    挑战信息获取子模块,设置为接收所述第三方认证服务器根据所述认证请求反馈的认证挑战信息;a challenge information obtaining submodule, configured to receive authentication challenge information fed back by the third party authentication server according to the authentication request;
    信息转发子模块,设置为将所述认证挑战信息发给终端的用户身 份信息模块;An information forwarding submodule, configured to send the authentication challenge information to a user of the terminal Information module;
    第二处理子模块,设置为接收所述用户身份信息模块反馈的认证挑战响应信息并发给所述第三方认证服务器进行再次认证。The second processing sub-module is configured to receive the authentication challenge response information fed back by the user identity information module and send the authentication challenge information to the third-party authentication server for re-authentication.
  10. 一种第三方认证服务器,包括:A third-party authentication server that includes:
    请求接收模块,设置为接收来自终端的第三方应用发送的认证请求,所述认证请求包含运营商为用户设置的身份识别信息;a request receiving module, configured to receive an authentication request sent by a third-party application from the terminal, where the authentication request includes the identity identification information set by the operator for the user;
    请求发送模块,设置为将所述认证请求发给运营商侧的用户数据管理服务器进行认证。The request sending module is configured to send the authentication request to the user data management server on the operator side for authentication.
  11. 如权利要求10所述的第三方认证服务器,其中,还包括:The third-party authentication server according to claim 10, further comprising:
    挑战信息接收模块,设置为接收所述用户数据管理服务器根据所述认证请求反馈的认证挑战信息;a challenge information receiving module, configured to receive authentication challenge information fed back by the user data management server according to the authentication request;
    挑战信息发送模块,设置为将所述认证挑战信息发给所述终端的第三方应用;a challenge information sending module, configured to send the authentication challenge information to a third-party application of the terminal;
    响应信息接收模块,设置为接收所述终端的第三方应用反馈的认证挑战响应信息;The response information receiving module is configured to receive the authentication challenge response information fed back by the third-party application of the terminal;
    响应消息发送模块,设置为将所述认证挑战响应信息发给运营商侧的用户数据管理服务器进行认证。The response message sending module is configured to send the authentication challenge response information to the user data management server on the operator side for authentication.
  12. 一种用户数据管理服务器,包括:A user data management server comprising:
    请求获取模块,设置为接收来自第三方认证服务器发送的认证请求,所述认证请求包含运营商为用户设置的身份识别信息;The request obtaining module is configured to receive an authentication request sent by a third-party authentication server, where the authentication request includes the identity identification information set by the operator for the user;
    鉴权处理模块,设置为根据所述认证请求进行认证。The authentication processing module is configured to perform authentication according to the authentication request.
  13. 如权利要求12所述的用户数据管理服务器,其中,所述鉴权处理模块包括:The user data management server of claim 12, wherein the authentication processing module comprises:
    挑战信息生成子模块,设置为根据所述认证请求中的身份识别信息生成认证挑战信息; a challenge information generating submodule, configured to generate authentication challenge information according to the identity identification information in the authentication request;
    挑战信息反馈子模块,设置为将所述认证挑战信息发给所述第三方认证服务器;a challenge information feedback sub-module, configured to send the authentication challenge information to the third-party authentication server;
    认证子模块,设置为接收来自所述第三方认证服务器的认证挑战响应信息进行认证。The authentication submodule is configured to receive authentication challenge response information from the third party authentication server for authentication.
  14. 一种通信系统,包括终端、第三方认证服务器以及用户数据管理服务器;A communication system includes a terminal, a third-party authentication server, and a user data management server;
    所述终端的第三方应用模块从终端的用户身份信息模块获取运营商为用户设置的身份识别信息,生成包含该身份识别信息的认证请求发给第三方认证服务器;The third-party application module of the terminal obtains the identity identification information set by the operator for the user from the user identity information module of the terminal, and generates an authentication request including the identity identification information and sends the authentication request to the third-party authentication server.
    所述第三方认证服务器设置为接收所述认证请求并发给运营商侧的用户数据管理服务器;The third-party authentication server is configured to receive the authentication request and send it to a user data management server on the operator side;
    所述用户数据管理服务器设置为根据所述认证请求进行认证。The user data management server is configured to perform authentication according to the authentication request.
  15. 如权利要求14所述的通信系统,其中,还包括认证代理服务器,设置为将所述第三方认证服务器发送的所述认证请求格式处理为运营商网络内部消息格式后发给所述用户数据管理服务器。The communication system according to claim 14, further comprising an authentication proxy server configured to process the authentication request format sent by the third-party authentication server into an operator network internal message format and send the data to the user data management server.
  16. 如权利要求14或15所述的通信系统,其中,所述用户数据管理服务器为归属签约用户服务器;和/或,所述用户身份信息模块为用户识别可卡模块或IP多媒体服务身份模块。 The communication system according to claim 14 or 15, wherein said user data management server is a home subscription user server; and/or said user identity information module is a user identification card module or an IP multimedia service identity module.
PCT/CN2016/104863 2015-11-27 2016-11-07 Third-party application authentication method, authentication server, terminal and management server WO2017088634A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510856622.9 2015-11-27
CN201510856622.9A CN106817347A (en) 2015-11-27 2015-11-27 Third-party application authentication method, certificate server, terminal and management server

Publications (1)

Publication Number Publication Date
WO2017088634A1 true WO2017088634A1 (en) 2017-06-01

Family

ID=58762934

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/104863 WO2017088634A1 (en) 2015-11-27 2016-11-07 Third-party application authentication method, authentication server, terminal and management server

Country Status (2)

Country Link
CN (1) CN106817347A (en)
WO (1) WO2017088634A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019184206A1 (en) * 2018-03-26 2019-10-03 平安科技(深圳)有限公司 Identity authentication method and apparatus
CN111861491A (en) * 2020-07-24 2020-10-30 中国工商银行股份有限公司 Information verification method, device and equipment
CN112165458A (en) * 2020-09-07 2021-01-01 中国联合网络通信集团有限公司 Real-name authentication method, device and terminal
CN113970945A (en) * 2021-10-25 2022-01-25 吉林建筑科技学院 Building intelligent control system
CN116800544A (en) * 2023-08-21 2023-09-22 成都数智创新精益科技有限公司 User authentication method, system and device and medium

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106131833B (en) * 2016-06-28 2019-10-01 中国联合网络通信集团有限公司 The authentication method and system that interconnects of identity-based identification card
CN109286933B (en) * 2018-10-18 2021-11-30 世纪龙信息网络有限责任公司 Authentication method, device, system, computer equipment and storage medium
CN115037486A (en) * 2021-02-20 2022-09-09 中国电信股份有限公司 User authentication method, system, server, terminal, network device and storage medium
CN113747375A (en) * 2021-09-06 2021-12-03 重庆华龙网集团股份有限公司 One-key acquisition system and method for third-party application user sensitive information in 5G message

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012028168A1 (en) * 2010-08-30 2012-03-08 Nokia Siemens Networks Oy Identity gateway
US20130095794A1 (en) * 2011-10-13 2013-04-18 Signalset, Inc. Real-time management of a wireless device operation on multiple networks
CN103905194A (en) * 2012-12-26 2014-07-02 中国电信股份有限公司 Identity traceability authentication method and system
CN103944737A (en) * 2014-05-06 2014-07-23 中国联合网络通信集团有限公司 User identity authentication method, third-party authentication platform and operator authentication platform
CN104717648A (en) * 2013-12-12 2015-06-17 中国移动通信集团公司 Unified authentication method and device based on SIM card
CN105072112A (en) * 2015-08-07 2015-11-18 中国联合网络通信集团有限公司 Identity authentication method and identity authentication device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101150594B (en) * 2007-10-18 2013-06-19 中国联合网络通信集团有限公司 Integrated access method and system for mobile cellular network and WLAN
US8370509B2 (en) * 2009-04-09 2013-02-05 Alcatel Lucent Identity management services provided by network operator
CN102271041B (en) * 2011-07-30 2013-08-14 杨勇 Root service system for personal identity authentication
US9031541B2 (en) * 2012-04-09 2015-05-12 Cellco Partnership Method for transmitting information stored in a tamper-resistant module
CN104469770B (en) * 2014-11-27 2018-03-20 中国联合网络通信集团有限公司 Towards WLAN authentication methods, platform and the system of third-party application

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012028168A1 (en) * 2010-08-30 2012-03-08 Nokia Siemens Networks Oy Identity gateway
US20130095794A1 (en) * 2011-10-13 2013-04-18 Signalset, Inc. Real-time management of a wireless device operation on multiple networks
CN103905194A (en) * 2012-12-26 2014-07-02 中国电信股份有限公司 Identity traceability authentication method and system
CN104717648A (en) * 2013-12-12 2015-06-17 中国移动通信集团公司 Unified authentication method and device based on SIM card
CN103944737A (en) * 2014-05-06 2014-07-23 中国联合网络通信集团有限公司 User identity authentication method, third-party authentication platform and operator authentication platform
CN105072112A (en) * 2015-08-07 2015-11-18 中国联合网络通信集团有限公司 Identity authentication method and identity authentication device

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019184206A1 (en) * 2018-03-26 2019-10-03 平安科技(深圳)有限公司 Identity authentication method and apparatus
CN111861491A (en) * 2020-07-24 2020-10-30 中国工商银行股份有限公司 Information verification method, device and equipment
CN111861491B (en) * 2020-07-24 2023-09-22 中国工商银行股份有限公司 Information verification method, device and equipment
CN112165458A (en) * 2020-09-07 2021-01-01 中国联合网络通信集团有限公司 Real-name authentication method, device and terminal
CN112165458B (en) * 2020-09-07 2023-04-18 中国联合网络通信集团有限公司 Real-name authentication method, device and terminal
CN113970945A (en) * 2021-10-25 2022-01-25 吉林建筑科技学院 Building intelligent control system
CN116800544A (en) * 2023-08-21 2023-09-22 成都数智创新精益科技有限公司 User authentication method, system and device and medium
CN116800544B (en) * 2023-08-21 2023-11-24 成都数智创新精益科技有限公司 User authentication method, system and device and medium

Also Published As

Publication number Publication date
CN106817347A (en) 2017-06-09

Similar Documents

Publication Publication Date Title
WO2017088634A1 (en) Third-party application authentication method, authentication server, terminal and management server
CN108901022B (en) Micro-service unified authentication method and gateway
CN108306877B (en) NODE JS-based user identity information verification method and device and storage medium
CN111385100B (en) Method, computer readable medium and mobile device for accessing resources
KR101270323B1 (en) Methods, apparatuses, and computer program products for providing a single service sign-on
US9548963B2 (en) Method and system to enable a virtual private network client
WO2015158114A1 (en) Intelligent communication method, terminal and system
US10904220B2 (en) Provisioning using a generic configuration
CN105828329B (en) Mobile terminal authentication management method
US20110173687A1 (en) Methods and Arrangements for an Internet Multimedia Subsystem (IMS)
US10924530B2 (en) Inter-provider file transfer system and method
CN105827624A (en) Identity verifying system
WO2014086222A1 (en) Method and apparatus for setting video call parameters and sending capability parameters
CN111404695B (en) Token request verification method and device
CN105722072A (en) Business authorization method, device, system and router
CN110913011B (en) Session holding method, session holding device, readable storage medium and electronic device
US9680814B2 (en) Method, device, and system for registering terminal application
WO2019184717A1 (en) Communication method and related product
US20150118995A1 (en) Internet protocol multimedia subsystem (ims) authentication for non-ims subscribers
WO2015096483A1 (en) Terminal application registration method, device and system
CN106453400B (en) A kind of authentication method and system
Schulz et al. d 2 Deleting Diaspora: Practical attacks for profile discovery and deletion
WO2021082945A1 (en) Remote management method and system, terminal device and server
CN110781481A (en) Single sign-on method, client, server, and storage medium
CN107770772B (en) A kind of method and apparatus that unaware certification online is realized by APP

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16867859

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16867859

Country of ref document: EP

Kind code of ref document: A1