CN104753872B - authentication method, authentication platform, service platform, network element and system - Google Patents

Abstract

The embodiment of the invention provides an authentication method, an authentication platform, a service platform, a network element and a system, when receiving terminal information which is triggered by a network element used for carrying out authentication initialization on a terminal in a specified network with a complete authentication mechanism and finishes the specified network authentication initialization terminal, the terminal information is stored, wherein the terminal information comprises terminal identification information; when a first service authentication request which is sent by a service platform and authenticates a request terminal requesting to log in the service platform is received, whether the request terminal completes authentication initialization of a specified network or not is determined according to stored terminal information; and when the request terminal is determined to finish the authentication initialization of the designated network, determining that the authentication result of the first service authentication request is successful, and sending the authentication result of the first service authentication request to the service platform. The problem of authentication inefficiency among the prior art is solved. The invention relates to the technical field of mobile communication.

Description

Authentication method, authentication platform, service platform, network element and system

technical field

The invention relates to the technical field of mobile communication, in particular to an authentication method, an authentication platform, a service platform, a network element and a system.

Background technique

In the prior art, in order to ensure the security of user data, the user usually needs to pass the authentication of the security mechanism before using the data service. Taking the use of network data services based on IP Multimedia Subsystem (IMS, IP Multimedia Subsystem) and data services based on Hypertext Transfer Protocol (HTTP, Hypertext Transfer Protocol) protocol as an example, data services based on IMS networks are mostly real-time Communication, video call, video conferencing and other data services. Data services based on the HTTP protocol and related communication mechanisms include various types, such as location services for positioning and navigation, client-based and server-based game services, and so on.

In order to ensure the security of user data, when using the data service based on the HTTP protocol and the data service based on the IMS network, it is usually necessary to authenticate the client. For data services based on the HTTP protocol, before the client uses the corresponding service, the service platform can use HTTP basic authentication or HTTP digest HTTP Digest authentication to authenticate the client; for services based on the IMS network, the client access In the case of an IMS network, the IMS network uses the IMS Session Initiation Protocol Digest (Session Initiation Protocol Digest) authentication method or the IMS Authentication and Key Agreement (AKA, Authentication and Key Agreement) authentication method to authenticate the client and pass the service based on the HTTP protocol. Clients authenticated by the platform can use this service, and clients certified by the IMS network can use most IMS services provided by the IMS network.

Further, when a terminal has both an HTTP-based client and an IMS-based service client, and the authentication information required for the HTTP-based service platform to authenticate the client is the same as when the IMS network authenticates the client When the required authentication information is the same set of user data, for example, terminal number, information in the SIM (Subscriber Identity Model) card, terminal number, user name and password, etc., the terminal supports the same set of user data, but needs to support different The authentication method supports HTTP-based service platform authentication and IMS network-based authentication respectively. For the network side, the HTTP-based service platform and IMS network also need to provide different network elements for the same set of user data to support different The authentication mechanism has the problems of complex development, duplication of authentication functions, and low authentication efficiency for both the terminal and the network side.

Contents of the invention

The embodiment of the present invention provides an authentication method, an authentication platform, a service platform, a network element and a system to solve the problem in the prior art that data services based on different platforms need to provide different network elements for the same set of user data to support different authentications mechanism, duplication of authentication functions, and low authentication efficiency.

Based on the above problems, one of the authentication methods provided by the embodiment of the present invention includes:

When receiving the terminal information of the terminal that completes the authentication initialization of the specified network triggered by the network element used for authentication initialization of the terminal in the specified network with a complete authentication mechanism, save the terminal information, wherein the terminal information Including terminal identification information;

When receiving the first service authentication request sent by the service platform to authenticate the requesting terminal requesting to log in to the service platform, determine whether the requesting terminal has completed the authentication initialization of the specified network according to the saved terminal information ;

When it is determined that the requesting terminal completes the authentication initialization of the designated network, determine that the authentication result of the first service authentication request is successful, and send the authentication result of the first service authentication request to the service platform.

The second authentication method provided by the embodiment of the present invention includes:

When the login request sent by the requesting terminal is received, a first service authentication request for authenticating the requesting terminal is sent to the authentication platform, wherein the first service authentication request is used by the authentication platform to complete the specifying terminal information of a network authentication initialization terminal, determining whether the requesting terminal is a terminal that has completed authentication initialization of the specified network, and the terminal information includes terminal identification information;

When the authentication platform determines that the requesting terminal has completed the authentication initialization of the specified network, it receives an authentication result sent by the authentication platform indicating that the authentication of the first service authentication request is successful.

A third authentication method provided by an embodiment of the present invention includes:

After the terminal is authenticated and initialized, the terminal information of the terminal that has completed the specified network authentication initialization is triggered to the authentication platform,

Wherein, the terminal information is used for the authentication platform to save the terminal information, and when receiving the first service authentication request sent by the service platform to authenticate the requesting terminal requesting to log in to the service platform, according to the saved The terminal information determines whether the requesting terminal has completed the authentication initialization of the designated network, and when it is determined that the requesting terminal has completed the authentication initialization of the designated network, it is determined that the authentication result of the first service authentication request is successful , the terminal information includes terminal identification information.

An authentication platform provided by an embodiment of the present invention includes:

A storage module, configured to save the terminal information when receiving terminal information of a terminal that completes the authentication initialization of the specified network triggered by a network element in the specified network with a complete authentication mechanism for performing authentication initialization on the terminal, wherein , the terminal information includes terminal identification information;

The first authentication module is configured to, when receiving a first service authentication request sent by the service platform to authenticate a requesting terminal requesting to log in to the service platform, determine whether the requesting terminal is completed according to the saved terminal information authentication initialization of said specified network;

A sending module, configured to determine that the authentication result of the first service authentication request is successful when it is determined that the requesting terminal has completed the authentication initialization of the designated network, and send the authentication result of the first service authentication request to the business platform.

A service platform provided by an embodiment of the present invention includes:

A sending module, configured to send a first service authentication request for authenticating the requesting terminal to the authentication platform when receiving the login request sent by the requesting terminal, wherein the first service authentication request is used by the authentication platform according to The stored terminal information of the terminal that has completed the authentication initialization of the designated network, and determining whether the requesting terminal is a terminal that has completed the authentication initialization of the designated network, and the terminal information includes terminal identification information;

A receiving module, configured to receive an authentication result of successful authentication of the first service authentication request sent by the authentication platform when the authentication platform determines that the requesting terminal has completed the authentication initialization of the designated network.

A network element of a designated network provided by an embodiment of the present invention includes:

The authentication initialization module is used to initialize the authentication of the specified network for the terminal;

The triggering module is configured to trigger the terminal information of the terminal that has completed the specified network authentication initialization to the authentication platform after the authentication initialization module performs authentication initialization on the terminal, wherein the terminal information is used by the authentication platform to Terminal information storage, when receiving the first service authentication request sent by the service platform to authenticate the requesting terminal requesting to log in to the service platform, according to the stored terminal information, determine whether the requesting terminal has completed the specified network authentication initialization, and when it is determined that the requesting terminal completes the specified network authentication initialization, determine that the authentication result of the first service authentication request is successful, and the terminal information includes terminal identification information.

An authentication system provided by an embodiment of the present invention includes: the above-mentioned authentication platform, the above-mentioned service platform, the network elements of the above-mentioned specified network, and multiple terminals.

The beneficial effects of the embodiments of the present invention include:

The authentication method, authentication platform, service platform, network element, and system provided by the embodiments of the present invention, when receiving a network element trigger for authentication initialization of a terminal in a specified network with a complete authentication mechanism, complete the specified network authentication initialization terminal When receiving the terminal information of the terminal information, save the terminal information, wherein the terminal information includes terminal identification information; when receiving the first service authentication request sent by the service platform to authenticate the requesting terminal requesting to log in to the service platform, according to the stored terminal information , determine whether the requesting terminal has completed the authentication initialization of the specified network; when it is determined that the requesting terminal has completed the authentication initialization of the specified network, determine that the authentication result of the first service authentication request is successful, and send the authentication result of the first service authentication request to the service platform . When the requesting terminal requests to log in to the service platform, the authentication platform that stores the terminal information of the terminal that has completed the authentication and initialization of the specified network determines whether the requesting terminal has completed the authentication initialization of the specified network. If the requesting terminal has completed the authentication initialization of the specified network, the request After the terminal successfully logs in to the service platform, that is, after the authentication initialization of the specified network is completed, the services of the service platform listed in the specified network and outside the specified network can be used, and the extended authentication result can be used for data services based on the above-mentioned specified network. It can be used for data services based on service platforms other than the specified network, which not only effectively utilizes the authentication capabilities provided by existing network elements, avoids repeated construction of network elements with authentication functions, but also avoids duplication and confusion of authentication functions by terminals. complex development. Compared with the prior art, where data services based on different platforms need to provide different network elements to support different authentication mechanisms for the same set of user data, the authentication efficiency is improved.

Description of drawings

FIG. 1 is a flow chart of one of the authentication methods provided by the embodiment of the present invention;

FIG. 2 is a flowchart of a second authentication method provided by an embodiment of the present invention;

FIG. 3 is a flowchart of an authentication method provided in Embodiment 1 of the present invention;

FIG. 4 is a flowchart of an authentication method provided by Embodiment 2 of the present invention;

FIG. 5 is a flowchart of an authentication method provided by Embodiment 3 of the present invention;

FIG. 6 is a flowchart of an authentication method provided by Embodiment 4 of the present invention;

FIG. 7 is a schematic structural diagram of an authentication platform provided by an embodiment of the present invention;

FIG. 8 is a schematic structural diagram of a service platform provided by an embodiment of the present invention;

FIG. 9 is a schematic structural diagram of a designated network element provided by an embodiment of the present invention.

Detailed ways

The embodiment of the present invention provides an authentication method, an authentication platform, a service platform, a network element and a system. The preferred embodiments of the present invention will be described below in conjunction with the accompanying drawings. It should be understood that the preferred embodiments described here are only for illustration and explanation The present invention is not intended to limit the present invention. And in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other.

An embodiment of the present invention provides an authentication method, which is applied to the authentication platform side, as shown in Figure 1, including:

S101. When receiving the terminal information of the terminal that completes the authentication initialization of the designated network triggered by the network element used to initialize the terminal in the designated network with a complete authentication mechanism, save the terminal information, wherein the terminal information includes the terminal Identification information.

S102. When receiving a first service authentication request sent by the service platform to authenticate a requesting terminal requesting to log in to the service platform, determine whether the requesting terminal has completed authentication initialization of a designated network according to the stored terminal information.

S103. When it is determined that the requesting terminal completes the authentication initialization of the designated network, determine that the authentication result of the first service authentication request is successful, and send the authentication result of the first service authentication request to the service platform.

Corresponding to the authentication method provided in FIG. 1 , an embodiment of the present invention provides an authentication method applied to the service platform side, as shown in FIG. 2 , including:

S201. When receiving the login request sent by the requesting terminal, send to the authentication platform a first service authentication request for authenticating the requesting terminal, wherein the first service authentication request is used for the authentication platform to designate the network authentication initialization terminal according to the saved completion The terminal information determines whether the requesting terminal is a terminal that has completed the authentication initialization of the specified network, and the terminal information includes terminal identification information.

S202. When the authentication platform determines that the above-mentioned requesting terminal has completed the authentication initialization of the designated network, receive the authentication result of the authentication success of the first service authentication request sent by the authentication platform.

Corresponding to the authentication methods provided in Figures 1 and 2, an embodiment of the present invention provides an authentication method that is applied to the network element side of a designated network, including:

After the terminal is authenticated and initialized, the terminal information of the terminal that has completed the specified network authentication initialization is triggered to the authentication platform,

Wherein, the terminal information is used for the authentication platform to store the terminal information. When receiving the first service authentication request sent by the service platform to authenticate the requesting terminal requesting to log in to the service platform, it is determined whether the requesting terminal is based on the stored terminal information. The authentication initialization of the specified network is completed, and when it is determined that the requesting terminal completes the authentication initialization of the specified network, it is determined that the authentication result of the first service authentication request is successful, and the terminal information includes terminal identification information.

Furthermore, the designated network can be a verified and mature network with a complete security authentication mechanism, a complete user and terminal information management mechanism, and can safely process and store user information and terminal information. Taking the IMS network system as an example, for data services based on the IMS network, the code number, routing, and security authentication mechanisms provided by the IMS are generally used, mainly including SIP Digest and IMS AKA authentication methods. After the IMS network and network elements are constructed, the above mechanisms can be provided to carry out IMS-based data services, but only for IMS-based data services. For most of the HTTP data services carried out by non-IMS, no matter the code number, routing or security authentication mechanism has to be rebuilt. Because the IMS network has its own routing mechanism, dedicated server and code number mechanism, it is a relatively safe and closed network system with relatively safe user data. Therefore, if the IMS security authentication results can be used and the authentication results can be expanded It can be used for IMS-based data services and HTTP-based data services. It not only effectively utilizes the authentication capabilities provided by existing network elements, avoids the repeated construction of network elements with authentication functions, but also avoids duplication of authentication functions for terminals. and complex development.

The method and related equipment provided by the present invention will be described in detail below with specific embodiments in conjunction with the accompanying drawings.

Example 1:

In Embodiment 1 of the present invention, an authentication method is provided, which is applied to the authentication platform side, as shown in Figure 3, and specifically includes the following steps:

S301. When receiving the terminal information of the terminal that has completed the authentication initialization of the designated network triggered by the network element used to initialize the terminal in the designated network with a complete authentication mechanism, save the terminal information, wherein the terminal information includes the terminal Identification information.

Further, taking the IMS network as an example, the main network elements used in the IMS network, and the basic functions of these network elements in the IMS authentication initialization process are as follows:

Call Session Control Function (CSCF, Call Session Control Function), CSCF can be divided into P/S/I three types according to its location and function: Proxy Call Session Control Function (P-CSCF, Proxy CSCF): It is the IMS and The first connection point of the user connection provides the Proxy function, that is, accepts the user's service request and forwards the service request; Serving Call Session Control Function (S-CSCF, Serving CSCF): S-CSCF is at the core of the IMS core network Controlling position, responsible for UE authentication initialization authentication and session control during the IMS authentication initialization process; negotiation call session control function (I-CSCF, Interrogating CSCF): I-CSCF is the unified initial entry point of the IMS network, is The first access point of the local network; I-CSCF is responsible for transferring user call requests to the appropriate S-CSCF; P/S/I-CSCF can be independent or integrated in physical entities.

In the prior art, after the terminal completes the IMS network authentication initialization, the network element used for authentication initialization of the terminal can trigger the terminal information of the terminal that has completed the authentication initialization to the IMS service platform in the IMS network, so that each IMS service platform When receiving the terminal's request to use the IMS service, it is possible to determine the terminal that has passed the IMS network authentication initialization and continue the subsequent IMS service. In this embodiment, other network elements involved in the IMS network authentication initialization can be performed from these network elements or terminals in advance. After the terminal completes the IMS network authentication initialization, not only the terminal information of the terminal that has completed the authentication initialization is triggered to the IMS service platform in the IMS network, but also the terminal information of the terminal that has completed the authentication initialization is triggered to the authentication platform. The service platform based on the HTTP service can authenticate the terminal requesting to use the service platform through the authentication platform.

Furthermore, the authentication platform can be a platform independent of each service platform, or can be integrated with each service platform on a physical entity. When the authentication platform is independent of each service platform, the network element that initializes the authentication of the terminal can complete the authentication The terminal information of the initialization terminal is sent to the authentication platform. When the authentication platform is integrated with each service platform as an authentication module on a physical entity, the network element that performs authentication initialization on the terminal can send the terminal information of the terminal that has completed the authentication initialization to each Each authentication module in the business platform.

S302. When receiving the first service authentication request sent by the service platform to authenticate the requesting terminal requesting to log in to the service platform and carrying the service identifier of the service corresponding to the service platform, generate a first token based on the service identifier token, and send the first token to the business platform,

Wherein, the first token is used after the service platform sends the first token to the requesting terminal, and the requesting terminal uses the first token to encrypt the terminal identification information of the requesting terminal in the first encryption method, and the first encryption method and the encrypted terminal The identification information is sent to the service platform.

Further, in this step, after the service platform receives the login request of the requesting terminal, it can send the corresponding terminal identification information of the requesting terminal to the authentication platform, so that the authentication platform directly uses the terminal identification information and the completed specified information stored by itself. Compare the terminal identification information of the network authentication initialization terminal to determine whether the requesting terminal has completed the initialization of the specified network authentication, so as to determine whether the authentication result of the first service authentication request is authentication success. However, for security, the authentication platform in this step passes Issuing the first token enables the requesting terminal to report terminal identification information. For an IMS network, the terminal identity information may be a public user identity (IMPU, IMS Public User identity).

Further, the first service authentication request may carry the service identifier of the service corresponding to the service platform, and the first service authentication request may also carry the terminal identification information of the requesting terminal, the terminal identification information of the requesting terminal is pre-saved by the service platform, and When receiving the login request of the requesting terminal, it is determined according to the login information carried by the requesting terminal, that is to say, the requesting terminal may use different login information when logging in to different service platforms, and the service platform can The terminal identification information of the requesting terminal and the login information of the requesting terminal are correspondingly stored, and when the login request of the requesting terminal is received, the terminal identification information of the requesting terminal can be determined according to the login information, and sent in the first service authentication request For the authentication platform, then, in this step, generating the first token based on the service identifier may be replaced by: generating the first token based on the service identifier and the terminal identification information of the requesting terminal.

Further, after the first token is used by the service platform to send the first token to the requesting terminal, the requesting terminal uses the received first token to encrypt the terminal identification information of the requesting terminal and related information of the requesting terminal in a first encrypted manner. Encryption, sending the first encryption method, encrypted terminal identification information, and encrypted related information to the service platform. The related information includes the number of the requesting terminal and/or the media access control (MAC, Media Access Control) address of the requesting terminal, that is, That is, in this step, when requesting the terminal to use the first token for encryption, in order to improve security, more information can be encrypted.

S303. When receiving the second service authentication request sent by the service platform and carrying the first encryption method and encrypted terminal identification information, determine the terminal identification information of the requesting terminal according to the first decryption method corresponding to the first encryption method, and According to the stored terminal information, it is determined whether the requesting terminal has completed the authentication initialization of the specified network.

In this step, when the requesting terminal uses the first encryption method to encrypt the terminal identification information of the requesting terminal and related information of the requesting terminal using the received first token, the second service authentication request carries the first encryption method, encrypted The terminal identification information and encrypted related information.

In this step, when the service platform receives the first encryption method and the encrypted terminal identification information sent by the requesting terminal, it may encapsulate the first encryption method and the encrypted terminal identification information in the second service authentication request and send it to the authentication platform, Please authenticate the platform.

Further, in this step, the decrypted terminal identification information of the requesting terminal can be compared with the stored terminal information of the designated network authentication initialization terminal, and if the terminal identification information of the requesting terminal exists in the stored terminal information, then It is determined that the requesting terminal has completed authentication initialization of the specified network.

S304. When it is determined that the requesting terminal completes the authentication initialization of the specified network, determine that the authentication result of the first service authentication request is successful, and send the authentication result of the first service authentication request to the service platform.

S305. Generate a second token and send it to the business platform,

Wherein, the second token is used after the service platform sends the second token to the requesting terminal, and the requesting terminal uses the second encryption method to encrypt the business information with the second token, and sends the second encryption method and the encrypted business information to business platform.

Further, after it is determined in step S304 that the requesting terminal has passed the authentication, the requesting terminal can be interacted with the service platform in subsequent steps, but in order to ensure security, some important business information can be encrypted. In this step, the authentication The second token generated by the platform can be used to encrypt important business information later.

S306. When receiving the third service authentication request sent by the service platform and carrying the second encryption method and the encrypted service information, determine the second token according to the second decryption method corresponding to the second encryption method.

In this step, when the service platform receives the second encryption method and encrypted service information sent by the requesting terminal, it can encapsulate the second encryption method and encrypted service information in the third service authentication request and send it to the authentication platform. Please authenticate The platform is certified.

S307. Determine the authentication result of the third service authentication request according to the decrypted second token, and send the obtained authentication result to the service platform,

Wherein, the authentication result is used for the service platform to respond to the service information sent by the requesting terminal when the authentication result is that the authentication is successful.

In this step, when the authentication platform determines that the decrypted second token is a token generated by itself, it can determine that the authentication result of this authentication is successful, and the service platform can respond to the service information sent by the requesting terminal, and the subsequent business During information exchange, the requesting terminal can still encrypt important business information, such as online transaction information, through the second token, and decrypt it by the authentication platform. After successful authentication, continue subsequent business with the business platform.

Example 2:

Corresponding to Embodiment 1, in Embodiment 2 of the present invention, an authentication method is provided, which is applied to the service platform side, as shown in FIG. 4 , and specifically includes the following steps:

S401. When a login request sent by the requesting terminal is received, send to the authentication platform a first service authentication request for authenticating the requesting terminal and carrying a service identifier of a service corresponding to the service platform.

Further, in this step, when receiving the login request sent by the requesting terminal, the service platform can first judge whether the requesting terminal has passed the service authentication of the authentication platform, and the service platform can save the login status information of each requesting terminal that accesses itself, When it is determined that the requesting terminal has not been authenticated by the authentication platform, send to the authentication platform a first service authentication request for authenticating the requesting terminal and carrying the service identifier of the service corresponding to the service platform.

S402. When receiving the first token sent by the authentication platform, send the first token to the requesting terminal,

Wherein, the first token is generated based on the service identifier after the authentication platform receives the first service authentication request; the first token is used for requesting the terminal to encrypt the terminal identification information of the requesting terminal in a first encryption manner using the first token, And send the first encryption method and the encrypted terminal identification information to the service platform.

Further, the first service authentication request may also carry terminal identification information of the requesting terminal, then, in this step, the first token is generated based on the service identifier after the authentication platform receives the first service authentication request, and may be: A token is generated based on the service identifier and the terminal identification information of the requesting terminal after the authentication platform receives the first service authentication request.

Further, the first token is used to request the terminal to use the first encryption method to encrypt the terminal identification information of the requesting terminal and related information of the requesting terminal using the received first token, and encrypt the first encryption method and the encrypted terminal identification Information and encrypted related information are sent to the service platform, and the related information includes the number of the requesting terminal and/or the MAC address of the requesting terminal, that is to say, in this step, when the requesting terminal uses the first token for encryption, in order to improve security , more information can be encrypted.

S403. Receive the first encryption method and encrypted terminal identification information sent by the requesting terminal, and carry the first encryption method and encrypted terminal identification information in the second service authentication request to the authentication platform,

Wherein, the second service authentication request is used for the authentication platform to determine the terminal identification information of the requesting terminal according to the first decryption method corresponding to the first encryption method, and when determining that the requesting terminal completes the authentication initialization of the specified network according to the saved terminal information , determining that the authentication result of the first service authentication request is authentication success.

S404. When the authentication platform determines that the requesting terminal completes the authentication initialization of the specified network, receive the authentication result of the first service authentication request authentication success sent by the authentication platform and the second token generated by the authentication platform.

This step may also be implemented as: receiving the second token generated by the authentication platform sent by the authentication platform. Because when the authentication platform sends the second token to the service platform, it can represent that the default authentication result of the first service authentication request is authentication success.

S405. Send the second token to the requesting terminal,

Wherein, the second token is used to request the terminal to use the second encryption method to encrypt the service information, and send the second encryption method and the encrypted service information to the service platform.

S406. Receive the second encryption method and the encrypted service information sent by the requesting terminal, carry the second encryption method and the encrypted service information in the third service authentication request and send it to the authentication platform,

Wherein, the third service authentication request is used for the authentication platform to determine the second token according to the second decryption method corresponding to the second encryption method, and when it is determined that the second token is generated by the authentication platform, determine the authentication of the third service authentication request The result is authentication successful.

S407. Respond to the service information sent by the requesting terminal when receiving an authentication result indicating that the authentication of the third service authentication request is successful.

Further, when the subsequent requesting terminal sends more important service information to the service platform, steps S406-S407 may be repeated to ensure the security of the service information.

Example 3:

Corresponding to Embodiment 1 and Embodiment 2, in Embodiment 3 of the present invention, an authentication method is provided, which is applied to the terminal side, as shown in FIG. 5 , and specifically includes the following steps:

S501. Send a login request to the service platform.

S502. Receive the first token sent by the service platform.

S503. Use the first token to encrypt the terminal identification information of the requesting terminal in a first encryption manner, and send the first encryption manner and the encrypted terminal identification information to the service platform.

S504. Receive the second token sent by the service platform.

S505. Use the second token to encrypt the service information in a second encryption manner, and send the second encryption manner and the encrypted service information to the service platform.

S506. Receive a response sent by the service platform to the service information sent in S505.

Further, in the embodiment provided by the present invention, the terminal is described as follows:

After the terminal is turned on, it should actively initiate the authentication initialization process to the designated network. Taking the IMS network as an example, the terminal needs to include the following functions:

After the terminal is turned on and completes terminal upgrade or terminal management, it needs to be able to determine whether it supports SIPAgent or IMS client. If it supports it, it needs to be able to initiate the authentication initialization process to the IMS server according to the preset IMS server address.

According to the IMS server address preset by the terminal, after the terminal management service such as upgrading is completed, the terminal actively initiates an authentication initialization request to the IMS server. Depending on whether the terminal is a terminal with a card or without a card, the terminal initiates different authentication initialization requests to the IMS server. If the terminal is a terminal without a card, generally SIPDigest is used to initiate an authentication initialization request to the IMS server; if the terminal is a terminal with a card, generally IMS is used. In AKA mode, an authentication initialization request is sent to the IMS server.

Furthermore, the cardless terminal generally adopts the SIP Digest authentication method that uses the user name and password as user information. The user name and password can be entered by the user, but from the perspective of security, the implementation can be done without the user's perception. Therefore, for the cardless terminal, the following methods can be considered to store the user name and password without the user's perception:

The first way: through the terminal management platform, remotely configure the user account information to the safe storage space of the terminal through a secure channel.

The second method: when the terminal leaves the factory, user account information can be randomly assigned to each terminal, and factory preset to the safe storage space of the terminal, and the assigned account information can be synchronized to the platform side at the same time.

Further, the secure storage area includes the following storage methods:

The first method: the safe storage space for storing user account information can be a part of read-only hard disk (flash) storage space, and the read-only attribute of this space cannot be modified arbitrarily after leaving the factory.

The second way: if more secure storage is required, the user account information can also be stored in the read-only storage area of the CPU.

The second method: encrypt and store the user account information.

Example 4:

In Embodiment 4 of the present invention, an authentication method is provided, which is applied to an authentication platform, a service platform, a network element of a designated network, and a terminal side, as shown in FIG. 6 , specifically including the following steps:

S601. A network element in the designated network for performing authentication initialization on a terminal triggers terminal information of the terminal that completes authentication initialization to an authentication platform.

S602. The authentication platform saves the received terminal information, where the terminal information includes terminal identification information.

S603. The requesting terminal sends a login request to the service platform.

S604. The service platform judges whether the requesting terminal has passed the authentication of the authentication platform.

S605. When the service platform determines that the requesting terminal has not been authenticated by the authentication platform, send to the authentication platform a first service authentication request for authenticating the requesting terminal, carrying the service identification of the service corresponding to the service platform and the identification information of the requesting terminal.

S606. The authentication platform generates a first token according to the received service identifier and requesting terminal identifier information.

S607. The authentication platform sends the first token generated in S606 to the service platform.

S608. The service platform sends the first token to the requesting terminal.

S609. The requesting terminal encrypts the terminal identification information of the requesting terminal and related information of the requesting terminal by using the first token in a first encryption manner.

S610. Request the terminal to send the first encryption method, encrypted terminal identification information, and encrypted related information to the service platform.

S611. The service platform sends the first encryption method, encrypted terminal identification information, and encrypted related information to the authentication platform in the second service authentication request.

S612. The authentication platform determines the terminal identification information of the requesting terminal according to the first decryption method corresponding to the first encryption method, and generates a second token when it is determined that the requesting terminal completes the authentication initialization of the specified network according to the stored terminal information.

S613. The authentication platform sends the second token generated in S612 to the service platform.

S614. The service platform sends the second token to the requesting terminal.

S615. Request the terminal to encrypt the service information by using the second token in the second encryption manner.

S616. Request the terminal to send the second encryption method and the encrypted service information to the service platform.

S617. The service platform carries the second encryption method and the encrypted service information in the third service authentication request and sends it to the authentication platform.

S618. The authentication platform determines the second token according to the second decryption method corresponding to the second encryption method.

S619. When the authentication platform determines that the second token is generated by the authentication platform, send an authentication result indicating that the authentication of the third service authentication request is successful to the service platform.

S620. The service platform responds to the service information sent by the requesting terminal.

Based on the same inventive concept, embodiments of the present invention also provide authentication platforms, service platforms, network elements, and systems. Since the principles of these platforms and systems solve problems similar to the aforementioned authentication methods, the implementation of the platforms and systems can refer to the aforementioned methods The implementation of the implementation, the repetition will not repeat them.

An embodiment of the present invention provides an authentication platform, as shown in Figure 7, including:

The storage module 701 is configured to save the terminal information when receiving the terminal information of the terminal that completes the authentication initialization of the designated network triggered by a network element in the designated network with a complete authentication mechanism for performing authentication initialization on the terminal, Wherein, the terminal information includes terminal identification information;

The first authentication module 702 is configured to, when receiving a first service authentication request sent by the service platform to authenticate a requesting terminal requesting to log in to the service platform, determine whether the requesting terminal is based on the saved terminal information completing the authentication initialization of the designated network;

The sending module 703 is configured to determine that the authentication result of the first service authentication request is successful when it is determined that the requesting terminal has completed the authentication initialization of the specified network, and send the authentication result of the first service authentication request to The business platform.

Further, the first service authentication request received by the first authentication module 702 carries the service identifier of the service corresponding to the service platform;

The first authentication module 702 is specifically configured to determine whether the requesting terminal has completed the authentication initialization of the specified network in the following manner: when receiving the first authentication request terminal requesting to log in to the service platform sent by the service platform, When a service authentication request is made, a first token token is generated based on the service identifier, and the first token is sent to the service platform, wherein the first token is used by the service platform to use the first token After sending to the requesting terminal, the requesting terminal uses the first token to encrypt the terminal identification information of the requesting terminal in a first encryption method, and sends the first encryption method and the encrypted terminal identification information To the service platform; when receiving the second service authentication request from the service platform that carries the first encryption method and encrypted terminal identification information, according to the first decryption method corresponding to the first encryption method , determining the terminal identification information of the requesting terminal, and determining whether the requesting terminal has completed authentication initialization of the specified network according to the saved terminal information.

Further, the first service authentication request received by the first authentication module 702 also carries terminal identification information of the requesting terminal, and the terminal identification information of the requesting terminal is pre-saved by the service platform, And when the login request of the requesting terminal is received, it is determined according to the login information carried by the requesting terminal;

The first authentication module 702 is specifically configured to generate a first token based on the service identifier and the terminal identification information of the requesting terminal;

The first token generated by the first authentication module 702 is used after the service platform sends the first token to the requesting terminal, and the requesting terminal uses the received The first token encrypts the terminal identification information of the requesting terminal and related information of the requesting terminal, and sends the first encryption method, the encrypted terminal identification information, and the encrypted related information to the service platform , the relevant information includes the serial number of the requesting terminal and/or the MAC address of the requesting terminal;

The second service authentication request received by the first authentication module 702 carries the first encryption method, the encrypted terminal identification information, and the encrypted related information.

Further, the authentication platform also includes: a second authentication module 704;

The second authentication module 704 is configured to generate a second token and send it to the service platform after determining that the authentication result of the first service authentication request is successful, wherein the second token is used for the service After the platform sends the second token to the requesting terminal, the requesting terminal encrypts the service information using the second token in a second encryption method, and sends the second encryption method and the encrypted service information Send to the service platform; when receiving the third service authentication request from the service platform that carries the second encryption method and encrypted service information, according to the second decryption method corresponding to the second encryption method , determining the second token; determining the authentication result of the third service authentication request according to the decrypted second token;

The sending module 703 is further configured to send the authentication result obtained by the second authentication module 704 to the service platform, wherein the authentication result is used when the authentication result of the third service authentication request is When the authentication is successful, the service platform responds to the service information sent by the requesting terminal.

An embodiment of the present invention provides a service platform, as shown in Figure 8, including:

The sending module 801 is configured to send a first service authentication request for authenticating the requesting terminal to the authentication platform when receiving a login request sent by the requesting terminal, wherein the first service authentication request is used for the authentication platform determining whether the requesting terminal is a terminal that has completed the authentication initialization of the designated network according to the stored terminal information of the terminal that has completed the authentication initialization of the designated network, and the terminal information includes terminal identification information;

The receiving module 802 is configured to, when the authentication platform determines that the requesting terminal completes the authentication initialization of the specified network, receive the authentication result of the authentication success of the first service authentication request sent by the authentication platform.

Further, the first service authentication request sent by the sending module 801 carries the service identifier of the service corresponding to the service platform;

The receiving module 802 is further configured to receive the first token token sent by the authentication platform; and receive the first encryption method and encrypted terminal identification information sent by the requesting terminal;

The sending module 801 is further configured to send the first token to the requesting terminal when the receiving module 802 receives the first token sent by the authentication platform, wherein the first token After the authentication platform receives the first service authentication request, it is generated based on the service identifier; the first token is used by the requesting terminal to use the first token to encrypt the Encrypt the terminal identification information of the requesting terminal, and send the first encryption method and the encrypted terminal identification information to the service platform; and the receiving module 802 receives the first encryption method sent by the requesting terminal and the encrypted terminal identification information, carrying the first encryption method and the encrypted terminal identification information in a second service authentication request and sending it to the authentication platform, wherein the second service authentication request is used for the authentication platform Determine the terminal identification information of the requesting terminal according to the first decryption method corresponding to the first encryption method, and when it is determined according to the stored terminal information that the requesting terminal has completed authentication initialization of the specified network, Determining that the authentication result of the first service authentication request is authentication success.

Further, the service platform also includes: a response module 803;

The receiving module 802 is specifically configured to receive the authentication result of successful authentication of the first service authentication request sent by the authentication platform and the second token generated by the authentication platform, or receive the authentication message sent by the authentication platform. The second token generated by the platform;

The sending module 801 is further configured to send the second token to the requesting terminal after the receiving module 802 receives the authentication result of successful authentication of the first service authentication request sent by the authentication platform, wherein , the second token is used by the requesting terminal to encrypt service information in a second encryption manner using the second token, and send the second encryption manner and the encrypted service information to the service platform; and sending the second encryption method and encrypted service information received by the receiving module 802 to the authentication platform in a third service authentication request, wherein the third service authentication request is used by the authentication platform according to the The second decryption method corresponding to the second encryption method, determine the second token, and when it is determined that the second token is generated by the authentication platform, determine that the authentication result of the third service authentication request is authentication success ;;

The receiving module 802 is further configured to receive the second encryption method and encrypted service information sent by the requesting terminal; and receive an authentication result indicating that the third service authentication request is successfully authenticated;

The responding module 803 is configured to respond to the service information sent by the requesting terminal when the receiving module 802 receives an authentication result indicating that the third service authentication request is successfully authenticated.

An embodiment of the present invention provides a network element of a specified network, as shown in FIG. 9 , including:

An authentication initialization module 901, configured to initialize the authentication of the designated network for the terminal;

The triggering module 902 is configured to trigger the terminal information of the terminal that has completed the specified network authentication initialization to the authentication platform after the authentication initialization module 901 performs authentication initialization on the terminal, wherein the terminal information is used by the authentication platform to The terminal information storage, when receiving the first service authentication request sent by the service platform to authenticate the requesting terminal requesting to log in to the service platform, according to the stored terminal information, determine whether the requesting terminal has completed the The authentication initialization of the specified network, and when it is determined that the requesting terminal completes the authentication initialization of the specified network, determine that the authentication result of the first service authentication request is successful, and the terminal information includes terminal identification information.

An embodiment of the present invention provides an authentication system, including: the above-mentioned authentication platform, the above-mentioned service platform, the network elements of the above-mentioned specified network, and multiple terminals.

The functions of the above units may correspond to the corresponding processing steps in the flow shown in FIG. 1 to FIG. 6 , and will not be repeated here.

The authentication method, authentication platform, service platform, network element, and system provided by the embodiments of the present invention, when receiving a network element trigger for authentication initialization of a terminal in a specified network with a complete authentication mechanism, complete the specified network authentication initialization terminal When receiving the terminal information of the terminal information, save the terminal information, wherein the terminal information includes terminal identification information; when receiving the first service authentication request sent by the service platform to authenticate the requesting terminal requesting to log in to the service platform, according to the stored terminal information , determine whether the requesting terminal has completed the authentication initialization of the specified network; when it is determined that the requesting terminal has completed the authentication initialization of the specified network, determine that the authentication result of the first service authentication request is successful, and send the authentication result of the first service authentication request to the service platform . When the requesting terminal requests to log in to the service platform, the authentication platform that stores the terminal information of the terminal that has completed the authentication and initialization of the specified network determines whether the requesting terminal has completed the authentication initialization of the specified network. If the requesting terminal has completed the authentication initialization of the specified network, the request After the terminal successfully logs in to the service platform, that is, after the authentication initialization of the specified network is completed, the services of the service platform listed in the specified network and outside the specified network can be used, and the extended authentication result can be used for data services based on the above-mentioned specified network. It can be used for data services based on service platforms other than the specified network, which not only effectively utilizes the authentication capabilities provided by existing network elements, avoids repeated construction of network elements with authentication functions, but also avoids duplication and confusion of authentication functions by terminals. complex development. Compared with the prior art, where data services based on different platforms need to provide different network elements to support different authentication mechanisms for the same set of user data, the authentication efficiency is improved.

Through the above description of the implementation manners, those skilled in the art can clearly understand that the embodiments of the present invention can be implemented by hardware, or by means of software plus a necessary general hardware platform. Based on this understanding, the technical solutions of the embodiments of the present invention can be embodied in the form of software products, which can be stored in a non-volatile storage medium (which can be CD-ROM, U disk, mobile hard disk, etc.), Several instructions are included to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute the methods described in various embodiments of the present invention.

Those skilled in the art can understand that the drawing is only a schematic diagram of a preferred embodiment, and the modules or processes in the drawing are not necessarily necessary for implementing the present invention.

Those skilled in the art can understand that the modules in the device in the embodiment can be distributed in the device in the embodiment according to the description in the embodiment, or can be located in one or more devices different from the embodiment according to corresponding changes. The modules in the above embodiments can be combined into one module, and can also be further split into multiple sub-modules.

The serial numbers of the above embodiments of the present invention are for description only, and do not represent the advantages and disadvantages of the embodiments.

Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalent technologies, the present invention also intends to include these modifications and variations.

Claims (13)

1. An authentication method, characterized in that, comprising: When receiving the terminal information of the terminal that completes the authentication initialization of the specified network triggered by the network element used to initialize the authentication of the terminal in the specified network with a complete authentication mechanism, save the terminal information, wherein the terminal The information includes terminal identification information; the designated network is an IP multimedia subsystem network; When receiving the first service authentication request sent by the service platform to authenticate the requesting terminal requesting to log in to the service platform, determine whether the requesting terminal has completed the authentication initialization of the specified network according to the saved terminal information ; The service platform is an HTTP-based service platform; When it is determined that the requesting terminal completes the authentication initialization of the designated network, determine that the authentication result of the first service authentication request is successful, and send the authentication result of the first service authentication request to the service platform; The first service authentication request carries the service identifier of the service corresponding to the service platform; Determine whether the requesting terminal has completed the authentication initialization of the specified network in the following manner: When receiving the first service authentication request sent by the service platform to authenticate the requesting terminal requesting to log in to the service platform, generate a first token token based on the service identifier, and send the first token to all business platform, Wherein, the first token is used after the service platform sends the first token to the requesting terminal, and the requesting terminal uses the first encryption method to encrypt the requesting terminal's terminal Encrypting the identification information, and sending the first encryption method and the encrypted terminal identification information to the service platform; When receiving the second service authentication request sent by the service platform and carrying the first encryption method and encrypted terminal identification information, determine the requesting terminal according to the first decryption method corresponding to the first encryption method and determine whether the requesting terminal has completed the authentication initialization of the specified network according to the saved terminal information. 2. The method according to claim 1, wherein the first service authentication request also carries terminal identification information of the requesting terminal, and the terminal identification information of the requesting terminal is pre-saved by the service platform and determined according to the login information carried by the requesting terminal when receiving the login request from the requesting terminal; Generate the first token based on the service identifier, specifically including: generating a first token based on the service identifier and the terminal identifier information of the requesting terminal; The first token is used after the service platform sends the first token to the requesting terminal, and the requesting terminal uses the received first token to encrypt the requesting terminal in a first encrypted manner. Encrypting the terminal identification information and the relevant information of the requesting terminal, and sending the first encryption method, the encrypted terminal identification information, and the encrypted relevant information to the service platform, the relevant information including the request The number of the terminal and/or the media access control MAC address of the requesting terminal; The second service authentication request carries the first encryption method, the encrypted terminal identification information, and the encrypted related information. 3. The method according to any one of claims 1-2, characterized in that, after determining that the authentication result of the first service authentication request is successful, further comprising: Generate a second token and send it to the service platform, wherein the second token is used for the service platform to send the second token to the requesting terminal, and the requesting terminal uses a second encryption method to use The second token encrypts the business information, and sends the second encryption method and the encrypted business information to the business platform; When receiving the third service authentication request sent by the service platform and carrying the second encryption method and encrypted service information, determine the second token according to the second decryption method corresponding to the second encryption method ; Determine the authentication result of the third service authentication request according to the decrypted second token, and send the obtained authentication result to the service platform, wherein the authentication result is used when the third service authentication When the authentication result of the request is that the authentication is successful, the service platform responds to the service information sent by the requesting terminal. 4. An authentication method, characterized in that, comprising: When the HTTP-based service platform receives the login request sent by the requesting terminal, it sends to the authentication platform a first service authentication request for authenticating the requesting terminal, wherein the first service authentication request is used by the authentication platform according to Save the terminal information of the designated network authentication initialization terminal, determine whether the requesting terminal is a terminal that completes the authentication initialization of the designated network, the terminal information includes terminal identification information; the designated network is an IP multimedia subsystem network; When the authentication platform determines that the requesting terminal has completed the authentication initialization of the specified network, receiving the authentication result of the authentication success of the first service authentication request sent by the authentication platform; The first service authentication request carries the service identifier of the corresponding service of the service platform; after sending the first service authentication request for authenticating the requesting terminal to the authentication platform, and receiving the authentication of the first service authentication request Before results, also include: When the first token token sent by the authentication platform is received, the first token is sent to the requesting terminal, wherein the first token is the first service authentication request received by the authentication platform Afterwards, generated based on the service identifier; the first token is used by the requesting terminal in a first encryption manner, using the first token to encrypt the terminal identification information of the requesting terminal, and encrypting the first token An encryption method and the encrypted terminal identification information are sent to the service platform; receiving the first encryption method and encrypted terminal identification information sent by the requesting terminal, and carrying the first encryption method and encrypted terminal identification information in a second service authentication request to the authentication platform, Wherein, the second service authentication request is used for the authentication platform to determine the terminal identification information of the requesting terminal according to the first decryption method corresponding to the first encryption method, and when according to the saved terminal information, When it is determined that the requesting terminal completes the authentication initialization of the specified network, it is determined that the authentication result of the first service authentication request is authentication success. 5. The method according to claim 4, wherein receiving the authentication result of successful authentication of the first service authentication request sent by the authentication platform specifically comprises: receiving the authentication result of successful authentication of the first service authentication request sent by the authentication platform and the second token generated by the authentication platform, or receiving the second token generated by the authentication platform sent by the authentication platform; After receiving the authentication result of successful authentication of the first service authentication request sent by the authentication platform, the method further includes: sending the second token to the requesting terminal, wherein the second token is used by the requesting terminal to encrypt service information using the second token in a second encryption manner, and the second The encryption method and the encrypted business information are sent to the business platform; receiving the second encryption method and encrypted service information sent by the requesting terminal, and sending the second encryption method and encrypted service information to the authentication platform in a third service authentication request, Wherein, the third service authentication request is used for the authentication platform to determine the second token according to the second decryption method corresponding to the second encryption method, and when the second token is determined to be the authentication platform When generated, determine that the authentication result of the third service authentication request is authentication success; Responding to the service information sent by the requesting terminal when receiving an authentication result indicating that the authentication of the third service authentication request is successful. 6. An authentication method, characterized in that, comprising: After the terminal is authenticated and initialized, the terminal information of the terminal that completes the authentication initialization of the specified network is triggered to the authentication platform, and the specified network is an IP multimedia subsystem network; Wherein, the terminal information is used for the authentication platform to save the terminal information, and when receiving the first service authentication request sent by the service platform to authenticate the requesting terminal requesting to log in to the service platform, according to the saved The terminal information determines whether the requesting terminal has completed the authentication initialization of the designated network, and when it is determined that the requesting terminal has completed the authentication initialization of the designated network, it is determined that the authentication result of the first service authentication request is successful , the terminal information includes terminal identification information, and the specified network has a complete authentication mechanism; the service platform is an HTTP-based service platform; The first service authentication request carries the service identifier of the service corresponding to the service platform; Determine whether the requesting terminal has completed the authentication initialization of the specified network in the following manner: When receiving the first service authentication request sent by the service platform to authenticate the requesting terminal requesting to log in to the service platform, generate a first token token based on the service identifier, and send the first token to all business platform, Wherein, the first token is used after the service platform sends the first token to the requesting terminal, and the requesting terminal uses the first encryption method to encrypt the requesting terminal's terminal Encrypting the identification information, and sending the first encryption method and the encrypted terminal identification information to the service platform; When receiving the second service authentication request sent by the service platform and carrying the first encryption method and encrypted terminal identification information, determine the requesting terminal according to the first decryption method corresponding to the first encryption method and determine whether the requesting terminal has completed the authentication initialization of the specified network according to the stored terminal information. 7. An authentication platform, characterized in that it comprises: A storage module, configured to save the terminal information when receiving terminal information of a terminal that completes the authentication initialization of the specified network triggered by a network element in the specified network with a complete authentication mechanism for performing authentication initialization on the terminal, wherein , the terminal information includes terminal identification information; the specified network is an IP multimedia subsystem network; The first authentication module is configured to, when receiving a first service authentication request sent by the service platform to authenticate a requesting terminal requesting to log in to the service platform, determine whether the requesting terminal is completed according to the saved terminal information The authentication initialization of the specified network; the service platform is an HTTP-based service platform; A sending module, configured to determine that the authentication result of the first service authentication request is successful when it is determined that the requesting terminal has completed the authentication initialization of the designated network, and send the authentication result of the first service authentication request to the business platform; The first service authentication request received by the first authentication module carries the service identifier of the service corresponding to the service platform; The first authentication module is specifically used to determine whether the requesting terminal has completed the authentication initialization of the designated network in the following manner: when receiving the first service sent by the service platform to authenticate the requesting terminal requesting to log in to the service platform When authenticating a request, generate a first token token based on the service identifier, and send the first token to the service platform, wherein the first token is used by the service platform to send the first token After sending to the requesting terminal, the requesting terminal uses the first token to encrypt the terminal identification information of the requesting terminal in a first encryption method, and sends the first encryption method and the encrypted terminal identification information to The service platform; when receiving the second service authentication request sent by the service platform and carrying the first encryption method and encrypted terminal identification information, according to the first decryption method corresponding to the first encryption method, Determine the terminal identification information of the requesting terminal, and determine whether the requesting terminal has completed authentication initialization of the specified network according to the stored terminal information. 8. The authentication platform according to claim 7, wherein the first service authentication request received by the first authentication module also carries terminal identification information of the requesting terminal, and the requesting terminal's The terminal identification information is pre-saved by the service platform and determined according to the login information carried by the requesting terminal when the login request of the requesting terminal is received; The first authentication module is specifically configured to generate a first token based on the service identifier and the terminal identification information of the requesting terminal; The first token generated by the first authentication module is used after the service platform sends the first token to the requesting terminal, and the requesting terminal uses the received first token in a first encrypted manner A token encrypts the terminal identification information of the requesting terminal and related information of the requesting terminal, and sends the first encryption method, the encrypted terminal identification information, and the encrypted related information to the service platform, The relevant information includes the serial number of the requesting terminal and/or the medium access control MAC address of the requesting terminal; The second service authentication request received by the first authentication module carries the first encryption method, the encrypted terminal identification information, and the encrypted related information. 9. The authentication platform according to any one of claims 7-8, further comprising: a second authentication module; The second authentication module is configured to generate a second token and send it to the service platform after determining that the authentication result of the first service authentication request is successful, wherein the second token is used for the service platform After sending the second token to the requesting terminal, the requesting terminal uses the second encryption method to encrypt the service information, and sends the second encryption method and the encrypted service information to To the service platform; when receiving a third service authentication request from the service platform that carries the second encryption method and encrypted service information, according to the second decryption method corresponding to the second encryption method, determining the second token; determining the authentication result of the third service authentication request according to the decrypted second token; The sending module is further configured to send the authentication result obtained by the second authentication module to the service platform, wherein the authentication result is used when the authentication result of the third service authentication request is that the authentication is successful , the service platform responds to the service information sent by the requesting terminal. 10. A service platform based on HTTP, characterized in that, comprising: A sending module, configured to send a first service authentication request for authenticating the requesting terminal to the authentication platform when receiving the login request sent by the requesting terminal, wherein the first service authentication request is used by the authentication platform according to Save the terminal information of the designated network authentication initialization terminal, determine whether the requesting terminal is a terminal that completes the authentication initialization of the designated network, the terminal information includes terminal identification information; the designated network is an IP multimedia subsystem network; A receiving module, configured to receive an authentication result of successful authentication of the first service authentication request sent by the authentication platform when the authentication platform determines that the requesting terminal has completed the authentication initialization of the specified network; The first service authentication request sent by the sending module carries the service identifier of the service corresponding to the service platform; The receiving module is further configured to receive the first token token sent by the authentication platform; and receive the first encryption method and encrypted terminal identification information sent by the requesting terminal; The sending module is further configured to send the first token to the requesting terminal when the receiving module receives the first token sent by the authentication platform, wherein the first token is the After the authentication platform receives the first service authentication request, it is generated based on the service identifier; the first token is used for the requesting terminal to use the first token to encrypt the requesting terminal in a first encryption method Encrypt the terminal identification information, and send the first encryption method and the encrypted terminal identification information to the service platform; and the receiving module receives the first encryption method and the encrypted terminal identification information sent by the requesting terminal After the terminal identification information, the first encryption method and the encrypted terminal identification information are carried in the second service authentication request and sent to the authentication platform, wherein the second service authentication request is used by the authentication platform according to the The first decryption method corresponding to the first encryption method, determine the terminal identification information of the requesting terminal, and determine the The authentication result of the first service authentication request is authentication success. 11. The business platform according to claim 10, further comprising: a response module; The receiving module is specifically configured to receive the authentication result of successful authentication of the first service authentication request sent by the authentication platform and the second token generated by the authentication platform, or receive the authentication platform sent by the authentication platform The generated second token; The sending module is further configured to send the second token to the requesting terminal after the receiving module receives the authentication result of successful authentication of the first service authentication request sent by the authentication platform, wherein the The second token is used by the requesting terminal to encrypt the service information by using the second token in a second encryption method, and send the second encryption method and the encrypted service information to the service platform; and The second encryption method and encrypted service information received by the receiving module are carried in a third service authentication request and sent to the authentication platform, wherein the third service authentication request is used by the authentication platform to The second decryption method corresponding to the encryption method determines the second token, and when it is determined that the second token is generated by the authentication platform, determines that the authentication result of the third service authentication request is authentication success; The receiving module is further configured to receive the second encryption method and the encrypted service information sent by the requesting terminal; and receive the authentication result of the successful authentication of the third service authentication request; The responding module is configured to respond to the service information sent by the requesting terminal when the receiving module receives an authentication result indicating that the authentication of the third service authentication request is successful. 12. A network element of a specified network, comprising: The authentication initialization module is used to initialize the authentication of the specified network to the terminal; the specified network is an IP multimedia subsystem network; The triggering module is configured to trigger the terminal information of the terminal that has completed the specified network authentication initialization to the authentication platform after the authentication initialization module performs authentication initialization on the terminal, wherein the terminal information is used by the authentication platform to Terminal information storage, when receiving the first service authentication request sent by the service platform to authenticate the requesting terminal requesting to log in to the service platform, according to the stored terminal information, determine whether the requesting terminal has completed the specified network authentication initialization, and when it is determined that the requesting terminal has completed the authentication initialization of the specified network, it is determined that the authentication result of the first service authentication request is successful, and the terminal information includes terminal identification information; the service platform is HTTP-based business platform; The first service authentication request carries the service identifier of the service corresponding to the service platform; Determine whether the requesting terminal has completed the authentication initialization of the specified network in the following manner: When receiving the first service authentication request sent by the service platform to authenticate the requesting terminal requesting to log in to the service platform, generate a first token token based on the service identifier, and send the first token to all business platform, Wherein, the first token is used after the service platform sends the first token to the requesting terminal, and the requesting terminal uses the first encryption method to encrypt the requesting terminal's terminal Encrypting the identification information, and sending the first encryption method and the encrypted terminal identification information to the service platform; When receiving the second service authentication request sent by the service platform and carrying the first encryption method and encrypted terminal identification information, determine the requesting terminal according to the first decryption method corresponding to the first encryption method and determine whether the requesting terminal has completed the authentication initialization of the specified network according to the saved terminal information. 13. An authentication system, characterized in that it comprises: the authentication platform as claimed in any one of claims 7-9, the service platform as claimed in any one of claims 10-11, the service platform as claimed in claim 12 Specify network elements and multiple terminals of the network.