CN102104610A - Authentication method and authentication system - Google Patents
Authentication method and authentication system Download PDFInfo
- Publication number
- CN102104610A CN102104610A CN2011100741024A CN201110074102A CN102104610A CN 102104610 A CN102104610 A CN 102104610A CN 2011100741024 A CN2011100741024 A CN 2011100741024A CN 201110074102 A CN201110074102 A CN 201110074102A CN 102104610 A CN102104610 A CN 102104610A
- Authority
- CN
- China
- Prior art keywords
- service request
- authentication information
- request terminal
- authentication
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 230000008859 change Effects 0.000 claims description 23
- 238000001514 detection method Methods 0.000 claims description 10
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 5
- 238000013475 authorization Methods 0.000 claims description 4
- 239000002131 composite material Substances 0.000 claims description 4
- 230000008569 process Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The invention belongs to the technical field of network and provides an authentication method and an authentication system. The authentication method comprises the following steps of: 107, acquiring the authentication information and an Internet protocol (IP) of a service request terminal and then carrying out S108; 108, judging whether the authentication information is legal, if so, executing S109; 109, storing the IP of the service request terminal into an IP list and executing S112; 112, returning a service required by the service request terminal and carrying out S113; and 113, setting an authentication state as a state of unnecessary to send the authentication information by the service request terminal. In the method, the service request terminal sends the legal authentication information for once when performing a service request, is not required to send the authentication information repeatedly when performing frequent service requests subsequently, and can pass the authentication of a server only by the IP thereof, thereby saving band width.
Description
Technical field
The invention belongs to networking technology area, particularly a kind of auth method of the network equipment and system.
Background technology
Along with the development of Web TV, the paid service of Web TV has become the important component part of Web TV.The paid service of enjoy network TV if desired, network TV terminal just must be by effective authentications.
At present, the authentication information of most of Web TVs is loaded in the middle of the service request information, just there is a problem in this, when a large amount of network television user frequent requests is served, a large amount of authentication information that repeat also can provide the server of service by frequent the sending to of service request, like this, the authentication information of repetition takies a large amount of bandwidth.
Therefore, be necessary to provide a kind of authentication system and auth method, avoid repeating to send authentication information when carrying out authentication, to save bandwidth.
Summary of the invention
The object of the present invention is to provide a kind of authentication system and auth method, be intended to solve when the network equipment carries out service request in the prior art, repeat to send authentication information, the problem of waste bandwidth.
The present invention is achieved in that a kind of auth method, and this method comprises: step S107, server obtain the authentication information and the IP of service request terminal; Next carry out step S108; Step S108 judges whether authentication information is legal; Legal, change step S109; Step S109, stores service request end IP is in the IP tabulation; Next change step S112; Step S112 returns the required service of service request terminal; Carry out step S113, step S113, the service request terminal authentication state is set to: need not to send authentication information.
This auth method also is included in step S108 to be judged when authentication information is illegal, the step of Zhi Hanging: step S114 successively, and the request of service request terminal is illegal, returns illegal request information; Step S115, the service request terminal authentication state is set to: need to send authentication information.
This auth method also comprised step S106 before step S107, server receives service request, judges whether comprise authentication information in the service request; If comprise authentication information, then change step S107.
This auth method also comprises: when not comprising authentication information in the judgement service request among the step S106, step S110 of Zhi Hanging and step S111: step S110 successively, obtain the IP of service request terminal, and step S111, whether the IP that judges service request terminal is stored in the IP tabulation, if change step S112, otherwise carry out S114 and step S115 successively.
This auth method comprised step: step Si01 successively before step S106, service request terminal sends service request; Step S102 judges whether to send authentication information according to proofing state; If desired, change step S103, otherwise change step 105; Step S103 generates authentication information, and combination authentication information and service request; Next carry out step S104; Step S104 sends the service request that comprises authentication information; Step S105 directly sends service request; Wherein, among this step S102, the proofing state of service request terminal has two kinds, and a kind of proofing state is: the state that needs to send authentication information; A kind of proofing state is: the state that need not to send authentication information; This step S103 specifically may further comprise the steps: at first, obtain the identity information of service request terminal, and produce the dynamic authentication key assignments; Then, combination identity information and dynamic authentication key assignments generate authentication information; At last, with the authentication information and the service request combination that generate; Wherein, identity information is the information of unique identification service request terminal; Among the step S103, can also make up as authentication information and service request by direct identity information service request terminal.
The present invention also provides a kind of authentication system, and this system comprises service request terminal and server, and service request terminal comprises: proofing state memory module, storage proofing state; The proofing state detection module detects the proofing state that current proofing state memory module is stored, and when sending service request to judge, whether needs to send authentication information; Central processing unit according to the proofing state that the proofing state detection module detects, sends service request to server;
Server comprises: the IP memory module, store the IP of legal service request terminal; Authentication module, whether service for checking credentials request comprises authentication information, whether if comprise authentication information, it is legal then judge to send the request end of service request by authentication information: legally then provide required service, and IP to the IP memory module of stores service request end; If service request information does not comprise authentication information, then obtain the IP of service request terminal, compare with the IP that is stored in the IP memory module, if this IP is stored in the IP memory module, think that then this service request terminal is legal, return corresponding service request; If this IP is stored in the IP memory module, does and then go out the illegal judgement of service request terminal.
This service request terminal also comprises: the identity information extraction module, and detecting proofing state at the proofing state detection module is when needing the state of transmission authentication information, obtains the identity information of service request terminal; The key assignments generation module generates dynamic key assignments; The authorization information composite module is combined into authentication information with dynamic key assignments and the identity information that generates.
In authentication system of the present invention and the method, when service request terminal is carried out service request, send once legal authentication information, the webserver is then stored the IP of this service request terminal, and service request terminal is follow-up when carrying out repeatedly service request, need not to repeat again to send authentication information, only rely on its IP can be by the authentication of server, therefore, when this method is carried out authentication, need not repeat to send a large amount of authentication information, save bandwidth.
Description of drawings
Fig. 1 is the flow chart of auth method of the present invention;
Fig. 2 is the structured flowchart of authentication system of the present invention.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, the present invention is further elaborated below in conjunction with drawings and Examples.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
Seeing also Fig. 1, is the flow chart of auth method of the present invention.This auth method comprises the steps:
Step S101, service request terminal sends service request;
Service request is service request terminal is sent request from the service of obtaining to server;
Step S102 judges whether to send authentication information according to proofing state; If desired, change step S103, otherwise change step 105;
The proofing state that is stored in service request terminal has two kinds, and a kind of proofing state is: the state that needs to send authentication information; A kind of proofing state is: the state that need not to send authentication information;
Step S103 generates authentication information, and combination authentication information and service request; Next carry out step S104;
In this step, at first, obtain the identity information of service request terminal, and produce the dynamic authentication key assignments; This identity information is the information of unique identification service request terminal, as plant information, and device id etc.; The dynamic authentication key assignments then is used for identity information is encrypted, and it can be a kind of dynamic key of encryption;
Then, combination identity information and dynamic authentication key assignments generate authentication information; Authentication information is server end carries out authentication to service request terminal a information, usually, the authentication information of every service request terminal also all is stored in the server, so that the server by utilizing authentication information is carried out authentication to what request was served to service request terminal.
At last, with the authentication information and the service request combination that generate;
In addition, if under the less demanding situation of security performance, can be directly with the identity information of service request terminal as authentication information; Needn't utilize dynamic key-value pair identity information to encrypt;
Step S104 sends the service request that comprises authentication information;
Step S105 directly sends service request;
Above step S101 is the flow process of service request terminal transmission service request to step S105;
Next be that server carries out authentication and returns the flow process of corresponding information and the flow process of the information change authentication state that the service request terminal basis is returned:
Step S106, server receives service request, judges whether comprise authentication information in the service request; If comprise authentication information, then change step S107, otherwise change step 110;
The service request that server receives in this step is the service request that directly sends among the service request of the authentication information that comprises among the step S104 or the step S105;
Step S107, server obtain the authentication information and the IP of service request terminal; Next carry out step S108;
Among the step S107, service request terminal is carried out service request, its IP also must be sent to server together, otherwise server can't provide service for service request terminal;
Step S108 judges whether authentication information is legal;
Because server is when every equipment dispatches from the factory, promptly store the authentication information of every equipment, at this, server need compare the authentication information of reception and the authentication information of storage, if the authentication information that receives is consistent with the authentication information of storage, think that then this authentication information is legal, change step S109, otherwise, change step S114;
Step S109, stores service request end IP is in the IP tabulation; Next change step S112;
This IP tabulation comprises in the server IP of the service request terminal that empirical tests is legal;
Step S110 obtains the IP of service request terminal; Next execution in step S111;
Step S111 judges whether the IP of service request terminal is stored in the IP tabulation, if change step S112, otherwise change step S114;
Step S112 returns the required service of service request terminal;
Step S113, the service request terminal authentication state is set to: need not to send authentication information;
Step S114, the request of service request terminal is illegal, returns illegal request information; Change step S115;
Step S115, the service request terminal authentication state is set to: need to send authentication information.
Service request terminal is generally the network equipments such as Web TV or computer in this method; Server provides various services by network to the network equipment.
In this method, when service request terminal is carried out service request, send once legal authentication information, the webserver is then stored the IP of this service request terminal, and service request terminal is follow-up when carrying out repeatedly service request, need not to repeat again to send authentication information, only rely on its IP can be by the authentication of server, therefore, when this method is carried out authentication, need not repeat to send a large amount of authentication information, save bandwidth.
The structured flowchart of authentication system of the present invention as shown in Figure 2, this authentication system comprises: service request terminal 200 and server 300.Service request terminal 200 comprises identity information extraction module 201, key assignments generation module 202, proofing state detection module 203, authorization information composite module 204, proofing state memory module 205 and central processing unit 206.
The proofing state memory module 205 storage proofing states of this service request terminal 200, a kind of proofing state is: the state that needs to send authentication information; A kind of proofing state is: the state that need not to send authentication information.
Proofing state detection module 203 is used to detect the proofing state that current proofing state memory module 205 is stored, and when sending service request to judge, whether needs to send authentication information.
It is when needing the state of transmission authentication information that identity information extraction module 201 detects proofing state at proofing state detection module 203, obtains the identity information of service request terminal 200, the information etc. of dispatching from the factory that writes when for example device id or equipment dispatch from the factory.
Key assignments generation module 202 generates dynamic key assignments, and as keys such as checking KEY, this dynamic key assignments is used for the identity information of service request terminal 200 that identity information extraction module 201 is obtained to be encrypted, and improves the fail safe of identity information in the transmission course.
Dynamic key assignments and identity information that authorization information composite module 204 will generate are combined into authentication information;
The proofing state that central processing unit 206 proofing state detection modules 203 detect sends service request: when proofing state is when needing the transmission authentication information, after authentication information and service request combination, be sent to server 300; Under the situation of no authentication information, directly send service request to server 300; In addition, the work of the whole service request terminal 200 of central processing unit 206 control comprises information transmit-receive between service request terminal 200 and the server 300 etc.; When receiving correct service, central processing unit 206 proofing state memory modules 205 storage proofing states are set to need not to send authentication information, otherwise are set to need to send the state of authentication information.
In this system, when service request terminal 200 is carried out service request, send once legal authentication information, the IP of this service request terminal 200 of 300 of servers storage, service request terminal 200 is follow-up when carrying out repeatedly service request, need not to repeat again to send authentication information, only rely on the authentication that its IP can be by server 300, therefore, when this authentication system carries out authentication, need not repeat to send a large amount of authentication information, save bandwidth.
The above only is preferred embodiment of the present invention, not in order to restriction the present invention, all any modifications of being done within the spirit and principles in the present invention, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. auth method, this method comprises:
Step S107, server obtain the authentication information and the IP of service request terminal; Next carry out step S108;
Step S108 judges whether authentication information is legal; Legal, change step S109;
Step S109, stores service request end IP is in the IP tabulation; Next change step S112;
Step S112 returns the required service of service request terminal; Carry out step S113,
Step S113, the service request terminal authentication state is set to: need not to send authentication information.
2. auth method according to claim 1 is characterized in that, this method also is included in step S108 to be judged when authentication information is illegal, successively the step of Zhi Hanging:
Step S114, the request of service request terminal is illegal, returns illegal request information;
Step S115, the service request terminal authentication state is set to: need to send authentication information.
3. auth method according to claim 2 is characterized in that, also comprises step S106 before step S107, and server receives service request, judges whether comprise authentication information in the service request; If comprise authentication information, then change step S107.
4. auth method according to claim 3 is characterized in that, this method also comprises: when in judging service request among the step S106, not comprising authentication information, and step S110 of Zhi Hanging and step S111 successively:
Step S110 obtains the IP of service request terminal, and
Step S111 judges whether the IP of service request terminal is stored in the IP tabulation, if change step S112, otherwise carry out S114 and step S115 successively.
5. auth method according to claim 2 is characterized in that, comprises step before step S106 successively:
Step S101, service request terminal sends service request;
Step S102 judges whether to send authentication information according to proofing state; If desired, change step S103, otherwise change step 105;
Step S103 generates authentication information, and combination authentication information and service request; Next carry out step S104;
Step S104 sends the service request that comprises authentication information;
Step S105 directly sends service request.
6. auth method according to claim 5 is characterized in that, among the step S102, the proofing state of service request terminal has two kinds, and a kind of proofing state is: the state that needs to send authentication information; A kind of proofing state is: the state that need not to send authentication information.
7. auth method according to claim 5 is characterized in that step S103 specifically may further comprise the steps:
At first, obtain the identity information of service request terminal, and produce the dynamic authentication key assignments;
Then, combination identity information and dynamic authentication key assignments generate authentication information;
At last, with the authentication information and the service request combination that generate; Wherein, identity information is the information of unique identification service request terminal.
8. auth method according to claim 5 is characterized in that, among the step S103, directly the identity information with service request terminal makes up as authentication information and service request.
9. authentication system, this system comprises service request terminal and server, service request terminal comprises:
The proofing state memory module, the storage proofing state;
The proofing state detection module detects the proofing state that current proofing state memory module is stored, and when sending service request to judge, whether needs to send authentication information;
Central processing unit according to the proofing state that the proofing state detection module detects, sends service request to server;
Server comprises:
The IP memory module is stored the IP of legal service request terminal;
Authentication module, whether service for checking credentials request comprises authentication information, whether if comprise authentication information, it is legal then judge to send the request end of service request by authentication information: legally then provide required service, and IP to the IP memory module of stores service request end; If service request information does not comprise authentication information, then obtain the IP of service request terminal, compare with the IP that is stored in the IP memory module, if this IP is stored in the IP memory module, think that then this service request terminal is legal, return corresponding service request; If this IP is stored in the IP memory module, does and then go out the illegal judgement of service request terminal.
10. authentication system according to claim 9 is characterized in that service request terminal also comprises:
The identity information extraction module, detecting proofing state at the proofing state detection module is when needing the state of transmission authentication information, obtains the identity information of service request terminal;
The key assignments generation module generates dynamic key assignments;
The authorization information composite module is combined into authentication information with dynamic key assignments and the identity information that generates.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100741024A CN102104610A (en) | 2011-03-25 | 2011-03-25 | Authentication method and authentication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100741024A CN102104610A (en) | 2011-03-25 | 2011-03-25 | Authentication method and authentication system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102104610A true CN102104610A (en) | 2011-06-22 |
Family
ID=44157136
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100741024A Pending CN102104610A (en) | 2011-03-25 | 2011-03-25 | Authentication method and authentication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102104610A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102724172A (en) * | 2011-07-28 | 2012-10-10 | 北京天地互连信息技术有限公司 | System and method supporting rapid access authentication |
| CN103117986A (en) * | 2011-11-17 | 2013-05-22 | 腾讯科技(深圳)有限公司 | Authentication method, system and authentication server of wireless client |
| CN112784229A (en) * | 2021-01-11 | 2021-05-11 | 珠海格力电器股份有限公司 | Information verification method and system |
| CN116156152A (en) * | 2023-01-05 | 2023-05-23 | 中国联合网络通信集团有限公司 | Method and device for IPTV service fault diagnosis |
| CN118842662A (en) * | 2024-09-23 | 2024-10-25 | 超级智慧家(上海)物联网科技有限公司 | Anti-channel conflict method for Internet of things host, internet of things system and cloud |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1620034A (en) * | 2003-11-21 | 2005-05-25 | 维豪信息技术有限公司 | Identification gateway and its data treatment method |
| CN101277234A (en) * | 2007-03-28 | 2008-10-01 | 华为技术有限公司 | A home network and login method |
| CN201345700Y (en) * | 2008-12-12 | 2009-11-11 | 天津三星电子显示器有限公司 | Television with function of program resource sharing |
-
2011
- 2011-03-25 CN CN2011100741024A patent/CN102104610A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1620034A (en) * | 2003-11-21 | 2005-05-25 | 维豪信息技术有限公司 | Identification gateway and its data treatment method |
| CN101277234A (en) * | 2007-03-28 | 2008-10-01 | 华为技术有限公司 | A home network and login method |
| CN201345700Y (en) * | 2008-12-12 | 2009-11-11 | 天津三星电子显示器有限公司 | Television with function of program resource sharing |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102724172A (en) * | 2011-07-28 | 2012-10-10 | 北京天地互连信息技术有限公司 | System and method supporting rapid access authentication |
| CN103117986A (en) * | 2011-11-17 | 2013-05-22 | 腾讯科技(深圳)有限公司 | Authentication method, system and authentication server of wireless client |
| CN103117986B (en) * | 2011-11-17 | 2016-01-13 | 腾讯科技(深圳)有限公司 | The verification method of wireless client, system and authentication server |
| CN112784229A (en) * | 2021-01-11 | 2021-05-11 | 珠海格力电器股份有限公司 | Information verification method and system |
| CN116156152A (en) * | 2023-01-05 | 2023-05-23 | 中国联合网络通信集团有限公司 | Method and device for IPTV service fault diagnosis |
| CN118842662A (en) * | 2024-09-23 | 2024-10-25 | 超级智慧家(上海)物联网科技有限公司 | Anti-channel conflict method for Internet of things host, internet of things system and cloud |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8453220B2 (en) | Device association | |
| CN108243188B (en) | Interface access, interface call and interface verification processing method and device | |
| US20150281239A1 (en) | Provision of access privileges to a user | |
| CN104079543A (en) | Method, device and system for acquiring monitoring authority of intelligent home system | |
| TW201712581A (en) | Method, apparatus and system for preventing cross-site request forgery | |
| CN105554098A (en) | Device configuration method, server and system | |
| CN104753943A (en) | Method and device for log-in control of third-party account | |
| CN105262773B (en) | A kind of verification method and device of Internet of things system | |
| CN102739663A (en) | Detection method and scanning engine of web pages | |
| WO2009003030A3 (en) | Secure mobile payment system | |
| CN105100032A (en) | Method and apparatus for preventing resource steal | |
| CN105471815A (en) | Internet-of-things data security method and Internet-of-things data security device based on security authentication | |
| CN104410622A (en) | Security Authentication Method, Client and System for Logging in Web System | |
| CN105897652A (en) | Standard protocol based heterogeneous terminal dynamic access method | |
| CN105516055B (en) | Data access method, access device, target device and management server | |
| CN102104610A (en) | Authentication method and authentication system | |
| CN105553920A (en) | Data interaction method, apparatus, and system | |
| CN111130769A (en) | Internet of things terminal encryption method and device | |
| CN105847277A (en) | Service account share management method and system used for third party application | |
| US20190141047A1 (en) | Vehicle network access control method and infotainment apparatus therefor | |
| CN106936600B (en) | Flow charging method and system and related equipment | |
| CN113259429A (en) | Session keeping control method, device, computer equipment and medium | |
| CN105743746A (en) | Intelligent home electric appliance management method, management apparatus and management system | |
| CN103888465A (en) | Method and device for detecting webpage hijacking | |
| CN103259785A (en) | Authentication method and system of virtual token |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110622 |