[go: up one dir, main page]

CN1277366C - Method of information providing end data protection - Google Patents

Method of information providing end data protection Download PDF

Info

Publication number
CN1277366C
CN1277366C CN 02145981 CN02145981A CN1277366C CN 1277366 C CN1277366 C CN 1277366C CN 02145981 CN02145981 CN 02145981 CN 02145981 A CN02145981 A CN 02145981A CN 1277366 C CN1277366 C CN 1277366C
Authority
CN
China
Prior art keywords
management server
data management
requester
request end
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CN 02145981
Other languages
Chinese (zh)
Other versions
CN1494253A (en
Inventor
段小琴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN 02145981 priority Critical patent/CN1277366C/en
Priority to PCT/CN2003/000871 priority patent/WO2004054172A1/en
Priority to AU2003272873A priority patent/AU2003272873A1/en
Publication of CN1494253A publication Critical patent/CN1494253A/en
Application granted granted Critical
Publication of CN1277366C publication Critical patent/CN1277366C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种信息提供端数据保护的方法,涉及数据安全领域,采用数据管理服务器完成对请求端访问密码的管理:数据管理服务器为信息提供端授权的每个请求端分配访问密码,数据管理服务器依据请求端提供的访问密码进行身份验证;数据管理服务器还可以按照信息提供端的指示对请求端的访问密码进行注销和修改。在授权过程中,信息提供端只需在数据管理服务器上对请求端进行授权,由数据管理服务器完成对请求端访问密码的分配,而信息提供端无需自行为请求端分配访问密码,以实现对授权机制的改进;在验证过程中,当请求端向信息提供端发访问请求时,由数据管理服务器完成请求端访问密码的核对和验证,以提高请求端对信息提供端数据的访问效率。

Figure 02145981

The invention discloses a data protection method for an information provider, which relates to the field of data security. A data management server is used to complete the management of the requester's access password: the data management server assigns an access password to each requester authorized by the information provider, and the data The management server performs identity verification according to the access password provided by the requester; the data management server can also log out and modify the access password of the requester according to the instructions of the information provider. In the authorization process, the information provider only needs to authorize the requester on the data management server, and the data management server completes the distribution of the requester's access password, and the information provider does not need to assign an access password to the requester by itself, so as to realize the authorization of the requester. Improvement of the authorization mechanism; in the verification process, when the requester sends an access request to the information provider, the data management server completes the verification and verification of the requester's access password to improve the access efficiency of the requester to the information provider's data.

Figure 02145981

Description

一种信息提供端数据保护的方法A method for protecting data at an information provider

技术领域technical field

本发明涉及数据安全领域,特别是一种信息提供端数据保护的方法。The invention relates to the field of data security, in particular to a method for protecting data at an information provider.

背景技术Background technique

在通信领域中,对于信息提供端信息、资源等数据的安全保护方式通常采用密码验证的方式。对每个需要访问信息数据的请求端都分配有一个访问密码,该请求端在访问信息提供端数据之前要先进行访问密码的验证,访问密码验证通过后请求端才能被接入访问,访问密码验证不通过则拒绝请求端的访问,即通过访问密码保护来控制请求端对信息提供端数据的访问,防止非法访问和非法接入。这里,信息提供端是指提供一定信息和资源的被访问者,请求端是指向信息提供端请求访问其信息、资源等数据的访问端。In the field of communication, password verification is usually adopted for the security protection of data such as information and resources at the information provider. Each requester that needs to access information data is assigned an access password. The requester must first verify the access password before accessing the information provider data. Only after the access password verification is passed can the requester be accessed. Access password If the verification fails, the access of the requesting end is rejected, that is, the access of the requesting end to the data of the information provider is controlled through access password protection to prevent illegal access and access. Here, the information provider refers to the interviewee who provides certain information and resources, and the requester refers to the access terminal that points to the information provider to request access to its information, resources and other data.

具体到移动通信网络的位置业务(LCS,Location Service)中,请求端在获取信息提供端地理位置的过程中,信息提供端需要请求端提供访问密码(cordword)来验证请求端是否已被授权。在第三代伙伴计划(3GPP,ThirdGeneration Partnership Project)的Rel 6TS2071-610规范中提出两种对访问密码的验证方式:一种方式是信息提供端为每个请求端分配访问密码,且在位置请求时,请求端向移动通信网络提供访问密码,移动通信网络将访问密码随同请求信息一起提供给信息提供端,由信息提供端进行访问密码的验证,该验证方式通常称为信息提供端全权管理方式。另一种方式是信息提供端提前在移动通信网络上对每一个请求端的访问密码进行注册,由移动通信网络对请求端提供的访问密码进行验证,该验证方式通常称为密码验证服务器管理方式。Specifically, in the location service (LCS, Location Service) of the mobile communication network, in the process of obtaining the geographic location of the information provider at the requesting end, the information provider needs the requesting end to provide an access password (cordword) to verify whether the requesting end is authorized. In the Rel 6TS2071-610 specification of the Third Generation Partnership Project (3GPP, Third Generation Partnership Project), two methods of verifying the access password are proposed: one method is that the information provider assigns the access password to each requesting end, and the location request At the same time, the requester provides the access password to the mobile communication network, and the mobile communication network provides the access password together with the request information to the information provider, and the information provider verifies the access password. This verification method is usually called the full authority management method of the information provider. . Another method is that the information provider registers the access password of each requester on the mobile communication network in advance, and the mobile communication network verifies the access password provided by the requester. This verification method is usually called password verification server management method.

目前,在信息提供端全权管理方式下,当信息提供端对请求端A进行授权、验证时,信息提供端为请求端A分配一个访问密码,并将与请求端A相对应的访问密码通知请求端A;请求端A请求访问信息提供端数据时,向信息提供端提供自己的访问密码;信息提供端在进行访问密码验证时,是将请求端A提供的访问密码与自己分配给请求端A的访问密码进行比较、核对,如果一致,则访问密码验证通过,接受访问请求;否则,拒绝访问请求。At present, under the full management mode of the information provider, when the information provider authorizes and verifies the requester A, the information provider assigns an access password to the requester A, and notifies the requester of the access password corresponding to the requester A. When the requester A requests to access the data of the information provider, it provides its own access password to the information provider; when the information provider verifies the access password, it assigns the access password provided by the requester A and itself to the requester A The access passwords are compared and checked, and if they are consistent, the access password verification is passed and the access request is accepted; otherwise, the access request is rejected.

信息提供端全权管理方式下,访问密码的分配、比较、核对和管理全部由信息提供端完成。这样,对于大量的请求端,信息提供端需要为请求端分配大量的不同的访问密码,并且需要记忆每个访问密码和请求端之间的对应关系。对于访问密码的修改和注销工作,也需要由信息提供端进行相应的访问密码分配和管理,工作量较大且需要占用信息提供端的存储资源。Under the full management mode of the information provider, the allocation, comparison, verification and management of access passwords are all completed by the information provider. In this way, for a large number of requesting ends, the information provider needs to assign a large number of different access passwords to the requesting ends, and needs to memorize the correspondence between each access password and the requesting end. For the modification and logout of access passwords, the information provider also needs to assign and manage the corresponding access passwords, which requires a large workload and occupies storage resources of the information provider.

在密码验证服务器管理方式下,信息提供端为请求端B分配一个访问密码,并将该访问密码提前注册于密码验证服务器上,然后信息提供端或密码验证服务器将请求端B的访问密码通知请求端B;请求端B请求访问信息提供端数据时,向密码验证服务器提供自己的访问密码。密码验证服务器在进行访问密码验证时,密码验证服务器将请求端B提供的访问密码与信息提供端提前注册的与请求端B对应的访问密码进行比较、核对,如果一致,则访问密码验证通过,接受访问请求;否则,拒绝访问请求。In the password verification server management mode, the information provider assigns an access password to the requester B, and registers the access password on the password verification server in advance, and then the information provider or the password verification server notifies the requester of the access password of the requester B Terminal B; when the requesting terminal B requests access to the data of the information provider, it provides its own access password to the password verification server. When the password verification server performs access password verification, the password verification server compares and checks the access password provided by the requester B with the access password registered in advance by the information provider and corresponding to the requester B, and if they are consistent, the access password verification is passed. Accept the access request; otherwise, deny the access request.

上面所述的密码验证服务器是一种能够存储信息提供端对不同请求端分配的不同访问密码,并能够根据请求端提供的访问密码进行验证的服务器。该密码验证服务器可以独立成一个物理实体,也可以作为一个功能模块集成在其他实体中。The password verification server mentioned above is a server that can store different access passwords assigned by the information provider to different requesters, and can perform verification according to the access passwords provided by the requester. The password verification server can be independently formed as a physical entity, or can be integrated in other entities as a functional module.

密码验证服务器管理方式较信息提供端全权管理方式简化了信息提供端的访问密码验证部分,将访问密码验证部分通过密码验证服务器来完成。但访问密码的分配和管理工作同样由信息提供端来完成,信息提供端同样需要记忆已分配了的每个访问密码与请求端之间的对应关系,以避免造成误用。对于访问密码的修改和注销工作,也需要由信息提供端进行相应的访问密码分配和管理,同样存在信息提供端工作量大的问题。The password verification server management method simplifies the access password verification part of the information provider compared with the full power management method of the information provider, and completes the access password verification part through the password verification server. However, the distribution and management of access passwords are also completed by the information provider, and the information provider also needs to memorize the corresponding relationship between each assigned access password and the requester, so as to avoid misuse. For the modification and logout of access passwords, the information provider also needs to assign and manage the corresponding access passwords, and there is also the problem of heavy workload at the information provider.

发明内容Contents of the invention

有鉴于此,本发明的目的在于提供一种信息提供端数据保护的方法,将访问密码的分配、管理和安全性验证全部集中在数据管理服务器中完成,实现了对授权验证机制的改进。In view of this, the purpose of the present invention is to provide a method for data protection at the information provider, which centralizes the distribution, management and security verification of access passwords in the data management server, thereby improving the authorization verification mechanism.

为了达到上述目的,本发明提供了一种信息提供端数据保护的方法,其特征在于该方法包括:In order to achieve the above object, the present invention provides a method for protecting data at an information provider, which is characterized in that the method includes:

A、预先在请求端和信息提供端之间设置数据管理服务器,信息提供端通知数据管理服务器其授权的请求端信息,由该数据管理服务器为信息提供端授权的每个请求端分配一个访问密码,并将该访问密码通知相应的请求端;A. Set up a data management server between the requester and the information provider in advance, and the information provider notifies the data management server of its authorized requester information, and the data management server assigns an access password to each requester authorized by the information provider , and notify the corresponding requester of the access password;

B、当请求端访问信息提供端时,由步骤A所设置的数据管理服务器根据请求端提供的访问密码对其身份进行验证。B. When the requester accesses the information provider, the data management server set in step A verifies its identity according to the access password provided by the requester.

步骤A进一步包括:Step A further includes:

A1、信息提供端向数据管理服务器提供其授权的请求端标识名单;A1. The information provider provides the data management server with a list of its authorized requester identifiers;

A2、数据管理服务器为每个请求端分配一个访问密码,并将该访问密码通知相应的请求端;同时,数据管理服务器存储信息提供端标识、请求端标识和访问密码及三者之间的对应关系。A2. The data management server assigns an access password to each requesting end, and notifies the corresponding requesting end of the access password; at the same time, the data management server stores the identity of the information provider, the identity of the requesting end, the access password and the correspondence between the three relation.

步骤B进一步包括:Step B further includes:

B1、请求端请求访问信息提供端数据时,向数据管理服务器提供被访问信息提供端的标识、请求端标识及该请求端的访问密码;B1. When the requester requests access to the data of the information provider, provide the data management server with the identifier of the accessed information provider, the identifier of the requester and the access password of the requester;

B2、数据管理服务器在自身存储的信息中搜索到与信息提供端相对应的请求端的访问密码,将其与当前请求端所提供的访问密码进行比较核对,如果一致,则通过密码验证,数据管理服务器通知该请求端接受其访问请求;否则,数据管理服务器通知该请求端拒绝其访问请求。B2. The data management server searches the information stored in itself for the access password of the requesting end corresponding to the information provider, and compares it with the access password provided by the current requesting end. If they are consistent, pass the password verification. Data management The server notifies the requesting end to accept its access request; otherwise, the data management server notifies the requesting end to reject its access request.

较佳地,该方法进一步包括:信息提供端注销请求端的访问密码时,信息提供端向数据管理服务器提供需要注销的请求端标识名单,数据管理服务器根据该注销请求端标识名单注销相应请求端原来的访问密码,并通知该请求端。Preferably, the method further includes: when the information provider cancels the access password of the requester, the information provider provides the data management server with a list of requester identifiers that need to be canceled, and the data management server cancels the corresponding requester's original ID according to the cancellation requester identifier list. access password and notify the requesting end.

该方法进一步包括:信息提供端修改请求端的访问密码时,信息提供端向数据管理服务器提供需要修改的请求端标识名单,数据管理服务器根据该修改请求端标识名单为相应请求端重新分配访问密码,同时注销该请求端原来的访问密码,并将修改后的访问密码通知该请求端。The method further includes: when the information provider modifies the access password of the requester, the information provider provides the data management server with a list of requester identifiers that need to be modified, and the data management server reassigns the access password for the corresponding requester according to the revised requester identifier list, At the same time, cancel the original access password of the requesting end, and notify the requesting end of the modified access password.

步骤A进一步包括:在请求端和信息提供端预先设置包括密码随机产生器、数据存储数据库和密码验证器的数据管理服务器。Step A further includes: presetting a data management server including a password random generator, a data storage database and a password verifier at the requesting end and the information providing end.

本发明通过数据管理服务器集中完成了对请求端访问密码的分配、验证和管理操作。在整个过程中,信息提供端只需在数据管理服务器上对请求端进行授权,数据管理服务器自动对每个请求端分配访问密码,并完成对请求端身份的鉴别和对访问密码的管理。因此,访问密码对信息提供端来说完全是透明的,信息提供端不需要为请求端自行分配访问密码,甚至信息提供端不需要知道访问密码的内容便完成了整个授权过程,大大简化了信息提供端的授权机制。当请求端向信息提供端发出访问请求时,由数据管理服务器完成请求端访问密码的核对和验证工作,提高了请求端对信息提供端数据的访问效率。The invention centrally completes the distribution, verification and management operations of the access password of the requesting end through the data management server. In the whole process, the information provider only needs to authorize the requester on the data management server, and the data management server automatically assigns an access password to each requester, and completes the identification of the requester's identity and the management of the access password. Therefore, the access password is completely transparent to the information provider. The information provider does not need to assign an access password to the requester. Even the information provider does not need to know the content of the access password to complete the entire authorization process, which greatly simplifies the information Authorization mechanism on the provider side. When the requester sends an access request to the information provider, the data management server completes the checking and verification of the requester's access password, which improves the access efficiency of the requester to the information provider's data.

附图说明Description of drawings

图1为本发明授权验证系统结构示意图;Fig. 1 is a schematic structural diagram of the authorization verification system of the present invention;

图2为本发明数据管理服务器授权验证实现的流程图。Fig. 2 is a flow chart of the realization of authorization verification of the data management server of the present invention.

具体实施方式Detailed ways

为了使本发明的目的、技术方案和优点更加清楚,下面结合附图对本发明作进一步地详细描述。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

本发明是通过访问密码的分配、验证和管理全部由数据管理服务器完成的方法来改进授权验证机制。The invention improves the authorization verification mechanism through the method that the distribution, verification and management of access passwords are all completed by the data management server.

图1为本发明授权验证系统结构示意图,如图1所示:本发明的授权验证系统主要由请求端101、数据管理服务器102和信息提供端103组成。FIG. 1 is a schematic structural diagram of the authorization verification system of the present invention. As shown in FIG. 1 , the authorization verification system of the present invention is mainly composed of a requester 101 , a data management server 102 and an information provider 103 .

其中,数据管理服务器102是指一种能够根据信息提供端授权的不同请求端标识来分配不同的访问密码、并且对访问密码进行管理和验证的服务器。该数据管理服务器102可以独立成一个物理实体,也可以作为一个功能模块集成在其他实体中。Wherein, the data management server 102 refers to a server that can allocate different access passwords according to different requester identifiers authorized by the information provider, and manage and verify the access passwords. The data management server 102 can be independently formed as a physical entity, or can be integrated in other entities as a functional module.

数据管理服务器102从功能上可进一步划分为三个部分:密码随机产生器104、数据存储数据库105和密码验证器106。密码随机产生器104用于随机产生密码,要求使用一定的标准算法使得产生的密码各不相同且无规律性。此处所采用的密码产生算法可以随意选择,如根据请求端的标识加随机后缀等等。数据存储数据库105用于保存各信息提供端103标识、与其对应的请求端101标识和密码随机产生器为请求端101分配的访问密码,以及三者相互之间的对应关系。密码验证器106用于从数据存储数据库105中搜索出与当前某信息提供端的请求端相对应的访问密码,并将其与当前请求端101提供的访问密码进行比较核对。由此可见,数据管理服务器可以是授权验证机制中新设置的一个功能实体,也可以是在现有技术中的密码验证服务器上增加密码随机产生器部分,如此,即可实现数据管理服务器的全部功能。Functionally, the data management server 102 can be further divided into three parts: a password random generator 104 , a data storage database 105 and a password verifier 106 . The password random generator 104 is used for randomly generating passwords, requiring the use of a certain standard algorithm so that the generated passwords are different and irregular. The password generation algorithm used here can be selected arbitrarily, such as adding a random suffix according to the identification of the requesting end and so on. The data storage database 105 is used to save the identification of each information provider 103, the identification of the corresponding requesting end 101, the access password assigned by the password random generator for the requesting end 101, and the correspondence between the three. The password validator 106 is used to search the data storage database 105 for the access password corresponding to the requester of the current information provider, and compare it with the access password provided by the current requester 101 . It can be seen that the data management server can be a functional entity newly set in the authorization verification mechanism, or a password random generator part can be added to the password verification server in the prior art, so that all functions of the data management server can be realized. Function.

在本发明中,信息提供端向数据管理服务器提供需要授权的请求端标识名单,该请求端标识可以是请求端名称等能够唯一标识请求端的信息,用以区分该信息提供端各个不同的请求端。数据管理服务器中的密码随机产生器依据事先设定的标准算法为每个请求端随机分配一个访问密码,如采用依据请求端的标识加上随机后缀生成密码的算法,以保证每个请求端的密码各不相同且无规律性。数据管理服务器将访问密码通知相应的请求端。该信息提供端的标识、该信息提供端的每个请求端标识和分配的密码以及三者相互之间的对应关系存储于数据管理服务器中的数据存储数据库中。请求端请求访问信息提供端数据时,请求端向数据管理服务器提供被访问信息提供端的标识、请求端标识及该请求端的访问密码。数据管理服务器中的密码验证器从数据存储数据库中搜索到与该信息提供端相对应的该请求端的访问密码,将其与该信息提供端的请求端提供的访问密码进行比较核对,如果一致,则通过密码验证,数据管理服务器通知该请求端接受其访问请求;如果不一致,则数据管理服务器通知该请求端拒绝其访问请求。In the present invention, the information provider provides the data management server with a list of requester identifiers that need to be authorized. The requester identifier can be information that can uniquely identify the requester, such as the name of the requester, to distinguish the different requesters of the information provider. . The password random generator in the data management server randomly assigns an access password to each requester according to a preset standard algorithm. Different and irregular. The data management server notifies the corresponding requesting end of the access password. The identifier of the information provider, the identifier of each requester of the information provider and the assigned password, and the correspondence between the three are stored in the data storage database in the data management server. When the requester requests to access the data of the information provider, the requester provides the identifier of the accessed information provider, the identifier of the requester and the access password of the requester to the data management server. The password validator in the data management server searches the data storage database for the access password of the requester corresponding to the information provider, compares it with the access password provided by the requester of the information provider, and if they are consistent, then Through password verification, the data management server notifies the requesting end to accept its access request; if inconsistent, the data management server notifies the requesting end to reject its access request.

当信息提供端需要注销一些请求端的访问密码时,只需向数据管理服务器提供需要注销的请求端标识名单,数据管理服务器根据该注销请求端标识名单自动注销该请求端原来的访问密码,并通知该请求端。该请求端使用原来的访问密码将无法通过密码验证,无法访问信息提供端。When the information provider needs to cancel the access passwords of some requesters, it only needs to provide the data management server with a list of requester identifiers that need to be cancelled, and the data management server will automatically cancel the original access passwords of the requester according to the logout list of requester identifiers, and notify the requesting end. If the requester uses the original access password, it will not be able to pass the password verification and cannot access the information provider.

当信息提供端需要修改一些请求端的访问密码时,只需向数据管理服务器提供需要修改的请求端标识名单,数据管理服务器根据该修改请求端标识名单自动为该请求端重新分配访问密码,同时将该请求端原来的访问密码注销。数据管理服务器会将修改后的访问密码通知该请求端。该请求端使用原来的访问密码将无法通过密码验证,无法访问信息提供端,该请求端只有使用新分配的访问密码才能通过密码验证,访问信息提供端。When the information provider needs to modify the access passwords of some requesters, it only needs to provide the data management server with the list of requester identifiers that need to be modified, and the data management server will automatically re-allocate the access passwords for the requester according to the revised requester identifier list, and at the same time The requester's original access password is logged out. The data management server will notify the requesting end of the modified access password. Using the original access password, the requester cannot pass the password verification and cannot access the information provider. Only by using the newly assigned access password can the requester pass the password verification and access the information provider.

以移动通信网络中的位置业务为例,预先在移动通信网络中设置数据管理服务器,那么,请求端在获取信息提供端地理位置时的数据管理服务器授权验证过程如图2所示,包括以下的步骤:Taking the location service in the mobile communication network as an example, the data management server is set in advance in the mobile communication network, then, the authorization verification process of the data management server when the requester obtains the geographic location of the information provider is shown in Figure 2, including the following step:

步骤201~步骤203:授权过程。信息提供端向移动通信网络的数据管理服务器提供其授权的请求端标识名单;数据管理服务器中的密码随机产生器为该信息提供端的每个请求端分配一个访问密码,数据管理服务器中的数据存储数据库存储该信息提供端的标识、该信息提供端的每个请求端标识和分配的访问密码以及三者相互之间对应的关系;数据管理服务器将分配的访问密码通知相应的请求端。Step 201-Step 203: Authorization process. The information provider provides its authorized requester ID list to the data management server of the mobile communication network; the password random generator in the data management server assigns an access password to each requester of the information provider, and the data storage in the data management server The database stores the identifier of the information provider, the identifier of each requester of the information provider, the assigned access password, and the corresponding relationship between the three; the data management server notifies the corresponding requester of the assigned access password.

步骤204~步骤208:验证过程。请求端向移动通信网络的数据管理服务器发出访问信息提供端位置的请求,请求端向数据管理服务器提供被访问信息提供端的标识、请求端标识及该请求端的访问密码;数据管理服务器中的密码验证器从数据存储数据库中搜索到与该信息提供端相对应的该请求端的访问密码,将其与该信息提供端的请求端提供的访问密码进行比较核对,如果一致,则通过密码验证,数据管理服务器通知该请求端接受其访问请求;否则,数据管理服务器通知该请求端拒绝其访问请求。Step 204-Step 208: verification process. The requester sends a request to the data management server of the mobile communication network to access the location of the information provider, and the requester provides the data management server with the identifier of the accessed information provider, the identifier of the requester and the access password of the requester; the password verification in the data management server The server searches the data storage database for the access password of the requester corresponding to the information provider, compares it with the access password provided by the requester of the information provider, and if they are consistent, pass the password verification, and the data management server The requesting end is notified to accept its access request; otherwise, the data management server notifies the requesting end to reject its access request.

在本实施例中,当信息提供端需要注销一些请求端的访问密码时,只需向移动通信网络的数据管理服务器提供需要注销的请求端标识名单,数据管理服务器根据该注销请求端标识名单自动注销该请求端原来的访问密码,并通知该请求端。该请求端使用原来的访问密码将无法通过密码验证,无法访问信息提供端。In this embodiment, when the information provider needs to cancel the access passwords of some requesting terminals, it only needs to provide the requesting terminal identification list that needs to be canceled to the data management server of the mobile communication network, and the data management server will automatically cancel according to the cancellation requesting terminal identification list. The requester's original access password, and notify the requester. If the requester uses the original access password, it will not be able to pass the password verification and cannot access the information provider.

在本实施例中,当信息提供端需要修改一些请求端的访问密码时,只需向移动通信网络的数据管理服务器提供需要修改的请求端标识名单,数据管理服务器根据该修改请求端标识名单自动为该请求端重新分配访问密码,并将该请求端原来的访问密码注销。数据管理服务器会将修改后的访问密码通知该请求端。该请求端使用原来的访问密码将无法通过密码验证,无法访问信息提供端,该请求端只有使用新分配的访问密码才能通过密码验证,访问信息提供端。In this embodiment, when the information provider needs to modify the access passwords of some requesting ends, it only needs to provide the requesting end identification list that needs to be modified to the data management server of the mobile communication network, and the data management server will automatically modify the requesting end identification list according to the modification. The requester reassigns the access password, and cancels the original access password of the requester. The data management server will notify the requesting end of the modified access password. Using the original access password, the requester cannot pass the password verification and cannot access the information provider. Only by using the newly assigned access password can the requester pass the password verification and access the information provider.

当然,在实际应用中,本发明提出的有关信息提供端数据安全的授权验证机制还可以应用于其他多种通信系统中。Of course, in practical applications, the authorization verification mechanism related to the data security of the information provider proposed by the present invention can also be applied to other various communication systems.

总之,以上所述仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。In a word, the above descriptions are only preferred embodiments of the present invention, and are not intended to limit the protection scope of the present invention.

Claims (6)

1, a kind of information provides the method for end data protection, it is characterized in that this method comprises:
A, provide in request end and information data management server is set between the end in advance, information provides the request end information of its mandate of end notification data management server, distribute an access code by this data management server for each request end that information provides end to authorize, and notify corresponding request end this access code;
B, when the request end visit information provides when end, its identity is verified according to the access code that the request end provides by the data management server that steps A is set.
2, method according to claim 1 is characterized in that steps A further comprises:
A1, information provide end that the request end sign list of its mandate is provided to data management server;
A2, data management server distribute an access code for each request end, and notify corresponding request end with this access code; Simultaneously, the data management server stored information provides the corresponding relation between end sign, request end sign and access code and the three.
3, method according to claim 1 is characterized in that step B further comprises:
B1, when request end request visit information provides end data, provide the access code of sign, request end sign and this request end that accessed information provides end to data management server;
B2, data management server search the access code that the corresponding request end of end is provided with information in self canned data, the access code that itself and current request end are provided compares to be checked, if it is consistent, then by password authentification, data management server notifies this request end to accept its access request; Otherwise data management server notifies this request end to refuse its access request.
4, method according to claim 1, it is characterized in that this method further comprises: when information provides the access code of end de-registration request end, information provides end to provide the request end that needs to nullify to identify list to data management server, data management server is nullified the original access code of respective request end according to this de-registration request end sign list, and notifies this request end.
5, method according to claim 1, it is characterized in that this method further comprises: when information provides the access code of end modification request end, information provides end to provide the request end that needs to revise to identify list to data management server, data management server is redistributed access code according to this modification request end sign list for the respective request end, nullify the original access code in this request end simultaneously, and notify this request end amended access code.
6, method according to claim 1 is characterized in that steps A further comprises: provide in request end and information to set in advance the data management server that comprises cipher random generator, storage database and password verifier between the end.
CN 02145981 2002-10-31 2002-10-31 Method of information providing end data protection Expired - Lifetime CN1277366C (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN 02145981 CN1277366C (en) 2002-10-31 2002-10-31 Method of information providing end data protection
PCT/CN2003/000871 WO2004054172A1 (en) 2002-10-31 2003-10-17 A method of data protection for information provider
AU2003272873A AU2003272873A1 (en) 2002-10-31 2003-10-17 A method of data protection for information provider

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 02145981 CN1277366C (en) 2002-10-31 2002-10-31 Method of information providing end data protection

Publications (2)

Publication Number Publication Date
CN1494253A CN1494253A (en) 2004-05-05
CN1277366C true CN1277366C (en) 2006-09-27

Family

ID=32477212

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 02145981 Expired - Lifetime CN1277366C (en) 2002-10-31 2002-10-31 Method of information providing end data protection

Country Status (3)

Country Link
CN (1) CN1277366C (en)
AU (1) AU2003272873A1 (en)
WO (1) WO2004054172A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007051430A1 (en) * 2005-11-07 2007-05-10 Huawei Technologies Co., Ltd. Authentication password modification method, user agent server and user agent client based on sip
CN101047964B (en) * 2006-03-29 2010-10-27 华为技术有限公司 Method of ICR Data Configuration Consistency Check
CN100483988C (en) * 2006-07-17 2009-04-29 华为技术有限公司 Information propagating network and method for transmission information verification in network
CN108011858A (en) * 2016-11-02 2018-05-08 深圳中电长城信息安全系统有限公司 A kind of client-side management method and system, client, server

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI109254B (en) * 1998-04-29 2002-06-14 Ericsson Telefon Ab L M Procedure, arrangement and device for authentication
US6507907B1 (en) * 1999-02-26 2003-01-14 Intel Corporation Protecting information in a system
JP3973010B2 (en) * 2000-04-21 2007-09-05 富士通株式会社 Authentication apparatus and authentication method for multiple services

Also Published As

Publication number Publication date
AU2003272873A1 (en) 2004-06-30
WO2004054172A1 (en) 2004-06-24
CN1494253A (en) 2004-05-05

Similar Documents

Publication Publication Date Title
CN107342992B (en) System authority management method and device and computer readable storage medium
US20200285978A1 (en) Model training system and method, and storage medium
US10055561B2 (en) Identity risk score generation and implementation
US9742757B2 (en) Identifying and destroying potentially misappropriated access tokens
US8402508B2 (en) Delegated authentication for web services
JP6574168B2 (en) Terminal identification method, and method, system, and apparatus for registering machine identification code
US8510818B2 (en) Selective cross-realm authentication
US9338152B2 (en) Personal control of personal information
CN112738100B (en) Authentication method, device, authentication equipment and authentication system for data access
CN111031074B (en) Authentication method, server and client
CN102473229B (en) Modification of access control lists
CN103795690B (en) A kind of method, proxy server and the system of cloud access control
CN111600899A (en) Micro-service access control method and device, electronic equipment and storage medium
WO2020038273A1 (en) Multi-tenant access control method and device and computer-readable storage medium
JP2004532538A5 (en)
CN109756446A (en) A kind of access method and system of mobile unit
CN106936772A (en) A kind of access method, the apparatus and system of cloud platform resource
CN107204978B (en) An access control method and device based on a multi-tenant cloud environment
CN112637163B (en) Authentication and authorization method and system based on API gateway
US20210144138A1 (en) Authority transfer system, server and method of controlling the server, and storage medium
CN1279551A (en) Communication network and management for immigration of mobile agents
CN101291221B (en) A method, communication system, and device for user identity privacy protection
CN114385995B (en) Method for accessing micro-service to industrial Internet through identification analysis based on Handle and identification service system
CN1277366C (en) Method of information providing end data protection
CN113158151A (en) Identity authentication processing method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1064538

Country of ref document: HK

C14 Grant of patent or utility model
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20040505

Assignee: APPLE Inc.

Assignor: HUAWEI TECHNOLOGIES Co.,Ltd.

Contract record no.: 2015990000755

Denomination of invention: Method of information providing end data protection

Granted publication date: 20060927

License type: Common License

Record date: 20150827

LICC Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model
CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20060927