[go: up one dir, main page]

WO2015089996A1 - Procédé d'authentification de sécurité et serveur d'authentification d'autorisation - Google Patents

Procédé d'authentification de sécurité et serveur d'authentification d'autorisation Download PDF

Info

Publication number
WO2015089996A1
WO2015089996A1 PCT/CN2014/078232 CN2014078232W WO2015089996A1 WO 2015089996 A1 WO2015089996 A1 WO 2015089996A1 CN 2014078232 W CN2014078232 W CN 2014078232W WO 2015089996 A1 WO2015089996 A1 WO 2015089996A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
user
server
terminal
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2014/078232
Other languages
English (en)
Chinese (zh)
Inventor
孙枕戈
田锋
张军
岳旭鹏
陈亚红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2015089996A1 publication Critical patent/WO2015089996A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity

Definitions

  • the present invention relates to a security authentication method and an authentication authentication technology, and in particular, to a security authentication method and an authentication authentication server.
  • ICT information and communication technology
  • the network layer network element and the application layer network are completely separated logically.
  • the network layer is mainly responsible for network connection establishment and deletion;
  • the application layer is mainly responsible for establishing and deleting service applications, in the traditional scheme.
  • the two layers have the protocol process of identity security authentication, and they are not used interchangeably.
  • all of the above related certification schemes are implemented at the application layer.
  • the related security authentication method has complicated problems. For example, for the USBKEY method, it is necessary to carry the U shield additionally; for example, for the dynamic SMS password method, the implementation is complicated, and the user needs to wait 5 ⁇ After 20 seconds, follow the SMS password input of the SMS notification to reduce the user experience.
  • the technical problem to be solved by the embodiments of the present invention is to provide a security authentication method and an authentication authentication server, which can implement authentication simply and efficiently, and has a high security level.
  • the embodiment of the present invention provides a security authentication method, including: in a terminal establishing a bearer connection, activating a user state by using an authentication authentication server;
  • the authentication authentication server authenticates the user identity of the user accessing the application server.
  • the activating the user state by the authentication authentication server in the terminal establishing the bearer connection includes: the establishing a packet gateway in the bearer connection at the terminal, assigning a dynamic IP address to the legal user, and determining whether the terminal requesting to establish the bearer connection is a campus
  • the network user if yes, sends a registration request to the authentication authentication server in the campus network, and carries the international mobile subscriber identity IMSI of the terminal and the assigned IP address to the authentication authentication server;
  • the authentication and authentication server completes user activation according to IMSI and stores the IP address.
  • the authentication authentication server performs user activation according to IMSI, including:
  • the authentication authentication server determines, according to the IMSI of the terminal, whether the terminal user belongs to a legal user of the campus network to which the authentication authentication server belongs, and if so, authenticates the username password to confirm whether the terminal user corresponding to the IMSI and the request The username in the match matches; and verify that the password corresponding to the username is correct.
  • the authentication authentication server associates the IP address with the IMSI and the employee information, and returns a registration request response including the registration success information to the packet gateway.
  • the authentication of the user identity of the user accessing the application server includes: the authentication authentication server receiving an application access request sent by the application server and carrying the IP address received by the application server; the authentication authentication server completing the identity After the authentication, the user information corresponding to the IP address is returned to the application server;
  • the authentication authentication server receives a password from the end user submitted by the application server, and the authentication authentication server verifies the password and returns the verification result to the application server.
  • the method further includes:
  • the authentication authentication server receives the logout request sent by the packet gateway, where the IMSI and the IP address of the terminal are carried;
  • the authentication server clears the association relationship between the IP address of the terminal that is saved by itself and the IMSI and the user information, and returns a logout response to the packet gateway.
  • the packet gateway returns a logout response to the terminal, so that the terminal disconnects the campus network.
  • the embodiment of the present invention further provides an authentication authentication server, which is configured to activate a user state when the terminal establishes a bearer connection, and authenticate the user identity when the terminal user accesses the campus network application.
  • the authentication authentication server includes at least an activation authentication module and an identity authentication module, where the activation authentication module is configured to: upon receiving a registration request from the packet gateway, complete user activation according to the terminal IMSI and store the corresponding IP address, The user terminal performs verification authentication and returns an authentication result to the packet gateway;
  • the identity authentication module is configured to, after receiving the application access request from the application server, return the user information corresponding to the IP address to the application server according to the authentication result of the activation authentication module, after completing the further authentication; When the password is submitted from the application server, the verification result is returned to the application server after verification.
  • the authentication authentication server is configured to: in the terminal establishing a bearer connection, the activation of the user state by the authentication authentication server includes: After the terminal gateway that establishes the bearer connection in the terminal allocates a dynamic IP address to the legal user, and determines that the terminal that requests to establish the bearer connection is the campus network user, the authentication authentication server in the campus network receives the packet gateway and sends the packet to the packet gateway. a registration request, the registration request carrying the international mobile subscriber identity IMSI of the terminal and the assigned IP address;
  • the authentication and authentication server completes user activation according to IMSI and stores the IP address.
  • the activation authentication module is configured to complete the user activation according to the IMSI, and the activation authentication module determines, according to the IMSI of the terminal, whether the terminal user belongs to a legal user of the campus network to which the authentication authentication server belongs, and if so, And verifying the username and password to confirm whether the terminal user corresponding to the IMSI matches the username in the request; and verifying whether the password corresponding to the username is correct;
  • the school insurance authentication is successful, and the authentication server associates the IP address with the IMSI and the employee information, and returns to the packet gateway.
  • a registration request response containing registration success information.
  • the identity authentication module is configured to authenticate the identity of the user accessing the application server, including:
  • the identity authentication module is configured to: receive an application access request that is sent by the application server and carry an IP address that is received by the application server; after the identity authentication module completes the authentication, return the user information corresponding to the IP address to the Application server; and,
  • the identity authentication module is configured to: receive a password from the terminal user submitted by the application server, and the identity authentication module verifies the password and returns the verification result to the application server.
  • the activation authentication module is further configured to: after receiving the logout request from the packet gateway, clear the IP address and IMSI of the terminal that the user has requested to log out, and the user information, and return a logout response to the group gateway.
  • the authentication and authentication server is an authentication and authentication server in the IT side campus network.
  • the technical solution of the present application includes: in the terminal establishing a bearer connection, the user authentication state is activated by the authentication authentication server; when the terminal user accesses the campus network application, the application server authenticates the user identity through the authentication authentication server.
  • Security authentication method of embodiment of the present invention In the middle, the security authentication is completed by the devices in the network, which reduces the participation of the users, significantly improves the authentication efficiency, saves the user authentication time, and more importantly, implements the security authentication activation through the carrier-grade campus network.
  • the level of security authentication that is, the security authentication mode of the SIM card + authentication authentication server is used in the embodiment of the present invention, which significantly improves the user experience.
  • FIG. 1 is a flowchart of a security authentication method according to an embodiment of the present invention.
  • FIG. 2 is a flow chart of an embodiment of establishing a bearer connection by a terminal in a secure authentication method according to an embodiment of the present invention
  • FIG. 3 is a flowchart of an embodiment of a campus network authentication in a security authentication method according to an embodiment of the present invention
  • FIG. 4 is a flowchart of an embodiment of a user accessing a campus network application in security authentication according to an embodiment of the present invention
  • FIG. 5 is a flowchart of an embodiment of a terminal deregistering a campus network access according to an embodiment of the present invention
  • FIG. 6 is a schematic structural diagram of an authentication authentication server according to an embodiment of the present invention.
  • FIG. 1 is a flowchart of a method for secure authentication according to an embodiment of the present invention.
  • an embodiment of the present invention is applied to a data card of a mobile phone, a PAD, a notebook computer, a PC, and the like. .
  • Step 100 In the terminal establishing a bearer connection, the user status is activated by the authentication authentication server.
  • Step 101 When the terminal user accesses the campus network application, the application server authenticates the user identity through the authentication authentication server.
  • Step 102 When the terminal user disconnects the campus network, the user identity is logged out through the authentication server.
  • step 100 In the terminal establishing a bearer connection, the user status is activated by the authentication server.
  • the terminal establishes a bearer connection with the network through the communication network, including the base station, the mobility management unit (MME), the serving gateway (SGW), and the packet gateway (LGW/PGW), in the process of establishing the relevant bearer connection,
  • the campus network user sends an authentication request to the authentication authentication server in the campus network.
  • the campus network refers to organized networks such as government, enterprises, and public utilities.
  • FIG. 2 is a flow chart of an embodiment of establishing a bearer connection in a terminal in a secure authentication method according to an embodiment of the present invention. As shown in FIG. 2, the method includes:
  • Step 200 The user starts up, triggers a process in which the terminal (UE) attaches to the network, and the UE sends a network attach request (Attach Request) message to the MME.
  • UE terminal
  • Attach Request network attach request
  • Step 201 The MME triggers establishment of a default bearer process, and sends a session request (Create Session Request) message to the SGW.
  • a session request Create Session Request
  • Step 202 The SGW forwards the session request (Create Session Request) message to the LGW/PGW 0.
  • Steps 203 to 204 The LGW/PGW allocates a dynamic IP address to the legal user, and determines whether the terminal requesting to establish the bearer connection is a campus network user. If yes, the LGW/PGW sends a registration request to the authentication authentication server in the campus network.
  • the registration request carries the International Mobile Subscriber Identity (IMSI) of the terminal and the assigned IP address, and the authentication authentication server completes the user activation according to the IMSI, and stores the IP address.
  • IMSI International Mobile Subscriber Identity
  • the campus network refers to organized networks such as government, enterprises, and public utilities.
  • a user is a campus network user such as a user who is set to APN.
  • the authentication authentication server may be an authentication server located in the IT side campus network. It can be seen from this step that the terminal establishes a bearer connection and performs carrier-level security authentication activation through the campus network, so that the entire security authentication has a higher security level.
  • Step 205 At the same time, the LGW/PGW returns a session response to the SGW (Create Session
  • Step 206 The SGW forwards the received session response (Create Session Response) message to the MME.
  • Step 207 The MME attaches successfully, and sends an Attach Accept message carrying the assigned IP address to the UE. After the user attaches successfully, the terminal bearer connection establishment is completed.
  • Step 300 The terminal user sends a registration request to the LGW/PGW, and the LGW/PGW carries the IMSI of the terminal and the assigned IP address in the registration request and sends the registration request to the authentication authentication server.
  • the registration request message further carries the account and password information corresponding to the terminal.
  • Step 301 The authentication and authentication server performs verification and authentication on the user terminal.
  • the method includes: first, determining, according to the IMSI of the terminal, whether the terminal user belongs to a legal user of the campus network to which the authentication server belongs, and if yes, further authenticating the username password to confirm whether the terminal user corresponding to the IMSI matches the username in the request; And verify that the password corresponding to the username is correct.
  • the IP address is associated with the IMSI, employee information such as the employee number, and the registration response is returned to the LGW/PGW as the registration success message; otherwise, the LGW/PGW is returned.
  • the registration response is a registration failure message.
  • Step 302 The LGW/PGW confirms whether the terminal can securely access the campus network according to the obtained registration response message.
  • Step 303 The LGW/PGW carries the assigned IP address in the registration response and returns it to the UE, so that the UE forces the campus network.
  • the campus network uses Each time the subscriber establishes a bearer between the terminal and the network, the LGW/PGW-side allocates a dynamic IP address to the user terminal, and on the other hand, initiates a request to activate the user state to the authentication authentication server, and simultaneously terminates the terminal.
  • the IMSI and the assigned IP address are pushed to the authentication server for security authentication. It realizes that the terminal establishes a bearer connection at the same time, and performs security authentication through the carrier-grade campus network, so that the entire security authentication has a higher security level.
  • the application server authenticates the user identity through the authentication authentication server.
  • the application server may be an application server (Application Server) located in the IT side campus network.
  • Step 400 The terminal initiates an application access request with the own IP address by using the TCP protocol to request the access to the campus network.
  • the application access request carries the IP address of the terminal.
  • Step 401 The application server carries the received IP address in the application access request and sends the authentication to the authentication server for authentication.
  • Step 402 After the authentication server completes the authentication, the user information corresponding to the IP address, such as the employee number, is returned to the application server.
  • Step 403 The application server pushes the received user information, such as an employee number, and an authentication page to the terminal.
  • Step 404 The user passes the authentication page on the terminal, enters a password according to the user information, and submits the password to the application server.
  • Step 405 The application server submits the obtained password to the authentication authentication server.
  • Step 406 The authentication server verifies the received password and returns the verification result to the application server. How to implement the authentication using a password belongs to the conventional technical means of those skilled in the art, and will not be described here.
  • Step 407 When the result of the risk certificate indicates that the authentication is successful, that is, the password corresponds to the user information and is correct, the application server pushes the application page of the campus network to the terminal.
  • the campus network application can determine the IP address of each terminal user based on pre-registered information such as user name, IMSI, etc., combined with the IMSI and IP address information provided by the campus network.
  • the real user information such as employee information or user name; and the campus network application can request password authentication from the user through the real user name information to complete the user identity authentication.
  • step 101 when the user terminal accesses the campus network application, the system has obtained the user identity, and only needs to perform password confirmation, and does not need to input the account information again.
  • the application service level authenticates the user identity in the same manner as in the related technology. .
  • the security authentication of the campus network with the carrier-grade in step 100 is much higher than the security authentication level of the general campus network.
  • the security certification of the 3G and 4G cellular mobile communication technologies relies on the security authentication. A high level of security.
  • the method of the embodiment of the present invention further includes:
  • step 102 When the end user disconnects the campus network, the user identity is logged out through the authentication server.
  • the implementation method is shown in Figure 5, including:
  • Step 500 The terminal user sends a logout request to the LGW/PGW, and the LGW/PGW carries the IMSI of the terminal and the assigned IP address in the logout request and sends the request to the authentication server.
  • Step 501 to step 502 The authentication server clears the association relationship between the IP address saved by itself and the IMSI and the user information, such as the employee number, and returns a logout response to the LGW/PGW.
  • Step 503 The LGW/PGW returns a logout response to the UE, so that the UE disconnects the campus network.
  • the security authentication is completed by devices in the network, which reduces user participation, significantly improves authentication efficiency, saves user authentication time, and more importantly, passes a carrier-grade campus network.
  • the security authentication activation is achieved, and the carrier-level security authentication level, that is, the SIM card + authentication authentication server security authentication mode is achieved, which significantly improves the user experience.
  • FIG. 6 is a schematic structural diagram of a composition of an authentication authentication server according to an embodiment of the present invention. As shown in FIG. 6, the method is configured to activate a user state when a terminal establishes a bearer connection; and authenticate the user identity when the terminal user accesses the campus network application. . At least an activation authentication module (601) and an identity authentication module (602), where
  • the activation authentication module (601) is configured to receive a registration request from the packet gateway, complete the user activation according to the IMSI of the terminal, and store the shadowed IP address, perform verification verification on the user terminal, and return the authentication result to the packet gateway;
  • the activation authentication module (601) performs verification verification on the user terminal. Includes:
  • the terminal user belongs to the park of the authentication authentication server.
  • the legal user of the area network if yes, further authenticates the username and password to confirm whether the end user corresponding to the IMSI matches the username in the request; and verify that the password corresponding to the username is correct.
  • the activation authentication module (601) is further configured to, when receiving the logout request from the packet gateway, clear the IP address of the terminal that the user has saved and the IMSI, the user information, and return the logout response to the packet gateway.
  • the identity authentication module (602) is configured to, after receiving the application access request from the application server, complete the further authentication according to the authentication result of the activation authentication module (601), and return the user information corresponding to the IP address to the application server; Upon receiving the password submitted from the application server, the verification result is returned to the application server after verification.
  • Step 400 The terminal initiates an application access request with the own IP address by using the TCP protocol to request the access to the campus network.
  • the application access request carries the IP address of the terminal.
  • Step 401 The application server sends the received IP address in the application access request to the identity authentication module (602) for authentication.
  • Step 402 After the identity authentication module (602) completes the authentication, the user information corresponding to the IP address, such as the employee number, is returned to the application server.
  • Step 403 The application server pushes the received user information, such as an employee number, and an authentication page to the terminal.
  • Step 404 The user passes the authentication page on the terminal, enters a password according to the user information, and submits the password to the application server.
  • Step 405 The application server submits the obtained password to the identity authentication module (602).
  • Step 406 The identity authentication module (602) verifies the received password and returns the verification result to the application server. How to implement the authentication using the password is a common technical means by those skilled in the art, and will not be described here.
  • Step 407 When the result of the risk certificate shows that the authentication is successful, that is, the password corresponds to the user information and is correct, The application server pushes the campus application page to the terminal.
  • the campus network application can determine the real user information corresponding to the IP address of each terminal user based on pre-registered information such as user name, IMSI, etc., combined with the IMSI and IP address information provided by the campus network.
  • Employee information or user name; and the campus network application can request password authentication from the user through the real user name information to complete the user identity authentication.
  • the activation authentication module (601) has a carrier-grade campus network for security authentication activation, which is much higher than the security certification level of the general campus network.
  • the security certification of the 3G and 4G cellular mobile communication technologies mainly relies on the security. Certification has a higher level of security.
  • the technical solution of the present application includes: in the terminal establishing a bearer connection, the user authentication state is activated by the authentication authentication server; when the terminal user accesses the campus network application, the application server authenticates the user identity through the authentication authentication server.
  • the security authentication is performed by devices in the network, which reduces user participation, significantly improves authentication efficiency, saves user authentication time, and more importantly, passes a carrier-grade campus network. (Generally referred to as the government, enterprises, public utilities, and other organized networks) to perform the security authentication activation, and achieve the carrier-class security certification level. That is, the embodiment of the present invention uses the security authentication mode of the SIM card + authentication authentication server, which is obvious. Improved user experience.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

La présente invention concerne un procédé d'authentification de sécurité et un serveur d'authentification d'autorisation. Le procédé comprend les étapes suivantes : pendant le processus d'établissement d'une connexion de porteuse par un terminal, activation, par un serveur d'authentification d'autorisation, d'un état d'utilisateur ; et lorsqu'un utilisateur du terminal accède à une application de réseau de campus, authentification, par un serveur d'application, d'une identité d'utilisateur par le biais du serveur d'authentification d'autorisation. Par le biais du procédé d'authentification de sécurité des modes de réalisation de la présente invention, l'authentification de sécurité est réalisée par un dispositif dans un réseau, la participation d'un utilisateur est réduite, l'efficacité d'authentification est considérablement augmentée et l'utilisateur gagne du temps d'authentification. En outre, en réalisant une activation d'authentification de sécurité par le biais d'un réseau de campus avec une catégorie de porteuse (désignant généralement un réseau organisé d'un gouvernement, d'une entreprise, d'un service public ou analogue), un niveau d'authentification de sécurité de catégorie de porteuse, c'est-à-dire une façon d'authentification de sécurité d'une carte SIM et une authentification via un serveur d'authentification, est obtenu, ce qui améliore considérablement l'expérience de l'utilisateur.
PCT/CN2014/078232 2013-12-20 2014-05-23 Procédé d'authentification de sécurité et serveur d'authentification d'autorisation Ceased WO2015089996A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310711221.5A CN104735027B (zh) 2013-12-20 2013-12-20 一种安全认证方法及鉴权认证服务器
CN201310711221.5 2013-12-20

Publications (1)

Publication Number Publication Date
WO2015089996A1 true WO2015089996A1 (fr) 2015-06-25

Family

ID=53402039

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/078232 Ceased WO2015089996A1 (fr) 2013-12-20 2014-05-23 Procédé d'authentification de sécurité et serveur d'authentification d'autorisation

Country Status (2)

Country Link
CN (1) CN104735027B (fr)
WO (1) WO2015089996A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106534091A (zh) * 2016-10-26 2017-03-22 浙江中控软件技术有限公司 基于云端的pid参数整定方法和装置

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105446149B (zh) * 2015-12-04 2019-01-22 美的集团股份有限公司 家用电器的配网方法、家用电器及移动终端
CN105446148A (zh) * 2015-12-04 2016-03-30 美的集团股份有限公司 家用电器的配网方法、家用电器及移动终端
CN107367946B (zh) * 2016-05-11 2021-05-04 珠海格力电器股份有限公司 控制设备的方法及装置
CN106302475B (zh) * 2016-08-18 2019-09-10 中国联合网络通信集团有限公司 家庭互联网业务授权方法及服务器
CN106657045B (zh) * 2016-12-13 2020-10-13 翁印嵩 多网融合的安全与认证方法及系统
CN109246160B (zh) * 2017-06-15 2022-01-21 阿里巴巴集团控股有限公司 访问互联网应用的方法、装置、系统及设备
CN107360164B (zh) * 2017-07-13 2020-11-10 上海司南卫星导航技术股份有限公司 一种用户名鉴权方法和非差改正数分布式处理系统
CN110753362B (zh) * 2019-10-25 2023-04-07 恒安嘉新(北京)科技股份公司 基站的优化方法、终端注册方法、装置、基站及存储介质
CN111385154A (zh) * 2020-03-18 2020-07-07 成都千立网络科技有限公司 一种基于鉴权联动机制的物联网控制系统及控制方法
CN114500066B (zh) * 2022-02-08 2025-05-16 北京沃东天骏信息技术有限公司 信息处理方法、网关和通信系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101547095A (zh) * 2009-02-11 2009-09-30 广州杰赛科技股份有限公司 基于数字证书的应用服务管理系统及管理方法
CN101651682A (zh) * 2009-09-15 2010-02-17 杭州华三通信技术有限公司 一种安全认证的方法、系统和装置
CN102892110A (zh) * 2012-09-19 2013-01-23 邦讯技术股份有限公司 一种终端在不同网络中用户标识一致性的方法及系统
US20130310003A1 (en) * 2012-05-17 2013-11-21 Cellco Partnership D/B/A Verizon Wireless Systems and methods for authenticating applications for access to secure data using identity modules

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040049188A (ko) * 2002-12-05 2004-06-11 엘지전자 주식회사 무선랜망과 이동통신 시스템망간의 연동방법
US7324489B1 (en) * 2003-02-18 2008-01-29 Cisco Technology, Inc. Managing network service access
EP1624639B1 (fr) * 2004-08-02 2009-04-08 Service Factory AB Authentification à base de SIM
CN100508524C (zh) * 2005-04-06 2009-07-01 神州数码网络(北京)有限公司 一种网络的认证和计费的系统及方法
CN101511086A (zh) * 2009-04-01 2009-08-19 神州数码网络(北京)有限公司 金融网点终端无线安全组网系统及方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101547095A (zh) * 2009-02-11 2009-09-30 广州杰赛科技股份有限公司 基于数字证书的应用服务管理系统及管理方法
CN101651682A (zh) * 2009-09-15 2010-02-17 杭州华三通信技术有限公司 一种安全认证的方法、系统和装置
US20130310003A1 (en) * 2012-05-17 2013-11-21 Cellco Partnership D/B/A Verizon Wireless Systems and methods for authenticating applications for access to secure data using identity modules
CN102892110A (zh) * 2012-09-19 2013-01-23 邦讯技术股份有限公司 一种终端在不同网络中用户标识一致性的方法及系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106534091A (zh) * 2016-10-26 2017-03-22 浙江中控软件技术有限公司 基于云端的pid参数整定方法和装置
CN106534091B (zh) * 2016-10-26 2019-07-23 浙江中控软件技术有限公司 基于云端的pid参数整定方法和装置

Also Published As

Publication number Publication date
CN104735027B (zh) 2019-09-13
CN104735027A (zh) 2015-06-24

Similar Documents

Publication Publication Date Title
WO2015089996A1 (fr) Procédé d'authentification de sécurité et serveur d'authentification d'autorisation
CN103780397B (zh) 一种多屏多因子便捷web身份认证方法
CN101369893B (zh) 一种对临时用户进行局域网络接入认证的方法
TWI293844B (en) A system and method for performing application layer service authentication and providing secure access to an application server
JP4394682B2 (ja) 非信頼アクセスネットワークを介してシングルサインオン認証を行なう装置及び方法
CN101120569B (zh) 用户从用户终端远程访问终端设备的远程访问系统和方法
CN106063308B (zh) 基于用户标识符的装置、身份和活动管理系统
WO2011017924A1 (fr) Procede, systeme, serveur et terminal d'authentification dans un reseau local sans fil
CN103200159B (zh) 一种网络访问方法和设备
WO2005096644A1 (fr) Procede d'etablissement d'une association de securite entre l'abonne itinerant et le serveur du reseau visite
CN101986598B (zh) 认证方法、服务器及系统
JP2023162296A (ja) コアネットワークへの非3gppデバイスアクセス
WO2014110877A1 (fr) Dispositif terminal mobile et procédé d'authentification d'utilisateur basé sur la technologie pki
CN112261022A (zh) 一种基于api网关的安全认证方法
WO2013056619A1 (fr) Procédé, idp, sp et système pour la fédération d'identités
TWI516151B (zh) 通訊方法與通訊系統
WO2008125062A1 (fr) Procédé de détermination d'admission et de radiomessagerie d'utilisateur dans un système de communication mobile, système et dispositif apparentés
WO2007104248A1 (fr) Procédé, système, appareil et entité à fonction de service d'amorçage aux fins de prévention d'attaques
CN103391286A (zh) 一种应用于全ip远程监控网络系统及安全认证方法
CN102083066B (zh) 统一安全认证的方法和系统
WO2013149426A1 (fr) Procédé, dispositif et système d'authentification d'accès pour une application à une carte à puce
CN101141253A (zh) 实现认证的方法和认证系统
WO2016138726A1 (fr) Procédé et dispositif d'authentification sécurisée et support d'informations
KR101119869B1 (ko) 사업장에서의 무선 인터넷 접속 서비스 제공을 위한 웹 인증 방법
WO2012000313A1 (fr) Procédé et système de certification de passerelle de rattachement

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14872107

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14872107

Country of ref document: EP

Kind code of ref document: A1