CN103516677A - Authentication and authorization method through cooperation of data network and telephone network - Google Patents
Authentication and authorization method through cooperation of data network and telephone networkDownload PDFInfo
- Publication number
- CN103516677A CN103516677ACN201210210765.9ACN201210210765ACN103516677ACN 103516677 ACN103516677 ACN 103516677ACN 201210210765 ACN201210210765 ACN 201210210765ACN 103516677 ACN103516677 ACN 103516677A
- Authority
- CN
- China
- Prior art keywords
- authentication
- network
- user
- telephone
- application system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
Abstract
Description
Technical field
The present invention relates to the security credential way of application access, more particularly, two independent input approach of a kind of combination data network and telephone network carry out combination attestation method for authenticating.
Background technology
In recent years, network has been deep into the every aspect of user's life, and user often arrives all kinds of services of types of applications system acquisition by network entry.Most application systems adopt the authentication mode at consolidated network input user's identification mark and password; Internet is now upper, and the serious threat users such as wooden horse, virus, fishing website, hacker login safety, and when single network is attacked, the event that all information materials of account are revealed happens occasionally.
If there is a kind of authentication method, support user's identification mark and password to be inputted by different approaches, can reduce to a great extent the probability that user's identification mark and password are stolen simultaneously; Meanwhile, increased the difficulty of falsely using user's identification mark and password success login system.
Summary of the invention
The present invention proposes a kind of method of data network and telephone network combination attestation authentication, realize the identification mark from data network input user, the authentication of inputting the association of described user's identification mark from telephone network requires the content of replying, and in application system inside, completes final authentication.The method can be used for the various network application systems that have authentication demand.
The object of the present invention is achieved like this, adopt data network and telephone network combination attestation method for authenticating to carry out the user identity of authentication application system, it is characterized in that, described method comprises that user is provided by the service that user (1) uses application system (3) to provide through IP network (2), when described application system (3) requires the authenticating identity to described user, described user inputs user's identification mark by described user (1); Described application system (3) offers the collaborative unit (4) of authentication by the telephone terminal number of described user's identification mark binding, the authentication reciprocal process of unit (4) between the telephone terminal (6) that telephone network (5) is initiated and application system provides is worked in coordination with in described authentication, and require described user in the upper authentication verification information of replying of described telephone terminal (6), described authentication is worked in coordination with unit (4) and is collected described authentication verification information from described telephone terminal (6), and described application system (3) is given in loopback; Described application system (3) is checked by described user's identification mark of receiving from described user (1) with from the collaborative unit (4) of described the authentication described authentication verification information of receiving and the authentication information that is kept in advance described application system (3), according to checked result, determine described user identity, complete the authentication to described user.
Accompanying drawing explanation
Fig. 1 is the flow chart that user of the present invention logins application system
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with embodiment and accompanying drawing, the present invention is described in more detail.
With reference to Fig. 1, collaborative authentication method of the present invention, application system Wei the Internet provides the system of application service, and it is online that the collaborative unit of authentication is connected to telephone exchange by signaling method, and application system is connected by special line or VPN mode with the collaborative unit of authentication.
The collaborative authentication method of data network of the present invention and telephone network comprises the following steps while specifically processing:
Step 101: user is in the upper request login of the network terminal (PC, custom terminal) application system;
Step 102: application system, according to internal authentication method for authenticating, is initiated collaborative authentication request to the collaborative unit of authentication, and collaborative authentication request at least comprises a telephone number and an authentication requirement information;
Step 103: the collaborative unit of authentication, according to telephone number and authentication requirement in collaborative authentication request, is initiated to the authentication request reciprocal process of this telephone number on telephone network;
Step 104: user responds the reciprocal process of being initiated by the collaborative unit of authentication on telephone terminal, the authentication information that input application system requires, is uploaded to the collaborative unit of authentication by telephone network;
Step 105: authenticate collaborative unit and receive the authentication information that user uploads by telephone terminal, combine the interior adeditive attribute of telephone network of this telephone terminal simultaneously, the response as to collaborative authentication request, is recycled to application system;
Step 106: the information that application system is returned according to the collaborative unit of authentication, judgement user's legitimacy and rights of using, determine whether allow user to login application system.
In the collaborative authentication method of data network of the present invention and telephone network, the heterogeneous networks of user's login and checking use is realized in the collaborative unit of application system utilization authentication, and further can utilize the network attribute of telephone terminal, design safer authentication flow process.Therefore, when not affecting original application system authentication process, the method for the collaborative authentication of data network of the present invention and telephone network realized user's secure log, existing equipment and algorithm without transformation application system, solved user's problem that account is stolen by wooden horse when consolidated network authentication, utilize the build-in attribute of telephone network simultaneously, promoted the fail safe of user's login.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add necessary general hardware platform by software and realizes.Understanding based on such, technical scheme of the present invention can embody with the form of software product, it (can be CD-ROM that this software product can be stored in a non-volatile memory medium, USB flash disk, portable hard drive etc.) in, comprise some instructions with so that computer equipment (can be personal computer, server, or the network equipment etc.) carry out the method described in each embodiment of the present invention.
The foregoing is only the preferred embodiments of the present invention; be not limited to the present invention; for a person skilled in the art; can carry out various changes and modification to the present invention; within the spirit and principles in the present invention all; any modification of doing, be equal to replacement, improvement etc., within protection scope of the present invention all should be included in.
Claims (14)
1. the collaborative authentication method of a data network and telephone network, for the user's of access application system (3) (1) identity is carried out to authentication, it is characterized in that, the service that user (1) uses described application system (3) to provide through data network (2) is provided described method, when described application system (3) requires the authenticating identity to described user, described user (1) inputs customer identification information; Described application system (3) passes to the collaborative unit (4) of authentication by authentication mode and relevant parameter, the authentication reciprocal process of unit (4) between the telephone terminal (6) that telephone network (5) is initiated and application system provides is worked in coordination with in described authentication, obtain the upper authentication verification information of replying of described telephone terminal (6), described authentication is worked in coordination with unit (4) and is collected described authentication verification information from described telephone terminal (6), and described application system (3) is given in loopback; Described application system (3) is checked by described user's identification mark of receiving from described user (1) with from the collaborative unit (4) of described the authentication described authentication verification information of receiving and the authentication information that is kept in advance described application system (3), according to checked result, determine described user identity, complete the authentication to described user.
2. the combination attestation method for authenticating of data network as claimed in claim 1 and telephone network, in described application system (3), preserve the many tuple information for authentication, polynary group of information described in each comprises user's identification mark, user cipher and associated telephone terminal number and additional authentication information.User's identification mark includes but not limited to: user name, email address, telephone number, identification card number, instant messaging account number, social network account, bank card account number etc.
3. the combination attestation method for authenticating of data network as claimed in claim 1 and telephone network, when described application system (3) is initiated identification authentication to described user, described user (1) inputs user's identification mark as claimed in claim 2 of described user-association on data network.
4. the combination attestation method for authenticating of data network as claimed in claim 1 and telephone network, when described application system (3) is initiated identification authentication to described user, described application system (3), after receiving user's identification mark as claimed in claim 3, requires to send to the collaborative unit (4) of described authentication by the telephone terminal number as claimed in claim 2 of described user's identification mark association, authentication additional information and authentication.
5. the combination attestation method for authenticating of data network as claimed in claim 1 and telephone network, described authentication is worked in coordination with unit (4) after receiving telephone terminal number as claimed in claim 4, described authentication additional information and described authentication and requiring, described authentication is worked in coordination with unit (4) and is utilized the signalling capability of described telephone network (5) to initiate the reciprocal process of described telephone terminal number (6), and user works in coordination with unit (4) in the upper authentication information of replying of described telephone terminal (6) to described authentication as claimed in claim 3.
6. the combination attestation method for authenticating of data network as claimed in claim 1 and telephone network, described authentication is worked in coordination with unit (4) according to the further user authentication mode and the annex network authentication mode that indicate in authentication requirement as claimed in claim 4, carry out additional authentication authentication, gather additional authentication authentication result.
7. additional authentication mode as claimed in claim 6, described annex subscription authentication result includes but not limited to:
Described in 7.1, the safety problem of setting in described application system (3) is in advance pointed out described user in the collaborative unit (4) of authentication, and the answer that described user that unit (4) receives replys on described telephone terminal is worked in coordination with in described authentication;
Described in 7.2, the personal information appointed information item arranging in described user's described application system in advance (3) is pointed out in the collaborative unit (4) of authentication, and the content that described user that unit (4) receives replys on described telephone terminal is worked in coordination with in described authentication.
8. additional authentication mode as claimed in claim 6, described complementary network authenticating result also includes but not limited to:
Described in 8.1, the collaborative unit (4) of authentication collects the positional information of described telephone terminal from described telephone network (5);
Described in 8.2, the collaborative unit (4) of authentication collects the hardware identifier information of described telephone terminal from described telephone network (5);
Described in 8.3, the collaborative unit (4) of authentication collects the historical message registration information of described telephone terminal from described telephone network (5).
9. the combination attestation method for authenticating of data network as claimed in claim 1 and telephone network, described authentication is worked in coordination with the authentication information of the user as claimed in claim 5 who receives being replied unit (4) and further user authenticating result as claimed in claim 7 and complementary network authenticating result as claimed in claim 8 loopback to described application system (3).
10. the combination attestation method for authenticating of data network as claimed in claim 1 and telephone network, described application system (3) by user's identification mark as claimed in claim 3, user replys as claimed in claim 9 authentication information and described further user authentication information and complementary network authentication information carry out authentication calculations with certain authentication arithmetic and many tuple information as claimed in claim 2, obtains authenticating result.
The collaborative authentication method of 11. data networks as claimed in claim 1 and telephone network, described telephone network
(5) be PSTN (PSTN) net, described telephone terminal is landline telephone;
Or
Described telephone network (5) is GSM mobile phone network network diagram, and described telephone terminal is GSM mobile handset;
Or
Described telephone network (5) is CDMA mobile telephone network network diagram, and described telephone terminal is CDMA mobile phone;
Or
Described telephone network (5) is WCDMA mobile telephone network network diagram, and described telephone terminal is WCDMA mobile phone;
Or
Described telephone network (5) is CDMA2000 mobile telephone network network diagram, and described telephone terminal is CDMA2000 handset;
Or
Described telephone network (5) is TD-SCMDA mobile telephone network network diagram, and described telephone terminal is TD-SCDMA mobile phone;
Or
Described telephone network (5) is LTE mobile telephone network network diagram, and described telephone terminal is LTE mobile phone.
The collaborative authentication method of 12. data networks as claimed in claim 1 and telephone network, described data network includes but not limited to: IP network, atm network, frame-relay network, DDN network etc.
The signalling capability of the telephone network that the collaborative unit of 13. authentications as claimed in claim 5 is used, includes but not limited to: USSD mode, UserToUser signaling, note, IVR etc.
The collaborative authentication method of 14. data networks as claimed in claim 1 and telephone network, described application system includes but not limited to: e-commerce website, Web bank, Internet securities, online game, social networks etc.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210210765.9ACN103516677A (en) | 2012-06-26 | 2012-06-26 | Authentication and authorization method through cooperation of data network and telephone network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210210765.9ACN103516677A (en) | 2012-06-26 | 2012-06-26 | Authentication and authorization method through cooperation of data network and telephone network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103516677Atrue CN103516677A (en) | 2014-01-15 |
Family
ID=49898726
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210210765.9APendingCN103516677A (en) | 2012-06-26 | 2012-06-26 | Authentication and authorization method through cooperation of data network and telephone network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103516677A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016106535A1 (en)* | 2014-12-28 | 2016-07-07 | 高剑青 | Cellular network system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003030464A1 (en)* | 2001-09-29 | 2003-04-10 | Huawei Technologies Co., Ltd. | A method for pc client security authentication |
| EP1680720A1 (en)* | 2003-11-07 | 2006-07-19 | TELECOM ITALIA S.p.A. | Method and system for the authentication of a user of a data processing system |
| CN101409880A (en)* | 2007-10-09 | 2009-04-15 | 中国电信股份有限公司 | System and method for account authentication and cryptogram management between communication networks |
| CN101795454A (en)* | 2010-02-10 | 2010-08-04 | 熊文俊 | Method and system of double identity authentication based on mobile communication independent channel |
| CN101834834A (en)* | 2009-03-09 | 2010-09-15 | 华为软件技术有限公司 | An authentication method, device and authentication system |
| CN101895831A (en)* | 2009-05-20 | 2010-11-24 | 中国电信股份有限公司 | Realization method for wireless local area network (WLAN) verification and communication terminal |
- 2012
- 2012-06-26CNCN201210210765.9Apatent/CN103516677A/enactivePending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003030464A1 (en)* | 2001-09-29 | 2003-04-10 | Huawei Technologies Co., Ltd. | A method for pc client security authentication |
| EP1680720A1 (en)* | 2003-11-07 | 2006-07-19 | TELECOM ITALIA S.p.A. | Method and system for the authentication of a user of a data processing system |
| CN101409880A (en)* | 2007-10-09 | 2009-04-15 | 中国电信股份有限公司 | System and method for account authentication and cryptogram management between communication networks |
| CN101834834A (en)* | 2009-03-09 | 2010-09-15 | 华为软件技术有限公司 | An authentication method, device and authentication system |
| CN101895831A (en)* | 2009-05-20 | 2010-11-24 | 中国电信股份有限公司 | Realization method for wireless local area network (WLAN) verification and communication terminal |
| CN101795454A (en)* | 2010-02-10 | 2010-08-04 | 熊文俊 | Method and system of double identity authentication based on mobile communication independent channel |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016106535A1 (en)* | 2014-12-28 | 2016-07-07 | 高剑青 | Cellular network system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10275582B2 (en) | Online account access control by mobile device | |
| CN103856472B (en) | A kind of method and device of Account Logon | |
| CN103179098B (en) | A kind of password method for retrieving of network account and device | |
| US20190303929A1 (en) | Using out-of-band mobile device possession attestation to release verified user identity attributes during internet transactions | |
| EP2924944B1 (en) | Network authentication | |
| CN107086979B (en) | User terminal verification login method and device | |
| JP2014527374A (en) | Identification device and method | |
| CN103905400B (en) | A kind of service authentication method, apparatus and system | |
| TWI632798B (en) | Server, mobile terminal, and network real-name authentication system and method | |
| CA2557143C (en) | Trust inheritance in network authentication | |
| CN101262349A (en) | Method and device for identity authentication based on short message | |
| JP2007264835A (en) | Authentication method and system | |
| CN107733838A (en) | A kind of mobile terminal client terminal identity identifying method, device and system | |
| CN104202162A (en) | System for login based on mobile phone and login method | |
| CN107809438A (en) | Network identity authentication method, system and user agent equipment used by same | |
| CN103200150A (en) | Identity authentication method and system | |
| CN102868702A (en) | System login device and system login method | |
| JP2015099470A (en) | System, method, and server for authentication, and program | |
| CN103428698B (en) | Mobile interchange participant's identity strong authentication method | |
| KR101221728B1 (en) | The certification process server and the method for graphic OTP certification | |
| EP3268890B1 (en) | A method for authenticating a user when logging in at an online service | |
| KR20140043071A (en) | Authentication system and method for device attempting connection | |
| CN103516677A (en) | Authentication and authorization method through cooperation of data network and telephone network | |
| CN106921632B (en) | Wireless hotspot access control method and device | |
| CN104683979B (en) | A kind of authentication method and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication | Application publication date:20140115 |