Method and device for improving safety of network ID authentication

A technology for authentication security and network identity, applied in user identity/authority verification, electrical components, transmission systems, etc., can solve problems such as user identity information exposure, security loopholes, user losses, etc. Effect

Active Publication Date: 2009-10-28
HUAWEI TECH CO LTD
View PDF0 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0017] Since there are both trust circles and non-trust circles in the network, when users request services from the SP, it may involve switching between the trust circle and the non-trust circle. Switching, when switching from a trusted circle to a non-trusted circle, may cause business interruption
In addition, when users request services, they may face false SP, which will expose the user's identity information, etc., causing losses to users, and there is a large security loophole

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for improving safety of network ID authentication
  • Method and device for improving safety of network ID authentication
  • Method and device for improving safety of network ID authentication

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0067] The embodiment of the present invention provides a method for improving the security of network identity authentication, including: IDP performs network identity authentication on SP and terminal users, and returns the authentication result to SP, the authentication result includes the network identity authentication result of SP and user The network identity authentication result of . see figure 1 , figure 1 The physical devices shown in are located in the circle of trust, and the method specifically includes:

[0068] 101: The terminal user initiates an authentication request to the SP, which carries the terminal user's authentication information, the identification information of the IDP specified by the terminal user, and the identification information that requires the SP to return the SP's network identity authentication result.

[0069] 102: After receiving the authentication request, the SP requests the corresponding IDP to perform network identity authenticat...

Embodiment 2

[0087] The embodiment of the present invention also provides a method for realizing seamless switching of the single sign-on process, which is applied to web services, including: when the SP requests the IDP specified by the end user for network identity authentication and obtains the result that the IDP does not support the authentication, The IDP belonging to the SP receives the network identity authentication request sent by the terminal user; after the IDP belonging to the SP performs network identity authentication on the terminal user, it returns the authentication result to the terminal user. see figure 2 , identity provider A is the home IDP of the SP, and identity provider B is the IDP designated by the end user (usually the default), and the end user is both in the trust circle of identity provider A and in the trust circle of identity provider B Within, this embodiment belongs to the application scenario of cross trust circles, and the method specifically includes:...

Embodiment 3

[0107] This embodiment is similar to Embodiment 2, and belongs to the application scenario without cross trust circles, see image 3 , identity provider A is the IDP to which the SP belongs, identity provider B is the IDP designated by the end user (usually the default), the end user is in the trust circle of identity provider B, and the SP is in the trust circle of identity provider A , and the two trust circles do not intersect, the end user cannot complete the authentication at the IDP to which the SP belongs. The embodiment of the present invention also provides a method for realizing seamless switching of the single sign-on process, the method specifically includes:

[0108] Steps 301 to 306 are the same as steps 201 to 206 in Embodiment 2, and will not be repeated here. In this embodiment, since the IDPA to which the SP belongs is not the IDP to which the terminal user belongs, the authentication result returned by the IDPA to the terminal user in 306 is a result of aut...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a device for improving the safety of network ID authentication and a method and a device for realizing seamless switching in the single sign-on procedure, which are applied to web services and belong to the field of communication technology. The method for improving the safety of network ID authentication improves the safety of network ID authentication by executing network ID authentication to SP and terminal users or controlling network ID authentication according to the SP access right information, and can control the acquisition of the SP to the attribute information of the terminal users, thus the SP provides different services for the terminal users. The method for realizing seamless switching in the single sign-on procedure realizes the seamless switching in the single sign-on procedure by executing network ID authentication to the terminal users through the IDP to which the SP affiliated or executing authentication to the terminal users through the SP. The devices comprise an ID provider device and a service provider device.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a method and device for improving the security of network identity authentication. Background technique [0002] Web Service (service) is an interface describing some operations, which can be accessed through the network by using a standardized XML (eXtensible Markup Language, Extensible Markup Language) message delivery mechanism. A Web Service can be used alone or in conjunction with other Web Services to implement complex functions or business transactions. [0003] A terminal may use various web services, but not all services are located in the trusted domain of its network operator. In order to improve the user experience of the terminal, the prior art provides an identity federation method, that is, a network identity, which is used to describe the status or data provided to the terminal in various network services to maintain consistency. [0004] In network ident...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/32
CPCH04L63/0815
Inventor 陈国乔杨健王雷张惠萍董挺
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap