Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method, device and system of authentication and service calling

An authentication server and authentication technology, applied in transmission systems, security devices, electrical components, etc., can solve problems such as malicious ordering, client application legitimacy authentication, illegal service requests, etc., to prevent replay attacks Effect

Active Publication Date: 2012-03-14
CHINA MOBILE COMM CO LTD
View PDF8 Cites 96 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0018] 1. In the existing authentication mechanism based on static token transfer, in the token acquisition stage, only the authentication server authenticates the service subscription status corresponding to the user ID, without considering the authentication of the legitimacy of the client application. As a result, fake client applications may initiate illegal business requests, such as illegal billing requests, resulting in malicious ordering events
[0019] 2. In the existing authentication mechanism based on static token transfer, in the service initiation stage, only the application server authenticates the token carried by the client application, without considering the authentication of the client application to the application server, resulting in fake The application server may provide users with illegal services
[0020] 3. The existing authentication mechanism based on static token transmission is poor in security. The token obtained by the user terminal can be applied to all business requests, and it cannot prevent the token from being illegally obtained by the attacker and then used in illegal business requests.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system of authentication and service calling
  • Method, device and system of authentication and service calling
  • Method, device and system of authentication and service calling

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0066] First introduce the system architecture involved in the embodiment of the present invention, such as image 3 shown, including:

[0067] Platform capability API, where the platform capability API is divided into "running environment platform capability API" and "development environment platform capability API", "running environment platform capability API" is mainly used by user terminals during business operations, and "development environment platform capability Capability API "is mainly used by developers and network operators during the development and testing process, and is mainly used in the development environment SDK for call testing;

[0068] The authentication server is used to store the identity information of user terminals and client applications, and provide secure identity information and dynamic tokens for the running phase;

[0069] The API access control module is implemented in the business platform capability open engine, and is used to perform leg...

Embodiment 2

[0080] In order to realize the legitimacy authentication and authentication of the client application by the authentication server (the authentication server is a part of the service platform), the embodiment of the present invention proposes an authentication method based on the registration mechanism of the client application, so that the service platform can authenticate the user The legitimacy authentication of the terminal and the two-way authentication between the client application and the business platform also realize the acquisition of the authentication factor by the client application and provide the basis for subsequent calls to the platform capability API.

[0081] First, the development and testing phase of the client application is introduced.

[0082] The SDK environment includes a "Test Authentication Module" for development and testing. The developer develops and tests the client application based on the "test authentication module", and the client applicati...

Embodiment 3

[0109] When the API calling module needs to call the platform capability API, the API calling module first transfers the business request to the client authentication module, and the client authentication module optionally performs a local integrity check on the client application according to the security policy, and then generates a real-time Dynamic token and optionally set token usage parameters, and add the dynamic token and token usage parameters to the original business request and then send it to the business platform through the HTTPS secure data transmission channel established with the API access control module, the business After receiving the business request, the API access control module in the platform confirms that the type or priority of the business request meets the requirements of the token usage parameters, and then forwards the dynamic token to the authentication server for verification. If the dynamic token passes the authentication server The verificati...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method, device and system of authentication and service calling, used for realizing legality authentication of an authentication server in a service platform to a client side application and promoting the safety reliability of a calling mechanism of a platform capacity API (Application Programming Interface). The authentication server realizes the safe distribution of a clientKey by displacing a test authentication module in the client side application to a client side authentication module preset with an MAC (Media Access Control) fingerprint and the clientKey. When the client side application satisfies a trigger condition, the client side authentication module firstly passes an integrity check based on an MAC fingerprint mechanism and applies for registration to the authentication server based on an MAC1 generated by the shared clientKey and obtains a random authentication factor. When the client side application needs to call the platform capacity API, a dynamic token is generated based on the authentication factor to be carried in a service request. After the dynamic token authentication passes, the platform capacity API is allowed to be called.

Description

technical field [0001] The invention relates to the technical field of data services, in particular to an authentication method and device, and a service calling method and system. Background technique [0002] With the vigorous promotion of the third generation mobile communication system (3rd Generation, referred to as 3G) and mobile Internet services, network operators provide users with more and more value-added services, and at the same time provide service providers for third parties. Business integration provides more and more abundant network capability resources, such as location service capability, GIS (Geographic Information System, geographic information system) capability, game service capability, billing capability, IMS (IP Multimedia Subsystem, IP multimedia system ) capability, short message capability, multimedia message capability, search engine capability, cloud computing capability, Presence (presentation) capability, Widget service capability, instant me...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04W12/04H04W12/06H04L29/06
Inventor 江为强左敏
Owner CHINA MOBILE COMM CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products