CN1482827A - A mobile phone user authentication method and system - Google Patents

本发明涉及一种手机用户认证系统和方法，在终端设备与门户服务器之间设置超文本传输协议代理模块，通过该模块完成存储、管理和在服务请求中载入相应的会话标识，使手机用户的单点认证的实现不需要终端支持COOKIE管理，也不要求ICP应用服务器和门户服务器紧密配合及定时发送响应消息，通讯流量少，便于ICP灵活开展业务，适应大多数手机用户的需要。

The invention relates to a mobile phone user authentication system and method. A hypertext transfer protocol proxy module is set between a terminal device and a portal server. Through this module, storage, management, and loading of corresponding session identifiers in service requests are completed, so that mobile phone users The realization of the single-point authentication does not require the terminal to support COOKIE management, nor does it require the ICP application server and the portal server to cooperate closely and send response messages regularly. The communication traffic is small, which is convenient for ICP to develop business flexibly, and meets the needs of most mobile phone users.

A kind of cellphone subscriber's authentication method and system

Technical field

The present invention relates to cellphone subscriber's authentication techniques, more particularly, relate to a kind of method and system of cellphone subscriber's Single Sign On.

Background technology

Along with the arriving of information age, increasing cellphone subscriber wishes to use surfing Internet with cell phone, also the convenience of surfing Internet with cell phone is had higher requirement simultaneously.

The WAP standard is the protocol specification that is surfed the web by the mobile subscriber that the WAP Forum normal structure is formulated, and two kinds of versions of WAP1.X and WAP2.0 are arranged.

In the WAP2.0 model, except cellphone subscriber's terminal equipment directly with pattern that ICP (ICP) application server links to each other, also can dispose acting server between terminal equipment and ICP application server, acting server is optional intermediate equipment.The deployment of acting server is applied in the issue handling that separates wireless network and cable network both sides, improves aspects such as network performance, bells and whistles service and bring certain benefit to WAP2.0.

Portal server is for mobile subscriber's set a kind of equipment of surfing the Net, played the effect of mobile Internet door, can become the information navigation of ICP application server, also can be for the ICP application server provide authentification of user, the support of abilities such as service distribution.Cookie is meant a small text file that is stored on the user terminal, and its content can be any information, mainly is used in transmit mode information between client and the server.

When the cellphone subscriber surfs the Net, in order to judge the user whether the content that authority is browsed needs charge is arranged, need ICP application server identification user's identity, the user is authenticated.User for convenience, he only needs portal server of login to authenticate, and during visit other and this portal server is contracted after login ICP application server, the ICP application server does not need he is authenticated again.At this moment the ICP application server is finished authentication to the user by specific interaction mechanism, and this authentication mode is called Single Sign On (SSO).

Industry has two kinds of cellphone subscribers' Single Sign On mode at present:

Mode one:

Under this mode, the pattern that system adopts is that cellphone subscriber's terminal equipment directly links to each other with the ICP application server, carries out cellphone subscriber's Single Sign On by following steps by this pattern:

The cellphone subscriber logins to portal server;

Portal server distributes a session identification to give mobile phone terminal equipment;

During mobile phone terminal equipment browse ICP application server, session identification is sent to the ICP application server;

The ICP application server sends this session identification to portal server, obtains user ID from portal server.

This authentication mode requires terminal equipment to support the COOKIE management, so terminal equipment cost height.And because present most mobile subscriber terminal equipment are not supported the COOKIE management, therefore difficult carrying out.

Mode two:

Under this mode, the pattern that system adopts is still cellphone subscriber's terminal equipment and directly links to each other with the ICP application server, but realizes cellphone subscriber's Single Sign On by following steps by this pattern:

Cellphone subscriber's terminal equipment connects portal server, and portal server is that terminal equipment distributes a session identification:

When cellphone subscriber's terminal equipment was redirected to the application server of ICP by portal server, portal server carried this session identification and gives the ICP application server in parameter;

After the ICP application server is received this session identification, search the corresponding relation of session identification and user ID,, just send a SSO checking request, carry session identification and inquire user ID to portal server to portal server if can not find;

Because after the user redirect to the ICP application server, the user conversation sign of preserving on portal server may be overtime, when so the user consumes on the ICP application server, the response message of user conversation sign also need the transmission when user conversation identifies overtime predetermination carries to portal server in service provider, is in effective status with the user conversation sign that keeps the portal server end.

Though this kind mode does not require terminal equipment and supports the COOKIE management that need ICP application server and portal server to closely cooperate, it is tighter to be coupled, and is unfavorable for that ICP commences business flexibly.And the ICP application server will be before portal server end subscriber session identification be overtime the timed sending response message, communication traffic is big, thereby influences network transfer speeds, easily causes the congested of network.

Summary of the invention

The objective of the invention is to, a kind of method and system of cellphone subscriber's Single Sign On is provided, be convenient to ICP and commence business flexibly, adapt to most of cellphone subscribers' needs.

For achieving the above object, technology of the present invention specifically is achieved in that

A kind of system of cellphone subscriber's Single Sign On, comprise terminal equipment, ICP application server, portal server, the HTML (Hypertext Markup Language) proxy module is set between terminal equipment and portal server, be used for the managing conversation sign, by being connected of described session identification marking terminal equipment and HTML (Hypertext Markup Language) proxy module.

This HTML (Hypertext Markup Language) proxy module is provided with the session identification memory module and is used for store session sign and terminal equipment that is identified and the annexation between the HTML (Hypertext Markup Language) proxy module;

This HTML (Hypertext Markup Language) proxy module is provided with session load module, and the session sign is inserted in the packet of terminal equipment transmission.

The system of described cellphone subscriber's Single Sign On, this system also can comprise an accounting server.

The present invention also provides a kind of method of cellphone subscriber's Single Sign On, may further comprise the steps:

A. terminal equipment is by HTML (Hypertext Markup Language) proxy module login portal server, portal server assign sessions sign;

B. described session identification is stored and managed to the HTML (Hypertext Markup Language) proxy module;

C. terminal equipment sends the service request that is loaded with described session identification by the HTML (Hypertext Markup Language) proxy module to the ICP application server;

D.ICP application server identification session identification is made corresponding response according to the session identification recognition result.

This cellphone subscriber's Single Sign On method when carrying out described step D, can also comprise the steps:

The E.ICP application server was sent to accounting server with charge information and finishes charging before or after making corresponding service response.

The method of this cellphone subscriber's Single Sign On, steps A further comprises:

A1. terminal equipment sends logging request to the HTML (Hypertext Markup Language) proxy module;

A2. the HTML (Hypertext Markup Language) proxy module is transmitted logging request to portal server, requires the user to import user profile and finishes login;

A3. portal server returns the successful result of login, and for user's assign sessions sign, is sent to the HTML (Hypertext Markup Language) proxy module.

The method of this cellphone subscriber's Single Sign On, step C further comprises:

C1. terminal equipment sends service request to the HTML (Hypertext Markup Language) proxy module;

C2. the HTML (Hypertext Markup Language) proxy module is transmitted service request to the ICP application server, and is written into described session identification in service request;

The method of this cellphone subscriber's Single Sign On, step D further comprises:

The D1.ICP application server judges according to described session identification whether the user discerns;

If D2. discern, the ICP application server is made service response by the HTML (Hypertext Markup Language) proxy module to terminal equipment according to this session identification and service request;

If D3. without identification, by the identification information of session identification to the portal server inquiring user;

D4. portal server returns user totem information, the corresponding relation between ICP application server for storage user ID and session identification;

The D5.ICP application server is made service response by the HTML (Hypertext Markup Language) proxy module to terminal equipment according to this session identification and service request.

The present invention, by the HTML (Hypertext Markup Language) proxy module is set between terminal equipment and portal server, and finish storage and in service request, be written into corresponding session identification by this module, make cellphone subscriber's finishing of Single Sign On not need terminal equipment to support COOKIE, do not require that ICP application server and portal server closely cooperate and the timed sending response message yet, communication traffic is few, improve network transfer speeds, be convenient to ICP and commence business flexibly, adapt to most of cellphone subscribers' needs.

Description of drawings

Fig. 1 is cellphone subscriber's Single Sign On system diagram of the present invention;

Fig. 2 is the flow chart of assign sessions sign in cellphone subscriber's Single Sign On method of the present invention;

Fig. 3 is that the user browses ICP application server flow chart first in cellphone subscriber's Single Sign On method of the present invention.

Embodiment

The present invention is described in further detail with embodiment with reference to the accompanying drawings below:

With reference to figure 1, the present invention realizes that the system of cellphone subscriber's Single Sign On comprises terminal equipment, ICP application server, portal server and HTML (Hypertext Markup Language) proxy module.Between terminal equipment and the ICP application server portal server is set, can be the information navigation of ICP application server, also can be for the ICP application server provide authentification of user, the support of abilities such as service distribution.The HTML (Hypertext Markup Language) proxy module is set between terminal equipment and portal server, and this HTML (Hypertext Markup Language) proxy module is provided with session identification memory module and session identification load module.The session identification memory module is used for store session sign and terminal equipment to the connection of HTML (Hypertext Markup Language) proxy module and the corresponding relation between the session identification.Session load module is inserted the session sign in the packet of terminal equipment transmission.In this system, can also be connected into accounting server, finish the charging of service request response.

Consult Fig. 2, in the process of Fig. 2 for realization cellphone subscriber Single Sign On, the flow chart of assign sessions sign:

1. terminal equipment sends logging request to the HTML (Hypertext Markup Language) proxy module;

2. the HTML (Hypertext Markup Language) proxy module is transmitted logging request to portal server, requires the user to input user profile and password, finishes login;

3. portal server returns the successful result of login, and for user's assign sessions sign, sends to the HTML (Hypertext Markup Language) proxy module;

4. the session identification memory module in the HTML (Hypertext Markup Language) proxy module is stored this session identification, and this session identification is used for being connected of marking terminal equipment and HTML (Hypertext Markup Language) proxy module.

When the user surfs the Net the page that browsing content service provider first provides, consult Fig. 3, its step is as follows:

1. terminal equipment sends the request of browsing pages to the HTML (Hypertext Markup Language) proxy module;

2. the HTML (Hypertext Markup Language) proxy module is transmitted the ICP application server that content and service provider is arrived in the browsing pages request that is loaded with session identification;

3.ICP the session identification of application server by relatively storing judges whether the user discerns;

4. if discern, the ICP application server sends user's personalized browsing pages to terminal equipment by the HTML (Hypertext Markup Language) proxy module according to user ID (can be user name or phone number);

5. if without identification, the ICP application server identifies (can be user name or phone number) according to session identification to the portal server inquiring user, portal server returns user ID (can be user name or phone number), the corresponding relation of ICP application server stored user sign (can be user name or phone number) and session identification;

6.ICP the personalized browsing pages that application server returns the user according to user ID (can be user name or phone number) is given the HTML (Hypertext Markup Language) proxy module;

7. the HTML (Hypertext Markup Language) proxy module is transmitted user's personalized browsing pages to terminal equipment.

User's follow-up just browsing do not need to have inquired to portal server so before the deadline.If the term of validity arrives, then this session identification can be eliminated.The corresponding relation of session identification and user ID also is eliminated.

As another embodiment of the present invention, the user obtains session identification according to aforementioned flow process, promptly finishes login, and existing user wants download pictures from the ICP application server, and it can be finished as follows:

1. terminal equipment sends the request of obtaining picture to the HTML (Hypertext Markup Language) proxy service module;

2. the HTML (Hypertext Markup Language) proxy service module forwards the request in the application server of ICP, and is written into the session identification that has distributed in request;

3.ICP relatively the session identification of Chu Cuning judges whether the user discerns;

4. if discern, the ICP application server sends the charge information that comprises user ID (phone number) earlier and finishes charging to accounting server, sends the picture of customer requirements again to terminal equipment by the HTML (Hypertext Markup Language) proxy module according to user ID (phone number);

5. if find the user, then to the phone number of portal server inquiring user without identification;

6. portal server returns user's phone number, and ICP stores the corresponding relation of phone number and session identification;

7.ICP application server sends the charge information that comprises phone number and finishes charging to accounting server;

8.ICP application server sends the picture of downloading to the HTML (Hypertext Markup Language) proxy module;

9. the HTML (Hypertext Markup Language) proxy module is transmitted picture and is given terminal equipment.

As another embodiment of the present invention, the user obtains session identification according to aforementioned flow process, promptly finishes login, and existing user wants to be provided with the personalization hobby of its recreation, and it can be realized as follows:

1. terminal equipment sends the request that is provided with to the HTML (Hypertext Markup Language) proxy module;

2. the HTML (Hypertext Markup Language) proxy module forwards the request to the ICP application server, and is written into the session identification that has distributed in request;

3.ICP the session identification that application server relatively stores judges whether the user discerns;

4. if discern, the ICP application server sends to terminal equipment by the HTML (Hypertext Markup Language) proxy module according to user ID (phone number) page is set, and terminal equipment is finished setting;

5. if find that the user is without identification, to the phone number of portal server inquiring user;

6. portal server returns subscriber phone number, and stores the corresponding relation of phone number and session identification;

7.ICP application server sends the page is set;

8. the HTML (Hypertext Markup Language) proxy module is transmitted and the page is set to terminal equipment;

9. terminal equipment is finished setting.

In the system of the present invention, between terminal equipment and portal server, dispose the HTML (Hypertext Markup Language) proxy module, rely on session identification memory module and session identification load module are set in this module, with store session sign and session identification and the corresponding corresponding relation that is connected, and in ICP application server data packets for transmission, be written into corresponding session identification by the HTML (Hypertext Markup Language) proxy module the user, realize cellphone subscriber's Single Sign On.Make the user after login once on the portal server, before the deadline, it proposes service request to the ICP application server again, do not need regularly to send response message again as browse request, download pictures request etc. to portal server, communication traffic is few, do not require that ICP and portal server closely cooperate, and are convenient to ICP and commence business flexibly yet.The present invention simultaneously realizes that cellphone subscriber's Single Sign On does not need terminal equipment to support COOKIE yet, can adapt to most of cellphone subscribers' needs.

Though more than in conjunction with the embodiments, the present invention has been done detailed description, those skilled in the art are easy to make according to the present invention various conspicuous change and the remodeling to the foregoing description.So being not limited to the foregoing description, protection range of the present invention should determine by the claims that cover its all equivalents.