Patent Grant
7418727
The present invention generally relates to IP communication technology field and more particularly, to a security authentication method for PC client.
All kinds of PC security authentication methods in prior art are once-authentication, i.e. the PC client only needs to send a registry request to a Server while the PC client logging in, once the user identifier such as ID number and password passes authentication made by the Server, said PC will be able to access the services legally, which means the Server will no longer identify the PC client is legal or not when the PC utilizes the services.
The once-authentication method in prior art may give chances to illegal PC users to embezzle legal accounts. The
The present invention provides a dual authentication method for security authentication of a PC client in order to solve security problems of the PC client.
A security authentication method for a PC client, wherein includes following steps.
The PC client sends a registry request to a user server with a user ID and a password; the user server carries out a first authentication according to the user ID and the password, if the first authentication is successful, a field used for a re-authentication is created, and returned to the PC client through a message informing that the authentication has been passed.
When the PC client initiates calls, the user ID and the field used for re-authentication acquired during registering as well as a calling number and a called number will be transmitted to a service server. The service server then transfers the user ID and the field used for re-authentication as well as a calling number and a called number to the user server, according to which the server, implements a second authentication, if the authentication fails, the call will be rejected, otherwise the user server accepts the call and returns information of the called subscriber to the service server. The service server accepts the call and establishing the call.
Said field used for the re-authentication may either be a random variable, or an encrypted key produced by the server and so on.
Said user ID number may be an account number and other various service numbers that are used to identify the subscriber.
By associating the call and registry together, the present invention preferably solves the security problems of PC subscribers who have registered legally using the service, and largely increases the security in utilizing the subscriber resources.
The present invention associates the call and registry together. At the time when the subscriber logs in, a first authentication is performed, and once the first authentication is successful, a field is created which used for afterward re-authentication, and then it will be returned to the PC client. In the subsequent call process, the PC client should, besides information of the calling and called subscribers, upload the acquired security authentication field, to ensure that the User Server implements re-authentication based on the information about the calling subscriber and the security authentication field.
The method provided in the present invention can be applied in any IP communication services. Taken in conjunction with the accompanying drawings and personal number service (ONLY) as an example, features and applications of the present invention will be hereinafter discussed.
As a creative service syncretized traditional telecommunication and IP techniques, ONLY (One Number Link You) service is developed along with the development of Internet, which mainly aims to satisfy the increasingly urgent needs of the subscribers to communicate and get information at anywhere and anywhere. When utilizing the ONLY service, the subscribers need to simply apply for an ONLY number, with which no matter where the subscriber goes, other people can contact him conveniently through telephone, PC and other means through his ONLY number.
1, the ONLY service subscriber initiates a registry request to User Server 203 with his ONLY Number and password;
2, User Server 203 makes authentication based on the ONLY Number and the password; if the number does not match the password, or the number is illegal, the logon will be rejected, otherwise the authentication will be thought as successful; and then User Server 203 produces and returns a random variable to the PC client 201. Once the authentication succeeds, PC client 201 may initiates call at any time;
3, PC client 201 initiates a call to ONLY Server 202; during this period, the client must send the random variable which is acquired during registering to the ONLY Server 202, besides the calling and called numbers;
4, after receiving the call from PC client 201, ONLY Server 202 transmits a call request with the calling and called numbers as well as the random variable to User Server 203;
5, User Server 203 will then implement the second authentication according to the calling ONLY Number and random variable; if the second authentication fails, the call will be rejected, otherwise, the call will be accepted and User Server 203 returns information of the called subscriber to ONLY Server 202;
6, ONLY Server 202 accepts the call, sends a start call message to PC client 201, and then starts to establish calls.
Wherein, the ID number used for subscriber identification is ONLY Number of the ONLY service subscriber. The ID number can also be other identification numbers such as account number. The field used for the re-authentication created by the server is either a random variable, or an encrypted key.
From the authentication process discussed above we can see that, with the dual authentication method, security problems that troubles the resource utilization of legal registered PC subscribers can be solved, and the resource embezzlement of the legal PC registered subscribers can be eradicated. The method can also largely improve security performance of the resource utilization.
The present invention associates subscriber registry and call together; when the subscriber logs on and makes his first security authentication, a field used for authentication is created; it is necessary to carry this field at the time of initiating calls, in order to make the security re-authentication, only when both of the dual security authentications are successful, the call can be accepted and be established. Any changes, modifications and improvements made without departing from the spirit and principle of the present invention should be covered within the claims of the present invention.
| Number | Date | Country | Kind |
|---|---|---|---|
| 01 1 41650 | Sep 2001 | CN | national |
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/CN02/00408 | 6/7/2002 | WO | 00 | 3/29/2004 |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO03/030464 | 4/10/2003 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 5864665 | Tran | Jan 1999 | A |
| 5991623 | Ohta et al. | Nov 1999 | A |
| 6065120 | Laursen et al. | May 2000 | A |
| 6182142 | Win et al. | Jan 2001 | B1 |
| 6243816 | Fang et al. | Jun 2001 | B1 |
| 6338140 | Owens et al. | Jan 2002 | B1 |
| 6763468 | Gupta et al. | Jul 2004 | B2 |
| 6904526 | Hongwei | Jun 2005 | B1 |
| 6976164 | King et al. | Dec 2005 | B1 |
| 6985583 | Brainard et al. | Jan 2006 | B1 |
| 7010600 | Prasad et al. | Mar 2006 | B1 |
| 7024692 | Schanze et al. | Apr 2006 | B1 |
| 7089310 | Ellerman et al. | Aug 2006 | B1 |
| 7158776 | Estes et al. | Jan 2007 | B1 |
| 7181762 | Jerdonek | Feb 2007 | B2 |
| 20010037469 | Gupta et al. | Nov 2001 | A1 |
| 20010045451 | Tan et al. | Nov 2001 | A1 |
| 20020031225 | Hines | Mar 2002 | A1 |
| 20020071565 | Kurn et al. | Jun 2002 | A1 |
| 20020099942 | Gohl | Jul 2002 | A1 |
| 20020104025 | Hongwei | Aug 2002 | A1 |
| Number | Date | Country |
|---|---|---|
| WO9959375 | Nov 1999 | WO |
| WO0129757 | Apr 2001 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 20040255158 A1 | Dec 2004 | US |
