[go: up one dir, main page]

CN106302475B - Family's Internet service authorization method and server - Google Patents

Family's Internet service authorization method and server Download PDF

Info

Publication number
CN106302475B
CN106302475B CN201610689006.3A CN201610689006A CN106302475B CN 106302475 B CN106302475 B CN 106302475B CN 201610689006 A CN201610689006 A CN 201610689006A CN 106302475 B CN106302475 B CN 106302475B
Authority
CN
China
Prior art keywords
terminal device
home gateway
terminal equipment
authentication server
authorization
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610689006.3A
Other languages
Chinese (zh)
Other versions
CN106302475A (en
Inventor
刘湘华
仇剑书
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201610689006.3A priority Critical patent/CN106302475B/en
Publication of CN106302475A publication Critical patent/CN106302475A/en
Application granted granted Critical
Publication of CN106302475B publication Critical patent/CN106302475B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

本发明实施例提供一种家庭互联网业务授权方法及服务器。该方法包括:授权认证服务器接收第一终端设备发送的业务接入请求;所述授权认证服务器确定所述第一终端设备是否与家庭网关关联;所述授权认证服务器确定所述授授权认证权服务器是否存储有所述第一终端设备的权限配置信息;所述授权认证服务器确定所述第一终端设备有权访问所述业务服务器;所述授权认证服务器向所述第一终端设备发送授权信息。该方法通过判断终端设备是否与家庭网关关联以及授权认证服务器中是否存储有所述终端设备的权限配置信息等来确定所述终端设备是否具有访问业务服务器的权限,免去了用户人工切换、授权的操作,提升了用户的使用体验。

Embodiments of the present invention provide a home Internet service authorization method and server. The method includes: the authorization authentication server receives the service access request sent by the first terminal device; the authorization authentication server determines whether the first terminal device is associated with a home gateway; the authorization authentication server determines whether the authorization authentication right server Whether the permission configuration information of the first terminal device is stored; the authorization authentication server determines that the first terminal device has the right to access the service server; the authorization authentication server sends authorization information to the first terminal device. The method determines whether the terminal device has the authority to access the service server by judging whether the terminal device is associated with the home gateway and whether the authority configuration information of the terminal device is stored in the authorization authentication server. The operation improves the user experience.

Description

家庭互联网业务授权方法及服务器Family Internet service authorization method and server

技术领域technical field

本发明涉及通信技术领域,尤其涉及一种家庭互联网业务授权方法及服务器。The invention relates to the field of communication technology, in particular to a method and server for authorizing home Internet services.

背景技术Background technique

随着互联网技术的不断发展,通信与互联网加速融合,已渗透到工作生活的方方面面。各种网络业务应用系统也越来越多,每个系统都各自拥有一套独立的权限管理模块,用户要想使用这些系统中的资源,就不得不相应地注册多套账户。对用户来说,由于账户太多,导致用户记忆难度增大,影响了用户体验。因此,开放授权(Open Authorization,简称oAuth)技术应运而生。With the continuous development of Internet technology, the accelerated integration of communication and the Internet has penetrated into all aspects of work and life. There are more and more various network business application systems, and each system has its own set of independent authority management modules. If users want to use the resources in these systems, they have to register multiple sets of accounts accordingly. For users, due to too many accounts, it is more difficult for users to remember, which affects the user experience. Therefore, an open authorization (Open Authorization, referred to as oAuth) technology emerges as the times require.

oAuth协议为用户资源的授权提供了一个安全的、开放而又简易的标准。与其他授权方式不同,oAuth的授权不会使支持oAuth协议的第三方应用触及到用户的账户信息(如用户名和密码),即支持oAuth协议的第三方应用无需使用额外的用户名和密码即可申请获得该用户资源的授权,因此oAuth技术在保证安全的同时,还可以降低用户的账户注册频率,提升用户体验。The oAuth protocol provides a safe, open and simple standard for authorization of user resources. Unlike other authorization methods, oAuth authorization will not allow third-party applications that support the oAuth protocol to touch the user's account information (such as user name and password), that is, third-party applications that support the oAuth protocol can apply without using additional user names and passwords. Obtain the authorization of the user's resources, so while ensuring security, oAuth technology can also reduce the user's account registration frequency and improve user experience.

家庭互联网系统是oAuth技术的典型应用场景。家庭互联网系统通常包括:互联网OAuth认证系统、家庭网关和至少一个家庭互联网终端设备(以下简称终端设备)。通常,用终端设备访问业务应用的流程是,在终端设备中访问支持oAuth协议的业务应用A,业务应用A重定向至互联网oAuth认证系统,用户输入互联网oAuth认证系统的通行证账号和密码,登录至联网OAuth认证系统,联网OAuth认证系统询问用户是否授权业务应用A使用该通行证账号,用户若同意,则可以访问业务应用A。用户需要访问业务应用B或者使用另一个终端设备访问业务应用时,都要重复上述步骤,致使用户需要进行频繁的切换、授权等操作,这样的步骤虽然保证了使用的安全性,却影响了用户的使用体验。The home Internet system is a typical application scenario of oAuth technology. A home Internet system generally includes: an Internet OAuth authentication system, a home gateway, and at least one home Internet terminal device (hereinafter referred to as terminal device). Usually, the process of using a terminal device to access a business application is to access a business application A that supports the oAuth protocol in the terminal device, and the business application A is redirected to the Internet oAuth authentication system. The user enters the pass account and password of the Internet oAuth authentication system, and logs in to The networked OAuth authentication system, the networked OAuth authentication system asks the user whether to authorize the business application A to use the pass account, and if the user agrees, the business application A can be accessed. When the user needs to access the business application B or use another terminal device to access the business application, the above steps must be repeated, causing the user to perform frequent switching, authorization and other operations. Although such steps ensure the security of use, they affect the user. experience.

发明内容Contents of the invention

本发明实施例提供一种家庭互联网业务授权方法及服务器,以克服上述家庭互联网应用场景中用户需要进行频繁的切换、授权等问题。Embodiments of the present invention provide a home Internet service authorization method and server, so as to overcome problems such as frequent switching and authorization by users in the above-mentioned home Internet application scenario.

本发明实施例的一个方面是提供一种家庭互联网业务授权方法,该方法包括:An aspect of an embodiment of the present invention is to provide a method for authorizing a home Internet service, the method including:

授权认证服务器接收第一终端设备发送的业务接入请求,所述业务接入请求包括所述第一终端设备的第一标识信息和所述第一终端设备的授权认证账号,所述授权认证账号为登录所述授权认证服务器的账号,所述授权认证服务器中存储有终端设备的权限配置信息,所述授权认证服务器中存储有终端设备的权限配置信息;The authorization authentication server receives the service access request sent by the first terminal device, the service access request includes the first identification information of the first terminal device and the authorization authentication account of the first terminal device, and the authorization authentication account For logging into the account of the authorization authentication server, the authorization authentication server stores the authority configuration information of the terminal device, and the authorization authentication server stores the authority configuration information of the terminal device;

所述授权认证服务器根据所述第一标识信息,确定所述第一终端设备是否与家庭网关关联,所述家庭网关中存储有各终端设备与所述授权认证账号的关联关系信息;The authorization authentication server determines whether the first terminal device is associated with a home gateway according to the first identification information, and the home gateway stores association relationship information between each terminal device and the authorization authentication account;

所述授权认证服务器根据所述第一标识信息,确定所述授权认证服务器是否存储有所述第一终端设备的权限配置信息;The authorization authentication server determines whether the authorization authentication server stores the authority configuration information of the first terminal device according to the first identification information;

若所述第一终端设备与所述家庭网关关联,且所述授权认证服务器存储有所述第一终端设备的权限配置信息,则所述授权认证服务器确定所述第一终端设备有权访问所述业务服务器;If the first terminal device is associated with the home gateway, and the authorization authentication server stores the permission configuration information of the first terminal device, then the authorization authentication server determines that the first terminal device has the right to access all the business server;

所述授权认证服务器向所述第一终端设备发送授权信息,所述授权信息为标识所述第一终端设备有权访问所述业务服务器的信息。The authorization authentication server sends authorization information to the first terminal device, where the authorization information is information identifying that the first terminal device has the right to access the service server.

本发明实施例的另一个方面是提供一种服务器,该服务器包括:Another aspect of the embodiments of the present invention provides a server, the server includes:

业务请求接收模块,用于接收第一终端设备发送的业务接入请求,所述业务接入请求包括所述第一终端设备的第一标识信息和所述第一终端设备的授权认证账号,所述授权认证账号为登录所述服务器的账号,所述服务器中存储有终端设备的权限配置信息;A service request receiving module, configured to receive a service access request sent by a first terminal device, where the service access request includes first identification information of the first terminal device and an authorized authentication account of the first terminal device, the The authorized authentication account is an account for logging into the server, and the server stores permission configuration information of the terminal device;

关联关系确定模块,用于根据所述第一标识信息,确定所述第一终端设备是否与家庭网关关联,所述家庭网关中存储有各终端设备与所述授权认证账号的关联关系信息;An association relationship determining module, configured to determine whether the first terminal device is associated with a home gateway according to the first identification information, and the home gateway stores association relationship information between each terminal device and the authorized authentication account;

权限配置确定模块,用于根据所述第一标识信息,确定所述服务器是否存储有所述第一终端设备的权限配置信息;A rights configuration determining module, configured to determine whether the server stores the rights configuration information of the first terminal device according to the first identification information;

授权确定模块,用于若所述第一终端设备与所述家庭网关关联,且所述服务器存储有所述第一终端设备的权限配置信息,则确定所述第一终端设备有权访问所述业务服务器;An authorization determining module, configured to determine that the first terminal device has the right to access the business server;

授权信息发送模块,用于向所述第一终端设备发送授权信息,所述授权信息为标识所述第一终端设备有权访问所述业务服务器的信息。An authorization information sending module, configured to send authorization information to the first terminal device, where the authorization information is information identifying that the first terminal device has the right to access the service server.

本发明实施例提供的家庭互联网业务授权方法及服务器,通过将家庭网关与授权认证服务器的授权认证账号进行绑定、将终端设备与该授权认证账号进行关联和在授权认证服务器中建立终端设备的权限控制信息,从而将对终端设备和业务应用的授权认证统一转换为对家庭网关的授权认证,进而降低用户切换、授权的频率。The home Internet service authorization method and server provided by the embodiments of the present invention bind the home gateway with the authorization authentication account of the authorization authentication server, associate the terminal device with the authorization authentication account, and establish the identity of the terminal device in the authorization authentication server. Authority control information, so as to uniformly convert the authorization and authentication of terminal equipment and business applications into the authorization and authentication of home gateways, thereby reducing the frequency of user switching and authorization.

附图说明Description of drawings

图1为本发明实施例一提供的家庭互联网业务授权方法流程图;FIG. 1 is a flowchart of a method for authorizing a home Internet service provided by Embodiment 1 of the present invention;

图2为本发明实施例二提供的家庭互联网业务授权方法流程图;FIG. 2 is a flowchart of a method for authorizing a home Internet service provided in Embodiment 2 of the present invention;

图3为本发明实施例三提供的家庭互联网业务授权方法流程图;FIG. 3 is a flow chart of a method for authorizing a home Internet service provided by Embodiment 3 of the present invention;

图4为本发明实施例四提供的服务器结构图;FIG. 4 is a structural diagram of a server provided by Embodiment 4 of the present invention;

图5为本发明实施例五提供的服务器结构图;FIG. 5 is a structural diagram of a server provided by Embodiment 5 of the present invention;

图6为本发明实施例六提供的服务器结构图;FIG. 6 is a structural diagram of a server provided by Embodiment 6 of the present invention;

图7为本发明实施例七提供的家庭互联网业务授权系统结构图。FIG. 7 is a structural diagram of a home Internet service authorization system provided by Embodiment 7 of the present invention.

具体实施方式Detailed ways

下面结合附图对本发明实施例提供的家庭互联网业务授权方法和系统及服务器进行详细系统的说明。The method, system and server for authorizing home Internet services provided by the embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

图1为本发明实施例一提供家庭互联网业务授权方法流程图。如图1所示,本实施例的家庭互联网业务授权方法具体包括以下步骤:FIG. 1 is a flow chart of a method for providing home Internet service authorization according to Embodiment 1 of the present invention. As shown in Figure 1, the home Internet service authorization method of this embodiment specifically includes the following steps:

步骤S101、授权认证服务器接收第一终端设备发送的业务接入请求,所述业务接入请求包括所述第一终端设备的第一标识信息和所述第一终端设备的授权认证账号,所述授权认证账号为登录所述授权认证服务器的账号,所述授权认证服务器中存储有终端设备的权限配置信息。Step S101, the authorization authentication server receives the service access request sent by the first terminal device, the service access request includes the first identification information of the first terminal device and the authorization authentication account of the first terminal device, the The authorization authentication account is an account for logging into the authorization authentication server, and the authorization authentication server stores permission configuration information of the terminal device.

例如,授权认证服务器可以是支持oAuth协议的授权认证服务器;第一终端设备可以是待授权认证的家庭互联网一个终端设备;第一标识信息可以是用来标识该第一终端设备的信息如MAC地址、唯一编号等;授权认证账号可以是用户预先通过所述授权认证服务器注册的账号,该账号可用于登录所述授权认证服务器;所述授权认证服务器中存储有终端设备的权限配置信息,以便所述授权认证服务器根据该权限配置信息确定终端设备访问业务服务器的权限例如该访问是否是在授权有效期限内等。For example, the authorization authentication server may be an authorization authentication server supporting the oAuth protocol; the first terminal device may be a terminal device of the home Internet to be authorized and authenticated; the first identification information may be information used to identify the first terminal device such as a MAC address , a unique number, etc.; the authorization authentication account may be an account registered by the user through the authorization authentication server in advance, and the account can be used to log in to the authorization authentication server; the authorization authentication server stores the permission configuration information of the terminal device, so that all The authorization authentication server determines the authorization of the terminal device to access the service server according to the authorization configuration information, for example, whether the access is within the validity period of the authorization.

步骤S102、所述授权认证服务器根据所述第一标识信息,确定所述第一终端设备是否与家庭网关关联,所述家庭网关中存储有各终端设备与所述授权认证账号的关联关系信息。Step S102, the authorization authentication server determines whether the first terminal device is associated with a home gateway according to the first identification information, and the home gateway stores association relationship information between each terminal device and the authorization authentication account.

优选地,步骤S102具体包括:Preferably, step S102 specifically includes:

所述授权认证服务器向家庭网关发送查询请求,以使所述家庭网关根据所述查询请求获取与所述家庭网关关联的各终端设备的标识信息。所述家庭网关根据所述查询请求,查询与所述家庭网关关联的各终端设备的标识信息,并将查询到的与所述家庭网关关联的各终端设备的标识信息发送给所述认证服务器。The authorization authentication server sends a query request to the home gateway, so that the home gateway obtains the identification information of each terminal device associated with the home gateway according to the query request. The home gateway searches for identification information of each terminal device associated with the home gateway according to the query request, and sends the found identification information of each terminal device associated with the home gateway to the authentication server.

所述授权认证服务器接收所述家庭网关发送的与所述家庭网关关联的各终端的标识信息。The authorization authentication server receives the identification information of each terminal associated with the home gateway sent by the home gateway.

所述授权认证服务器根据与所述家庭关联的各终端的标识信息以及所述第一标识信息,确定所述第一终端设备是否与所述家庭网关关联。例如,所述认证授权服务器将所述第一标识信息与接收到的与所述家庭网关关联的全部终端设备的标识信息进行比对,并产生比对结果,根据比对结果确定所述第一终端设备是否与所述家庭网关关联。The authorization authentication server determines whether the first terminal device is associated with the home gateway according to the identification information of each terminal associated with the home and the first identification information. For example, the authentication and authorization server compares the first identification information with the received identification information of all terminal devices associated with the home gateway, and generates a comparison result, and determines the first identification information according to the comparison result. Whether the terminal device is associated with the home gateway.

其中,所述家庭网关中存储有各终端设备与所述授权认证账号的关联关系信息,以便各终端设备通过所述家庭网关获取所述授权认证账号,进而通过所述授权认证账号登录所述授权认证服务器。所述与家庭网关关联的终端设备,可以是通过有线或者无线方式与家庭网关连接的终端设备,即家庭网关下挂的终端设备。Wherein, the home gateway stores association relationship information between each terminal device and the authorized authentication account, so that each terminal device obtains the authorized authentication account through the home gateway, and then logs in the authorized authentication account through the authorized authentication account. Authentication server. The terminal device associated with the home gateway may be a terminal device connected to the home gateway in a wired or wireless manner, that is, a terminal device attached to the home gateway.

步骤S103、所述授权认证服务器根据所述第一标识信息,确定所述授权认证服务器是否存储有所述第一终端设备的权限配置信息;Step S103, the authorization authentication server determines whether the authorization authentication server stores the authority configuration information of the first terminal device according to the first identification information;

例如:所述授权认证服务器可以在所述授权认证服务器中存储的所述权限配置信息进行查询,以确定是否有所述第一标识信息对应的所述第一终端设备的权限配置信息。For example: the authorization authentication server may query the authority configuration information stored in the authorization authentication server to determine whether there is authority configuration information of the first terminal device corresponding to the first identification information.

步骤S104、若所述第一终端设备与所述家庭网关关联,且所述授权认证服务器存储有所述第一终端设备的权限配置信息,则所述授权认证服务器确定所述第一终端设备有权访问所述业务服务器。Step S104, if the first terminal device is associated with the home gateway, and the authorization authentication server stores the permission configuration information of the first terminal device, then the authorization authentication server determines that the first terminal device has right to access the business server.

具体地,若所述第一终端设备与所述家庭网关关联,则说明所述第一终端设备与所述家庭网关具有关联关系,例如该关联关系可以是所述第一终端下挂在所述家庭网关下;若所述授权认证服务器存储有所述第一终端设备的权限配置信息,则说明所述授权认证服务器已预先对所述第一终端设备的权限例如访问所述业务服务器的权限进行了配置;若以上两个条件同时满足,所述授权认证服务器则认为所述第一终端设备是一个与家庭网关关联的合法终端设备,并且具有访问业务服务器的权限,因此可以确定所述第一终端设备有权访问所述业务服务器。Specifically, if the first terminal device is associated with the home gateway, it means that the first terminal device has an association relationship with the home gateway. For example, the association relationship may be that the first terminal is connected to the home gateway. Under the home gateway; if the authorization authentication server stores the permission configuration information of the first terminal device, it means that the authorization authentication server has pre-configured the permission of the first terminal device, such as the permission to access the service server. configuration; if the above two conditions are met at the same time, the authorization authentication server considers that the first terminal device is a legal terminal device associated with the home gateway and has the authority to access the service server, so the first terminal device can be determined The terminal device has the right to access the service server.

步骤S105、所述授权认证服务器向所述第一终端设备发送授权信息,所述授权信息为标识所述第一终端设备有权访问所述业务服务器的信息。Step S105, the authorization authentication server sends authorization information to the first terminal device, where the authorization information is information identifying that the first terminal device has the right to access the service server.

基于步骤S104的判断结果,所述授权认证服务器向所述第一终端设备发送授权信息,以通知所述第一终端设备可以凭该授权信息去访问所述业务服务器。其中,所述授权信息具体为标识所述第一终端设备有权访问所述业务服务器的信息。其后,第一终端设备可以凭所述授权信息向所述业务服务器发起访问请求,所述业务服务器根据所述授权信息确定是否允许所述第一终端接入。其中,所述业务服务器可以是支持oAuth协议的业务服务器。Based on the judgment result of step S104, the authorization authentication server sends authorization information to the first terminal device to notify the first terminal device that the authorization information can be used to access the service server. Wherein, the authorization information is specifically information identifying that the first terminal device has the right to access the service server. Thereafter, the first terminal device may initiate an access request to the service server based on the authorization information, and the service server determines whether to allow the first terminal to access according to the authorization information. Wherein, the service server may be a service server supporting the oAuth protocol.

本实施例提供的家庭互联网业务授权方法,通过在家庭网关中存储终端设备与授权认证账号的关联关系,使得终端设备可以通过家庭网关自动获取与该终端设备关联的授权认证账号,从而通过该授权认证账号登录授权认证服务器,进而免去用户人工输入的操作;通过判断终端设备是否与家庭网关关联以及授权认证服务器中是否存储有所述终端设备的权限配置信息等来确定所述终端设备是否具有访问业务服务器的权限,不仅能保证业务安全,还免去了用户人工切换、授权的操作,提升了用户的使用体验,克服了现有技术中确定终端设备是否具有访问业务服务器权限时需要用户频繁切换、授权操作的问题。The home Internet service authorization method provided in this embodiment stores the association relationship between the terminal device and the authorized authentication account in the home gateway, so that the terminal device can automatically obtain the authorized authentication account associated with the terminal device through the home gateway, thereby passing the authorization. The authentication account logs in to the authorization authentication server, thereby eliminating the need for manual input by the user; by judging whether the terminal equipment is associated with the home gateway and whether the authority configuration information of the terminal equipment is stored in the authorization authentication server, etc., it is determined whether the terminal equipment has The authority to access the business server can not only ensure the security of the business, but also eliminate the manual switching and authorization operations of the user, improve the user experience, and overcome the need for users to frequently check whether the terminal device has the authority to access the business server in the prior art. Problems with switching and authorization operations.

图2为本发明实施例二提供的家庭互联网业务授权方法流程图。如图2所示,本发明实施例二在实施例一的基础上,提供的家庭互联网业务授权方法具体包括:FIG. 2 is a flow chart of a method for authorizing a home Internet service according to Embodiment 2 of the present invention. As shown in FIG. 2 , on the basis of Embodiment 1, Embodiment 2 of the present invention provides a home Internet service authorization method that specifically includes:

步骤S201、授权认证服务器建立所述家庭网关与所述授权认证账号的绑定关系。Step S201, the authorization authentication server establishes a binding relationship between the home gateway and the authorization authentication account.

其中,所述授权认证账号为登录所述授权认证服务器的账号。Wherein, the authorization authentication account is an account for logging into the authorization authentication server.

例如,用户预先在授权认证服务器上注册了一个授权认证账号A,那么所述授权认证服务器可以将所述家庭网关的标识信息与所述授权认证账号A进行绑定,并将绑定关系信息进行存储,从而建立所述家庭网关与所述授权认证账号A的绑定关系。For example, if the user pre-registers an authorization authentication account A on the authorization authentication server, then the authorization authentication server can bind the identification information of the home gateway to the authorization authentication account A, and carry out the binding relationship information store, so as to establish a binding relationship between the home gateway and the authorized authentication account A.

步骤S202、所述授权认证服务器接收所述家庭网关发送的与所述家庭网关关联的各终端设备的标识信息。Step S202, the authorization authentication server receives the identification information of each terminal device associated with the home gateway sent by the home gateway.

例如,家庭互联网中新增一个终端设备,当该终端设备与所述家庭网关关联(例如连接)后,所述家庭网关将该终端设备与所述授权认证账号进行关联,并将关联关系信息存在到所述家庭网关中,同时将该终端设备的标识信息发送给所述授权认证服务器。所述认证服务器接收所述家庭网关发送的与所述家庭网关关联的该终端设备的标识信息。新增多个终端设备时,相应地重复上述操作,则所述认证服务器接收到所述家庭网关发送的与所述家庭网关关联的各终端设备的标识信息。For example, a new terminal device is added to the home Internet, and when the terminal device is associated (for example, connected) with the home gateway, the home gateway associates the terminal device with the authorized authentication account, and stores the association relationship information in to the home gateway, and at the same time send the identification information of the terminal device to the authorization authentication server. The authentication server receives the identification information of the terminal device associated with the home gateway sent by the home gateway. When multiple terminal devices are added, the above operations are repeated accordingly, and the authentication server receives the identification information of each terminal device associated with the home gateway sent by the home gateway.

步骤S203、所述授权认证服务器根据所述标识信息,建立与所述标识信息对应的终端设备的权限配置信息。Step S203, the authorization authentication server creates permission configuration information of the terminal device corresponding to the identification information according to the identification information.

例如,所述授权认证服务器接收到终端设备B的标识信息,则建立终端设备B的权限配置信息,该权限配置信息可以是终端设备B访问业务服务器的权限信息例如访问的有效期等。For example, upon receiving the identification information of the terminal device B, the authorization authentication server establishes the authority configuration information of the terminal device B, which may be the authority information of the terminal device B to access the service server, such as the validity period of the access.

步骤S204、所述授权认证服务器接收第一终端设备发送的业务接入请求,所述业务接入请求包括所述第一终端设备的第一标识信息和所述授权认证账号。Step S204, the authorization authentication server receives a service access request sent by the first terminal device, where the service access request includes the first identification information of the first terminal device and the authorization authentication account.

步骤S205、所述授权认证服务器根据所述第一标识信息,确定所述第一终端设备是否与所述家庭网关关联,所述家庭网关中存储有各终端设备与所述授权认证账号的关联关系信息。Step S205, the authorization authentication server determines whether the first terminal device is associated with the home gateway according to the first identification information, and the home gateway stores the association relationship between each terminal device and the authorization authentication account information.

步骤S206、所述授权认证服务器根据所述第一标识信息,确定所述授权认证服务器是否存储有所述第一终端设备的权限配置信息。Step S206, the authorization authentication server determines whether the authorization authentication server stores the authority configuration information of the first terminal device according to the first identification information.

步骤S207、若所述第一终端设备与所述家庭网关关联,且所述授权认证服务器存储有所述第一终端设备的权限配置信息,则所述授权认证服务器确定所述第一终端设备有权访问所述业务服务器。Step S207, if the first terminal device is associated with the home gateway, and the authorization authentication server stores the permission configuration information of the first terminal device, then the authorization authentication server determines that the first terminal device has right to access the business server.

步骤S208、所述授权认证服务器向所述第一终端设备发送授权信息,所述授权信息为标识所述第一终端设备有权访问所述业务服务器的信息。Step S208, the authorization authentication server sends authorization information to the first terminal device, where the authorization information is information identifying that the first terminal device has the right to access the service server.

步骤S204至步骤S208分别与步骤S101至步骤S205一致,具体方法在此不再赘述。Step S204 to step S208 are respectively consistent with step S101 to step S205, and the specific method will not be repeated here.

本实施例提供的家庭互联网业务授权方法,在授权认证服务器接收第一终端设备发送的业务接入请求之前,预先在授权认证服务器中建立家庭网关与授权认证账号的绑定关系、预先建立终端设备的权限配置信息,从而将家庭网关与授权认证账号唯一对应,进而使得授权认证服务器对终端设备的授权认证转化为对家庭网关的认证,既保证了业务安全,又使用户免于进行人工切换、授权等操作,提升了用户体验。In the home Internet service authorization method provided in this embodiment, before the authorization authentication server receives the service access request sent by the first terminal device, the binding relationship between the home gateway and the authorization authentication account is established in the authorization authentication server in advance, and the terminal device is pre-established. Authorization configuration information, so that the home gateway is uniquely associated with the authorized authentication account, and then the authorization authentication server’s authorization of the terminal device is converted into the authentication of the home gateway, which not only ensures business security, but also saves the user from manual switching. Authorization and other operations improve the user experience.

图3为本发明实施例三提供的家庭互联网业务授权方法流程图。如图3所示,在前述各实施例的基础上,以实施例二为例,提供一种家庭互联网业务授权方法,该方法具体包括:FIG. 3 is a flow chart of a method for authorizing a home Internet service according to Embodiment 3 of the present invention. As shown in Figure 3, on the basis of the foregoing embodiments, taking Embodiment 2 as an example, a method for authorizing a home Internet service is provided, and the method specifically includes:

步骤S301、授权认证服务器建立所述家庭网关与所述授权认证账号的绑定关系。Step S301, the authorization authentication server establishes a binding relationship between the home gateway and the authorization authentication account.

其中,所述授权认证账号为登录所述授权认证服务器的账号。Wherein, the authorization authentication account is an account for logging into the authorization authentication server.

步骤S302、所述授权认证服务器接收所述家庭网关发送的与所述家庭网关关联的各终端设备的标识信息。Step S302, the authorization authentication server receives the identification information of each terminal device associated with the home gateway sent by the home gateway.

步骤S303、所述授权认证服务器根据所述标识信息,建立与所述标识信息对应的终端设备的权限配置信息。Step S303, the authorization authentication server establishes permission configuration information of the terminal device corresponding to the identification information according to the identification information.

步骤S304、所述授权认证服务器接收第一终端设备发送的业务接入请求,所述业务接入请求包括所述第一终端设备的第一标识信息和所述授权认证账号。Step S304, the authorization authentication server receives the service access request sent by the first terminal device, where the service access request includes the first identification information of the first terminal device and the authorization authentication account.

步骤S305、所述授权认证服务器根据所述第一标识信息,确定所述第一终端设备是否与所述家庭网关关联,所述家庭网关中存储有各终端设备与所述授权认证账号的关联关系信息。Step S305, the authorization authentication server determines whether the first terminal device is associated with the home gateway according to the first identification information, and the home gateway stores the association relationship between each terminal device and the authorization authentication account information.

步骤S306、所述授权认证服务器根据所述第一标识信息,确定所述授权认证服务器是否存储有所述第一终端设备的权限配置信息。Step S306, the authorization authentication server determines whether the authorization authentication server stores the authority configuration information of the first terminal device according to the first identification information.

步骤S307、若所述第一终端设备与所述家庭网关关联,且所述授权认证服务器存储有所述第一终端设备的权限配置信息,则所述授权认证服务器确定所述第一终端设备有权访问所述业务服务器。Step S307, if the first terminal device is associated with the home gateway, and the authorization authentication server stores the permission configuration information of the first terminal device, then the authorization authentication server determines that the first terminal device has right to access the business server.

步骤S308、所述授权认证服务器向所述第一终端设备发送授权信息,所述授权信息为标识所述第一终端设备有权访问所述业务服务器的信息。Step S308, the authorization authentication server sends authorization information to the first terminal device, where the authorization information is information identifying that the first terminal device has the right to access the service server.

步骤S301至步骤S308分别与步骤S201至步骤S208一致,具体方法在此不再赘述。Step S301 to step S308 are respectively consistent with step S201 to step S208, and the specific method will not be repeated here.

执行步骤S308后,表明所述第一终端设备有权访问所述业务服务器,但所述业务服务器自身难以对所述第一终端设备的合法性进行认证。这就需要所述业务服务器与所述授权认证服务器进行交互,以对所述第一终端设备进行进一步的认证。因此,引入以下步骤:After step S308 is executed, it indicates that the first terminal device has the right to access the service server, but it is difficult for the service server itself to authenticate the legitimacy of the first terminal device. This requires the service server to interact with the authorization authentication server to further authenticate the first terminal device. Therefore, the following steps are introduced:

步骤S309、所述授权认证服务器接收所述第一终端设备发送的令牌请求,所述令牌请求包括所述第一终端设备的第一标识信息。Step S309, the authorization authentication server receives the token request sent by the first terminal device, and the token request includes the first identification information of the first terminal device.

所述第一终端设备收到所述授权认证服务器将所述授权信息发送给所述第一终端设备后,所述第一终端设备根据所述授权信息,向所述授权认证服务器器发送令牌请求,所述令牌请求包括所述第一终端设备的标识信息。After the first terminal device receives the authorization information sent by the authorization authentication server to the first terminal device, the first terminal device sends a token to the authorization authentication server according to the authorization information request, where the token request includes the identification information of the first terminal device.

所述授权认证服务器接收所述第一终端设备发送的令牌请求。The authorization authentication server receives the token request sent by the first terminal device.

步骤S310、所述授权认证服务器根据所述令牌请求生成与所述第一标识信息对应的令牌。Step S310, the authorization server generates a token corresponding to the first identification information according to the token request.

在步骤S310中,所述授权认证服务器生成令牌,并将该令牌保存,以使后续所述业务服务器通过该令牌对所述第一终端进行认证。In step S310, the authorization authentication server generates a token and saves the token, so that the service server can use the token to authenticate the first terminal later.

步骤S311、所述授权认证服务器将所述令牌发送给所述第一终端设备,以使所述第一终端设备根据所述令牌访问所述业务服务器。Step S311, the authorization authentication server sends the token to the first terminal device, so that the first terminal device accesses the service server according to the token.

其后的步骤与现有技术类似,即:Subsequent steps are similar to the prior art, namely:

所述第一终端设备根据所述令牌向所述业务服务器发起接入请求,该接入请求包括所述令牌。The first terminal device initiates an access request to the service server according to the token, where the access request includes the token.

所述业务服务器向所述授权认证服务器发起认证所述令牌的请求,所述认证请求包括所述令牌。The service server initiates a request for authenticating the token to the authorization authentication server, and the authentication request includes the token.

所述服务器将所述认证请求中的令牌和所述服务器中存储的令牌进行比对,若比对一致,则将令牌认证通过结果以及相应的用户信息发送给业务服务器,否则将令牌认证不通过结果发送给所述业务服务器。The server compares the token in the authentication request with the token stored in the server, and if the comparison is consistent, sends the result of the token authentication and the corresponding user information to the service server; If the card authentication fails, the result is sent to the service server.

所述业务服务器根据令牌认证结果,确定是否允许所述第一终端设备接入。即若令牌认证结果为通过,则允许所述第一终端设备接入,否则不允许其接入。The service server determines whether to allow the first terminal device to access according to the token authentication result. That is, if the token authentication result is passed, the first terminal device is allowed to access, otherwise, its access is not allowed.

其中,步骤S308中所述授权认证服务器将所述授权信息发送给所述第一终端设备,也可以是:所述授权认证服务器通过所述家庭网关将所述授权信息发送给所述第一终端设备,即所述授权认证服务器先将所述授权信息发送给所述家庭网关,再由所述家庭网关将所述授权信息发送给所述第一终端设备。Wherein, in step S308, the authorization authentication server sends the authorization information to the first terminal device, it may also be: the authorization authentication server sends the authorization information to the first terminal through the home gateway The device, that is, the authorization authentication server first sends the authorization information to the home gateway, and then the home gateway sends the authorization information to the first terminal device.

相应地,步骤S309中所述授权认证服务器接收所述第一终端设备发送的令牌请求,也可以是:所述授权认证服务器通过所述家庭网关接收所述第一终端设备发送的令牌请求,即由所述家庭网关接收所述第一终端发送的令牌请求,再由所述家庭网关将所述第令牌请求发送给所述授权认证服务器,也即所述授权认证服务器接收所述家庭网关发送的所述令牌请求。Correspondingly, in step S309, the authorization authentication server receives the token request sent by the first terminal device, or it may be: the authorization authentication server receives the token request sent by the first terminal device through the home gateway , that is, the home gateway receives the token request sent by the first terminal, and then the home gateway sends the first token request to the authorization authentication server, that is, the authorization authentication server receives the The token request sent by the home gateway.

相应地,步骤S311中所述授权认证服务器将所述令牌发送给所述第一终端设备,也可以是:所述授权认证服务器通过所述家庭网关将所述令牌发送给所述第一终端设备,即所述授权认证服务器先将所述令牌发送给所述家庭网关,再由所述家庭网关将所述令牌发送给所述第一终端设备。Correspondingly, in step S311, the authorization authentication server sends the token to the first terminal device, or: the authorization authentication server sends the token to the first terminal device through the home gateway. The terminal device, that is, the authorization authentication server first sends the token to the home gateway, and then the home gateway sends the token to the first terminal device.

本实施例在授权认证服务器将授权信息发送给第一终端设备后,引入“令牌”机制,使得业务服务器可以通过授权认证服务器对该“令牌”进行认证,待认证通过后再允许第一终端设备接入,从而进一步保证了业务交互的安全性。In this embodiment, after the authorization authentication server sends the authorization information to the first terminal device, a "token" mechanism is introduced, so that the service server can authenticate the "token" through the authorization authentication server, and the first terminal device is allowed to Terminal equipment access, thus further ensuring the security of business interaction.

上述实施例中,所述授权认证服务器在确定所述第一终端设备有权访问所述业务服务器时,还可以增加一个判断条件:并且若所述第一终端设备处于家庭互联网环境时,则确认所述第一终端有权访问所述业务服务器。其中,所述第一终端设备是否处于家庭互联网环境,可以由家庭网关来执行,即所述授权认证服务器通过所述家庭网关判断若所述第一终端设备处于家庭互联网环境时,则确认所述第一终端有权访问所述业务服务器。这样,可将那些连接在家庭网关下但不属于家庭互联网终端设备的设备排除出家庭互联网业务授权范围。In the above embodiment, when the authorization authentication server determines that the first terminal device has the right to access the service server, it may also add a judgment condition: and if the first terminal device is in the home Internet environment, confirm that The first terminal has the right to access the service server. Wherein, whether the first terminal device is in the home Internet environment can be performed by the home gateway, that is, the authorization authentication server determines if the first terminal device is in the home Internet environment through the home gateway, then confirms that the The first terminal has the right to access the service server. In this way, those devices connected to the home gateway but not belonging to home Internet terminal devices can be excluded from the scope of home Internet service authorization.

图4为本发明实施例四提供的服务器结构图。本发明实施例四提供的服务器具体包括:业务请求接收模块1、关联关系确定模块2、权限配置确定模块3、授权确定模块4、授权信息发送模块5。FIG. 4 is a structural diagram of a server provided by Embodiment 4 of the present invention. The server provided by Embodiment 4 of the present invention specifically includes: a business request receiving module 1 , an association relationship determining module 2 , a rights configuration determining module 3 , an authorization determining module 4 , and an authorization information sending module 5 .

业务请求接收模块1,用于接收第一终端设备发送的业务接入请求,所述业务接入请求包括所述第一终端设备的第一标识信息和所述第一终端设备的授权认证账号,所述授权认证账号为登录所述服务器的账号,所述服务器中存储有终端设备的权限配置信息。A service request receiving module 1, configured to receive a service access request sent by a first terminal device, where the service access request includes first identification information of the first terminal device and an authorized authentication account of the first terminal device, The authorized authentication account is an account for logging into the server, and the server stores permission configuration information of the terminal device.

关联关系确定模块2,用于根据所述第一标识信息,确定所述第一终端设备是否与家庭网关关联,所述家庭网关中存储有各终端设备与所述授权认证账号的关联关系信息。The association relationship determination module 2 is configured to determine whether the first terminal device is associated with a home gateway according to the first identification information, and the home gateway stores information about the association relationship between each terminal device and the authorized authentication account.

权限配置确定模块3,用于根据所述第一标识信息,确定所述服务器是否存储有所述第一终端设备的权限配置信息。The authority configuration determining module 3 is configured to determine whether the server stores the authority configuration information of the first terminal device according to the first identification information.

授权确定模块4,用于若所述第一终端设备与所述家庭网关关联,且所述服务器存储有所述第一终端设备的权限配置信息,则确定所述第一终端设备有权访问所述业务服务器。An authorization determining module 4, configured to determine that the first terminal device has the right to access all The business server described above.

授权信息发送模块5,用于向所述第一终端设备发送授权信息,所述授权信息为标识所述第一终端设备有权访问所述业务服务器的信息。An authorization information sending module 5, configured to send authorization information to the first terminal device, where the authorization information is information identifying that the first terminal device has the right to access the service server.

优选地,所述关联关系确定模块2包括:发送单元21、接收单元22、确定单元23。Preferably, the association relationship determining module 2 includes: a sending unit 21 , a receiving unit 22 , and a determining unit 23 .

发送单元21,用于向所述家庭网关发送查询请求,以使所述家庭网关根据所述查询请求获取与所述家庭网关关联的各终端设备的标识信息。The sending unit 21 is configured to send a query request to the home gateway, so that the home gateway acquires identification information of each terminal device associated with the home gateway according to the query request.

接收单元22,用于接收所述家庭网关发送的与所述家庭网关关联的各终端设备的标识信息。The receiving unit 22 is configured to receive identification information of each terminal device associated with the home gateway sent by the home gateway.

确定单元23,用于根据与所述家庭网关关联的各终端设备的标识信息以及所述第一标识信息,确定所述第一终端设备是否与所述家庭网关关联。The determining unit 23 is configured to determine whether the first terminal device is associated with the home gateway according to the identification information of each terminal device associated with the home gateway and the first identification information.

本发明实施例提供的服务器,用于执行实施例一的家庭互联网业务授权方法,其实现原理、功能用途等与实施例一类似,在此处不再赘述。The server provided by the embodiment of the present invention is used to implement the home Internet service authorization method of the first embodiment, and its implementation principle, functions and purposes are similar to those of the first embodiment, and will not be repeated here.

本实施例提供的服务器,通过在家庭网关中存储终端设备与授权认证账号的关联关系,使得终端设备可以通过家庭网关自动获取与该终端设备关联的授权认证账号,从而通过该授权认证账号登录授权认证服务器,进而免去用户人工输入的操作;通过判断终端设备是否与家庭网关关联以及授权认证服务器中是否存储有所述终端设备的权限配置信息等来确定所述终端设备是否具有访问业务服务器的权限,不仅能保证业务安全,还免去了用户人工切换、授权的操作,提升了用户的使用体验,克服了现有技术中确定终端设备是否具有访问业务服务器权限时需要用户频繁切换、授权操作的问题。The server provided in this embodiment stores the relationship between the terminal device and the authorized authentication account in the home gateway, so that the terminal device can automatically obtain the authorized authentication account associated with the terminal device through the home gateway, so as to log in to the authorized account through the authorized authentication account. authentication server, thereby eliminating the need for manual input by the user; determining whether the terminal device has access to the service server by judging whether the terminal device is associated with the home gateway and whether the authority configuration information of the terminal device is stored in the authorization authentication server. Permissions can not only ensure business security, but also eliminate manual switching and authorization operations for users, improve user experience, and overcome the need for frequent switching and authorization operations in the prior art when determining whether a terminal device has access to a business server The problem.

图5为本发明实施例五提供的服务器结构图。如图5所示,本发明实施例五在实施例四的基础上,提供的服务器具体包括:业务请求模块1、关联关系确定模块2、权限配置确定模块3、授权确定模块4和授权信息发送模块5,上述模块分别与实施例四中的业务请求模块1、关联关系确定模块2、权限配置确定模块3、授权确定模块4和授权信息发送模块5一致,在此不再赘述。FIG. 5 is a structural diagram of a server provided by Embodiment 5 of the present invention. As shown in Figure 5, on the basis of Embodiment 4, the server provided by Embodiment 5 of the present invention specifically includes: a business request module 1, an association relationship determination module 2, a rights configuration determination module 3, an authorization determination module 4, and an authorization information sending module. Module 5, the above-mentioned modules are respectively consistent with the service request module 1, association relationship determination module 2, authority configuration determination module 3, authorization determination module 4 and authorization information sending module 5 in Embodiment 4, and will not be repeated here.

该服务器还包括:绑定关系建立模块6、标识信息接收模块7、权限配置建立模块8。The server also includes: a binding relationship establishing module 6 , an identification information receiving module 7 , and an authority configuration establishing module 8 .

绑定关系建立模块6,用于在业务请求接收模块接收第一终端设备发送的业务接入请求之前,建立所述家庭网关与所述授权认证账号的绑定关系。The binding relationship establishing module 6 is configured to establish a binding relationship between the home gateway and the authorized authentication account before the service request receiving module receives the service access request sent by the first terminal device.

标识信息接收模块7,用于在业务请求接收模块接收第一终端设备发送的业务接入请求之前,接收所述家庭网关发送的与所述家庭网关关联的终端设备的标识信息。The identification information receiving module 7 is configured to receive the identification information of the terminal device associated with the home gateway sent by the home gateway before the service request receiving module receives the service access request sent by the first terminal device.

权限配置建立模块8,用于在第一接收模块接收第一终端设备发送的业务接入请求之前,根据所述标识信息,建立与所述标识信息对应的终端设备的权限配置信息。The authority configuration establishment module 8 is configured to establish the authority configuration information of the terminal device corresponding to the identification information according to the identification information before the first receiving module receives the service access request sent by the first terminal device.

本发明实施例的服务器用于执行实施例二的家庭互联网业务授权方法,其实现原理、功能用途等与实施例二类似,在此处不再赘述。The server in the embodiment of the present invention is used to implement the home Internet service authorization method in the second embodiment, and its implementation principle, function and usage are similar to those in the second embodiment, and will not be repeated here.

本实施例提供的服务器,在业务请求接收模块接收第一终端设备发送的业务接入请求之前,预先在该服务器中建立家庭网关与授权认证账号的绑定关系、预先建立终端设备的权限配置信息,从而将家庭网关与授权认证账号唯一对应,进而使得该服务器对终端设备的授权认证转化为对家庭网关的认证,既保证了业务安全,又使用户免于进行人工切换、授权等操作,提升了用户体验。The server provided in this embodiment, before the service request receiving module receives the service access request sent by the first terminal device, pre-establishes the binding relationship between the home gateway and the authorized authentication account in the server, and pre-establishes the authority configuration information of the terminal device , so that the home gateway is uniquely associated with the authorized authentication account, and then the server’s authorization and authentication of the terminal device is transformed into the authentication of the home gateway, which not only ensures business security, but also saves users from manual switching, authorization and other operations, improving user experience.

图6为本发明实施例六提供的服务器结构图。如图6所示,本发明实施例六在实施例五的基础上,提供的服务器具体包括:业务请求模块1、关联关系确定模块2、权限配置确定模块3、授权确定模块4、授权信息发送模块5、绑定关系建立模块6、标识信息接收模块7和权限配置建立模块8,上述模块分别与实施例五中的业务请求模块1、关联关系确定模块2、权限配置确定模块3、授权确定模块4、授权信息发送模块5、绑定关系建立模块6、标识信息接收模块7和权限配置建立模块8一致,在此不再赘述。FIG. 6 is a structural diagram of a server provided by Embodiment 6 of the present invention. As shown in Figure 6, on the basis of Embodiment 5, Embodiment 6 of the present invention provides a server that specifically includes: a business request module 1, an association relationship determination module 2, a rights configuration determination module 3, an authorization determination module 4, and an authorization information sending module. Module 5, binding relationship establishment module 6, identification information receiving module 7 and authority configuration establishment module 8, the above modules are respectively related to the business request module 1, association relationship determination module 2, authority configuration determination module 3, and authorization determination module in Embodiment 5 Module 4 , authorization information sending module 5 , binding relationship establishing module 6 , identification information receiving module 7 and authority configuration establishing module 8 are the same, and will not be repeated here.

该服务器还包括:令牌请求接收模块9、令牌生成模块10、令牌发送模块11。The server also includes: a token request receiving module 9 , a token generating module 10 , and a token sending module 11 .

令牌请求接收模块9,用于在第一发送模块向所述第一终端设备发送授权信息之后,接收所述第一终端设备关发送的令牌请求,所述令牌请求包括所述第一终端设备的第一标识信息。The token request receiving module 9 is configured to receive the token request sent by the first terminal device after the first sending module sends the authorization information to the first terminal device, and the token request includes the first First identification information of the terminal device.

令牌生成模块10,用于根据所述令牌请求生成与所述第一标识信息对应的令牌。A token generation module 10, configured to generate a token corresponding to the first identification information according to the token request.

令牌发送模块11,用于将所述令牌发送给所述第一终端设备,以使所述第一终端设备根据所述令牌访问所述业务服务器。A token sending module 11, configured to send the token to the first terminal device, so that the first terminal device accesses the service server according to the token.

优选地,所述授权信息发送模块5具体用于通过所述家庭网关向所述第一终端设备发送授权信息。Preferably, the authorization information sending module 5 is specifically configured to send authorization information to the first terminal device through the home gateway.

相应地,令牌请求接收模块9,具体用于通过所述家庭网关接收所述第一终端设备关发送的令牌请求信息。Correspondingly, the token request receiving module 9 is specifically configured to receive the token request information sent by the first terminal device through the home gateway.

相应地,令牌发送模块11,具体用于通过所述家庭网关将所述令牌发送给所述第一终端设备。Correspondingly, the token sending module 11 is specifically configured to send the token to the first terminal device through the home gateway.

本发明实施例提供的服务器用于执行实施例三的家庭互联网业务授权方法,其实现原理、功能用途等与实施例三类似,在此处不再赘述。The server provided in the embodiment of the present invention is used to implement the home Internet service authorization method in the third embodiment, and its implementation principle, function and usage are similar to those in the third embodiment, and will not be repeated here.

本实施例提供的服务器在所述授权信息发送模块将授权信息发送给第一终端设备后,引入“令牌”机制,使得业务服务器可以通过所述服务器对该“令牌”进行认证,待认证通过后再允许第一终端设备接入,从而进一步保证了业务交互的安全性。The server provided in this embodiment introduces a "token" mechanism after the authorization information sending module sends the authorization information to the first terminal device, so that the service server can authenticate the "token" through the server, and the authentication is pending. After passing, the first terminal device is allowed to access, thereby further ensuring the security of service interaction.

图7为本发明实施例七提供的家庭互联网业务授权系统结构图。如图7所示,本发明实施例七提供的家庭互联网业务授权系统具体包括:实施例四、五或六所提供的服务器、终端设备和家庭网关。FIG. 7 is a structural diagram of a home Internet service authorization system provided by Embodiment 7 of the present invention. As shown in FIG. 7 , the home Internet service authorization system provided by Embodiment 7 of the present invention specifically includes: the server, terminal device and home gateway provided by Embodiment 4, 5 or 6.

本实施例提供的系统用于执行相应的家庭互联网业务授权方法,其实现原理、功能用途等与相应的家庭互联网业务授权方法的实现原理、功能用途等类似,在此不再赘述。The system provided in this embodiment is used to implement the corresponding home Internet service authorization method, and its implementation principle, function and application are similar to those of the corresponding home Internet service authorization method, and will not be repeated here.

本实施例提供的系统的有益效果与相应的家庭互联网业务授权方法的有益效果类似,在此不再赘述。The beneficial effects of the system provided by this embodiment are similar to those of the corresponding home Internet service authorization method, and will not be repeated here.

最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, rather than limiting them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: It is still possible to modify the technical solutions described in the foregoing embodiments, or perform equivalent replacements for some or all of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the various embodiments of the present invention. scope.

Claims (10)

1. a kind of family's Internet service authorization method characterized by comprising
Radius authentication server receives the service access request that first terminal equipment is sent, and the service access request includes described The authorization identifying account of the first identifier information of first terminal equipment and the first terminal equipment, the authorization identifying account are The account of the radius authentication server is logged in, the authority configuration letter of terminal device is stored in the radius authentication server Breath;
The radius authentication server according to the first identifier information, determine the first terminal equipment whether with home gateway It is associated with, the incidence relation information of each terminal device Yu the authorization identifying account is stored in the home gateway;
The radius authentication server determines whether the radius authentication server stores according to the first identifier information State the privileges configuration information of first terminal equipment;
If the first terminal equipment is associated with the home gateway, and the radius authentication server is stored with described first eventually The privileges configuration information of end equipment, then the radius authentication server determines the first terminal equipment Internet access business service Device;
The radius authentication server sends authorization message to the first terminal equipment, and the authorization message is to identify described the The information of service server described in one terminal device Internet access.
2. the method according to claim 1, wherein the radius authentication server is believed according to the first identifier Breath, determines whether the first terminal equipment is associated with the home gateway, comprising:
The radius authentication server sends inquiry request to the home gateway, so that the home gateway is according to the inquiry The identification information of request and the associated each terminal device of the home gateway;
The radius authentication server receive that the home gateway sends with the associated each terminal device of the home gateway Identification information;
The radius authentication server is according to the identification information and described with the associated each terminal device of the home gateway One identification information, determines whether the first terminal equipment is associated with the home gateway.
3. the method according to claim 1, wherein the radius authentication server receives first terminal equipment hair Before the service access request sent, further includes:
The radius authentication server establishes the binding relationship of the home gateway Yu the authorization identifying account;
The radius authentication server receives the mark with the associated terminal device of the home gateway that the home gateway is sent Know information;
The radius authentication server establishes the permission of terminal device corresponding with the identification information according to the identification information Configuration information.
4. method according to claim 1-3, which is characterized in that the radius authentication server is to described first Terminal device is sent after authorization message, further includes:
The radius authentication server receives the token request that the first terminal equipment is sent, and the token request includes described The first identifier information of first terminal equipment;
The radius authentication server generates token corresponding with the first identifier information according to token request;
The token is sent to the first terminal equipment by the radius authentication server, so that the first terminal equipment root The service server is accessed according to the token.
5. according to the method described in claim 4, it is characterized in that, the radius authentication server is to the first terminal equipment Send authorization message, comprising:
The radius authentication server sends authorization message to the first terminal equipment by the home gateway;
The radius authentication server receives the first terminal equipment and closes the token solicited message sent, comprising:
The radius authentication server receives the first terminal equipment by the home gateway and closes the token sent request letter Breath;
The token is sent to the first terminal equipment by the radius authentication server, comprising:
The token is sent to the first terminal equipment by the home gateway by the radius authentication server.
6. a kind of server characterized by comprising
Service request receiving module, for receiving the service access request of first terminal equipment transmission, the service access request The authorization identifying account of first identifier information and the first terminal equipment including the first terminal equipment, the authorization are recognized Demonstrate,proving account is to log in the account of the server, and the privileges configuration information of terminal device is stored in the server;
Incidence relation determining module, for according to the first identifier information, determine the first terminal equipment whether with family Gateway association is stored with the incidence relation information of each terminal device Yu the authorization identifying account in the home gateway;
Authority configuration determining module, for according to the first identifier information, determining whether the server is stored with described the The privileges configuration information of one terminal device;
Determining module is authorized, if being associated with for the first terminal equipment with the home gateway, and the server is stored with The privileges configuration information of the first terminal equipment, it is determined that the first terminal equipment Internet access service server;
Authorization message sending module, for sending authorization message to the first terminal equipment, the authorization message is mark institute State the information of service server described in first terminal equipment Internet access.
7. server according to claim 6, which is characterized in that the incidence relation determining module includes:
Transmission unit, for sending inquiry request to the home gateway, so that the home gateway is according to the inquiry request Obtain the identification information with the associated each terminal device of the home gateway;
Receiving unit, the mark letter with the associated each terminal device of the home gateway sent for receiving the home gateway Breath;
Determination unit, identification information and the first identifier for basis with the associated each terminal device of the home gateway Information, determines whether the first terminal equipment is associated with the home gateway.
8. server according to claim 7, which is characterized in that further include:
Binding relationship establishes module, for receiving the service access request that first terminal equipment is sent in service request receiving module Before, the binding relationship of the home gateway Yu the authorization identifying account is established;
Identification information receiving module, for receiving the service access request that first terminal equipment is sent in service request receiving module Before, the identification information with the associated terminal device of the home gateway that the home gateway is sent is received;
Authority configuration establishes module, requests it for receiving the service access that first terminal equipment is sent in the first receiving module Before, according to the identification information, establish the privileges configuration information of terminal device corresponding with the identification information.
9. server according to claim 8, which is characterized in that further include:
Token request receiving module, for connecing after the first sending module sends authorization message to the first terminal equipment It receives the first terminal equipment and closes the token request sent, the token request includes the first identifier of the first terminal equipment Information;
Token generation module, for generating token corresponding with the first identifier information according to token request;
Token sending module, for the token to be sent to the first terminal equipment, so that the first terminal equipment root The service server is accessed according to the token.
10. server according to claim 9, which is characterized in that the authorization message sending module, specifically for passing through The home gateway sends authorization message to the first terminal equipment;
Token request receiving module closes the token sent specifically for receiving the first terminal equipment by the home gateway Solicited message;
Token sending module, specifically for the token is sent to the first terminal equipment by the home gateway.
CN201610689006.3A 2016-08-18 2016-08-18 Family's Internet service authorization method and server Active CN106302475B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610689006.3A CN106302475B (en) 2016-08-18 2016-08-18 Family's Internet service authorization method and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610689006.3A CN106302475B (en) 2016-08-18 2016-08-18 Family's Internet service authorization method and server

Publications (2)

Publication Number Publication Date
CN106302475A CN106302475A (en) 2017-01-04
CN106302475B true CN106302475B (en) 2019-09-10

Family

ID=57660650

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610689006.3A Active CN106302475B (en) 2016-08-18 2016-08-18 Family's Internet service authorization method and server

Country Status (1)

Country Link
CN (1) CN106302475B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107493280B (en) * 2017-08-15 2020-10-09 中国联合网络通信集团有限公司 User authentication method, intelligent gateway and authentication server
CN110636057B (en) * 2019-09-10 2021-09-28 腾讯科技(深圳)有限公司 Application access method and device and computer readable storage medium
CN114710348B (en) * 2022-03-31 2023-07-04 湖北工业大学 Authorization authentication and key negotiation method for user to use home intelligent equipment
CN116886367A (en) * 2023-07-17 2023-10-13 支付宝(杭州)信息技术有限公司 Security authentication methods, devices, electronic equipment and storage media

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101771541A (en) * 2008-12-26 2010-07-07 中兴通讯股份有限公司 Secret key certificate generating method and system for home gateway
FR2982445A1 (en) * 2011-11-04 2013-05-10 Delta Dore METHOD AND SYSTEM FOR ASSOCIATION OF EQUIPMENT WITH A GATEWAY
CN103701758A (en) * 2012-09-27 2014-04-02 中国电信股份有限公司 Method and system for using various businesses through mobile terminal client, and user authentication gateway
CN104144167A (en) * 2014-08-15 2014-11-12 深圳市蜂联科技有限公司 User login authentication method of open intelligent gateway platform
CN104580213A (en) * 2015-01-08 2015-04-29 网神信息技术(北京)股份有限公司 Certificate authorization method and device
CN104735027A (en) * 2013-12-20 2015-06-24 中兴通讯股份有限公司 Safety authentication method and authentication certification server
CN105763400A (en) * 2016-01-29 2016-07-13 中国联合网络通信集团有限公司 Method and system for binding home gateway and home gateway management platform

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020138635A1 (en) * 2001-03-26 2002-09-26 Nec Usa, Inc. Multi-ISP controlled access to IP networks, based on third-party operated untrusted access stations

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101771541A (en) * 2008-12-26 2010-07-07 中兴通讯股份有限公司 Secret key certificate generating method and system for home gateway
FR2982445A1 (en) * 2011-11-04 2013-05-10 Delta Dore METHOD AND SYSTEM FOR ASSOCIATION OF EQUIPMENT WITH A GATEWAY
CN103701758A (en) * 2012-09-27 2014-04-02 中国电信股份有限公司 Method and system for using various businesses through mobile terminal client, and user authentication gateway
CN104735027A (en) * 2013-12-20 2015-06-24 中兴通讯股份有限公司 Safety authentication method and authentication certification server
CN104144167A (en) * 2014-08-15 2014-11-12 深圳市蜂联科技有限公司 User login authentication method of open intelligent gateway platform
CN104580213A (en) * 2015-01-08 2015-04-29 网神信息技术(北京)股份有限公司 Certificate authorization method and device
CN105763400A (en) * 2016-01-29 2016-07-13 中国联合网络通信集团有限公司 Method and system for binding home gateway and home gateway management platform

Also Published As

Publication number Publication date
CN106302475A (en) 2017-01-04

Similar Documents

Publication Publication Date Title
CN109428947B (en) Authority transfer system, control method thereof and storage medium
CN104917727B (en) A kind of method, system and device of account's authentication
CN103780397B (en) A kind of multi-screen multiple-factor convenient WEB identity authentication method
US9038138B2 (en) Device token protocol for authorization and persistent authentication shared across applications
CN103051630B (en) Method, the Apparatus and system of third-party application mandate is realized based on open platform
CN104767715B (en) Access control method and equipment
CN106714075B (en) A method and apparatus for processing authorization
CN103685139B (en) Certificate Authority processing method and processing device
KR101635244B1 (en) User-based authentication for realtime communications
CN101267367B (en) Method, system, authentication server and home device for controlling access to home network
CN105763514B (en) A kind of method, apparatus and system of processing authorization
CN110138718A (en) Information processing system and its control method
US20080320566A1 (en) Device provisioning and domain join emulation over non-secured networks
US9344417B2 (en) Authentication method and system
WO2016155668A1 (en) Method for unified application authentication in trunking system, server and terminal
WO2013056674A1 (en) Centralized security management method and system for third party application and corresponding communication system
CN110730174A (en) Network access control method, device, equipment and medium
KR20050012900A (en) Method and system for registering and automatically retrieving digital-certificates in voice over internet protocol(VOIP) communications
EP3120591A1 (en) User identifier based device, identity and activity management system
CN106330813A (en) Method, device and system for processing authorization
WO2016078419A1 (en) Open authorization method, device and open platform
CN106331003B (en) A method and device for accessing an application portal system on a cloud desktop
WO2017076216A1 (en) Server, mobile terminal, and internet real name authentication system and method
CN106302475B (en) Family's Internet service authorization method and server
CN104660405A (en) Business equipment authentication method and equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant