CN101048972B - Method and system for user authentication in home network system - Google Patents

Method and system for user authentication in home network system Download PDF

Info

Publication number
CN101048972B
CN101048972B CN2005800371000A CN200580037100A CN101048972B CN 101048972 B CN101048972 B CN 101048972B CN 2005800371000 A CN2005800371000 A CN 2005800371000A CN 200580037100 A CN200580037100 A CN 200580037100A CN 101048972 B CN101048972 B CN 101048972B
Authority
CN
China
Prior art keywords
home
authentication information
user authentication
server
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2005800371000A
Other languages
Chinese (zh)
Other versions
CN101048972A (en
Inventor
韩钟旭
朴芝慧
李允京
朱洪一
金度佑
南泽龙
张宗洙
孙承源
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electronics and Telecommunications Research Institute ETRI
Original Assignee
Electronics and Telecommunications Research Institute ETRI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electronics and Telecommunications Research Institute ETRI filed Critical Electronics and Telecommunications Research Institute ETRI
Priority claimed from PCT/KR2005/003551 external-priority patent/WO2006046822A1/en
Publication of CN101048972A publication Critical patent/CN101048972A/en
Application granted granted Critical
Publication of CN101048972B publication Critical patent/CN101048972B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Abstract

A convenient user authentication mechanism for receiving safe home services from an indoor or outside the home network system is provided. Also provided are a user authentication method to enable an indoor user to control home devices, a user authentication method allowing an indoor a user to use a service provided by a home network provider server, and a user authentication method allowing an outside the home user to control home devices. In a process for user authentication, a mapping function and an authentication proxy function are provided by a home server for user's convenience. Also, the user authentication method allows a user to select a variety of desired authentication means, such as ID/password, certificate, and biometric information.

Description

Be used for carrying out the method and system of user rs authentication at domestic network system
Technical field
The present invention relates to be used for carrying out the method and system of user rs authentication at domestic network system, and more specifically, relate to such method and system that in domestic network system, carries out user rs authentication, utilize this method and system, those users that only register in home server can use this domestic network system, and provide various checking means for user convenience.
Background technology
In conventional home network system, home server provides information service, and need not user rs authentication.And all user authentication information items of registering in the service that family's network provider server is provided should be held by the user.
Summary of the invention
Technical problem
Therefore, exist except the kinsfolk other people can use the problem of this domestic network system.
And this has reduced user's convenience.That is to say, since the user that in the service that family's network provider server is provided, registers do not know home network requests any bar information as user authentication information, so only when the user held ID and/or password and certificate on hand, the user could use this home network service.
Utilizing the user rs authentication of biologicall test (biometric) information therebetween, is easily for the user.Yet, when the biometric information of registered user in family's network provider server and this biometric information of home network provider server by utilizing are carried out user rs authentication, this biometric information may leak, and perhaps others may steal this biometric information.
Technical scheme
The invention provides a kind of user authentication method and system, wherein consider user's characteristic and convenience, make that any member in the house can utilize various checking means to receive the user rs authentication service easily.According to this method and system, though when the desired checking means of the checking means of user expectation and home network provider server not simultaneously, also can carry out user rs authentication by the user authentication information mapping function by the checking means of user expectation.
Advantageous effects
The present invention relates to a kind of method and system that is used for carrying out user rs authentication at domestic network system.Above-mentioned being used for has following effect at domestic network system checking user's method and system.
At first, by various checking means are provided, any member who is used in domestic network system checking user's method and system permission house according to the present invention uses the user rs authentication service of domestic network system easily.
Secondly, be used in domestic network system checking user's method and system according to of the present invention, because user authentication information is stored in the safe home server, even so when the desired user authentication means of user and home network provider server not simultaneously, also can utilize the user authentication means of user expectation to carry out checking, and be provided for they are mapped to the function of the desired checking means of home network provider server.
The 3rd, can prevent effectively that at domestic network system checking user's method and system unauthorized user from using this domestic network system according to of the present invention being used for.
Optimal mode
According to an aspect of the present invention, provide a kind of when the expectation of family client user is used outdoor home network service by home network provider server and the home server of having stored a plurality of user authentication information items in advance, by the verification method of this outdoor home network provider this home client user of server authentication.This method comprises: receive the checking grouping that comprises user authentication information from this home client after, this home server is verified this home client with this user authentication information; If be proved to be successful, then home server will verify that the user authentication information that comprises in the grouping is mapped to the set user authentication information of this home network provider server; This home server will comprise that the checking grouping of the user authentication information of mapping is sent to this home network provider server; And this home network provider server is made comparisons with the corresponding informance in the authentication information items of storing in advance by the user authentication information of mapping included in the checking grouping that will be received, and verifies this home client user.
According to a further aspect in the invention, provide a kind of when the expectation of outdoor home client user is used indoor home network service by home network provider server and the home server of having stored a plurality of user authentication information items in advance, use biometric information to verify the verification method of this outdoor home client user by this home network provider server, this method comprises: after outdoor home client receives the checking grouping that comprises the user authentication information that is formed by this biometric information from this, this home network provider server will be sent to home server from the checking grouping that this outdoor home client receives; This home server is by user authentication information that relatively comprises in the checking grouping that is received and the user authentication information of storing in advance, and this outdoor home client of checking; If with being proved to be successful of this outdoor home client, then the checking result that this home server will this outdoor home client is sent to this home network provider server.
According to a further aspect in the invention, provide a kind of verification method by the home server checking home client user of storing user authentication information in advance, this method comprises: this home client transmits the checking grouping that comprises user authentication information; Make comparisons with the user authentication information of storage in advance by user authentication information included in the checking grouping that will be received with this home server, and verify this home client user.
According to a further aspect in the invention, subscriber authentication system in a kind of domestic network system is provided, has comprised: when expectation during, verify the user's of this home client unit by user authentication information by being placed on indoor home server by home client control home devices; When in the front yard client computer is in expectation, using the service that home network provider server provided, verify the user of this home client by user authentication information and verify the user's of this home client unit by home network provider server by the user authentication information that home server shone upon by home server; With control in being desirably in outdoor home client during home devices, verify the user of this outdoor home client by user authentication information and by the unit of home network provider server by the user of this outdoor home client of checking result verification of this home server by home server.
According to a further aspect in the invention, provide a kind of computer readable recording medium storing program for performing, included the computer program that is used for carrying out in the user authentication method of domestic network system on it.
Description of drawings
Fig. 1 illustrates according to the domestic network system of the embodiment of the invention and user authentication method thereof;
Fig. 2 is used for utilizing various user authentication information items to shine upon the concept map of the processing of user authentication information at the home server that user authentication feature is provided according to of the present invention;
Fig. 3 is the reduced graph that utilizes the structure of the grouping that various user authentication means provide user authentication feature according to of the present invention;
Fig. 4 be according to the embodiment of the invention when the home client of Fig. 1 is used indoor home network system service, the flow chart of the method for checking home client user;
Fig. 5 is when using outdoor home network system service according to the home client as Fig. 1 of the embodiment of the invention, the flow chart of the method for checking home client user;
Fig. 6 is when using indoor home network system service according to the outdoor home client as Fig. 1 of the embodiment of the invention, the flow chart of the method for the outdoor home client user of checking; With
Fig. 7 is when using indoor home network system service according to the outdoor home client as Fig. 1 of the embodiment of the invention, the flow chart of the method for the outdoor home client user of checking.
Embodiment
Referring now to the accompanying drawing that wherein shows example embodiment of the present invention the present invention is described more fully.
Fig. 1 illustrates according to the domestic network system of the embodiment of the invention and user authentication method thereof.With reference to figure 1, this domestic network system comprises home server 100, home client 110, home devices 120, home network provider server 130, outdoor home client 140 and user authentication unit 112 and 142.Home server 100 is responsible for device checking, user rs authentication and home devices control and service.
Home client 110 request control home devices 120 or from the indoor service of inside, house, or the service that provides by home network provider server 130 is provided.130 pairs of outdoor home devices of home network provider server and this home server 100 are carried out checking, and home client 110 or outdoor home client 140 are carried out user rs authentication, and various services are provided.
Outdoor home client 140 requests are controlled home devices 120 and indoor service by home server 100, or the service that is provided by home network provider server 130 is provided.
User authentication unit 112 links to each other with home client 110, and user authentication unit 142 links to each other with outdoor home client 140.In the user authentication unit 112 and 142 each can be the storage device of Store Credentials or the biometric sensor that reads biometric information.
Registration home devices 120 and home client 110 in home server 100.And, when the registered user, the checking means that checking will be used during the user should be stored in the home server 100, and the authorization information except biometric information is sent to home network provider server 130, so that the interlocking of user authentication information.Home devices 120 links to each other with home server 100, and home server 100 links to each other with home network provider server 130.
In order to use domestic network system, should carry out the device authentication process between home server 100 and the home network provider server 130.Device authentication process S100 is the mutual authentication processing by using the method for Transport Layer Security (TLS) for example to carry out between home server 100 and home network provider server 130.Should continue to keep the secure tunnel (tunnel) when carrying out checking, set up, make when verifying the user, can continue to use this secure tunnel.
After the device authentication process S100 that completes successfully between home server 100 and the home network provider server 130, carry out user authentication process.User authentication process can be broken down into checking treatment S 110, the checking treatment S 120 when indoor user is used outdoor home network system service and the checking treatment S 130 when outdoor domestic consumer uses indoor home network system service when indoor user is used indoor home network system service.
Checking treatment S 110 when indoor user is used indoor home network system service is such processing, wherein in order to control home devices 120, by home server 100 these home client 110 of checking.This will explain in the user authentication method of the Fig. 4 when indoor user is used indoor home network system service in more detail.As user authentication method, can select and use the various checking means of user expectation, for example ID and/or password, certificate and biometric information.Can use the various user authentication methods of for example utilizing ID and/or password, certificate and using the verification method of biometric information.Yet, the invention is not restricted to this.
Checking treatment S 120 when indoor user is used outdoor home network system service is such processing, the wherein service in order to use home network provider server 130 to provide is verified these home client 110 by home network provider server 130 by home server 100.This will explain in more detail with reference to figure 5.As user rs authentication, there is the method for the method of using ID and/or password, the method for using certificate, use biometric information etc.Can make ins all sorts of ways is used for user rs authentication, although and embodiments of the invention show the example of the verification method that utilizes ID and/or password, certificate and biometric information, user authentication method is not limited thereto.
Checking treatment S 130 when outdoor domestic consumer uses indoor home network system service is such processing, wherein in order to control home devices 120, by home network provider server 130 these home client 140 of checking, and this will explain in more detail with reference to figure 6 and 7.As user authentication method, there is the verification method of the verification method that uses ID and/or password, the verification method that uses certificate, use biometric information etc.Here, can make and in all sorts of ways as user authentication method, although and embodiments of the invention show the verification method of the verification method that utilizes ID and/or password, certificate of utility and utilize the example of the verification method of biometric information, but user authentication method is not limited to these methods, and can make in all sorts of ways and be used for user rs authentication.
Fig. 2 is used for utilizing various user authentication information items to shine upon the concept map of the processing of user authentication information at the home server that user authentication feature is provided according to of the present invention.It is the processing that home server 100 solves following difference problem that this mapping is handled, promptly in order to verify client computer 110 or 120 and user authentication means that expectation is used by home client 110 or outdoor home client 140 is different with needed checking means when verifying the user in family's network provider server 130.That is to say that for user's facility, this processing allows the user to use appropriate users checking means.
Before user authentication process, the user is the various personal user's authentication information items of registration in home server in advance.Here, user authentication means can be formed by ID and/or password, certificate and biometric information.In addition, can in user authentication means, comprise for example any checking means of RFID.
When the user wants to use home network service by the user authentication means 200 of utilizing ID for example and/or password, certificate, biometric information and RFID, in home server 100, verify the user, if and be proved to be successful, then home server 100 is carried out the authorization information mapping by the authorization information database that utilizes the user and is handled 201.Then, home server 100 transmits mapping result, as home network provider server 130 needed checking means.Therebetween, if the failure of the user rs authentication in home server 100 does not then carry out mapping and handle 201, and this user authentication process no longer continues.
Fig. 3 is the reduced graph that utilizes the structure of the grouping that various user authentication information items provide user authentication feature according to of the present invention.With reference to figure 3, in order to form by header unit 300 and data cell 301 by the checking grouping that utilizes various checking means checking home client 110 or outdoor home client 140 to transmit and receive.Header unit 300 comprises the type information and the required various items of information of user rs authentication of user authentication unit.Data cell 301 comprises user authentication information.Can in the user authentication process of utilizing Any user checking means, adopt this checking packet configuration.
Fig. 4 is when using indoor home network system service according to the home client 110 as Fig. 1 of the embodiment of the invention, the flow chart of the method for checking home client user.Here, when family's client computer 110 was used indoor home network system service, this home client user authentication method was assented the verification method that expectation is used at family allowable.For the user rs authentication of safety, set up secure tunnel, and transmit and receive user rs authentication via tunnel authentication protocol by this tunnel and divide into groups.Use this tunnel authentication protocol between home client 110 and home server 100, to set up secure tunnel, so that transmit the required grouping of user rs authentication by this tunnel.
With reference to figure 4, at first,, between home client 110 and home server 100, set up secure tunnel at operation S401.
Then, home client 110 is by transmitting the required user authentication information of user rs authentication at operation secure tunnel that S401 set up, and home server 100 uses the user authentication information that is transmitted that home client 110 is carried out user rs authentications at operation S402.
Here, in home server 100, register home devices 120 and home client 110 in advance.And, in home server 100, store the user authentication information that when the checking user, will use in advance.Compare by the user authentication information that will store in advance with at the operation user authentication information item that S402 transmitted, home server 100 is carried out home client user authentication.
If as definite result of operation S402, in 100 good authentications of operation S403 home server home client user, then at operation S404, home server 100 is carried out the control for home devices 120 that home client 110 are asked.Then, at operation S405, home server 100 is notified this success user rs authentication to home client 110.
Therebetween, if as definite result of operation S402, the user rs authentication failure of home server 100, then at operation S407, home server 100 is notified this user rs authentication failure to home client 110.In this case, the control that does not provide home client 110 to be asked for home devices 120.
Fig. 5 is when using outdoor home network system service according to the home client as Fig. 1 of the embodiment of the invention, the flow chart of the method for checking home client user.Here, the user's of checking home client 110 method allows the user to select the verification method of expecting when family's client computer 110 is used outdoor home network system service.And, for the user rs authentication of safety, between home client 110 and home server 100, use tunnel authentication protocol.
The secure tunnel of being set up when verifying by final controlling element between home server 100 and home network provider server 130 transmits and receives the required checking grouping of user rs authentication, verifies the home client 110 between home server 100 and home network provider server 130.
With reference to figure 5, at first,, between home client 110 and home server 100, set up secure tunnel at operation S501.
Then, home client 110 is by transmitting the required user authentication information of user rs authentication at operation secure tunnel that S501 set up, and home server 100 uses the user authentication information that is transmitted that home client 110 is carried out user rs authentications at operation S502.
Here, in home server 100, register home client 110 in advance.And, when carrying out registration, the user authentication information that will use when the user is verified in storage in home server 100 in advance.Compare by the user authentication information that will store in advance with at the operation user authentication information item that S502 transmitted, home server 100 is carried out home client user authentication.
If the user rs authentication success among the operation S502, then at operation S503, home server 100 is carried out the user authentication information mapping function by utilize the user authentication information of storing in advance in home server 100.
After operation S503, user authentication information is converted to corresponding to home network provider server 130 needed user authentication means, and, carries out user rs authentication with home network provider server 130 at operation S504.At this moment, in the user rs authentication between home server 100 and home network provider server 130, transmit and receive the 3 described checking groupings that comprise the user authentication information item with reference to figure by secure tunnel.
As the result who carries out user rs authentication at operation S504, if in server 130 good authentications of operation S505 home network provider home client user, then at operation S506, home network provider server 130 is notified this user rs authentication success to home server 100.Then, at operation S507, home server 100 is notified this user rs authentication success to home client 110.In this case, from now on, the service that home client 110 becomes and can use home network provider server 130 to be provided.
Therebetween, as the result who carries out user rs authentication at operation S504, if fail to verify the user of home client 110 at operation S508 home network provider server 130, then at operation S509, home network provider server 130 is notified this user rs authentication failure to home server 100.Then, at operation S510, home server is notified this user rs authentication failure to home client 110.In this case, home client 110 can not be used the service that home network provider server 130 is provided.
Therebetween, if in operation S502, user rs authentication is in operation S511 failure, then home server 100 is notified this user rs authentication failure at operation S512 to home client 110.Here, home client 110 can not be used the service that home network provider server 130 is provided.
Fig. 6 is when using indoor home network system service according to the outdoor home client as Fig. 1 of the embodiment of the invention, the flow chart of the method for the outdoor home client user of checking.Here, when controlling home devices 120 by outdoor home client 140, expectation verifies that the user's of outdoor home client 140 method allows the user to select the verification method of expecting.In order to carry out safe outdoor home client user authentication, between outdoor home client 140 and home network provider server 130, use tunnel authentication protocol.When home devices 120 are controlled in outdoor home client 140 requests, can utilize biometric information or other checkings (for example, ID and/or password, a certificate etc.) to carry out user rs authentication.
These two kinds of verification methods are different.To explain the checking processing when user expectation is used the checking item that is different from biometric information now, and will handle with reference to the checking of figure 7 explanations when user expectation is used biometric information after a while.
With reference to figure 6, at first, when outdoor home client 140 is wanted to control home devices 120,, set up the secure tunnel between outdoor home client 140 and the home network provider server 130, so that carry out indentification protocol via the tunnel at operation S601.Next, by the secure tunnel of being set up among the operation S601,, carry out the outdoor home client user authentication between outdoor home client 140 and the home network provider server 130 at operation S602.Here, in family's network provider server 130, register this outdoor home client 140 in advance.And, when carrying out registration, in family's network provider server 130, store the user authentication information that when the checking user, will use in advance.Compare by the user authentication information that will store in advance and the user authentication information item that is transmitted in operation S602, home network provider server 130 is carried out outdoor home client user authentication.
As the result who carries out outdoor home client user authentication at operation S602, if user rs authentication success in operation S602, then in operation S604, by the secure tunnel of being set up when the device between check home network provider's server 130 and the home server 100 is verified, the user ID information after home network provider server 130 will be verified is sent to home server 100.In this case, the home devices 120 that home client 140 is asked outside home server 100 control rooms.Then, at operation S605, home network provider server 130 is proved to be successful to outdoor home client 140 notices.
Therebetween, as the result who carries out outdoor home client user authentication at operation S602, if user rs authentication failure in operation S606, then at operation S607, described outdoor home client user authentication process finishes, and home network provider server 130 is to outdoor home client 140 notice authentication faileds.In this case, outdoor home client 140 can not ask to control home devices 120.
Fig. 7 is when using indoor home network system service according to the outdoor home client 140 as Fig. 1 of the embodiment of the invention, the flow chart of the method for the outdoor home client user of checking.Here, when controlling home devices 120 by outdoor home client 140, expectation verifies that the user's of outdoor home client 140 method also allows the user to select the verification method of expecting.In order to carry out safe user rs authentication, between outdoor home client 140 and home network provider server 130, use indentification protocol via the tunnel.Here, when controlling home devices 120 by outdoor home client 140, expectation verifies that the user's of outdoor home client 140 method also allows the user to select the verification method of expecting.In order to carry out safe user rs authentication, between outdoor home client 140 and home network provider server 130, use and carrying out standardized tunnel authentication protocol.
With reference to figure 7, at first, when outdoor home client 140 asks control home devices 120 and expectation that biometric information is used to verify, at operation S701, set up the secure tunnel between outdoor home client 140 and the home network provider server 130, so that carry out indentification protocol via the tunnel.
Next, the secure tunnel of being set up among the S701 by operation at operation S702, is sent to home network provider server 130 safely with the user's of outdoor home client 140 biometric information.Next, at operation S703, by the secure tunnel of when final controlling element between home server 100 and home network provider server 130 is verified, being set up, home network provider server 130 will operation user biometrics information security that S702 received be sent to home server 100.
Then, by utilizing in the operation user biometrics information that S703 received, home server 100 is by the outdoor home client 140 of proxy authentication, if and in operation S704 being proved to be successful of this outdoor home client 140, then in operating S705, the user rs authentication success message is sent to home network provider server 130 by the secure tunnel between home network provider server 130 and the home server 100.If receive this user rs authentication success message, then home network provider server 130 is sent to outdoor home client 140 with this user rs authentication success message in operation S706.
Therebetween, if in operation S707, utilize the authentication failed of the user's who in operation S703, receives the outdoor home client 140 that biometric information carried out, then in operation S708, home server 100 is notified this authentication failed to home network provider server 130.Then, in operation S709, home network provider server 130 is notified this authentication failed to outdoor home client 140.In this case, because the failure of outdoor home client user authentication process, so outdoor home client 140 can not ask to control home devices 120.
The present invention also can be embodied as the computer-readable code on the computer readable recording medium storing program for performing.Computer readable recording medium storing program for performing is that can store thereafter can be by any data storage device of the data of computer system reads.The example of computer readable recording medium storing program for performing comprises read-only memory (ROM), random-access memory (ram), CD-ROM, tape, floppy disk, optical data storage device and the carrier wave transfer of data of internet (for example by).Computer readable recording medium storing program for performing also can by with the distribution of the computer system of network-coupled, thereby with distribution mode storage and computer readable code executed.
Although specifically illustrate and described the present invention with reference to its example embodiment, it will be understood by those skilled in the art that and can carry out the various changes of form and details here, and the spirit and scope of the present invention that do not break away from claims and limited.Preferred embodiment should only be considered to describing significance, and unrestricted purpose.So scope of the present invention be can't help detailed description of the present invention and is limited, and is defined by the following claims, and all difference in this scope should be interpreted as comprising in the present invention.
Industrial applicibility
The present invention relates to for the method and system that carries out user rs authentication at domestic network system.

Claims (20)

  1. One kind when the expectation of family client user is used outdoor home network service by home network provider server and the home server of having stored a plurality of user authentication information items in advance, by the verification method of this home network provider this home client user of server authentication, this method comprises:
    Receive the checking grouping that comprises user authentication information from this home client after, this home server is verified this home client with this user authentication information;
    If be proved to be successful, then home server will verify that the user authentication information that comprises in the grouping is mapped to the set user authentication information of this home network provider server;
    This home server will comprise that the checking grouping of the user authentication information of mapping is sent to this home network provider server; And
    This home network provider server is made comparisons with the corresponding informance in the authentication information items of storing in advance by the user authentication information of mapping included in the checking grouping that will be received, and verifies this home client user.
  2. 2. the method for claim 1, this user authentication information of wherein said usefulness verifies that the step of this home client comprises:
    Between this home client and this home server, set up secure tunnel;
    This home client transmits the checking grouping that comprises user authentication information by this secure tunnel; With
    This home server is made comparisons with the corresponding authorization information in the user authentication information item that is stored in advance in the home server by included user authentication information in the checking grouping that will be received, and verifies this home client user.
  3. 3. the method for claim 1, wherein the user authentication information that will comprise in will verifying grouping is mapped in the step of the set user authentication information of this home network provider server, the user authentication information that this home server is provided for comprising in this checking grouping is mapped to the function of the set user authentication information of this home network provider server, makes this home network provider any verification tool of server by utilizing verify this home client user.
  4. 4. the method for claim 1, wherein said a plurality of user authentication information item that is stored in advance in the home server comprises at least one in sign and/or password authentification information, certification authentication information, Radio Frequency ID (RFID) authorization information and the biometric information authorization information, and described a plurality of user authentication information item that is stored in advance in the home network provider server comprises in ID and/or password authentification information, certification authentication information and the RFID authorization information at least one.
  5. 5. method as claimed in claim 4, wherein when this home network provider set user authentication information of server is ID and/or password authentification information, be mapped to this ID and/or password authentification information by the user authentication information that will from the checking grouping that home client receives, comprise, and obtain this user authentication information.
  6. 6. method as claimed in claim 4, wherein when this home network provider set user authentication information of server is certificate information, be mapped to this certificate information by the user authentication information that will from the checking grouping that home client receives, comprise, and obtain this user authentication information.
  7. 7. method as claimed in claim 4, wherein when this home network provider set user authentication information of server is RFID information, be mapped to this RFID information by the user authentication information that will from the checking grouping that home client receives, comprise, and obtain this user authentication information.
  8. 8. the method for claim 1, wherein in the step that transmits this checking grouping to this home network provider server, the secure tunnel of this home server by when execution is verified with the device of this home network provider server, being set up, and will comprise that the checking grouping of the user authentication information of being shone upon is sent to this home network provider server.
  9. 9. the method for claim 1, wherein this checking grouping comprises:
    Header unit comprises user authentication means; With
    Data cell comprises this user authentication information.
  10. 10. method as claimed in claim 9, wherein this data cell comprises at least one in the user authentication information item.
  11. 11. one kind when the expectation of outdoor home client user is used indoor home network service by home network provider server and the home server of having stored a plurality of user authentication information items in advance, verify the verification method of this outdoor home client user by this home network provider server use biometric information, this method comprises:
    After outdoor home client receives the checking grouping that comprises the user authentication information that is formed by this biometric information from this, this home network provider server will be sent to home server from the checking grouping that this outdoor home client receives;
    This home server is by user authentication information that relatively comprises in the checking grouping that is received and the user authentication information of storing in advance, and this outdoor home client of checking; With
    If being proved to be successful of this outdoor home client, then the checking result that this home server will this outdoor home client is sent to this home network provider server.
  12. 12. method as claimed in claim 11 wherein transmits the step of verifying grouping by this home network provider server and comprises:
    Between this outdoor home client and this home network provider server, set up secure tunnel;
    This outdoor home client transmits the checking grouping that comprises the user authentication information that is formed by this biometric information by this secure tunnel; With
    After receiving this checking grouping, this home network provider is sent to this home server with received checking grouping.
  13. 13. method as claimed in claim 11, wherein said a plurality of user authentication information item that is stored in advance in the home server comprises at least one in ID and/or password authentification information, certification authentication information, RFID authorization information and the biometric information authorization information, and described a plurality of user authentication information item that is stored in advance in the home network provider server comprises in ID and/or password authentification information, certification authentication information and the RFID authorization information at least one.
  14. 14. method as claimed in claim 11, wherein in the checking result's who transmits step from this outdoor home client to this home network provider server, the secure tunnel of this home server by between this home network provider server and this home server, being set up, and checking result that will this outdoor home client is sent to this home network provider server.
  15. 15. method as claimed in claim 11, wherein this checking grouping comprises:
    Header unit comprises user authentication means; With
    Data cell comprises this user authentication information.
  16. 16. method as claimed in claim 15, wherein this data cell comprises at least one in the user authentication information item.
  17. 17. one kind when the expectation of family client user is used outdoor home network service by home network provider server and the home server of having stored a plurality of user authentication information items in advance, by the verification system of this home network provider this home client user of server authentication, this system comprises:
    Receive the checking grouping that comprises user authentication information from this home client after, make enough this user authentication information of this home server energy verify the unit of this home client;
    When being proved to be successful, make home server the user authentication information that comprises in this checking grouping can be mapped to the unit of the set user authentication information of this home network provider server;
    Make this home server the checking grouping that comprises the user authentication information of mapping can be sent to the unit of this home network provider server; And
    This home network provider server can be made comparisons with the corresponding informance in the authentication information items of storing in advance by the user authentication information of mapping included in the checking grouping that will be received, and verify the unit of this home client user.
  18. 18. verification system as claimed in claim 17, wherein said a plurality of user authentication information item that is stored in advance in the home server comprises at least one in ID and/or password authentification information, certification authentication information, RFID authorization information and the biometric information authorization information, and described a plurality of user authentication information item that is stored in advance in the home network provider server comprises in ID and/or password authentification information, certification authentication information and the RFID authorization information at least one.
  19. 19. one kind when the expectation of outdoor home client user is used indoor home network service by home network provider server and the home server of having stored a plurality of user authentication information items in advance, verify the verification system of this outdoor home client user by this home network provider server use biometric information, this system comprises:
    After outdoor home client receives the checking grouping that comprises the user authentication information that is formed by this biometric information from this, make this home network provider server the checking grouping that receives from this outdoor home client can be sent to the unit of home server;
    Make this home server can be, and verify the unit of this outdoor home client by user authentication information that relatively in the checking grouping that is received, comprises and the user authentication information of storing in advance; With
    When being proved to be successful of this outdoor home client, make this home server the checking result of this outdoor home client can be sent to the unit of this home network provider server.
  20. 20. verification system as claimed in claim 19, wherein said a plurality of user authentication information item that is stored in advance in the home server comprises at least one in ID and/or password authentification information, certification authentication information, RFID authorization information and the biometric information authorization information, and described a plurality of user authentication information item that is stored in advance in the home network provider server comprises in ID and/or password authentification information, certification authentication information and the RFID authorization information at least one.
CN2005800371000A 2004-10-29 2005-10-25 Method and system for user authentication in home network system Expired - Fee Related CN101048972B (en)

Applications Claiming Priority (7)

Application Number Priority Date Filing Date Title
KR20040086988 2004-10-29
KR10-2004-0086988 2004-10-29
KR1020040086988 2004-10-29
KR1020050065711A KR100714100B1 (en) 2004-10-29 2005-07-20 Method and system for user authentication in home network system
KR10-2005-0065711 2005-07-20
KR1020050065711 2005-07-20
PCT/KR2005/003551 WO2006046822A1 (en) 2004-10-29 2005-10-25 Method and system for user authentication in home network system

Publications (2)

Publication Number Publication Date
CN101048972A CN101048972A (en) 2007-10-03
CN101048972B true CN101048972B (en) 2010-08-25

Family

ID=37150758

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2005800371000A Expired - Fee Related CN101048972B (en) 2004-10-29 2005-10-25 Method and system for user authentication in home network system

Country Status (2)

Country Link
KR (1) KR100714100B1 (en)
CN (1) CN101048972B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007280221A (en) * 2006-04-10 2007-10-25 Fujitsu Ltd Authentication network system
KR100853183B1 (en) * 2006-09-29 2008-08-20 한국전자통신연구원 Method and system for providing secure home service in the UPnP AV network
KR100842267B1 (en) * 2006-12-01 2008-06-30 한국전자통신연구원 Server, Client and Method for integrated user authentication in a system of multi-authentication means
WO2009155812A1 (en) * 2008-06-23 2009-12-30 华为技术有限公司 Terminal access method, access management method, network equipment and communication system
US20110122810A1 (en) * 2009-11-25 2011-05-26 T-Mobile Usa, Inc. Router-Based Home Network Synchronization
KR101638582B1 (en) * 2009-12-21 2016-07-12 한국전자통신연구원 Device control apparatus based on position information
WO2017086556A1 (en) * 2015-11-20 2017-05-26 (주)엔에스비욘드 Secure tunnel-based authentication method and device
KR20180002121A (en) * 2016-06-28 2018-01-08 중앙대학교 산학협력단 Method for controlling connection of server using user weight information and Server in accordance with the method
KR102344930B1 (en) * 2017-09-26 2021-12-30 주식회사 엘지유플러스 Certification processing system without user identity module and method thereof

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6275941B1 (en) * 1997-03-28 2001-08-14 Hiatchi, Ltd. Security management method for network system
CN1390014A (en) * 2001-05-31 2003-01-08 阿尔卡塔尔公司 Subscriber checking service in multi-media network
US6510212B2 (en) * 2001-03-19 2003-01-21 Hitachi, Ltd. Remote operating system
US6658394B1 (en) * 2000-08-08 2003-12-02 Squaretrade, Inc. Electronic seals

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001312468A (en) * 2000-04-28 2001-11-09 Konami Co Ltd Network connection control method and connection control system
JP2004096615A (en) 2002-09-03 2004-03-25 Matsushita Electric Ind Co Ltd Household electrical appliance control method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6275941B1 (en) * 1997-03-28 2001-08-14 Hiatchi, Ltd. Security management method for network system
US6658394B1 (en) * 2000-08-08 2003-12-02 Squaretrade, Inc. Electronic seals
US6510212B2 (en) * 2001-03-19 2003-01-21 Hitachi, Ltd. Remote operating system
CN1390014A (en) * 2001-05-31 2003-01-08 阿尔卡塔尔公司 Subscriber checking service in multi-media network

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
同上.
翁亮等.虚拟专用网络技术.通信技术 1999年第4期.1999,(1999年第4期),第43页.
翁亮等.虚拟专用网络技术.通信技术 1999年第4期.1999,(1999年第4期),第43页. *

Also Published As

Publication number Publication date
CN101048972A (en) 2007-10-03
KR20060053934A (en) 2006-05-22
KR100714100B1 (en) 2007-05-02

Similar Documents

Publication Publication Date Title
CN101048972B (en) Method and system for user authentication in home network system
EP2888855B1 (en) Systems and methods for lock access management using wireless signals
TW595184B (en) Wide area network, access authentication system using the network, connection device for bridging, terminal equipment in connection with connector and access authentication method
US9451454B2 (en) Mobile device identification for secure device access
WO2019191214A1 (en) Digital credentials for primary factor authentication
US9323915B2 (en) Extended security for wireless device handset authentication
US9459604B2 (en) Methods and system for joining a smart energy device to a zigbee network
JP4235102B2 (en) Authentication method between portable article for telecommunication and public access terminal
US8726360B2 (en) Telecommunication method, computer program product and computer system
US20130340093A1 (en) System for Managing Computer Data Security Through Portable Data Access Security Tokens
JP2010114869A (en) Access control system and method based on hierarchical key
CN105164689A (en) User authentication
CN108496380A (en) server, mobile terminal and program
CN102811228A (en) Network business login method, equipment and system
CN102272769A (en) Service access control
WO2019191215A1 (en) Digital credentials for secondary factor authentication
CN101554029B (en) Methods and device for associating first device with second device
CN114499999B (en) Identity authentication method, device, platform, vehicle, equipment and medium
JP5772674B2 (en) Wireless relay system with personal authentication function
US20180060558A1 (en) Method of authenticating a user at a security device
KR20190011595A (en) Authentication method and apparatus for sharing login ID
JP5553914B1 (en) Authentication system, authentication device, and authentication method
WO2006046822A1 (en) Method and system for user authentication in home network system
CN106713222A (en) Access authentication method of wireless local area network, server and authentication system
US11849326B2 (en) Authentication of a user of a software application

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100825

Termination date: 20111025