METHOD, SYSTEM AND APPARATUS FOR PROTECTING SERVICE ACCOUNT

US 20080066190A1
Filed: 11/14/2007
Published: 03/13/2008
Est. Priority Date: 12/13/2005
Status: Active Grant

First Claim

Patent Images

1. A method for protecting a service account, comprising:

authenticating association information when a user logs on an application server with a service account through User Equipment (UE);

if the authentication succeeds, allowing the user to log on the application server;

otherwise, rejecting the user from logging on the application server;

wherein the association information is configured for the service account of the user in a Personal Communication Profile (PCP) of the user at a network side.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for protecting a service account includes: configuring association information for a service account of a user in a Personal Communication Profile (PCP) of the user at a network side; authenticating the association information when the user logs on an application server with the service account through User Equipment (UE); allowing the user to log on the application server if the authentication succeeds. Embodiments of the present invention also disclose systems, PCP storage apparatuses and application servers for protecting the service account. In embodiments of the present invention, besides protecting the service account by a static password, the user can implement an enhanced protection for the service account without receiving the dynamic password through a short message, which dramatically reduces the time delay for the user to log-on the application server. Further, the user needs not purchase the password card additionally. Therefore, the competitiveness of the application server is improved.

24 Citations

View as Search Results

25 Claims

1. A method for protecting a service account, comprising:
- authenticating association information when a user logs on an application server with a service account through User Equipment (UE);
  
  if the authentication succeeds, allowing the user to log on the application server;
  
  otherwise, rejecting the user from logging on the application server;
  
  wherein the association information is configured for the service account of the user in a Personal Communication Profile (PCP) of the user at a network side.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the configuring association information for the service account of the user in the PCP of the user at the network side comprises:
    - generating and storing, by the application server, the association information when the user registers the service account at the application server and sending the association information generated to a PCP storage apparatus; and
      
      storing, by the PCP storage apparatus, the association information in the PCP of the user.
  - 3. The method of claim 2, further comprising:
    - generating, by the application server, new association information, sending the new association information to the PCP storage apparatus, and requesting the PCP storage apparatus to update the association information;
      
      updating, by the PCP storage apparatus, the association information with the new association information;
      
      wherein the application server generates the new association information in any one of the following cases;
      
      after the application server allows the user to log on;
      
      after the user successfully logs on and the application server receives an update request from the user;
      
      after a timer for updating the association information expires;
      
      after a lifetime of the association information expires;
      
      after the user successfully logs on and the application server receives an update request from the user and a time interval between the time when the application server receives the update request and the time of last updating is longer than a minimum updating period.
  - 4. The method of claim 2, further comprising:
    - sending, by the PCP storage apparatus before storing the association information to the PCP of the user, a prompt message to the UE to prompt the user whether to associate the service account of the user with the PCP of the user;
      
      receiving, by PCP storage apparatus, an acknowledgement from the UE.
  - 5. The method of claim 2, further comprising:
    - sending, by the application server, a query message to the UE to query the user whether to associate the service account of the user with the PCP of the user;
      
      receiving, by the application server, an acknowledgement from the UE.
  - 6. The method of claim 1, wherein the authenticating the association information comprises:
    - sending, by the application server, a request to the PCP storage apparatus requesting for the association information for the service account;
      
      obtaining, by the PCP storage apparatus, the association information after receiving the request and returning the association information to the application server; and
      
      determining, by the application server, whether the association information received from the PCP storage apparatus is consistent with the association information stored in the application server.
  - 7. The method of claim 1, wherein the authenticating the association information comprises:
    - sending, by the application server after receiving a log-on request from the UE, the association information for the service account stored in application server to the PCP storage apparatus; and
      
      determining, by the PCP storage apparatus, whether the PCP of the user comprises association information consistent with the association information received from the application server to obtain an authentication result; and
      
      returning the authentication result to the application server.
  - 8. The method of claim 6, further comprising:
    - sending, by the PCP storage apparatus, PCP location information of the user to the UE;
      
      sending, by the UE, the PCP location information to the application server when logging on the application server with the service account; and
      
      interacting, by the application server, with the PCP storage apparatus according to the PCP location information of the user.
  - 9. The method of claim 2, further comprising:
    - sending, by the PCP storage apparatus, the association information in the PCP of the user to the UE;
      
      sending, by the UE, the association information to the application server when logging on the application server with the service account; and
      
      the authenticating the association information comprises;
      
      determining, by the application server, whether the association information received from the UE is consistent with the association information stored in the application server.
  - 10. The method of claim 9, further comprising:
    - sending, by the PCP storage apparatus, a synchronization request to the UE requesting to update the association information stored in the UE when the PCP storage apparatus updates the association information of the user;
      
      updating, by the UE, the association information stored in the UE after receiving the synchronization request.

11. A system for protecting a service account, comprising:
- User Equipment (UE), adapted for sending a log-on request of a user;
  
  an application server, adapted for interacting with the PCP storage apparatus or the UE based on the log-on request, authenticating association information in a Personal Communication Profile (PCP) of the user, and allowing the user to log on the application server if the authentication succeeds;
  
  a PCP storage apparatus, adapted for storing the PCP of the user;
  
  wherein the PCP contains association information for the service account of the user.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The system of claim 11, wherein the application server is further adapted for generating and storing the association information for the service account of the user after receiving a registration request, and sending the association information generated to the PCP storage apparatus;
    - and the PCP storage apparatus is further adapted for storing the association information received in the PCP of the user.
  - 13. The system of claim 12, wherein the UE is further adapted for sending the PCP location information received from the PCP storage apparatus to the application server through the log-on request;
    - the PCP storage apparatus is further adapted for sending PCP location information of the user to the UE, and sending the association information for the service account of the user to the application server in response to the request of the application server; and
      
      the application server is further adapted for sending a request to the PCP storage apparatus to request for the association information for the service account of the user according to the PCP location information in the log-on request, and determining whether the association information received from the PCP storage apparatus is consistent with the association information stored in the application server.
  - 14. The system of claim 13, wherein the application server is further adapted for deleting the association information stored in the application server or setting the association information stored in the application server as invalid after the authentication succeeds, generating new association information for the service account of the user, and sending the new association information to the PCP storage apparatus;
    - the PCP storage apparatus is further adapted for updating the association information stored in the PCP storage apparatus according to the new association information received from the application server.
  - 15. The system of claim 14, wherein the PCP storage apparatus is further adapted for sending the association information stored in the PCP storage apparatus to the UE;
    - the UE is further adapted for storing the association information received from the PCP storage apparatus, and carrying the association information in the log-on request;
      
      the application server is further adapted for determining whether the association information carried in log-on request is consistent with the association information stored in the application server, and returning a log-on success message or a log-on failure message to the UE.
  - 16. The system of claim 15, wherein the application server is further adapted for deleting the association information stored in the application server or setting the association information stored in the application server as invalid after the authentication succeeds, generating new association information for the service account of the user, and sending the new association information to the PCP storage apparatus and the UE;
    - the PCP storage apparatus is further adapted for updating the association information stored in the PCP storage apparatus according to the new association information received from the application server;
      
      the UE is further adapted for updating the association information stored in the UE according to the new association information received from the application server.
  - 17. The system of claim 15, wherein the application server is further adapted for delete the association information stored in the application server or setting the association information stored in the application server as invalid after returning the log-on success message to the UE, generating new association information for the service account of the user, and sending the new association information to the UE;
    - the UE is further adapted for updating the association information stored in the UE according to the new association information received from the application server, returning an update success message to the application server, and sending the new association information to the PCP storage server;
      
      the PCP storage apparatus is further adapted for updating the association information stored in the PCP storage apparatus according to the new association information received from the UE.
  - 18. The system of claim 11, wherein the PCP storage apparatus comprises any one of a PCP server, a UE file server and a UE database.

19. A system for protecting a service account of a user, comprising:
- User Equipment (UE), adapted for sending a log-on request of a user;
  
  an application server, adapted for sending association information and returning a log-on success message or log-on failure message to the UE;
  
  a PCP storage apparatus, adapted for authenticating the association information received from the application server and returning an authentication success message or an authentication failure message to the application server.
- View Dependent Claims (20, 21)
- - 20. The system of claim 19, wherein the application server is further adapted for generating and storing the association information after receiving a registration request from the UE, and sending the association information to the PCP storage apparatus;
    - and the PCP storage apparatus is further adapted for storing the association information received from the application server.
  - 21. The system of claim 20, wherein the application server is further adapted for deleting the association information stored in the application server or setting the association information as invalid after the authentication succeeds, generating new association information for the service account of the user, and sending the new association information to the PCP storage apparatus;
    - the PCP storage apparatus is further adapted for updating the association information stored in the PCP storage apparatus according to the new association information received from the application server, and returning an update success message to the application server.

22. An apparatus for storing a Personal Communication Profile (PCP) of a user, comprising:
- a PCP database, adapted for storing a PCP of a user and association information for a service account of the user;
  
  an authentication unit, adapted for receiving association information, determining whether the PCP database comprises association information consistent with the association information received; and
  
  returning an authentication success message or authentication failure message.
- View Dependent Claims (23)
- - 23. The apparatus of claim 22, wherein the PCP database is further adapted for updating the association information stored in the PCP database according to new association information received from the application server.

24. An application server for protecting a service account of a user, comprising:
- a log-on control unit and a communication unit;
  
  wherein the log-on control unit is adapted for receiving a log-on request through the communication unit;
  
  requesting association information based on PCP location information of the user contained in the log-on request, determining whether the association information received is consistent with the association information stored in the log-on control unit, sending a log-on success message or a log-on failure message through the communication unit.
- View Dependent Claims (25)
- - 25. The application server of claim 24, wherein the log-on control unit is further adapted for deleting the association information stored in the log-on control unit or setting the association information stored in the log-on control unit as invalid after the authentication succeeds, generating new association information for the service account of the user, and sending the new association information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
ZHONG, Jieping, SHU, Qi

Granted Patent

US 8,732,852 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/28
CPC Class Codes

G06F 21/31   User authentication

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

METHOD, SYSTEM AND APPARATUS FOR PROTECTING SERVICE ACCOUNT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD, SYSTEM AND APPARATUS FOR PROTECTING SERVICE ACCOUNT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links