+

WO2011077305A1 - Procédés et appareils permettant de fournir un contenu à des terminaux utilisateurs - Google Patents

Procédés et appareils permettant de fournir un contenu à des terminaux utilisateurs Download PDF

Info

Publication number
WO2011077305A1
WO2011077305A1 PCT/IB2010/055655 IB2010055655W WO2011077305A1 WO 2011077305 A1 WO2011077305 A1 WO 2011077305A1 IB 2010055655 W IB2010055655 W IB 2010055655W WO 2011077305 A1 WO2011077305 A1 WO 2011077305A1
Authority
WO
WIPO (PCT)
Prior art keywords
user terminal
content
access server
content access
server
Prior art date
Application number
PCT/IB2010/055655
Other languages
English (en)
Inventor
Jin Qu
Mo Li
Dan Jiang
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Publication of WO2011077305A1 publication Critical patent/WO2011077305A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data

Definitions

  • the present invention relates to methods and apparatuses for providing content for user terminals.
  • an internet TV 110 is a TV with internet connection capability, which is connected to a content access server (also referred as "a service/content portal") 120 through the Internet 130.
  • the content access server 120 provides access points for user terminals to access content, such as digital media content and services, provided by content providers (CP) 140.
  • CP content providers
  • users can enjoy rich content from a variety of content providers 140, like Tudou, Youtube, Yahoo, Sina, etc.
  • the content includes video, weather forecast, stock information, email, etc.
  • the user terminal 110 should register on the content access server 120.
  • the content access server 120 not only provides the user terminal 110 with the function of content access, but also some functions like device management, user management, account management etc.
  • a user terminal registers on one content access server.
  • the content access server may only provide a limited amount of content access points for user terminals to access content provided by some content providers.
  • the content provided by these content providers is regarded as the content provided by the content access server.
  • Some other content provided by other content access servers may attract a user using the user terminal.
  • the user terminal has the potential demands on accessing the content provided by other content access servers.
  • a first problem to be solved is how this terminal can access content provided by a second access server.
  • Another problem associated with the presence of many content access servers is how to efficiently provide access to multiple other content access servers for a user terminal registered on one content access server.
  • the present invention proposes a technical solution for providing content provided by a second content access server for a user terminal registered on a first content access server.
  • a proxy server which is an independent trusted third party to the first and the second content access server, is involved to provide a common interoperability interface for multiple content access servers.
  • the proxy server plays the role of an identity authenticating the user terminals, thus providing a trust bridge between content access servers by authenticating the user terminals registered on one content access server to other content access servers.
  • a trust bridge between content access servers by authenticating the user terminals registered on one content access server to other content access servers.
  • a user terminal registered on one content access server can be trusted by other content access servers.
  • the user terminal can be trusted without disclosing detail information; therefore, this user terminal's content access server does not need to be concerned that its registered user terminal could be embraced by other content access servers.
  • a method of determining whether a user terminal requesting to access content provided by a second content access server is registered on a first content access server comprising: receiving a first authentication request message from the second content access server, the first authentication request seeking to check whether the user terminal requesting the content provided by the second content access server is registered on a first content access server; determining whether the user terminal is registered on the first content access server, based on the user terminal's information obtained from the first content access server; and sending a first authentication response message to the second content access server, the first authentication response indicating whether the user terminal is registered on the first content access server.
  • determining whether to issue the license to the user terminal based on the user terminal's information obtained from the first content access server; generating the license including at least part of the user terminal's information and a digital signature of the proxy server if the license is determined to be issued; and sending a first response message including the license to the user terminal.
  • a method of accessing content provided by a second content access server in a user terminal registered on a first content access server comprising: sending a first request message requesting to obtain a license for accessing the content provided by the second content access server to a proxy server; and receiving a first response message including the license for accessing the content provided by the second content access server from the proxy server, the license including at least part of the user terminal's information and a digital signature of the proxy server.
  • a method of providing content to a user terminal comprising: receiving a second request message from the user terminal requesting to access the content provided by the second content access server; authenticating whether the user terminal is registered on a first content access server; determining whether the user terminal is authorized to access the content, based on a pre-defined condition and the result of the authentication; and sending a second response message to the user terminal indicating whether the user terminal is authorized to access the content or not.
  • an apparatus for determining whether a user terminal requesting to access content provided by a second content access server is registered on a first content access server comprising: a first receiver configured to receive a first authentication request message from the second content access server, the first authentication request seeking to check whether the user terminal requesting the content provided by the second content access server is registered on the first content access server; a first unit configured to determine whether the user terminal is registered on the first content access server, based on the user terminal's information obtained from the first content access server; and a first sender configured to send a first authentication response message to the second content access server, the first authentication response indicating whether the user terminal is registered on the first content access server.
  • an apparatus for issuing a license for accessing content provided by a second content access server to a user terminal in a proxy server, the user terminal being registered on a first content access server comprising: a second receiver configured to receive a first request message from the user terminal, requesting to obtain a license for accessing the content provided by the second content access server; a fourth unit configured to determine whether to issue the license to the user terminal, based on the user terminal's information obtained from the first content access server and a pre-defined condition; a generator configured to generate the license including at least part of the user terminal's information and a digital signature of the proxy server if the fourth unit determines to issue the license; and a second sender configured to send a first response message including the license to the user terminal.
  • an apparatus for accessing content provided by a second content access server in a user terminal registered on a first content access server comprising: a third sender configured to send a first request message requesting to obtain a license for accessing the content provided by the second content access server to a proxy server; and a third receiver configured to receive a first response message including the license for accessing the content provided by the second content access server from the proxy server, the license including at least part of the user terminal's information and a digital signature of the proxy server.
  • an apparatus for providing content in a second content access server to a user terminal comprising: a fourth receiver configured to receive a second request message from the user terminal, requesting to access the content provided by the second content access server; a fifth unit configured to authenticate whether the user terminal is registered on the first content access server; a sixth unit configured to determine whether the user terminal is authorized to access the content, based on a pre-defined condition; and a fourth sender configured to send a second response message to the user terminal, indicating whether the user terminal is authorized to access the content or not.
  • an effective solution is provided for a user terminal registered on a first content access server to access the content provided by the second content access server. Due to the fact that an independent third party server is involved to check the identity of the user terminals, the information of the user terminal registered on a first content access server can be isolated from other content access servers, and hence the security of the user terminal's information is guaranteed.
  • the third party server involved provides a common interoperability interface for multiple content access servers, and hence a user terminal registered on one content access server can enjoy rich content from multiple other content access servers.
  • FIG. 1 illustrates a prior art scenario
  • FIG. 2 illustrates a scenario according to an embodiment of the present invention
  • FIG. 3 illustrates a schematic view of a flowchart of how a user terminal registered on a first content access server accesses the content provided by a second content access server according to an embodiment of the present invention
  • FIG. 4 illustrates a schematic view of a flowchart of how a user terminal registered on a first content access server accesses the content provided by a second content access server according to another embodiment of the present invention
  • FIG. 5 illustrates a schematic view of a block diagram of the apparatus for determining whether a user terminal requesting to access content provided by a second content access server is registered on a first content access server according to an embodiment of the present invention
  • FIG. 6 illustrates a schematic view of a block diagram of an apparatus for issuing a license for accessing content provided by a second content access server to a user terminal, the user terminal being registered on a first content access server according to an embodiment of the present invention
  • FIG. 7 illustrates a schematic view of a block diagram of an apparatus for accessing content provided by a second content access server in a user terminal registered on a first content access server according to another embodiment of the present invention
  • FIG. 8 illustrates a schematic view of a block diagram of an apparatus for providing content in a second content access server to a user terminal according to an embodiment of the present invention
  • FIG. 2 shows a scenario according to an embodiment of the present invention, in which the user terminal 111 is registered on the content access server 121 which provides an access point for the user terminal 111 to access content provided by the content provider 141 , and user terminal 112 is registered on the content access server 122 which provides an access point for the user terminal 112 to access content provided by the content provider 142.
  • the first content access server is only for differentiating it from the second content access server 122, and it can be any other content access server except the second content access server 122.
  • a proxy server 150 is involved in FIG. 2 to perform an identity authentication function for a content access server, when a user terminal registered on another content access server requests to access content provided by this content access server.
  • the proxy server 150 can also collect information of the content provided by all content access servers and provide each content access server with information indicating content provided by other content access servers.
  • the information can include name of the content, provider, link etc.
  • the proxy server 150 can provide the above information without disclosing information of other content access servers, which is helpful for improving the user terminals ' loyalty.
  • the information indicating content provided by other content access servers can be provided in the form of a list.
  • the proxy server 150 can provide the first content access server 121 with a list indicating the content provided by the second content access server 122 and provide the second content access server 122 with a list indicating the content provided by the first content access server 121.
  • the first content access server 121 can show the user terminal 111 a menu including the list indicating content provided by the second content access server without providing the information of the second content access server 122, as shown in Tab. 2.
  • a user using the user terminal 111 looks through the menu and finds interesting content (such as music) and wants to acquire this content.
  • This content is provided by the second content access server 122 and is mapped by the proxy server 150 into the first content access server 121.
  • FIG. 3 shows a flowchart of how the user terminal 111 acquires this content.
  • the user terminal 111 sends a second request message to the second content access server 122, requesting to access the content provided by the second content access server 122 via the first content access server 121.
  • the second request message includes the ID of the user terminal 111 and the name of the content requested.
  • the second request message can further include the ID of the first content access server 121 , which ID can be added to the second request message by the user terminal 111 or by the first content access server 121.
  • the first content access server 121 receives the second request message and forwards it directly to the second content access server 122 if the first content access server 121 knows the address of the content access server 122 from the list indicating content provided by the second content access server 122 or in any other way. Alternatively, if the first content access server 121 does not know the address of the content access server 122, it forwards the second request message to the proxy server 150. And the proxy server 150 then forwards the second request message to the second content access server 122.
  • the second content access server 122 cannot determine whether the user terminal 111 has the right to access the content provided by the second content access server 122, except if the user terminal 111 is registered on the second content access server 122. If the requested content is free and imposes no restriction on the user terminal's identity, the second content access server 122 can grant access, but for some commercial services, the second content access server 122 should confirm that the user terminal 111 has the right to access the content and/or obtains some information like "the payment process is completed". Therefore, the second content access server 122 authenticates the identity of the user terminal 111 first to determine whether the user terminal is registered on a first content access server or not.
  • the second content access server 122 sends a first authenticating request message for checking whether the user terminal 111 is registered on the first content access server 121 to the proxy server 150 after receiving the second request message from the user terminal 111.
  • the first authenticating request message includes the ID of the user terminal 111.
  • the first authenticating request message can also include the ID of the first content access server and/or the information of content requested by the user terminal 111, including the name of the content, size and type etc.
  • the proxy server 150 determines whether the user terminal 111 is registered on the first content access server 121, based on the user terminal I l l 's information obtained from the first content access server 121.
  • the proxy server 150 can obtain the user terminal I l l 's information from the first content access server 121 after receiving the authentication request message or before receiving the authentication request message.
  • a tab reflects the registration relationship between the user terminals and the content access servers, so when the first authentication request message does not include the ID of the first content access server 121, the proxy server 150 can determine which content access server the user terminal is registered on.
  • the information of the user terminal 111 includes whether or not the user terminal 111 is registered on the first content access server 121.
  • the information of the user terminal 111 may also include other information such as location, payment information, personal use or commercial use etc.
  • step S304 the proxy server 150 sends a first authentication response message to the second content access server 122, the first authentication response indicating whether the user terminal 111 is registered on the first content access server 121 or not.
  • step S305 the second content access server 122 determines whether the user terminal 111 is authorized to access the content provided by the second content access server 122, based on a pre-defined condition and the authentication result.
  • the pre-defined condition can be of various types.
  • the second content access server 122 determines that the user terminal 111 is authorized to access the content if the user terminal 111 is registered on the first content access server 121. If the user terminal 111 is not registered on the first content server 121, the second content access server 122 determines that the user terminal 111 cannot be authorized to access the content.
  • the second content access server 122 can further combine self- status and the authentication result to determine whether the user terminal 111 is authorized to access the content.
  • the self-status of the second content access server 122 can include available connection number and/or available bandwidth of data transmission from the second content access server 122 to the user terminal 111. If the connection number of the second content access server 122 to user terminals reaches the preset maximum number, the request by the user terminal 111 to access the content provided by the second content access server 122 will be refused.
  • the second content access server 122 can further impose some requirements on the user terminal 111 for accessing the content provided by the second content access server 122.
  • An example of these requirements is: the user terminal 111 should be a payment-valid user located in China and access the content for personal use. If the user terminal 111 is located outside of China, it can't be authorized to access the content.
  • the second content access server 122 can obtain the information of the user terminal 111 from the proxy server 150 or directly from the first content access server 121 and compare the information of the user terminal 111 and requirements for the content to determine whether the user terminal 111 is authorized to access the content.
  • the second content access server 122 can send the requirements to the proxy server 150 or the first content access server 121 to check if the user terminal 111 meets the requirements and then the proxy server 150 or the first content access server 121 sends a check result back to the second content access server 122.
  • the requirements can be included in the first authentication request message and the check result can be included in the first authentication response message. In these embodiments, the security of the information of the user terminal 111 is guaranteed.
  • the proxy server 150 requests that the first content access server 121 should provide some traceable evidence substantiating its answer. Based on this requirement, the first content access server 121 provides the proxy server 150 with a hashed result of some information of the user terminal 111. Therefore, the proxy server 150 cannot know details of the user terminal 111. If there is some argument about the user terminal's information, the proxy server 150 can provide the hashed result provided earlier by the first content access server 121, and the first content access server 121 can only provide the original information of the user terminal 111.
  • the original information of the user terminal 111 is then hashed using a hash algorithm and the two results of the hash algorithm are compared. So, the first content access server 121 cannot lie about the user terminal I l l 's information, due to the property of a hash algorithm.
  • the authenticating result from the proxy server 150 indicates that the user terminal 111 is registered on the first content access server 121, and user terminals registered on the first content access server 121 are not permitted to access the content provided by the second content access server 122 for some reason, such as there is no agreement between the second content access server 122 and the first content access server 121, the user terminal 111 cannot be authorized to access the content.
  • the second content access server 122 sends a second response message to the user terminal 111, indicating whether the user terminal 111 is authorized to access the content or not.
  • the second response message can be first sent to the first content access server 121, either directly or via the proxy server 150, and then forwarded to the user terminal 111. Alternatively, the second response message can be sent to the user terminal 111 directly.
  • the second content access server 122 packages the content decryption key into the second response message.
  • the content to be transmitted to the user terminal 111 can be encrypted by the second content access server 122 or the content provider 142.
  • the encryption and decryption keys can be managed by the second content access server 122 or the content provider 142.
  • steps S302 to S304 in Fig. 3 are only an illustrative example of authenticating.
  • the authenticating process can be implemented in a variety of ways.
  • Fig. 4 shows another authenticating solution according to another embodiment of the present invention.
  • the user terminal 111 sends a first request message to the proxy server 150, requesting to obtain a license for accessing the content provided by the second content access server 122.
  • the proxy server 150 determines whether to issue the license to the user terminal 111, based on the user terminal I l l 's information obtained from the first content access server 121.
  • the proxy server 150 can obtain the user terminal I l l 's information from the first content access server 121 after receiving the request message or before receiving the request message.
  • the information of the user terminal 111 includes whether or not the user terminal 111 is registered on the first content access server 121.
  • the information of the user terminal 111 can also include other information such as location, payment information, personal use or commercial use, etc.
  • the proxy server 150 determines to issue the license to the user terminal 111. In another embodiment, if the user terminals registered on the first content access server 121 are not permitted to access the content provided by the second content access server 122, the license will not be issued by the proxy server 150.
  • the proxy server 150 In step S403, the proxy server 150 generates the license including at least part of the user terminal's information and a digital signature of the proxy server 111 if the license is determined to be issued.
  • the at least part of the user terminal's information is merely the information indicating the user terminal 111 is registered on the first content access server 121.
  • step S404 the proxy server 150 sends a first response message including the license to the user terminal 111, either directly or via the first content access server 121.
  • step S405 the user terminal 111 sends a second request message to the second content access server 122, requesting to access the content provided by the second content access server 122 via the first content access server 121.
  • the second request message can be sent to the second content access server 122, either directly by the user terminal 111 or via the first content access server 12 and/or the proxy server 150.
  • step S406 the user terminal 111 receives a second authentication request message from the second content access server 122, either directly or via the proxy server 150 and/or the first content access server 121.
  • step S407 the user terminal 111 sends a second authentication response including the license obtained in step S404 to the second content access server 122, either directly or via the first content access server 12 and/or the proxy server 150.
  • An illustrative license can be as follows:
  • the license can also include other information of the user terminal 111, such as for example:
  • At least part of the information of the user terminal 111 in the license can be hashed with a hash algorithm, so that the proxy server 150 cannot know detailed information of the user terminal 111. Hence, the security of the user terminal I l l 's information is guaranteed.
  • the second content access server 122 verifies the digital signature of the proxy server 150. If the result is "true”, it means that the license is valid and the user terminal 111 is registered on the first content access server 121.
  • An illustrative process of generating a digital signature of the proxy server 150 and verification can be as follows:
  • the proxy server 150 implements a hash algorithm on the ID of the proxy server 150, the ID of the user terminal 111, the ID of the first content access server 121, and other information of the user terminal 111 (if included in the license). Then the hashed result is encrypted with a private key to form a digital signature of the proxy server 150.
  • the second content access server 122 When the second content access server 122 obtains the license, it verifies the digital signature of the proxy server 150 with the public key of the signature. If the verification result is right, the license is valid or the license is regarded as invalid.
  • step S408 the second content access server 122 determines whether the user terminal 111 is authorized to access the content provided by the second content access server 122, based on pre-defined conditions and the authentication result. This is similar to step S305.
  • step S409 the second content access server 122 sends a response message to the user terminal 111, indicating whether the user terminal 111 is authorized to access the content or not. This is similar to step S306.
  • step S406 and step S407 can be omitted by the second request message sent in step S405 including the license.
  • the first content access server 121 can replace any information about the user terminal 111 with a pseudonym. Therefore, in step S301 of Fig. 3 and step S401 of Fig. 4, the first content access server 121 can replace the original ID of the user terminal with a pseudonym PID (Pseudonym ID) and removes other information of the user terminal 111 from the request messages. Alternatively, the other information of the user terminal 111 can be hashed with a hash algorithm by the first content access server 121.
  • the original ID of the user terminal 111 in the license is also replaced with a PID and other information of the user terminal 111 is removed from the license or hashed with a hash algorithm.
  • the relationship with the original ID and PID is kept in the first content access server 121.
  • the second content access server 122 prepares a DRM right or license for the user terminal 111 and sends it to the user terminal 111 by putting it into the second response message to the user terminal 111.
  • the content decryption key can be packaged into the DRM right or license.
  • Fig. 5 shows a schematic view of a block diagram of an apparatus 500 for determining whether a user terminal requesting to access content provided by a second content access server is registered on a first content access server according to an embodiment of the present invention.
  • the apparatus 500 includes a first receiver 501, a first unit 502 and a first sender 503.
  • the apparatus 500 further includes a second unit 504 and a third unit 505, which are also shown in Fig. 5.
  • the apparatus 500 can be located in the proxy server 150 and the work process of the apparatus 500 will be described in the following text with reference to Fig. 2.
  • the first receiver 501 receives a first authentication request message from the second content access server 122, the first authentication request seeking to check whether the user terminal 111 requesting the content provided by the second content access server 122 is registered on the first content access server 121.
  • the first unit 502 determines whether the user terminal 111 is registered on the first content access server 121, based on the user terminal I l l 's information obtained from the first content access server 121.
  • the first sender 503 sends a first authentication response message to the second content access server 122, the first authentication response indicating if the user terminal 111 is registered on the first content access server 121.
  • the second unit 504 obtains information indicating content provided by the second content access server 122; and the third unit 505 provides the first content access server 121 with information indicating content provided by the second content access server 122.
  • Fig. 6 shows an apparatus 600 for issuing, to a user terminal, a license for accessing content provided by a second content access server, the user terminal being registered on a first content access server.
  • the apparatus 600 includes a second receiver 601, a fourth unit 602, a generator 603 and a second sender 604.
  • the apparatus 600 can be located in the proxy server 150 and the operating process of the apparatus 600 will be described in the following text with reference to Fig. 2.
  • the second receiver 601 receives a first request message from the user terminal 111 for obtaining a license for accessing the content provided by the second content access server 122.
  • a fourth unit 602 determines whether to issue the license to the user terminal 111, based on the user terminal I l l 's information obtained from the first content access server 121.
  • a generator 603 generates a license including at least part of the user terminal I l l 's information and a signature of the proxy server 150, if the fourth unit 602 determines to issue the license.
  • the second sender 604 sends a first response message including the license to the user terminal 111.
  • Fig. 7 shows an apparatus 700 for accessing content provided by a second content access server in a user terminal registered on a first content access server.
  • the apparatus 700 in Fig. 7 includes a third sender 701 and a third receiver 702.
  • the apparatus 700 can be located in the user terminal 111 and the operating process of the apparatus 700 will be described in the following text with reference to Fig. 2.
  • the third sender 701 sends a first request message, to a proxy server 150, for obtaining a license for accessing the content provided by the second content access server 122.
  • the third receiver 702 receives, from the proxy server 150, a first response message including the license for accessing the content provided by the second content access server 122, the license including at least part of the user terminal I l l 's information and a signature of the proxy server.
  • the apparatus 700 can access the content provided by the second content access server by virtue of the license obtained.
  • Fig. 8 shows an apparatus 800 for providing content, in a second content access server, to a user terminal.
  • the apparatus 800 includes a fourth receiver 801, a fifth unit 802, a sixth unit 803 and a fourth sender 804.
  • the apparatus 800 can be located in second content access server 122 and the operating process of the apparatus 800 will be described in the following text with reference to Fig. 2.
  • the fourth receiver 801 receives a second request message from the user terminal 111 for accessing the content provided by the second content access server 122.
  • the fifth unit 802 authenticates whether the user terminal 111 is registered on the first content access server 121.
  • the sixth unit 803 determines whether the user terminal 111 is authorized to access the content provided by the second content access server 122, based on a pre-defined condition.
  • the fourth sender 804 sends a second response message to the user terminal 111, indicating whether the user terminal 111 is authorized to access the content provided by the second content access server 122 or not.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

La présente invention décrit une solution technique pour fournir un contenu fourni par un second serveur d'accès à des contenus (122) à un terminal utilisateur (111) enregistré auprès d'un premier serveur d'accès à des contenus (121). Dans la présente invention, un serveur mandataire (150), qui est une tierce partie de confiance indépendante pour les premier et second serveurs d'accès à des contenus, est utilisé pour jouer le rôle d'une identité authentifiant les terminaux utilisateurs, fournissant de cette façon un pont de confiance entre des serveurs d'accès à des contenus en authentifiant les terminaux utilisateurs enregistrés auprès d'un serveur d'accès à des contenus pour d'autres serveurs d'accès à des contenus. Par ce pont, un terminal utilisateur enregistré auprès d'un seul serveur d'accès à des contenus peut devenir un terminal utilisateur de confiance pour d'autres serveurs d'accès à des contenus.
PCT/IB2010/055655 2009-12-24 2010-12-08 Procédés et appareils permettant de fournir un contenu à des terminaux utilisateurs WO2011077305A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910260890 2009-12-24
CN200910260890.9 2009-12-24

Publications (1)

Publication Number Publication Date
WO2011077305A1 true WO2011077305A1 (fr) 2011-06-30

Family

ID=43901035

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2010/055655 WO2011077305A1 (fr) 2009-12-24 2010-12-08 Procédés et appareils permettant de fournir un contenu à des terminaux utilisateurs

Country Status (1)

Country Link
WO (1) WO2011077305A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112632497A (zh) * 2020-12-26 2021-04-09 深圳市八方通达科技有限公司 一种基于区块链的身份信息验证方法及系统
CN114422187A (zh) * 2021-12-21 2022-04-29 航天信息股份有限公司 一种支持web互认证的方法及系统

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1089516A2 (fr) * 1999-09-24 2001-04-04 Citicorp Development Center, Inc. Procédé et système pour donner l'accès à plusieurs serveurs par une seule transaction
US20090199276A1 (en) * 2008-02-04 2009-08-06 Schneider James P Proxy authentication

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1089516A2 (fr) * 1999-09-24 2001-04-04 Citicorp Development Center, Inc. Procédé et système pour donner l'accès à plusieurs serveurs par une seule transaction
US20090199276A1 (en) * 2008-02-04 2009-08-06 Schneider James P Proxy authentication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JOONS PARK ET AL: "Trusted Identity and Session Management Using Secure Cookies", 21 August 2005, DATA AND APPLICATIONS SECURITY XIX; [LECTURE NOTES IN COMPUTER SCIENCE;;LNCS], SPRINGER-VERLAG, BERLIN/HEIDELBERG, PAGE(S) 310 - 324, ISBN: 978-3-540-28138-2, XP019013755 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112632497A (zh) * 2020-12-26 2021-04-09 深圳市八方通达科技有限公司 一种基于区块链的身份信息验证方法及系统
CN114422187A (zh) * 2021-12-21 2022-04-29 航天信息股份有限公司 一种支持web互认证的方法及系统

Similar Documents

Publication Publication Date Title
US12177351B2 (en) Authorized data sharing using smart contracts
US10140432B2 (en) Method for scalable access control decisions
US9774595B2 (en) Method of authentication by token
US11829502B2 (en) Data sharing via distributed ledgers
CN101331731B (zh) 由身份提供商对联盟内的客户进行定制认证的方法、装置和程序产品
US9225721B2 (en) Distributing overlay network ingress information
US20050204038A1 (en) Method and system for distributing data within a network
MXPA04007546A (es) Metodo y sistema para proporcionar una tercera autenticacion de autorizacion.
JP7282982B2 (ja) グループ署名による匿名イベント証明
JP2018517367A (ja) サービスプロバイダ証明書管理
KR20220123695A (ko) 암호화 방식으로 보안 요청 검증
CN112307116A (zh) 基于区块链的数据访问控制方法、装置及设备
US20160269382A1 (en) Secure Distribution of Non-Privileged Authentication Credentials
JP4847483B2 (ja) 個人属性情報提供システムおよび個人属性情報提供方法
CN116028486A (zh) 一种数据存储和数据查询的方法和装置
WO2022033350A1 (fr) Procédé et dispositif d'enregistrement de service
KR100609701B1 (ko) 전자 거래 내역에 대한 프라이버시를 보호하는 거래 인증방법 및 시스템
WO2011077305A1 (fr) Procédés et appareils permettant de fournir un contenu à des terminaux utilisateurs
CN114861144A (zh) 基于区块链的数据权限处理方法
CN114978741B (zh) 一种系统间认证方法及系统
CN117061248B (zh) 一种用于数据共享的数据安全保护方法和装置
CN106464684A (zh) 业务处理方法及装置
GB2590520A (en) Data sharing via distributed ledgers

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10809239

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10809239

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载