KR101810986B1 - Method for log-in without exposing the password and computer readable recording medium - Google Patents

Abstract

A method for logging into a web server without exposing a password according to an embodiment of the present invention comprises the steps of: providing a computer terminal with a screen that allows a user to enter a user ID for a web server the user wants to log in and to request authentication of the user; receiving the user ID and user authentication request from the computer terminal; providing the computer terminal with an ARS telephone number; checking whether an ARS having the ARS telephone number has received a call from a telephone having a telephone number of the user possessing the user ID; and providing the computer terminal with a logged-in screen of the web server if it is confirmed that the ARS has received a call from the telephone having the telephone number of the user.

Description

TECHNICAL FIELD The present invention relates to a method for logging into a web server without exposing a password and a computer readable recording medium therefor.

The present invention relates to a method for logging into a web server without exposing a password and a computer readable recording medium therefor.

With the development of communication networks and computer related technologies, various types of online services are being provided through the Internet. Most online services allow only users who have been authenticated to use the service normally.

The authentication for the user is performed in such a manner that a user sets authentication information such as an ID and a password and inputs his / her authentication information when using the online service.

As the use of the Internet is becoming commonplace, the number of websites to which each user subscribes is increasing, and in order to access a member-only service by a user, it is inconvenient to log in separately for each website. If the ID and password are different for each site, it is necessary to memorize multiple IDs and passwords for each site, and if the website is hacked, the risk of leakage of personal information will also follow.

In the prior art, it relies on installation of a public certificate or a security program in order to prevent information leakage due to such hacking or virus infection.

According to an embodiment of the present invention, a method for logging into a web server without inputting a password on a login screen for preventing information leakage, and a computer readable recording medium on which a program for the method is recorded can be provided.

According to an embodiment of the present invention, there is provided a method of logging into a web server without exposing a password,

Providing a computer terminal capable of inputting a user ID of a web server to be logged in and requesting authentication of the user; Receiving a user ID and a user authentication request from a computer terminal; Providing an ARS telephone number to the computer terminal; Confirming whether the ARS having the ARS telephone number has received a telephone call from a telephone having a telephone number of the user having the user ID; And providing the computer terminal with a logged-in screen of the web server if it is determined that the ARS has received a telephone call from a telephone number of the user's telephone number; A method for logging in to a web server without exposing a password may be provided.

According to an embodiment of the present invention,

Selecting an ARS telephone number to be provided to the computer terminal upon receiving a user ID and a user authentication request of a web server to be logged in from the computer terminal;

Confirming whether the ARS having the ARS telephone number has received a telephone call from a telephone having a telephone number of the user having the user ID; And providing a logged-in screen of the web server to the computer terminal when it is determined that the ARS has received a telephone call from a telephone having the user's telephone number as a result of performing the checking step; A computer-readable recording medium on which a computer program for executing a method for logging in to a web server without exposing a password can be provided.

According to an embodiment of the present invention, in order to perform authentication of a user, a password is input on a web site screen to log in by using a voice network through a telephone (e.g., a smart phone) Therefore, there is an advantage in that the security is superior to the conventional login procedure through the Internet network.

According to an embodiment of the present invention, even when a database of an individual web server in which user information of individual web sites is managed is hacked by using a phone (e.g., a smart phone) The password is not leaked.

1 illustrates a system for illustrating a method for logging into a web server without exposing a password according to one or more embodiments of the present invention;
2 is a diagram illustrating databases for implementing a method of logging in to a web server without exposing a password according to various embodiments of the present invention;
Figures 3-6 are exemplary flowcharts illustrating a method for logging into a web server without exposing a password according to one or more embodiments of the present invention;
7 and 8 are diagrams for explaining the operation of a program installed in a login system for logging into a web server without exposing a password according to one or more embodiments of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The above and other objects, features, and advantages of the present invention will become more readily apparent from the following description of preferred embodiments with reference to the accompanying drawings. However, the present invention is not limited to the embodiments described herein but may be embodied in other forms. Rather, the embodiments disclosed herein are provided so that the disclosure can be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.

The terms "transmission", "communication", "transmission", "reception", and the like, of a signal or information used herein are intended to encompass not only the direct transmission of signals or information from one component to another, And the like. In particular, "transmitting" or "transmitting" a signal or information to an element is indicative of the final destination of the signal or information and not a direct destination. This is the same for the 'reception' of a signal or information.

Although the terms first, second, etc. have been used in various embodiments of the present disclosure to describe various components, these components should not be limited by such terms. These terms have only been used to distinguish one component from another. The embodiments described and exemplified herein also include their complementary embodiments. Where an element, component, apparatus, or system is referred to as comprising a program or component, it is to be understood that the element, component, apparatus, or system, It should be understood to include the necessary hardware (e.g., memory, CPU, etc.) or other programs or software (e.g., drivers needed to drive an operating system or hardware).

It is also to be understood that the elements (or components) may be implemented in software, hardware, or any form of software and hardware, unless the context clearly dictates otherwise.

The terminology used herein is for the purpose of illustrating embodiments and is not intended to be limiting of the present invention. In the present specification, the singular form includes plural forms unless otherwise specified in the specification.

The terms "comprise" and / or "comprising" used in the specification do not exclude the presence or addition of one or more other elements.

Hereinafter, the present invention will be described in detail with reference to the drawings. In describing the specific embodiments below, various specific details have been set forth in order to explain the invention in greater detail and to assist in understanding it. However, it will be appreciated by those skilled in the art that the present invention may be understood by those skilled in the art without departing from such specific details. In some cases, it should be mentioned in advance that it is common knowledge in describing an invention that parts not significantly related to the invention are not described in order to avoid confusion in explaining the present invention.

In the following description of the embodiments, the same reference numerals are used for the same components for the sake of convenience.

1 illustrates a system for illustrating a method for logging into a web server without exposing a password according to one or more embodiments of the present invention.

A method for logging in to a web server without exposing a password according to various embodiments of the present invention will be described with reference to FIG. 1, and the functions for the components commonly included in the embodiments will be described with reference to FIG. 1 Hereinafter, components having different functions will be described in detail with reference to the drawings.

Referring to FIG. 1, a system (hereinafter referred to as a 'login service system') for logging into a web server ('individual web server') without exposing a password according to an embodiment of the present invention includes a service server 10, A computer terminal 20, a user telephone 30, an ARS server 40, a plurality of ARSs, a web server 50 and a user information DB 70. These components are connected by a network, For example, Wi-Fi, Internet, LAN (Local Area Network), Wireless LAN (Wireless Local Area Network), WAN (Wide Area Network), PAN (Personal Area Network) Network or a combination of two or more of such.

The service server 10 can perform a role of providing a method of logging in to the web server without intervening with the individual web server 50 and exposing the password of the present invention.

In this login service system, if the web server 50 can input the user ID of the web server to log in and provides the computer terminal 20 with a screen for requesting the authentication of the user, When the user ID is input from the user on the screen and the user authentication request is received, the user ID and the user authentication request are transmitted to the web server 50. When there is a user ID and a user authentication request from the computer terminal 20, the web server 50 transmits a telephone number (hereinafter, referred to as 'ARS telephone number') of an ARS which is not currently used among a plurality of ARSs to the computer terminal 20 ). The computer terminal 20 displays the telephone number provided from the web server 50 on the screen.

Thereafter, the service server 10 confirms whether the ARS having the ARS telephone number provided to the computer terminal 20 has received the telephone call from the user telephone 30, and if it is confirmed that the telephone call has been received, the computer terminal 20 ) To provide a login screen of the web server. More detailed functions of the service server 10 will be described with reference to other drawings.

The plurality of ARSs are configured to include at least two ARSs assigned different telephone numbers. Although FIG. 1 shows three ARSs, this is an example, and more ARS can be implemented. In addition, three ARSs shown in FIG. 1 are assigned different telephone numbers, and in the present description, a reference numeral 41 is assigned to an ARS to which a telephone number 1111 is assigned for the purpose of description.

The ARS server 40 can arbitrarily select an ARS which is not currently used among a plurality of ARSs when there is a user's authentication request. According to one embodiment, the web server 50 that received the authentication request notifies the ARS server 50 that there is a request for authentication of the user, and the ARS server 40 is currently used among the plurality of ARS in response to the request (For example, ARS 41), and notifies the web server 50 of the telephone number of the selected ARS.

According to another embodiment, the web server 50 having received the authentication request notifies the service server 10 of the request for authentication, and the service server 10 notifies the ARS The ARS server 40 selects an ARS (e.g., ARS 41) that is not currently in use among a plurality of ARSs in response to the request, And notifies the server 50 or the service server 10. When the service server 10 receives the ARS telephone number from the ARS server 40, the service server 10 informs the web server 50 of the ARS telephone number.

The authentication parameter information means information that uniquely matches the authentication request of the user. If the ARS 41 telephone number is selected as authentication mediation information, the ARS 41 telephone number may be used as an access number in the ARS connection described later. For convenience of description, the description of the present specification assumes that the telephone number of the ARS 41 is '1111' as shown in FIG.

The computer terminal 20 includes a display for providing a screen for inputting a user ID for requesting a user authentication, such as a PC (Personal Computer), a smart phone, a smart watch, a tablet PC, a PDA phone, . Here, a smartphone refers to a mobile phone that provides advanced functions in addition to a function that is the same as a PC, a smart watch refers to an embedded system wristwatch equipped with functions that are more advanced than a general watch, And a PDA phone means a personal digital assistant (PDA) (Personal Digital Assistant) equipped with a mobile communication module.

The user telephone 30 is a telephone for authenticating the user and includes a call function for using the ARS. The user telephone 30 in the present specification means a wired or wireless telephone having a telephone number of the user having the ID of the web server 50. [ The wireless telephone may be, for example, a smart phone, but the invention is not limited thereto.

The web server 50 is capable of providing a web service, and when receiving a web page request from a user, it provides a web page in response to the request. For example, it could refer to individual web servers such as www.daum.net, Naver (www.naver.com), Google (www.google.com), and users The information can be stored and managed in each individual website user DB. In the present specification, 'management' is meant to include deletion, update, change, and addition.

In this specification, the web server 50 is identified by the name or URL of the individual web server, and the web server 50 is also referred to as an 'individual web server'.

As will be described later, the user information DB 70 stores user IDs and user PWs (passwords) corresponding to at least one or more individual web servers 50 corresponding to the user telephone numbers, as user information, (10). ≪ / RTI >

The login system described with reference to FIG. 1 may be implemented in various ways. Hereinafter, a login method applicable to the login system described with reference to FIG. 1 will be described in detail with reference to other drawings.

FIG. 2 is a view for explaining databases necessary for implementing a method of logging into a web server (referred to as 'individual web server') without exposing a password according to various embodiments of the present invention. Each of the embodiments will be described in detail.

1st Example

3 is an exemplary flowchart illustrating a method of logging in to a web server without exposing a password according to the first embodiment of the present invention. The method can be applied to the login system described with reference to Fig. 1, for example.

Hereinafter, assuming that the present method is applied to the login system of FIG. 1, and for the purpose of explanation, it is assumed that the Web server 50 is a server having a URL such as www.daum.net This method will be described.

3, in step S110, the web server 50 may input the user ID of the web server 50 to the computer terminal 20 and provide a screen for requesting authentication of the user.

Here, since the web server 50 is assumed to be the next server (www.daum.net), the user ID of the web server 50 is an ID that the user can access to the next server (www.daum.net) , jjy0301).

The web server 50 provides the computer terminal 20 with an ID of the web server 50 and a request for authentication authentication (step S110).

The web server 50 receives the ID of the web server 50 input by the user through the computer terminal 20 and the authentication request from the computer terminal 20 (step S120).

If the authentication request is received in step S120, the ARS server 40 may select the ARS phone number and provide it to the service server 10 (step S121).

Here, whether or not the ARS server 40 has a request for authentication of the user can be notified from the web server 50 or by receiving notification from the service server 10. [ That is, the web server 50 notifies the ARS server 40 or the service server 10 that there is an authentication request when there is a request for authentication of the user, and when the service server 10 is notified of such authentication request And notifies the ARS server 40 that there is such a person authentication request.

In the present embodiment, the ARS server 40 has provided the ARS telephone number to the service server 40, but it is also possible that the ARS server 40 provides the ARS telephone number to the web server 50

If the ARS server 40 receives the ARS telephone number from the ARS server 40 in step S121, the service server 40 provides the ARS telephone number directly to the computer terminal 20 as in step S123, or ii) And the web server 50 may provide the ARS telephone number to the computer terminal 20 in step S127.

The computer terminal 20 displays the ARS telephone number provided through the step S123 or S127 on the screen so that the user can view it (step S130).

The ARS telephone number provided to the computer terminal 20 is the telephone number of the selected ARS corresponding to the user's authentication request as described above.

If the selected ARS number is '1111' after step S120, the service server 10 may provide the ARS telephone number directly to the computer terminal 20 or may be provided through the web server 50 have.

When the computer terminal 20 displays the provided ARS telephone number on the screen in step S130, the user uses the user telephone 30 to enter the ARS telephone number (for example, 1111 (Step S131).

The service server 10 then determines whether the ARS 41 with the ARS telephone number (e.g., 1111) has received a call from the telephone-user telephone 30 with the telephone number of the user with the user ID (Step S140).

For example, the ARS server 40 may determine whether the user telephone 30 has called the ARS 41 with an ARS telephone number (e.g., 1111). The ARS server 40 informs the service server 10 of the fact that the ARS 41 has received a telephone call from the user telephone 30. If the service server 10 receives such a fact within the validity period of the authentication, the service server 10 performs step S150. Otherwise, the service server 10 does not perform step S150.

That is, when the service server 10 receives a notification from the ARS server 40 that the ARS 41 has received a telephone call from the user telephone 30, the service server 10 displays a screen (login to the web server 50) (Step S150). In detail, when the service server 10 receives a notification from the ARS server 40 that the ARS 41 has received a telephone call from the user telephone 30, the service server 10 refers to the user information DB 70, Requests the logged in screen while transferring the obtained PW (password) and the user ID to the web server 50, and provides the logged in screen to the computer terminal 20 when receiving the login screen from the web server 50 .

Here, the user information DB 70 will be described later with reference to FIG.

As described above, according to the present embodiment, since the user does not directly input the password of the next server (www.daum.net) to log in to the next server (www.daum.net), the user ID jjy0301) to receive a screen from the service server 10 to the next server (www.daum.net).

Second Example

4 is an exemplary flowchart illustrating a method of logging in to a web server without exposing a password according to a second embodiment of the present invention.

The method can be applied to the login system described with reference to Fig. 1, for example.

Hereinafter, it is assumed that the method is applied to the login system of FIG. 1, and for the purpose of explanation, it is assumed that the web server 50 is a server having a URL such as www.daum.net This method will be described.

The second embodiment of the present invention is the same as the first embodiment except that the step (S240) corresponding to step S140 in the first embodiment, that is, when the service server 10 receives the telephone number of the user having the user ID by the ARS having the ARS telephone number The steps up to the step of confirming whether or not a telephone is received from the user telephone 30 are the same as those of the first embodiment. Therefore, the following description will focus on the following steps.

4, if the service server 10 confirms that the ARS 40 has received a telephone call from the user telephone 30 having the telephone number of the user in the present embodiment, then in step S241, the service server 10 Informs the web server 50 of the confirmation result and at step S250 the web server 50 provides the computer terminal 20 with the login screen of the web server 50. [

Here, as a result of confirmation that the service server 10 informs the web server 50,

I) the ARS 40 has received a call from the user telephone 30 with the user's telephone number

Ii) the password of the website acquired by referring to the user information DB 70 (the password of the corresponding website corresponding to the user's telephone number)

May be included. Here, the user information DB 70 will be described later with reference to FIG.

If the result of the verification includes the password of the corresponding web site corresponding to the user telephone number, the web server 50 determines whether the web site password provided from the service server 10 matches the password of the corresponding web server 50 And provides a login screen to the web server 50 to the computer terminal 20 only when they match.

That is, since the user does not directly input the password of the next server (www.daum.net) to log in to the next server (www.daum.net), only the user ID (jjy0301) is inputted without exposing the password, 10) to the next server (www.daum.net).

Third Example

5 is an exemplary flowchart illustrating a method of logging in to a web server without exposing a password according to a third embodiment of the present invention. The method can be applied to the login system described with reference to Fig. 1, for example.

Hereinafter, it is assumed that the method is applied to the login system of FIG. 1, and for the purpose of explanation, it is assumed that the web server 50 is a server having a URL such as www.daum.net This method will be described.

The third embodiment of the present invention is the same as the first embodiment except that the step S340 corresponding to the step S140 in the first embodiment, that is, when the service server 10 receives the telephone number of the user having the user ID by the ARS having the ARS telephone number The steps up to the step of confirming whether or not a telephone is received from the user telephone 30 are the same as those of the first embodiment.

In the step S350 corresponding to the step S150 of the first embodiment, the service server 10 provides the computer terminal 20 with the login screen of the web server 50 (the next server) The third embodiment differs from the first embodiment in that steps S341 and S343 are further included between the step 340 and the step S350 in the third embodiment, do.

5, in the present embodiment, when the service server 10 confirms that the ARS 40 having the ARS telephone number has received a telephone call from the telephone-user telephone 30 having the user's telephone number, The service server 10 transmits the password of the web server 50 (next server) which can access the web server 50 (next server) to the web server 50 (next server) in step S341. Alternatively, when the password of the web server 50 (next server) is transmitted, the web server 50 (next server) ID may be transmitted together.

In the following step S343, the web server 50 (next server) confirms that the ID of the web server 50 (next server) received from the service server 10 and the password of the web server 50 (next server) 50) (next server), the service server 10 provides the screen that is logged in to the web server 50 (next server), and the service server 10 sends the screen to the web server 50 Server) is received.

In step S250, the service server 10 provides the computer terminal 20 with a screen logged in to the web server 50 (next server) provided from the web server 50 (next server).

Although not shown in FIG. 5, in the present embodiment, the service server 10 may further include a step of storing and managing a user information DB including a user ID, a user's telephone number, and a password, , ≪ / RTI > updates, changes, and additions.

2, the user information DB 70 includes a web server user ID and a password corresponding to a user telephone number (010-7676-7676), an individual web server (for example, next, Naver, Google) can do.

5), the service server 10 refers to the user information DB 70 to determine whether the ARS 41 is connected to the telephone-user telephone 30 having the user's telephone number (step S340) - < / RTI > whether or not a call has been received within the validity time of the authentication.

According to the present embodiment, the Web server 50 (next server) ID transmitted from the service server 10 to the web server 50 (next server) in step S341 (see Fig. 5) (Next server) password is found by referring to the user information DB 70. The ID (jjy0301) of the web server 50 (next server) and the password 1111 ## input by the user as the user ID of the web server, .

In the third embodiment, the service server 10 stores and manages the user information DB. However, in the above-described other embodiments (for example, in the first and second embodiments ) Service server 10 may further include a step of storing and managing the user information DB.

Fourth Example

6 is an exemplary flowchart illustrating a method of logging in to a web server without exposing a password according to a fourth embodiment of the present invention. The method can be applied to the login system described with reference to Fig. 1, for example.

Hereinafter, it is assumed that the method is applied to the login system of FIG. 1, and for the purpose of explanation, it is assumed that the web server 50 is a server having a URL such as www.daum.net This method will be described.

6, the fourth embodiment of the present invention includes steps S441 to S445 between step S440 corresponding to step S240, step S241 of the second embodiment, step S447, Which is different from the second embodiment. Hereinafter, differences will be mainly described.

If the service server 10 confirms that the ARS 41 has received a telephone call from the user telephone 30 having the user's telephone number in step S440 of the present embodiment, then in step S441, Informs the user of the phone having the user's telephone number-user telephone 30-to input the password. Here, the password means a password corresponding to the user ID input by the user via the computer terminal 20. [

When the user inputs the password using the user telephone 30 having the telephone number of the user in step S443, the service server 10 confirms whether or not the password inputted by the user is correct in step S445.

Here, confirming whether the service server 10 is correct or not may include checking whether or not the input password matches the password of the web server stored in the user information DB.

As will be described later, the password may be stored in the temporary DB, and the service server 10 can determine whether the password is correct by judging whether or not the password matches the password inputted by the user referring to the temporary DB.

If the service server 10 determines in step S447 that the password input from the user telephone 30 is correct in step S447, the service server 10 transmits the confirmation result to the web server 50 The web server 50 (next server) provides the computer terminal 20 with a screen that is logged in to the next server (www.daum.net).

On the other hand, the fourth embodiment of Fig. 6 is implemented by a method of further including steps S441 to S445 in the second embodiment, but in other embodiments described above (for example, , The third embodiment) It is also possible to implement the method including the step S441 to the step S445.

Fifth Example

The fifth embodiment can be applied to the login system described with reference to Fig. 1, for example. Hereinafter, the method will be described assuming that the method is applied to the login system of FIG.

In the fifth embodiment of the present invention, for convenience of explanation, in the second embodiment, the web server 50 receives the ID of the web server 50 inputted by the user via the computer terminal 20 and the user authentication request (S220), the service server 10 selects an ARS number and provides the ARS number to the computer terminal 20 (step S221), and checking whether the ARS having the ARS telephone number has received a telephone call from the user telephone 30 The steps corresponding to step S240 are referred to as step S520, step S521, and step S540.

The fifth embodiment differs from the second embodiment in that the service server 10 further includes a step of creating a temporary DB between step S520 and step S521, .

In this embodiment, when the web server 50 receives the user ID and the identity authentication request from the computer terminal 20 in step S520, before performing step S521, the service server 10 searches the computer terminal 20 The temporary DB is created using the user ID received from the temporary DB.

According to the present embodiment, the provisional DB generated by the service server 10 may include, as temporary information, a user ID corresponding to at least one individual web server, a telephone number of the user, and an authentication effective time.

Alternatively, the temporary DB may further include a password that matches a user ID corresponding to at least one or more individual web servers.

Here, the temporary information can be obtained from the user information corresponding to the user ID in the user information DB.

The authentication valid time can be set to 30 seconds, 60 seconds, and so on, so that the authentication operation is not performed if the ARS 41 does not receive a telephone call from the user telephone 30 for a predetermined authentication valid time.

According to the present embodiment, in step S540, the service server 10 can confirm whether or not the ARS 41 has received a telephone call from the user telephone 30 having the telephone number of the user having the user ID.

Herein, the service server 10 confirms whether or not the telephone is received from the user telephone 30 by referring to the provisional DB created in the present embodiment and notifying the ARS 41 of the telephone number of the user telephone 30 It means to check whether you have received the call.

In the meantime, although the fifth embodiment is implemented by a method of further including a step of creating a temporary DB in the second embodiment, in the above-described other embodiments (for example, the first, third, and fourth embodiments) And a step of creating a temporary DB may be further included.

Hereinafter, with reference to FIG. 7 and FIG. 8, a program for executing a method of logging in to a web server without exposing a password will be described. Assuming that such a program is installed in the login system described with reference to FIG. 1 FIG. 7 is a diagram for explaining the operation of a program installed in the login system according to an embodiment of the present invention.

Referring to FIG. 7, a program installed in a login system according to an embodiment of the present invention, which executes a method of logging in to a web server without exposing a password, is stored in a computer-readable recording medium.

The computer-readable recording medium may include program commands, data files, data structures, etc., alone or in combination. The program instructions recorded on the medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art of computer software. Examples of the computer-readable recording medium include magnetic media such as a hard disk, a floppy disk and a magnetic tape, optical media such as CD-ROM and DVD, a floptical disk, And hardware devices that are specially configured to store and execute program instructions such as magnetic-optical media, ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like.

7, a method for logging into a web server without exposing a password performed in a login system by a program according to an embodiment of the present invention includes:

To the computer (service server 10 and / or ARS server 40)

A step (S610) of selecting an ARS telephone number to be provided to the computer terminal (20) upon receipt of the user ID and the user authentication request of the web server (50) to be logged in from the computer terminal (20); It is determined in step S620 whether the ARS 41 having the ARS telephone number selected in step S610 has received a telephone call from the telephone 30 (hereinafter, referred to as "user telephone") having the telephone number of the user having the user ID, ; And

(S630) of providing a login screen of the web server to the computer terminal when it is determined that the ARS 41 selected in step S610 has received a telephone call from the user telephone 30 .

For example, a method for logging in to a web server without exposing a password by a program according to an embodiment of the present invention may be implemented such that steps S610, S620, and S630 are both performed on the service server 10 have.

As another example, a method for logging in to a web server without exposing a password by a program according to an embodiment of the present invention includes steps S610 and S630 are executed in the service server 10, step S620 is executed in the ARS server 40 ). ≪ / RTI >

As another example, a method for logging in to a web server without exposing a password by a program according to an embodiment of the present invention is executed in the ARS server 40 in step S610, and steps S620 and S630 are executed in the service server 0.0 > 10). ≪ / RTI >

As another example, a method for logging into a web server without exposing a password by a program according to an embodiment of the present invention may be executed in the service server 10 in step S610 and executed in the ARS server 40 And S630 may be implemented to be executed in the web server 50. [

In the above-described embodiments, when the service server 10 executes step S620, such operation of the service server 10 is described in more detail by the operation of the service server 10 in the first embodiment described above Please refer to it because it is explained.

According to another embodiment of the present invention, a method for logging into a web server without exposing a password by a program according to an embodiment of the present invention includes: (S613) between the step S610 and the step S620 when the service server 10 provides the ARS telephone number selected in the step S610 to the computer terminal 20 upon receiving the personal authentication request; As shown in FIG.

Here, the step S613 may be performed by the service server 10, which is described in more detail by the operation of the service server 10 in the first embodiment described above, and therefore, it should be referred to.

According to another embodiment of the present invention, a method for logging into a web server without exposing a password by a program according to an embodiment of the present invention includes: after step S620, the ARS 41 selected in step S610 The service server 10 transmits a web site password that can be accessed to the web server 50 to the web server 50 and transmits the web site password to the web server 50 from the web server 50 Receiving a screen (S621); As shown in FIG.

In this embodiment, the step S630 of providing the logged-in screen of the web server 50,

And means that the service server 10 provides the login screen received from the web server 50 to the computer terminal 20

This embodiment is described in more detail by the operation of the service server 10 in the third embodiment described above.

Although not shown, according to another embodiment of the present invention, a method for logging in to a web server without exposing a password from a web site by a program according to an embodiment of the present invention includes a user ID, a telephone number of a user, Storing and managing a user DB including the user DB; As shown in FIG.

In the present embodiment, the user ID is the ID of the web site to which the user intends to log in. The web site password transmitted by the service server 10 to the web server 50 is the same as that of the user information DB 70, Which means that it is found.

The step S620 of checking in the step S620 in this embodiment is a step in which the service server 10 or the ARS server 40 refers to the user DB 70 and judges whether the ARS 41 receives the authentication validity And a step of confirming whether or not the telephone has been received within the time.

This embodiment is described in more detail by the operation of the service server 10 in the third embodiment described above.

According to an embodiment of the present invention, a method for logging in to a web server without exposing a password by a program according to an embodiment of the present invention includes the steps of, upon receiving a user ID and a user authentication request from the computer terminal 20, (S611) before the service server 10 confirms whether or not the ARS 41 has received a telephone call from the user telephone 30 in step S620; And the temporary DB may include a user ID, a telephone number of the user, an authentication effective time, and a password.

In this embodiment, the step (S620) of confirming whether the ARS 41 has received a telephone call from the user telephone 30,

Refers to the step of checking whether or not the ARS 41 has received a telephone call from the user telephone 30 within the authentication valid time by referring to the temporary DB generated in step S611.

7, the operation of the service server 10 and the ARS server 40 in the first, second, third, and fifth embodiments described above will be described in more detail Please refer to it.

8 is a diagram for explaining the operation of a program installed in a login system according to an embodiment of the present invention.

A program installed in a login system according to an embodiment of the present invention and executing a method of logging in to a web server without exposing a password is stored in a computer readable recording medium.

The steps S710 to S720 of the embodiment to be described later with reference to Fig. 8 are the same as the steps S610 to S620 of the above description with reference to Fig. 7, Is the same as the step of confirming whether or not the telephone is received from the user telephone 30, and there are differences in the steps thereafter. Therefore, the following description will focus on the differences.

According to an embodiment of the present invention, a method of logging into the web server 50 without exposing a password by a program according to an embodiment of the present invention is a method in which, when a password is input from the user telephone 30, (S721) whether or not the password input from the input unit 30 is correct; As shown in FIG.

For example, the service server confirms in step S720 whether the ARS 41 has received a telephone call from the user telephone 30, and the ARS 41 instructs the user telephone to enter a password. Here, the password means a password corresponding to the user ID input by the user via the computer terminal 20. If the user then inputs a password using the user telephone 30, the password entered by the user in step S721 Whether or not it is correct.

Confirming whether or not the password is correct here may include confirming that the input password matches the password of the web server stored in the user information DB 70. [

It is also possible for the service server 10 or the ARS server 41 to confirm whether or not the password is correct here.

The password may be stored in the temporary DB, and the service server 10 or the ARS server 40 can check whether the password is correct by judging whether or not the password matches the password inputted by the user referring to the temporary DB.

The step S730 of providing the login screen to the web server 50 in the present embodiment is performed when the service server 10 or the ARS server 40 confirms that the password input from the user telephone 30 is correct, And the service server 10 provides the computer terminal with a screen that is logged in to the web server. Alternatively, if the service server 10 informs the web server 50 of the confirmation result in step S730, the web server 50 may be configured to provide the logged-in screen to the computer terminal 20. [

The embodiment described with reference to FIG. 8 is described in more detail by the operation of the service server 10 in the fourth embodiment described above, and therefore, it should be referred to.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, Various modifications and variations are possible. Therefore, the scope of the present invention should not be limited to the described embodiments, but should be determined by equivalents to the scope of the appended claims, as well as the appended claims.

10: Service server
20: Computer terminal
30: User telephone
40: ARS server
50: Web server
60: Internet network
70: User information DB

Claims (15)

In a method for logging in to a web server without exposing a password,
Inputting only the user ID of the web server to be logged-in, which is capable of accessing the web server, and providing the computer terminal with a request for authentication of the user, in order to prevent information leakage;
Receiving the user ID and the user authentication request from the computer terminal;
The web server or the service server providing an ARS telephone number to the computer terminal;
Storing and managing a user information DB including the user telephone number and the user ID and password corresponding to the web server;
The service server refers to the user information DB to check whether the ARS having the ARS telephone number has received a telephone call from the telephone number of the user having the user ID in the validity period of time; And
Providing a login screen to the web server to the computer terminal when the service server confirms that the ARS has received a telephone call from a telephone set having the user's telephone number; A method for logging into a web server without exposing a password. The method according to claim 1,
When the service server confirms that the ARS has received a telephone call from a telephone set having the telephone number of the user as a result of the checking step, the service server informs the web server of the confirmation result; Further comprising:
The step of providing the login screen may include providing the login screen to the computer terminal when the confirmation result indicates that the ARS has received a telephone call from the telephone having the telephone number of the user How to log in to the web server without exposing passwords. The method according to claim 1,
If the service server confirms that the ARS has received a telephone call from a telephone having the telephone number of the user as a result of the confirming step, the service server refers to the user information DB to inform the web server of the site of the web server Transmitting a password; And
The service server receiving a login screen of the web server from the web server; Further comprising:
Wherein the step of providing a screen logged in to the web server is performed by the service server, without exposing a password. delete The method according to claim 2 or 3,
If the ARS having the ARS telephone number receives a call from a telephone having the telephone number of the user, voice instruction to the telephone having the telephone number of the user to input a password; And
The service server checking whether the password input from the telephone having the telephone number of the user is correct by referring to the user information DB; Further comprising:
Wherein the step of providing the login screen of the web server comprises the steps of: when the ARS receives a telephone call from a telephone set having the telephone number of the user, and if the password input from the telephone set is correct, Wherein the step of providing to the computer terminal is to log into the web server without exposing the password. The method according to claim 2 or 3,
And generating a temporary DB upon receiving the user ID and the user authentication request from the computer terminal,
The temporary DB
Wherein the password includes the user ID, the telephone number of the user, and the authentication validity time. The method according to claim 6,
Wherein the verifying step comprises:
Referring to the temporary DB, checking whether the ARS having the ARS telephone number has received a telephone call within the authentication validity time from a telephone having the telephone number of the user, without exposing the password to the web server How to log in. The method according to claim 6,
Wherein the temporary DB further includes a password, wherein the password is not exposed. In order to prevent information leakage, only the user ID of the web server to log in from the computer terminal-ID-capable of accessing the web server is received and the ARS telephone number to be provided to the computer terminal is selected when the authentication request is received ;
Storing and managing a user information DB including a user telephone number and the user ID and a password corresponding to the web server;
The service server refers to the user information DB to check whether the ARS having the ARS telephone number has received a telephone call from the telephone number of the user having the user ID with the user validity time; And
Providing a login screen to the web server to the computer terminal when the service server determines that the ARS has received a telephone call from a telephone set having the telephone number of the user as a result of the checking step; A method of logging in to a web server without exposing a password. 10. The method of claim 9,
In order to prevent information leakage, only the user ID of the web server to log in from the computer terminal-ID-capable of accessing the web server is received, and when the web server or the service server receives the authentication request, Providing an ARS telephone number to do; The method of logging on to a web server according to claim 1, further comprising the steps of: 10. The method of claim 9,
When the service server confirms that the ARS having the ARS telephone number has received a telephone call from a telephone having the telephone number of the user, the service server refers to the user information DB to access the web server to the web server Transmitting a web site password and receiving a login screen from the web server; Further comprising:
The step of providing a screen logged into the web server comprises:
And a step of providing a login screen received from the web server to the computer terminal, the method comprising the steps of: . delete 10. The method of claim 9,
The method comprises:
If the password is input from the telephone having the telephone number of the user, the service server refers to the user information DB to check whether the password input from the telephone is correct; Further comprising:
Wherein the step of providing the login screen to the web server comprises the steps of: when the ARS receives a telephone call from the telephone set having the telephone number of the user, and when the password input from the telephone set is correct, A method of logging in to a web server without exposing a password, wherein the step of providing the password to the terminal is provided to the terminal. 10. The method of claim 9,
Generating a temporary DB upon receiving the user ID and the identity authentication request from the computer terminal; Further comprising:
The temporary DB
Wherein the login information includes the user ID, the telephone number of the user, and the authentication effective time, without the password being exposed. 15. The method of claim 14,
Wherein the verifying step comprises:
Referring to the temporary DB, checking whether the ARS having the ARS telephone number has received a telephone call within the authentication validity time from a telephone having the telephone number of the user, without exposing the password to the web server A computer-readable recording medium having recorded thereon a computer program for executing a method of logging in.

Images