KR102565994B1 - Method for authorizing virtual space user and system for providing virtual space - Google Patents

Abstract

The present invention relates to a virtual space user authentication method.
According to an aspect of the present invention, the step of requesting an access from a user terminal to a station desiring access; requesting an employment verification token from the station desiring access to the user terminal; requesting a URL of a station to which the user belongs from the user terminal to a management server; informing the user terminal of the URL of the station to which the user belongs from the management server; requesting, from the user terminal, the station having the URL to issue a proof of employment token; issuing an employment verification token to the user terminal from the station having the URL; transmitting the employment verification token issued from the user terminal to the station desiring access; requesting a URL of the station where the proof of residency token is issued from the station desiring access to the management server; determining, by the management server, whether the cluster to which the station requesting the URL is joined is the same as the cluster to which the station issuing the proof of residency token is joined; if the cluster to which the station requesting the URL is joined is the same as the cluster to which the station issuing the proof of residency token is joined, informing the station of the station desiring access with the URL of the station to which the proof of residency token is issued from the management server; requesting validation of the residency token from the station desiring access to the station to which the residency token has been issued; issuing an access token from the station desiring access to the user terminal when the validity of the proof of residency token is confirmed; and a virtual space user authentication method comprising accessing the station desiring access based on the access token.

Description

Virtual space user authentication method and virtual space provision system {METHOD FOR AUTHORIZING VIRTUAL SPACE USER AND SYSTEM FOR PROVIDING VIRTUAL SPACE}

It relates to a virtual space user authentication method and a virtual work providing system.

As the business environment changes rapidly, cases of collaborating with companies outside the company or seeking advice from outside companies are increasing in order to secure business competitiveness and respond promptly to market demands.

In order to select a collaboration company or advisory company outside the company, a lot of effort is required to determine if it has enough reliability to provide the relevant work. For example, if a company A needs legal advice, in order to select a law firm, it is necessary to select a reliable law firm in consideration of the number of competent lawyers and the size of the law firm. It takes effort.

In addition, in order to collaborate with or seek advice from a company outside the company, a procedure for authenticating one's identity to the collaborating company or consulting company is required. However, this procedure takes a lot of time, and there is a problem in that reliable identity authentication is difficult.

In addition, when collaborating with external companies, the need for an online virtual space for sharing data, exchanging opinions, and managing work schedules is increasing. Reflecting this demand, a system providing an online work space for uploading work data and sharing data and opinions has been provided.

However, a conventional online virtual space providing system has a disadvantage in that it cannot reliably authenticate the identity of a user who accesses the virtual space. For example, in the process of participating in a project of company B that has been contracted with company A in advance, employee A working for company A should not be able to participate in company B's project any longer if employee A resigns from company A. However, if employee A possesses the ID and password of the virtual space that shares the project data, employee A will still have access to the virtual space that shares the project data, unless there are special circumstances such as deleting the ID. can do. In this case, there is a problem in that employee A without authority may peruse confidential data or leak the data to the outside. In addition, even in the case of deleting the ID owned by employee A, since employee A does not belong to company B, the procedure is complicated and complicated.

In addition, a conventional system for sharing data by providing an online virtual space has the inconvenience of having to open a separate account (ID) to use the corresponding virtual space.

Patent Document 1: Korea Patent Registration No. 10-1687383 (2016.12.16. Notice)

Embodiments of the present invention are proposed to solve the above problems, and a virtual space providing system and virtual space capable of providing a virtual space that can cooperate with a reliable external company, seek advice, or outsource. We want to provide a user authentication method.

In addition, it is intended to provide a virtual space providing system and a virtual space user authentication method that can access the virtual space of collaborating companies, advisory companies, and outsourcing companies without complicated procedures.

In addition, it is intended to provide a virtual space providing system and a virtual space user authentication method that can reliably guarantee the identity of a user who accesses the virtual space.

In addition, it is intended to provide a virtual space providing system and a virtual space user authentication method that can improve work efficiency.

In addition, it is intended to provide a virtual space providing system and a virtual space user authentication method capable of accessing a plurality of virtual spaces with only one account without opening multiple accounts (IDs).

A virtual space user authentication method according to an embodiment of the present invention includes the steps of requesting access from a user terminal to a station desiring access; requesting an employment verification token from the station desiring access to the user terminal; requesting a URL of a station to which the user belongs from the user terminal to a management server; informing the user terminal of the URL of the station to which the user belongs from the management server; requesting, from the user terminal, the station having the URL to issue a proof of employment token; issuing an employment verification token to the user terminal from the station having the URL; transmitting the employment verification token issued from the user terminal to the station desiring access; requesting a URL of the station where the proof of residency token is issued from the station desiring access to the management server; determining, by the management server, whether the cluster to which the station requesting the URL is joined is the same as the cluster to which the station issuing the proof of residency token is joined; if the cluster to which the station requesting the URL is joined is the same as the cluster to which the station issuing the proof of residency token is joined, informing the station of the station desiring access with the URL of the station to which the proof of residency token is issued from the management server; requesting validation of the residency token from the station desiring access to the station to which the residency token has been issued; issuing an access token from the station desiring access to the user terminal when the validity of the proof of residency token is confirmed; and accessing the station desiring access based on the access token.

In the virtual space user authentication method according to an embodiment of the present invention, if the cluster to which the station requesting the URL is joined is not the same as the cluster to which the station issuing the token is joined, the management server issues the retention verification token. The method may include determining whether a station satisfies a preset condition and, if the condition is satisfied, informing the station desiring access to a URL of the station for which the proof of residency token was issued from the management server.

In the virtual space user authentication method according to an embodiment of the present invention, if the cluster to which the station requesting the URL is joined and the cluster to which the station issuing the residency token are not the same, the station that issued the residency token is a different cluster. , and if there are at least one or more clusters to which the station requesting the URL and at least one other station subscribed to the other cluster are identically joined, the station to which the proof of residency token is issued from the management server It may include a step of informing the station of the URL to the station that wants access.

In the virtual space user authentication method according to an embodiment of the present invention, the step of informing the user terminal of the URL of the station to which the user belongs by the management server includes extracting the URL of the station to which the user belongs from the management server. The extraction of the URL may be performed by confirming a URL corresponding to an ID and password pre-authenticated from the station to which the user belongs.

In the virtual space user authentication method according to an embodiment of the present invention, the step of informing, by the management server, the URL of the group module from which the proof of employment token is issued to the group module to which access is desired, and extracting a URL of the group module for which the token is issued, and the extraction of the URL may be performed by checking a URL corresponding to the proof of employment token.

A system for providing a virtual space according to an embodiment of the present invention includes a station server including a plurality of stations capable of providing a virtual space and issuing an employment verification token; A management server capable of guiding a URL requested from a user terminal or the station, and capable of determining whether a cluster to which the station requesting the URL is joined and a cluster to which the station issuing the proof of residency token are joined are the same; , the station requesting access from the user terminal may allow access if the cluster to which the station requesting the URL is joined is the same as the cluster to which the station issuing the proof of residency token is joined.

The management server of the virtual space providing system according to an embodiment of the present invention includes a storage unit for storing at least one of URL information for accessing the station, the station information, and the cluster information; a third URL management unit that transmits a URL corresponding to the employment verification token to the station or a URL corresponding to an ID and password to the user terminal; and a cluster determining unit for determining whether a cluster to which the station requesting the URL is joined is the same as a cluster to which the station issuing the proof of residency token is joined.

The management server of the system for providing a virtual space according to an embodiment of the present invention may include a condition calculation unit that determines whether a station issuing the proof of employment token satisfies a predetermined condition.

The preset conditions of the virtual space providing system according to an embodiment of the present invention may include one or more of the type of job, assets, and staff size of the company to which the station belongs, services that can be provided, and services to be provided.

The station of the virtual space providing system according to an embodiment of the present invention is a second employment verification token manager capable of issuing an employment verification token proving the user's employment or verifying the validity of the employment verification token submitted from the user terminal. ; a second URL management unit requesting the URL corresponding to the submitted employment verification token to the management server; An access permission token management unit issuing an access permission token when validity of the submitted employment verification token is confirmed, and the station requested access from the user terminal, when the access permission token is submitted through the user terminal access can be allowed.

The second residency token management unit of the system for providing a virtual space according to an embodiment of the present invention may include: an employment verification token requesting unit requesting submission of the employment verification token when there is a request for access to the station from the user terminal; an employment verification token issuing unit that issues an employment verification token when there is a request for issuance of the employment verification token from the user terminal; When the job verification token issued from the user terminal is submitted, a job verification token validation unit may be included to check the validity of the submitted job verification token.

The virtual space providing system and virtual space user authentication method according to embodiments of the present invention have advantages in providing a virtual space that can be cooperated with, consulted with, or outsourced to a trusted external company.

In addition, you can access the virtual space of collaborating companies, advisory companies, and outsourcing companies without complicated procedures.

In addition, the identity of the user accessing the virtual space can be reliably guaranteed.

In addition, work efficiency can be improved.

In addition, it is possible to access a plurality of virtual spaces with only one account without opening multiple accounts (IDs).

1 is a flowchart illustrating a user authentication method of a virtual space providing system according to an embodiment of the present invention.
2 is a flowchart illustrating a user authentication method of a virtual space providing system according to an embodiment of the present invention.
3 is a flowchart illustrating a user authentication method of the virtual space providing system according to FIGS. 1 and 2 in another method.
Figure 4 is a block diagram showing the configuration of the user terminal of Figure 1;
5 is a block diagram showing the configuration of the station server of FIG. 1;
6 is a block diagram showing the configuration of the management server of FIG. 1;
FIG. 7 is a conceptual diagram schematically illustrating an authentication method according to a relationship between stations and clusters of FIG. 2 .

Hereinafter, specific embodiments of the present invention will be described in detail with reference to the drawings.

In addition, in describing the present invention, if it is determined that a detailed description of a related known configuration or function may obscure the gist of the present invention, the detailed description will be omitted.

1 is a flow chart showing a user authentication method of a virtual space providing system according to an embodiment of the present invention, FIG. 2 is a flow chart showing a user authentication method of a virtual space providing system according to an embodiment of the present invention, and FIG. is a flow chart showing the user authentication method of the virtual space providing system according to FIGS. 1 and 2 in another method, FIG. 4 is a block diagram showing the configuration of the user terminal of FIG. 1, and FIG. 5 is the configuration of the station server of FIG. 1 , and FIG. 6 is a block diagram showing the configuration of the management server of FIG. 1 .

1 to 6 , a virtual space providing system 10 according to an embodiment of the present invention may include a user terminal 100, a station server 200, and a management server 300.

The virtual space providing system 10 of the present invention provides a virtual space to a user, and the user can use various information, services, and the like provided in the virtual space. For example, at the request of a company, stations 210, 220, and 230, which are virtual spaces of the company, are formed, and each station 210, 220, and 230 forms a cluster (A, B) that is an aggregate of stations. can do.

A station may be understood as a module providing a virtual space formed at the request of a company or a group of two or more persons, and a cluster may be understood as an aggregate of stations satisfying certain conditions. For example, if the first station 210 is a module that provides a virtual space formed at the request of a distribution company and the second station 220 is a module that provides a virtual space formed at the request of a legal service company, The first station 210 formed at the request of the distribution company and the second station 220 formed at the request of the legal service company form a first cluster A, and a first station belonging to the first cluster A An incumbent (user) of the station 210 may access the second station 220 and receive legal services provided by the second station 220 . At this time, the incumbent (user) of the first station 210 goes through an authentication procedure for accessing the second station 220, which will be described in detail later. Here, the legal service is only described as an example, and may include all known fields such as labor, medicine, IT, and education.

Also, one station may be joined to a plurality of clusters, and thus one station may have a plurality of clusters.

Since a cluster is an aggregation of stations that satisfy certain conditions, it can be understood that mutual trust is established between stations joined to the cluster. That is, users belonging to the same cluster can access other stations only with a simple authentication procedure provided by the present invention.

In addition, the virtual space providing system 10 of the present invention may provide a virtual space in which a user collaborates. For example, it can be assumed that when a specific project is carried out by company B, the project is carried out in collaboration with employees of company A. In this case, a virtual work space is created at the request of company B, and employees of company A can carry out a project in the virtual work space together with employees of company B. Here, the virtual work space may be formed at the request of a company or a group including two or more users.

In addition, the virtual space providing system 10 of the present invention can provide a system for authenticating whether a user belongs to a station that satisfies a certain condition, such as sharing the same cluster. For example, when a user belonging to the first station 210 wants to access the second station 220 through the user terminal 100, the first station 210 and the second station 220 are the same cluster. Whether or not the user can access the second station 220 may vary depending on whether the user belongs to the .

In addition, the virtual space providing system 10 of the present invention can provide a system capable of authenticating the identity of a user who wants to access a virtual space. For example, when an employee of company A wants to access a virtual space of company B, the identity of the employee of company A can be confirmed by the management server 300 and the station server 200 .

The user terminal 100 may be connected to the station server 200 and the management server 300 through a network. Here, the network refers to a connection structure capable of exchanging information between nodes such as terminals and servers. Examples of such networks include a 3rd Generation Partnership Project (3GPP) network and a Long Term Evolution (LTE) network. ) network, WIMAX (World Interoperability for Microwave Access) network, Internet (Internet), LAN (Local Area Network), Wireless LAN (Wireless Local Area Network), WAN (Wide Area Network), PAN (Personal Area Network), Bluetooth ( Bluetooth) network, satellite broadcasting network, analog broadcasting network, DMB (Digital Multimedia Broadcasting) network, etc. are included, but are not limited thereto. In addition, the user terminal 100 may include a PC, a smart phone, and the like as an example.

The station server 200 may include a plurality of stations. Although FIGS. 1 and 2 show three stations 210, 220, and 330 for convenience of description, a plurality of stations may be formed at the request of a company, and the number is not limited.

Each station (210, 220, 2320) provides a pod (POD), which is a virtual work space, and multiple users can collaborate in each pod. Here, a POD can be understood as a concept corresponding to a work space. For example, pods can be provided for each work project.

In addition, each of the stations 210 , 220 , and 230 can authenticate the identity of a user who wants to access through the user terminal 100 by issuing an employment verification token and an access permission token.

Here, the proof-of-employment token is a concept corresponding to a proof-of-employment certificate, and can be understood as a means of proving that a user belongs to a corresponding station. For example, when the first station 210 is formed at the request of company A, the employment verification token issued by the first station 210 is understood as a means (certificate of employment) proving that the user belongs to company A. It can be.

In addition, an access permission token is a concept corresponding to an access permission document, and can be understood as a means for permitting access to a station that a user wants to access. For example, when the user terminal 100 submits an employment verification token to the second station 220 and the user's identity is authenticated (they are employed by company A), the second station 220 issues an access permission token. Thus, the user can access the second station 220 through the user terminal 100 .

The management server 300 stores and manages the information of the stations 210, 220, and 230 and the clusters A and B, and the cluster to which the station requesting the URL is joined and the station issuing the proof of residency token are joined. It may be determined whether they are the same, and a detailed description thereof will be described later.

In addition, the management server 300 may be a component for verifying the identity of a user having an access request. The management server 300 does not directly verify the user's identity, but may check the URL of the station where the ID and password were issued and the URL of the station where the proof of employment token was issued. Here, URL (Uniform Resource Locator) may be understood as an address for accessing each station.

In addition, the management server 300 may check and extract a URL corresponding to the issued proof of employment token, and may guide where the address (URL) of the station where the proof of employment token was issued is located.

In addition, the management server 300 checks the URL corresponding to the preset ID and password, and may provide guidance on the address (URL) of the station where the ID and password were authenticated and issued.

According to each configuration of the virtual space providing system 10 according to an embodiment of the present invention, it is possible to access one of the plurality of stations 200 through a preset authentication process from the user terminal 100 .

When the first station 210 and the second station 220 belong to the first cluster A, and the first station 210 and the third station 230 belong to the second cluster B , An authentication process for accessing the second station 220 from the terminal 100 of a user belonging to the first station 210 is described as follows (see FIG. 1).

When the access manager 111 of the user terminal 100 of the user belonging to the first station 210 requests access to the second station 220 (Step 1), the second proof of employment of the second station 220 The token management unit 222 requests the user terminal 100 a proof of employment token (step 2). Here, the step of requesting access can be understood as inputting a station to which the user wants to access to an input unit (not shown) of the terminal. For example, if the second station 220 includes a virtual space formed at the request of company B, and if company B is entered in an input unit (not shown), an access request may be made to the second station 220. there is. Here, a user belonging to the first station 210 may be understood as an employee of a company requesting formation of the first station 210 . In addition, a user not belonging to a station may be understood as a user who does not currently work or belong to a company, or a user who does not form a station in a company.

After that, when an ID and a password are entered into the user terminal 100, the first URL management unit 114 of the user terminal 100 requests the management server 300 for a URL for accessing the first station 210 ( Step 3), the management server 300 guides the URL for accessing the first station 210 to the first URL manager 114 (step 4). More specifically, the third URL management unit 312 of the management server 300 finds a URL corresponding to the ID and password among the URLs stored in the URL storage unit 311 and guides the URL to the first URL management unit 114. . Here, the ID and password are issued and authenticated by the personnel management unit 218 of the first station 210 to which the user belongs, and the URL storage unit 311 stores a URL for accessing a station corresponding to the ID and password. may be doing

Thereafter, the first employment verification token management unit 112 of the user terminal 100 requests the employment verification token from the first station 210 (step 5). The job verification token of step 5 is requested by the second station 220 and is valid only when accessing the second station 220 .

Thereafter, the second residency token management unit 212 of the first station 210 issues the user terminal 100 an employment validation token for accessing the second station 220 (step 6). Specifically, the employment verification token issuing unit (not shown) of the second employment verification token management unit 212 may issue the employment verification token after validating the ID and password.

Then, the first employment verification token management unit 112 of the input unit 100 transmits the employment verification token issued from the first station 210 to the second employment verification token management unit 222 of the second station 220. (Step 7).

Thereafter, the second station 220 transmits the received proof of employment token information to the management server 300 in order to verify the validity of the proof of employment token issued by the first station 210, and then the received proof of employment Request the URL of the station where the token was issued (step 8). Specifically, a URL corresponding to the proof of employment token received from the second URL management unit 224 may be requested from the management server 300 .

Thereafter, the cluster (first cluster A) to which the second station 220 requesting the URL by the management server 300 is joined and the cluster to which the first station 210 issuing the residency token is joined (first cluster (A)). 1 It is determined whether the clusters (A) are the same. Specifically, the cluster determining unit 317 determines whether the first station 210 and the second station 220 belong to the same cluster (first cluster (A)).

If it is determined that the first cluster (A) to which the second station 220 requesting the URL is joined and the first cluster (A) to which the first station 210 issuing the employment verification token are joined, the management server ( 300) checks and extracts the URL corresponding to the proof of employment token submitted from the second station 220 and the proof of employment token stored in the management server 300, and then converts the URL of the station where the token was issued to the second station 220 ) (step 9). Here, the URL storage unit 311 of the management server 300 may store the URL of the station where the proof of residency token is issued, and the third URL management unit 312 sends the URL request to the second station 220. Guide the URL.

Thereafter, the second station 220 requests the first station 210 to confirm the validity of the proof of employment token submitted from the user terminal 100 based on the URL provided from the management server 300 (10 step, step 11).

Specifically, the second station 220 requests the first station 210 to verify the validity of the submitted employment verification token from the second employment verification token management unit 222, and the first station 210 performs the second verification of employment verification. Confirms whether the proof of employment token submitted by the token management unit 212 is valid.

If the submitted proof of employment token is valid, the second station 220 issues an access permission token to the user terminal 100 (step 12). For example, an access permission token may be issued from the access permission management unit 226 of the second station 220 to the connection management unit 111 of the user terminal 100 .

Then, after submitting the access permission token to the second station through the user terminal 100, the second station 220 can be accessed (step 13).

After accessing the second station 220, the user can collaborate with other companies according to teams and projects in the virtual space provided by the business management unit 219. As an example, each task management unit 219 includes a plurality of pods (PODs) in which each project can be performed, and a user who accesses each pod (POD) can operate within the pod (POD) according to the purpose of the project. can do the job.

Also, a user of the first station 210 connected to the second station 220 may use a service provided by the second station 220 .

For example, when the business management unit 229 of the second station 220 provides information on legal services, the user of the first station 210 receives information on legal services provided by the second station 220. is available. However, the legal service is only described as an example, and may include all known fields such as labor, medicine, IT, and education.

Similarly, the first station 210 and the second station 220 belong to the first cluster (A), and the first station 210 and the third station 230 belong to the second cluster (B). If there is, an authentication process for accessing the third station 230 from the terminal 100 of a user belonging to the first station 210 also goes through the same principle.

Specifically, when the access management unit 111 of the user terminal 100 of the user belonging to the first station 210 requests access to the third station 230 (step 1'), the third station 230 The user terminal 100 requests an employment verification token (Step 2').

Thereafter, after going through steps 3, 4, 5, and 7 described above, and going through steps 8' to 13', the third station 230 can be accessed through the user terminal 100. Here, steps 8' to 13' are processes of the same principle as steps 8 to 13 described above, and thus detailed descriptions are omitted.

When the first station 210 and the second station 220 belong to the first cluster A, and the first station 210 and the third station 230 belong to the second cluster B , An authentication process for accessing the second station 220 from the terminal 100 of a user belonging to the third station 230 will be described as an example (see FIG. 2).

When the connection management unit 111 of the user terminal 100 of the user belonging to the third station 230 requests access to the second station 220, the same process as the above-described steps 1 to 8 is performed.

After step 8, the cluster to which the second station 220 requesting the URL by the management server 300 is joined (the first cluster (A)) and the cluster to which the third station 230 that issued the residency token is joined ( It is determined whether the second cluster (B)) is the same. Specifically, the cluster determination unit 317 determines whether the second station 220 and the third station 230 belong to the same cluster.

The second station 220 belongs to the first cluster (A) and the third station 230 belongs to the second cluster (B), so if it is determined that they are joined to different clusters, the user terminal 100 Through this, it is possible to indicate that access to the second station 220 is not possible. Specifically, the cluster determination unit 317 of the management server 300 transmits an access prohibition signal to the access permission management unit 226 of the second station 220 (step F1), and the access permission management unit 226 transmits a user A connection failure signal is transmitted to the connection management unit 111 of the terminal 100 (step F2), and the user terminal 100 may display an access failure message to the user.

However, in the management server 300, the first cluster (A) to which the second station 220 requesting the URL is joined and the second cluster (B) to which the third station 230 issuing the employment verification token are joined are the same. Even if not, the condition calculation unit 318 of the management server 300 determines whether the third station 230 that issued the proof of employment satisfies the preset condition, and if the condition is satisfied, the third station 230 ) to the second station 220. After the URL is guided to the second station 220, the process of the same principle as that of steps 9 to 13 described above can be performed, and detailed descriptions are omitted.

Here, the predetermined condition is to determine whether the third station 230 that issued the proof of employment token is subscribed to another cluster (eg, the second cluster (B)), and determine whether the other cluster (eg, the second cluster (B)) (B) A cluster (first cluster (A)) to which at least one other station (eg, the first station 210) subscribed to) and the second station 220 requesting the URL are identically joined There may be at least one or more.

Referring to FIG. 7 as an example, in more detail, when the user of the third station 230 wants to access the second station 220, the third station 230 and the second station 220 belong equally. There is no cluster (the second station 220 belongs to the first cluster A and the fourth cluster D, and the third station 230 belongs to the second cluster B and the third cluster C). has exist).

However, other stations (5th, 6th, 7th stations 250, 260, 270) joined to the cluster (2nd and 3rd clusters (C, B)) to which the third station 230 is a member and the second The stations 220 share two clusters (the first cluster (A) and the fourth cluster (C)).

In this case, although the first cluster A to which the second station 220 is joined and the second cluster B to which the third station 230 is joined are not the same, the third station 230 The URL may be guided to the second station 220 .

In addition, the preset condition may be a case where the third station 230 that issued the proof of employment token has a preset size (eg, asset size of 10 billion, number of employees of 100 or more). However, these preset conditions are only examples, and various preset conditions may be input to the management unit 300 . Here, the preset condition may be programmed into the cluster determining unit 317 .

Hereinafter, a specific physical configuration capable of implementing the above-described process of accessing the second station 220 from the user terminal 100 will be described.

The virtual space providing system 10 according to an embodiment of the present invention may include a user terminal 100 , a station server 200 and a management server 300 .

The user terminal 100 includes an access management unit 111 requesting access to a station desiring access, a system for requesting the issuance of an employment verification token to a station to which the user belongs, or transmitting the issued employment verification token to a station desiring access. 1 may include a proof of ownership token management unit 112 and a first URL management unit 114 requesting a URL for accessing a station to which a user belongs from the management server 300 .

The station server 200 may provide a plurality of stations. Hereinafter, three stations will be described as an example, but each station is formed at the request of a company, and the number is not limited.

Each of the stations 210, 220, and 230 includes a second employment verification token management unit 212, 222, and 232, a second URL management unit 214, 224, and 234, an access permission management unit 216, 226, and 236, and a personnel management unit. (218, 228) and business management units (219, 229) may be included.

The second employment verification token management unit 212 , 222 , 232 may issue an employment verification token to prove the user's employment and check the validity of the employment verification token submitted from the user terminal. Specifically, the second employment verification token management unit (212, 222, 232) is an employment verification token requesting unit (not shown) requesting submission of the employment verification token when there is an access request from the user terminal, the employment verification token from the user terminal An employment verification token issuing unit (not shown) that issues an employment verification token when there is an issuance request, and an employment verification token validation unit (not shown) that verifies the validity of the employment verification token submitted from the user terminal. can

The second URL manager 214 , 224 , 234 may request a URL corresponding to the submitted proof of employment token to the management server in the request 300 .

The access permission management unit 216, 226, 236 may issue an access permission token when the validity of the employment verification token is confirmed. Meanwhile, the user terminal 100 may access the station that issued the access permission token by submitting the access permission token issued by the access permission management unit 216 . Here, when the validity of the proof of employment token is confirmed, it can be understood that the submitted proof of employment token matches the proof of employment token issued by the own station that has received the authentication request. For example, when the first station 210 issues a C proof-of-employment token and the second station 220 requests the first station 210 to verify the validity of the C proof-of-employment token, the first station 210 ) can confirm that the C proof-of-employment token matches the one issued by it.

The personnel management units 218, 228, and 238 may issue and manage IDs and passwords of company members or group users. These IDs and passwords can be effectively used even when accessing corporate modules formed at the request of other companies. For example, if Company A issues IDs and passwords to members of Company A, it is possible to access a station created at the request of Company B using the ID and password issued by Company A.

In addition, the personnel management units 218 , 228 , and 238 may transmit information about companies managed by the personnel management unit to the station information storage unit 313 of the management server 300 .

When a user belonging to another station accesses the task manager 219, 229, or 239, the service provided by the corresponding station can be provided to the user. For example, when the second station 220 provides legal services, when a user belonging to the first station 210 accesses the second station 220, the legal service is provided to the user through the business management unit 229. can provide information. Specifically, when a user posts a law-related article to the business management unit 229 , related information may be provided to the user through the business management unit 229 .

In addition, the business management unit 219 , 229 , 239 may provide a pod, which is a virtual work space, to corporate members or the group users. Here, a plurality of pods (PODs) can be formed. For example, PODs can be provided per project, and closed after the project is complete.

In addition, the task management units 219, 229, and 239 may include a task progress status unit (not shown) capable of checking the progress of a preset task. For example, the task progress status unit may display how much a preset user or a preset group has progressed with respect to a preset task. For example, in the task progress status unit, task not started, task started, task 50% completed, specific task completed, specific task not performed, task progress completed, etc. may be displayed.

In addition, the task management units 219, 229, and 239 may include a related person designation unit (not shown) capable of designating a related person for the preset task. For example, the designated related person may be a related person at a horizontal position within or outside the affiliated enterprise, or a colleague at a higher or lower level relationship within the affiliated enterprise or at an equal position. At this time, the designated related person can be notified that the posts uploaded on the Pod (POD) are related to him. Here, the means for receiving notification may be a push notification of a mobile terminal, sending mail to an external email account, or a talk messenger (eg, KakaoTalk, etc.).

In addition, the task management units 219, 229, and 239 may include a category designation unit (not shown) capable of setting categories for preset tasks. The category designation unit may be able to confirm which work area the preset work corresponds to. Here, the category may be input using a predetermined input method. For example, when a user uses a smartphone (user terminal), several categories of work are listed and displayed on the screen of the smartphone, and when the user touches a corresponding work category part among these displayed category lists, the corresponding work category is displayed. Tasks may be labeled with selected categories.

In addition, the task management units 219, 229, and 239 may include a data leakage prevention unit (not shown) that prevents leakage of data uploaded to a pod. In addition, the Data Leakage Prevention Unit can designate that only pre-set users can download uploaded data, and can set other users to disable data download outside the Pod. For example, when employees of company A work together on a project in a pod (POD) of the second station 220 formed by company B, the employees of company A can only work in the pod (POD) of the second station 220. You can perform work or view the data, and you can set it to be impossible to download outside of it.

In addition, the task management units 219, 229, and 239 may include a deep learning unit (not shown) that collects and analyzes data information uploaded to a pod.

The deep learning unit may analyze phenomena occurring in other stations based on information collected from one station.

In addition, the deep learning unit may transmit information of the corresponding data to another station or notify the information collected and analyzed by deep learning at the request of the other station. Here, deep learning may be defined as a set of machine learning algorithms that attempt to summarize key contents or functions in a large amount of data or complex data uploaded to each station.

In addition, the business management units 219, 229, and 239 may include a publicity unit (not shown) capable of exhibiting and publicizing services that each company wants to provide.

The public relations department may be openly set in a plurality of stations, and in this case, a plurality of persons concerned may read corporate data or sale items displayed in the public relations department. As an example, the first station 210 established by company A includes a publicity department, and company A may post its main sales product in the publicity department. In this case, company B may be configured to purchase items for sale posted by the PR department of the first station 220 through the second station 220 .

The management server 300 may include a storage unit that stores at least one of URL information for accessing the stations 210, 220, and 230, information about the stations 210, 220, and 230, and information about the clusters A and B. . Specifically, a URL storage unit 311 that stores URL information for accessing the stations 210, 220, and 230, a station information storage unit 313 that stores information about the stations 210, 220, and 230, and a cluster (A) , B) may include a cluster information storage unit 315 for storing information.

The station information storage unit 313 may store information on each station. When forming each station 210 , 220 , 230 , conditions for inputting company information may be set, and information input by each company may be stored in the station information storage unit 313 . For example, when company A requests the management server 300 to form the first station 210, it is necessary to enter company A's job type, assets, employee size, services that can be provided, services to be provided, etc., and the station information storage unit 313 may store this information.

In addition, the changed information of each station may be managed by the station information management unit 313 .

Also, the station information storage unit 313 may receive information stored in the personnel management units 218 , 228 , and 238 of the station server 200 .

The cluster information storage unit 315 may store cluster information to which each station belongs. For example, the cluster information storage unit 315 stores information about clusters, such as the number of currently formed clusters, stations belonging to each cluster, services required by the clusters, services that the clusters can provide, goals pursued by the clusters, and the like. A variety of information can be stored.

The cluster information management unit 316 may manage information stored in the cluster information storage unit 315 . For example, if there are a plurality of stations of the same industry in the cluster information storage unit 315, this may be provided as a new station.

In addition, the management server 300 includes a third URL management unit 312 that transmits the URL corresponding to the proof of employment token to the station or the URL corresponding to the ID and password to the user terminal, and the station requesting the URL is subscribed. A cluster determination unit 317 for determining whether the cluster and the cluster to which the station issuing the proof of residency token is joined may be the same.

The cluster determining unit 317 determines whether the user of the station that issued the proof of residency token meets the conditions for accessing the station desired to access, and determines whether or not to guide the URL. For example, when a condition is set that only users of the stations 210 and 220 belonging to the first cluster A can access other stations 210 and 220 belonging to the first cluster A, When a user of the third station 230 belonging to cluster 2 makes an access request to the second station 220, an access impossible signal may be transmitted to the second station 220.

In addition, the cluster determination unit 317 may determine whether or not the station issuing the proof-of-employment token satisfies a preset condition, and guide the URL to the station desiring access. For example, when a user of the third station 230 belonging to the second cluster (B) requests access to the second station 220 belonging to the first cluster (A), the two stations are located in the same cluster. Even if they do not belong, they can access the second station 220 if they satisfy a preset condition.

The management server 3000 may include a condition calculator 318 that determines whether a station that issued an employment verification token satisfies a preset condition. For example, if the predetermined condition is a condition for guiding a URL when a station is formed by a company with assets of 1 billion or more, if the asset of the company that formed the third station 230 is 1.1 billion, the third station ( 230) The user may access the first station 210.

In addition, the management server 300 may include a URL storage unit 312 that stores URLs for station access. For example, the URL storage unit may store URLs corresponding to IDs and passwords issued by each station. In this case, the URL may be a virtual address for accessing the station that issued the corresponding ID and password.

In addition, the management server 300 may request the issuance of a proof of employment token from the user terminal 100 or the stations 210, 220 and 230 to a specific station 220 and 210 or request validation of the issued proof of employment token. When there is a request for guidance of a URL, the requested URL may be provided. Here, a specific station may be understood as a station to which a user belongs.

In addition, the URL storage unit may store a URL corresponding to the proof of employment token issued by each station. In this case, the URL may be a virtual address for accessing the station that issued the proof-of-employment token.

In addition, the management server 300 includes a third URL management unit 312 that transmits the URL corresponding to the proof of employment token to the station 210, 220, 230 or transmits the URL corresponding to the ID and password to the user terminal. can do. For example, the URL stored in the URL storage unit 311 may be transmitted to the user terminal 100 or each station 210 , 220 , and 230 through the third URL management unit 312 .

In addition, a plurality of management servers 300 are provided, and each management server 300 may encrypt and distribute URLs for accessing stations 210 , 220 , and 230 . For example, the management servers 300 may be deployed for each country, and each management server may store only a part of the entire URL. After that, when URL is transmitted to the user terminal 100 or the stations 210 and 220, URL information encrypted in each management server 300 can be decoded and transmitted. For example, such encryption and decryption may utilize blockchain technology.

Although the virtual space user authentication method and virtual space providing system according to an embodiment of the present invention have been described as specific embodiments, this is only an example, and the present invention is not limited thereto, and the best should be construed as having a range of A person skilled in the art may implement a pattern of a shape not indicated by combining or substituting the disclosed embodiments, but this also does not deviate from the scope of the present invention. In addition, those skilled in the art can easily change or modify the disclosed embodiments based on this specification, and it is clear that such changes or modifications also fall within the scope of the present invention.

10: virtual space providing system 100: input unit
111: access management unit 112: first proof of employment token management unit
114: first URL management unit 200: station server
210: first station 220: second station
230: third station
212, 222, 232: second proof of employment token management unit
214, 224, 234: second URL management unit 216, 226, 236: access permission management unit
Reference Numerals 218, 228, 238: Personnel management department 219, 229, 239: Business management department 300: Management server 311: URL storage unit
312: 3rd URL management unit 313: station information storage unit
314: station information management unit 315: cluster information storage unit
316: cluster information management unit 317: cluster determination unit
318: condition calculation unit

Claims (11)

requesting access from a user terminal to a station desiring access;
requesting an employment verification token from the station desiring access to the user terminal;
requesting a URL of a station to which the user belongs from the user terminal to a management server;
informing the user terminal of the URL of the station to which the user belongs from the management server;
requesting, from the user terminal, the station having the URL to issue a proof of employment token;
issuing an employment verification token to the user terminal from the station having the URL;
transmitting the employment verification token issued from the user terminal to the station desiring access;
requesting a URL of the station where the proof of residency token is issued from the station desiring access to the management server;
determining, by the management server, whether the cluster to which the station requesting the URL is joined is the same as the cluster to which the station issuing the proof of residency token is joined;
if the cluster to which the station requesting the URL is joined is the same as the cluster to which the station issuing the proof of residency token is joined, informing the station of the station desiring access with the URL of the station to which the proof of residency token is issued from the management server;
requesting validation of the residency token from the station desiring access to the station to which the residency token has been issued;
issuing an access token from the station desiring access to the user terminal when the validity of the proof of residency token is confirmed;
and accessing the station desiring access based on the access token. According to claim 1,
If the cluster to which the station requesting the URL is joined is not the same as the cluster to which the station issuing the proof of residency token is joined,
It is determined by the management server whether the station that issued the proof of residency token satisfies a preset condition, and if the condition is satisfied, the URL of the station from which the proof of residency token was issued is transmitted from the management server to the station desiring access. A virtual space user authentication method including guiding steps. According to claim 1,
If the cluster to which the station requesting the URL is joined is not the same as the cluster to which the station issuing the proof of residency token is joined,
It is determined whether the station issuing the proof of residency token is joined to another cluster, and if there are at least one cluster to which the station requesting the URL is identically joined to at least one other station joined to the other cluster, the management server and guiding a URL of the station to which the proof of residency token is issued to the station desiring access. According to claim 1,
In the step of the management server informing the user terminal of the URL of the station to which the user belongs,
Extracting a URL of the station to which the user belongs from the management server;
The extraction of the URL is performed by checking a URL corresponding to an ID and password previously authenticated from the station to which the user belongs. According to claim 1,
In the step of the management server informing the URL of the group module issued with the proof of employment token to the group module to which access is desired,
Extracting, in the management server, the URL of the group module for which the proof of employment token is issued;
The extraction of the URL is performed by checking the URL corresponding to the proof of employment token. a station server including a plurality of stations capable of providing a virtual space and issuing a proof-of-employment token;
A management server capable of guiding a URL requested from a user terminal or the station, and capable of determining whether a cluster to which the station requesting the URL is joined and a cluster to which the station issuing the proof of residency token are joined are the same; ,
The virtual space providing system of claim 1 , wherein the station requesting access from a user terminal permits access when a cluster to which the station requesting the URL is joined and a cluster to which the station issuing the proof of residency token is joined. According to claim 6,
The management server,
a storage unit for storing at least one of URL information for accessing the station, information of the station, and information of the cluster;
a third URL management unit that transmits a URL corresponding to the employment verification token to the station or a URL corresponding to an ID and password to the user terminal;
and a cluster determining unit determining whether a cluster to which the station requesting the URL is joined is the same as a cluster to which the station issuing the proof of residency token is joined. According to claim 7,
The management server
and a condition calculation unit determining whether the station issuing the proof of employment token satisfies a preset condition. According to claim 8,
The predetermined condition is a virtual space providing system that includes one or more of the type of job, assets, employee size, services that can be provided, and services to be provided of the company to which the station belongs. According to claim 6,
The station is
a second employment verification token management unit capable of issuing an employment verification token proving the user's employment or verifying the validity of the employment verification token submitted from the user terminal;
a second URL management unit requesting the URL corresponding to the submitted employment verification token to the management server;
Including an access permission token management unit that issues an access permission token when the validity of the submitted proof of employment token is confirmed,
The virtual space providing system of claim 1 , wherein the station requested for access from the user terminal permits access when the access permission token is submitted through the user terminal. According to claim 10,
The second proof of employment token management unit,
an employment verification token requesting unit requesting submission of the employment verification token when there is a request for access to the station from the user terminal;
an employment verification token issuing unit that issues an employment verification token when there is a request for issuance of the employment verification token from the user terminal;
and an employment verification token validation unit configured to verify validity of the submitted employment verification token when the employment verification token issued from the user terminal is submitted.

Images