KR20190065007A - Method and system for providing portal-site relay service - Google Patents

Abstract

The present invention relates to a method for providing a portal site relaying service and a system thereof. More particularly, the present invention relates to a method for providing a portal site relaying service and a system thereof which manage personal authentication information of each user, and connect the user to a portal site after performing user authentication when the user accesses the portal site. According to the present invention, by using a user ID, user random number, and an asymmetric key pair, provided is the portal site relaying service which allows users to enjoy convenience of accessing directly to each portal site with only single authentication information without having to remember ID and password for every portal site.

Description

[0001] METHOD AND SYSTEM FOR PROVIDING PORTAL-SITE RELAY SERVICE [0002]

The present invention relates to a portal site relay service providing method and a service providing server thereof, and more particularly, to a portal site service providing method and a service providing server thereof, in which a portal site server confirms that a portal site server is a user by utilizing a pair of asymmetric keys stored at the time of registration and user random numbers generated at every registration, System. First, user private key and public key are created in user terminal, user public key is stored in portal server in registration phase, and user private key and user public key are stored in user terminal. Also, the user terminal generates a user random number hash by hashing the one or more user random numbers, which are different each time the user registers, authenticates, or leaves the user, and transmits the hash to the portal site server through the portal site relay server in advance. And stores the encrypted random number hash, and then hashes the encrypted random number hash to another user's terminal that has finally transmitted to the portal site, encrypts the user random number hash, ) Is verified to be the same as that obtained by decrypting the portal site server with the user public key, it can be confirmed that the person who made the signature is the user due to the characteristics of the asymmetric key. Therefore, the portal site server compares the hash of the user's random number hash sent in advance by the portal site relay server and the decrypted user's random number hash encryption finally sent by the user terminal using the asymmetric key Therefore, it can be confirmed that the user is a user due to the nature of the signature.

Unlike the existing FIDO (Fast Identity Online), FIDO generates random random number (server challenge) in the server, gives it to the client, hashes the client, and sign it with the asymmetric key and sends it back to the server. The user's random number of the invention is hashed and the signature of the asymmetric key is transmitted from the user terminal to the portal site server through the portal site relay server and to the portal site server immediately before the terminal is finally connected to the portal site. Lt; RTI ID = 0.0 > direction. ≪ / RTI >

On the Internet, users must remember login information separately for each portal site. Of course, there is a way to manage all the same ID passwords, but nowadays, it is very troublesome to unify them because the password configuration requirements are different for each portal site.

Also, each portal site has a burden of managing login information of each user to be subscribed. It's not just about managing an identity password. That is, when the user forgets the ID or the password, it is necessary to provide other information to be memorized, or to perform various personal authentication methods to newly assign an ID password.

KR 10-2015-0137518 A

SUMMARY OF THE INVENTION The present invention has been made to overcome the above problems, and it is an object of the present invention to provide a portal site relay server, which is convenient as SSO (Single Sign On) and has a high security level such as FIDO, The purpose is to provide.

Therefore, the user does not have to remember the ID and password separately for each portal site, and enjoys the convenience of accessing each portal site directly with a single user ID and asymmetric key pair, The goal is to provide a portal site relay service.

In order to achieve the above object, a method for performing a portal site registration of a user in a portal site relay server according to the present invention comprises the steps of: (a) receiving, from a terminal of a user requesting registration at a portal site (Hereinafter, referred to as 'first signature generation data') and data (hereinafter referred to as 'i-signature') generated by signing the first signature generation data ; (b) verifying the integrity of the first signature; (c) storing a user ID; And (d) transmitting the first signature creation data and the first signature to the portal site server.

Wherein the first signature generation data received in step (a) from the user terminal further includes a user public key for decrypting the first signature, and the integrity verification of the first signature in step (b) by verifying whether or not a hash obtained by decrypting the signature with the user public key is equivalent to hashing the signature generation data.

Between step (b) and step (d), (b1) storing the received user public key.

The first signature generation data may further include data obtained by hashing a random number generated in the user terminal (hereinafter referred to as a 'user random number hash').

The first signature generation data further includes a user tagging number # 1 in which the user terminal increases the existing value by 1 before transmitting the data of the step (a) to the portal site relay server , And (b2) checking whether the received tagging number # 1 is incremented by 1 from the existing value between the step (b) and the step (c).

According to another aspect of the present invention, there is provided a method for a portal site relay server performing authentication or withdrawal from a portal site when a user logs in to a portal site includes the steps of: (a) (Hereinafter, referred to as 'first signature generation data') and data generated by signing the first signature generation data (hereinafter, referred to as 'first signature'), ; And (b) transmitting the first signature creation data and the first signature to the portal site server.

The first signature generation data may further include data obtained by hashing a random number generated in the user terminal (hereinafter referred to as a 'user random number hash').

The signature generation data may further include a user tagging number # 1 in which the user terminal increases the existing value by 1 before transmitting the data of the step (a) to the portal site relay server .

According to another aspect of the present invention, there is provided an application program stored in a non-temporary storage medium, executed by a processor, and performing a method for registering on a portal site through a portal site relay server, comprising: (a) Transmitting a registration request to the portal site server; (b) receiving a registration request screen from the portal site server; (c) connecting to the portal site relay server by pressing submit of the portal site relay server after receiving the user ID from the user; (d) storing the user ID; (e) generating data (hereinafter referred to as 'first signature') to be transmitted to the portal site relay server by signatureing data including the user ID (hereinafter, referred to as 'first signature generation data') ; (f) transmitting the first signature and the first signature creation data to a portal site relay server; (g) generating data (hereinafter, referred to as 'second signature') to be transmitted to the portal site server by signatureing data including the user ID (hereinafter referred to as 'second signature generation data'); (h) transmitting the second signature and the second signature creation data to a portal site server; And (i) receiving a registration request success notification from the portal site server.

(E01), a user private key used to generate the first signature or generate the second signature before signing the signature, and the portal site relay server or the portal site server Generating a user public key for use in decrypting the first signature or the second signature and storing the user public key and the user private key, wherein in step (e) and step (g), signature generation is performed by hashing each of the first generation data and the second signature generation data, and then encrypting the first generation data and the second signature generation data using the user private key . ≪ / RTI >

Before step (e), generating at least one random number (e021) and hashing it (data generated by hashing is hereinafter referred to as 'user random number hash'); (E022) the user's random number hash is hashed and then encrypted with the user's private key, that is, the signature is generated (the generated data is referred to as 'user's random number hash encryption' hereinafter) And the first signature generation data may further include the user random number hash.

The first signature generation data may further include a user tagging number # 1 in which the user terminal increases the existing value by 1 before generating the first signature in step (e).

The second signature generation data may further include the user random number hash encryption.

The second signature generation data may further include a user tagging number # 2 in which the user terminal increases the existing value by 1 before generating the second signature in step (g).

According to another aspect of the present invention, there is provided an application program stored in a non-temporary storage medium, executed by a processor, connected to a portal site through a portal site relay server and performing authentication of a user or withdrawing a user from a portal site (A) transmitting an authentication or withdrawal request to a portal site server according to a user's input; (b) receiving an authentication or withdrawal request screen from the portal site server; (c) the user is connected to the portal site relay server by pressing submit of the portal site relay server; (d) Signature of data (hereinafter, referred to as "first signature creation data") including a user ID already stored in the user terminal in the process of registering the portal site of the user and data to be transmitted to the portal site relay server (Hereinafter referred to as a " first signature "). (e) transmitting the first signature and the first signature creation data to a portal site relay server; (f) generating data (hereinafter, referred to as 'second signature') to be transmitted to the portal site server by signatureing data including the user ID (hereinafter referred to as 'second signature generation data'); (g) transmitting the second signature and the second signature creation data to a portal site server; And (h) receiving an authentication request success notification or withdrawal request success notification from the portal site server.

Before step (d), generating at least one random number (d011) and hashing it (data generated by hashing is hereinafter referred to as 'user random number hash'); (D012) encrypting the hash of the user's random number hash with a user private key already stored in the user terminal in the process of registration of the user's portal site, signing the signature, Random number hash encryption "), and the first signature generation data may further include the user random number hash.

In the step (d) or the step (f), signature is generated by hashing the first signature generation data or the second signature generation data, Or by encrypting it using a user private key.

The first signature generation data may further include a user tagging number # 1 in which the user terminal increases the existing value by one before generating the first signature in step (d).

The second signature generation data may further include the user random number hash encryption.

The second signature generation data may further include a user tagging number # 2 in which the user terminal increases the existing value by 1 before generating the second signature in step (f).

According to another aspect of the present invention, a method for a portal site server to perform registration of a portal site of a user includes the steps of: (a) receiving a registration request from a user terminal; (b) transmitting a registration request screen to the user terminal; (hereinafter referred to as 'first signature') generated by signing the first signature generation data (hereinafter, referred to as 'first signature') and data including a user ID Receiving the first signature generation data and the first signature from a portal site relay server received from the portal site relay server; (d) verifying the integrity of the first signature; (e) generating second signature generation data (hereinafter referred to as 'second signature generation data') generated from signature data of the second signature generation data (hereinafter, referred to as 'second signature generation data' Quot;) < / RTI > (f) verifying the integrity of the second signature; (g) storing the user ID as authentication data; And (h) transmitting a registration request success notification to the user terminal.

The first signature generation data received from the portal site relay server in step (c) includes a user public key for decrypting the first signature, the received user public key is stored in the portal site server, The integrity verification of the first signature in step (d) is performed by verifying whether a hash obtained by decrypting the first signature with the user public key is equivalent to hashing the first signature generation data, The integrity verification of the second signature in step (f) may be performed by verifying whether the hash obtained by decrypting the second signature with the user public key is equivalent to hashing the second signature generation data .

The first signature generation data received from the portal site relay server in step (c) includes at least one random number generated in the user terminal and data generated by hashing the generated random number into a hash (D1) storing the received random number hash in step (c), wherein the step (e) further comprises the step of receiving from the user terminal In the second signature generation data, at least one random number is generated in the user terminal, the data generated by hashing the data (hereinafter, referred to as 'user random number hash') is hashed and encrypted with a user private key, (F) encrypting the user's random-number hash encryption received in the step (e) with the use of the user's random number hash encryption, Decoding by using the public key; And (f2) verifying the user's random number hash by comparing whether the hashed hash of the stored user's random number hash in step (d1) and the decrypted in step (f1) are equal to each other.

Wherein the first signature generation data further includes a user tagging number # 1 in which the user terminal increases an existing value by one before generation of the first signature in step (c) (D2) verifying whether the received user tagging number # 1 has increased by one from the existing value between step (e) and step (e).

Wherein the second signature generation data further includes a user tagging number # 2 in which the user terminal increases the existing value by 1 before the second signature generation in step (e), and the step (f) And (f3) checking whether the received user tagging number # 2 is incremented by one from the existing value between step (g) and step (g3).

According to another aspect of the present invention, there is provided a method for a portal site server to perform authentication or withdrawal from a portal site when a user accesses the portal site, comprising the steps of: (a) Receiving a withdrawal request of the server; (b) transmitting a registration request screen or a withdrawal request screen to the user terminal; (hereinafter referred to as 'first signature') generated by signing the first signature generation data (hereinafter, referred to as 'first signature') and data including a user ID Receiving the first signature generation data and the first signature from a portal site relay server received from the portal site relay server; (d) verifying the integrity of the first signature; (e) generating second signature generation data (hereinafter referred to as 'second signature generation data') generated from signature data of the second signature generation data (hereinafter, referred to as 'second signature generation data' Quot;) < / RTI > (f) verifying the integrity of the second signature; (g) if the user is leaving the portal site, deleting the user ID; And (h) transmitting an authentication request success notification or withdrawal request success notification to the user terminal.

The verification of the integrity of the first signature of step (d) may include verifying whether the hash obtained by decrypting the first signature with the user public key stored at the time of registration of the portal site is hashed the first signature generation data And the verification of the integrity of the second signature in step (f) is performed by checking whether the hash obtained by decrypting the second signature with the user public key is hashed the second signature generation data Verification.

The first signature generation data received from the portal site relay server in step (c) includes at least one random number generated in the user terminal and data generated by hashing the generated random number into a hash (D1) storing the received random number hash in step (c), wherein the step (e) further comprises the step of receiving from the user terminal In the second signature generation data, at least one random number is generated in the user terminal, the data generated by hashing the data (hereinafter, referred to as 'user random number hash') is hashed and encrypted with a user private key, And a user random number hash encryption, which is data obtained by signatureing a hash, and when the authentication for the portal site login is being performed, it is preferable that, between the step (f) and the step (h) Decrypting the user's random number hash encryption received in step (e) using the user public key, between the step (f) and the step (g) if the user's public key is being removed; And (f2) verifying the user's random number hash by comparing the hash value of the stored user's random number hash in step (d1) with the value decrypted in step (f1).

Wherein the first signature generation data further includes a user tagging number # 1 in which the user terminal increases an existing value by one before generation of the first signature in step (c) (D2) verifying whether the received user tagging number # 1 has increased by one from the existing value between step (e) and step (e).

The second signature generation data may further include a user tagging number # 2 in which the user terminal increases the existing value by 1 before the second signature generation in step (e) (F) between the step (f) and the step (h), between the step (f) and the step (g) when the withdrawal is being performed at the portal site, (f3) May be further verified if 1 is increased from the existing value.

The step (g1) may further include deleting the user public key between step (f) and step (h) if the user is leaving the portal site.

According to another aspect of the present invention, a portal site relay server is a portal site site in which when a user registers a portal site, performs authentication at the portal site login, or withdraws from the portal site, (Hereinafter referred to as a " user terminal ") and a packet; A portal site server transmission / reception unit for transmitting / receiving a packet to / from the portal site server when the user registers the portal site or performs authentication at the portal site login or withdrawal from the portal site; The user transmission / reception unit receives data (hereinafter, referred to as 'first signature generation data') including signature data including a user ID received from the user terminal and signature generation data for signature generation (Hereinafter referred to as " first signature ") to the portal site server through the portal site server transmission / reception unit; A data storage unit for storing a user ID when registering a portal site; And a controller for controlling the modules of the portal site relay server to perform a series of processes related to provision of the portal site relay service.

The authentication unit may further include a function of verifying the first signature when registering the portal site of the user.

The verification of the first signature may be performed by hashing the received first signature generation data, decrypting the hashed data and the first signature received together with the user's public key, and comparing the first signature with the hash derived therefrom , And verifying whether they are the same.

The first signature generation data may further include data obtained by hashing a random number generated in the user terminal (hereinafter referred to as a 'user random number hash').

The first signature generation data may further include a user tagging number # 1, and the authentication unit may further include a function of verifying whether the received user tagging number # 1 is incremented by one in the portal site registration process of the user .

In the portal site registration process of the user, the first signature generation data includes a user public key for decrypting the data encrypted in the user terminal

The authentication unit may further include a function of storing the received user public key in the data storage unit.

According to the present invention, each user relays the user's random number hash to the portal site without having to manage a separate password, and the user's random number hash encryption, in which the user's terminal is signed with the asymmetric key, And the portal site server confirms this signature using the user's random number hash received from the portal site relay server and the user's public key so that the authentication of the individual is assured if the private key of the user is not exposed, From the viewpoint of security, it is very secure because it can confirm that the user is the user with the security characteristic of the user random number hash which is changed every time when the user finally connects and the asymmetric key to decrypt it. In addition, since users can subscribe to all portal sites with a single account, it is effective to provide portal site relay service that provides convenience and high security level.

1 is a diagram illustrating a network configuration for providing a portal site relay service according to the present invention;
2 is a diagram illustrating a process of generating a user terminal signature and verifying data in a portal site relay server in a process of providing a portal site relay service according to the present invention.
3 is a diagram illustrating a process of generating a user terminal signature and data verification in a portal site server in a process of providing a portal site relay service according to the present invention.
4 is a view showing a first embodiment of a sequence showing a method of registering in each portal site through a portal site relay server according to the present invention;
5 is a diagram showing a first embodiment of a sequence showing a method of performing authentication through a portal site relay server according to the present invention when accessing a portal site;
6 is a view showing a first embodiment of a sequence showing a method of leaving a portal site through a portal site relay server according to the present invention.
7 is a view showing a second embodiment of a sequence showing a method of registering in each portal site through a portal site relay server according to the present invention;
8 is a diagram showing a second embodiment of a sequence showing a method of performing authentication through a portal site relay server according to the present invention when accessing a portal site;
9 is a view showing a second embodiment of a sequence showing a method of withdrawing from each portal site through a portal site relay server according to the present invention.
10 is a diagram showing a configuration of a portal site relay server according to the present invention;

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. Prior to this, terms and words used in the present specification and claims should not be construed as limited to ordinary or dictionary terms, and the inventor should appropriately interpret the concepts of the terms appropriately It should be interpreted in accordance with the meaning and concept consistent with the technical idea of the present invention based on the principle that it can be defined. Therefore, the embodiments described in this specification and the configurations shown in the drawings are merely the most preferred embodiments of the present invention and do not represent all the technical ideas of the present invention. Therefore, It is to be understood that equivalents and modifications are possible.

1 is a diagram illustrating a network configuration for providing a portal site relay service according to the present invention.

(One or more random numbers) is hashed and hashed into a user public key stored in the portal site server 200 when the portal site server 200 registers it, and transmits the hashed public key to the portal site relay server 100 via the relay role of the portal site relay server 100 Since the hash of the received user hash is compared with the result of the hash verification, the security level is very high, and the user can more effectively attract and maintain a single portal site customer.

The FIDO server sends a random challenge (server challenge) to the FIDO client at the time of authentication and sends it to the FIDO client. The FIDO client sends it to the FIDO server together with the server challenge. The FIDO server analyzes the signature by public key, . On the other hand, the present invention can operate in the TLS environment of the web environment, and the same level of security can be provided because the user random number hash is verified with a pair of asymmetric keys.

Therefore, whenever a user registers, authenticates, or unsubscribes to a portal site having a service contract with a portal site relay server 100 with a single account, such as SSO (Single Sign On), a user random number hash is newly generated every time Based on this, the portal site confirms the user's authentication, so if the user token is stolen like Single Sign On (SSO), it is possible to prevent the case where all the subscribed sites can be dangerous. Therefore, the present invention is an invention combining security level such as FIDO with convenience of SSO (Single Sign On).

Hereinafter, regarding the provision of the portal site relay service as described above, the registration, authentication, and withdrawal method to the portal site performed through the portal site relay server 100 of the present invention will be described with reference to FIG. 2 to FIG. I will explain in detail by example.

Figs. 4 to 6 are diagrams respectively showing a sequence of performing registration of a user portal site as a first embodiment, authentication at a portal site login, and withdrawal at a portal site, and Figs. 7 to 9 are, respectively, A sequence of performing registration of a user portal site, authentication at the portal site login, and withdrawal at the portal site.

Particularly, FIG. 2 illustrates generation of a user terminal first signature, verification of data in the portal site relay server 100, FIG. 3 illustrates generation of a second signature in the user terminal, and data verification in the portal site server 200. Each of the sequences of FIGS. 2 and 3 is a sequence that is commonly performed in the processes of FIGS. 4 to 9, and FIGS. 4 to 9 show such a sequence. It should be noted, however, that the sequence of FIG. 2 and FIG. 3 performed in FIGS. 4 to 9 is slightly different in each figure (FIG. 4 to FIG. 9) Will be described later in the description.

FIG. 2 is a diagram illustrating a process of generating a first signature of a user terminal and a first signature verification of a portal site relay server in a process of providing a portal site relay service according to the present invention.

'signature' has the meaning of 'signature', and the 'signature' used below is a hash of one or more specific data (hereinafter referred to as 'signature generation data'), ≪ / RTI > That is, 'signifying' the signature generation data 'A' means to generate the final data, that is, the signature, which hashes the A and encrypts the hashed data using the user private key. For example, in the following description, the 'signature generation data for signature' is generated by hashing the first signature generation data and encrypting it with a user private key to generate a first signature, Signifying the data 'signifies that the second signature generation data is hashed and is then encrypted with the user's private key to generate the second signature. The signing of the user's random number hash means that after hashing the user's random number hash, It is encrypted with the user's private key. The data generated by signing the user's random number hash is referred to as 'user's random number hash encryption'.

The receiving side receives the signature and data for signature generation together and verifies the signature. That is, it verifies whether the hash of the signature generation data is equal to the signature obtained by decoding the signature with the user public key, To ensure the integrity of the network.

2, the user terminal client 10 or the user terminal extension 11 (hereinafter referred to as a 'user terminal' in the description with reference to FIG. 2) increments the user tagging number # 1 by 1 (S001).

The user terminal 'signatureizes' the user ID, the user random number hash, and the user tagging number # 1. That is, according to the meaning of 'signatureization' described above, the user terminal hashes the user ID, the user's random number hash and the user tagging number # 1, encrypts it with the user's private key, (S002). The user ID, the user's random number hash, and the user tagging number # 1 for generating the first signature are collectively referred to as 'first signature generation data'. Here, 'user random number hash' refers to data generated when a user terminal generates one or more random numbers and hashs them.

In the portal site registration process of FIGS. 4 and 7, the first signature generation data further includes a user public key.

The user terminal then transmits the first signature creation data and the generated first signature to the portal site relay server 100 (S003).

Then, in the portal site registration process of the user, the portal site relay server 100 decrypts the first signature into the user public key in the packet received in step S003 from the user terminal, and generates a first signature The received signature is verified by verifying whether or not the data is hashed (S004). That is, the received first signature generation data is hashed, and the hashed data thus decrypts the received first signature with the user's public key and verifies whether it is the same as the hash derived therefrom, In order to verify the validity. This verifies the integrity of the received packet. Thereafter, in the portal site registration process of the user, the portal site relay server 100 verifies whether the received user tagging number # 1 is incremented by 1 (S005).

3 is a diagram illustrating a process of generating a first signature of a user terminal and a second signature verification of a portal site server in a process of providing a portal site relay service according to the present invention.

The user terminal client 10 or the user terminal extension 11 (hereinafter collectively referred to as a " user terminal " in the description with reference to Figure 3) increases the user tagging number # 2 by 1 (S021) , Generates a signature (hereinafter referred to as a 'second signature') (S022) encrypted with the user private key after hashing the user's random number hash encryption and the user tagging number # 2. The user ID for generating the second signature, the user's random number hash encryption, and the user tagging number # 2 are collectively referred to as 'second signature generation data'. Here, the user's random number hash encryption refers to data obtained by 'signatureizing' the user's random number hash. That is, the user random number hash is re-hashed, and the generated data is encrypted with the user's private key, which is referred to as 'user random number hash encryption'.

The user terminal then transmits the second signature creation data and the generated second signature to the portal site server 200 (S023).

The portal site server 200 decrypts the second signature in the packet received in step S023 from the user terminal with the user public key stored when registering the portal site of the user (Fig. 4 and Fig. 7), and the hash The received signature is verified by verifying whether or not the data for generating the second signature is hashed (S024). That is, the received second signature generation data is hashed, and the hashed data thus decrypts the received second signature with the user's public key and verifies whether it is the same as the hash derived therefrom, In order to verify the validity. This verifies the integrity of the received packet. Thereafter, the portal site relay server 100 verifies whether the received user tagging number # 2 is incremented by 1 (S025).

Also, the user random number hash encryption received from the user terminal in the above step S022 is decrypted with the user public key stored at the time of registration of the user portal site (FIG. 4 and FIG. 7). The user random number hash is verified by comparing the decrypted user random number hash received from the portal site relay server 100 as one of the first signature generation data before step S021 and the hash value S027).

4 is a diagram showing a first embodiment of a sequence showing a method of registering in each portal site through the portal site relay server 100 according to the present invention.

First, a client program installed in the user terminal 10 is referred to as a 'user terminal client'. Hereinafter, this will be referred to as a 'client' 10.

When the user makes a registration request to the portal site server 200 (S401), the portal site server 200 transmits a registration request screen to the client 10 (S402). In this registration request screen, the user inputs a user ID and presses a submit button to access the portal site relay server 100 (S403).

Thereafter, the client 10 generates a pair of asymmetric keys, that is, 'user private key' and 'user public key', and stores the generated private key and the user public key (S404).

The client 10 stores the input user ID (S405). In addition, the client 10 generates one or more random numbers and performs hashing (data generated by hashing) as a user random number hash, then stores the user's hash as a signature in step S406. In this way, the signature-encoded data of the user's random number hash is called user's random number hash encryption.

That is, referring to FIG. 3, as described above, the user's random number hash encryption is a method of hashing the user's random number hash by 'signatureizing' the user's random number hash, again encrypting the user's random number hash, to be.

Thereafter, the client 10 generates a first signature, and the portal site relay server 100 verifies the first signature and various data, which has been described with reference to steps S001 through S005 in FIG. 2 . The 'user terminal' in FIG. 2 corresponds to the 'client 10' in FIG.

That is, the client 10 increments the user tagging number # 1 by 1 (S001) and generates the first signature generation data, that is, the user ID, the user random number hash, the user tagging number # 1, and the user public key, And transmits the generated first signature (S002) to the portal site relay server 100 (S003). The portal site relay server 100 verifies the first signature (S004), and verifies whether the user tagging number # 1 is incremented by one (S005).

After the verification, the portal site relay server 100 stores the user ID to manage the user's account for the other portal sites as one (S407), and further stores the user ID The user public key is stored (S407). That is, the stored user public key can be used for the first signature verification even during the registration process of the corresponding portal site of the user.

Then, the portal site relay server 100 transmits the first signature creation data and the first signature to the portal site server 200 as it is (S408), the portal site server 200 verifies the first signature (S409 ), The user tagging number # 1 is incremented by 1 (S410), and the user public key is stored (S411).

Then, the portal site server 200 stores the user's random number hash among the first signature creation data received from the portal site relay server 100 (S412).

Thereafter, the client 10 generates a second signature, and the portal site server 200 verifies the second signature and various data, which has been described with reference to steps S021 through S027 in FIG. 3 . The 'user terminal' in FIG. 3 also corresponds to the 'client 10' in FIG.

That is, the client 10 increments the user tagging number # 2 by 1 (S021), and generates the second signature generation data, that is, the user ID, the user random number hash encryption and the user tagging number # 2, 2 signature (S022) to the portal site server 200 (S023). The portal site server 200 verifies the second signature (S024), verifies whether the user tagging number # 2 has increased by 1 (S025), stores the user's random number hash encryption received from the client 10 in step S411 And decrypts it with the user public key (S026).

In addition, hash of the user's random number hash received as one of the first signature generation data (S408) from the portal site relay server 100 is received from the client 10 as one of the second signature generation data (S023 ) Is verified (S027) by decrypting the user's random number hash encryption with the user's public key (stored in S411) (S026), and performs data verification.

When verification of the user random number hash is completed, the portal site server 200 determines that the user registration is successful and stores the user ID (S413), and transmits a message to the client 10 indicating that the registration request has been successful (S414).

5 is a diagram illustrating a first embodiment of a sequence of a method for performing authentication through the portal site relay server 100 according to the present invention when accessing a portal site.

When the client 10 sends an authentication request to the portal site server 200 (S501), the portal site server 200 displays an authentication request screen to the client 10 (S502). The user presses the submit button of the portal site relay server 100 on the authentication request screen (S503). Each time a user random number (one or more random numbers) is generated and hashed, the data generated by the hashing, that is, the user random number hash is signed and stored (S504). That is, after hashing the user's random number hash, it encrypts it with the user's private key stored at the time of registering the portal site of the user (FIG. 4), and stores it (S504).

Thereafter, the client 10 generates a first signature, and transmits the generated first signature and first signature generation data to the portal site relay server 100. This has been described with reference to steps S001 to S003 in Fig. The 'user terminal' of FIG. 2 also corresponds to the 'client 10' in FIG.

That is, the user tagging number # 1 is incremented by 1 (S001), and the client 10 generates the first signature generation data, i.e., the user ID, the user random number hash, and the user tagging number # 1, 1 signature (S002) to the portal site relay server 100 (S003). Unlike the portal site registration shown in FIG. 4, the user public key is not included in the first signature generation data, and thus is not transmitted to the portal site relay server 100.

Then, the portal site relay server 100 transmits the first signature creation data and the first signature to the portal site server 200 as it is (S505), the portal site server 200 verifies the first signature (S506 ), It is verified whether the user tagging number # 1 is incremented by 1 (S507).

Then, the portal site server 200 stores the user's random number hash among the first signature creation data received from the portal site relay server 100 (S508).

Thereafter, the client 10 generates a second signature, and the portal site server 200 verifies the second signature and various data, which has been described with reference to steps S021 through S027 in FIG. The 'user terminal' in FIG. 3 also corresponds to the 'client 10' in the authentication process when the portal site is accessed in FIG.

That is, the client 10 increments the user tagging number # 2 by 1 (S021) and generates the second signature generation data, i.e., the user ID, the user random number hash encryption and the user tagging number # 2, and transmits the signature (S022) to the portal site server 200 (S023). The portal site server 200 verifies the second signature (S024), verifies whether the user tagging number # 2 is incremented by 1 (S025), and transmits the user's random number hash encryption received from the client 10 to the portal site registration process (S026) with the user public key stored in step S411 of FIG. 4 (FIG. 4).

Also, the user random number hash encryption received as one of the second signature generation data (S023) obtained by hashing the user's random number hash received from the portal site relay server 100 (S505) is transmitted to the user public key (S027), and decrypts the encrypted data (S026) (S027).

The portal site server 200 determines that the authentication of the user is successful by verifying the user's random number hash. Accordingly, the portal site server 200 transmits an authentication request success notification to the client 10 (S509).

6 is a diagram showing a first embodiment of a sequence showing a method of withdrawing from each portal site through the portal site relay server 100 according to the present invention.

When the client 10 sends a withdrawal request to the portal site server 200 (S601), the portal site server 200 displays a withdrawal request screen to the client 10 (S602). The user presses the submit button of the portal site relay server 100 on the authentication request screen (S603). Each time a user random number (one or more random numbers) is generated and hashed, the data generated by the hashing, that is, the user random number hash is signed and stored (S604). That is, after hashing the user's random number hash, it encrypts it with the user's private key stored at the time of registering the portal site of the user (FIG. 4), and stores it (S604).

Thereafter, the client 10 generates a first signature, and transmits the generated first signature and first signature generation data to the portal site relay server 100. This has been described with reference to steps S001 to S003 in Fig. The 'user terminal' in FIG. 2 also corresponds to the 'client 10' in FIG.

That is, the user tagging number # 1 is incremented by 1 (S001), and the client 10 generates the first signature generation data, i.e., the user ID, the user random number hash, and the user tagging number # 1, 1 signature (S002) to the portal site relay server 100 (S003). Unlike the portal site registration shown in FIG. 4, the user public key is not included in the first signature generation data, and thus is not transmitted to the portal site relay server 100.

Then, the portal site relay server 100 transmits the first signature creation data and the first signature to the portal site server 200 as it is (S605), the portal site server 200 verifies the first signature (S606 ), It is verified whether the user tagging number # 1 is incremented by 1 (S607).

Thereafter, the portal site server 200 stores a user random number hash among the first signature generation data received from the portal site relay server (S608).

Thereafter, the client 10 generates a second signature, and the portal site server 200 verifies the second signature and various data, which has been described with reference to steps S021 through S027 in FIG. The 'user terminal' of FIG. 3 also corresponds to the 'client 10' when it is performed in the portal site withdrawal process of FIG.

That is, the client 10 increments the user tagging number # 2 by 1 (S021) and generates the second signature generation data, i.e., the user ID, the user random number hash encryption and the user tagging number # 2, and transmits the signature (S022) to the portal site server 200 (S023). The portal site server 200 verifies the second signature (S024), verifies whether the user tagging number # 2 is incremented by 1 (S025), and transmits the user's random number hash encryption received from the client 10 to the portal site registration process (S026) with the user public key stored in step S411 of FIG. 4 (FIG. 4).

Also, the user random number hash encryption received as one of the second signature generation data (S023) obtained by hashing the user's random number hash received from the portal site relay server 100 (S605) is transmitted to the user public key (S027), and decrypts the encrypted data (S026) (S027).

When the portal site server 200 verifies the user's random number hash, the portal site server 200 determines that the user's withdrawal from the portal site is successful. Accordingly, the portal site server 200 deletes the user ID (S609) (S610), and transmits a withdrawal request success notification to the client 10 (S611).

7 is a diagram showing a second embodiment of a sequence showing a method of registering in each portal site through the portal site relay server 100 according to the present invention.

4 to 6 and the first embodiment of Figs. 4 to 6 are the same as those in Figs. 4 to 6 except that the client of the user terminal 10 communicates with the portal site relay server 100 7 to 9, the user accesses the web server directly via the web, and the 'user terminal web extension 11' (hereinafter simply referred to as 'web extension 11' Is responsible for important functions.

The client is an application running on the user terminal 10 and the web extension 11 is a program running along with the web browser when the user terminal executes the web browser. The web extension 11 is a program created by a user. Specific web browsers provide a function of uploading such a user program to a web browser. The web extension 11, which is a user program loaded in this way, When the browser is operated, the web browser is operated as a separate program together with the web browser to implement functions desired by the user.

First, the user terminal 10 is referred to as a general web browser and the web extension 11 is operated in a web browser. When the user makes a registration request to the portal site server 200 (S701), the portal site server 200 transmits a registration request screen to the user terminal 10 (S702). In this registration request screen, the user inputs the user ID and presses the submit button of the portal site relay server 100 (S703). At this time, the registration request html request is transmitted to the portal site server 200 at the user terminal 10 (S704). Then, the user terminal 10 sends the user ID to the web extension 11 (S705). The web extension 11 is triggered by transmitting the user ID to the web extension 11 (S705).

The web extension 11 generates a pair of asymmetric keys, that is, 'user private key' and 'user public key', and stores the generated user private key and user public key (S706). Thereafter, the web extension 11 stores the user ID received from the user terminal 10 (S707).

The web extension 11 generates one or more random numbers and performs hashing (data generated by hashing) as a user random number hash, and stores the user's random number hash as a signature in step S708. That is, after hashing the user's random number hash, it encrypts it with the user's private key and stores it (S708).

Thereafter, the web extension 11 increases the user tagging number # 1 by 1, the web extension 11 generates the first signature, and the portal site relay server 100 verifies the first signature and the various data This has been described with reference to FIG. 2 through steps S001 to S005. The 'user terminal' of FIG. 2 corresponds to the 'Web extension 11' when performed in FIG.

That is, the web extension 11 increments the user tagging number # 1 by 1 (S001), and the web extension 11 generates the first signature generating data, i.e., the user ID, the user random number hash, The user public key and the first signature S002 generated therefrom to the portal site relay server 100 (S003). The portal site relay server 100 verifies the first signature (S004), and verifies whether the user tagging number # 1 is incremented by 1 (S005).

After the verification, the portal site relay server 100 stores the user ID in order to manage one account of the user for the other portal sites (S709) the public key is stored (S709). That is, the stored user public key can be used for the first signature verification even during the registration process of the corresponding portal site of the user.

Then, the portal site relay server 100 transmits the first signature creation data and the first signature to the portal site server 200 as it is (S710), the portal site server 200 verifies the first signature (S711 ), The user tagging number # 1 is incremented by 1 (S712), and the user public key is stored (S713).

Thereafter, the portal site server 200 stores a user's random number hash among the first signature generation data received from the portal site relay server 100 (S714).

Thereafter, the second signature is generated in the web extension 11, and the second signature and various data are verified in the portal site server 200, which has been described in step S021 to step S027 in Fig. 3 . The 'user terminal' of FIG. 3 corresponds to the 'Web extension 11' when performed in FIG.

That is, the web extension 11 increments the user tagging number # 2 by 1 (S021) and generates the second signature generation data, i.e., the user ID, the user random number hash encryption and the user tagging number # 2, 2 signature (S022) to the portal site server 200 (S023). The portal site server 200 verifies the second signature (S024), verifies whether the user tagging number # 2 has increased by 1 (S025), and stores the user's random number hash encryption received from the extension 11 in step S713 And decrypts it with the user public key (S026).

Also, the hash of the user's random number hash received from the portal site relay server 100 is decrypted to the user's public key (S026), which is one of the second signature generation data (S023) ) (S027), and performs data verification.

When the verification is completed, the portal site server 200 determines that the user registration is successful, stores the user ID (S715), and transmits a registration request success message to the user terminal 10 (S716).

8 is a diagram illustrating a second embodiment of a sequence of a method for performing authentication through the portal site relay server 100 according to the present invention when accessing a portal site.

When the user terminal 10 sends an authentication request to the portal site server 200 (S801), the portal site server 200 displays an authentication request screen to the user terminal 10 (S802). The user presses the submit button of the portal site relay server 100 on the authentication request screen (S803). Then, the user terminal 10 sends an authentication attempt html request to the portal site server 200 in step S804 and simultaneously triggers the web extension 11 in step S805.

The web extension 11 generates a user random number (one or more random numbers) every time and hashs the user random number, and stores the data generated by the hashization, that is, the user random number hash, as a signature in step S806. That is, after hashing the user's random number hash, it encrypts it with the user's private key stored at the time of registering the portal site of the user (FIG. 7) and stores it (S806).

Thereafter, the web extension 11 generates a first signature and is transmitted to the portal site relay server 100, which has been described in step S001 to step S003 in FIG. The 'user terminal' of FIG. 2 corresponds to the 'Web extension 11' when it is performed in FIG.

That is, the web extension 11 increments the user tagging number # 1 by 1 (S001) and generates the first signature generation data, that is, the user ID, the user random number hash and the user tagging number # 1, 1 signature (S002) to the portal site relay server 100 (S003). 7, the user public key is not included in the first signature generation data, and thus is not transmitted to the portal site relay server 100. [

Then, the portal site relay server 100 transmits the first signature creation data and the first signature to the portal site server 200 as it is (S807), the portal site server 200 verifies the first signature (S808 ), It is verified whether the user tagging number # 1 is incremented by 1 (S809).

Thereafter, the portal site server 200 stores a user's random number hash among the first signature creation data received from the portal site relay server 100 (S810).

Thereafter, the web extension 11 generates a second signature, and the portal site server 200 verifies the second signature and various data, which has been described with reference to steps S021 through S027 in Fig. 3 . The 'user terminal' of FIG. 3 also corresponds to the 'Web extension 11' when it is performed in FIG.

That is, the web extension 11 increments the user tagging number # 2 by 1 (S021), and the web extension 11 transmits the second signature generation data, that is, the user ID, the user random number hash encryption and the user tagging number # 2 And transmits the generated second signature S022 to the portal site server 200 (S023). The portal site server 200 verifies the second signature (S024), verifies whether the user tagging number # 2 has increased by 1 (S025), and transmits the user's random number hash encryption received from the extension 11 to the portal site registration process 7) with the user public key stored in step S713 (S026).

Also, the user random number hash encryption received (S023) as one of the second signature generation data obtained by hashing the user's random number hash received from the portal site relay server 100 (S807) is transmitted to the user public key (S027)) to be decoded (S026) (S027), and performs data verification.

When the portal site server 200 verifies the user's random number hash and the portal site random number hash, the portal site server 200 determines that the user's authentication has succeeded. Accordingly, the portal site server 200 transmits an authentication request success notification to the user terminal 10 (S811).

9 is a diagram showing a second embodiment of a sequence showing a method of withdrawing from each portal site through the portal site relay server 100 according to the present invention.

When the user terminal 10 sends a withdrawal request to the portal site server 200 (S901), the portal site server 200 displays a withdrawal request screen to the user terminal 10 (S902). The user presses the submit button of the portal site relay server 100 on the withdrawal request screen (S903). Then, the user terminal 10 sends an unsubscribe html request to the portal site server 200 in step S904 and simultaneously triggers the web extension 11 in step S905.

The web extension 11 generates a user random number (one or more random numbers) every time and hashs the user random number, and stores the data generated by the hashization, that is, the user random number hash, as a signature in step S906. That is, after hashing the user's random number hash, it encrypts it with the user private key stored at the time of registering the portal site of the user (FIG. 7), and stores it.

Thereafter, the web extension 11 generates a first signature and is transmitted to the portal site relay server 100, which has been described in step S001 to step S003 in FIG. The 'user terminal' of FIG. 2 corresponds to the 'Web extension 11' when performed in FIG.

That is, the web extension 11 increments the user tagging number # 1 by 1 (S001) and generates the first signature generation data, that is, the user ID, the user random number hash and the user tagging number # 1, 1 signature (S002) to the portal site relay server 100 (S003). 7, the user public key is not included in the first signature generation data, and thus is not transmitted to the portal site relay server 100. [

Then, the portal site relay server 100 transmits the first signature creation data and the first signature to the portal site server 200 as it is (S907), the portal site server 200 verifies the first signature (S908 ), It is verified whether the user tagging number # 1 is incremented by 1 (S909).

Then, the portal site server 200 stores a user's random number hash among the first signature creation data received from the portal site relay server 100 (S910).

Thereafter, the web extension 11 generates a second signature, and the portal site server 200 verifies the second signature and various data, which has been described with reference to steps S021 through S027 in Fig. 3 . The 'user terminal' of FIG. 3 also corresponds to the 'Web extension 11' when it is performed in FIG.

That is, the web extension 11 increments the user tagging number # 2 by 1 (S021), and the web extension 11 transmits the second signature generation data, that is, the user ID, the user random number hash encryption and the user tagging number # 2 And transmits the generated second signature S022 to the portal site server 200 (S023). The portal site server 200 verifies the second signature (S024), verifies whether the user tagging number # 2 has increased by 1 (S025), and transmits the user's random number hash encryption received from the extension 11 to the portal site registration process 7) with the user public key stored in step S713 (S026).

Also, the user random number hash encryption received as one of the second signature generation data (S023) obtained by hashing the user's random number hash received from the portal site relay server 100 (S907) is transmitted to the user public key (S027)) to be decoded (S026) (S027), and performs data verification.

After deleting the user ID (S911), the portal site server 200 deletes the user public key (S912) and transmits a withdrawal request success notification to the user terminal 10 (S913).

10 is a diagram showing a configuration of a portal site relay server 100 according to the present invention.

1 to 9, the process of registering and unsubscribing the user to and from the portal site through the portal site relay server 100 and performing the authentication at the login of the portal site have been described in detail. The function of each module of the portal site relay server 100 to be performed will be briefly described below.

The control unit 101 controls each module of the portal site relay server 100 to perform a series of processes related to provision of the portal site relay service.

The authentication unit 102 identifies a signature (hereinafter referred to as 'first signature') of an extension of a user terminal client or a corresponding browser (hereinafter collectively referred to as a 'user terminal') when registering a portal site of a user ).

That is, the authentication unit 102 verifies the first signature from the first signature received from the user terminal by the user transmitter-receiver unit 103 and the first signature generation data for generating the first signature, The first signature generation data received is hashed, and the hashed data is decrypted with the user's public key to verify that the first signature received is the same as the hash derived therefrom.

The first signature generation data includes a user ID, a user random number hash, and a user tagging number # 1. In the portal site registration process, the first signature generation data further includes a user public key.

Also, when the authentication unit 102 performs registration, withdrawal, or authentication at the portal site, the authentication unit 102 transmits the first signature and the first signature generation data received from the user terminal to the user transceiver unit 103, And transmits it to the portal site server 200 through the portal site server transmission / reception unit 104.

Also, in the portal site registration process of the user, the authentication unit 102 verifies whether the number # 1 of the received user tagging is incremented by 1 in the portal site registration process of the user

Also, when the portal site registration of the user is performed, the authentication unit 102 stores the user ID in the data storage unit 105, receives the asymmetric key, i.e., the user public key, received from the user terminal, 105).

The user transceiver unit 103 transmits and receives a packet to / from a user terminal when registering, leaving, or authenticating the user at the portal site.

The portal site server transmission / reception unit 104 transmits / receives a packet to / from the portal site server when performing registration, withdrawal, or authentication when accessing the portal site.

The data storage unit 105 stores an asymmetric key for signature verification.

10: User terminal or user terminal client
11: Extension of the user terminal
100: Portal site relay server
200: Portal Site Server

Claims (37)

A portal site relay server, as a method for performing registration of a portal site of a user,
(a) data including a user ID (hereinafter, referred to as 'first signature creation data') from the terminal of the user who has requested registration to the portal site (hereinafter referred to as 'user terminal'), (Hereinafter referred to as " i-signature ");
(b) verifying the integrity of the first signature;
(c) storing a user ID; And
(d) transmitting the first signature creation data and the first signature to the portal site server
A portal site registration server for registering, authenticating, or leaving a portal site. The method according to claim 1,
Wherein the first signature generation data received from the user terminal in step (a) further includes a user public key for decrypting the first signature,
The integrity verification of the first signature of step (b)
And by verifying whether or not a hash obtained by decrypting the signature with the user public key is equivalent to hashing the signature generation data
Wherein the portal site registration server performs the registration of the portal site. The method of claim 2,
Between the step (b) and the step (d)
(b1) storing the received user public key
The portal site registration server according to claim 1, further comprising: The method according to claim 1,
The first signature generation data includes:
(Hereinafter referred to as " user random number hash ") obtained by hashing a random number generated in the user terminal
Wherein the portal site registration server performs the registration of the portal site. The method according to claim 1,
The first signature generation data includes:
Further comprising a user tagging number # 1 in which the user terminal increases the existing value by 1 before transmitting the data of the step (a) to the portal site relay server,
Between the step (b) and the step (c)
(b2) verifying whether the received tagging number # 1 is increased by 1 from the existing value
The portal site registration server according to claim 1, further comprising: A method for a portal site relay server performing authentication or withdrawal from a portal site when a user logs in to a portal site,
(a) data including a user ID (hereinafter, referred to as 'first signature creation data') from the terminal of the user who has requested registration to the portal site (hereinafter referred to as 'user terminal'), (Hereinafter, referred to as 'first signature') generated by making a signature into a signature; And
(b) transmitting the first signature creation data and the first signature to a portal site server
A portal site registration server for registering, authenticating, or leaving a portal site. The method of claim 6,
The first signature generation data includes:
(Hereinafter referred to as " user random number hash ") obtained by hashing a random number generated in the user terminal
Wherein the portal site is authenticated or unsubscribed by the portal site relay server. The method of claim 6,
In the signature generation data,
The user terminal further includes a user tagging number # 1 in which the existing value is incremented by 1 before the data of the step (a) is transmitted to the portal site relay server
Wherein the portal site is authenticated or unsubscribed by the portal site relay server. An application program stored in a non-temporary storage medium, executed by a processor and performing a method for registering on a portal site through a portal site relay server,
(a) transmitting a registration request to a portal site server according to a user's input;
(b) receiving a registration request screen from the portal site server;
(c) connecting to the portal site relay server by pressing submit of the portal site relay server after receiving the user ID from the user;
(d) storing the user ID;
(e) generating data (hereinafter referred to as 'first signature') to be transmitted to the portal site relay server by signatureing data including the user ID (hereinafter, referred to as 'first signature generation data') ;
(f) transmitting the first signature and the first signature creation data to a portal site relay server;
(g) generating data (hereinafter, referred to as 'second signature') to be transmitted to the portal site server by signatureing data including the user ID (hereinafter referred to as 'second signature generation data');
(h) transmitting the second signature and the second signature creation data to a portal site server; And
(i) receiving a registration request success notification from the portal site server
An application program stored on a non-volatile medium. The method of claim 9,
Prior to step (e)
(e01) a user private key used to generate the first signature or to signify the second signature when the second signature is generated, and a user private key used when the portal site relay server or the portal site server transmits the first signature or the second signature generating a user public key to be used for decrypting the signature, storing the user public key and the user private key
Further comprising:
The first signature generation data includes:
The user public key is further included,
In the step (e) and the step (g)
Generating first and second signature generation data by hashing each of the first signature generation data and the second signature generation data,
The application program being stored on a non-volatile medium. The method of claim 10,
Prior to step (e)
(e021) generating at least one random number and hashing it (data generated by hashing is hereinafter referred to as 'user random number hash'); And
(e022) a step of hashing the user's random number hash, encrypting it with the user's private key (i.e., signature) (storing the generated user's number random number hash as encryption)
Further comprising:
The first signature generation data includes:
Further comprising the user random number hash
Lt; RTI ID = 0.0 > 1, < / RTI > The method of claim 9,
The first signature generation data includes:
Wherein the user terminal obtains a user tagging number # 1 that increases the existing value by 1 before generating the first signature in step (e)
Lt; RTI ID = 0.0 > 1, < / RTI > The method of claim 11,
The second signature generation data includes,
The user random number hash encryption
The application program being stored on a non-volatile medium. The method of claim 9,
The second signature generation data includes,
Wherein the user terminal obtains a user tagging number # 2 that increases the existing value by 1 before generating the second signature in step (g)
The application program being stored on a non-volatile medium. An application program stored in a non-temporary storage medium, executed by a processor, connected to a portal site through a portal site relay server to perform authentication of a user or to withdraw a user from a portal site,
(a) transmitting an authentication or withdrawal request to a portal site server according to a user's input;
(b) receiving an authentication or withdrawal request screen from the portal site server;
(c) the user is connected to the portal site relay server by pressing submit of the portal site relay server;
(d) Signature of data (hereinafter, referred to as "first signature creation data") including a user ID already stored in the user terminal in the process of registering the portal site of the user and data to be transmitted to the portal site relay server (Hereinafter referred to as a " first signature ").
(e) transmitting the first signature and the first signature creation data to a portal site relay server;
(f) generating data (hereinafter, referred to as 'second signature') to be transmitted to the portal site server by signatureing data including the user ID (hereinafter referred to as 'second signature generation data');
(g) transmitting the second signature and the second signature creation data to a portal site server; And
(h) receiving an authentication request success notice or a withdrawal request success notification from the portal site server
An application program stored on a non-volatile medium. 16. The method of claim 15,
Prior to step (d)
(d011) generating at least one random number and hashing it (data generated by hashing is hereinafter referred to as 'user random number hash'); And
(d012) encrypting the signature of the user's random number hash with a user private key already stored in the user terminal in the process of registration of the user's portal site after hashing the signature, Quot; hash encryption "
Further comprising:
The first signature generation data includes:
Further comprising the user random number hash
The application program being stored on a non-volatile medium. 16. The method of claim 15,
In the step (d) or the step (f)
The first signature generation data or the second signature generation data is hashed to be encrypted and then encrypted using a user private key already stored in the user terminal in the portal site registration process of the user
The application program being stored on a non-volatile medium. 16. The method of claim 15,
The first signature generation data includes:
Wherein the user terminal obtains a user tagging number # 1 that increases the existing value by 1 before generating the first signature in step (d)
Lt; RTI ID = 0.0 > 1, < / RTI > 18. The method of claim 16,
The second signature generation data includes,
The user random number hash encryption
The application program being stored on a non-volatile medium. 16. The method of claim 15,
The second signature generation data includes,
Wherein the user terminal generates a user tagging number # 2 that increases the existing value by 1 before generating the second signature in step (f)
The application program being stored on a non-volatile medium. A method for a portal site server to perform registration of a portal site of a user,
(a) receiving a registration request from a user terminal;
(b) transmitting a registration request screen to the user terminal;
(hereinafter referred to as 'first signature') generated by signing the first signature generation data (hereinafter, referred to as 'first signature') and data including a user ID Receiving the first signature generation data and the first signature from a portal site relay server received from the portal site relay server;
(d) verifying the integrity of the first signature;
(e) generating second signature generation data (hereinafter referred to as 'second signature generation data') generated from signature data of the second signature generation data (hereinafter, referred to as 'second signature generation data'Quot;)< / RTI >
(f) verifying the integrity of the second signature;
(g) storing the user ID as authentication data; And
(h) transmitting a registration request success notification to the user terminal
Wherein the portal site server performs registration of the portal site. 23. The method of claim 21,
The first signature generation data received from the portal site relay server in step (c) includes a user public key for decrypting the first signature, the received user public key is stored in the portal site server,
Wherein integrity verification of the first signature of step (d)
And verifying whether a hash obtained by decrypting the first signature with the user public key is equivalent to hashing the first signature generation data,
Wherein integrity verification of the second signature of step (f)
And verifying whether the hash obtained by decrypting the second signature with the user public key is equivalent to hashing the second signature generation data
And the portal site server performs the registration of the portal site. 23. The method of claim 22,
The first signature generation data received from the portal site relay server in step (c)
(Hereinafter referred to as " user random number hash ") generated by generating at least one random number in a user terminal and hashing the generated random number,
Between the step (d) and the step (e)
(d1) storing the user's random number hash received in step (c)
Further comprising:
Wherein the second signature generation data received from the user terminal in the step (e)
A user random number hash is generated in the user terminal, and the data generated by hashing the generated random number (hereinafter, referred to as 'user random number hash') is hashed and encrypted with a user private key, that is, a user random number hash encryption
Further comprising:
Between the step (f) and the step (g)
(f1) decrypting the user's random number hash encryption received in step (e) using the user public key; And
(f2) verifying the user's random number hash by comparing whether the hashed hash of the stored user's random number hash in step (d1) is equal to the decrypted value in step (f1)
The portal site registration method according to claim 1, further comprising: 23. The method of claim 21,
The first signature generation data includes:
Further comprising a user tagging number # 1 in which the user terminal increases the existing value by 1 before generating the first signature in step (c)
Between the step (d) and the step (e)
(d2) verifying whether the received user tagging number # 1 is increased by 1 from an existing value
The portal site registration method according to claim 1, further comprising: 23. The method of claim 21,
The second signature generation data includes,
Further comprising a user tagging number # 2 in which the user terminal increases the existing value by 1 before the second signature generation in step (e)
Between the step (f) and the step (g)
(f3) verifying whether the received user tagging number # 2 is incremented by 1 from the existing value
The portal site registration method according to claim 1, further comprising: As a method for performing authentication at the time of accessing a portal site of a user or withdrawal at a portal site,
(a) receiving an authentication for accessing a portal site or a request for withdrawal from a portal site from a user terminal;
(b) transmitting a registration request screen or a withdrawal request screen to the user terminal;
(hereinafter referred to as 'first signature') generated by signing the first signature generation data (hereinafter, referred to as 'first signature') and data including a user ID Receiving the first signature generation data and the first signature from a portal site relay server received from the portal site relay server;
(d) verifying the integrity of the first signature;
(e) generating second signature generation data (hereinafter referred to as 'second signature generation data') generated from signature data of the second signature generation data (hereinafter, referred to as 'second signature generation data'Quot;)< / RTI >
(f) verifying the integrity of the second signature;
(g) if the user is leaving the portal site, deleting the user ID; And
(h) transmitting an authentication request success notification or withdrawal request success notification to the user terminal
Wherein the portal site is authenticated or unsubscribed from the portal site. 27. The method of claim 26,
Wherein integrity verification of the first signature of step (d)
By verifying whether or not the hash obtained by decrypting the first signature with the user public key stored at the portal site registration is equivalent to hashing the first signature generation data,
Wherein integrity verification of the second signature of step (f)
And verifying whether the hash obtained by decrypting the second signature with the user public key is equivalent to hashing the second signature generation data
Wherein the portal site is authenticated or unsubscribed from the portal site. 28. The method of claim 27,
The first signature generation data received from the portal site relay server in step (c)
(Hereinafter referred to as " user random number hash ") generated by generating at least one random number in a user terminal and hashing the generated random number,
Between the step (d) and the step (e)
(d1) storing the user's random number hash received in step (c)
Further comprising:
Wherein the second signature generation data received from the user terminal in the step (e)
A user random number hash is generated in the user terminal, and the data generated by hashing the generated random number (hereinafter, referred to as 'user random number hash') is hashed and encrypted with a user private key, that is, a user random number hash encryption
Further comprising:
(F) and the step (h) when the authentication for the portal site login is being performed, and between the step (f) and the step (g)
(f1) decrypting the user's random number hash encryption received in step (e) using the user public key; And
(f2) verifying the user's random number hash by comparing the hash value of the stored user's random number hash in step (d1) with the decrypted value in step (f1)
The portal site authentication method according to claim 1, further comprising: 27. The method of claim 26,
The first signature generation data includes:
Further comprising a user tagging number # 1 in which the user terminal increases the existing value by 1 before generating the first signature in step (c)
Between the step (d) and the step (e)
(d2) verifying whether the received user tagging number # 1 is increased by 1 from an existing value
The portal site authentication method according to claim 1, further comprising: 27. The method of claim 26,
The second signature generation data includes,
Further comprising a user tagging number # 2 in which the user terminal increases the existing value by 1 before the second signature generation in step (e)
(F) and the step (h) when the authentication for the portal site login is being performed, and between the step (f) and the step (g)
(f3) verifying whether the received user tagging number # 2 is incremented by 1 from the existing value
The portal site registration method according to claim 1, further comprising: 28. The method of claim 27,
Between the step (f) and the step (h), when the withdrawal from the portal site is being performed,
(g1) deleting the user public key
The portal site registration method according to claim 1, further comprising: As a portal site relay server,
(Hereinafter collectively referred to as a "user terminal") and a packet (hereinafter, referred to as a "user terminal") when registering the portal site of the user or authenticating the portal site or leaving the portal site, a user transmitting / receiving unit for transmitting / receiving a packet;
A portal site server transmission / reception unit for transmitting / receiving a packet to / from the portal site server when the user registers the portal site or performs authentication at the portal site login or withdrawal from the portal site;
The user transmission / reception unit receives data (hereinafter, referred to as 'first signature generation data') including signature data including a user ID received from the user terminal and signature generation data for signature generation (Hereinafter referred to as " first signature ") to the portal site server through the portal site server transmission / reception unit;
A data storage unit for storing a user ID when registering a portal site; And
A controller for controlling the modules of the portal site relay server to perform a series of processes related to provision of the portal site relay service,
The portal site server comprising: 33. The method of claim 32,
Wherein,
When performing registration of a portal site of a user, a function of verifying the first signature
Further comprising: a portal server for managing the portal site; 34. The method of claim 33,
Wherein the verification of the first signature comprises:
The hash data of the received first signature generation, the hashed data and the first signature received together are decrypted with the user's public key and compared with the hash derived therefrom to verify that they are the same.
A portal site relay server. 33. The method of claim 32,
The first signature generation data includes:
(Hereinafter referred to as " user random number hash ") obtained by hashing a random number generated in the user terminal
A portal site relay server. 33. The method of claim 32,
The first signature generation data includes:
User tagging number # 1 is further included,
Wherein,
In the portal site registration process of the user, it is possible to verify whether the number # 1 of the received user tagging is incremented by 1
Further comprising: a portal server for managing the portal site; 33. The method of claim 32,
In the registration process of the portal site of the user,
A user public key for decrypting the data encrypted in the user terminal
Further comprising:
Wherein,
Storing the received user public key in the data storage unit
Further comprising: a portal server for managing the portal site;

Images