KR20230150696A - Authentication method of electronic device and method of the same - Google Patents

Abstract

An electronic device according to various embodiments disclosed in this document includes a communication circuit, a user interface module, and a processor operatively connected to the communication circuit and the user interface module, the processor capable of performing user authentication in response to a user authentication request. Identifying at least one peripheral electronic device, providing a list of at least one peripheral electronic device capable of user authentication through the user interface module, and providing a list of at least one peripheral electronic device capable of user authentication through an electronic device selected from the list of at least one peripheral electronic device capable of user authentication. It may be set to transmit a user authentication request to an authentication server.

Description

Method for authenticating an electronic device and the electronic device {AUTHENTICATION METHOD OF ELECTRONIC DEVICE AND METHOD OF THE SAME}

Various embodiments disclosed in this document relate to a method of authenticating an electronic device and the electronic device, for example, to a method of authenticating an electronic device through an external electronic device and the electronic device.

With the development of technology, the need for users to receive various services using multiple electronic devices is increasing. Accordingly, as multiple electronic devices are authenticated and managed and used through one user account, various issues related to authentication and management are arising. For example, when authenticating multiple electronic devices one by one, user information may need to be entered and authentication performed directly on each electronic device.

When using various user information such as user ID, password, or authentication key to authenticate an electronic device, there may be security issues due to relying on user memory or leakage.

Various embodiments disclosed in this document are intended to provide a method of performing authentication using another electronic device that has completed authentication in order to authenticate an electronic device, and the electronic device.

The technical problem to be achieved in the present disclosure is not limited to the technical problem mentioned above, and other technical problems not mentioned can be clearly understood by those skilled in the art from the description below. There will be.

An electronic device according to various embodiments disclosed in this document includes a communication circuit, a user interface module, and a processor operatively connected to the communication circuit and the user interface module, the processor capable of performing user authentication in response to a user authentication request. Identifying at least one peripheral electronic device, providing a list of the at least one peripheral electronic device capable of user authentication through the user interface module, and providing a list of the at least one peripheral electronic device capable of user authentication through an electronic device selected from the list of the at least one peripheral electronic device capable of user authentication It may be set to transmit a user authentication request to an authentication server.

A method of an electronic device according to various embodiments disclosed in this document includes the operation of checking at least one peripheral electronic device capable of user authentication for user authentication of the electronic device, and creating a list of the at least one peripheral electronic device capable of user authentication. It may include an operation of providing user authentication, and an operation of transmitting a user authentication request through an electronic device selected from the list of at least one peripheral electronic device capable of user authentication to an authentication server.

According to various embodiments, authentication of an electronic device may be performed using another electronic device for which authentication has been completed.

According to various embodiments, authentication may be performed by selecting another electronic device that will perform authentication for the electronic device.

According to various embodiments, authentication information about another electronic device that will perform authentication for the electronic device may be provided, and the other electronic device that will perform authentication may be selected accordingly to perform authentication.

In addition, various effects that can be directly or indirectly identified through this document may be provided.

In relation to the description of the drawings, identical or similar reference numerals may be used for identical or similar components .
1 is a block diagram of an electronic device in a network environment, according to various embodiments.
Figure 2 illustrates a user authentication environment of an electronic device according to various embodiments.
3 is a block diagram of an electronic device in a network environment according to various embodiments.
Figure 4 is a flowchart explaining the operation of an electronic device according to various embodiments.
FIG. 5 is a diagram illustrating an example of signal flow according to an operation between an electronic device and another electronic device and a server according to various embodiments.
FIG. 6 is a diagram illustrating another example of signal flow according to an operation between an electronic device and another electronic device and a server according to various embodiments.
FIG. 7 is a diagram illustrating an example of an authentication screen according to an authentication operation of an electronic device and another electronic device according to various embodiments.
FIG. 8 is an example of a signal flow diagram illustrating an operation in which an electronic device searches for another electronic device that can be authenticated, according to various embodiments.

1 is a block diagram of an electronic device 101 in a network environment 100, according to various embodiments. Referring to FIG. 1, in the network environment 100, the electronic device 101 communicates with the electronic device 102 through a first network 198 (e.g., a short-range wireless communication network) or a second network 199. It is possible to communicate with at least one of the electronic device 104 or the server 108 through (e.g., a long-distance wireless communication network). According to one embodiment, the electronic device 101 may communicate with the electronic device 104 through the server 108. According to one embodiment, the electronic device 101 includes a processor 120, a memory 130, an input module 150, an audio output module 155, a display module 160, an audio module 170, and a sensor module ( 176), interface 177, connection terminal 178, haptic module 179, camera module 180, power management module 188, battery 189, communication module 190, subscriber identification module 196 , or may include an antenna module 197. In some embodiments, at least one of these components (eg, the connection terminal 178) may be omitted or one or more other components may be added to the electronic device 101. In some embodiments, some of these components (e.g., sensor module 176, camera module 180, or antenna module 197) are integrated into one component (e.g., display module 160). It can be.

The processor 120, for example, executes software (e.g., program 140) to operate at least one other component (e.g., hardware or software component) of the electronic device 101 connected to the processor 120. It can be controlled and various data processing or calculations can be performed. According to one embodiment, as at least part of data processing or computation, the processor 120 stores commands or data received from another component (e.g., sensor module 176 or communication module 190) in volatile memory 132. The commands or data stored in the volatile memory 132 can be processed, and the resulting data can be stored in the non-volatile memory 134. According to one embodiment, the processor 120 includes a main processor 121 (e.g., a central processing unit or an application processor) or an auxiliary processor 123 that can operate independently or together (e.g., a graphics processing unit, a neural network processing unit ( It may include a neural processing unit (NPU), an image signal processor, a sensor hub processor, or a communication processor). For example, if the electronic device 101 includes a main processor 121 and a secondary processor 123, the secondary processor 123 may be set to use lower power than the main processor 121 or be specialized for a designated function. You can. The auxiliary processor 123 may be implemented separately from the main processor 121 or as part of it.

The auxiliary processor 123 may, for example, act on behalf of the main processor 121 while the main processor 121 is in an inactive (e.g., sleep) state, or while the main processor 121 is in an active (e.g., application execution) state. ), together with the main processor 121, at least one of the components of the electronic device 101 (e.g., the display module 160, the sensor module 176, or the communication module 190) At least some of the functions or states related to can be controlled. According to one embodiment, co-processor 123 (e.g., image signal processor or communication processor) may be implemented as part of another functionally related component (e.g., camera module 180 or communication module 190). there is. According to one embodiment, the auxiliary processor 123 (eg, neural network processing unit) may include a hardware structure specialized for processing artificial intelligence models. Artificial intelligence models can be created through machine learning. For example, such learning may be performed in the electronic device 101 itself on which the artificial intelligence model is performed, or may be performed through a separate server (e.g., server 108). Learning algorithms may include, for example, supervised learning, unsupervised learning, semi-supervised learning, or reinforcement learning, but It is not limited. An artificial intelligence model may include multiple artificial neural network layers. Artificial neural networks include deep neural network (DNN), convolutional neural network (CNN), recurrent neural network (RNN), restricted boltzmann machine (RBM), belief deep network (DBN), bidirectional recurrent deep neural network (BRDNN), It may be one of deep Q-networks or a combination of two or more of the above, but is not limited to the examples described above. In addition to hardware structures, artificial intelligence models may additionally or alternatively include software structures.

The memory 130 may store various data used by at least one component (eg, the processor 120 or the sensor module 176) of the electronic device 101. Data may include, for example, input data or output data for software (e.g., program 140) and instructions related thereto. Memory 130 may include volatile memory 132 or non-volatile memory 134.

The program 140 may be stored as software in the memory 130 and may include, for example, an operating system 142, middleware 144, or application 146.

The input module 150 may receive commands or data to be used in a component of the electronic device 101 (e.g., the processor 120) from outside the electronic device 101 (e.g., a user). The input module 150 may include, for example, a microphone, mouse, keyboard, keys (eg, buttons), or digital pen (eg, stylus pen).

The sound output module 155 may output sound signals to the outside of the electronic device 101. The sound output module 155 may include, for example, a speaker or a receiver. Speakers can be used for general purposes such as multimedia playback or recording playback. The receiver can be used to receive incoming calls. According to one embodiment, the receiver may be implemented separately from the speaker or as part of it.

The display module 160 can visually provide information to the outside of the electronic device 101 (eg, a user). The display module 160 may include, for example, a display, a hologram device, or a projector, and a control circuit for controlling the device. According to one embodiment, the display module 160 may include a touch sensor configured to detect a touch, or a pressure sensor configured to measure the intensity of force generated by the touch.

The audio module 170 can convert sound into an electrical signal or, conversely, convert an electrical signal into sound. According to one embodiment, the audio module 170 acquires sound through the input module 150, the sound output module 155, or an external electronic device (e.g., directly or wirelessly connected to the electronic device 101). Sound may be output through the electronic device 102 (e.g., speaker or headphone).

The sensor module 176 detects the operating state (e.g., power or temperature) of the electronic device 101 or the external environmental state (e.g., user state) and generates an electrical signal or data value corresponding to the detected state. can do. According to one embodiment, the sensor module 176 includes, for example, a gesture sensor, a gyro sensor, an air pressure sensor, a magnetic sensor, an acceleration sensor, a grip sensor, a proximity sensor, a color sensor, an IR (infrared) sensor, a biometric sensor, It may include a temperature sensor, humidity sensor, or light sensor.

The interface 177 may support one or more designated protocols that can be used to connect the electronic device 101 directly or wirelessly with an external electronic device (eg, the electronic device 102). According to one embodiment, the interface 177 may include, for example, a high definition multimedia interface (HDMI), a universal serial bus (USB) interface, an SD card interface, or an audio interface.

The connection terminal 178 may include a connector through which the electronic device 101 can be physically connected to an external electronic device (eg, the electronic device 102). According to one embodiment, the connection terminal 178 may include, for example, an HDMI connector, a USB connector, an SD card connector, or an audio connector (eg, a headphone connector).

The haptic module 179 can convert electrical signals into mechanical stimulation (e.g., vibration or movement) or electrical stimulation that the user can perceive through tactile or kinesthetic senses. According to one embodiment, the haptic module 179 may include, for example, a motor, a piezoelectric element, or an electrical stimulation device.

The camera module 180 can capture still images and moving images. According to one embodiment, the camera module 180 may include one or more lenses, image sensors, image signal processors, or flashes.

The power management module 188 can manage power supplied to the electronic device 101. According to one embodiment, the power management module 188 may be implemented as at least a part of, for example, a power management integrated circuit (PMIC).

The battery 189 may supply power to at least one component of the electronic device 101. According to one embodiment, the battery 189 may include, for example, a non-rechargeable primary battery, a rechargeable secondary battery, or a fuel cell.

Communication module 190 is configured to provide a direct (e.g., wired) communication channel or wireless communication channel between electronic device 101 and an external electronic device (e.g., electronic device 102, electronic device 104, or server 108). It can support establishment and communication through established communication channels. Communication module 190 operates independently of processor 120 (e.g., an application processor) and may include one or more communication processors that support direct (e.g., wired) communication or wireless communication. According to one embodiment, the communication module 190 is a wireless communication module 192 (e.g., a cellular communication module, a short-range wireless communication module, or a global navigation satellite system (GNSS) communication module) or a wired communication module 194 (e.g., : LAN (local area network) communication module, or power line communication module) may be included. Among these communication modules, the corresponding communication module is a first network 198 (e.g., a short-range communication network such as Bluetooth, wireless fidelity (WiFi) direct, or infrared data association (IrDA)) or a second network 199 (e.g., legacy It may communicate with an external electronic device 104 through a telecommunication network such as a cellular network, a 5G network, a next-generation communication network, the Internet, or a computer network (e.g., LAN or WAN). These various types of communication modules may be integrated into one component (e.g., a single chip) or may be implemented as a plurality of separate components (e.g., multiple chips). The wireless communication module 192 uses subscriber information (e.g., International Mobile Subscriber Identifier (IMSI)) stored in the subscriber identification module 196 within a communication network such as the first network 198 or the second network 199. The electronic device 101 can be confirmed or authenticated.

The wireless communication module 192 may support 5G networks after 4G networks and next-generation communication technologies, for example, NR access technology (new radio access technology). NR access technology provides high-speed transmission of high-capacity data (eMBB (enhanced mobile broadband)), minimization of terminal power and access to multiple terminals (mMTC (massive machine type communications)), or high reliability and low latency (URLLC (ultra-reliable and low latency). -latency communications)) can be supported. The wireless communication module 192 may support high frequency bands (eg, mmWave bands), for example, to achieve high data rates. The wireless communication module 192 uses various technologies to secure performance in high frequency bands, for example, beamforming, massive array multiple-input and multiple-output (MIMO), and full-dimensional multiplexing. It can support technologies such as input/output (FD-MIMO: full dimensional MIMO), array antenna, analog beam-forming, or large scale antenna. The wireless communication module 192 may support various requirements specified in the electronic device 101, an external electronic device (e.g., electronic device 104), or a network system (e.g., second network 199). According to one embodiment, the wireless communication module 192 supports Peak data rate (e.g., 20 Gbps or more) for realizing eMBB, loss coverage (e.g., 164 dB or less) for realizing mmTC, or U-plane latency (e.g., 164 dB or less) for realizing URLLC. Example: Downlink (DL) and uplink (UL) each of 0.5 ms or less, or round trip 1 ms or less) can be supported.

The antenna module 197 may transmit or receive signals or power to or from the outside (eg, an external electronic device). According to one embodiment, the antenna module 197 may include an antenna including a radiator made of a conductor or a conductive pattern formed on a substrate (eg, PCB). According to one embodiment, the antenna module 197 may include a plurality of antennas (eg, an array antenna). In this case, at least one antenna suitable for a communication method used in a communication network such as the first network 198 or the second network 199 is connected to the plurality of antennas by, for example, the communication module 190. can be selected Signals or power may be transmitted or received between the communication module 190 and an external electronic device through the at least one selected antenna. According to some embodiments, in addition to the radiator, other components (eg, radio frequency integrated circuit (RFIC)) may be additionally formed as part of the antenna module 197.

According to various embodiments, the antenna module 197 may form a mmWave antenna module. According to one embodiment, a mmWave antenna module includes: a printed circuit board, an RFIC disposed on or adjacent to a first side (e.g., bottom side) of the printed circuit board and capable of supporting a designated high frequency band (e.g., mmWave band); And a plurality of antennas (e.g., array antennas) disposed on or adjacent to the second side (e.g., top or side) of the printed circuit board and capable of transmitting or receiving signals in the designated high frequency band. can do.

At least some of the components are connected to each other through a communication method between peripheral devices (e.g., bus, general purpose input and output (GPIO), serial peripheral interface (SPI), or mobile industry processor interface (MIPI)) and signal ( (e.g. commands or data) can be exchanged with each other.

According to one embodiment, commands or data may be transmitted or received between the electronic device 101 and the external electronic device 104 through the server 108 connected to the second network 199. Each of the external electronic devices 102 or 104 may be of the same or different type as the electronic device 101. According to one embodiment, all or part of the operations performed in the electronic device 101 may be executed in one or more of the external electronic devices 102, 104, or 108. For example, when the electronic device 101 needs to perform a certain function or service automatically or in response to a request from a user or another device, the electronic device 101 may perform the function or service instead of executing the function or service on its own. Alternatively, or additionally, one or more external electronic devices may be requested to perform at least part of the function or service. One or more external electronic devices that have received the request may execute at least part of the requested function or service, or an additional function or service related to the request, and transmit the result of the execution to the electronic device 101. The electronic device 101 may process the result as is or additionally and provide it as at least part of a response to the request. For this purpose, for example, cloud computing, distributed computing, mobile edge computing (MEC), or client-server computing technology can be used. The electronic device 101 may provide an ultra-low latency service using, for example, distributed computing or mobile edge computing. In another embodiment, the external electronic device 104 may include an Internet of Things (IoT) device. Server 108 may be an intelligent server using machine learning and/or neural networks. According to one embodiment, the external electronic device 104 or server 108 may be included in the second network 199. The electronic device 101 may be applied to intelligent services (e.g., smart home, smart city, smart car, or healthcare) based on 5G communication technology and IoT-related technology. .

Electronic devices according to various embodiments disclosed in this document may be of various types. Electronic devices may include, for example, portable communication devices (e.g., smartphones), computer devices, portable multimedia devices, portable medical devices, cameras, wearable devices, or home appliances. Electronic devices according to embodiments of this document are not limited to the above-described devices.

The various embodiments of this document and the terms used herein are not intended to limit the technical features described in this document to specific embodiments, and should be understood to include various changes, equivalents, or replacements of the embodiments. In connection with the description of the drawings, similar reference numbers may be used for similar or related components. The singular form of a noun corresponding to an item may include one or more of the above items, unless the relevant context clearly indicates otherwise. As used herein, “A or B”, “at least one of A and B”, “at least one of A or B”, “A, B or C”, “at least one of A, B and C”, and “A Each of phrases such as “at least one of , B, or C” may include any one of the items listed together in the corresponding phrase, or any possible combination thereof. Terms such as "first", "second", or "first" or "second" may be used simply to distinguish one component from another, and to refer to that component in other respects (e.g., importance or order) is not limited. One (e.g., first) component is said to be “coupled” or “connected” to another (e.g., second) component, with or without the terms “functionally” or “communicatively.” When mentioned, it means that any of the components can be connected to the other components directly (e.g. wired), wirelessly, or through a third component.

The term “module” used in various embodiments of this document may include a unit implemented in hardware, software, or firmware, and is interchangeable with terms such as logic, logic block, component, or circuit, for example. It can be used as A module may be an integrated part or a minimum unit of the parts or a part thereof that performs one or more functions. For example, according to one embodiment, the module may be implemented in the form of an application-specific integrated circuit (ASIC).

Various embodiments of the present document are one or more instructions stored in a storage medium (e.g., built-in memory 136 or external memory 138) that can be read by a machine (e.g., electronic device 101). It may be implemented as software (e.g., program 140) including these. For example, a processor (e.g., processor 120) of a device (e.g., electronic device 101) may call at least one command among one or more commands stored from a storage medium and execute it. This allows the device to be operated to perform at least one function according to the at least one instruction called. The one or more instructions may include code generated by a compiler or code that can be executed by an interpreter. A storage medium that can be read by a device may be provided in the form of a non-transitory storage medium. Here, 'non-transitory' only means that the storage medium is a tangible device and does not contain signals (e.g. electromagnetic waves), and this term refers to cases where data is semi-permanently stored in the storage medium. There is no distinction between temporary storage cases.

According to one embodiment, methods according to various embodiments disclosed in this document may be included and provided in a computer program product. Computer program products are commodities and can be traded between sellers and buyers. The computer program product may be distributed in the form of a machine-readable storage medium (e.g. compact disc read only memory (CD-ROM)) or through an application store (e.g. Play StoreTM) or on two user devices (e.g. It can be distributed (e.g. downloaded or uploaded) directly between smart phones) or online. In the case of online distribution, at least a portion of the computer program product may be at least temporarily stored or temporarily created in a machine-readable storage medium, such as the memory of a manufacturer's server, an application store's server, or a relay server.

According to various embodiments, each component (e.g., module or program) of the above-described components may include a single or plural entity, and some of the plurality of entities may be separately placed in other components. there is. According to various embodiments, one or more of the components or operations described above may be omitted, or one or more other components or operations may be added. Alternatively or additionally, multiple components (eg, modules or programs) may be integrated into a single component. In this case, the integrated component may perform one or more functions of each component of the plurality of components in the same or similar manner as those performed by the corresponding component of the plurality of components prior to the integration. . According to various embodiments, operations performed by a module, program, or other component may be executed sequentially, in parallel, iteratively, or heuristically, or one or more of the operations may be executed in a different order, or omitted. Alternatively, one or more other operations may be added.

2 and 3 illustrate a user authentication environment of an electronic device according to various embodiments.

2 and 3, the electronic device 210 (e.g., the electronic device 101 in FIG. 1) communicates with the authentication server 230 (e.g., the server 108 in FIG. 1) to perform authentication. Thus, user authentication can be performed using the external electronic device 220 (e.g., the electronic device 102 or 104 of FIG. 1). The electronic device 210 and the external electronic device 220 may be of the same or different form. The electronic device 210 and the external electronic device 220 may include, for example, a portable communication device (e.g., a smartphone), a computer device, a portable multimedia device, a portable medical device, a camera, or a wearable device. , or may include home appliances.

According to various embodiments, the electronic device 210 and the authentication server 230 transmit and receive encrypted data based on various security technologies for performing personal authentication, such as the FIDO (fast identity online) standard, and store the received data. It can be decrypted.

According to various embodiments, the authentication server 230 may store authentication-related information about various electronic devices capable of user authentication in the database 231. Authentication-related information may include various information such as user ID, account information, device number of the authenticated electronic device, address information such as IP address, authentication method of the authenticated electronic device, and encryption key used for authentication encryption. For example, the authentication server 230 provides, for example, a pin number to the electronic device 210 for authentication of the electronic device 210, and the pin number provided accordingly is input through the external electronic device 220 that can be authenticated. Once this is done, authentication for the electronic device 210 can be successfully completed and the electronic device 210 can be registered. Here, the authentication server 230 and the management server 240 are described as independent servers, but the management server 240 may be integrated into the authentication server 230.

According to various embodiments, upon completion of user authentication, the authentication server 230 may transmit the corresponding activity to the management server 240 and store it in the database 241. The management server 240 may store various activities including authentication that the electronic device 210 performs over the network and confirm the security level of the authenticated electronic device 210 through them. Authentication-related activities managed by the management server 240 include, for example, various authentication-related information such as the number of authentication attempts, authentication attempt location, security method, and security setting level, and user activity-related information such as the number of sign ins and subscriptions. may include.

According to various embodiments, the authentication server 230 may include components that are substantially the same as at least one of the components of the electronic device 210. For example, the authentication server 230 may include a communication module, memory, and a processor. The components of authentication server 230 may be operatively or electrically connected to each other. The communication module of the authentication server 230 may support data communication over a network between the authentication server 230 and external electronic devices (e.g., electronic device 210, external electronic device 220, management server 240). . When executed by the processor, the memory of the authentication server 230 authenticates user account information by performing data communication (e.g., end-to-end encrypted communication) with the electronic device 210 and the external electronic device 220 through a network. When authentication is successfully completed, authentication for the electronic device 210 can be completed and registration can be performed. Although not shown, the authentication server 230 may include a login server or may communicate with a separate login server to log in to the electronic device 210 for which authentication has been completed.

According to various embodiments, when the authentication server 230 receives a request for user authentication from the electronic device 210, the authentication server 230 transmits a user authentication request in the form of a push message to the external electronic device 220 capable of user authentication, for example, to the external electronic device (210). When user authentication is performed through 220), authentication for the electronic device 210 can be successfully completed and the user can log in to the account through the login server. In this case, the electronic device 210 may request user authentication from the authentication server 230 by specifying the external electronic device 220 that wishes to perform user authentication.

According to various embodiments, the electronic device 210 includes a processor 211 (e.g., processor 120 of FIG. 1), a memory 215 (e.g., memory 130 of FIG. 1), and a user interface module 213. (e.g., display module 160, input module 150, sound output module 155 and/or audio module 170, sensor module 176 in FIG. 1), communication circuit 217 (e.g., FIG. 1 It may include a communication module 190). In some embodiments, at least one of these components may be omitted or some components (eg, the antenna module 197 of FIG. 1) may be added to the electronic device 210. For convenience of description below, descriptions that overlap with the description of the components of the electronic device 101 of FIG. 1 may be omitted.

According to one embodiment, the processor 211 of the electronic device 210 may search for an external electronic device 220 that can be authenticated through the first communication module 217 of the communication circuit 217 for user authentication. Through this, the processor 211 obtains information about various authentication methods supported by the external electronic device 220, such as PIN code input, fingerprint recognition, biometrics, or QR code, the number of login attempts, Various information such as IP address and location information can be obtained.

According to various embodiments, the memory 215 may store various data such as basic programs, application programs, and setting information for operation of the electronic device 210. The memory 215 may be comprised of volatile memory, non-volatile memory, or a combination of volatile memory and non-volatile memory. The memory 215 may provide stored data according to the request of the processor 211.

According to various embodiments, the user interface module 213 may provide authentication information (e.g., a pin number) to the outside of the electronic device 210 (e.g., a user) as visual information or audio information.

According to one embodiment, the user interface module 213 includes a touch detection circuit (or touch sensor) (not shown), a pressure sensor capable of measuring the intensity of touch, and/or a touch sensor capable of detecting a magnetic field-type stylus pen. It may include a touch screen that includes a panel (e.g., a digitizer). According to one embodiment, the touch screen is a liquid crystal display (LCD), an organic light emitted diode (OLED), an active matrix organic light emitted diode (AMOLED), a flexible display, or an expandable display. display) may be included. According to one embodiment, the user interface module 213 may provide various information and/or guidance to guide the authentication operation through various visual information.

According to one embodiment, the user interface module 213 includes a microphone, mouse, and keyboard for receiving commands or data to be used for the authentication operation of the electronic device 210 from the outside of the electronic device 101 (e.g., a user). , or keys (e.g. buttons). According to one embodiment, the user interface module 213 may include a speaker and provide various information and/or guidance to guide the authentication operation through voice information.

According to various embodiments, the communication circuit 217 supports data communication over a network between the electronic device 210 and an external electronic device (e.g., the external electronic device 220, the authentication server 230, or the management server 230). You can. According to one embodiment, the communication circuit 217 is an electronic device 210 based on DLNA (digital living network alliance), BLE, UWB, Zigbee, and/or Wi-Fi (wireless fidelity) 2.4GHz utilizing a home network. To support wireless communication of the electronic device 210 through the first communication module 218 and a second network (e.g., cellular network) (e.g., the second network 199 in FIG. 1) configured to support wireless communication. It may include a set second communication module 219. For example, the processor of the electronic device 210 may communicate with the external electronic device 220 through the first communication module 218. For example, the electronic device 210 may communicate with the authentication server 230 using the second communication module 219.

According to various embodiments, the electronic device 210 may additionally include a biometric sensor (not shown) (e.g., the sensor module 176 in FIG. 1) to generate data used to recognize the user's biometric information. there is. For example, the biometric sensor may include a fingerprint sensor that detects the user's fingerprint and/or an image sensor (eg, an infrared sensor) that detects the user's iris or facial features.

According to various embodiments, the electronic device 210 and the external electronic device 220 may be electronic devices capable of communication within a home network or local network using the same IP address. For example, various information can be transmitted and received by performing WiFi-based DLNA communication within the home network of the electronic device 210 and the external electronic device 220.

According to various embodiments, an electronic device (e.g., the electronic device 101 of FIG. 1 or the electronic device 210 of FIG. 2 or 3) includes a communication circuit (e.g., the communication circuit 217 of FIG. 3) and a user interface. A module (e.g., user interface module 213 in FIG. 3), and a processor (e.g., processor 211 in FIG. 3) operatively connected to the communication circuit and the user interface module, wherein the processor performs user authentication. Upon request, the user interface module checks at least one peripheral electronic device capable of user authentication (e.g., the external electronic device 220 of FIG. 2 or 3) and lists the at least one peripheral electronic device capable of user authentication. and may be set to transmit a user authentication request through an electronic device selected from the list of at least one peripheral electronic device capable of user authentication to an authentication server.

According to various embodiments, the list of the at least one nearby electronic device may be generated based on authentication-related information of the at least one nearby electronic device.

According to various embodiments, the authentication-related information may include at least one of device identification information, location information, security level, or authentication method of the at least one nearby electronic device.

According to various embodiments, the processor may search for the at least one nearby electronic device through a short-range communication network and obtain the authentication-related information from the searched at least one nearby electronic device.

According to various embodiments, the processor may be configured to obtain at least one of a list of the at least one peripheral electronic device capable of user authentication or the authentication-related information from an authentication server.

According to various embodiments, the processor transmits a multicast message to search for the at least one nearby electronic device, and obtains the authentication-related information from the at least one nearby electronic device that responds to the multicast message, It may be set to request user authentication through the selected electronic device through the authentication server.

According to various embodiments, the processor may generate a priority based on the authentication-related information of the at least one nearby electronic device and provide a list of the at least one nearby electronic device according to the priority. .

According to various embodiments, the processor may provide the list with different colors according to the priority.

According to various embodiments, the priority may be generated based on a security level among the authentication-related information.

According to various embodiments, the processor may be set to check whether authentication through the selected electronic device is successful through the authentication server and perform user sign-in based on the successful authentication.

Figure 4 is a flowchart explaining the operation of an electronic device according to various embodiments.

Referring to FIG. 4, the processor (e.g., processor 211 of FIG. 3) of an electronic device (e.g., electronic device 210 of FIG. 2 or 3) uses a communication circuit (e.g., communication circuit 217 of FIG. 3). ) to communicate with an authentication server (e.g., the authentication server 230 in FIG. 2 or 3) and an external electronic device (e.g., the external electronic device 230 in FIG. 2 or 3), and Through this, the overall operation of the electronic device can be controlled to perform user authentication for the electronic device.

According to one embodiment, the processor of the electronic device may search for a device capable of user authentication in operation 401.

When an input for user authentication is received, the processor of the electronic device may refer to the user authentication history and, if user authentication is allowed, provide a user interface for user authentication to start the user authentication operation. User authentication history may include, for example, the number of attempts to register or sign-in with a user account during a specified period, the login request and success of the account, IP address, or location information. For example, the processor may consider whether the number of login failures in a given period is less than a specified number (e.g. 5), the number of successful attempts is more than a specified number (e.g. 10), and/or IP address changes are considered low security risks. User authentication can be simplified and a user interface can be provided.

According to one embodiment, the processor of the electronic device uses a multicast method, for example, using the DLNA function, to other nearby electronic devices existing in the same local network including the external electronic device to search for an authenticable device. In this way, a message can be transmitted and a device identifier can be received from other nearby electronic devices that respond. At this time, the device identifier or authenticable user information can be received in hashed or encrypted form.

According to one embodiment, the processor of the electronic device performs communication with other nearby electronic devices existing in the same local network, including external electronic devices, and, for example, utilizes the DLNA function to communicate with other nearby electronic devices. Service information, such as authentication-related information, may be obtained along with the device identifier or through additional requests. The processor of the electronic device may check whether authentication is possible based on the acquired authentication-related information. Authentication-related information may include, for example, device identifier, model information, location or IP address, security level, supported user authentication methods, and/or product images (e.g., homepage address that provides product images). Supported user authentication methods may include, for example, pin code, fingerprint recognition, face recognition, pupil recognition, QR code authentication method, etc.

According to another embodiment, the processor of the electronic device may transmit a user account identifier (ID) requiring authentication to other nearby electronic devices, including an external electronic device, and request confirmation whether user authentication is possible. Accordingly, the processor can obtain authentication-related information through response messages received from other electronic devices capable of user authentication.

According to another embodiment, when the processor of the electronic device cannot obtain information about the device that can be authenticated directly from other surrounding electronic devices, including external electronic devices, the processor of the electronic device transmits the user account identifier to the authentication server and requests it. You can obtain a list of devices that can be authenticated.

According to various embodiments, in operation 403, the processor of the electronic device may receive a selection of an external electronic device that can be authenticated through the user interface module (e.g., the user interface module 213 of FIG. 3) of the electronic device.

According to one embodiment, the processor of the electronic device obtains authentication-related information about an authenticable device from other surrounding electronic devices, including external electronic devices, and based on this, displays a display including a touch screen or a non-touch screen, or a speaker. Authentication capable device information can be provided through . As described above with reference to FIG. 2 , electronic devices may include portable communication devices (eg, smartphones), computer devices, portable multimedia devices, portable medical devices, cameras, wearable devices, or various home appliance devices. Accordingly, if the electronic device includes a display, the processor provides authentication-related information about the authenticable device as visual information through the display, or if the electronic device includes a speaker, separately or in addition to this, audio information through the speaker. It can be provided as . According to one embodiment, when the electronic device is implemented as a refrigerator, authentication-related information such as information about nearby authentication-capable devices (e.g., TV, speaker, PC) and authentication code can be provided as voice guidance through the speaker of the refrigerator. there is. For example, a voice guidance such as “You can authenticate through a TV, speaker, or PC”, “The authentication code is 1234”, or “Please tell us which device will perform authentication” can be output through the refrigerator’s speaker. . Accordingly, when the user selects authentication through the TV, the TV inputs the authentication code as visual information through the display or as audio information through the speaker, such as “An authentication request has been received from the refrigerator” or “Please tell me the authentication code.” I can guide you. Accordingly, the user can perform authentication by entering the authentication code through screen input through a remote control or voice input through a microphone.

According to one embodiment, when the electronic device is implemented as a TV, for example, an authentication code may be provided along with information about nearby authentication-enabled devices (for example, a washing machine or a speaker) through the display of the TV. Accordingly, when the user selects the refrigerator, the refrigerator will say through the equipped speaker, “An authentication request has been received from the TV.” Authentication-related information such as “Please tell me the authentication code on the TV screen” can be provided through voice guidance. Accordingly, when the user utters an authentication code such as “1234,” the refrigerator receives the authentication code through the equipped microphone, recognizes it, and performs authentication. When authentication is complete, it provides voice guidance such as “Authentication is complete.” You can.

According to one embodiment, the processor of the electronic device may, for example, select other electronic devices that can be authenticated, such as the degree of ease of authentication based on location information such as the distance from the electronic device, the degree of security of the supported authentication method, the number of login failures, or Based on security information, such as whether the device is used by multiple users, authentication-related information can be generated and provided through a user interface module, etc.

According to one embodiment, the processor of the electronic device may determine the degree of ease of authentication based on location information such as the distance from the electronic device, the security level of the supported authentication method, the number of login failures, or security such as whether the device is used by multiple users. Based on the level information, priorities for authentication-capable devices can be set, sorted according to priority, and provided as authentication-related information. For example, pin code authentication through fingerprint, SMS, or email can be confirmed to have a higher level of security than facial recognition. In particular, user authentication by comparing ID card with entered information or using bank account information can be considered to have a very high level of security. Additionally, devices that change location frequently, are used by multiple users, or have many login failures can be identified as having a low level of security.

According to one embodiment, the processor can check the security level of devices that can be authenticated by dividing them into three levels, for example, using different colors, letters, or numbers.

According to various embodiments, in operation 405, the processor of the electronic device may request authentication through the selected electronic device (hereinafter referred to as the external electronic device 220) to an authentication server.

According to one embodiment, the processor of the electronic device may transmit an authentication request message including user account information and information about the selected external electronic device, for example, a device identifier, to the authentication server. At this time, information such as device identifiers can also be encrypted in a symmetric or asymmetric manner. In particular, in the case of asymmetric encryption, a public key signature method can be used, and in this case, the public key can be provided in advance or included in the authentication request.

According to various embodiments, the processor of the electronic device may confirm that user authentication has been completed successfully or failed through the authentication server in operation 407.

According to one embodiment, the authentication server that receives the authentication request through the external electronic device selected from the electronic device determines whether the selected external electronic device is an authentication capable device, for example, a management server (e.g., the management server 240 of FIG. 2 or FIG. 3). )), and user authentication can be requested with a confirmed external electronic device. In this case, the authentication server may transmit an authentication request to the external electronic device in the form of email, SMS, or push message. Accordingly, when user authentication is accepted by the external electronic device, a corresponding response message may be transmitted to the authentication server. At this time, the response message may be encrypted. In particular, in the external device 220, authentication that relies on the user's memory, such as biometric information such as fingerprint, pupil, or face recognition, PIN, or a pattern forming a certain line on the touch screen or password, is verified by the device itself, and the results are displayed. It can be encrypted and transmitted using a pre-registered encryption key. The encryption method may also be a public key method, and in particular, a public key signature method may be used. The authentication server may decrypt the encrypted authentication result to confirm that the authentication information has been successfully delivered, check the authentication result information on the device, and record in the management server 240 that user authentication has been successfully completed. According to one embodiment, when the electronic device confirms that authentication has been successfully completed, it may request sign in to the sign in server accordingly. The login server transmits the login record for the electronic device for which login has been completed to the management server 240 to record it, and thus the electronic device can be registered as a device capable of user authentication.

According to one embodiment, the authentication server determines whether there is a security risk or security requirements for the resource to be accessed by referring to authentication-related information of the selected external electronic device, such as information such as the number of authentication attempts and the location of the authentication attempt. In high cases, additional authentication may be requested to be performed through an electronic device other than the selected external electronic device. In this case, if additional user authentication is required for security purposes, the authentication server requests a different authentication method from the same device, or sends an authentication confirmation request to another electronic device, and authenticates based on user confirmation through the other electronic device that received the request. It can be completed.

FIG. 5 is a diagram illustrating an example of signal flow according to an operation between an electronic device and another electronic device and a server according to various embodiments.

Referring to FIG. 5, the first electronic device 501 (e.g., the electronic device 210 of FIG. 2 or 3) includes an authentication server 503 (e.g., the authentication server 230 of FIG. 2 or 3) and /or perform communication with the second electronic device 502 (e.g., the external electronic device 230 in FIG. 2 or 3), and provide user access to the first electronic device 501 through the second electronic device 502 Authentication can be performed. The login server 504 may also be referred to as a registration server, and may be implemented separately from the authentication server 503 or integrated into the authentication server 503. The management server 505 can record and manage user activity records related to electronic devices, and may be implemented separately from the authentication server 503 or integrated with the authentication server 503.

According to one embodiment, the second electronic device 502 may be a device registered with the login server 504 as an authentication-capable device through operations 511 to 515. To this end, the second electronic device 502 requests login through the authentication server 503 in operation 511, and when authentication and login are completed, the log-in activity record is sent by the login server to the management server (503) in operation 513. 505), and may be registered as an authentication-capable device in the login server 504 in operation 515. At this time, in order to safely deliver the authentication result when user authentication is required in the future, the second electronic device 502 may register the encryption key in the authentication server 503. In particular, the encryption key may be a public key encryption method. In this case, the second electronic device 502 generates a private key and a public key and transmits the public key to the authentication server 503. This takes into account the public key signature method. When transmitting authentication information to the authentication server 503 in the future, the authentication result from the device is encrypted with a private key, and the authentication server 503 uses the public key registered from the device to obtain the authentication result. It allows you to confirm that it has not been forged or altered.

The first electronic device 501 may search for a device capable of user authentication in operation 521 according to the input for user authentication.

According to one embodiment, the processor of the electronic device sends a request message to other nearby electronic devices existing in the same local network including the second electronic device 502, for example, in a multicast manner using the DLNA function. can be transmitted and a device identifier can be received from other nearby electronic devices that respond. The device identifier can be received in hashed or encrypted form.

According to one embodiment, the first electronic device 501 communicates with other nearby electronic devices existing in the same local network, including the second electronic device 502, for example, by utilizing the DLNA function. Service information, for example, authentication-related information, can be obtained from other nearby electronic devices together with a device identifier or through an additional request. The first electronic device 501 may check whether authentication is possible based on the acquired authentication-related information. Authentication-related information may include, for example, device identifier, model information, location or IP address, security level, supported user authentication methods, and/or product images (e.g., homepage address that provides product images). Supported user authentication methods may include, for example, pin code, fingerprint recognition, face recognition, pupil recognition, and QR code authentication methods.

According to another embodiment, the first electronic device 501 transmits a user account identifier (ID) requiring authentication to other nearby electronic devices, including the second electronic device 502, and requests confirmation whether user authentication is possible. You can. Accordingly, the processor can obtain authentication-related information through response messages received from other electronic devices capable of user authentication.

According to one embodiment, the first electronic device 501 selects a device for which authentication is desired based on authentication-related information about devices that can be authenticated from other nearby electronic devices, including the second electronic device 502. Information about devices that can be authenticated can be provided to the user.

According to one embodiment, information about devices that can be authenticated includes the degree of ease of authentication according to location information such as the distance from the first electronic device 501, the degree of security of the supported authentication method, the number of login failures, or the number of It may include authentication-related information generated based on security information such as whether the device is being used by the user.

According to various embodiments, in operation 405, the first electronic device 501 may request authentication through the selected electronic device (hereinafter referred to as the second electronic device 502 or 220) to an authentication server.

According to various embodiments, the first electronic device 501 may transmit a message requesting authentication through the selected authenticable second electronic device 502 to the authentication server 503 in operation 523.

According to one embodiment, the first electronic device 501 sends an authentication request message including user account information and information about the selected second electronic device 502, for example, a device identifier of the second electronic device 502. It can be transmitted to the authentication server 503.

According to one embodiment, the authentication server 503, which has received an authentication request through the second electronic device 502 selected from the first electronic device 501, authenticates the selected second electronic device 502 in operation 525. It is confirmed whether the device is capable, and in operation 527, a user authentication request may be transmitted to the confirmed second electronic device 502. In this case, the authentication server may transmit an authentication request to the second electronic device 502 in the form of email, SMS, or push message. Accordingly, if user authentication is accepted by the second electronic device 502 in operation 529, a response message notifying completion of authentication may be transmitted to the authentication server 503 in operation 531. At this time, the authentication result can be encrypted, and the private key corresponding to the public key registered in the registration step 515 as an authentication capable device can be used. The authentication server 503 may transmit a message notifying that user authentication has been successfully completed in operation 533 so that the authentication activity is recorded in the management server 505 .

According to one embodiment, the first electronic device 501 may check whether authentication has been successfully completed through the authentication server 503 in operation 535. If it is confirmed that authentication has been completed, the first electronic device 501 may request sign in through the authentication server 503 or to the homepage login server 504. The login server 504 transmits the login record for the first electronic device 501 for which login has been completed to the management server 505 to record it. Accordingly, the first electronic device 501 is configured to perform user authentication in operation 541. It can be registered as a device.

FIG. 6 is a diagram illustrating another example of signal flow according to an operation between an electronic device and another electronic device and a server according to various embodiments.

Referring to FIG. 6, the first electronic device 601 (e.g., the electronic device 210 of FIG. 2 or 3) includes an authentication server 603 (e.g., the authentication server 230 of FIG. 2 or 3) and /or perform communication with the second electronic device 602 (e.g., the external electronic device 230 in FIG. 2 or 3), and provide user access to the first electronic device 601 through the second electronic device 602 Authentication can be performed. The login server 604 may also be referred to as a registration server, and may be implemented separately from the authentication server 603 or integrated into the authentication server 603. The management server 605 can record and manage user activity records related to electronic devices, and may be implemented separately from the authentication server 603 or integrated with the authentication server 603.

According to one embodiment, the second electronic device 601 may be a device registered with the login server 604 as an authentication-capable device through operations 611 to 615. To this end, the second electronic device 602 requests login through the authentication server 603 in operation 611, and when authentication and login are completed, the log-in activity record is sent by the login server to the management server (603) in operation 613. 605), and may be registered as an authentication-capable device in the login server 604 in operation 615.

The first electronic device 601 may search for a device capable of user authentication in operation 621 according to the input for user authentication.

According to one embodiment, the processor of the electronic device sends a request message to other nearby electronic devices existing in the same local network including the second electronic device 602, for example, in a multicast manner using the DLNA function. can be transmitted and a device identifier can be received from other nearby electronic devices that respond. The device identifier can be received in hashed or encrypted form.

According to one embodiment, the first electronic device 601 communicates with other nearby electronic devices existing in the same local network, including the second electronic device 602, for example, by utilizing the DLNA function. Service information, for example, authentication-related information, can be obtained from other nearby electronic devices together with a device identifier or through an additional request. The first electronic device 601 can check whether authentication is possible based on the acquired authentication-related information. Authentication-related information may include, for example, device identifier, model information, location or IP address, security level, supported user authentication methods, and/or product images (e.g., homepage address that provides product images). Supported user authentication methods may include, for example, pin code, fingerprint recognition, face recognition, pupil recognition, and QR code authentication methods.

According to another embodiment, the first electronic device 601 transmits a user account identifier (ID) requiring authentication to other nearby electronic devices, including the second electronic device 602, and requests confirmation whether user authentication is possible. You can. Accordingly, the processor can obtain authentication-related information through response messages received from other electronic devices capable of user authentication.

According to one embodiment, the first electronic device 601 selects a device for which authentication is desired based on authentication-related information about devices that can be authenticated from other nearby electronic devices, including the second electronic device 602. Information about devices that can be authenticated can be provided to the user.

According to one embodiment, information about devices that can be authenticated includes the degree of ease of authentication according to location information such as the distance from the first electronic device 601, the degree of security level of the supported authentication method, the number of login failures, or the number of It may include authentication-related information generated based on security information such as whether the device is being used by the user.

According to one embodiment, when the processor of the electronic device cannot obtain information about an authenticable device directly from other nearby electronic devices including the second electronic device 602, the processor of the electronic device generates a user account identifier in operation 622. You can obtain a list of devices that can be authenticated by sending it to the authentication server and requesting it.

According to various embodiments, in operation 623, the first electronic device 601 may transmit a message requesting authentication through the selected authenticable second electronic device 602 to the authentication server 603.

According to one embodiment, the first electronic device 601 sends an authentication request message including user account information and information about the selected second electronic device 602, for example, a device identifier of the second electronic device 602. It can be transmitted to the authentication server 603.

According to one embodiment, the authentication server 603, which has received an authentication request through the selected second electronic device 602 from the first electronic device 601, authenticates the selected second electronic device 602 in operation 625. It is confirmed whether the device is capable, and in operation 627, a user authentication request may be transmitted to the confirmed second electronic device 602. In this case, the authentication server may transmit an authentication request to the second electronic device 602 in the form of email, SMS, or push message. Accordingly, if user authentication is accepted by the second electronic device 602 in operation 629, a response message notifying completion of authentication may be transmitted to the authentication server 603 in operation 631. At this time, the authentication result can be encrypted, and the private key corresponding to the public key registered in the registration step 515 as an authentication capable device can be used. The authentication server 603 may transmit a message notifying that user authentication has been successfully completed in operation 633 so that the authentication activity is recorded in the management server 605.

According to one embodiment, the first electronic device 601 may check whether authentication has been successfully completed through the authentication server 603 in operation 635. If it is confirmed that authentication is complete, the first electronic device 601 may request sign in through the authentication server 603 or to the homepage login server 604. The login server 604 transmits the login record for the first electronic device 601 for which login has been completed to the management server 605 to record it. Accordingly, the first electronic device 601 is configured to perform user authentication in operation 641. It can be registered as a device.

FIG. 7 is a diagram illustrating an example of an authentication screen according to an authentication operation of an electronic device and another electronic device according to various embodiments.

Referring to FIG. 7, an electronic device (e.g., the electronic device 210 of FIG. 2 or 3) uses another electronic device that can be authenticated (e.g., the external electronic device 220 of FIG. 2 or 3) for authentication. User authentication can be performed.

According to one embodiment, when an authentication app is executed to log in to a user account on an electronic device, a screen 701 may be provided.

According to one embodiment, in an electronic device, when a user account identifier for user account login is input, an authentication code 741 is provided as shown in screen 701, and a mobile phone (mobile phone) is provided according to a search for another electronic device capable of authentication. 711) and the display device 721 can be searched.

The screen 701 of the electronic device displays a visual object containing an image and/or text representing the mobile phone 711 and the display device 721, which are other searchable electronic devices in the vicinity, and authentication that can be performed on each device. The method may be displayed as visual objects 713, 715, 717, 723, 725. At this time, the security level of each device capable of authentication can be displayed together with color, letters, or numbers.

According to one embodiment, it indicates that the authentication methods of the pin number method 713, fingerprint recognition method 715, and face authentication method 717 can be performed through the mobile phone 711, and the display device 721 This may indicate that the authentication methods of the pin number method (723) and the QR code method (725) can be performed.

Meanwhile, the screen 701 of the electronic device to be authenticated may additionally provide a visual object 731 for transmitting an authentication request to all devices without selecting one of the surrounding authentication-enabled electronic devices.

According to one embodiment, when the user selects the mobile phone 711 through the screen 701 of the electronic device to be authenticated, the electronic device selects the mobile phone (e.g., the authentication server 230 in FIG. 2 or 3) as the authentication server. You can request authentication through 711). Accordingly, the authentication server can check whether the mobile phone 711 is an authenticable device and transmit an authentication request to the mobile phone 711, for example, through a push message.

According to one embodiment, another electronic device (e.g., mobile phone 711) that has received the authentication request may provide a screen 702 for user account authentication accordingly.

The screen 702 of another electronic device may display a visual object 753 for selecting an authentication code. Depending on the security level, the screen 702 may require additional authentication, such as fingerprint authentication 757, when accessing information that requires a high level of security.

When authentication is completed through the screen 702 of another electronic device, the authentication server may complete authentication of the electronic device accordingly and allow the electronic device to log in through the login server.

FIG. 8 is an example of a signal flow diagram illustrating an operation in which an electronic device searches for another electronic device that can be authenticated, according to various embodiments.

According to one embodiment, the first electronic device 801 (e.g., the electronic device 210 of FIG. 2 or 3), in operation 811, contacts the second electronic device 802 (e.g., the electronic device 210 of FIG. 2 or FIG. 3 : A search message can be transmitted to other nearby electronic devices existing in the same local network, including the external electronic device 220 of FIG. 2 or 3, for example, in a multicast manner using the DLNA function. .

According to one embodiment, the second electronic device 802 that has received the search message may transmit a response message to the search message to the first electronic device 801 in operation 813. For example, other electronic devices capable of transmitting a response message may include devices capable of receiving and responding to a search message according to the DLNA standard.

According to one embodiment, the first electronic device 801, which has received a response message from the second electronic device 802, receives a location or IP address, device image, and device type from the second electronic device 802 in operation 815. Device information containing the same information can be obtained.

According to one embodiment, the first electronic device 801 may obtain service information from the second electronic device 802 in operation 817. The service information may include information about the authentication service provided by the second electronic device 802, such as an authentication service identifier and a description of authentication service standards. Accordingly, the first electronic device 801 can confirm whether the second electronic device 802 is an authenticable device and obtain a device identifier (device ID) and a user identifier of the device.

According to one embodiment, the first electronic device 801 requests a device identifier from the second electronic device 802 based on device information and service information in operation 819 and obtains a user identifier of the device in operation 821. You can. In this request, the user identifier may be hashed or encrypted and transmitted from the first electronic device 801 to the second electronic device 802 in order to check whether the device is capable of authenticating the required user. . At this time, if the second electronic device 802 is a device that does not support this, an error may be returned. If normal support is possible, the device identifier and device user identifier may be received in a hashed or encrypted state. .

According to one embodiment, the processor of the electronic device provides model information of the device, location or IP address, security level, supported user authentication methods, and/or product images (e.g., product images) based on the obtained device identifier. You can obtain authentication-related information, including the homepage address.

According to various embodiments, a method of an electronic device (e.g., the electronic device 101 of FIG. 1 or the electronic device 210 of FIG. 2 or FIG. 3) includes at least one user authentication capable of authenticating a user of the electronic device. An operation of checking a peripheral electronic device (e.g., the external electronic device 220 of FIG. 2 or 3), an operation of providing a list of the at least one peripheral electronic device capable of user authentication, and the operation of providing a list of the at least one peripheral electronic device capable of user authentication The operation may include transmitting a user authentication request through an electronic device selected from the list of devices to an authentication server.

According to various embodiments, the list of the at least one nearby electronic device may be created based on authentication-related information of the at least one nearby electronic device.

According to various embodiments, the authentication-related information may include at least one of device identification information, location information, security level, or authentication method of the at least one nearby electronic device.

According to various embodiments, the operation of checking the at least one nearby electronic device capable of user authentication includes searching for the at least one nearby electronic device through a short-range communication network and selecting the at least one nearby electronic device from the searched at least one nearby electronic device. It may include an operation to obtain authentication-related information.

According to various embodiments, at least one of a list of the at least one peripheral electronic device capable of user authentication or the authentication-related information may be obtained from an authentication server.

According to various embodiments, the operation of searching for the at least one nearby electronic device includes transmitting a multicast message to search for the at least one nearby electronic device, and transmitting a multicast message from the at least one nearby electronic device that responds to the multicast message. Authentication-related information may be acquired, and the user authentication request operation may request user authentication through the selected electronic device through the authentication server.

According to various embodiments, the method further includes generating a priority based on the authentication-related information of the at least one peripheral electronic device, and the operation of providing a list includes selecting the at least one peripheral electronic device according to the priority. A list can be provided.

According to various embodiments, the list providing operation may provide the list with different colors according to the priority.

According to various embodiments, the priority may be created based on the security level among the authentication-related information.

According to various embodiments, the method may further include checking whether authentication through the selected electronic device is successful through the authentication server, and performing user sign-in according to the authentication success.

The embodiments disclosed in this document are merely presented as examples to easily explain the technical content and aid understanding, and are not intended to limit the scope of the technology disclosed in this document. Therefore, the scope of the technology disclosed in this document should be interpreted as including all changes or modified forms derived based on the technical idea of the various embodiments disclosed in this document in addition to the embodiments disclosed herein.

Claims (20)

In electronic devices,
communication circuit;
user interface module; and
A processor operatively connected to the communication circuit and the user interface module,
The processor:
Confirm at least one peripheral electronic device capable of user authentication in response to a user authentication request,
Providing a list of the at least one peripheral electronic device capable of user authentication through the user interface module,
Set to transmit a user authentication request through an electronic device selected from the list of at least one peripheral electronic device capable of user authentication to an authentication server,
Electronic devices.
According to paragraph 1,
The list of at least one nearby electronic device is generated based on authentication-related information of the at least one nearby electronic device.
According to paragraph 2,
The authentication-related information includes at least one of device identification information, location information, security level, or authentication method of the at least one peripheral electronic device.
According to paragraph 2,
The processor is configured to search for the at least one nearby electronic device through a short-range communication network and obtain the authentication-related information from the searched at least one nearby electronic device.
According to paragraph 4,
The processor is configured to obtain from an authentication server at least one of a list of the at least one peripheral electronic device capable of user authentication or the authentication-related information.
According to clause 5,
The processor transmits a multicast message to search for the at least one nearby electronic device, obtains the authentication-related information from the at least one nearby electronic device that responds to the multicast message, and performs authentication through the selected electronic device. An electronic device configured to request user authentication through the authentication server.
According to paragraph 2,
The processor,
An electronic device that generates a priority based on the authentication-related information of the at least one nearby electronic device and provides a list of the at least one nearby electronic device according to the priority.
In clause 7,
The processor is an electronic device that provides the list with different colors according to the priority.
In clause 7,
The priority is generated based on a security level among the authentication-related information.
According to paragraph 1,
The processor is configured to check whether authentication through the selected electronic device is successful through the authentication server and perform user sign-in according to the successful authentication.
In the method of the electronic device,
An operation of identifying at least one nearby electronic device capable of user authentication for user authentication of the electronic device;
providing a list of the at least one nearby electronic device capable of user authentication; and
A method comprising transmitting a user authentication request through an electronic device selected from the list of at least one peripheral electronic device capable of user authentication to an authentication server.
According to clause 11,
A method in which the list of the at least one nearby electronic device is generated based on authentication-related information of the at least one nearby electronic device.
According to clause 12,
The authentication-related information includes at least one of device identification information, location information, security level, or authentication method of the at least one peripheral electronic device.
According to clause 12,
The operation of checking the at least one peripheral electronic device capable of user authentication includes:
searching for the at least one nearby electronic device through a short-range communication network; and
A method comprising obtaining the authentication-related information from the searched at least one nearby electronic device.
According to clause 14,
A method of obtaining at least one of a list of the at least one peripheral electronic device capable of user authentication or the authentication-related information from an authentication server.
According to clause 15,
The at least one nearby electronic device search operation includes transmitting a multicast message to search for the at least one nearby electronic device, and obtaining authentication-related information from the at least one nearby electronic device that responds to the multicast message. ,
The user authentication request operation is a method of requesting user authentication through the selected electronic device through the authentication server.
According to clause 12,
Further comprising generating a priority based on the authentication-related information of the at least one peripheral electronic device,
The list providing operation is a method of providing a list of the at least one nearby electronic device according to the priority.
According to clause 17,
The list providing operation is a method of providing the list with different colors according to the priority.
According to clause 17,
A method in which the priority is generated based on a security level among the authentication-related information.
According to clause 11,
Confirming whether authentication through the selected electronic device is successful through the authentication server; and
The method further includes performing a user login (sign in) according to the authentication success.

Images