JP2014038608A - Application log-in system due to authentication sharing, method and computer readable recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an application log-in system due to authentication sharing which can perform log-in to another application by using an application in a log-in state.SOLUTION: One embodiment of this invention includes: a user terminal in which a first application and a second application are installed, and log-in processing is performed to the first application; and a service server which receives a token of the first application, a signature of the first application, a consumer key of the second application and a signature of the second application from the user terminal, and performs log-in processing to the second application with user information identified from the received token of the first application.

Description

  The present invention relates to a system for providing login to an application. More particularly, the present invention relates to an application login system, a method, and a computer-readable recording medium based on authentication sharing that can log in to another application using an application in a logged-in state.

  Currently, the widespread use of the Internet has brought about rapid growth of wireless mobile communication technology in addition to wired communication technology. In real life, mobile terminals such as mobile phones, PDAs, and hand-held computers are used. Information retrieval on the Internet is possible regardless of time and place.

  On the other hand, as the performance of recently released smartphones has improved, many users are switching from ordinary mobile phones to smartphones. A smart phone is an intelligent mobile phone that has a computer support function added to a mobile phone. Although the mobile phone functions are enhanced, a personal digital assistant (PDA) function, an Internet function, a video playback function, etc. Is added, and various input methods and touch screens are provided to provide a more convenient interface when used. Further, by supporting the wireless Internet function, it is possible to provide functions as a terminal such as e-mail, web browsing, fax, banking, and game by accessing the Internet and a computer. On the other hand, a smartphone may include a standardized operating system (OS) or a dedicated operating system in order to accommodate various functions.

  As described above, as various functions can be implemented through various mobile terminals such as smartphones, various dedicated application programs and contents that are driven in the mobile terminal have been developed.

  Such a dedicated application that is installed and driven on a smartphone is usually also referred to as an “app (App.)”, Downloaded for a fee or free through various application markets, etc., and installed and used on a smartphone. . Thereby, the user can access a specific application market with a smartphone, search for a desired application, select the application, download it, and install it.

  The types and number of applications installed on smartphones are increasing, and in the case of applications that require login, it is considerably inconvenient to log in by entering an ID and password for each application. Further, when the ID and password are different for each application, it is not easy to remember a large number of IDs and passwords, and there is a disadvantage that the ID or password must be reset if entered incorrectly.

  On the other hand, as a technology for providing login for such an application, “Method and apparatus for providing reliable single sign-on access to applications and Internet infrastructure services (Interdigital)” disclosed in Korean Patent Publication No. 10-2009-0042864. (Technology Corporation) ”(Patent Document 1) describes that a secure proxy that is always present in a user's device is simply signed on once, and then is safely and securely transferred from one site belonging to a previously identified site group to another site. A method for providing single sign-on access that enables transparent hopping is disclosed.

Korean Published Patent No. 10-2009-0042864

  However, for applications that do not have their own login function, there is no effective method for authentication, and in the case of multiple applications provided by the same service provider, it is quite inconvenient to log in to each application individually. There is a problem that.

  An object of the present invention is to provide an application login system, a method, and a computer-readable recording medium based on authentication sharing for logging in to another application via a logged-in application.

  One of the objects of the present invention is to transmit a consumer key from a second application to be logged in to a first application logged in, and receive an authentication token from the first application. It is an object to provide an application login system, method, and computer-readable recording medium based on authentication sharing, which can log in to two applications.

  According to another aspect of the present invention, a consumer key is transmitted from a second application to be logged in to a first application logged in, and a ticket generated by a service server is received from the first application. It is an object to provide an application login system, method, and computer-readable recording medium based on authentication sharing, which can log in to two applications.

  Another object of the present invention is to transmit a consumer key from a second application to be logged in to the first application logged in and to obtain a ticket for accessing the service server generated from the first application. It is an object to provide an application login system, method, and computer-readable recording medium based on authentication sharing, which can log in to a second application upon receiving the provision.

  Another object of the present invention is to transmit a consumer key and a ticket to a service server via a first application logged in from a second application to be logged in, and verify the ticket via the service server. Accordingly, it is an object to provide an application login system, method, and computer-readable recording medium based on authentication sharing that can log in to a second application.

  Another object of the present invention is to issue a ticket from a service server by a second application to be logged in, and to authenticate the issued ticket from the service server through the first application that has logged in. It is an object to provide an application log-in system, method, and computer-readable recording medium based on authentication sharing, which can log in to a second application by receiving.

  Examples of characteristic configurations of the present invention that fulfill the above-described object of the present invention and achieve the specific effects of the present invention described later are as follows.

  According to an aspect of the present invention, an application login system using authentication sharing includes a user terminal in which a first application and a second application are installed, and a login process is performed on the first application. Receiving an application token, a signature of the first application, a consumer key of the second application, and a signature of the second application, and logging in to the second application with user information identified from the received token of the first application And a service server that performs processing.

  According to another aspect of the present invention, a service server for providing an application login service based on authentication sharing requests a login request for a second application from a user terminal in which the first application logged in the service server is installed. A request receiving unit that receives the request, a validity determination unit that determines the validity of the token of the first application, the signature of the first application, and the consumer key of the second application received from the user terminal in response to the request; As a result of the determination by the validity determination unit, the user identification unit that identifies the logged-in user information from the received token of the first application and the user identification unit when it is determined to be valid User information in the second It includes a login processing unit to log processing the application, the.

  Preferably, the service server includes a token generation unit that generates a token and a token secret of the second application according to a login process for the second application of the login processing unit, a token of the generated second application, and And a token transmission unit for transmitting a token secret to the user terminal.

  Preferably, the user terminal receives the token and token secret of the second application from the service server in the first application, and provides the received token and token secret of the second application to the second application. .

  Preferably, the first application receives a consumer key of the second application and a signature of the second application from the second application, and receives the signature of the received second application from the first application to the service server. Further, the validity determination unit of the service server further determines the validity of the received signature of the second application.

  Preferably, the service server generates a ticket after the user information identification of the user identification unit and stores the ticket in a database, and the ticket generated by the ticket issuing unit is the first application of the user terminal. A ticket receiving unit that receives the transmitted ticket via the second application of the user terminal, a ticket received via the ticket receiving unit, and a ticket stored in the database. An inquiry unit; and a ticket determination unit that determines whether the received ticket is a valid ticket as a result of an inquiry from the ticket inquiry unit, wherein the login processing unit is a result of the determination by the ticket determination unit. If the ticket is valid, the second application It performs a login process for the application.

  Preferably, the first application of the user terminal provides the ticket received from the service server to the second application.

  Preferably, the service server includes a ticket storage unit that stores a ticket generated by the first application received from the user terminal after the user information identification of the user identification unit in a database, and the ticket storage unit A request result transmission unit for notifying the first application of the user terminal that the storage of the ticket has been completed without abnormality, and a ticket for receiving the ticket generated by the first application via the second application of the user terminal A reception unit, a ticket inquiry unit that inquires about a ticket received through the ticket reception unit and a ticket stored in the database, and whether the received ticket is a valid ticket as a result of an inquiry from the ticket inquiry unit Ticket judgment to judge When, further comprising a, the login processing unit, said ticket determination of the determination result, when it is determined that a valid ticket and performs the login process for the second application.

  Preferably, the first application of the user terminal receives the notification that the storage of the ticket has been completed without any abnormality from the service server, and provides the generated ticket to the second application.

  Preferably, the service server includes a ticket storage unit that stores a ticket generated by the second application received from the user terminal after the user information identification of the user identification unit in a database, and the ticket storage unit A request result transmission unit that notifies the first application of the user terminal that the storage of the ticket has been completed without abnormality, and a ticket reception unit that receives a ticket generated by the second application from the second application of the user terminal A ticket inquiry unit that inquires about the ticket received through the ticket reception unit and the ticket stored in the database; and as a result of the inquiry of the ticket inquiry unit, it is determined whether the received ticket is a valid ticket. With ticket judgment department Further comprising a, the login processing unit, said ticket determination of the determination result, when it is determined that a valid ticket and performs the login process for the second application.

  Preferably, the first application of the user terminal receives the notification that the storage of the ticket has been completed without any abnormality from the service server, and provides the notification result to the second application.

  Preferably, the second application of the user terminal generates a ticket and provides the generated ticket to the first application.

  According to still another aspect of the present invention, a service server for providing an application login service based on authentication sharing requests a login to the second application from a user terminal installed with the first application logged in to the service server. A request receiving unit that receives the request, a first validity determining unit that determines validity of the consumer key of the second application and the signature of the second application received from the user terminal in response to the request, and the first validity As a result of determination by the sex determination unit, a ticket generation unit that generates a ticket when it is determined to be valid information, a ticket storage unit that stores a ticket generated by the ticket generation unit in a database, and the ticket Before the ticket generated by the generator A ticket transmission unit that transmits to the second application of the user terminal, and a token reception that receives the token of the first application from the first application of the user terminal, the signature of the first application, and the ticket received from the second application. A second validity determining unit that determines the validity of the token of the first application and the signature of the first application by reception of the token receiving unit, and a result of the determination of the second validity determining unit, A user identification unit for identifying user information logged in from the received token of the first application, and the received ticket and user information confirmed by the user identification unit when it is determined that the information is valid. Users who map and store in the database An information storage unit, a result transmission unit that notifies the first application of the user terminal that the storage of the ticket has been completed without abnormality, a ticket reception unit that receives the ticket from the second application of the user terminal, A ticket inquiry unit that inquires about a ticket received via the ticket reception unit and a ticket stored in the database; and a ticket that determines whether the received ticket is a valid ticket as a result of an inquiry from the ticket inquiry unit A determination unit; and a login processing unit that performs a login process on the second application when it is determined that the ticket is valid as a result of the determination by the ticket determination unit.

  According to still another aspect of the present invention, there is provided an application login method using authentication sharing performed by a service server, wherein a request receiving unit receives a first login from a user terminal installed with a first application logged into the service server. (2) Upon receiving a login request for the application, the validity determination unit validates the token of the first application, the signature of the first application, and the consumer key of the second application received from the user terminal in response to the request. And the user identification unit identifies the logged-in user information from the received token of the first application when it is determined that the validity determination unit determines that the information is valid. In the processing unit, the user identification unit Ri includes, for login process the second application in the user information identified.

  On the other hand, information for receiving provision of the application login method by the authentication sharing can be stored in a recording medium readable by a server computer. Such recording media include all types of recording media in which programs and data are stored for execution by a computer system. Examples include ROM (Read Only Memory), RAM (Random Access Memory), CD (Compact Disk), DVD (Digital Video Disk) -ROM, magnetic tape, floppy (registered trademark) disk, optical data storage device, and the like. Can be mentioned. In addition, such a recording medium can be distributed in computer systems connected via a network, and can be executed by storing computer-readable codes in a distributed manner. In addition, the program may include a program embodied in a carrier wave (for example, transmission via the Internet).

  As described above, according to the present invention, there is an advantage that it is possible to easily log in to an application that is not logged in via an application that is logged in.

  In addition, there is an advantage that an application that does not have a login function can be logged in by effectively performing authentication through the logged-in application.

  Furthermore, in the case of a plurality of applications provided by the same service provider, there is an advantage that it is possible to easily log in through the logged-in application without logging in to each application individually.

It is a figure which shows the application login system by the authentication sharing which concerns on embodiment of this invention. It is a figure which shows the detailed structure of the service server which provides the application login by the authentication sharing which concerns on 1st Embodiment of this invention. It is a flowchart which shows the procedure of the application login process in the service server which concerns on 1st Embodiment of this invention. It is a figure which shows the detailed structure of the service server which provides the application login by the authentication sharing which concerns on 2nd Embodiment of this invention. It is a flowchart which shows the procedure of the application login process in the service server which concerns on 2nd Embodiment of this invention. It is a figure which shows the detailed structure of the service server which provides the application login by the authentication sharing which concerns on 3rd Embodiment and 4th Embodiment of this invention. It is a flowchart which shows the procedure of the application login process in the service server which concerns on 3rd Embodiment of this invention. It is a flowchart which shows the procedure of the application login process in the service server which concerns on 4th Embodiment of this invention. It is a figure which shows the detailed structure of the service server which provides the application login by the authentication sharing which concerns on 5th Embodiment of this invention. It is a flowchart which shows the procedure of the application login process in the service server which concerns on 5th Embodiment of this invention. FIG. 5 is a diagram illustrating an actual implementation example of providing login through a logged-in application according to an exemplary embodiment of the present invention. FIG. 5 is a diagram illustrating an actual implementation example of providing login through a logged-in application according to an exemplary embodiment of the present invention. FIG. 5 is a diagram illustrating an actual implementation example of providing login through a logged-in application according to an exemplary embodiment of the present invention. FIG. 5 is a diagram illustrating an actual implementation example of providing login through a logged-in application according to an exemplary embodiment of the present invention. FIG. 5 is a diagram illustrating an actual implementation example of providing login through a logged-in application according to an exemplary embodiment of the present invention. FIG. 5 is a diagram illustrating an actual implementation example of providing login through a logged-in application according to an exemplary embodiment of the present invention.

  The following detailed description of the invention refers to the accompanying drawings that illustrate, by way of illustration, specific embodiments that implement the invention. These embodiments are described in detail to enable those skilled in the art to fully practice the invention. It should be understood that the various embodiments of the present invention are different from each other but need not be mutually exclusive. For example, the specific shapes, structures, and features described herein may be embodied in other embodiments without departing from the spirit and scope of the invention in connection with one embodiment. It should also be understood that the location or arrangement of individual components within each disclosed embodiment can be changed without departing from the spirit and scope of the invention. The following detailed description is, therefore, not to be construed in a limiting sense, and the scope of the present invention is, together with the full scope of equivalents of the appended claims, if properly explained, together with the appended claims. Limited only by the appended claims. In the drawings, like reference numbers indicate identical or similar functions across various aspects.

  The present invention discloses an application login system based on authentication sharing for logging in to another application (for example, an application that does not have a login function in itself or an application linked with a specific application) via the logged-in application. To do.

  On the other hand, in the present invention, a consumer key is transmitted from the second application to be logged in via the logged-in first application or directly to the service server, and according to various embodiments, via the first application. Alternatively, the user can log in to the second application by receiving the provision of an authentication token directly from the service server.

  In some embodiments of the present invention, another ticket is issued for authentication sharing of the first application and the second application, and a login to the second application is performed by inquiring about the issued ticket at a service server. Process.

  On the other hand, in the present invention to be described later, a consumer key is a secret key shared by a consumer and a provider, and a second application to log in transmits to the service server via the first application or directly. The secret key to share. The consumer key in the following description is a term used for facilitating understanding of the invention, and the present invention is not limited to this.

  In addition, the signature provided from each application (ie, the first application or the second application) prevents a malicious attacker from transforming and transmitting a part of the content of the request (request). For example, a hash function or the like can be used.

  In the present invention to be described later, “token” means data provided from a server to a terminal for authentication of a logged-in application, and can be configured to include user authentication data. Therefore, an authentication token is given to an application that has successfully logged in, and the application can hold the login state with the given authentication token. The second application to log in is issued the token from the service server, so that the service server can access a protected resource related to a specific user.

  The “token secret” is a value used by the second application to log in to confirm the ownership of the token provided by the service server (or the validity of possessing the token). Meaning, it can be composed of numbers or character strings of a predetermined length.

  The “ticket” means an identifier that is temporarily generated and used by the service server to identify the second application via the first application. The ticket is a number or character string having a predetermined length. Can be configured. According to each embodiment of the present invention, the ticket may be generated by a first application, a second application, or a service server. At this time, the authentication and login procedures change as the ticket generation subject changes.

  On the other hand, in the embodiments described later, information on specific terms (for example, consumer key, signature, ticket, token, token secret, etc.) is used to facilitate understanding of the present invention as described above. The invention is not limited to these terms, and the present invention may be implemented using other information capable of performing the functions of the present invention.

  In the embodiments described later, the “user terminal” on which various applications are installed is a concept including not only a normal desktop personal computer but also a smartphone, and includes a mobile communication terminal, a desktop personal computer, a notebook personal computer, a workstation, a palmtop ( Any digital device having a memory means such as a personal computer, a personal digital assistant (PDA), a web pad, etc., equipped with a microprocessor, and having computing power is related to the present invention. It can be adopted as a terminal.

  Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily implement the present invention.

  First, an application login system configuration by authentication sharing according to the present invention will be described with reference to FIG. 1, and then a detailed configuration and procedure of a service server according to each embodiment of the present invention with reference to FIGS. An embodiment of the service will be described in detail.

(Application login system with shared authentication)
FIG. 1 is a diagram illustrating an application login system using authentication sharing according to an embodiment of the present invention. Referring to FIG. 1, the system according to the present invention may include a user terminal 100 (for example, a smartphone), a communication network 110, a service server 120, and the like. However, the present invention is not limited to the configuration of the present embodiment, and a configuration that exhibits the same or similar effect as this configuration can be included in the present invention.

  The first application 101 installed in the user terminal 100 is an application in which the user has already logged in. In the present invention, the first application 101 that has logged in with the second application 102 that does not have a login function or has not logged in yet. Log in to the service server 120 using one application 101.

  On the other hand, FIG. 1 shows that the first application 101 and the second application 102 are installed in the same user terminal 100, but each application is installed in a different terminal and communicates with each other. The present invention can also be embodied.

  That is, when attempting to log in to the service server 120 using the second application, it is usually necessary to log in by entering another ID and password. In the present invention, however, the service server is connected via the first application 101 that has already been logged in. It is possible to log in to 120.

  The communication network 110 can be configured regardless of its communication mode, such as wired and wireless, and includes a personal area network (PAN), a local area network (LAN), a metropolitan area network (MAN). A network area network (WAN) and a wide area network (WAN). In addition, the communication network 110 may be a known World Wide Web (WWW), and can be used for short distance communication such as Infrared Data Association (IrDA) or Bluetooth (Bluetooth (registered trademark)). The wireless transmission technology used may be used.

  Hereinafter, a detailed configuration of a service server that provides application login by authentication sharing and a procedure of login processing performed in the service server according to each embodiment of the present invention will be described with reference to FIG. 2 to FIG. An embodiment in which the present invention is applied to an actual service will be described with reference to FIG.

First embodiment (basic embodiment)
FIG. 2 is a diagram showing a detailed configuration of a service server that provides application login by authentication sharing according to the first embodiment of the present invention. Referring to FIG. 2, the service server 120 providing application login according to the first embodiment of the present invention includes a request receiving unit 210, a validity determining unit 220, a user identifying unit 230, a login processing unit 240, a token The generation unit 250 and the token transmission unit 260 may be included. However, the present invention is not limited to the configuration of the present embodiment, and a configuration that exhibits the same or similar effect as this configuration can be included in the present invention.

  Meanwhile, the user terminal 100 can include a first application execution unit that executes the first application 101 and a second application execution unit that executes the second application 102. In the following description, for convenience of explanation, the first application execution unit and the second application execution unit are referred to as a first application 101 and a second application 102, respectively.

  The first application 101 installed in the user terminal 100 is an application in which the user has already logged in, and the second application 102 is an application in which the user intends to log in. Therefore, the user can log in to the service server 120 via the first application 101 for the second application 102 according to the first embodiment of the present invention described later.

  First, a login request is made by transmitting a consumer key and signature from the second application 102 to the first application 101. The first application 101 requests login of the second application 102 by transmitting the consumer key and signature of the second application 102 provided from the second application 102 to the service server 120 including its own token and signature. To do.

  The request receiving unit 210 of the service server 120 receives the token and signature of the first application 101 and the consumer key and signature of the second application 102 from the first application 101 of the user terminal 100, thereby receiving the second application 102. Receive a login request for.

  The validity determination unit 220 determines the validity of various information received via the request reception unit 210. For example, it is determined whether the token and signature of the first application 101 are valid, and it is determined whether the consumer key and signature of the second application 102 are valid.

  As a result of the determination by the validity determination unit 220, when it is determined that all the information is valid information, the user identification unit 230 stores the logged-in user stored in the user information database 270 with the token of the first application 101. Check the information. Next, a login process for the second application 102 is performed with the confirmed user information corresponding to the consumer key of the second application 102.

  The token generation unit 250 generates a token and token secret for the second application 102 that has undergone the login process, and transmits the generated token and token secret to the user terminal 100 via the token transmission unit 260.

  The first application 101 of the user terminal 100 receives the token and token secret for the second application 102 from the service server 120, and transmits the received token and token secret to the second application 102, thereby receiving the second application 102. The login procedure for the application 102 is completed. Accordingly, the second application 102 can access the service server 120 while the user is logged in using the token and token secret generated by the service server 120. In the above description, the main subject of login is the user. However, a non-human person such as an application (for example, an application) can log in for authentication or the like. The same applies to the following.

  FIG. 3 is a flowchart showing a procedure of application login processing in the service server according to the first embodiment of the present invention. On the other hand, in the following description, for convenience of explanation, the logged-in first application 101 is referred to as “A”, and the second application 102 attempting to log in via the first application 101 is referred to as “B”.

  Referring to FIG. 3, first, the second application 102 (ie, “B”) transmits its consumer key and signature to the first application 101 (ie, “A”) through the first application 101. Request login.

  The first application 101 receives the B consumer key and B signature from the second application 102, and with the received B consumer key and B signature, own token (ie, A token) and signature ( That is, by transmitting the signature of A) to the service server 120, a login to the second application 102 is requested.

  The service server 120 receives the A token, the A signature, the B consumer key, and the B signature from the first application 101, and confirms the validity of the received information. That is, the validity of A's token is determined (S301). If there is no abnormality (if valid), the validity of A's signature is determined (S302). If there is no abnormality, the B consumer key is valid. If there is no abnormality, the validity of the signature of B is determined (S304). Note that the order of the validity determinations may be changed or may be performed simultaneously.

  If there is no abnormality as a result of the validity determination, the information (for example, login ID and password) of the user who is currently logged into the first application 101 with the token A is confirmed. Next, the second application 102 is logged in with the confirmed user information (S305).

  On the other hand, the service server 120 generates a token and token secret of the second application 102 (that is, B) according to the login process (S306), and transmits the token and token secret to the first application 101.

  The first application 101 receives the B token and B token secret from the service server 120 and provides them to the second application 102. The second application 102 receives the token for itself (ie, the B token) and the token secret (B token secret) from the first application 101, and completes the login procedure for the second application 102. As a result, the second application 102 and the service server 120 access in a logged-in state using the generated B token and B token secret.

  Accordingly, the user can log in to the service server 120 using the first application 101 that has already logged in without performing another login and password input procedure in the second application 102.

  The basic login method according to the first embodiment has been described above. Hereinafter, a login method according to the second embodiment and the fifth embodiment will be described. On the other hand, in the second to fifth embodiments, which will be described later, a method of processing a login using a ticket generated by each subject that is different for each embodiment will be described.

Second embodiment (use of server generated ticket by A request)
FIG. 4 is a diagram showing a detailed configuration of a service server that provides application login by authentication sharing according to the second embodiment of the present invention. Referring to FIG. 4, the service server 120 providing an application login according to the second embodiment of the present invention includes a request receiving unit 401, a validity determining unit 402, a user identifying unit 403, a ticket issuing unit 404, a ticket The receiving unit 405, the ticket inquiry unit 406, the ticket determination unit 407, the login processing unit 408, the token generation unit 409, the token transmission unit 410, and the like can be configured. However, the present invention is not limited to the configuration of the present embodiment, and a configuration that exhibits the same or similar effect as this configuration can be included in the present invention.

  The first application 101 installed in the user terminal 100 is an already logged-in application, and the second application 102 is an application to be logged in. Accordingly, the second application 102 can log in to the service server 120 via the first application 101 according to a second embodiment of the present invention described later.

  First, a login request is made by transmitting a consumer key from the second application 102 to the first application 101. The first application 101 requests the login to the second application 102 by transmitting the consumer key of the second application 102 provided from the second application 102 to the service server 120 with its own token and signature included therein. .

  The request receiving unit 401 of the service server 120 receives the token and signature of the first application 101 and the consumer key of the second application 102 from the first application 101 of the user terminal 100, thereby requesting login to the second application 102. Receive.

  The validity determination unit 402 determines the validity of various information received through the request reception unit 401. For example, it is determined whether the token and signature of the first application 101 are valid, and it is determined whether the consumer key of the second application 102 is valid.

  As a result of the determination by the validity determination unit 402, when it is determined that the information is valid in all determinations, the user identification unit 403 stores the login stored in the user information database 411 using the token of the first application 101. Check the user information. Next, unlike the first embodiment described above, a ticket for confirmation of the second application 102 is issued.

  That is, the ticket issuing unit 404 issues a new ticket, maps this to the user information confirmed by the user identification unit 403, and stores it in the ticket information database 412. At this time, the issued ticket is transmitted to the first application 101 of the user terminal 100.

  Next, the first application 101 of the user terminal 100 provides the ticket received from the service server 120 to the second application 102. The second application 102 requests authentication by transmitting the ticket received via the first application 101 to the service server 120.

  The ticket receiving unit 405 of the service server 120 receives a ticket from the second application 102, and the ticket inquiry unit 406 compares the ticket received from the second application 102 with the ticket stored in the ticket information database 412. User information mapped to the ticket.

  If the ticket determination unit 407 checks the validity of the ticket and there is no abnormality, the ticket determination unit 407 performs a login process for the second application 102 using the acquired user information via the login processing unit 408.

  The token generation unit 409 generates a token and token secret for the second application 102 that has undergone the login process, and transmits the generated token and token secret to the user terminal 100 via the token transmission unit 410.

  The second application 102 of the user terminal 100 completes the login procedure for the second application 102 by directly receiving the token and token secret for the second application 102 from the service server 120. Accordingly, the second application 102 can access the service server 120 while logged in using the token and token secret generated by the service server 120.

  FIG. 5 is a flowchart showing a procedure of application login processing in the service server according to the second embodiment of the present invention. On the other hand, in the following description, as in the first embodiment, for convenience of explanation, the logged-in first application 101 is referred to as “A”, and the second application 102 attempting to log in via the first application 101 is denoted as “B”. ".

  Referring to FIG. 5, first, the second application 102 (ie, “B”) transmits its consumer key to the first application 101 (ie, “A”), thereby logging in through the first application 101. Request.

  The first application 101 receives B's consumer key from the second application 102 and services its token (ie, A's token) and signature (ie, A's signature) together with the received B's consumer key. The login to the second application 102 is requested by transmitting to the server 120.

  The service server 120 receives A's token, A's signature, and B's consumer key from the first application 101, and confirms the validity of the received information. That is, the validity of A's token is determined (S501). If there is no abnormality, the validity of A's signature is determined (S502). If there is no abnormality, the validity of B's consumer key is determined (S503). To do. On the other hand, the order of the validity determination may be changed or may be performed simultaneously.

  If there is no abnormality as a result of the validity determination, the information (for example, login ID and password) of the user who is currently logged into the first application 101 with the token A is confirmed (S504).

  Next, as described above, a new ticket is issued (S505) according to the second embodiment of the present invention, and this and the confirmed user information are mapped and stored in the database. At this time, the issued ticket is transmitted to the first application 101 of the user terminal 100.

  Next, the first application 101 of the user terminal 100 provides the ticket received from the service server 120 to the second application 102. The second application 102 requests authentication by transmitting the ticket received via the first application 101 to the service server 120.

  The service server 120 receives a ticket from the second application 102, compares the ticket received from the second application 102 with the ticket stored in the database, and obtains user information mapped to the ticket (S506). To do. Meanwhile, when the ticket is transmitted from the second application 102 to the service server 120 according to an embodiment of the present invention, a procedure for authenticating the second application 102 by transmitting both its consumer key and signature. Can also be added.

  Next, after checking the validity of the ticket (S507), the service server 120 performs login processing (S508) on the second application 102 with the acquired user information if there is no abnormality.

  Next, the service server 120 generates a token and token secret for the login-processed second application 102 (S509), and transmits the generated token and token secret to the user terminal 100.

  The second application 102 of the user terminal 100 completes the login procedure for the second application 102 by directly receiving and storing the token and token secret for the second application 102 from the service server 120. As a result, the second application 102 and the service server 120 access in a logged-in state using the generated B token and B token secret.

  Accordingly, the user can log in to the service server 120 using the first application 101 that has already logged in without performing another login and password input procedure in the second application 102.

Third embodiment (use of A generated ticket)
FIG. 6 is a diagram illustrating a detailed configuration of a service server that provides application login through authentication sharing according to the third embodiment of the present invention. Referring to FIG. 6, the service server 120 providing application login according to the third embodiment of the present invention includes a request receiving unit 601, a validity determining unit 602, a user identifying unit 603, a ticket storage unit 604, a request. The result transmission unit 605, the ticket reception unit 606, the ticket inquiry unit 607, the ticket determination unit 608, the login processing unit 609, the token generation unit 610, the token transmission unit 611, and the like can be configured. However, the present invention is not limited to the configuration of the present embodiment, and a configuration that exhibits the same or similar effect as this configuration can be included in the present invention.

  The first application 101 installed in the user terminal 100 is an already logged-in application, and the second application 102 is an application to be logged in. Accordingly, the second application 102 can log in to the service server 120 via the first application 101 according to a third embodiment of the present invention described later.

  First, a login request is made by transmitting a consumer key from the second application 102 to the first application 101. The first application 101 receives a login request from the second application 102 and generates a new ticket.

  Next, in the first application 101, the consumer key of the second application 102 provided from the second application 102 includes its own token and signature, and the ticket generated by itself, and transmits the same to the service server 120. To log in to the second application 102.

  The request reception unit 601 of the service server 120 receives the token and signature of the first application 101, the consumer key of the second application 102, and the ticket generated by the first application 101 from the first application 101 of the user terminal 100. By doing so, a login request for the second application 102 is received.

  The validity determination unit 602 determines the validity of various information received through the request reception unit 601. For example, it is determined whether the token and signature of the first application 101 are valid, and it is determined whether the consumer key of the second application 102 is valid.

  As a result of the determination by the validity determination unit 602, when it is determined that the information is valid in all determinations, the user identification unit 603 stores the login stored in the user information database 621 with the token of the first application 101. Check the user information. Next, unlike the above-described first and second embodiments, the ticket issued and transmitted by the first application 101 is stored in the ticket information database 622. That is, the ticket storage unit 604 maps the received ticket and the user information confirmed by the user identification unit 603 and stores them in the ticket information database 622. As described above, when the ticket is normally stored in the database as a unique value, the request result transmission unit 605 notifies the first application of the user terminal 100 that the ticket storage is completed without any abnormality.

  The first application 101 of the user terminal 100 receives a notification from the service server 120 that the storage of the ticket has been completed without abnormality, and provides the ticket generated by itself to the second application 102. The second application 102 requests authentication by transmitting the ticket received from the first application 101 to the service server 120.

  The ticket receiving unit 606 of the service server 120 receives a ticket from the second application 102, and the ticket inquiry unit 607 receives the ticket received from the second application 102 and the ticket stored in the ticket information database 622 (that is, the first The user information mapped to the ticket is acquired by comparing with the ticket received from one application 101.

  If the ticket determination unit 608 checks the validity of the ticket and determines that there is no abnormality, the ticket determination unit 608 performs login processing on the second application 102 with the acquired user information via the login processing unit 609.

  The token generation unit 610 generates a token and token secret for the second application 102 that has undergone the login process, and transmits the generated token and token secret to the user terminal 100 via the token transmission unit 611.

  The second application 102 of the user terminal 100 completes the login procedure for the second application 102 by directly receiving the token and token secret for the second application 102 from the service server 120. Accordingly, the second application 102 can access the service server 120 while logged in using the token and token secret generated by the service server 120.

  FIG. 7 is a flowchart showing a procedure of application login processing in the service server according to the third embodiment of the present invention. Referring to FIG. 7, first, the second application 102 (ie, “B”) transmits its consumer key to the first application 101 (ie, “A”), thereby logging in through the first application 101. Request.

  The first application 101 receives the B consumer key from the second application 102 and generates a new ticket.

  Next, by transmitting the received consumer key of B, its own token (ie, A's token) and signature (ie, A's signature), and the ticket generated by itself to the service server 120, the second Request login to the application 102.

  The service server 120 receives the token of A, the signature of A, the consumer key of B, and the ticket generated by A from the first application 101, and checks the validity of each received information. That is, the validity of A's token is determined (S701). If there is no abnormality, the validity of A's signature is determined (S702). If there is no abnormality, the validity of B's consumer key is determined (S703). To do. On the other hand, the order of the validity determinations may be changed or may be performed simultaneously.

  If there is no abnormality as a result of the validity determination, information (for example, login ID and password) of the user who is currently logged in with the first application 101 is confirmed by the token A (S704).

  Next, as described above, the ticket generated by A according to the third embodiment of the present invention and the confirmed user information are mapped and stored in the database (S705).

  As described above, when the ticket is normally stored in the database as a unique value, the service server 120 notifies the first application of the user terminal 100 that the ticket storage has been completed without any abnormality (S706). To do.

  The first application 101 of the user terminal 100 receives a notification from the service server 120 that the storage of the ticket has been completed without abnormality, and provides the ticket generated by itself to the second application 102. The second application 102 requests authentication by transmitting the ticket received from the first application 101 to the service server 120.

  The service server 120 receives the ticket from the second application 102, compares the ticket received from the second application 102 with the ticket stored in the database, and obtains user information mapped to the ticket (S707). To do. On the other hand, when transmitting the ticket from the second application 102 to the service server 120 according to an embodiment of the present invention, a procedure for authenticating the second application 102 by transmitting both its consumer key and signature. Can also be added.

  Next, after checking the validity of the ticket (S708), the service server 120 performs login processing (S709) on the second application 102 with the acquired user information if there is no abnormality.

  Next, the service server 120 generates a token and token secret for the login-processed second application 102 (S710), and transmits the generated token and token secret to the user terminal 100.

  The second application 102 of the user terminal 100 completes the login procedure for the second application 102 by directly receiving and storing the token and token secret for the second application 102 from the service server 120. As a result, the second application 102 and the service server 120 access in a logged-in state using the generated B token and B token secret.

  Accordingly, the user can log in to the service server 120 using the first application 101 that has already logged in without performing another login and password input procedure in the second application 102.

Fourth embodiment (use of B generation ticket)
The fourth embodiment of the present invention is similar to the third embodiment of the present invention described above. However, the difference is that the ticket is generated by the second application 102 instead of the first application 101.

  6 again, the second application 102 generates a ticket according to the fourth embodiment of the present invention, and makes a login request by transmitting the consumer key and the generated ticket to the first application 101 together. The first application 101 receives the login request from the second application 102 and includes the token and signature of the consumer key and ticket of the second application 102 provided from the second application 102 in the service server 120. The login is requested to the second application 102 by transmitting.

  The request receiving unit 601 of the service server 120 receives the token and signature of the first application 101, the consumer key of the second application 102, and the ticket generated by the second application 102 from the first application 101 of the user terminal 100. By doing so, a login request for the second application 102 is received.

  The validity determination unit 602 determines the validity of various information received through the request reception unit 601. For example, it is determined whether the token and signature of the first application 101 are valid, and it is determined whether the consumer key of the second application 102 is valid.

  As a result of the determination by the validity determination unit 602, when it is determined that the information is valid in all determinations, the user identification unit 603 stores the login stored in the user information database 621 with the token of the first application 101. Check the user information. Next, unlike the above-described first and second embodiments, the ticket issued by the second application 102 and transmitted via the first application 101 is stored in the ticket information database 622. That is, the ticket storage unit 604 maps the received ticket and the user information confirmed by the user identification unit 603 and stores them in the ticket information database 622. As described above, when the ticket is normally stored in the database as a unique value, the request result transmission unit 605 notifies the first application of the user terminal 100 that the ticket storage is completed without any abnormality.

  The first application 101 of the user terminal 100 receives a notification from the service server 120 that the ticket storage has been completed without abnormality, and provides the notification result to the second application 102 again. The second application 102 receives a notification from the first application 101 that there is no abnormality in storing the ticket, and requests authentication by transmitting the ticket generated by itself to the service server 120.

  The ticket receiving unit 606 of the service server 120 receives a ticket from the second application 102, and the ticket inquiry unit 607 receives the ticket received from the second application 102 and the ticket stored in the ticket information database 622 (that is, the first The user information mapped to the ticket is acquired by comparing with the ticket received via one application 101.

  If the ticket determination unit 608 checks the validity of the ticket and there is no abnormality, the ticket determination unit 608 performs login processing for the second application 102 using the user information acquired via the login processing unit 609.

  The token generation unit 610 generates a token and token secret for the second application 102 that has undergone the login process, and transmits the generated token and token secret to the user terminal 100 via the token transmission unit 611.

  The second application 102 of the user terminal 100 completes the login procedure for the second application 102 by directly receiving the token and token secret for the second application 102 from the service server 120. Accordingly, the second application 102 can access the service server 120 while logged in using the token and token secret generated by the service server 120.

  FIG. 8 is a flowchart showing a procedure of application login processing in the service server according to the fourth embodiment of the present invention. Referring to FIG. 8, first, the second application 102 (ie, “B”) generates a new ticket, and transmits its consumer key to the first application 101 (ie, “A”) together with the generated ticket. By doing so, a login via the first application 101 is requested.

  The first application 101 receives the consumer key of B and the ticket generated by B from the second application 102, and receives its token (that is, the token of A) together with the received consumer key of B and the ticket generated by B. ) And a signature (that is, A's signature) are transmitted to the service server 120 to request login to the second application 102.

  The service server 120 receives the A token, the A signature, the B consumer key, and the ticket generated by B from the first application 101 and confirms the validity of each received information. That is, the validity of A's token is determined (S801). If there is no abnormality, the validity of A's signature is determined (S802). If there is no abnormality, the validity of B's consumer key is determined (S803). To do. On the other hand, the order of the validity determinations may be changed or may be performed simultaneously.

  If there is no abnormality as a result of the validity determination, the information (for example, login ID and password) of the user who is currently logged into the first application 101 with the token A is confirmed (S804).

  Next, as described above, the ticket generated by B according to the third embodiment of the present invention and the user information confirmed by the user are mapped and stored in the database (S805).

  As described above, when the ticket is normally stored in the database as a unique value, the service server 120 notifies the first application of the user terminal 100 that the ticket storage has been completed without any abnormality (S806). To do.

  The first application 101 of the user terminal 100 receives a notification from the service server 120 that the ticket storage has been completed without abnormality, and provides the notification result to the second application 102 again. The second application 102 confirms that the ticket generated by the first application 101 has been successfully stored in the service server 120 and transmits the generated ticket to the service server 120 to request authentication. To do.

  The service server 120 receives a ticket from the second application 102, compares the ticket received from the second application 102 with the ticket stored in the database, and obtains user information mapped to the ticket (S807). To do. Furthermore, at this time, when transmitting the ticket from the second application 102 to the service server 120 according to an embodiment of the present invention, a procedure for authenticating the second application 102 by transmitting both its consumer key and signature. Can also be added.

  Next, after checking the validity of the ticket (S808), the service server 120 performs a login process (S809) for the second application 102 with the acquired user information if there is no abnormality.

  Next, the service server 120 generates a token and token secret for the login-processed second application 102 (S810), and transmits the generated token and token secret to the user terminal 100.

  The second application 102 of the user terminal 100 completes the login procedure for the second application 102 by directly receiving and storing the token and token secret for the second application 102 from the service server 120. As a result, the second application 102 and the service server 120 access in a logged-in state using the generated B token and B token secret.

  Accordingly, the user can log in to the service server 120 using the first application 101 that has already logged in without performing another login and password input procedure in the second application 102.

Fifth embodiment (use of server generated ticket by B request)
FIG. 9 is a diagram showing a detailed configuration of a service server that provides application login by authentication sharing according to the fifth embodiment of the present invention. Referring to FIG. 9, the service server 120 providing an application login according to the fifth exemplary embodiment of the present invention includes a request reception unit 901, a first validity determination unit 902, a ticket generation unit 903, a ticket storage unit 904, , Ticket transmission unit 905, token reception unit 906, second validity determination unit 907, user identification unit 908, user information storage unit 909, result transmission unit 910, ticket reception unit 911, ticket inquiry unit 912, a ticket determination unit 913, a login processing unit 914, a token generation unit 915, a token transmission unit 916, and the like can be configured. However, the present invention is not limited to the configuration of the present embodiment, and a configuration that exhibits the same or similar effect as this configuration can be included in the present invention.

  The first application 101 installed in the user terminal 100 is an already logged-in application, and the second application 102 is an application to be logged in. Accordingly, the second application 102 can log in to the service server 120 via the first application 101 according to a fifth embodiment of the present invention described later.

  First, the second application 102 makes a login request to the second application 102 by transmitting the consumer key and signature to the service server 120.

  The request reception unit 901 of the service server 120 receives a login request from the second application 102 of the user terminal 100, and the first validity determination unit 902 validates various information received via the request reception unit 901. Judging sex. For example, it is determined whether the consumer key and signature of the second application 102 are valid.

  As a result of the determination by the first validity determination unit 902, if it is determined that the information is valid in all determinations, the ticket generation unit 903 generates a new ticket, and the ticket storage unit 904 generates the generated information. The ticket is stored in the ticket information database 921. Next, the ticket transmission unit 905 transmits the generated ticket to the second application 102 of the user terminal 100.

  The second application 102 performs a user information mapping procedure for the ticket by transmitting the ticket received from the service server 120 to the first application 101.

  That is, the first application 101 that has received the ticket generated by the service server 120 from the second application 102, the ticket provided from the second application 102, its own token (that is, the token of A), and the signature (that is, , A's signature) is transmitted to the service server 120, and a login to the second application 102 is requested.

  The token receiving unit 906 of the service server 120 receives the token of the first application 101 from the first application 101 of the user terminal 100, and receives the signature of A and the ticket generated by the second application 102 together with the token of A. Receive a login request for.

  The second validity determination unit 907 determines the validity of various information received together with the A token via the token reception unit 906. For example, it is determined whether the token and signature of the first application 101 are valid.

  As a result of the determination by the second validity determination unit 907, when it is determined that the information is valid in all determinations, the user identification unit 908 stores the token of the first application 101 in the user information database 922. Check the information of the logged-in user. Next, the user information storage unit 909 maps the received ticket (that is, the ticket generated by itself) and the user information confirmed by the user identification unit 908 and stores them in the ticket information database 921. As described above, when the ticket is normally stored in the database as a unique value, the result transmission unit 910 notifies the first application of the user terminal 100 that the ticket storage is completed without any abnormality.

  The first application 101 of the user terminal 100 receives a notification from the service server 120 that the ticket storage has been completed without abnormality, and provides the notification result to the second application 102 again. The second application 102 receives a notification from the first application 101 that there is no abnormality in the storage of the ticket, and transmits the ticket (ie, the ticket provided from the service server) to the service server 120 for authentication. Request.

  The ticket receiving unit 911 of the service server 120 receives a ticket from the second application 102, and the ticket inquiry unit 912 receives the ticket received from the second application 102 and the ticket stored in the ticket information database 921 (that is, the user himself / herself). The user information mapped to the ticket is acquired.

  If the ticket determination unit 913 checks the validity of the ticket and there is no abnormality, the ticket determination unit 913 performs login processing of the second application 102 with the acquired user information via the login processing unit 914.

  The token generation unit 915 generates a token and token secret for the second application 102 that has undergone the login process, and transmits the generated token and token secret to the user terminal 100 via the token transmission unit 916.

  The second application 102 of the user terminal 100 completes the login procedure for the second application 102 by directly receiving the token and token secret for the second application 102 from the service server 120. Accordingly, the second application 102 can access the service server 120 while logged in using the token and token secret generated by the service server 120.

  FIG. 10 is a flowchart showing a procedure of application login processing in the service server according to the fifth embodiment of the present invention. Referring to FIG. 10, first, a login request is made to the second application 102 by transmitting a consumer key and signature from the second application 102 to the service server 120.

  The service server 120 receives the B consumer key and the B signature from the second application 102 of the user terminal 100, and determines the validity of the received various information. For example, it is determined whether the consumer key and signature of the second application 102 are valid (S1006).

  As a result of the determination, if it is determined that the information is valid in all the determinations, the service server 120 generates a new ticket (S1007), and stores the generated ticket in the database 921. Next, the generated ticket is transmitted to the second application 102 of the user terminal 100.

  The second application 102 performs a user information mapping procedure for the ticket by transmitting the ticket received from the service server 120 to the first application 101.

  That is, the first application 101 that has received the ticket generated by the service server 120 from the second application 102, the ticket provided from the second application 102, its own token (that is, the token of A), and the signature (that is, , A's signature) is transmitted to the service server 120, and a login to the second application 102 is requested.

  The service server 120 receives the token of the first application 101 from the first application 101 of the user terminal 100, and receives the login request for the second application 102 by receiving the signature of A and the ticket generated by itself. To do.

  Next, the service server 120 determines the validity of various information received together with the token A. For example, it is determined whether the token and signature of the first application 101 are valid (S1001, S1002).

  As a result of the determination, if it is determined that the information is valid in all the determinations, the logged-in user information stored in the database is confirmed with the token of the first application 101 (S1003). Next, the received ticket (that is, the ticket generated by itself) and the confirmed user information are mapped and stored in the database (S1004). As described above, when the ticket is normally stored in the database as a unique value (S1005), the first application of the user terminal 100 is notified that the ticket storage is completed without any abnormality.

  The first application 101 of the user terminal 100 receives a notification from the service server 120 that the ticket storage has been completed without abnormality, and provides the notification result to the second application 102 again. The second application 102 receives a notification from the first application 101 that there is no abnormality in the storage of the ticket, and transmits the ticket (ie, the ticket provided from the service server) to the service server 120 for authentication. Request.

  The service server 120 receives a ticket from the second application 102, compares the ticket received from the second application 102 with a ticket stored in the database (that is, a ticket generated by itself), and maps the ticket to the ticket. User information to be acquired is acquired (S1008).

  Next, the service server 120 checks the validity of the ticket (S1009). If there is no abnormality, the service server 120 logs in the second application 102 with the user information acquired via the login processing unit 914 (S1010). To do.

  Next, the service server 120 generates a token and token secret for the login-processed second application 102 (S1011), and transmits the generated token and token secret to the user terminal 100.

  The second application 102 of the user terminal 100 completes the login procedure for the second application 102 by directly receiving the token and token secret for the second application 102 from the service server 120. Accordingly, the second application 102 can access the service server 120 while logged in using the token and token secret generated by the service server 120.

  The detailed configuration of the service server that provides application login by authentication sharing and the procedure of the login process performed by the service server according to each embodiment of the present invention has been described above with reference to FIGS. Next, an embodiment in which the present invention is applied to an actual service will be described with reference to FIGS.

  11 to 16 are diagrams illustrating actual implementation examples of providing login through a logged-in application according to an exemplary embodiment of the present invention. In an embodiment described later, an A application that is installed and used in a smartphone or the like will be described as an example. For example, a logged-in first application is an A application, and a second application that logs in via the first application is an application such as a B application.

  Referring to FIG. 11, when simple login is set through the A application, another application can be authenticated by the login set ID according to the embodiment of the present invention. For example, if the simple login is selected with the B application of A, it is possible to automatically log in with the ID of the already-logged-in A application (“mjbell84” in FIG. 11) without performing another ID and password input procedure. At this time, as described above, the user information identified from the A application to the individual application (for example, the B application) according to the embodiment of the present invention is copied, and the user is logged in by the automatic switching screen as shown. You can confirm that it is complete.

  Referring to FIG. 12, conventionally, when attempting to log in to an individual application, the ID and password must be entered for each application, but the first application already logged in according to the embodiment of the present invention In conjunction with this, it is possible to easily log in with the logged-in ID.

  Referring to FIG. 13, the user executes a shortcut for a specific application among a plurality of applications installed on a user terminal (for example, a smartphone), or within a first application (for example, an A application) that has already been logged in. When trying to access, the main screen of the third party application (ie, the second application) is executed. At this time, a menu for logging in with the ID of the first application can be displayed on the main screen of the second application. When a login through the first application is selected, according to an embodiment of the present invention, As described above, automatic login can be performed without entering another ID and password.

  On the other hand, when the simple login account is registered according to the embodiment of the present invention, the automatic login procedure proceeds as shown in FIG. 13, but when the simple login account is not registered, it is shown in FIG. In this way, it is possible to implement a simple login account registration procedure.

  FIG. 15 shows an example of proceeding with the installation procedure of the first application when the login of the second application is executed in a state where the first application is not installed. That is, when the second application is executed as shown in FIG. 15, if the first application is not installed, the installation of the first application has proceeded via various application markets. Later, again, the login procedure of the second application may proceed according to an embodiment of the present invention.

  FIG. 16 shows a procedure that a new user first executes to use the application automatic login according to the embodiment of the present invention. Referring to FIG. 16, in the case of a new user, when the second application is executed in a state where the first application is logged in and it is desired to receive a login service via the first application, the user identification procedure is further advanced. In addition, depending on the type of application, a user's guardian's consent procedure may be further added.

  Although the present invention has been described with reference to specific matters such as specific components and limited embodiments and drawings, this is provided to facilitate a more comprehensive understanding of the present invention. However, the present invention is not limited to the above-described embodiments, and various modifications and variations can be made from such description by those who have general knowledge in the field to which the present invention belongs.

  Therefore, the idea of the present invention is not limited to the above-described embodiments, and is not limited to the appended claims, but all modifications equivalent or equivalent to the claims are within the scope of the idea of the present invention. Should belong to.

DESCRIPTION OF SYMBOLS 100 User terminal 101 1st application 102 2nd application 110 Communication network 120 Service server 210 Request receiving part 220 Effectiveness judgment part 230 User identification part 240 Login processing part 250 Token generation part 260 Token transmission part 270 User information database 401 Request receiving part 402 Validity determining unit 403 User identifying unit 404 Ticket issuing unit 405 Ticket receiving unit 406 Ticket inquiry unit 407 Ticket determining unit 408 Login processing unit 409 Token generating unit 410 Token transmitting unit 411 User information database 412 Ticket information database 601 Request receiving unit 602 Validity determination unit 603 User identification unit 604 Ticket storage unit 605 Request result transmission unit 606 Ticket reception unit 607 h Ticket inquiry unit 608 Ticket determination unit 609 Login processing unit 610 Token generation unit 611 Token transmission unit 901 Request reception unit 902 First validity determination unit 903 Ticket generation unit 904 Ticket storage unit 905 Ticket transmission unit 906 Token reception unit 907 Second validity Sex determination unit 908 User identification unit 909 User information storage unit 910 Result transmission unit 911 Ticket reception unit 912 Ticket inquiry unit 913 Ticket determination unit 914 Login processing unit 915 Token generation unit 916 Token transmission unit 921 Ticket information database 922 User information database

Claims (23)

A user terminal in which a first application and a second application are installed and a login process is performed on the first application;
User information identified from the received first application token is received from the user terminal, the first application token, the first application signature, the second application consumer key, and the second application signature. And a service server that performs a login process for the second application. A request receiving unit that receives a login request for the second application from a user terminal in which the first application in a state of being logged into the service server is installed;
A validity determination unit that determines the validity of the token of the first application, the signature of the first application, and the consumer key of the second application received from the user terminal in response to the request;
As a result of the determination by the validity determination unit, when it is determined that the information is valid, a user identification unit that identifies logged-in user information from the received token of the first application;
A service server for providing an application log-in service based on authentication sharing, comprising: a log-in processing unit that performs log-in processing on the second application with the user information identified by the user identification unit. A token generation unit that generates a token and a token secret of the second application in response to a login process for the second application of the login processing unit;
The service server for providing an application login service by authentication sharing according to claim 2, further comprising: a token transmission unit that transmits the generated token and token secret of the second application to the user terminal. The user terminal is
The authentication according to claim 3, wherein the first application receives the token and token secret of the second application from the service server, and provides the received token and token secret of the second application to the second application. Service server for providing shared application login services. The first application is
Receiving a consumer key of the second application and a signature of the second application from the second application, further transmitting the received signature of the second application from the first application to the service server;
The service server for providing an application login service by authentication sharing according to claim 2, wherein the validity determination unit of the service server further determines the validity of the signature of the received second application. After the user information identification of the user identification unit, a ticket issuing unit that generates a ticket and stores it in a database;
A ticket receiving unit configured to transmit the ticket generated by the ticket issuing unit to the first application of the user terminal and receive the transmitted ticket via the second application of the user terminal;
A ticket inquiry unit that inquires about a ticket received via the ticket reception unit and a ticket stored in the database;
A ticket determination unit for determining whether the received ticket is a valid ticket as a result of the inquiry of the ticket inquiry unit;
3. The application login service by authentication sharing according to claim 2, wherein the login processing unit performs login processing for the second application when it is determined that the ticket is a valid ticket as a result of the determination by the ticket determination unit. A service server to provide. The first application of the user terminal is
The service server for providing an application login service by authentication sharing according to claim 6, wherein the ticket received from the service server is provided to a second application. A ticket storage unit that stores in a database a ticket generated by the first application received from the user terminal after the user information identification of the user identification unit;
A request result transmission unit for notifying the first application of the user terminal that the ticket storage unit has completed the storage of the ticket without any abnormality,
A ticket receiving unit that receives a ticket generated by the first application via the second application of the user terminal;
A ticket inquiry unit that inquires about a ticket received via the ticket reception unit and a ticket stored in the database;
A ticket determination unit for determining whether the received ticket is a valid ticket as a result of the inquiry of the ticket inquiry unit;
3. The application login service by authentication sharing according to claim 2, wherein the login processing unit performs login processing for the second application when it is determined that the ticket is a valid ticket as a result of the determination by the ticket determination unit. A service server to provide. The first application of the user terminal is
9. The service server for providing an application login service by authentication sharing according to claim 8, wherein the service ticket is received from the service server that the storage of the ticket has been completed without abnormality and the generated ticket is provided to a second application. . A ticket storage unit that stores in a database a ticket generated by the second application received from the user terminal after the user information identification of the user identification unit;
A request result transmission unit for notifying the first application of the user terminal that the ticket storage unit has completed the storage of the ticket without any abnormality,
A ticket receiving unit for receiving a ticket generated by the second application from the second application of the user terminal;
A ticket inquiry unit that inquires about a ticket received via the ticket reception unit and a ticket stored in the database;
A ticket determination unit for determining whether the received ticket is a valid ticket as a result of the inquiry of the ticket inquiry unit;
3. The application login service by authentication sharing according to claim 2, wherein the login processing unit performs login processing for the second application when it is determined that the ticket is a valid ticket as a result of the determination by the ticket determination unit. A service server to provide. The first application of the user terminal is
11. The service server for providing an application login service by authentication sharing according to claim 10, wherein the service server receives a notification that the storage of the ticket has been completed without abnormality from the service server and provides the notification result to the second application. . The second application of the user terminal is
The service server for providing an application login service by authentication sharing according to claim 10, wherein a ticket is generated and the generated ticket is provided to the first application. A request receiving unit that receives a login request for the second application from a user terminal in which the first application in a state of being logged into the service server is installed;
A first validity determination unit that determines the validity of the consumer key of the second application and the signature of the second application received from the user terminal in response to the request;
A ticket generation unit that generates a ticket when it is determined that the information is valid as a result of the determination by the first validity determination unit;
A ticket storage unit for storing the ticket generated by the ticket generation unit in a database;
A ticket transmission unit that transmits the ticket generated by the ticket generation unit to the second application of the user terminal;
A token receiving unit that receives a token of the first application from the first application of the user terminal, a signature of the first application, and a ticket received from the second application;
A second validity determination unit that determines the validity of the token of the first application and the signature of the first application by reception of the token reception unit;
As a result of the determination by the second validity determination unit, when it is determined that the information is valid, a user identification unit for identifying user information logged in from the received token of the first application;
A user information storage unit that maps the received ticket and user information confirmed by the user identification unit and stores them in a database;
A result transmission unit for notifying the first application of the user terminal that the storage of the ticket has been completed without abnormality;
A ticket receiving unit for receiving the ticket from the second application of the user terminal;
A ticket inquiry unit that inquires about a ticket received via the ticket reception unit and a ticket stored in the database;
As a result of the inquiry of the ticket inquiry unit, a ticket determination unit that determines whether the received ticket is a valid ticket;
A service for providing an application login service by authentication sharing, including a login processing unit that performs a login process for the second application when it is determined that the ticket is valid as a result of the determination by the ticket determination unit server. A token generation unit that generates a token and a token secret of the second application in response to a login process for the second application of the login processing unit;
The service server for providing an application login service by authentication sharing according to claim 13, further comprising: a token transmission unit that transmits the generated token and token secret of the second application to the user terminal. An application login method by authentication sharing performed by a service server,
Receiving a login request for the second application from a user terminal installed with the first application logged in the service server in the request receiving unit;
Determining a validity of the token of the first application, the signature of the first application, and the consumer key of the second application received from the user terminal in response to the request;
The user identifying unit identifies the logged-in user information from the received token of the first application when it is determined that the information is valid as a result of the determination by the validity determining unit;
And a login processing unit performing login processing of the second application with the user information identified by the user identification unit. Generating a token and token secret of the second application in response to a login process for the second application of the login processing unit in a token generation unit;
The method of claim 15, further comprising: transmitting a token and a token secret of the generated second application to the user terminal at a token transmission unit. The user terminal is
17. The authentication of claim 16, wherein the first application receives the second application token and token secret from the service server and provides the received second application token and token secret to the second application. Application login method by sharing. The first application is
Receiving a consumer key of the second application and a signature of the second application from the second application, further transmitting the received signature of the second application from the first application to the service server;
The application login method according to claim 15, wherein the validity determination unit of the service server further determines the validity of the signature of the received second application.   A computer-readable recording medium in which a program for executing the method according to any one of claims 15 to 18 is recorded. A user terminal on which the first application and the second application are installed,
The first application is executed, a user is logged in to the first application via a service server, a login request for the second application is received from the second application, and the second request is sent to the service server. A first application execution unit that requests login to the application and receives login related information for the second application from the service server;
Execute the second application, request the first application execution unit to log in to the second application, and receive login related information for the second application from the first application execution unit in response to the login request. And a second application execution unit that performs login processing for the user. The first application execution unit
21. The user terminal according to claim 20, wherein the first application token, the first application signature, and the second application consumer key are transmitted to the service server to request login to the second application.   21. The token and token secret of the second application are received from the service server at the first application execution unit, and the received token and token secret of the second application are provided to the second application execution unit. The user terminal described in 1. The first application execution unit
The user terminal according to claim 21, wherein a consumer key of the second application and a signature of the second application are received from the second application execution unit, and the received signature of the second application is further transmitted to the service server. .