KR101323583B1 - Method for managing authontication on web application using ocsp and appartus there of - Google Patents
Method for managing authontication on web application using ocsp and appartus there of Download PDFInfo
- Publication number
- KR101323583B1 KR101323583B1 KR1020120005162A KR20120005162A KR101323583B1 KR 101323583 B1 KR101323583 B1 KR 101323583B1 KR 1020120005162 A KR1020120005162 A KR 1020120005162A KR 20120005162 A KR20120005162 A KR 20120005162A KR 101323583 B1 KR101323583 B1 KR 101323583B1
- Authority
- KR
- South Korea
- Prior art keywords
- web application
- certificate
- application
- ocsp
- authentication
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
Abstract
The present application relates to a web application authentication technology, and a web application authentication management method according to an embodiment of the disclosed technology provides a user capable of connecting to an application providing server and an OCSP authentication server for providing web application installation data electronically signed with a predetermined certificate. It is performed at the terminal. The web application authentication management method includes (a) acquiring identification information of a certificate from web application installation data received from the application providing server, and (b) applying the certificate to the OCSP authentication server based on the acquired identification information. Requesting status information for the web application and (c) installing the web application by allocating domain authority of the web application based on the status information received from the OCSP authentication server. According to the disclosed technology of the present application, by performing an authentication procedure with the OCSP authentication server in the execution step of the web application, it is possible to correct the authority based on the authentication information of the web application, thereby ensuring the authority of the installed web application. It has the effect of compensating fluidly.
Description
The present application relates to a web application authentication technology, and more particularly, a web application authentication management method using OCSP that can effectively change the authority of an installed application based on the certificate information of the OCSP when the web application is executed, and the web using the same. It relates to an application authentication device.
With the development of the Internet and computing technologies, software has evolved from simple media-based to network-based and from OS-based to various application-based.
One type of such conventional software is a web application. The web application refers to application software that performs a predetermined function using a network such as the Internet based on a web browser. In such a web application, managing the authority granted by the operating system of the user terminal is a very important issue. This is because a malicious application such as a Trojan can be easily installed on a user terminal by exploiting a web application.
Conventionally, in granting the authority of such a web application, the user by digitally signing the web application with a predetermined certificate, using the authentication server to identify the creator or issuer of the application, and provide the user with a safety level thereof. Based on this information, manual authority management was possible.
However, the conventional rights management technology of the web application is fixed to the authority authenticated at the installation stage of the web application to set the rights of the web application. Therefore, in case of an error caused by the authentication server or a connection error with the authentication server in the installation step, there is a limit that a cumbersome additional procedure such as deleting and reinstalling the web application is required in order to correct an incorrectly set permission. .
The present application additionally performs an authentication procedure with the OCSP authentication server in the execution phase of the web application to enable the correction of authority based on the authentication information of the web application, thereby flexibly compensating the authority of the installed web application. To provide web application authentication management technology using OCSP.
In addition, the present application executes the authentication procedure with the OCSP authentication server as a background process in the execution phase of the web application, the web application using OCSP that can flexibly compensate for the rights while maintaining the performance of the web application being executed efficiently We want to provide certification management technology.
Among the embodiments, the web application authentication management method is performed in an application providing server for providing web application installation data digitally signed with a predetermined certificate and a user terminal connectable to an OCSP authentication server. The web application authentication management method includes (a) acquiring identification information of a certificate from web application installation data received from the application providing server, and (b) applying the certificate to the OCSP authentication server based on the acquired identification information. Requesting status information for the web application and (c) installing the web application by allocating domain authority of the web application based on the status information received from the OCSP authentication server.
Among the embodiments, the web application authentication apparatus is connectable to an application providing server and an OCSP authentication server for providing web application installation data digitally signed with a predetermined certificate. The web application authentication device includes a certificate validity determination unit and an application installation management unit. The certificate validity determining unit determines the validity of the certificate of the web application received from the application providing server. The application installation manager installs the received web application by assigning differential domain rights based on the validity provided by the certificate validity determining unit.
Among the embodiments, the recording medium records a program for executing the web application authentication management method. The program is a program that can be executed in an application providing server that provides web application installation data digitally signed with a predetermined certificate and a user terminal connectable to an OCSP authentication server. Obtaining identification information of a certificate from data, (b) requesting the OCSP authentication server for status information based on the obtained identification information, and (c) the status received from the OCSP authentication server And installing the web application by allocating domain authority of the web application based on the information.
According to the disclosed technology of the present application, by performing an authentication procedure with the OCSP authentication server in the execution step of the web application, it is possible to correct the authority based on the authentication information of the web application, thereby ensuring the authority of the installed web application. It has the effect of compensating fluidly.
In addition, according to the disclosed technology of the present application, by performing the authentication process with the OCSP authentication server as a background process in the execution phase of the web application, the effect that can flexibly compensate for the rights while maintaining the performance of the running web application efficiently There is.
1 is a reference diagram illustrating an example of a web application authentication apparatus, an application providing server, and an OCSP authentication server according to the disclosed technology.
2 is a block diagram illustrating an embodiment of a web application authentication apparatus according to the disclosed technology.
3 is a block diagram illustrating another embodiment of a web application authentication apparatus according to the disclosed technology.
4 is a reference table for explaining status information of a certificate provided in the disclosed technology.
5 is a flowchart illustrating an embodiment of a web application authentication management method according to the disclosed technology.
The description of the disclosed technique is merely an example for structural or functional explanation and the scope of the disclosed technology should not be construed as being limited by the embodiments described in the text. That is, the embodiments are to be construed as being variously embodied and having various forms, so that the scope of the disclosed technology should be understood to include equivalents capable of realizing technical ideas.
Meanwhile, the meaning of the terms described in the present application should be understood as follows.
The terms "first "," second ", and the like are intended to distinguish one element from another, and the scope of the right should not be limited by these terms. For example, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.
It is to be understood that when an element is referred to as being "connected" to another element, it may be directly connected to the other element, but there may be other elements in between. On the other hand, when an element is referred to as being "directly connected" to another element, it should be understood that there are no other elements in between. On the other hand, other expressions describing the relationship between the components, such as "between" and "immediately between" or "neighboring to" and "directly neighboring to", should be interpreted as well.
It should be understood that the singular " include "or" have "are to be construed as including a stated feature, number, step, operation, component, It is to be understood that the combination is intended to specify that it does not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.
In each step, the identification code (e.g., a, b, c, etc.) is used for convenience of explanation, the identification code does not describe the order of each step, Unless otherwise stated, it may occur differently from the stated order. That is, each step may occur in the same order as described, may be performed substantially concurrently, or may be performed in reverse order.
The disclosed technology can be embodied as computer readable code on a computer readable recording medium, and the computer readable recording medium includes all kinds of recording devices in which data can be read by a computer system. . Examples of the computer-readable recording medium include a ROM, a RAM, a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like, and also implemented in the form of a carrier wave (for example, transmission over the Internet) . In addition, the computer-readable recording medium may be distributed over network-connected computer systems so that computer readable codes can be stored and executed in a distributed manner.
All terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the disclosed technology belongs, unless otherwise defined. Generally, the terms defined in the dictionary used are to be interpreted to coincide with the meanings in the context of the related art, and should not be interpreted as having ideal or excessively formal meanings unless clearly defined in the present application.
1 is a reference diagram illustrating an example of a web application authentication apparatus, an application providing server, and an OCSP authentication server according to the disclosed technology.
In the example shown in FIG. 1, the web
The
Here, the installation data can be digitally signed with a predetermined certificate. For example, it may be digitally signed as a certificate of the application provider.
The OCSP
Information on the validity of the certificate provided by the OCSP
The web
When executing the installed web client, the web
The web
2 is a block diagram illustrating an embodiment of a web
Referring to FIG. 2, the web
The
The certificate
In one embodiment, the certificate
In one embodiment, the information on the validity of the certificate provided by the
The
In more detail, the application
In this case, the domain authority refers to the authority that the corresponding application differentially sets the range of resources that can be accessed or modified in the user terminal. As will be described later, domain rights can be divided including Trusted and Untrusted. According to an embodiment, it may include at least one partial trusted domain that differentially provides access or write access to only some resources between the trusted and untrusted domains.
In an embodiment, if the application state information corresponds to a valid state, the
In an embodiment, if the application state information corresponds to an undetermined state, the
In one embodiment, the application
When executing the installed web application, the
The
In more detail, the
In one embodiment, the
In more detail, the
Here, the cached response data may have a predetermined validity period. As described above, the disclosed technology caches the state information of the certificate of the web application, and executes the web application without performing a separate authentication process while the stored state information is valid (within the validity period). Can provide fast performance.
The
In more detail, the validity of the cached response data may be determined. If the validity of the cached response data is not valid, the certificate
In one embodiment, the
In more detail, the
Here, the validity period of the response data may be indicated as the period signature for the certificate. For example, in providing the status information, the
In one embodiment, the application
In more detail, as described above, when (i) the initial execution of the application or (ii) the validity period of the response data has expired, the
In this embodiment, the automatic correction of the authority of the web application can be made to provide a more accurate and convenient web application execution environment to the user. For example, in the past, when the first web application is installed with the wrong domain authority, the domain authority cannot be changed unless it is manually deleted and reinstalled. However, the disclosed technology is incorrectly set during the initial installation. Even if the domain authority is changed due to the change of the domain authority or the authority of the provider, it can be automatically reflected and reset to provide a more convenient web application execution environment.
If there is no cached response data (at the time of first execution) or expires, the
The
3 is a block diagram illustrating another embodiment of the web
Referring to another embodiment disclosed in FIG. 3, the web
The
In more detail, when the
FIG. 4 is a reference table for describing status information of a certificate provided in the disclosed technology. Referring to FIG. 4, the status information of the certificate will be described in more detail.
As described above, the state information for the certificate may be expressed as any one of a valid state, an indeterminate state, and a revocation state.
The good state indicates that the certificate is valid, and the disclosed technology may set a right as a trusted domain for the web application corresponding to the valid state certificate.
An unkown indicates that the certificate cannot be validated, and the disclosed technology may set the authority as an untrusted domain for the web application corresponding to the uncommitted certificate.
Revoked indicates that the certificate has been revoked. According to the disclosed technology, in the case of the web application corresponding to the certificate in the revoked state, the installation step is not permitted, and in the execution step, the user terminal may be informed that the current certificate has been revoked and refused to be executed.
5 is a flowchart illustrating an embodiment of a web application authentication management method according to the disclosed technology.
Hereinafter, an embodiment of a web application authentication management method will be described with reference to FIG. 5. Since an embodiment to be described below is performed in the web
When the web
The web
When the web
The web
Here, the state information may be information regarding any one of a valid state, an undetermined state, and a discarded state.
In an embodiment of step S550, the web
In an embodiment of step S550, the web
In an embodiment, the web application authentication management method may further include checking and storing current state information of the installed web application at the first execution of the web application.
In more detail, the web
For example, the web
In an embodiment, the web
In one embodiment, the web application authentication management method may determine whether to validate the certificate by determining the validity of the stored response data when the web application is executed.
In more detail, the web
For example, the web
In one embodiment, the web application authentication management method may automatically reset the domain authority based on the current state information.
In more detail, when the web
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit and scope of the present invention as set forth in the following claims It can be understood that
100: application providing server
200: web application authentication device
210: communication unit 220: certificate validity determination unit
230: application installation management unit 240: application execution management unit
250: memory 260: signature generation unit
300: OCSP Authentication Server
Claims (13)
(a) acquiring identification information of a certificate from web application installation data received from the application providing server;
(b) requesting status information about the certificate from the OCSP authentication server based on the obtained identification information; And
(c) assigning a domain authority of the web application based on the state information received from the OCSP authentication server and installing the web application;
The step (c)
If the state information corresponds to a valid state, allocating the web application to a trusted domain; And
And if the state information corresponds to an indeterminate state, allocating the web application to an untrusted domain.
Information about any of valid, undetermined, and retired states
Web application authentication management method characterized in that.
Stopping the installation of the web application if the state information corresponds to a discarded state; And
Displaying a user interface including notification information indicating that the certificate corresponds to a revocation status;
Web application authentication management method comprising a.
(d) receiving the current state information of the certificate of the installed web application from the OCSP authentication server and cache it as response data upon first execution of the installed web application;
Web application authentication management method characterized in that it further comprises.
(d-1) determining whether execution of the installed web application corresponds to initial execution;
(d-2) requesting current status information of a certificate of a web application installed in the OCSP authentication server, if determined to be the first execution; And
(d-3) caching current state information received from the OCSP authentication server as the response data;
Web application authentication management method comprising a.
Checking whether cached response data exists when the installed web application is executed; And
Determining that the current execution is the first execution if it does not exist as a result of the checking;
Web application authentication management method comprising a.
(e) determining the validity of the cached response data when executing the installed web application, and if it is not valid, determining whether to execute by checking the current validity of the certificate of the web application using the OCSP authentication server. ;
Web application authentication management method characterized in that it further comprises.
(e-1) checking the validity period of the cached response data;
(e-2) if the current time exceeds the validity period, requesting the OCSP authentication server for current status information on the certificate of the web application; And
(e-3) checking the current validity based on current status information received from the OCSP authentication server, and if valid, storing the received current status information as the response data;
Web application authentication management method comprising a.
(e) checking the current state information provided from the OCSP authentication server when executing the installed web application, and automatically resetting domain authority of the installed web application if the domain authority can be changed;
Web application authentication management method characterized in that it further comprises.
Certificate validity determination unit for determining the validity of the certificate of the web application received from the application providing server; And
An application installation management unit for installing the received web application by assigning differential domain authority based on the validity provided by the certificate validity determining unit;
The installation management unit
If it is determined that the certificate of the web application is valid, assign the web application to a trusted domain,
And if it is determined that the certificate of the web application is not valid, allocating the web application to an untrusted domain.
Receives the current status information of the certificate of the installed web application from the OCSP authentication server and caches it as response data upon first execution of the installed web application, and determines the validity of the cached response data if it is executed later. If not, the application execution management unit for determining whether or not to execute by checking the current validity of the certificate of the web application using the OCSP authentication server;
Web application authentication apparatus further comprises.
The program is a program that can be executed in an application providing server for providing web application installation data digitally signed with a predetermined certificate and a user terminal connectable to an OCSP authentication server.
(a) a function of acquiring identification information of a certificate from web application installation data received from the application providing server;
(b) requesting status information on the certificate from the OCSP authentication server based on the obtained identification information; And
(c) assigning a domain authority of the web application based on the state information received from the OCSP authentication server and installing the web application;
(C) function is
Allocating the web application to a trusted domain if the state information corresponds to a valid state; And
And assigning the web application to an untrusted domain if the state information corresponds to an undetermined state.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR1020120005162A KR101323583B1 (en) | 2012-01-17 | 2012-01-17 | Method for managing authontication on web application using ocsp and appartus there of |
| PCT/KR2012/005254 WO2013108969A1 (en) | 2012-01-17 | 2012-07-02 | Method for managing web application authentication by using ocsp, and apparatus for authenticating web application by using same |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| KR1020120005162A KR101323583B1 (en) | 2012-01-17 | 2012-01-17 | Method for managing authontication on web application using ocsp and appartus there of |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| KR20130093817A KR20130093817A (en) | 2013-08-23 |
| KR101323583B1 true KR101323583B1 (en) | 2013-10-30 |
Family
ID=48799373
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| KR1020120005162A KR101323583B1 (en) | 2012-01-17 | 2012-01-17 | Method for managing authontication on web application using ocsp and appartus there of |
Country Status (2)
| Country | Link |
|---|---|
| KR (1) | KR101323583B1 (en) |
| WO (1) | WO2013108969A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR102358883B1 (en) * | 2021-04-26 | 2022-02-08 | 허정 | A system for controlling the opening and closing of the door, and a method therefor |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2006079223A (en) * | 2004-09-08 | 2006-03-23 | Nec Corp | Application program management apparatus, management method used therefor and program therefor |
| KR20060123470A (en) * | 2004-01-09 | 2006-12-01 | 코아스트리트 리미티드 | Signature-efficient real time credentials for ocsp and distributed ocsp |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7254831B2 (en) * | 2002-12-04 | 2007-08-07 | Microsoft Corporation | Sharing a sign-in among software applications having secured features |
| JP4108461B2 (en) * | 2002-12-04 | 2008-06-25 | 株式会社リコー | Authentication system, authentication distribution server, authentication method and program |
-
2012
- 2012-01-17 KR KR1020120005162A patent/KR101323583B1/en not_active IP Right Cessation
- 2012-07-02 WO PCT/KR2012/005254 patent/WO2013108969A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20060123470A (en) * | 2004-01-09 | 2006-12-01 | 코아스트리트 리미티드 | Signature-efficient real time credentials for ocsp and distributed ocsp |
| JP2006079223A (en) * | 2004-09-08 | 2006-03-23 | Nec Corp | Application program management apparatus, management method used therefor and program therefor |
Also Published As
| Publication number | Publication date |
|---|---|
| KR20130093817A (en) | 2013-08-23 |
| WO2013108969A1 (en) | 2013-07-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA3087858C (en) | Authentication and authorization using tokens with action identification | |
| US11563581B2 (en) | Shared registration system | |
| US9626137B2 (en) | Image forming apparatus, server device, information processing method, and computer-readable storage medium | |
| US8713646B2 (en) | Controlling access to resources on a network | |
| US9154504B2 (en) | Device apparatus, control method, and relating storage medium | |
| CA2650463C (en) | System and method for tracking the security enforcement in a grid system | |
| CN112597472B (en) | Single sign-on method, device and storage medium | |
| CN107017989B (en) | Method and apparatus for domain name operation verification code generation and/or verification | |
| US20120297455A1 (en) | Target-based access check independent of access request | |
| US9401911B2 (en) | One-time password certificate renewal | |
| US9003490B2 (en) | Using entitlement certificates to manage product assets | |
| KR101795592B1 (en) | Control method of access to cloud service for business | |
| KR101832535B1 (en) | Trustworthy device claims as a service | |
| US20140150055A1 (en) | Data reference system and application authentication method | |
| CN116415217A (en) | Instant authorization system based on zero trust architecture | |
| EP3570517B1 (en) | Authentication technique making use of emergency credential | |
| US9027107B2 (en) | Information processing system, control method thereof, and storage medium thereof | |
| WO2016045042A1 (en) | Method and device for managing content in secure element | |
| KR101323583B1 (en) | Method for managing authontication on web application using ocsp and appartus there of | |
| CN106936794B (en) | Method and device for changing secret key and method and device for setting secret key | |
| US11818128B2 (en) | Migration of user authentication from on-premise to the cloud | |
| EP3766221B1 (en) | Relying party certificate validation when client uses relying party's ip address | |
| EP2332053B1 (en) | Authentication of services on a partition | |
| CN115242528A (en) | Log-in method of Kubernets cluster management panel | |
| CN115242527A (en) | Method and device for logging in Kubernets cluster management panel |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| A201 | Request for examination | ||
| E902 | Notification of reason for refusal | ||
| E701 | Decision to grant or registration of patent right | ||
| GRNT | Written decision to grant | ||
| FPAY | Annual fee payment |
Payment date: 20161005 Year of fee payment: 4 |
|
| FPAY | Annual fee payment |
Payment date: 20170926 Year of fee payment: 5 |
|
| LAPS | Lapse due to unpaid annual fee |