KR101342407B1 - Method for providing intergrated authentication service based on single sign on - Google Patents
Method for providing intergrated authentication service based on single sign on Download PDFInfo
- Publication number
- KR101342407B1 KR101342407B1 KR1020130079555A KR20130079555A KR101342407B1 KR 101342407 B1 KR101342407 B1 KR 101342407B1 KR 1020130079555 A KR1020130079555 A KR 1020130079555A KR 20130079555 A KR20130079555 A KR 20130079555A KR 101342407 B1 KR101342407 B1 KR 101342407B1
- Authority
- KR
- South Korea
- Prior art keywords
- user terminal
- server
- site
- integrated
- integrated authentication
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
- Telephonic Communication Services (AREA)
Abstract
Provided is a single sign-on based integrated authentication service providing method, wherein a first server receives a first ID and a first password for accessing a first site from a user terminal, confirms whether an integrated member is registered from the user terminal, If the user agrees to the integrated membership, receiving the integrated membership agreement data from the first server, transmitting the pop-up data for the integrated authentication to the first server, and the ipin ID (IPIN) from the user terminal via the first server. ID), receiving a password for the integrated authentication, performing the integrated member registration for the user terminal by combining the integrated membership agreement data, i-Pin ID, the password for the integrated authentication, the user terminal based on the integrated member registration performed Database information on the user terminal from the integrated authentication session server If the session ID is generated, transmitting the information on the user terminal to the first server.
Description
The present invention relates to a single sign-on based integrated authentication service providing method.
Recently, as the leak of social security number occurs, it is a trend to actively use the iPin ID. If the social security number is exposed, it can not be changed, so damage from personal information leakage can occur, while i-PIN ID can be discarded and reissued even if it is exposed, thereby minimizing damage due to personal information leakage.
At this time, the method using the i-pin is made of a method of confirming the identity of the user in connection with the i-pin management institution. Regarding the method of using i-pin, Korean Patent Publication No. 2010-0071679O (published on June 29, 2010), which is a prior art, utilizes a personal certificate and uses servers of i-pin management agencies, credit card companies, mobile operators, telecommunications companies and other organizations without exposing their social security numbers. A method of identifying a user's identity in association is disclosed.
However, in providing a method of using iPin, even if iPin is used at each site, the user must log in at one site and re-login using iPin at another site. In addition, the government introduced CI (Connecting Information) to link sites through IPIN, but the link information (CI) can only confirm whether the users who are subscribed to the site is the same person, and not a concept of linking. Therefore, the user must relogin again.
An embodiment of the present invention is a single sign-on-based integrated authentication service that allows a plurality of sites to be used without re-login by inputting a single integrated authentication password, regardless of which site is connected thereafter, once the member is registered through integrated authentication. A provision method can be provided. It should be understood, however, that the technical scope of the present invention is not limited to the above-described technical problems, and other technical problems may exist.
As a technical means for achieving the above-described technical problem, an embodiment of the present invention, the first server receives the first ID and the first password for accessing the first site from the user terminal, and integrated member from the user terminal Confirming the subscription, and if the user terminal agrees to the integrated membership, receiving the integrated membership agreement data from the first server, transmitting the pop-up data for the integrated authentication to the first server, and the first from the user terminal. Receiving an ipin ID (IPIN ID), the password for the integrated authentication via the server, performing the integrated membership registration for the user terminal by combining the integrated membership agreement data, ipin ID, password for the integrated authentication, performed Database the information on the user terminal based on the integrated membership, the integrated authentication session server If the session ID is generated for the user terminal, transmitting the information for the user terminal to the first server. In this case, the integrated membership agreement data may include at least one of duplication information, a first ID, a first password, and first domain information of the first site.
According to the problem solving means of the present invention described above, if any user is registered with the integrated authentication member, if only the integrated authentication password is entered, the login process is automatically performed, so that the user has a plurality of IDs and passwords separately input to a plurality of sites. There is no need to memorize separately, and interworking between sites can be easily prevented from concentrating members on any site.
1 is a block diagram illustrating a single sign-on based integrated authentication service providing system according to an embodiment of the present invention.
FIG. 2 is a diagram illustrating a single sign-on based integrated authentication service providing server illustrated in FIG. 1.
3 is a diagram illustrating various embodiments executed in the single sign-on based integrated authentication service providing system shown in FIG. 1.
4 is a flowchart illustrating a method for providing a single sign-on based integrated authentication service according to an embodiment of the present invention.
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings, which will be readily apparent to those skilled in the art. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.
Throughout the specification, when a part is referred to as being "connected" to another part, it includes not only "directly connected" but also "electrically connected" with another part in between . Also, when an element is referred to as "including" an element, it is to be understood that the element may include other elements as well as other elements, And does not preclude the presence or addition of one or more other features, integers, steps, operations, components, parts, or combinations thereof.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.
1 is a block diagram illustrating a single sign-on based integrated authentication service providing system according to an embodiment of the present invention. Referring to FIG. 1, the single sign-on based integrated authentication
In this case, each component of FIG. 1 is generally connected through a
Here, the
The
The
Single sign-on based integrated authentication
Here, the single sign-on based integrated authentication
The first server 400 (1), the second server 400 (2), ..., the nth server 400 (n) are servers that transmit and receive data with the single sign-on based integrated authentication
Referring to the single sign-on-based integrated authentication service providing method according to an embodiment of the present invention described above as an example.
Recently, as the leak of social security number occurs, it is a trend to actively use the iPin ID. If the social security number is exposed, it can not be changed, so damage from personal information leakage can occur, while i-PIN ID can be discarded and reissued even if it is exposed, thereby minimizing damage due to personal information leakage.
The government introduced CI (Connecting Information) to link between sites through IPIN, but the link information (CI) can only confirm whether or not the user who is subscribed to the site is the same person, and because it is not an integrated concept, The user must relogin again.
Therefore, the single sign-on-based integrated authentication service providing method according to an embodiment of the present invention, apart from the existing login and login system by ID and password, if only to register through the integrated authentication, no matter which site you access afterwards By entering a single unified authentication password, multiple sites can be used without re-login.
FIG. 2 is a diagram illustrating a single sign-on based integrated authentication service providing server illustrated in FIG. 1, and FIG. 3 is a diagram illustrating various embodiments executed in the single sign-on based integrated authentication service providing system illustrated in FIG. 1. to be.
Referring to FIG. 2, the single sign-on based integrated authentication
Two-way single sign-on service application, program is another server (not shown) that operates in conjunction with the single sign-on based integrated authentication
At this time, the
Hereinafter, a single sign-on based integrated authentication service providing method according to an embodiment of the present invention will be described by dividing into a first embodiment, a second embodiment, a third embodiment, and a fourth embodiment.
The first embodiment will be described with reference to Fig.
The
The
The performing
The
Hereinafter, an operation according to an embodiment of the present invention will be described with the above-described configuration. In addition, hereinafter, the first site is defined as site A, the first server 400 (1) is defined as server A, and the
Referring to FIGS. 1 and 3A, when user A (User A) attempts to log in to a site A using an ID (ID) and password (PWD) using a terminal of user A or to register as a member, site A Server A checks whether User A has become an integrated member. In this case, if user A is already registered as an integrated member, the user is notified that he is already a registered member and returns to the main screen. Server A of the integrated membership agreement data is transmitted to the single sign-on based integrated authentication
Meanwhile, the single sign-on-based integrated authentication
Returning to Fig. 2, the second embodiment will be described.
When the
In this case, the information on the
The operation of the
Returning to Fig. 2, the third embodiment will be described.
When the
At this time, the
The above-described third embodiment will be described with reference to FIG. 3C.
First, suppose that when user A, a member of site A, jumps to site B, integrated authentication is performed.
When the user A clicks on the banner linked to the site B in the site A in the login state of the site A, the parameter, which is information about the
This eliminates the inconvenience of re-login because users do not have to store user information in each site, and the server capacity can be reduced, and users can use multiple sites with one login just by remembering their password. Can be.
Returning to Fig. 2, the fourth embodiment will be described.
First, it is assumed that the
The
When the
In addition, when the user of the
In addition, when any one site is selected from the list of sites extracted from the
At this time, the server (not shown) of any one site may perform an automatic login to the
In addition, when the
The fourth embodiment described above will be described with reference to FIG. 3D.
First, assume that User A, a member of Site A, performs integrated login authentication at Site B.
When user A clicks on the user interface based on integrated authentication at site B, single sign-on based integrated authentication
The single sign-on based integrated authentication
Single sign-on-based integrated authentication service providing method according to an embodiment of the present invention, even if a user moves a plurality of sites can be used without re-login only one login, if only the integrated authentication password if you only remember the integrated authentication password This saves you the trouble of retrieving the ID and password from each site, and all sites can be used collectively, reducing the load on the server serving each site.
2 and 3 are not described about the single sign-on based integrated authentication service providing method is the same as described above for the single sign-on based integrated authentication service providing method through FIG. Since it can be inferred, a description thereof will be omitted.
4 is a flowchart illustrating a method for providing a single sign-on based integrated authentication service according to an embodiment of the present invention. Referring to FIG. 4, the single sign-on-based integrated authentication service providing server receives a first ID and a first password for a first server to access a first site from a user terminal, and confirms whether to join an integrated member from the user terminal. When the user terminal agrees to the integrated membership, the integrated server receives the integrated subscription data from the first server (S4100). In this case, the integrated membership agreement data may include at least one of duplication information, a first ID, a first password, and first domain information of the first site.
Then, the single sign-on-based integrated authentication service providing server transmits the integrated authentication pop-up data to the first server (S4200).
At this time, the single sign-on based integrated authentication service providing server receives an IPIN ID and an integrated authentication password from the user terminal via the first server (S4300).
In addition, the single sign-on-based integrated authentication service providing server performs a combined membership for the user terminal by combining the integrated membership agreement data, i-pin ID, password for the integrated authentication (S4400).
Here, the single sign-on-based integrated authentication service providing server, the database on the information on the user terminal based on the performed integrated membership (S4500).
Finally, the single sign-on-based integrated authentication service providing server, if a session ID for the user terminal is generated from the integrated authentication session server, and transmits information about the user terminal to the first server (S4600).
The matters not described with respect to the single sign-on based integrated authentication service providing method of FIG. 4 are the same as those described for the single sign-on based integrated authentication service providing method through FIGS. 1 to 3. Since it can be inferred, a description thereof will be omitted.
The single sign-on based integrated authentication service providing method according to an exemplary embodiment described with reference to FIG. 4 may be implemented in the form of a recording medium including instructions executable by a computer, such as an application or a program module executed by a computer. have. Computer readable media can be any available media that can be accessed by a computer and includes both volatile and nonvolatile media, removable and non-removable media. In addition, the computer-readable medium may include both computer storage media and communication media. Computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Communication media typically includes any information delivery media, including computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave, or other transport mechanism.
The single sign-on based integrated authentication service providing method according to an embodiment of the present invention described above may be executed by an application basically installed in a terminal (which may include a program included in a platform or an operating system, which is basically installed in the terminal). It may also be executed by an application (ie, a program) installed by the user directly on the master terminal through an application providing server such as an application store server, an application, or a web server associated with the corresponding service. In this sense, the method for providing a single sign-on based integrated authentication service according to an embodiment of the present invention described above is implemented as an application (that is, a program) that is basically installed in a terminal or directly installed by a user, and is read by a computer such as a terminal. Can be recorded on a recording medium.
The foregoing description of the present invention is intended for illustration, and it will be understood by those skilled in the art that the present invention may be easily modified in other specific forms without changing the technical spirit or essential features of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.
The scope of the present invention is shown by the following claims rather than the above description, and all changes or modifications derived from the meaning and scope of the claims and their equivalents should be construed as being included in the scope of the present invention. do.
Claims (12)
When the first server receives a first ID and a first password for accessing the first site from the user terminal, confirms whether to join the integrated membership from the user terminal, and if the user terminal agrees to join the integrated membership, Receiving unified membership agreement data from a first server;
Transmitting pop-up data for integrated authentication to the first server;
Receiving an IPIN ID and an integrated authentication password from the user terminal via a first server;
Performing integrated membership registration for the user terminal by combining the integrated membership agreement data, ipin ID, and integrated authentication password;
Database information on the user terminal based on the integrated membership registration;
If a session ID for the user terminal is generated from an integrated authentication session server, transmitting information about the user terminal to the first server;
Lt; / RTI >
The integrated membership agreement data includes at least one of duplication information, the first ID, the first password, and the first domain information of the first site,
The integrated authentication pop-up data is transmitted to the first server when the user terminal does not perform its own login provided by the first site, the single sign-on based integrated authentication service providing method.
And the first server performs automatic login to the first site based on the information on the user terminal.
If the mobile data is received from the first server to a second site provided by a second server of the user terminal, transmitting information about the user terminal to the second server;
Further comprising:
And the second server performs an automatic login to the second site of the user terminal based on the information on the user terminal.
The mobile data is a single sign-on based integrated authentication service providing method, wherein the user terminal is data generated by a first server by clicking on a banner located at a first site.
The information on the user terminal includes at least one of the integrated member agreement data, i-pin ID, integrated authentication password, session ID,
The integrated membership agreement data may include at least one of duplication information, the first ID, the first password, and the first domain information of the first site. How to Provide.
Transmitting pop-up data for the integrated authentication to the second server when the user terminal is a member of the first site and performs integrated login authentication at a second site provided by a second server;
Receiving an integrated authentication password from the user terminal via the second server, and receiving the second domain information of the second site, the second ID of the user terminal for the second site from the second server step;
If the user terminal is a member of an integrated service, extracting an ipin ID, a session ID, the second domain information, a second ID, and a second password of the user terminal;
Transmitting the extracted information about the user terminal to the second server;
That further comprises, single sign-on based integrated authentication service providing method.
And the second server performs automatic login for the user terminal.
When the user terminal logs in from the integrated authentication site provided by the single sign-on based integrated authentication service providing server,
Transmitting the integrated authentication pop-up data to the user terminal;
When receiving the integrated authentication password from the user terminal, checking whether the user of the user terminal is an integrated member based on the integrated authentication password;
Extracting an ipin ID, a session ID, and a list of sites to which the user is subscribed, when the user of the user terminal is an integrated member;
Transmitting the extracted site list to the user terminal such that the extracted site list is displayed on the user terminal;
When any one site is selected from the extracted site list in the user terminal, an ipin ID, a session ID, domain information of the one site, and any one site of the user terminal are transferred to a server of the one site. Transmitting at least one of an ID and a password of the user terminal
That includes, single sign-on based integrated authentication service providing method.
The server of any one site is to perform an automatic login to the user terminal, single sign-on based integrated authentication service providing method.
When mobile data for accessing another site is received from the user terminal, an ipin ID, a session ID, domain information of the other site, and the other one of the other terminal to the server of the other site. Transmit at least one of an ID and a password of the user terminal for the site,
The server of the other site is to perform an automatic login to the user terminal, single sign-on based integrated authentication service providing method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020130079555A KR101342407B1 (en) | 2013-07-08 | 2013-07-08 | Method for providing intergrated authentication service based on single sign on |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020130079555A KR101342407B1 (en) | 2013-07-08 | 2013-07-08 | Method for providing intergrated authentication service based on single sign on |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101342407B1 true KR101342407B1 (en) | 2013-12-17 |
Family
ID=49988505
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020130079555A KR101342407B1 (en) | 2013-07-08 | 2013-07-08 | Method for providing intergrated authentication service based on single sign on |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101342407B1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101596393B1 (en) * | 2015-05-30 | 2016-02-22 | 주식회사 기가월드 | Method for providing abroad simultaneous sale service of shoppingmall |
KR101636986B1 (en) * | 2015-02-16 | 2016-07-08 | 주식회사 누리정보기술 | A Integrated interface user authentication method |
KR20200014545A (en) * | 2018-08-01 | 2020-02-11 | (주)케이스마텍 | User integrated authentication service system and method thereof |
KR20210001036A (en) * | 2019-06-26 | 2021-01-06 | 넷마블 주식회사 | Global authentication account system |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002063493A (en) * | 2000-06-09 | 2002-02-28 | Fujitsu Ltd | Method, system and program for managing member |
-
2013
- 2013-07-08 KR KR1020130079555A patent/KR101342407B1/en not_active IP Right Cessation
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002063493A (en) * | 2000-06-09 | 2002-02-28 | Fujitsu Ltd | Method, system and program for managing member |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101636986B1 (en) * | 2015-02-16 | 2016-07-08 | 주식회사 누리정보기술 | A Integrated interface user authentication method |
KR101596393B1 (en) * | 2015-05-30 | 2016-02-22 | 주식회사 기가월드 | Method for providing abroad simultaneous sale service of shoppingmall |
WO2016195151A1 (en) * | 2015-05-30 | 2016-12-08 | 주식회사 기가월드 | Method for providing simultaneous overseas sale-in-lots service for shopping mall |
KR20200014545A (en) * | 2018-08-01 | 2020-02-11 | (주)케이스마텍 | User integrated authentication service system and method thereof |
KR102086406B1 (en) * | 2018-08-01 | 2020-04-23 | (주)케이스마텍 | User integrated authentication service system and method thereof |
KR20210001036A (en) * | 2019-06-26 | 2021-01-06 | 넷마블 주식회사 | Global authentication account system |
KR102244890B1 (en) | 2019-06-26 | 2021-04-27 | 넷마블 주식회사 | Global authentication account system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104253686B (en) | Method, equipment and the system that account logs in | |
US8412156B2 (en) | Managing automatic log in to internet target resources | |
US20130246504A1 (en) | Method for subscribing to notification, apparatus and system | |
KR102010624B1 (en) | Method of processing requests for digital services | |
US20140173125A1 (en) | Systems and methods for transferring a session between devices in an on-demand computing environment | |
CN103475726B (en) | A kind of virtual desktop management, server and client side | |
EP2498472A1 (en) | Method and system for granting access to a secured website | |
US20130060850A1 (en) | Computational systems and methods for regulating information flow during interactions | |
US10659516B2 (en) | Data caching and resource request response | |
CN102843311A (en) | Information fusion method and information fusion server based on social networking services (SNS) | |
CN103905497A (en) | Method, device and application platform for realizing login of third-party application service website | |
CN102843357A (en) | Network accessing method, application server and system | |
CN105051685A (en) | System and method to enable web property access to a native application | |
KR101342407B1 (en) | Method for providing intergrated authentication service based on single sign on | |
KR101785481B1 (en) | Method for providing scraping service, server and system thereof | |
KR101403045B1 (en) | Method for providing terminal access control service interlocking access control | |
CN103457954A (en) | Method and device for user password management | |
CN104461537B (en) | A kind of multi-service integrated system based on browser kernel | |
CN104065674A (en) | Terminal device and information processing method | |
CN102299945A (en) | Gateway configuration page registration method, system thereof and portal certificate server | |
CN103944905A (en) | Information interaction method, device and system | |
KR101328118B1 (en) | Method for providing log in service based on passdata | |
KR101342405B1 (en) | Method for providing interactive single sign on service | |
US10021082B2 (en) | Integration of form and file services | |
KR20090128364A (en) | Web site membership and login method using scws in mobile terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
A302 | Request for accelerated examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant | ||
FPAY | Annual fee payment |
Payment date: 20161222 Year of fee payment: 4 |
|
FPAY | Annual fee payment |
Payment date: 20171029 Year of fee payment: 5 |
|
LAPS | Lapse due to unpaid annual fee |