KR101342407B1 - Method for providing intergrated authentication service based on single sign on - Google Patents

Method for providing intergrated authentication service based on single sign on Download PDF

Info

Publication number
KR101342407B1
KR101342407B1 KR1020130079555A KR20130079555A KR101342407B1 KR 101342407 B1 KR101342407 B1 KR 101342407B1 KR 1020130079555 A KR1020130079555 A KR 1020130079555A KR 20130079555 A KR20130079555 A KR 20130079555A KR 101342407 B1 KR101342407 B1 KR 101342407B1
Authority
KR
South Korea
Prior art keywords
user terminal
server
site
integrated
integrated authentication
Prior art date
Application number
KR1020130079555A
Other languages
Korean (ko)
Inventor
권오석
Original Assignee
주식회사 기가코리아
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 기가코리아 filed Critical 주식회사 기가코리아
Priority to KR1020130079555A priority Critical patent/KR101342407B1/en
Application granted granted Critical
Publication of KR101342407B1 publication Critical patent/KR101342407B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Provided is a single sign-on based integrated authentication service providing method, wherein a first server receives a first ID and a first password for accessing a first site from a user terminal, confirms whether an integrated member is registered from the user terminal, If the user agrees to the integrated membership, receiving the integrated membership agreement data from the first server, transmitting the pop-up data for the integrated authentication to the first server, and the ipin ID (IPIN) from the user terminal via the first server. ID), receiving a password for the integrated authentication, performing the integrated member registration for the user terminal by combining the integrated membership agreement data, i-Pin ID, the password for the integrated authentication, the user terminal based on the integrated member registration performed Database information on the user terminal from the integrated authentication session server If the session ID is generated, transmitting the information on the user terminal to the first server.

Description

METHOOD FOR PROVIDING INTERGRATED AUTHENTICATION SERVICE BASED ON SINGLE SIGN ON}

The present invention relates to a single sign-on based integrated authentication service providing method.

Recently, as the leak of social security number occurs, it is a trend to actively use the iPin ID. If the social security number is exposed, it can not be changed, so damage from personal information leakage can occur, while i-PIN ID can be discarded and reissued even if it is exposed, thereby minimizing damage due to personal information leakage.

At this time, the method using the i-pin is made of a method of confirming the identity of the user in connection with the i-pin management institution. Regarding the method of using i-pin, Korean Patent Publication No. 2010-0071679O (published on June 29, 2010), which is a prior art, utilizes a personal certificate and uses servers of i-pin management agencies, credit card companies, mobile operators, telecommunications companies and other organizations without exposing their social security numbers. A method of identifying a user's identity in association is disclosed.

However, in providing a method of using iPin, even if iPin is used at each site, the user must log in at one site and re-login using iPin at another site. In addition, the government introduced CI (Connecting Information) to link sites through IPIN, but the link information (CI) can only confirm whether the users who are subscribed to the site is the same person, and not a concept of linking. Therefore, the user must relogin again.

An embodiment of the present invention is a single sign-on-based integrated authentication service that allows a plurality of sites to be used without re-login by inputting a single integrated authentication password, regardless of which site is connected thereafter, once the member is registered through integrated authentication. A provision method can be provided. It should be understood, however, that the technical scope of the present invention is not limited to the above-described technical problems, and other technical problems may exist.

As a technical means for achieving the above-described technical problem, an embodiment of the present invention, the first server receives the first ID and the first password for accessing the first site from the user terminal, and integrated member from the user terminal Confirming the subscription, and if the user terminal agrees to the integrated membership, receiving the integrated membership agreement data from the first server, transmitting the pop-up data for the integrated authentication to the first server, and the first from the user terminal. Receiving an ipin ID (IPIN ID), the password for the integrated authentication via the server, performing the integrated membership registration for the user terminal by combining the integrated membership agreement data, ipin ID, password for the integrated authentication, performed Database the information on the user terminal based on the integrated membership, the integrated authentication session server If the session ID is generated for the user terminal, transmitting the information for the user terminal to the first server. In this case, the integrated membership agreement data may include at least one of duplication information, a first ID, a first password, and first domain information of the first site.

According to the problem solving means of the present invention described above, if any user is registered with the integrated authentication member, if only the integrated authentication password is entered, the login process is automatically performed, so that the user has a plurality of IDs and passwords separately input to a plurality of sites. There is no need to memorize separately, and interworking between sites can be easily prevented from concentrating members on any site.

1 is a block diagram illustrating a single sign-on based integrated authentication service providing system according to an embodiment of the present invention.
FIG. 2 is a diagram illustrating a single sign-on based integrated authentication service providing server illustrated in FIG. 1.
3 is a diagram illustrating various embodiments executed in the single sign-on based integrated authentication service providing system shown in FIG. 1.
4 is a flowchart illustrating a method for providing a single sign-on based integrated authentication service according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings, which will be readily apparent to those skilled in the art. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.

Throughout the specification, when a part is referred to as being "connected" to another part, it includes not only "directly connected" but also "electrically connected" with another part in between . Also, when an element is referred to as "including" an element, it is to be understood that the element may include other elements as well as other elements, And does not preclude the presence or addition of one or more other features, integers, steps, operations, components, parts, or combinations thereof.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

1 is a block diagram illustrating a single sign-on based integrated authentication service providing system according to an embodiment of the present invention. Referring to FIG. 1, the single sign-on based integrated authentication service providing system 1 includes a user terminal 100, a single sign-on based integrated authentication service providing server 300, a first server 400 (1), and a second server ( 400 (2)), ..., n-th server 400 (n). However, since the single sign-on based integrated authentication service providing system 1 of FIG. 1 is only an embodiment of the present invention, the present invention is not limitedly interpreted through FIG. 1.

In this case, each component of FIG. 1 is generally connected through a network 200. For example, as shown in FIG. 1, the user terminal 100 and the single sign-on based integrated authentication service providing server 300 may be connected through the network 200. In addition, the user terminal 100 may be connected to the first server 400 (1), the second server 400 (2),..., The n th server 400 (n) through the network 200. . And, the single sign-on based integrated authentication service providing server 300 is the first server (400 (1)), the second server (400 (2)), ..., n-th server (400 (n) through the network 200 )). Here, the user terminal 100 is the first server 400 (1), the second server (400 (2)), via the single sign-on based integrated authentication service providing server 300, the n-th server 400 (n)) and, conversely, single sign-on based consolidation via the first server 400 (1), the second server 400 (2), and the nth server 400 (n). It may be connected to the authentication service providing server 300.

Here, the network 200 refers to a connection structure capable of exchanging information between nodes such as terminals and servers. An example of the network 200 is an Internet, a LAN (Local Area Network) ), Wireless LAN (Local Area Network), WAN (Wide Area Network), PAN (Personal Area Network), 3G, 4G, LTE, Wi-Fi and the like. 1, the user terminal 100, single sign-on based integrated authentication service providing server 300, the first server 400 (1), the second server (400 (2)), ..., n-th server ( 400 (n)) is not limited to those shown in FIG. 1.

The user terminal 100 includes a first server 400 (1), a second server 400 (2),..., A first site, a second site, provided by an nth server 400 (n). It may be a terminal connected to the n-th site. In addition, the user terminal 100 may be a terminal connected to an integrated authentication site provided by the single sign-on based integrated authentication service providing server 300. At this time, the user terminal 100 can be registered as an integrated authentication member using the i-Pin ID, the first server 400 (1), the second server (400 (2)), using the integrated authentication password. At any one of the nth server 400 (n), the user may be automatically logged in. That is, if the user terminal 100 only needs to subscribe to the single sign-on-based integrated authentication service providing server 300 as an integrated authentication member, other sites thereafter may be automatically logged in at any site by inputting the integrated authentication password.

The user terminal 100 may be implemented as a computer that can access a remote server or terminal through the network 200. [ Here, the computer may include, for example, a notebook, a desktop, a laptop, and the like on which a WEB browser is installed. The user terminal 100 may be implemented as a terminal that can access a server or a terminal in a remote place through the network 200. The user terminal 100 may be a personal communication system (PCS), a global system for mobile communications (GSM), a personal digital cellular (PDC), a personal handyphone system (PHS) , PDA (Personal Digital Assistant), IMT (International Mobile Telecommunication) -2000, CDMA (Code Division Multiple Access) -2000, W-CDMA (W-CDMA), Wibro (Wireless Broadband Internet) a smartphone, a smartpad, a smart tablet, a Tablet PC, and the like.

Single sign-on based integrated authentication service providing server 300 is a first site provided by the first server (400 (1)), the second server (400 (2)), ... n-th server (400 (n)) The server may provide interoperability between the second site, the second site, and the nth site. That is, when the user terminal 100 accesses the second site from the first site, the user terminal 100 may be automatically logged in to the second site without inputting a separate ID or password to the user terminal 100. It may be a server for transmitting information about each site. That is, the single sign-on-based integrated authentication service providing server 300 may be a server that provides a member integrated authentication method to implement single sign-on (SSO) using an iPin ID.

Here, the single sign-on based integrated authentication service providing server 300 may be implemented as a computer that can access a remote server or terminal through the network 200. Here, the computer may include, for example, a notebook, a desktop, a laptop, and the like on which a WEB browser is installed.

The first server 400 (1), the second server 400 (2), ..., the nth server 400 (n) are servers that transmit and receive data with the single sign-on based integrated authentication service providing server 300. Can be. The user terminal 100 accesses the second site provided by the second server 400 (2) through the first server 400 (1), or vice versa, a single sign-on based integrated authentication service providing server. The server may be an automatic login based on the information about the user terminal 100 received from the 300. That is, the first server (400 (1)), the second server (400 (2)), ..., n-th server (400 (n)) is a user in cooperation with the single sign-on based integrated authentication service providing server 300 The server 100 may automatically log in to the terminal 100.

Referring to the single sign-on-based integrated authentication service providing method according to an embodiment of the present invention described above as an example.

Recently, as the leak of social security number occurs, it is a trend to actively use the iPin ID. If the social security number is exposed, it can not be changed, so damage from personal information leakage can occur, while i-PIN ID can be discarded and reissued even if it is exposed, thereby minimizing damage due to personal information leakage.

The government introduced CI (Connecting Information) to link between sites through IPIN, but the link information (CI) can only confirm whether or not the user who is subscribed to the site is the same person, and because it is not an integrated concept, The user must relogin again.

Therefore, the single sign-on-based integrated authentication service providing method according to an embodiment of the present invention, apart from the existing login and login system by ID and password, if only to register through the integrated authentication, no matter which site you access afterwards By entering a single unified authentication password, multiple sites can be used without re-login.

FIG. 2 is a diagram illustrating a single sign-on based integrated authentication service providing server illustrated in FIG. 1, and FIG. 3 is a diagram illustrating various embodiments executed in the single sign-on based integrated authentication service providing system illustrated in FIG. 1. to be.

Referring to FIG. 2, the single sign-on based integrated authentication service providing server 300 according to an exemplary embodiment of the present invention may include a first receiver 310, a first transmitter 320, a second receiver 330, The processor 340 may include a database unit 350, a second transmitter 360, and an extractor 370.

Two-way single sign-on service application, program is another server (not shown) that operates in conjunction with the single sign-on based integrated authentication service providing server 300 or the single sign-on based integrated authentication service providing server 300 according to an embodiment of the present invention When the web page is transmitted to the user terminal 100, the user terminal 100 may install or open an application, a program, a web page, or the like for a corresponding service. In addition, the interactive single sign-on service program may be driven in the user terminal 100 using a script executed in a web browser. Here, a web browser is a program that enables a WWW (World Wide Web) service, and is a program for receiving and displaying hypertext described in hypertext mark-up language (HTML), for example, Netscape (Netscape) An Explorer, chrome, and the like. Further, the application refers to an application on the terminal, for example, an app (app) running on a mobile terminal (smart phone).

At this time, the network 200 is connected to the user terminal 100, the single sign-on based integrated authentication service providing server 300, the first server 400 (1), the second server 400 (2), ..., This means that the n-th server 400 (n) creates a communication object at a communication contact point for communication with a terminal connected to the network 200. The single sign-on based integrated authentication service providing server 300 may exchange data with each other through a communication object.

Hereinafter, a single sign-on based integrated authentication service providing method according to an embodiment of the present invention will be described by dividing into a first embodiment, a second embodiment, a third embodiment, and a fourth embodiment.

The first embodiment will be described with reference to Fig.

The first receiver 310 receives a first ID and a first password for the first server 400 (1) to access the first site from the user terminal 100, and registers as an integrated member from the user terminal 100. If the user terminal 100 agrees to the integrated membership, the user terminal 100 receives the integrated membership agreement data from the first server 400 (1). In this case, the integrated membership agreement data may include at least one of duplication information, a first ID, a first password, and first domain information of the first site. In this case, the first site is a site provided by the first server 400 (1), and the first ID and the first password may be an ID and password for a user of the user terminal 100 to access the first site. .

The first transmitter 320 transmits pop-up data for integrated authentication to the first server 400 (1). Then, the second receiver 330 receives an IPIN ID and an integrated authentication password from the user terminal 100 via the first server 400 (1).

The performing unit 340 performs integrated membership registration for the user terminal 100 by combining the integrated membership agreement data, ipin ID, and integrated authentication password.

The database unit 350 databases the information on the user terminal 100 based on the integrated membership performed, and the second transmission unit 360 transmits the information from the integrated authentication session server (not shown) to the user terminal 100. When the session ID is generated, information about the user terminal is transmitted to the first server 400 (1). In this case, the first server 400 (1) may perform automatic login to the first site based on the information about the user terminal 100. Here, the integrated authentication pop-up data may be transmitted to the first server 400 (1) when the user terminal 100 does not perform its own login provided by the first site. In addition, the information on the user terminal 100 may include at least one of the integrated membership agreement data, i-pin ID, integrated authentication password, session ID.

Hereinafter, an operation according to an embodiment of the present invention will be described with the above-described configuration. In addition, hereinafter, the first site is defined as site A, the first server 400 (1) is defined as server A, and the user terminal 100 is defined as a user A terminal.

Referring to FIGS. 1 and 3A, when user A (User A) attempts to log in to a site A using an ID (ID) and password (PWD) using a terminal of user A or to register as a member, site A Server A checks whether User A has become an integrated member. In this case, if user A is already registered as an integrated member, the user is notified that he is already a registered member and returns to the main screen. Server A of the integrated membership agreement data is transmitted to the single sign-on based integrated authentication service providing server 300.

Meanwhile, the single sign-on-based integrated authentication service providing server 300 receiving the integrated membership registration agreement data generates a member integration database based on the integrated membership registration agreement data, the iPin ID, and the password for the integrated authentication. Then, when the session ID is extracted from the integrated authentication session server, the iPin ID, the site A's ID, and the site A's domain information are combined and transmitted to the server A to enable the user A to log in at the site A. Similarly, if only registered as an integrated member, once logged in at Site A, using the parameters (ipin ID, session ID, site ID, domain information, etc.) provided by the single sign-on-based integrated authentication service providing server 300 Automatic login is also possible at Site B and Site C. In addition, not only user A but also user B and user C can register and log in as an integrated member, and can use a plurality of sites with one login regardless of the type of site.

Returning to Fig. 2, the second embodiment will be described.

When the second transmission unit 360 receives the movement data from the first server 400 (1) to the second site provided by the second server 400 (2) of the user terminal 100, Information about 100 may be transmitted to the second server 400 (2). In this case, the second server 400 (2) may perform an automatic login to the second site of the user terminal 100 based on the information about the user terminal 100. In this case, the movement data may be data generated by the first server 400 (1) by the user terminal 100 clicking a banner located at the first site. This is also true. That is, when moving data from the second server 400 (2) to the first site provided by the first server 400 (1) of the user terminal 100 is received, information about the user terminal 100 is received. It may transmit to the first server 400 (1). In addition, the first server 400 (1) may perform an automatic login to the first site of the user terminal 100 based on the information about the user terminal 100.

In this case, the information on the user terminal 100 includes at least one of the integrated membership agreement data, i-pin ID, password for integrated authentication, session ID, the integrated membership agreement data, duplication registration confirmation information (Duplication Information) , At least one of a first ID, a first password, and first domain information of the first site.

The operation of the second transmission unit 360 described above will be described with reference to FIGS. 1 and 3B. 1 and 3B, it is assumed that a user A logs in to site A using an ID and password PWD, and then clicks a banner located at site A and links to site B. FIG. In this case, the single sign-on based integrated authentication service providing server 300 may transmit the information about the terminal of the user A as described above to the server B of the site B. Accordingly, server B of site B can handle automatic login to user B's site B.

Returning to Fig. 2, the third embodiment will be described.

When the user terminal 100 is a member of the first site and performs integrated login authentication at the second site provided by the second server 400 (2), the first transmission unit 320 may include a second server 400 ( 2)) can send pop-up data for integrated authentication.

At this time, the second receiving unit 330 receives the integrated authentication password from the user terminal 100 via the second server 400 (2), and receives the second site of the second site from the second server 400 (2). 2 domain information, a second ID of the user terminal 100 for the second site may be received. Then, when the user terminal 100 is a member of the integrated service, the extractor 370 may extract the iPin ID, the session ID, the second domain information, the second ID, and the second password of the user terminal 100. have. In addition, the second transmitter 360 may transmit the extracted information about the user terminal 100 to the second server 400 (2). In this case, the second server 400 (2) may perform automatic login to the user terminal 100.

The above-described third embodiment will be described with reference to FIG. 3C.

First, suppose that when user A, a member of site A, jumps to site B, integrated authentication is performed.

When the user A clicks on the banner linked to the site B in the site A in the login state of the site A, the parameter, which is information about the user terminal 100, is transmitted to the site B. In this case, the server B of the site B determines whether the ipin ID included in the received parameter is an ipin ID stored in the single sign-on based integrated authentication service providing server 300. At this time, the single sign-on based integrated authentication service providing server 300 may authenticate the user A and store the session ID when the i-pin ID is stored. On the other hand, server B checks whether user A succeeds in integrated authentication for site B, and if user A succeeds in integrated authentication for site B, user B can automatically log in user A to site B automatically. .

This eliminates the inconvenience of re-login because users do not have to store user information in each site, and the server capacity can be reduced, and users can use multiple sites with one login just by remembering their password. Can be.

Returning to Fig. 2, the fourth embodiment will be described.

First, it is assumed that the user terminal 100 logs in to the integrated authentication site provided by the single sign-on based integrated authentication service providing server 300.

The first transmitter 320 may transmit pop-up data for integrated authentication to the user terminal 100.

When the execution unit 340 receives the integrated authentication password from the user terminal 100, the execution unit 340 may check whether the user of the user terminal 100 is an integrated member based on the integrated authentication password.

In addition, when the user of the user terminal 100 is an integrated member, the extractor 370 may extract the user's ipin ID, session ID, and a list of sites to which the user is subscribed. Then, the second transmitter 360 may transmit the extracted site list to the user terminal 100 so that the extracted site list is displayed on the user terminal 100.

In addition, when any one site is selected from the list of sites extracted from the user terminal 100, the second transmission unit 360 is an ipin ID, a session ID, or any one of the servers of any one site. At least one of the domain information of the site, the ID and password of the user terminal 100 for any one site can be transmitted.

At this time, the server (not shown) of any one site may perform an automatic login to the user terminal 100.

In addition, when the second transmission unit 360 receives mobile data for accessing the other site from the user terminal 100, the ipin ID, session ID, At least one of domain information of another site, an ID and a password of the user terminal 100 for the other site may be transmitted. In this case, the server of the other site may perform automatic login on the user terminal 100.

The fourth embodiment described above will be described with reference to FIG. 3D.

First, assume that User A, a member of Site A, performs integrated login authentication at Site B.

When user A clicks on the user interface based on integrated authentication at site B, single sign-on based integrated authentication service providing server 300 transmits a popup for integrated authentication to site B. The single sign-on based integrated authentication service providing server 300 may receive only the integrated authentication password from the user A, and may receive the current site ID and domain information from the site B.

The single sign-on based integrated authentication service providing server 300 may generate and store a session ID using the information on the user A as a parameter, and transmit the information about the user A to the server B of the site B. At this time, the server B of the site B can perform an automatic login process for the user A.

Single sign-on-based integrated authentication service providing method according to an embodiment of the present invention, even if a user moves a plurality of sites can be used without re-login only one login, if only the integrated authentication password if you only remember the integrated authentication password This saves you the trouble of retrieving the ID and password from each site, and all sites can be used collectively, reducing the load on the server serving each site.

2 and 3 are not described about the single sign-on based integrated authentication service providing method is the same as described above for the single sign-on based integrated authentication service providing method through FIG. Since it can be inferred, a description thereof will be omitted.

4 is a flowchart illustrating a method for providing a single sign-on based integrated authentication service according to an embodiment of the present invention. Referring to FIG. 4, the single sign-on-based integrated authentication service providing server receives a first ID and a first password for a first server to access a first site from a user terminal, and confirms whether to join an integrated member from the user terminal. When the user terminal agrees to the integrated membership, the integrated server receives the integrated subscription data from the first server (S4100). In this case, the integrated membership agreement data may include at least one of duplication information, a first ID, a first password, and first domain information of the first site.

Then, the single sign-on-based integrated authentication service providing server transmits the integrated authentication pop-up data to the first server (S4200).

At this time, the single sign-on based integrated authentication service providing server receives an IPIN ID and an integrated authentication password from the user terminal via the first server (S4300).

In addition, the single sign-on-based integrated authentication service providing server performs a combined membership for the user terminal by combining the integrated membership agreement data, i-pin ID, password for the integrated authentication (S4400).

Here, the single sign-on-based integrated authentication service providing server, the database on the information on the user terminal based on the performed integrated membership (S4500).

Finally, the single sign-on-based integrated authentication service providing server, if a session ID for the user terminal is generated from the integrated authentication session server, and transmits information about the user terminal to the first server (S4600).

The matters not described with respect to the single sign-on based integrated authentication service providing method of FIG. 4 are the same as those described for the single sign-on based integrated authentication service providing method through FIGS. 1 to 3. Since it can be inferred, a description thereof will be omitted.

The single sign-on based integrated authentication service providing method according to an exemplary embodiment described with reference to FIG. 4 may be implemented in the form of a recording medium including instructions executable by a computer, such as an application or a program module executed by a computer. have. Computer readable media can be any available media that can be accessed by a computer and includes both volatile and nonvolatile media, removable and non-removable media. In addition, the computer-readable medium may include both computer storage media and communication media. Computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Communication media typically includes any information delivery media, including computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave, or other transport mechanism.

The single sign-on based integrated authentication service providing method according to an embodiment of the present invention described above may be executed by an application basically installed in a terminal (which may include a program included in a platform or an operating system, which is basically installed in the terminal). It may also be executed by an application (ie, a program) installed by the user directly on the master terminal through an application providing server such as an application store server, an application, or a web server associated with the corresponding service. In this sense, the method for providing a single sign-on based integrated authentication service according to an embodiment of the present invention described above is implemented as an application (that is, a program) that is basically installed in a terminal or directly installed by a user, and is read by a computer such as a terminal. Can be recorded on a recording medium.

The foregoing description of the present invention is intended for illustration, and it will be understood by those skilled in the art that the present invention may be easily modified in other specific forms without changing the technical spirit or essential features of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.

The scope of the present invention is shown by the following claims rather than the above description, and all changes or modifications derived from the meaning and scope of the claims and their equivalents should be construed as being included in the scope of the present invention. do.

Claims (12)

In the integrated authentication service providing method that the single sign-on (Single Sign On) based integrated authentication service providing server runs,
When the first server receives a first ID and a first password for accessing the first site from the user terminal, confirms whether to join the integrated membership from the user terminal, and if the user terminal agrees to join the integrated membership, Receiving unified membership agreement data from a first server;
Transmitting pop-up data for integrated authentication to the first server;
Receiving an IPIN ID and an integrated authentication password from the user terminal via a first server;
Performing integrated membership registration for the user terminal by combining the integrated membership agreement data, ipin ID, and integrated authentication password;
Database information on the user terminal based on the integrated membership registration;
If a session ID for the user terminal is generated from an integrated authentication session server, transmitting information about the user terminal to the first server;
Lt; / RTI >
The integrated membership agreement data includes at least one of duplication information, the first ID, the first password, and the first domain information of the first site,
The integrated authentication pop-up data is transmitted to the first server when the user terminal does not perform its own login provided by the first site, the single sign-on based integrated authentication service providing method.
The method of claim 1,
And the first server performs automatic login to the first site based on the information on the user terminal.
delete The method of claim 1,
If the mobile data is received from the first server to a second site provided by a second server of the user terminal, transmitting information about the user terminal to the second server;
Further comprising:
And the second server performs an automatic login to the second site of the user terminal based on the information on the user terminal.
5. The method of claim 4,
The mobile data is a single sign-on based integrated authentication service providing method, wherein the user terminal is data generated by a first server by clicking on a banner located at a first site.
The method of claim 1,
The information on the user terminal includes at least one of the integrated member agreement data, i-pin ID, integrated authentication password, session ID,
The integrated membership agreement data may include at least one of duplication information, the first ID, the first password, and the first domain information of the first site. How to Provide.
The method of claim 1,
Transmitting pop-up data for the integrated authentication to the second server when the user terminal is a member of the first site and performs integrated login authentication at a second site provided by a second server;
Receiving an integrated authentication password from the user terminal via the second server, and receiving the second domain information of the second site, the second ID of the user terminal for the second site from the second server step;
If the user terminal is a member of an integrated service, extracting an ipin ID, a session ID, the second domain information, a second ID, and a second password of the user terminal;
Transmitting the extracted information about the user terminal to the second server;
That further comprises, single sign-on based integrated authentication service providing method.
The method of claim 7, wherein
And the second server performs automatic login for the user terminal.
The method of claim 1,
When the user terminal logs in from the integrated authentication site provided by the single sign-on based integrated authentication service providing server,
Transmitting the integrated authentication pop-up data to the user terminal;
When receiving the integrated authentication password from the user terminal, checking whether the user of the user terminal is an integrated member based on the integrated authentication password;
Extracting an ipin ID, a session ID, and a list of sites to which the user is subscribed, when the user of the user terminal is an integrated member;
Transmitting the extracted site list to the user terminal such that the extracted site list is displayed on the user terminal;
When any one site is selected from the extracted site list in the user terminal, an ipin ID, a session ID, domain information of the one site, and any one site of the user terminal are transferred to a server of the one site. Transmitting at least one of an ID and a password of the user terminal
That includes, single sign-on based integrated authentication service providing method.
The method of claim 9,
The server of any one site is to perform an automatic login to the user terminal, single sign-on based integrated authentication service providing method.
The method of claim 9,
When mobile data for accessing another site is received from the user terminal, an ipin ID, a session ID, domain information of the other site, and the other one of the other terminal to the server of the other site. Transmit at least one of an ID and a password of the user terminal for the site,
The server of the other site is to perform an automatic login to the user terminal, single sign-on based integrated authentication service providing method.
delete
KR1020130079555A 2013-07-08 2013-07-08 Method for providing intergrated authentication service based on single sign on KR101342407B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020130079555A KR101342407B1 (en) 2013-07-08 2013-07-08 Method for providing intergrated authentication service based on single sign on

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020130079555A KR101342407B1 (en) 2013-07-08 2013-07-08 Method for providing intergrated authentication service based on single sign on

Publications (1)

Publication Number Publication Date
KR101342407B1 true KR101342407B1 (en) 2013-12-17

Family

ID=49988505

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020130079555A KR101342407B1 (en) 2013-07-08 2013-07-08 Method for providing intergrated authentication service based on single sign on

Country Status (1)

Country Link
KR (1) KR101342407B1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101596393B1 (en) * 2015-05-30 2016-02-22 주식회사 기가월드 Method for providing abroad simultaneous sale service of shoppingmall
KR101636986B1 (en) * 2015-02-16 2016-07-08 주식회사 누리정보기술 A Integrated interface user authentication method
KR20200014545A (en) * 2018-08-01 2020-02-11 (주)케이스마텍 User integrated authentication service system and method thereof
KR20210001036A (en) * 2019-06-26 2021-01-06 넷마블 주식회사 Global authentication account system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002063493A (en) * 2000-06-09 2002-02-28 Fujitsu Ltd Method, system and program for managing member

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002063493A (en) * 2000-06-09 2002-02-28 Fujitsu Ltd Method, system and program for managing member

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101636986B1 (en) * 2015-02-16 2016-07-08 주식회사 누리정보기술 A Integrated interface user authentication method
KR101596393B1 (en) * 2015-05-30 2016-02-22 주식회사 기가월드 Method for providing abroad simultaneous sale service of shoppingmall
WO2016195151A1 (en) * 2015-05-30 2016-12-08 주식회사 기가월드 Method for providing simultaneous overseas sale-in-lots service for shopping mall
KR20200014545A (en) * 2018-08-01 2020-02-11 (주)케이스마텍 User integrated authentication service system and method thereof
KR102086406B1 (en) * 2018-08-01 2020-04-23 (주)케이스마텍 User integrated authentication service system and method thereof
KR20210001036A (en) * 2019-06-26 2021-01-06 넷마블 주식회사 Global authentication account system
KR102244890B1 (en) 2019-06-26 2021-04-27 넷마블 주식회사 Global authentication account system

Similar Documents

Publication Publication Date Title
CN104253686B (en) Method, equipment and the system that account logs in
US8412156B2 (en) Managing automatic log in to internet target resources
US20130246504A1 (en) Method for subscribing to notification, apparatus and system
KR102010624B1 (en) Method of processing requests for digital services
US20140173125A1 (en) Systems and methods for transferring a session between devices in an on-demand computing environment
CN103475726B (en) A kind of virtual desktop management, server and client side
EP2498472A1 (en) Method and system for granting access to a secured website
US20130060850A1 (en) Computational systems and methods for regulating information flow during interactions
US10659516B2 (en) Data caching and resource request response
CN102843311A (en) Information fusion method and information fusion server based on social networking services (SNS)
CN103905497A (en) Method, device and application platform for realizing login of third-party application service website
CN102843357A (en) Network accessing method, application server and system
CN105051685A (en) System and method to enable web property access to a native application
KR101342407B1 (en) Method for providing intergrated authentication service based on single sign on
KR101785481B1 (en) Method for providing scraping service, server and system thereof
KR101403045B1 (en) Method for providing terminal access control service interlocking access control
CN103457954A (en) Method and device for user password management
CN104461537B (en) A kind of multi-service integrated system based on browser kernel
CN104065674A (en) Terminal device and information processing method
CN102299945A (en) Gateway configuration page registration method, system thereof and portal certificate server
CN103944905A (en) Information interaction method, device and system
KR101328118B1 (en) Method for providing log in service based on passdata
KR101342405B1 (en) Method for providing interactive single sign on service
US10021082B2 (en) Integration of form and file services
KR20090128364A (en) Web site membership and login method using scws in mobile terminal

Legal Events

Date Code Title Description
A201 Request for examination
A302 Request for accelerated examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20161222

Year of fee payment: 4

FPAY Annual fee payment

Payment date: 20171029

Year of fee payment: 5

LAPS Lapse due to unpaid annual fee