KR101451870B1 - System, method and computer readable recording medium for providing a log in of an application by communizing an authority - Google Patents

Abstract

[0001] The present invention relates to an application login system by an authentication sharing method capable of logging in from another application using an application in a logged-in state, and more particularly to an application login system in which a first application and a second application are installed, A user terminal; And receiving a token of the first application, a signature of the first application, a consumer key of the second application, and a signature of the second application from the user terminal, And a service server for performing login processing for the second application.

Description

FIELD OF THE INVENTION [0001] The present invention relates to an application sign-in system, method, and computer readable recording medium,

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a system for providing a login to an application, and more particularly to an application login system, method and computer readable recording medium by authentication sharing, .

Today, the widespread use of the Internet has led to the rapid development of wireless mobile communication technology beyond the fixed line, and in the real world, information retrieval on the Internet through portable terminals such as mobile phones, PDAs, and hand- It became possible regardless of time and place.

On the other hand, as the performance of recently launched smartphones has improved, users are moving a lot from general mobile phones to smart phones. Smart phone is an intelligent mobile phone that adds a computer support function to a mobile phone. It is equipped with a personal digital assistant (PDA) function, internet function, video playback function, Etc., to provide a more convenient interface for use. In addition, with the support of wireless Internet function, it is connected to internet and computer, and also functions as a terminal such as e-mail, web browsing, fax, banking, and game. On the other hand, smart phones have a standard operating system (OS) or a dedicated operating system to accommodate various functions.

As such, various functions can be implemented through various mobile terminals such as a smart phone, so that various dedicated application programs and contents are being developed in the mobile terminal.

Such dedicated applications that are installed and operated on a smartphone are commonly referred to as "apps." They are downloaded and installed on smartphones through paid applications or various free applications. Accordingly, a user can access a specific application market on a smart phone, search for a desired application, select the application, download and install the application.

The number and type of applications that are installed on smartphones is increasing, and for applications requiring login, it is inconvenient to log in by inputting an ID and password for each application. Also, when the ID and the password are different for each application, it is not easy to memorize a plurality of IDs and passwords, and it is inconvenient to reset the ID or the password by erroneous input.

On the other hand, Korean Patent Laid-Open Publication No. 2009-0042864 entitled " Method and Apparatus Providing Reliable Single Sign-on Access to Applications and Internet-based Services (Interdigital Technology Corp.) "as a technique for providing a login for such applications ) Discloses a method of providing single sign-on access that enables secure and transparent hopping from one site to another site belonging to a previously identified site group after only once signing on to a secure proxy residing on the user's device.

However, there is no effective authentication method in an application that does not have a self-login function, and in the case of a plurality of applications provided by the same service provider, there is a problem that it is considerably inconvenient to log in to each application individually.

Korean Patent Application No. 2009-0042864 A method and apparatus for providing reliable single sign-on access to applications and Internet-based services (Interdigital Technology Corporation) 2009.04.30

It is an object of the present invention to provide an application login system, method and computer-readable recording medium by authentication sharing for logging in another application via a signed application.

Another object of the present invention is to provide a method and system for transmitting a consumer key to a first application logged in from a second application to be logged in, receiving an authentication token (token) from the first application, An application sign-in system by authentication sharing, a method, and a computer-readable recording medium.

It is a further object of the present invention to provide a method and apparatus for transmitting a consumer key from a second application to be logged in to a first application that is logged in and receiving a ticket generated by the first application from a service server, And a computer readable recording medium.

Yet another object of the present invention is to provide a method and system for transmitting a consumer key to a first application logged in from a second application to be logged in, receiving a ticket for accessing a service server generated from the first application, And a method and a computer-readable recording medium.

It is still another object of the present invention to provide a method and system for enabling a user to log in from a second application by transmitting a consumer key and a ticket to a service server through a first application logged in from a second application to be logged in, An application sign-in system by authentication sharing, a method, and a computer-readable recording medium.

It is still another object of the present invention to provide a method and system for enabling a user to log in from a second application by issuing a ticket from a service server in a second application to be logged in and authenticating the issued ticket from the service server through the logged- An application sign-in system by authentication sharing, a method, and a computer-readable recording medium.

In order to achieve the above-described object of the present invention and to achieve the specific effects of the present invention described below, the characteristic structure of the present invention is as follows.

According to an aspect of the present invention, an application login system by authentication sharing includes a user terminal in which a first application and a second application are installed, and a login process is performed for the first application; And receiving a token of the first application, a signature of the first application, a consumer key of the second application, and a signature of the second application from the user terminal, And a service server for performing login processing for the second application.

Advantageously, the service server checks the validity of at least one of the received token of the first application, the signature of the first application, the consumer key of the second application and the signature of the second application, And performs the login process if the information is valid.

Preferably, the service server generates a token and a token secret of the second application in accordance with the login process for the second application, and transmits the token and the token secret to the user terminal.

Advantageously, the user terminal is configured to receive the token and token secret of the second application from the service server in the first application, to provide the token and token secret of the received second application to the second application do.

Advantageously, the first application receives the consumer key of the second application and the signature of the second application from the second application.

According to another aspect of the present invention, a service server for providing an application login service by authentication sharing includes: a request receiving unit for requesting login of a second application from a user terminal installed with a first application that is logged in to a service server; A validity determiner for determining the validity of the token of the first application, the signature of the first application, and the consumer key of the second application transmitted from the user terminal according to the request; A user identification unit for identifying the logged in user information from the received token of the first application when the validity information is valid; And a login processing unit for performing login processing of the second application with the user information identified by the user identification unit.

Preferably, the service server further comprises: a token generation unit for generating a token and a token secret of the second application in accordance with a login process for the second application of the login processing unit; And a token transmission unit transmitting the token and the token secret of the generated second application to the user terminal.

Advantageously, the user terminal is configured to receive the token and token secret of the second application from the service server in the first application, to provide the token and token secret of the received second application to the second application do.

Advantageously, the first application is configured to receive a consumer key of the second application and a signature of the second application from the second application, and send the signature of the received second application to the service server in the first application, And the validity determination unit of the service server further determines the validity of the signature of the transmitted second application.

Preferably, the service server further comprises: a ticket issuing unit for generating a ticket after storing the user information of the user identification unit and storing the generated ticket in a database; A ticket receiver for transmitting the ticket generated by the ticket issuing unit to the first application of the user terminal and receiving the transmitted ticket through the second application of the user terminal; A ticket inquiry unit for inquiring a ticket received through the ticket receiver with a ticket stored in the database; And a ticket determiner for determining whether the received ticket is a valid ticket as a result of the inquiry of the ticket inquiry unit, wherein the login processor performs a login process for the second application when the ticket determiner determines that the ticket is valid do.

Advantageously, the first application of the user terminal provides a ticket received from the service server to a second application.

Preferably, the service server further comprises: a ticket storage unit for storing, in the database, a ticket generated in the first application received from the user terminal after identifying the user information of the user identification unit; A request result transmission unit for notifying the first application of the user terminal that the ticket storage has been completed by the ticket storage unit abnormally; A ticket receiver for receiving a ticket generated in the first application through the second application of the user terminal; A ticket inquiry unit for inquiring a ticket received through the ticket receiver with a ticket stored in the database; And a ticket determiner for determining whether the received ticket is a valid ticket as a result of the inquiry of the ticket inquiry unit, wherein the login processor performs a login process for the second application when the ticket determiner determines that the ticket is valid do.

Advantageously, the first application of the user terminal provides the generated ticket to the second application upon being notified from the service server that the store of the ticket is completed abnormally.

Preferably, the service server further comprises: a ticket storage unit for storing, in the database, a ticket generated in the second application received from the user terminal after identifying the user information in the user identification unit; A request result transmission unit for notifying the first application of the user terminal that the ticket storage has been completed by the ticket storage unit abnormally; A ticket receiver for receiving a ticket generated by the second application from the second application of the user terminal; A ticket inquiry unit for inquiring a ticket received through the ticket receiver with a ticket stored in the database; And a ticket determiner for determining whether the received ticket is a valid ticket as a result of the inquiry of the ticket inquiry unit, wherein the login processor performs a login process for the second application when the ticket determiner determines that the ticket is valid do.

Advantageously, the first application of the user terminal provides the notification result to the second application upon being notified from the service server that the store of the ticket has been completed abnormally.

Advantageously, the second application of the user terminal generates a ticket and provides the generated ticket to the first application.

According to another aspect of the present invention, a service server for providing an application login service by authentication sharing includes: a request receiving unit for requesting a login of a second application from a user terminal installed with a first application logged in to a service server; A first validity determining unit for determining validity of a signature of the second application and a consumer key of the second application transmitted from the user terminal according to the request; A ticket generating unit for generating a ticket when the first validity determining unit determines that the information is valid; A ticket storage unit for storing a ticket generated by the ticket creation unit in a database; A ticket transmitting unit for transmitting a ticket generated by the ticket creating unit to the second application of the user terminal; A token receiver for receiving a token of the first application, a signature of the first application and a ticket received in the second application from a first application of the user terminal; A second validity judging unit for judging validity of the token of the first application and the signature of the first application according to the reception of the token receiving unit; A user identification unit for identifying the logged-in user information from the received token of the first application when the second validity information is valid; A user information storage unit for mapping the received ticket to user information identified by the user identification unit and storing the same in a database; A result transmitting unit for notifying the first application of the user terminal that the ticket storage is completed abnormally; A ticket receiver for receiving the ticket from the second application of the user terminal; A ticket inquiry unit for inquiring a ticket received through the ticket receiver with a ticket stored in the database; A ticket determination unit for determining whether the received ticket is a valid ticket as a result of the inquiry by the ticket inquiry unit, and a login processing unit for performing a login process for the second application if a ticket is valid as a result of the determination by the ticket determination unit.

Preferably, the service server further comprises: a token generation unit for generating a token and a token secret of the second application in accordance with a login process for the second application of the login processing unit; And a token transmission unit transmitting the token and the token secret of the generated second application to the user terminal.

According to another aspect of the present invention, there is provided a method of signing an application by authentication sharing, wherein each step performed in a service server comprises: a step in which, in a request receiving unit, Receiving a log-in request for the server; Judging validity of the token of the first application, the signature of the first application, and the consumer key of the second application transmitted from the user terminal according to the request; Identifying the logged-in user information from the received token of the first application if the validity information is valid as a result of the validity determination unit, in the user identification unit; And login processing the second application with the user information identified by the user identification unit in the login processing unit.

Preferably, the method further comprises: in the token generation unit, generating a token and token secret of the second application in accordance with the login process for the second application of the login processing unit; And transmitting the token and token secret of the generated second application to the user terminal in the token transmitting unit.

Advantageously, the user terminal is configured to receive the token and token secret of the second application from the service server in the first application, to provide the token and token secret of the received second application to the second application do.

Advantageously, the first application is configured to receive a consumer key of the second application and a signature of the second application from the second application, and send the signature of the received second application to the service server in the first application, And the validity determination unit of the service server further determines the validity of the signature of the transmitted second application.

According to another aspect of the present invention, there is provided a user terminal having a first application and a second application installed therein, the user terminal executing the first application and log-processing the user for the first application through a service server Requesting the service server to log in to the second application in response to receiving a login request for the second application from the second application, An application execution unit; And executing the second application, requesting the first application executing section to log in the second application, receiving login related information for the second application from the first application executing section according to the login request And a second application execution unit for performing login processing for the user.

Advantageously, the first application executor sends a login to the second application by sending the token of the first application, the signature of the first application, and the consumer key of the second application to the service server.

Advantageously, the user terminal is further configured to: receive the token and token secret of the second application from the service server in the first application execution unit; and transmit the token and token secret of the received second application to the second application To the execution unit.

Preferably, the first application execution unit receives the signature of the second application and the signature of the second application from the second application execution unit, and transmits the signature of the second application to the service server send.

Meanwhile, the information for providing the application login method by the authentication sharing may be stored in a recording medium readable by the server computer. Such a recording medium includes all kinds of recording media in which programs and data are stored so that they can be read by a computer system. Examples include ROMs (Read Only Memory), Random Access Memory, CD (Compact Disk), DVD (Digital Video Disk) -ROM, magnetic tape, floppy disk, optical data storage device, (For example, transmission over the Internet). Such a recording medium may also be distributed over a networked computer system so that computer readable code in a distributed manner can be stored and executed.

As described above, according to the present invention, there is an advantage that an application that has not been logged in can be easily logged in through an application in a logged-in state.

In addition, applications that do not have their own login feature can log in by authenticating effectively through the logged-in application.

In addition, in the case of a plurality of applications provided by the same service provider, there is an advantage that it is possible to log in easily through a logged-in application without individually logging in each application.

1 is a diagram showing an application login system by authentication sharing according to an embodiment of the present invention.
2 is a diagram showing a detailed configuration of a service server providing an application login by authentication sharing according to the first embodiment of the present invention.
3 is a flowchart showing an application login processing procedure in the service server according to the first embodiment of the present invention.
4 is a diagram illustrating a detailed configuration of a service server that provides application login by authentication sharing according to a second embodiment of the present invention.
5 is a flowchart showing an application login processing procedure in the service server according to the second embodiment of the present invention.
6 is a diagram showing a detailed configuration of a service server that provides application login by authentication sharing according to third and fourth embodiments of the present invention.
7 is a flowchart showing an application login processing procedure in the service server according to the third embodiment of the present invention.
8 is a flowchart showing an application login processing procedure in the service server according to the fourth embodiment of the present invention.
9 is a diagram showing a detailed configuration of a service server providing an application login by authentication sharing according to a fifth embodiment of the present invention.
10 is a flowchart showing an application login processing procedure in the service server according to the fifth embodiment of the present invention.
11 through 16 are diagrams illustrating an actual implementation for providing a login through a logged-in application according to an embodiment of the present invention.

The following detailed description of the invention refers to the accompanying drawings, which illustrate, by way of illustration, specific embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention. It should be understood that the various embodiments of the present invention are different, but need not be mutually exclusive. For example, certain features, structures, and characteristics described herein may be implemented in other embodiments without departing from the spirit and scope of the invention in connection with an embodiment. It is also to be understood that the position or arrangement of the individual components within each disclosed embodiment may be varied without departing from the spirit and scope of the invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is to be limited only by the appended claims, along with the full scope of equivalents to which the claims are entitled, if properly explained. In the drawings, like reference numerals refer to the same or similar functions throughout the several views.

The present invention discloses an application login system by authentication sharing for logging in another application (e.g., an application that does not have a self-login capability or an application associated with a specific application) via the logged-in application.

Meanwhile, according to the present invention, a consumer key may be transmitted to a service server through a first application that is logged in from a second application to be logged in, and may be directly authenticated through a first application, You can log in from the second application by receiving a token.

Further, in some embodiments of the present invention, a separate ticket is issued for sharing the authentication of the first application and the second application, and the login for the second application is processed by inquiring the issued ticket at the service server.

Meanwhile, in the present invention, a consumer key is a secret key that is shared between a consumer and a provider. The second application is a secret key that is transmitted through a first application or directly to a service server to be shared . In the following description, the term " consumer key " is used to facilitate understanding of the present invention, and the present invention is not limited thereto.

In addition, the signature provided by each application (i.e., the first application or the second application) is information used to prevent a malicious attacker from modifying a part of the request content, for example, a hash function Or the like.

In the present invention, 'token' means data provided from the server to the terminal for authentication of the logged-in application, and may include authentication data of the user. Therefore, an authentication token is normally given to an application that is normally logged in, and the application can maintain the login state with the authentication token granted. In addition, the token may access protected resources associated with a particular user at the service server by issuing a second application to be logged in from the service server.

The 'token secret' refers to a value used by a second application to be logged in to verify the ownership of a token provided from the service server, and may be composed of a predetermined number of digits or a string.

The 'ticket' is an identifier generated and used temporarily by the service server to identify the second application through the first application. The 'ticket' may consist of a certain number of digits or a string. According to embodiments of the present invention, the ticket may be generated in a first application or a second application or service server. At this time, authentication and log-in procedures differ depending on the subject of the ticket being changed.

In the following description of the present invention, information of a specific term (for example, a consumer key, a signature, a ticket, a token, a token secret, etc.) is used to facilitate understanding of the present invention. However, And other information that can perform the functions of the present invention may be used to implement the present invention.

In addition, the 'user terminal' in which various applications are installed in the following description includes not only a general desktop computer but also a smart phone including a mobile communication terminal, a desktop computer, a notebook computer, a workstation, a palmtop computer, A digital device having a memory means such as a personal digital assistant (PDA), a web pad, etc. and equipped with a microprocessor for computing ability can be adopted as a terminal according to the present invention.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings, so that those skilled in the art can easily carry out the present invention.

First, a configuration of an application login system by authentication sharing according to the present invention will be described with reference to FIG. 1, and a detailed configuration, procedure and procedure of a service server according to each embodiment of the present invention will be described with reference to FIG. 2 to FIG. A service implementation example will be described in detail.

Application Login System by Authentication Sharing

1 is a diagram showing an application login system by authentication sharing according to an embodiment of the present invention. Referring to FIG. 1, a system according to the present invention may include a user terminal 100 (e.g., a smart phone), a communication network 110, a service server 120, and the like.

The first application 101 installed in the user terminal 100 is an application already logged in. In the present invention, in the second application 102 having no login function or not yet logged in, And log in to the service server 120 by using this service.

1, the first application 101 and the second application 102 are shown installed in the same user terminal 100. However, since the applications are installed in different terminals and communicate with each other, the present invention can be implemented It is possible.

That is, in order to log in to the service server 120 in the second application, a separate ID and password are usually input and log in. In the present invention, the service server 120 120). ≪ / RTI >

The communication network 110 may be configured without regard to its communication mode such as wired and wireless, and may be a personal area network (PAN), a local area network (LAN), a metropolitan area Network), a wide area network (WAN), and the like. Also, the communication network 110 may be a known World Wide Web (WWW) and may use a wireless transmission technique used for short-distance communication such as Infrared Data Association (IrDA) or Bluetooth It is possible.

The detailed configuration of the service server providing application login by authentication sharing according to each embodiment of the present invention and the login processing procedure performed in the service server will be described with reference to FIG. 2 to FIG. 10, 16, an embodiment in which the present invention is applied to an actual service will be described.

First Embodiment (Basic Example )

2 is a diagram showing a detailed configuration of a service server providing an application login by authentication sharing according to the first embodiment of the present invention. 2, the service server 120 providing application logins according to the first embodiment of the present invention includes a request receiving unit 210, a validity determining unit 220, a user identifying unit 230, a login processing unit 240 ), A token generating unit 250, and a token transmitting unit 260, and the like.

The first application 101 installed in the user terminal 100 is an application already logged in, and the second application 102 is an application to be logged in. Accordingly, the second application 102 can log into the service server 120 via the first application 101 according to the first embodiment of the present invention described below.

The user terminal 100 may include a first application execution unit that executes the first application 101 and a second application execution unit that executes the second application 102. In the following description, The first application executing section and the second application executing section will be referred to as a first application 101 and a second application 102, respectively.

First, a login request is made by transmitting a consumer key and a signature from the second application 102 to the first application 101. [ The first application 101 may send the second application 102 to the service server 120 by transmitting the token and the signature to the service server 120 including the consumer key and signature of the second application 102 provided from the second application 102, ). ≪ / RTI >

The request receiving unit 210 of the service server 120 receives the token and signature of the first application 101 and the consumer key and signature of the second application 102 from the first application 101 of the user terminal 100 Thereby receiving a login request for the second application 102.

The validity determination unit 220 determines the validity of various pieces of information received through the request receiving unit 210. For example, it determines if the token and signature of the first application 101 are valid and determines whether the consumer key and signature of the second application 102 are valid.

If all of the validity information is determined to be valid as a result of the validity determination unit 220, the user identification unit 230 identifies the logged-in user information stored in the user information database 270 as a token of the first application 101. Then, the second application 102 is log-in with the confirmed user information corresponding to the consumer key of the second application 102.

The token generating unit 250 generates a token and token secret for the second application 102 that has performed the login process and transmits the generated token and token secret to the user terminal 100 through the token transmitting unit 260 do.

The first application 101 of the user terminal 100 receives the token and token secret for the second application 102 from the service server 120 and sends the received token and token secret to the second application 102 The login procedure for the second application 102 is completed. Accordingly, the second application 102 can access the service server 120 while logged in using the token and token secret generated by the service server 120.

3 is a flowchart showing an application login processing procedure in the service server according to the first embodiment of the present invention. In the following description, the first application 101 logged in is referred to as 'A', and the second application 102 for logging in via the first application 102 is referred to as 'B' .

Referring to FIG. 3, a first application 101 is first transmitted by sending its consumer key and signature to a first application 101 (i.e., 'A') in a second application 102 (i.e., To request a login via the Internet.

The first application 101 receives the consumer key of B and the signature of B from the second application 102 and sends the token of its own token (that is, the token of A ) And signatures (i.e., signatures of A) to the service server 120 to request login to the second application 102.

The service server 102 receives the token A, the signature A, the consumer key B, and the signature B from the first application 101, and verifies the validity of each received information. That is, the validity of the token of A is determined (S301). If there is no abnormality, the validity of the signature of A is determined (S302). If there is no abnormality, the validity of B of the consumer key is determined (S303) If there is no abnormality, the validity of the signature of B is judged (S304). On the other hand, the order of the validity judgment may be changed and may be performed at the same time.

If there is no abnormality as a result of the validity check, the information of the user currently logged in in the first application 101 (e.g., login ID and password) is confirmed using the token of A. Then, the second application 102 logs in using the confirmed user information (S305).

Meanwhile, the service server 120 generates a token and a token secret of the second application 102 (i.e., B) according to the login process (S306) and transmits the token and the token secret to the first application 101. [

The first application 101 receives the token of B and the token secret of B from the service server 120 and provides it to the second application 102 again. The second application 102 receives and stores a token (i.e., a token of B) and a token secret (a token secret of B) for itself from the first application 101, Is completed. Accordingly, the second application 102 and the service server 120 are connected in a logged-in state using the generated token B and the generated B password.

By doing so, the user can log in to the service server 120 using the first application 101 that has already been logged in, without a separate login and password input procedure in the second application 102.

The basic login method according to the first embodiment has been described, and the login method according to the second and fifth embodiments will be described below. On the other hand, in the second to fifth embodiments to be described later, a method of processing login using a ticket generated in each of the different subjects according to the embodiment will be described.

Second Example (Using server-generated ticket by A request)

4 is a diagram illustrating a detailed configuration of a service server that provides application login by authentication sharing according to a second embodiment of the present invention. 4, a service server 120 providing an application login according to a second embodiment of the present invention includes a request receiving unit 401, a validity determining unit 402, a user identifying unit 403, a ticket issuing unit 404, a ticket receiving unit 405, a ticket inquiry unit 406, a ticket determining unit 407, a login processing unit 408, a token generating unit 409, and a token transmitting unit 410 .

The first application 101 installed in the user terminal 100 is an application already logged in, and the second application 102 is an application to be logged in. Accordingly, the second application 102 can log in to the service server 120 via the first application 101 according to the second embodiment of the present invention described below.

First, a login request is made by transmitting a consumer key from the second application 102 to the first application 101. The first application 101 transmits its own token and signature to the service server 120 through the second application 102 provided by the second application 102 to the second application 102 Request a login for.

The request receiving unit 401 of the service server 120 receives the token and the signature of the first application 101 and the consumer key of the second application 102 from the first application 101 of the user terminal 100, 2 < / RTI >

The validity determination unit 402 determines the validity of various pieces of information received through the request receiving unit 401. For example, it determines if the token and signature of the first application 101 are valid and determines whether the consumer key of the second application 102 is valid.

If all of the validity information is determined to be valid as a result of the validity determination unit 402, the user identification unit 403 identifies the logged-in user information stored in the user information database 411 as a token of the first application 101. Then, unlike in the first embodiment described above, it issues a ticket for confirmation of the second application 102.

That is, the ticket issuing unit 404 issues a new ticket, maps it to the user information identified by the user identifying unit 403, and stores it in the ticket information database 412. At this time, the issued ticket is transmitted to the first application 101 of the user terminal 100.

Next, the first application 101 of the user terminal 100 provides the ticket received from the service server 120 to the second application 102. The second application 102 requests authentication by transmitting the ticket received through the first application 101 to the service server 120.

The ticket receiving unit 405 of the service server 120 receives the ticket from the second application 102 and the ticket inquiry unit 406 receives the ticket received from the second application 102 from the ticket information database 412, And acquires user information mapped to the ticket.

The ticket determination unit 407 checks the validity of the ticket, and log-processes the second application 102 with the acquired user information through the login processing unit 408 if there is no abnormality.

The token generating unit 408 generates a token and token secret for the second application 102 that has performed the login process and transmits the generated token and the token secret to the user terminal 100 through the token transmitting unit 410 do.

The login procedure for the second application 102 is completed in the second application 102 of the user terminal 100 by directly receiving the token and token secrets for the second application 102 from the service server 120. [ Accordingly, the second application 102 can access the service server 120 while logged in using the token and token secret generated by the service server 120.

5 is a flowchart showing an application login processing procedure in the service server according to the second embodiment of the present invention. In the following description, as in the first embodiment, the first application 101 logged in is referred to as 'A' for the sake of explanation, and the second application 102 to log in via the first application 102 Quot; B ".

5, the second application 102 (i.e., 'B') first communicates the first application 101 by sending its consumer key to the first application 101 (i.e., 'A'). To request a login.

The first application 101 receives the consumer key of B from the second application 102 and sends its own token (i.e., the token of A) and signature (i.e., Signatures) to the service server 120 to request a login to the second application 102. [

The service server 102 receives the token A, the signature A, and the consumer key B from the first application 101 and verifies the validity of each received information. That is, the validity of the token of A is determined (S501). If there is no abnormality, the validity of the signature of A is determined (S502). If there is no abnormality, the validity of B of the consumer key is determined (S503). On the other hand, the order of the validity judgment may be changed and may be performed at the same time.

If there is no abnormality in the validity determination result, the information (e.g., login ID and password) of the user currently logged in from the first application 101 is confirmed using the token A in step S504.

Then, as described above, a new ticket is issued (S505) according to the second embodiment of the present invention, and the new ticket is mapped to the user information confirmed by the user and stored in the database. At this time, the issued ticket is transmitted to the first application 101 of the user terminal 100.

Next, the first application 101 of the user terminal 100 provides the ticket received from the service server 120 to the second application 102. The second application 102 requests authentication by transmitting the ticket received through the first application 101 to the service server 120.

The service server 120 receives the ticket from the second application 102, compares the ticket received from the second application 102 with the ticket stored in the database, and acquires user information mapped to the ticket (S506) do. Meanwhile, when transmitting the ticket to the service server 120 in the second application 102 according to the embodiment of the present invention, authentication of the second application 102 is performed by transmitting its own consumer key and signature together You can also add procedures to perform.

Then, the service server 120 checks the validity of the ticket (S507). If there is no abnormality, the second server 102 logs in the second application 102 (S508).

Then, the service server 120 generates a token and token secret for the second application 102 that has performed the login process (S509), and transmits the generated token and the token secret to the user terminal 100. [

The second application 102 of the user terminal 100 directly receives and stores the token and token passwords for the second application 102 from the service server 120 so that the login procedure for the second application 102 is completed do. Accordingly, the second application 102 and the service server 120 are connected in a logged-in state using the generated token B and the generated B password.

By doing so, the user can log in to the service server 120 using the first application 101 that has already been logged in, without a separate login and password input procedure in the second application 102.

Third Example (Using A generation ticket)

6 is a diagram showing a detailed configuration of a service server for providing application login by authentication sharing according to a third embodiment of the present invention. 6, a service server 120 providing an application login according to a third embodiment of the present invention includes a request receiving unit 601, a validity determining unit 602, a user identifying unit 603, a ticket storing unit A ticket inquiry unit 607, a ticket determination unit 608, a login processing unit 609, a token generation unit 610, and a token transmission unit 611. The request transmission unit 605, the ticket reception unit 606, the ticket inquiry unit 607, And the like.

The first application 101 installed in the user terminal 100 is an application already logged in, and the second application 102 is an application to be logged in. Accordingly, the second application 102 can log into the service server 120 via the first application 101 according to the third embodiment of the present invention described below.

First, a login request is made by transmitting a consumer key from the second application 102 to the first application 101. The first application 101 receives a login request from the second application 102 and creates a new ticket.

Then, the first application 101 transmits to the service server 120 a ticket including its own token and signature and a ticket generated by itself in the consumer key of the second application 102 provided from the second application 102 And requests login to the second application 102 by transmitting.

The request receiving unit 601 of the service server 120 receives the token and the signature of the first application 101 from the first application 101 of the user terminal 100 and the consumer key of the second application 102, Receives a login request for the second application 102 by receiving a ticket generated by the second application 102. [

The validity determination unit 602 determines the validity of various types of information received through the request reception unit 601. For example, it determines if the token and signature of the first application 101 are valid and determines whether the consumer key of the second application 102 is valid.

If all of the validity information is determined to be valid as a result of the validity determination unit 602, the user identification unit 603 identifies the logged-in user information stored in the user information database 621 as a token of the first application 101. Then, unlike the first and second embodiments described above, the ticket transmitted from the first application 101 is stored in the ticket information database 622. That is, the ticket storage unit 604 maps the received ticket to the user information identified by the user identification unit 603, and stores the mapping in the ticket information database 622. When the ticket is normally stored in the database as a unique value, the request result transmitting unit 605 notifies the first application of the user terminal 100 that the ticket storage is completed without any abnormality.

The first application 101 of the user terminal 100 is notified from the service server 120 that the ticket storage has been completed without any abnormality and provides the ticket generated by the first application 101 to the second application 102. The second application 102 requests authentication by transmitting the ticket received from the first application 101 to the service server 120. [

The ticket receiving unit 606 of the service server 120 receives the ticket from the second application 102 and the ticket inquiry unit 607 receives the ticket received from the second application 102 from the ticket information database 622, (I.e., a ticket received from the first application 101) stored in the first application 101 and acquires user information mapped to the ticket.

After checking the validity of the ticket, the ticket determination unit 608 logs in the second application 102 with the obtained user information through the login processing unit 609 if there is no abnormality.

The token generating unit 610 generates a token and token secret for the second application 102 that has performed the login processing and transmits the generated token and token secret to the user terminal 100 through the token transmitting unit 611 do.

The login procedure for the second application 102 is completed in the second application 102 of the user terminal 100 by directly receiving the token and token secrets for the second application 102 from the service server 120. [ Accordingly, the second application 102 can access the service server 120 while logged in using the token and token secret generated by the service server 120.

7 is a flowchart showing an application login processing procedure in the service server according to the third embodiment of the present invention. Referring to FIG. 7, the first application 101 is first communicated to the second application 102 (i.e., 'B') by sending its consumer key to the first application 101 (i.e., 'A' To request a login.

The first application 101 receives B's consumer key from the second application 102 and generates a new ticket.

Then, by transmitting the received B's consumer key, its own token (i.e., the token of A) and the signature (i.e., the signature of A), and the ticket generated by itself to the service server 120, 102). ≪ / RTI >

The service server 102 receives the token A, the signature A, the consumer key B, and the ticket generated by A from the first application 101, and verifies the validity of each received information. That is, the validity of the token of A is determined (S701). If there is no abnormality, the validity of the signature of A is determined (S702). If there is no abnormality, the validity of B of the consumer key is determined (S703). On the other hand, the order of the validity judgment may be changed and may be performed at the same time.

If there is no abnormality in the validity determination result, the information (e.g., login ID and password) of the user currently logged in in the first application 101 is confirmed with the token A in step S704.

Then, according to the third embodiment of the present invention, the ticket generated by the A is mapped to the user information confirmed by the user and stored in the database (S705).

When the ticket is normally stored in the database as a unique value, the service server 120 notifies the first application of the user terminal 100 of the completion of the storing of the ticket (S706).

The first application 101 of the user terminal 100 is notified from the service server 120 that the ticket storage has been completed without any abnormality and provides the ticket generated by the first application 101 to the second application 102. The second application 102 requests authentication by transmitting the ticket received from the first application 101 to the service server 120. [

The service server 120 receives the ticket from the second application 102, compares the ticket received from the second application 102 with the ticket stored in the database, acquires user information mapped to the ticket in operation S707, do. Meanwhile, when transmitting the ticket to the service server 120 in the second application 102 according to the embodiment of the present invention, authentication of the second application 102 is performed by transmitting its own consumer key and signature together You can also add procedures to perform.

Then, the service server 120 checks the validity of the ticket (S708). If there is no abnormality, the second server 102 logs in the second application 102 (S709).

Then, the service server 120 generates a token and token secret for the second application 102 that has performed the login process (S710), and transmits the generated token and the token secret to the user terminal 100. [

The second application 102 of the user terminal 100 directly receives and stores the token and token passwords for the second application 102 from the service server 120 so that the login procedure for the second application 102 is completed do. Accordingly, the second application 102 and the service server 120 are connected in a logged-in state using the generated token B and the generated B password.

By doing so, the user can log in to the service server 120 using the first application 101 that has already been logged in, without a separate login and password input procedure in the second application 102.

Fourth Example (Using B generation ticket)

The fourth embodiment of the present invention is similar to the third embodiment of the present invention described above except that the ticket is generated in the second application 102 instead of the first application 101. [

6, according to the fourth embodiment of the present invention, the second application 102 generates a ticket and transmits the consumer key and the generated ticket together to the first application 101, . The first application 101 receives a login request from the second application 102 and includes its token and signature in the consumer key and ticket of the second application 102 provided from the second application 102 To the service server 120, thereby requesting the second application 102 to log in.

The request receiving unit 601 of the service server 120 receives the token and the signature of the first application 101 from the first application 101 of the user terminal 100 and the consumer key of the second application 102, And receives a login request for the second application 102 by receiving the ticket generated by the second application 102. [

The validity determination unit 602 determines the validity of various types of information received through the request reception unit 601. For example, it determines if the token and signature of the first application 101 are valid and determines whether the consumer key of the second application 102 is valid.

If all of the validity information is determined to be valid as a result of the validity determination unit 602, the user identification unit 603 identifies the logged-in user information stored in the user information database 621 as a token of the first application 101. Unlike the first and second embodiments described above, the ticket is stored in the ticket information database 622, which is issued by the second application 102 and transmitted through the first application 101. That is, the ticket storage unit 604 maps the received ticket to the user information identified by the user identification unit 603, and stores the mapping in the ticket information database 622. When the ticket is normally stored in the database as a unique value, the request result transmitting unit 605 notifies the first application of the user terminal 100 that the ticket storage is completed without any abnormality.

The first application 101 of the user terminal 100 is notified from the service server 120 that the store of the ticket is completed abnormally and provides the notification result to the second application 102 again. In the second application 102, the first application 101 is informed that there is no abnormality in storing the ticket, and requests authentication by transmitting the ticket generated by the second application 102 to the service server 120.

The ticket receiving unit 606 of the service server 120 receives the ticket from the second application 102 and the ticket inquiry unit 607 receives the ticket received from the second application 102 from the ticket information database 622, (I.e., the ticket received through the first application 101) stored in the first application 101 and acquires user information mapped to the ticket.

After checking the validity of the ticket, the ticket determination unit 608 logs in the second application 102 with the obtained user information through the login processing unit 609 if there is no abnormality.

The token generating unit 610 generates a token and token secret for the second application 102 that has performed the login processing and transmits the generated token and token secret to the user terminal 100 through the token transmitting unit 611 do.

The login procedure for the second application 102 is completed in the second application 102 of the user terminal 100 by directly receiving the token and token secrets for the second application 102 from the service server 120. [ Accordingly, the second application 102 can access the service server 120 while logged in using the token and token secret generated by the service server 120.

8 is a flowchart showing an application login processing procedure in the service server according to the fourth embodiment of the present invention. Referring to FIG. 8, a second application 102 (i.e., 'B') first generates a new ticket and sends its own consumer key to the first application 101 (i.e., 'A' ), Thereby requesting a login via the first application 101.

The first application 101 receives the consumer key of B and the ticket generated by B from the second application 102, and generates a token of its own token , A token of A) and a signature (i.e., a signature of A) to the service server 120.

The service server 102 receives the token A, the signature A, the consumer key B, and the ticket generated by B from the first application 101, and verifies the validity of each received information. That is, the validity of the token of A is judged (S801). If there is no abnormality, the validity of the signature of A is judged (S802). If there is no abnormality, the validity of B of the consumer key is judged (S803). On the other hand, the order of the validity judgment may be changed and may be performed at the same time.

If there is no abnormality as a result of the validity determination, the information (e.g., login ID and password) of the user who is currently logged in from the first application 101 is confirmed with the token of A (S804).

Then, according to the third embodiment of the present invention, the ticket generated by the B is mapped to the user information confirmed by the user and stored in the database (S805).

When the ticket is normally stored in the database as a unique value, the service server 120 notifies the first application of the user terminal 100 of the completion of the storing of the ticket (S806).

The first application 101 of the user terminal 100 is notified from the service server 120 that the store of the ticket is completed abnormally and provides the notification result to the second application 102 again. The second application 102 confirms that the storage of the ticket generated by the first application 101 has been completed without any abnormality in the service server 120 and transmits the ticket generated by the first application 101 to the service server 120 Request authentication.

The service server 120 receives the ticket from the second application 102, compares the ticket received from the second application 102 with the ticket stored in the database, acquires user information mapped to the ticket (S807) do. Meanwhile, when transmitting the ticket to the service server 120 in the second application 102 according to the embodiment of the present invention, authentication of the second application 102 is performed by transmitting its own consumer key and signature together You can also add procedures to perform.

Then, the service server 120 checks the validity of the ticket (S808), and if there is no abnormality, log-processes the second application 102 with the obtained user information (S809).

Then, the service server 120 generates a token and token secret for the second application 102 that has performed the login process (S810), and transmits the generated token and the token secret to the user terminal 100. [

The second application 102 of the user terminal 100 directly receives and stores the token and token passwords for the second application 102 from the service server 120 so that the login procedure for the second application 102 is completed do. Accordingly, the second application 102 and the service server 120 are connected in a logged-in state using the generated token B and the generated B password.

By doing so, the user can log in to the service server 120 using the first application 101 that has already been logged in, without a separate login and password input procedure in the second application 102.

Fifth Example (Using server-generated ticket by B request)

9 is a diagram showing a detailed configuration of a service server providing an application login by authentication sharing according to a fifth embodiment of the present invention. Referring to FIG. 9, a service server 120 providing an application login according to a fifth embodiment of the present invention includes a request receiving unit 901, a first validity determining unit 902, a ticket generating unit 903, A ticket transmitting unit 905, a token receiving unit 906, a second validity determining unit 907, a user identifying unit 908, a user information storing unit 909, a result transmitting unit 910, A ticket inquiry unit 912, a ticket determination unit 913, a login processing unit 914, a token generation unit 915, and a token transfer unit 916. [

The first application 101 installed in the user terminal 100 is an application already logged in, and the second application 102 is an application to be logged in. Accordingly, the second application 102 can log into the service server 120 via the first application 101 according to the fifth embodiment of the present invention described below.

First, a login request is made to the second application 102 by transmitting a consumer key and signature from the second application 102 to the service server 120.

The request receiving unit 901 of the service server 120 receives a login request from the second application 102 of the user terminal 100 and the first validity determining unit 902 receives the login request from the request receiving unit 901 And judges the validity of the received various information. For example, it is determined whether the consumer key and signature of the second application 102 are valid.

If all of the validity information is valid, the ticket generator 903 generates a new ticket. The ticket storage unit 904 stores the generated ticket in the ticket information database 921 . Then, the ticket transmitting unit 905 transmits the generated ticket to the second application 102 of the user terminal 100.

The second application 102 performs a user information mapping procedure for a ticket by transmitting a ticket received from the service server 120 to the first application 101.

That is, the first application 101 receiving the ticket generated by the service server 120 from the second application 102 receives the ticket provided from the second application 102 and its token (that is, the token of A) And a signature (i.e., a signature of A) to the service server 120 to request a login to the second application 102.

The token receiving unit 906 of the service server 120 receives the token of the first application 101 from the first application 101 of the user terminal 100 and transmits the signature of A and the ticket generated by itself And receives a login request for the second application 102 by receiving the login request.

The second validity determination unit 907 determines the validity of various information received together with the token A through the token receiving unit 906. For example, it is determined whether the token and signature of the first application 101 are valid.

If all of the determination result of the second validity determination unit 907 is valid, the user identification unit 908 confirms the information of the logged-in user stored in the user information database 922 with the token of the first application 101 do. Then, the user information storage unit 909 maps the received ticket (that is, the ticket generated by the user) to the user information identified by the user identification unit 908, and stores it in the ticket information database 921. When the ticket is normally stored in the database as a unique value, the result transmitter 910 notifies the first application of the user terminal 100 that the ticket storage is completed without any abnormality.

The first application 101 of the user terminal 100 is notified from the service server 120 that the store of the ticket is completed abnormally and provides the notification result to the second application 102 again. The second application 102 is informed that the first application 101 does not store the ticket and requests authentication by transmitting the ticket (that is, the ticket provided from the service server) to the service server 120 again .

The ticket receiving unit 911 of the service server 120 receives the ticket from the second application 102 and the ticket inquiry unit 912 receives the ticket received from the second application 102 from the ticket information database 921, (I.e., a ticket generated by the user) and acquires user information mapped to the ticket.

After checking the validity of the ticket, the ticket determination unit 913 logs in the second application 102 with the obtained user information through the login processing unit 914 if there is no abnormality.

The token generating unit 915 generates a token and token secret for the second application 102 that has performed the login processing and transmits the generated token and token secret to the user terminal 100 through the token transmitting unit 916 do.

The login procedure for the second application 102 is completed in the second application 102 of the user terminal 100 by directly receiving the token and token secrets for the second application 102 from the service server 120. [ Accordingly, the second application 102 can access the service server 120 while logged in using the token and token secret generated by the service server 120.

10 is a flowchart showing an application login processing procedure in the service server according to the fifth embodiment of the present invention. Referring to FIG. 10, first, a login request is made to the second application 102 by transmitting a consumer key and a signature from the second application 102 to the service server 120.

The service server 120 receives the B's signature and the signature of B from the second application 102 of the user terminal 100 and determines the validity of the received various information. For example, it is determined whether the consumer key and the signature of the second application 102 are valid (S1006).

If all of the determination results are valid, the service server 120 generates a new ticket (S1007), and stores the generated ticket in the database 921. [ Then, the generated ticket is transmitted to the second application 102 of the user terminal 100.

The second application 102 performs a user information mapping procedure for a ticket by transmitting a ticket received from the service server 120 to the first application 101.

That is, the first application 101 receiving the ticket generated by the service server 120 from the second application 102 receives the ticket provided from the second application 102 and its token (that is, the token of A) And a signature (i.e., a signature of A) to the service server 120 to request a login to the second application 102.

The service server 120 receives the token of the first application 101 from the first application 101 of the user terminal 100 and concurrently receives the signature of A and the ticket generated by itself, 102). ≪ / RTI >

Then, the service server 120 determines the validity of various pieces of information received together with the token A. For example, it is determined whether the token and the signature of the first application 101 are valid (S1001, S1002).

If all of the above-mentioned judgments are valid information, the information of the logged-in user stored in the database is confirmed as a token of the first application 101 (S1003). Then, the received ticket (i.e., the ticket generated by itself) is mapped to the confirmed user information and stored in the database (S1004). When the ticket is normally stored in the database as a unique value (S1005), the first application of the user terminal 100 is notified that the ticket storage is completed without abnormality.

The first application 101 of the user terminal 100 is notified from the service server 120 that the store of the ticket is completed abnormally and provides the notification result to the second application 102 again. The second application 102 is informed that the first application 101 does not store the ticket and requests authentication by transmitting the ticket (that is, the ticket provided from the service server) to the service server 120 again .

The service server 120 receives a ticket from the second application 102, compares the ticket received from the second application 102 with a ticket stored in the database (i.e., a ticket generated by the second application 102) And acquires user information to be mapped (S1008).

Then, the service server 120 checks the validity of the ticket (S1009). If there is no abnormality, the login processing unit 914 transfers the second application 102 with the obtained user information to the login process S1010 )do.

Then, the service server 120 generates a token and token secret for the second application 102 that has performed the login process (S1011), and transmits the generated token and the token secret to the user terminal 100. [

The login procedure for the second application 102 is completed in the second application 102 of the user terminal 100 by directly receiving the token and token secrets for the second application 102 from the service server 120. [ Accordingly, the second application 102 can access the service server 120 while logged in using the token and token secret generated by the service server 120.

The detailed configuration of the service server providing the application login by the authentication sharing according to each embodiment of the present invention and the login processing procedure performed in the service server have been described with reference to FIG. 2 through FIG. Next, an embodiment in which the present invention is applied to an actual service will be described with reference to FIGS. 11 to 16. FIG.

11 through 16 are diagrams illustrating an actual implementation for providing a login through a logged-in application according to an embodiment of the present invention. The following embodiments will be described taking an example of a Naver application installed in a smart phone or the like. For example, the first application that is logged in becomes a Naver application, and the second application that performs login through the first application becomes an application such as an N drive.

Referring to FIG. 11, when simple log-in is set through the Naver application, authentication of another application can be performed according to the embodiment of the present invention with the log-in ID set in the login. For example, if a simple log-in is selected at the N-drive of the neighbor, the log-in can be automatically logged into the ID of the already-registered Naver application ('mjbelle84' in FIG. 11) without a separate ID and password input procedure. At this time, according to the embodiment of the present invention, as described above, the user information identified as an individual application (for example, N drive application) in the Naver application is copied, and the user logs in through the screen .

12, conventionally, when an individual application is to be logged in, it is necessary to log in by inputting an ID and a password for each application. However, according to the embodiment of the present invention, It can be easily logged in.

13, when a user executes a shortcut to a specific application among a plurality of applications installed on a user terminal (e.g., a smart phone) or accesses a first application (e.g., a Naver application) If so, the main screen of the corresponding third party application (i.e., the second application) is executed. At this time, a menu for logging in with the first application's ID may be displayed on the main screen of the second application, and when the login through the first application is selected, as illustrated in the embodiment of the present invention, Can be automatically logged in without an ID and password input.

Meanwhile, when the simple login account is registered according to the embodiment of the present invention, the automatic login procedure is performed as shown in FIG. 13, but when the simple login account is not registered, as shown in FIG. 14, It can be implemented to proceed with the registration procedure.

FIG. 15 shows an example of proceeding to the installation procedure of the first application when the login of the second application is executed without installing the first application. That is, when the second application is executed and the first application is not installed, as shown in FIG. 15, after the installation of the first application proceeds through various application markets, May proceed according to an embodiment of the invention.

Figure 16 illustrates a procedure for a new user to initially execute to utilize an application automatic login according to an embodiment of the present invention. Referring to FIG. 16, in the case of a new user, when a first application is logged in and a second application is executed and a login service through the first application is desired to be provided, You can then add more parental consent procedures.

The various operations and functions as described herein with respect to the various methods may be performed by any of a number of types of functions, such as a particular processing function and / or a processing function implemented therein, and / ≪ / RTI > For example, such functions may be described herein, as well as performing various operations and processes as described herein, or any other operations and functions as described herein, etc., or the like, And may perform such operations, processes, and the like.

In some embodiments, such functions (which may be implemented on the same device or on distinct devices) may be implemented in such a manner and in accordance with various aspects of the present invention, etc., and / Operations and functions, and their equivalents. In some embodiments, such processing is performed together by the first functional portion in the first device and the second functional portion in the second device. In other embodiments, such processing, operations, etc. are performed entirely by the processing units within one particular apparatus. Even in other embodiments, such processing and operations are performed using at least a first functional portion and a second functional portion within a single device.

Also, in the foregoing description, the terms " system, " " device, " and " section " may be a single processing device or a plurality of processing devices. Such a processing device may be a microprocessor, a microcontroller, a digital signal processor, a microcomputer, a central processing unit, a field programmable gate array, a programmable logic device, a state machine, a logic circuit, an analog circuit, a digital circuit, and / (Analog and / or digital) based on hard coding of operational instructions. The processing module, module, processing circuit, and / or processing unit may be implemented as a single memory device, a plurality of memory devices, and / or a combination of the processing modules, the processing circuitry, and / Lt; / RTI > memory and / or an integrated memory element. Such a memory device may be any device that stores read only memory (ROM), random access memory (RAM), volatile memory, non-volatile memory, static memory, dynamic memory, flash memory, cache memory, and / . If the processing module, the module, the processing circuit, and / or the processing unit include one or more processing devices, the processing devices may be centrally located (i.e., directly or indirectly via a wired and / Connected), distributed (e.g., cloud computing via an indirect connection over a local and / or wide area network). If the processing module, module, processing circuit, and / or processing unit implements one or more of those functions through a static machine, analog circuitry, digital circuitry, and / or circuitry, memory and / It should further be noted that the corresponding operating instructions may be internal or external to the circuit including the static machine, analog circuitry, digital circuitry, and / or logic circuitry. The memory element may be stored and the processing module, module, processing circuitry, and / or processing unit may be configured to store a hard-coded and / or hard-coded data item corresponding to at least a portion of the steps and / or functions depicted in one or more of the figures It should be further noted that it carries out operational instructions. Such a memory device or memory element may be included within the components of the manufacture.

The invention has been described above with the aim of method steps illustrating the performance of certain functions and their relationships. The boundaries and order of these functional components and method steps have been arbitrarily defined herein for convenience of description. Alternative boundaries and sequences may be defined as long as the specific functions and relationships are properly performed. Any such alternative boundaries and sequences are therefore within the scope and spirit of the claimed invention. In addition, the boundaries of these functional components have been arbitrarily defined for ease of illustration. Alternative boundaries can be defined as long as certain important functions are properly performed. Likewise, the flow diagram blocks may also be arbitrarily defined herein to represent any significant functionality. For extended use, the flowchart block boundaries and order may have been defined and still perform some important function. Alternative definitions of both functional components and flowchart blocks and sequences are therefore within the scope and spirit of the claimed invention. Those skilled in the art will also appreciate that the functional components and other illustrated blocks, modules, and components herein may be implemented as illustrated or as separate components, such as semiconductor integrated circuits (ASICs) And the like, or any combination thereof.

The invention may also be described, at least in part, in the language of one or more embodiments. Embodiments of the invention are used herein to describe the invention, aspects thereof, features thereof, concepts thereof, and / or examples thereof. The physical embodiment of an apparatus, article of manufacture, machine, and / or process for implementing the invention may include one or more aspects, features, concepts, examples, etc., described with reference to one or more embodiments described herein . Moreover, in the entire drawings, embodiments may incorporate the same or similarly named functions, steps, modules, etc. that may use the same or different reference numerals, and so forth, Steps, modules, etc., may be the same or similar functions, steps, modules, etc., or the like.

In the meantime, the term " processing unit "is used in the description of various embodiments of the present invention. A module includes a functional block implemented via hardware to perform one or more functions, such as processing one or more input signals to produce one or more output signals. The hardware implementing the functional block may operate directly by combining software and / or firmware. As used herein, a module may include one or more sub-modules that are themselves modules.

While various combinations of features and specific combinations of features of the present invention are explicitly described herein, other combinations of these features and functions are likewise possible. The present invention is not limited to the specific examples disclosed herein, and explicitly incorporates these different combinations.

As described above, the present invention has been described with reference to particular embodiments, such as specific elements, and specific embodiments and drawings. However, it should be understood that the present invention is not limited to the above- And various modifications and changes may be made thereto by those skilled in the art to which the present invention pertains.

Accordingly, the spirit of the present invention should not be construed as being limited to the embodiments described, and all of the equivalents or equivalents of the claims, as well as the following claims, belong to the scope of the present invention .

100: user terminal 101: first application
102: second application 110: communication network
120: service server 210: request receiver
220: validity determination unit 230: user identification unit
240: Login processing unit 250: Token generating unit
260: Token transfer unit 270: User information database
401: request receiving unit 402: validity determining unit
403: User identification unit 404: Ticket issuing unit
405: Ticket receiving section 406: Ticket inquiring section
407: ticket determination unit 408:
409: Token generating unit 410: Token transmitting unit
411: user information database 412: ticket information database
601: request reception unit 602: validity determination unit
603: User identification unit 604:
605: Request result transmitting section 606:
607: target inquiry unit 608: target determination unit
609: Login processing unit 610: Token generating unit
611: Token transmitting unit 901: Request receiving unit
902: First validity determination unit 903: Ticket generation unit
904: Ticket storage unit 905: Ticket transfer unit
906: token receiving unit 907: second validity judging unit
908: User identification unit 909: User information storage unit
910: Result transmitting unit 911: Ticket receiving unit
912: Ticket inquiry unit 913:
914: Login processing unit 915: Token generating unit
916: Token transfer unit 911: Ticket information database
912: User information database

Claims (27)

A user terminal in which a first application and a second application are installed, and a login process is performed on the first application; And
Receiving a token of the first application, a signature of the first application, a consumer key of the second application, and a signature of the second application from the user terminal, and storing the signature of the second application as user information identified from the token of the received first application And a service server for performing login processing for the second application,
The service server,
And generates a token and token secret of the second application in accordance with the login process for the second application, and transmits the token and token secret to the user terminal.
The service providing system according to claim 1,
A validity of at least one of the received token of the first application, the signature of the first application, the consumer key of the second application, and the signature of the second application is checked, The application login system by authentication sharing.
delete The method of claim 1,
Receiving a token and token secret of the second application from the service server in the first application and providing the token and token secret of the received second application to the second application; .
The method of claim 1,
And receives a signature of the second application and a consumer key of the second application from the second application.
A request receiving unit for receiving a login request for a second application from a user terminal installed with a first application logged in to the service server;
A validity determiner for determining the validity of the token of the first application, the signature of the first application, and the consumer key of the second application transmitted from the user terminal according to the request;
A user identification unit for identifying the logged in user information from the received token of the first application when the validity information is valid; And
And a login processing unit for performing login processing of the second application with the user information identified by the user identification unit,
The service server,
A token generating unit for generating a token and a token secret of the second application in accordance with a login process of the second application of the login processing unit; And
And a token transmission unit for transmitting the token and the token secret of the generated second application to the user terminal.

delete The method of claim 6,
An application login service by an authentication sharing service that receives a token and token secret of the second application from the service server in the first application and provides the token and token secret of the received second application to the second application, A service server for provisioning.
7. The method of claim 6,
Receiving a signature of the second application and a consumer key of the second application from the second application and further transmitting a signature of the received second application from the first application to the service server,
Wherein the validity determination unit of the service server further determines validity of the signature of the transmitted second application.
The system according to claim 6,
A ticket issuing unit for generating a ticket after storing the user information of the user identification unit and storing the ticket in a database;
A ticket receiver for transmitting the ticket generated by the ticket issuing unit to the first application of the user terminal and receiving the transmitted ticket through the second application of the user terminal;
A ticket inquiry unit for inquiring a ticket received through the ticket receiver with a ticket stored in the database; And
And a ticket determiner for determining whether the received ticket is a valid ticket as a result of inquiry by the ticket inquiry unit,
Wherein the login processing unit performs a login process for the second application when the ticket is a valid ticket as a result of the determination by the ticket determination unit.
11. The method of claim 10, wherein the first application of the user terminal comprises:
And provides the ticket received from the service server to the second application.
The system according to claim 6,
A ticket storage unit for storing a ticket generated in the first application received from the user terminal in a database after identification of user information of the user identification unit;
A request result transmission unit for notifying the first application of the user terminal that the ticket storage has been completed by the ticket storage unit abnormally;
A ticket receiver for receiving a ticket generated in the first application through the second application of the user terminal;
A ticket inquiry unit for inquiring a ticket received through the ticket receiver with a ticket stored in the database; And
And a ticket determiner for determining whether the received ticket is a valid ticket as a result of inquiry by the ticket inquiry unit,
Wherein the login processing unit performs a login process for the second application when the ticket is a valid ticket as a result of the determination by the ticket determination unit.
13. The method of claim 12, wherein the first application of the user terminal comprises:
And provides the generated ticket to the second application upon being informed from the service server that the storing of the ticket is completed abnormally.
The system according to claim 6,
A ticket storage unit for storing a ticket generated in the second application received from the user terminal in a database after the identification of user information of the user identification unit;
A request result transmission unit for notifying the first application of the user terminal that the ticket storage has been completed by the ticket storage unit abnormally;
A ticket receiver for receiving a ticket generated by the second application from the second application of the user terminal;
A ticket inquiry unit for inquiring a ticket received through the ticket receiver with a ticket stored in the database; And
And a ticket determiner for determining whether the received ticket is a valid ticket as a result of inquiry by the ticket inquiry unit,
Wherein the login processing unit performs a login process for the second application when the ticket is a valid ticket as a result of the determination by the ticket determination unit.
15. The method of claim 14, wherein the first application of the user terminal comprises:
And provides the notification result to the second application upon being informed from the service server that the storing of the ticket is completed abnormally.
15. The method of claim 14, wherein the second application of the user terminal comprises:
A service server for providing an application login service by an authentication sharing, which generates a ticket and provides the generated ticket to the first application.
A request receiving unit for receiving a login request for a second application from a user terminal installed with a first application logged in to the service server;
A first validity determining unit for determining validity of a signature of the second application and a consumer key of the second application transmitted from the user terminal according to the request;
A ticket generating unit for generating a ticket when the first validity determining unit determines that the information is valid;
A ticket storage unit for storing a ticket generated by the ticket creation unit in a database;
A ticket transmitting unit for transmitting a ticket generated by the ticket creating unit to the second application of the user terminal;
A token receiver for receiving a token of the first application, a signature of the first application and a ticket received in the second application from a first application of the user terminal;
A second validity judging unit for judging validity of the token of the first application and the signature of the first application according to the reception of the token receiving unit;
A user identification unit for identifying the logged-in user information from the received token of the first application when the second validity information is valid;
A user information storage unit for mapping the received ticket to user information identified by the user identification unit and storing the same in a database;
A result transmitting unit for notifying the first application of the user terminal that the ticket storage is completed abnormally;
A ticket receiver for receiving the ticket from the second application of the user terminal;
A ticket inquiry unit for inquiring a ticket received through the ticket receiver with a ticket stored in the database;
A ticket determiner for determining whether the received ticket is a valid ticket as a result of the inquiry from the ticket inquiry unit;
And a login processing unit for performing login processing for the second application if the ticket is a valid ticket as a result of the determination by the ticket determination unit.
18. The system according to claim 17,
A token generating unit for generating a token and a token secret of the second application in accordance with a login process of the second application of the login processing unit; And
And a token transmission unit for transmitting the token and the token secret of the generated second application to the user terminal.
An application login method by authentication sharing, wherein each step performed at a service server comprises:
Receiving a request for a login of a second application from a user terminal having a first application installed in the service server;
Judging validity of the token of the first application, the signature of the first application, and the consumer key of the second application transmitted from the user terminal according to the request;
Identifying the logged-in user information from the received token of the first application if the validity information is valid as a result of the validity determination unit, in the user identification unit; And
In the login processing unit, log-processing the second application with the user information identified by the user identification unit,
Generating a token and a token secret of the second application in accordance with a login process for the second application in the login processing unit; And
Further comprising, in the token transferring unit, transmitting the token and token secret of the generated second application to the user terminal.

delete The system of claim 19,
Receiving an application token and token secret of the second application from the service server in the first application and providing the token and token secret of the received second application to the second application; .
21. The system of claim 19,
Receiving a signature of the second application and a consumer key of the second application from the second application and further transmitting a signature of the received second application from the first application to the service server,
Wherein the validity determination unit of the service server further determines the validity of the signature of the transmitted second application.
A computer-readable recording medium having recorded therein a program for executing the method according to any one of claims 19 to 21.
In a user terminal in which a first application and a second application are installed,
Executing the first application and log-processing a user for the first application through a service server; receiving, from the second application, a login request for the second application to the service server in response to receiving a login request for the second application; A first application executing unit for receiving login related information for the second application from the service server; And
The first application executing unit requests the first application executing unit to log in the second application, receives login related information for the second application from the first application executing unit in response to the login request, And a second application executor for performing login processing for the user.
The system according to claim 24,
And sends a token of the first application, a signature of the first application, and a consumer key of the second application to the service server to request login to the second application.
27. The user terminal of claim 24,
Wherein the first application executor receives the token and token secret of the second application from the service server and provides the token and token secret of the received second application to the second application executor.
The information processing apparatus according to claim 25,
Receives the second application's consumer key and the signature of the second application from the second application execution unit, and further sends the signature of the received second application to the service server.

Images