KR20090000263A - Mutual authentication system - Google Patents
Mutual authentication system Download PDFInfo
- Publication number
- KR20090000263A KR20090000263A KR1020070013699A KR20070013699A KR20090000263A KR 20090000263 A KR20090000263 A KR 20090000263A KR 1020070013699 A KR1020070013699 A KR 1020070013699A KR 20070013699 A KR20070013699 A KR 20070013699A KR 20090000263 A KR20090000263 A KR 20090000263A
- Authority
- KR
- South Korea
- Prior art keywords
- user
- login
- information
- authentication
- site
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
1 is a configuration diagram of a mutual authentication system showing a method for a user to automatically log in to a website, as an embodiment of the present invention;
2 is a flowchart illustrating a process of automatically logging in to the web server of FIG. 1;
3 is a flowchart illustrating a process of automatically logging in at the mutual authentication server of FIG. 1;
4 is a flowchart illustrating a process of performing automatic login in the mutual authentication system of FIG. 1.
The present invention relates to a method for automatically logging in a plurality of authentication sites in a distributed computing environment, and more particularly, to a method for automatically logging in a plurality of membership sites distributed on the Internet with a single user command.
In the Internet environment generalized by the development of information and communication technology, many Internet web sites discriminate and provide services on their web sites into members and non-members or paid members and free members. Therefore, a user who visits a web site must go through a process called login and subscriber authentication in order to receive the service provided by the web site. The login and subscriber authentication process is usually a process in which a user directly inputs an ID and password. Since this process is inconvenient for the user, various studies have been made to simplify the process.
In addition, as the distribution and exchange of information based on the Internet is active, numerous websites are being created and various services are provided. In general, a website encourages a lot of users to join as a member in order to generate a profit structure of the website regardless of whether the service fee is paid or free.
In this case, many websites require member subscribers to input various personal information of the member subscribers and require users to register as members in order to search or use the contents or services of the website.
In addition, even if a new site is already registered as a member, the user's ID and password, which is login information, must be re-entered at all times. Therefore, a user who has registered to multiple websites must remember each ID and password. There is a problem.
As a method for simplifying the login and subscriber authentication process for various types of websites, a user ID and password for each of a plurality of websites or web pages is stored in a specific area of a storage device such as a user's communication terminal. Research is being made to record, store, and automatically enter them each time you visit a website or web page. However, when the user visits the website or webpage using another terminal or when another user uses the terminal, it is inconvenient in terms of convenience and the user's personal information is leaked to the outside in terms of security. have.
Therefore, there is a high need for a technology that can fundamentally solve these problems.
Accordingly, an object of the present invention is to solve the problems of the prior art as described above and the technical problems that have been requested from the past.
That is, an object of the present invention is that when a user wants to visit a plurality of websites that require authentication, the website can be entered with one user command or member information without having to remember login information for the plurality of websites. It provides an automatic login method for accessing.
Mutual authentication system according to the present invention for achieving this object,
Authentication system that includes a method of automatically logging in to multiple websites through a mutual authentication server that stores and manages the location information (URL) of multiple websites requiring authentication and the member information of the websites for each individual user. As
A first step of receiving location information and login information of a website corresponding to a client terminal requested by a user from the mutual authentication server;
A second step of obtaining a web document for executing a user login from location information of the selected authentication site in response to the authentication request of the client terminal;
A third step of analyzing login information of the web document and automatically inputting corresponding member information into a client terminal; And
A fourth step of executing user authentication using the login information input to the client terminal;
It characterized in that it comprises a network having a certification area in a plurality of websites.
Therefore, according to the method of the present invention, the user can confuse the ID and password by automatically logging in to the website by the mutual authentication system without having to remember the ID and password, which are user registration information registered on each website. It can prevent troublesome use.
In some cases, the first step includes transmitting the member information of the client terminal input by the user to the authentication server by a client terminal logged into a website registered in the authentication server, and receiving the client terminal received from the authentication server. And storing the member information in the member information database inside the mutual authentication server.
In the second step, when moving from one website to another website, the mutual authentication server determines whether the website to be moved is a site registered in the member information database, and the client terminal logs in from the mutual authentication server. Receiving a page or a web document can be made.
In the third step, in the login execution page of the web page or the web document in which the registration on the mutual authentication server is determined in the step, in the case of the site registered in the mutual authentication server, the member information stored in the member information database of the mutual authentication server is displayed. Automatically inputting to the login execution page of the website to be moved, and the fourth step may be configured to execute user authentication using the login information input to the client terminal.
Preferably, the first step,
Receiving, by the authentication server, client identification information from a client terminal;
Extracting a list of authentication sites registered by a corresponding client based on the client identification information;
Extracting location information and login information of the extracted authentication site list from a login information database of the authentication server that stores and manages location information (URL) and login information of a site executing login;
And transmitting the list, the location information, and the login information of the authentication site to the corresponding client terminal.
Preferably, the login information has a structure including a user ID and a password.
In addition, if the member information of the mutual authentication server includes a name and a social security number, there is no particular limitation on the items of the information, but it may be preferably configured to include a site code, ID, identification key and name.
In this case, the identification key may maintain security by encrypting a combination of a name and a social security number.
The member information of the website may have a structure including personal information such as ID, password, name, and social security number.
In the present invention, the processing method in the case of moving to a site not registered in the mutual authentication system, stores and manages the location information (URL) and the registration form of the website for a plurality of websites that require authentication When a user accesses a website that is not registered in the mutual authentication server through a mutual authentication server including a database, the member information is automatically displayed on the registration page.
A first step of determining whether a site requested by a user is registered from the mutual authentication server;
A second step of extracting member information of the user from the mutual authentication server and displaying the member information on a member registration page of a site to be accessed if the site requested by the user is a non-registered site in the mutual authentication server; And
A third step of joining and authenticating to the mutual authentication server; It may be configured to include.
As another example of the present invention, a method for automatically logging in to a website by a user may store and manage location information (URL) of a plurality of websites requiring authentication and login information of the website for each user. A method of automatically logging in to a plurality of websites through an authentication server including a login information database and a login form database for storing and managing login forms of each authentication site.
A first step of receiving a list of authentication sites corresponding to the corresponding client from the authentication server;
A second step of selecting a site to be visited by the client from the authentication site list and transmitting the selection request to the authentication server;
Extracting a login form and login information of the selected authentication site based on the selection request, and inputting login information into the login form to create an automatic login document; And
And transmitting the automatic login document to the corresponding client terminal.
Hereinafter, although described with reference to the drawings according to an embodiment of the present invention, this is for easier understanding of the present invention, the scope of the present invention is not limited thereto.
1 is a schematic diagram of a mutual authentication system showing a method for a user to automatically log in to a website as an embodiment of the present invention.
Referring to FIG. 1, the mutual authentication system includes a
The
There is a separate automatic login module (client terminal program) for executing the automatic login routine in the browser, and of course, the automatic login module can be installed and executed independently of the browser. In particular, the automatic login module may be downloaded and installed from the mutual authentication server, or may be installed in the client terminal system through another recording medium.
The
The
The
2 is a flowchart schematically illustrating a process of automatically logging in from the web server of FIG. 1.
Referring to FIG. 2, when a user accesses a web server to obtain content or useful information (S110), it is determined whether the user is a user registered in advance in the mutual authentication server (S120). In the case of a user registered in the mutual authentication server, after a simple member authentication procedure (S130), the user is provided with desired content from the web server. On the contrary, in the case of a user who is not registered in the mutual authentication server, a web page for member registration (S122) recording personal information of the user such as a name and a social security number is shown. The user registration information (member information) is stored in a database of the web server and the mutual authentication server (S124, S230), and when the user reconnects to the web server, the user can use the contents of the web server through a simple authentication process. .
3 is a flowchart schematically illustrating a process of automatically logging in from the mutual authentication server of FIG. 1.
Referring to FIG. 3, when a user registers at a web server registered in advance in the mutual authentication server, the web server which the user intends to use receives member information from the mutual authentication server (S210) and executes a subscription processing engine. The member information is stored in the member information database of the mutual authentication server (S230). When the user moves to another site, the mutual authentication server determines whether the site is registered in the member information database (S250), and if the site is registered in the mutual authentication server, transmits the member information to the web server (S260). By executing the automatic login, on the contrary, if the site is not registered in the mutual authentication server, the member registration information is displayed on the site registration page of the mutual authentication server (S252) to induce the user to register in the mutual authentication server.
4 is a flowchart schematically illustrating a process of performing an automatic login in the mutual authentication system of FIG. 1.
Referring to FIG. 4, when the user newly accesses the web server (S310), the mutual authentication server determines whether the web server to which the user is connected is registered with the mutual authentication server or the user is a member registered with the web server. If it is determined (S320), and if all are determined to be registered through a simple predetermined member authentication procedure (S330) allows the user to use the content of the web server.
However, if the web server to be accessed by the user is not registered in the mutual authentication server, the web server prompts the user to register (S254) by displaying the member related information received from the mutual authentication server (S252). do.
In addition, when the user is not a registered member of the web server registered in the mutual authentication system, as shown in FIG. 2, the user reconnects to the web server by storing the member information in the web server database through the member registration procedure (S122) (S124). In this case, the contents of the desired web site can be used only with simple user authentication.
Although described with reference to the drawings according to an embodiment of the present invention, those of ordinary skill in the art will be able to perform various applications and modifications within the scope of the present invention based on the above contents.
The present invention, first, allows the user to automatically log in without having to remember each user ID and password registered in each of a plurality of sites, and prevents the problem that the user's personal information is leaked to the outside due to sharing management of personal information And it can eliminate the disadvantage that the service is limited only to the affiliate site.
Second, when a user registers and uses member information on one or more sites, the user can directly access the ID without having to enter the ID and password individually. Therefore, the user can confuse the ID and password of registered users by site. The hassle can be avoided.
Third, the site search to check the user ID and password can be performed at the same time for each site or the whole site, and has a number of additional functions that can be conveniently managed. In this case, the searched site is hyperlinked to a specific page of the site at the same time as the automatic login without the user having to re-enter a separate ID and password, it is possible to directly access the site as a registered member.
Claims (9)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020070013699A KR20090000263A (en) | 2007-02-09 | 2007-02-09 | Mutual authentication system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020070013699A KR20090000263A (en) | 2007-02-09 | 2007-02-09 | Mutual authentication system |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20090000263A true KR20090000263A (en) | 2009-01-07 |
Family
ID=40483473
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020070013699A KR20090000263A (en) | 2007-02-09 | 2007-02-09 | Mutual authentication system |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20090000263A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014187168A1 (en) * | 2013-05-22 | 2014-11-27 | 福建联迪商用设备有限公司 | Information storage and management method and apparatus based on webkit browser |
KR20160061227A (en) | 2014-11-21 | 2016-05-31 | 두산중공업 주식회사 | whetstone handling jig |
-
2007
- 2007-02-09 KR KR1020070013699A patent/KR20090000263A/en not_active Application Discontinuation
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014187168A1 (en) * | 2013-05-22 | 2014-11-27 | 福建联迪商用设备有限公司 | Information storage and management method and apparatus based on webkit browser |
KR20160061227A (en) | 2014-11-21 | 2016-05-31 | 두산중공업 주식회사 | whetstone handling jig |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11706218B2 (en) | Systems and methods for controlling sign-on to web applications | |
US20110093790A1 (en) | Preemptive caching for web-based systems | |
US20120317238A1 (en) | Secure cross-domain communication | |
US20140282940A1 (en) | Method and Apparatus for Multi-Domain Authentication | |
US9769159B2 (en) | Cookie optimization | |
US8359352B2 (en) | Automated content and bookmark distribution | |
WO2010148075A2 (en) | Standard commands for native commands | |
CN102413151A (en) | Network resource sharing method and system | |
CN110266661A (en) | A kind of authorization method, device and equipment | |
US8392911B2 (en) | Download discovery for web servers | |
KR20110055542A (en) | An apparatus for managing user authentication | |
US11055480B2 (en) | Crowd-source as a backup to asynchronous identification of a type of form and relevant fields in a credential-seeking web page | |
KR20090000263A (en) | Mutual authentication system | |
US20160380992A1 (en) | Authentication specific data | |
JP2003141081A (en) | Network system, server computer, program and log-in method | |
Fox et al. | Web 2.0 for Grids and e-Science: Invited Contribution | |
Kratov | About leaks of confidential data in the process of indexing sites by search crawlers | |
CN100531065C (en) | Method and system for management of a web site that includes dynamic protected data | |
JP6162056B2 (en) | Advertisement content delivery system and advertisement content delivery method | |
Bettencourt et al. | Recommending Access to Web Resources based on User's Profile and Traceability | |
US20160321612A1 (en) | Open design management server | |
KR20020026753A (en) | A method for automatically executing log-in in distributed netwokrk | |
Tran | User-driven data portability: A user-driven data portability approach utilizing web scraping techniques to liberate data | |
WO2007033581A1 (en) | System and method for dynamically generating a user-centric portal | |
KR20010090309A (en) | A substituting system and the method of registering/logging in |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WITN | Withdrawal due to no request for examination |