KR20130124448A - Legitimacy checking login authentication system and method thereof - Google Patents

Abstract

A legitimacy confirmation login authentication system and a legitimacy confirmation login authentication method are disclosed. The legitimacy confirmation login authentication system comprises an account confirmation unit for confirming account information corresponding to a login request; a legitimacy confirmation unit for transmitting a predetermined confirmation signal to the terminal of a legitimate user corresponding to the login request; a control unit for enabling a the user terminal to log out or to maintain login when a user terminal requests login to a predetermined account of a web server providing a service. The control unit allows the login for all login requests authenticated based on login information. The legitimacy confirmation unit transmits the confirmation signal to the user terminal corresponding to the account which is allowed to log in and executes legitimacy confirmation procedure for all login requests. [Reference numerals] (110) Control unit;(120) Account confirmation unit;(130) Location-based authentication unit;(140) Legitimacy confirmation unit;(150) Block time authentication unit

Description

Legitimacy checking login authentication system and method

The present invention relates to a verification authentication login authentication system and a method thereof, and more particularly, it is possible to perform login-based authentication and / or location-based login authentication. The present invention relates to a system that can be remotely checked, and a system and method for solving the problems that may occur.

With the development of the Internet, many people have been provided with various services by accessing predetermined applications for web sites or specific web services (eg, instant messengers, etc.). Websites, web services, or web applications often use a procedure called log-in to identify users. In order to log in, a user must input login information (eg, ID, password, etc.) corresponding to an account assigned to each user.

However, when the login information is leaked, the authentication based on the login information becomes inconvenient. However, recently, a variety of intelligent cyber attacks have caused accidents in which the user's login information is leaked. The stability of the authentication method is greatly threatened.

Applicant has provided a variety of technical ideas that can perform the identity verification through location-based authentication to solve this problem. For example, Korean Patent Application (Application No. 10-2009-0125293, "Login Control System and Method"), Korean Patent Application (Application No. 10-2010-0007524, "Service Security System and Method"), Korean Patent Application ( Application No. 10-2010-0124252, "Location Based Service Security System and Method thereof", and the like are examples.

The location-based authentication may basically mean a method of performing authentication by comparing a location where a login is requested and a location of a party user corresponding to the account of the requested login. In the case of location-based authentication, even if authentication based on the login information is successful, the location-based authentication cannot succeed unless the login request is performed in a location that is identical to the party user's location. Can provide a solution to securely protect the accounts of political parties.

On the other hand, when performing the location-based authentication and / or login information-based authentication, there are two ways to actually control the login. First, if authentication fails, there may be a login rejection method that does not allow login at all. This type of login denial has traditionally been used for the most basic authentication based on login information.

Another method of authentication may be a method of determining justification by a party user that allows a user to log in once and then maintains the login regardless of the success or failure of authentication. In the specification, it will be defined as a verification method.

For example, the validity checking method transmits a confirmation signal or a message to a political party user about a failed login or a successful login, and in response, when the political party responds to logout of the login, the logout is forcibly logged out. Can be.

In the case of login control through the validity checking method, when the party user logs in, the above confirmation signal may not respond even if the user does not go to the party user, or even if another person logs in, In the case of login, the login can be maintained by not responding. On the other hand, if a login occurs that you do not know, you can protect your account by forcibly logging out in response. In addition, the validity checking method may be performed even for a login request for which authentication is successful, since a procedure for separately checking the validity of a login request by a party user may be a very useful procedure even if authentication is successful by a web server.

However, in case of such a validity verification method, unexpected problems may occur. For example, there may be a case where a party user is difficult to respond even if he or she is not sleeping. In such a case, there may be a problem in that a logout cannot be made even after allowing a login for a login request for which authentication fails.

Accordingly, the technical problem to be achieved by the present invention is to provide a system and a method for improving the problem that may occur when the login control using the validity check method, that is, the problem that the party user can not respond to To provide.

The legitimacy confirmation login authentication system for solving the technical problem is an account confirmation unit for confirming the account information corresponding to the login request, when the user terminal requests a login to a predetermined account of the web server providing a web service, A location-based authentication unit for performing location-based authentication based on the location of the user terminal and the location of the party user of the account corresponding to the login request, a validity confirmation unit for transmitting a predetermined confirmation signal to the terminal of the party user; And a controller for maintaining a login of the logged in user terminal or logging out of the user terminal based on whether a response signal is received from the terminal user of the political party based on the transmitted confirmation signal. Set by party user For a login request requested during a block time corresponding to the block time information that can be specified, login is allowed even for login information authentication based on login information previously stored in the web server and login request for which the location-based authentication can succeed. I never do that.

The validity check login authentication system stores the block time information, and for a login request requested during the block time, a block for requesting a login request terminal for additional authentication separate from the login information authentication and the location-based authentication. The apparatus may further include a time authentication unit, and the control unit may allow the login request requested during the block time only when the additional authentication requested by the block time authentication unit is successful.

The terminal of the party user may receive the block time information through an application corresponding to the web server, and transmit the received block time information to the block time authentication unit included in the validity check login authentication system.

When a predetermined UI provided by the application is selected, the block time may be started from the selected time point.

The block time authentication unit transmits information for confirming block setting to the user terminal when there is a logout request from the logged in user terminal, and when the block setting request is received by the user terminal, the user terminal logs out. The block may be set to start from this point.

The validity confirming unit transmits a confirmation signal to the terminal of the user of the political party only when the location-based authentication fails based on the selectively set confirmation setting information, or transmits the confirmation signal whenever a login is requested to the account. It can be characterized.

The location-based authentication unit checks the IP address of the user terminal, and the terminal location determination module for identifying the location of the user terminal corresponding to the identified IP address based on the location information for each IP address and corresponding to the service request And a user location determining module for determining a location of a party user, comparing the first location determined by the terminal location determining module with a second location determined by the user location determining module, and based on the comparison result. Can be performed.

The terminal location determining module identifies the first location from a location information DB for each IP address that stores location information for each IP address, and the location information DB for each IP address indicates that a predetermined terminal has a predetermined IP and a predetermined user identifier. When a party accesses a predetermined network system by using, the location information for each IP may be stored based on the location of the mobile phone of the party user corresponding to the user identifier.

The validity confirming unit may control to transmit the confirmation signal to the terminal of the party user in a message, or transmit the confirmation signal to an application installed in the terminal of the party user corresponding to the web server.

The legitimacy confirmation login authentication system for solving the technical problem is an account confirmation unit for confirming the account information corresponding to the login request, when the user terminal requests a login to a predetermined account of the web server providing a web service, A validity confirming unit for transmitting a predetermined confirmation signal to the terminal of the political party user, and maintaining a login of the logged in user terminal based on whether a response signal is received from the terminal of the political party user based on the transmitted confirmation signal Or a control unit for logging out the user terminal, wherein the validity confirming unit transmits the confirmation signal whenever a login is requested to an account corresponding to the login request, and the control unit sets a block time set by the political user. Information is stored, and the block time is defined. For the login request block requests during the time corresponding to, even in the Web server, the login information previously stored login information, which is to be successful based on the request, it does not allow the login.

The legitimacy confirmation login authentication system for solving the technical problem is an account confirmation unit for confirming the account information corresponding to the login request, when the user terminal requests a login to a predetermined account of the web server providing a web service, A location-based authentication unit for performing location-based authentication based on the location of the user terminal and the location of the party user of the account corresponding to the login request, a validity confirmation unit for transmitting a predetermined confirmation signal to the terminal of the party user; And a controller for maintaining a login of the logged in user terminal or logging out of the user terminal based on whether a response signal is received from the terminal user of the political party based on the transmitted confirmation signal. The terminal is an application corresponding to the web server Block time information is received through the application, and the application may automatically transmit the response signal when the confirmation signal is received during the block time corresponding to the input block time information.

In order to solve the above technical problem, a validity check login authentication method checks the account information corresponding to the login request when the validity check login authentication system requests a login to a predetermined account of a web server where the user terminal provides a web service. Transmitting a predetermined confirmation signal to the terminal of the party user by the validity checking login authentication system, and receiving a response signal from the terminal of the party user based on the confirmation signal transmitted by the validity checking login authentication system. Maintaining a login of the logged-in user terminal or performing log-in control of logging out the user terminal, wherein the validity check login authentication method is performed by the validity check login authentication system. By snow For the login request requested during the block time corresponding to the block time information which is determined and can specify the block time, the login request based on the login information pre-stored in the web server and the login request for which the location-based authentication can succeed. Also, the method further includes disallowing login.

The step of transmitting the predetermined confirmation signal to the terminal of the party user by the validity confirmation login authentication system is based on the confirmation setting information selectively set by the validity confirmation login authentication system, and only when the location-based authentication fails. The method may include transmitting a confirmation signal to a terminal of the terminal or transmitting the confirmation signal every time a login is requested to the account.

In order to solve the above technical problem, a validity check login authentication method checks the account information corresponding to the login request when the validity check login authentication system requests a login to a predetermined account of a web server where the user terminal provides a web service. Performing at least one of a location-based authentication based on a location of the user terminal and a location-based authentication based on a location of a party user of an account corresponding to the login request, or login authentication based on login information; and Validity confirmation login authentication system transmits a predetermined confirmation signal to the terminal of the party user, and logs in the user terminal logged in based on whether a response signal is received from the terminal of the party user based on the transmitted confirmation signal. Keep or remind four And performing login control for logging out the user terminal, wherein the user terminal of the political party receives block time information through an application corresponding to the web server, and the application corresponds to the input block time information. During the block time, the response signal may be automatically transmitted when the confirmation signal is received.

The justification login authentication method for solving the technical problem may be stored in a computer-readable recording medium recording a program.

Therefore, according to the technical idea of the present invention, when the user is in a situation in which he or she cannot respond to the validity confirmation (for example, when going to bed), the user can block the login at all for a desired time. This can improve the vulnerability of login control.

In addition, even if the login is blocked, the political party user can log in through a predetermined additional authentication (for example, an accredited certificate or OTP), or can unblock the login, thereby ensuring that the political user can use his login. There is.

In addition, when a political party user does not plan to log in for a certain period of time, the vulnerability of login control by legitimacy can be improved by selectively blocking login or automatically sending a response. . In addition, in this case, when the user wants to log in, there is an effect of not having to perform additional authentication.

In addition, in case of a system or service that requires particularly high security, it is possible to perform validity check on all logins that succeed in login information-based authentication, and at this time, improve the weakness of the validity check method. There is an effect that can provide a service.

BRIEF DESCRIPTION OF THE DRAWINGS A brief description of each drawing is provided to more fully understand the drawings recited in the description of the invention.
1 is a schematic system configuration for implementing a method of validating login authentication according to an embodiment of the present invention.
2 illustrates a schematic configuration of a location-based authentication unit included in a validity verification login authentication system according to an embodiment of the present invention.
FIG. 3 is a diagram schematically illustrating a method for setting a block time in a validity verification login authentication method according to an embodiment of the present invention.
FIG. 4 is a diagram for describing a method for allowing a user to block while performing logout in a validity check login authentication method according to an embodiment of the present invention.
FIG. 5 is a diagram for describing a method of allowing a party user to log in through additional authentication in the legitimacy confirmation login authentication method according to an embodiment of the present invention.

In order to fully understand the present invention, operational advantages of the present invention, and objects achieved by the practice of the present invention, reference should be made to the accompanying drawings and the accompanying drawings which illustrate preferred embodiments of the present invention.

Also, in this specification, when any one element 'transmits' data to another element, the element may transmit the data directly to the other element, or may be transmitted through at least one other element And may transmit the data to the other component.

Conversely, when one element 'directly transmits' data to another element, it means that the data is transmitted to the other element without passing through another element in the element.

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, the present invention will be described in detail with reference to the preferred embodiments of the present invention with reference to the accompanying drawings. Like reference symbols in the drawings denote like elements.

First, the technical idea of the present invention has a useful effect in login control through a method of validating, that is, a method for allowing a party user to check whether the login is a login by the user (or the user allowed) and to control the login. .

In addition, the validity checking method may be useful when separate authentication (eg, location-based authentication) is performed together with basic login information-based authentication as in the technical idea of the present invention. That is, if the login request based on the successful authentication of the login information is not successful in the separate authentication, the login rejection method or the validity checking method may be used as described above. In this case, the validity checking method is more preferable. Can be useful.

The reason for using the validity checking method without using the login rejection method is as follows. First, since most existing web servers that provide a website or web application are basically designed to allow a login upon successful login-based authentication. Significant system changes may be required to add a separate authentication function, such as location-based authentication, and determine whether to allow login based on the success of the additional authentication.

Second, unlike the certificate or OTP method that requests specific information, such as location-based authentication, the process in which the user participates in authentication when authentication based on facts is used as a separate authentication method (eg, a certificate). There is a problem that may be a great discomfort that can be felt when the login is refused by the authentication process that does not directly participate, since the authentication is performed immediately without any selection, input of the password, etc.).

Third, in the case of authentication based on facts, there may be a risk that an error may occur in the identification of facts. In particular, in the case of location-based authentication, a certain error or error in the location where a login is requested and / or a user of a political party is determined. Is likely to occur. Therefore, there is a risk that the authentication may fail even though the user is actually a party user. If the authentication is not successful even if the user is a party user, rejecting the login may adversely affect the completeness of the service or the service reliability felt by the user. Can be. Therefore, if authentication based on basic login information is successful, it is recommended to design the system or service so that even if a separate authentication fails, once a user is allowed to log in and a political party user is forced to log out unless he or she is logged in. It can be more stable and reliable.

Fourth, in case of adopting the login rejection method, if location based authentication is performed together with login information based authentication, it is determined whether the authentication based on the login information is successful, and then waits until whether the authentication based on the location succeeds. There is a problem that allows or denies login. In particular, even if location-based authentication is unsuccessful (e.g., login by fraudulent user) is significantly fewer than that when location-based authentication is successful (e.g., login by party user), Uniformly slowing down login authentication can be a very inefficient service design.

Therefore, hereinafter, the technical spirit of the present invention, which may be useful in the validity checking method, will be described in more detail.

1 is a schematic system configuration for implementing a method of validating login authentication according to an embodiment of the present invention.

Referring to FIG. 1, the legitimacy confirmation login authentication system 100 according to an exemplary embodiment of the present invention may be connected to a web server 200 providing a predetermined website or a web application through a wired or wireless network. In addition, if necessary, the login authentication system 100 may communicate with the user terminal 300 through a wired or wireless network. In addition, the validity check login authentication system 100 may communicate with the terminal 400 of the party user through a wired or wireless network.

The validity verification login authentication system 100 is installed to be included in the web server 200 or implemented as a separate physical device from the web server 200, but organically combined with the web server 200 of the present invention Technical ideas can be implemented. Of course, when the legitimacy confirmation login authentication system 100 is implemented as a physical device separate from the web server 200, the web server 200 may store predetermined data with the legitimacy confirmation login authentication system 100. Certain software may be installed to implement the technical idea of the present invention while transmitting and receiving. In addition, according to another embodiment, some components or functions included in the validity check login authentication system 100 may be installed or performed on the web server 200, and the remaining components or functions may be installed in the validity check login authentication system ( 100) may be included or performed.

On the other hand, when the validity verification login authentication system 100 is implemented as a separate physical device from the web server 200, the validity verification login authentication system 100 is not only the web server 200, but also a plurality of web It may be connected via a server and a wired or wireless network to provide a technical idea of the present invention.

Hereinafter, for convenience of description, the case where the validity verification login authentication system 100 is implemented as a physical device separate from the web server 200 will be described as an example.

The user terminal 300 may access the web site or the web application, that is, access the web server 200 and perform a login request. Then, the web server 200 may transmit the information on the login request to the validity confirmation login authentication system 100. The web server 200 may perform authentication based on already implemented login information. For example, authentication may be performed to determine whether an ID and password of an account for which the user terminal 300 requests a login match with a previously stored ID and password. Of course, other forms of authentication may be required (eg, accredited certificates or OTPs) to log in.

On the other hand, if the login information authentication is successful, the web server 200 may transmit the account information to the validity verification login authentication system 100. Then, the validity confirmation login authentication system 100 may perform location-based authentication using the account information. The account information may include information for identifying a party user of an account corresponding to the login request. In addition, the account information may include information on the address of the IP (Internet Protocol) used when the user terminal 300 accesses the web server 200.

According to an implementation example, the web server 200 may transmit the account information without performing the login information authentication. That is, the location-based authentication may be performed before the login information authentication, or the location-based authentication may be performed without the login information authentication.

On the other hand, the validity confirmation login authentication system 100 performs location-based authentication, and if the location-based authentication fails, it may perform a validity verification procedure by transmitting a predetermined confirmation signal to the terminal 400 of the user of the political party. . That is, the validity checking procedure may be performed when login information authentication succeeds and location-based authentication fails. According to another embodiment, only the location-based authentication may be performed to log in the user terminal 300, and the validity checking procedure may be performed only for a login request for which location-based authentication fails or for all login requests. According to another embodiment, the validity verification procedure may be performed for all login requests for which the login information authentication is successful. This is because a login request for which login information authentication fails is not necessary to perform a validity verification procedure because the web server 200 and / or the validity verification login authentication system 100 are implemented so as not to allow login. In various cases, validation procedures can be performed on a limited or all login request basis. The justification check login authentication system 100 transmits a confirmation signal, not only when the justification check login authentication system 100 directly transmits a confirmation signal, but also a predetermined system (eg, a messaging server, a communication company system, etc.). ) May be used to control the transmission of the confirmation signal.

When the validity confirmation procedure is performed, the validity confirmation login authentication system 100 may transmit a predetermined confirmation signal to the terminal user's terminal 400. When a response is received based on the transmitted confirmation signal, login control (eg, control for maintaining a login or forcibly logging out) may be performed according to the received response.

On the other hand, in the case of the login control through the legitimacy confirmation procedure as described above, there may be a case where the party user fails to respond. That is, when authentication fails when the login control is performed through a predetermined authentication, a validity check method is applied instead of a login rejection method. However, a fatal weakness may exist when a party user fails to perform login control.

The technical idea of the present invention for solving this weakness may be a technical idea that allows a party user to set a block time. Another technical idea may be a technical idea that enables the transmission of the response signal automatically.

First, the web server 200 and / or the validity confirmation login authentication system 100 may allow a political user to set predetermined block time information. Then, in principle, no login may be allowed during the block time corresponding to the set block time information.

The block time information may include, for example, information about a block start time and / or a block end time. Then, a block may be set from the block start time to the block end time. According to an embodiment, the block time information may include information on an event that may specify at least one of a block start time and / or a block end time. In any case, the block time information preferably includes information that can specify the time when the login of the web server 200 is set to a block. For example, the logout event may be set to be a block start time, and may be automatically terminated when login through additional authentication is performed. Hereinafter, the block time information will be described as an example of specifying the time information, but the scope of the present invention is not limited thereto.

For example, if a predetermined login request is received by the validity verification login authentication system 100 at a block time, that is, when a political user cannot respond, the validity verification login authentication system 100 may not allow the login request. Can be. In other words, you may not log in. That is, even if the login information authentication and location-based authentication is successful at the set block time, no login is allowed, so in principle, no one can log in with the user of the party user. Then, the party user will not request a login during the block time set by the party user, thereby preventing the illegal user from logging in at the source.

The block time may be, for example, a time when a party user sleeps. Or it may be a time when a political party user fails to respond to the confirmation signal for various other reasons.

If the unauthorized user requests a login at a time other than the block time, even if login information authentication succeeds and location-based authentication fails, login may be performed in some cases. However, such a login may be immediately logged out by the party user by sending a response signal to the validity confirmation login authentication system 100.

The response signal may be, for example, when a predetermined UI included in the confirmation signal is selected or when a party user performs a predetermined action according to predetermined guidance information included in the confirmation signal (for example, input of a specific button or specific information). Can be sent to the legitimacy confirmation login authentication system 100). For example, the terminal user's terminal 400 may be connected to a predetermined mobile web page provided by the validity checking login authentication system 100 when a predetermined action is performed by the political user. The response signal may be input through the web page. Alternatively, the response signal may be transmitted to a predetermined callback URL included in the confirmation signal. Alternatively, the terminal 400 of the party user may connect a call to a predetermined ARS system, and may input the response signal through the ARS system. Alternatively, when the confirmation signal is received through a predetermined application 10 installed in the terminal user's terminal 400, the response signal is the validity confirmation login authentication through a predetermined UI provided by the application 10. It may be output to the system 100.

On the other hand, in block time, even if a rogue user logs in, a political user cannot send a response signal, thereby creating a vulnerability in login control of the validity checking method. Therefore, this problem can be solved by not allowing a login for any login request in a situation where a political user cannot output a response signal to the validity checking login authentication system 100.

On the other hand, a party user may need to log in at a block time set by him. In this case, the validity confirmation login authentication system 100 may allow login even at block time through a predetermined additional authentication. The additional authentication is preferably an authentication method different from the login information authentication and the location-based authentication. For example, various methods, such as a method through an official certificate, a method through OTP, an authentication method using biometric information (eg, fingerprints or irises), or an authentication method through a predetermined offline procedure, may be selected as the authentication method for the additional authentication. Can be. In addition, when the additional authentication is performed, the block time may be released or changed.

In order to implement the technical idea, the validity verification login authentication system 100 includes a controller 110, an account verification unit 120, a location-based authentication unit 130, and a validity verification unit 140. The validity confirmation login authentication system 100 may further include a block time authentication unit 150.

The validity verification login authentication system 100 may include hardware resources and / or software necessary for implementing the technical idea of the present invention, and means one physical component or one device. It does not mean. That is, the validity verification login authentication system 100 may mean a logical combination of hardware and / or software provided to implement the technical idea of the present invention, and if necessary, are installed in devices spaced apart from each other. By performing a function may be implemented as a set of logical configurations for implementing the technical idea of the present invention. In addition, the validity check login authentication system 100 may refer to a set of components separately implemented for each function or role for implementing the technical idea of the present invention.

In addition, in the present specification, "~ part" may mean a functional and structural combination of hardware for performing the technical idea of the present invention and software for driving the hardware. For example, the term "~ part" may mean a logical unit of a predetermined code and a hardware resource for performing the predetermined code, and means a code that is physically connected or one kind of hardware. It can be easily deduced by the average expert in the technical field of the present invention.

The controller 110 may implement other components (eg, the account verification unit 120, the location-based authentication unit 130, the validity verification unit 140, and / or the block time) to implement the technical idea of the present invention. Function and / or resources of the authentication unit 150).

The account checking unit 120 may check account information of an account that has been requested to log in. The account information includes identification information of the party user, identification information of the terminal 400 of the party user, IP address information of the terminal 400 of the party user (that is, when accessing the web server 200 for login request) The IP address of the terminal 400 of the corresponding party user). When the user terminal 300 requests a login to the web server 200, the account checking unit 120 may receive the account information corresponding to the login request from the web server 200. Of course, when the legitimacy confirmation login authentication system 100 is included in the web server 200 and installed, the account checking unit 120 may directly check the account information.

Then, the location-based authentication unit 130 may check the location of the party user of the account corresponding to the login request and the location of the user terminal based on the confirmed account information. The location-based authentication may be performed by comparing the identified locations. Detailed configuration of the location-based authentication unit 130 will be described with reference to FIG.

2 illustrates a schematic configuration of a location-based authentication unit included in a validity verification login authentication system according to an embodiment of the present invention.

Referring to FIG. 2, the location-based authentication unit 130 includes a terminal location determining module 131 and a user location determining module 132.

The terminal location determining module 131 may determine the location of the terminal, that is, the user terminal 300, which has performed a login request to the web server 200. In addition, the user location determination module 132 may determine the location of the party user of the account requested by the user terminal 300 to log in.

According to an embodiment of the present disclosure, the terminal location determining module 131 may determine the location of the user terminal 300 based on the IP address of the user terminal 300. For example, the user terminal 300 may be a fixed data processing device such as a desktop computer or a portable terminal such as a mobile phone. The terminal location determining module 131 may obtain an Internet Protocol (IP) address of the user terminal 300 requesting a login and determine the location of the user terminal 300 based on the obtained IP address. .

An IP address may be matched with actual address information. In general, an IP address may be assigned, registered, and / or managed by an Internet service provider (ISP). Accordingly, the terminal location determining module 120 obtains an IP address corresponding to the user terminal 300 and stores the IP address from a predetermined system (eg, an ISP system (not shown)) that stores location information for each IP address. Actual address information corresponding to the IP address may be obtained. The validity verification login authentication system 100 may store the actual address information for each IP address in a predetermined DB, that is, location information DB for each IP address (not shown).

The location-based authentication unit 130 included in the validity check login authentication system 100 is previously stored in the location information DB for each IP address, or information about an actual address corresponding to the IP address periodically or in real time. May be received. The real address may be information having only up to a specific administrative region (eg, east or west) unit, or may be a full address.

When the user terminal 300 is a portable terminal, the user terminal 300 may access the wireless internet through a wireless internet network. In this case, a communication company providing the wireless internet service is allocated to the user terminal 300. The IP address and / or the location of the access point (AP) to which the portable terminal 210 is connected. In this case, the terminal location determining module 131 may receive information about the location of the access point from a communication company system that provides a wireless Internet service. In addition, the location of the user terminal 300 may be determined by various conventional location tracking methods (eg, triangulation, GPS, etc.), and the terminal location determining module 131 receives such information from the communication company system. You may. Of course, when the user terminal 300 uses a predetermined location based service (LBS), information about the location of the user terminal 300 is received from an LBS system (not shown) that provides the LBS service. You may. Alternatively, according to an embodiment, when the user terminal 300 includes a position determining means such as a GPS module, the terminal position determining module 131 directly positions the user terminal 300 from the user terminal 300. May be received. In addition, the terminal location determining module 131 may determine the location of the user terminal 300 in various ways.

Meanwhile, as described above, the location information DB for each IP address may store location information corresponding to each IP address based on information received from an ISP system or the like. However, the location information that can be grasped from the ISP system has a large error range, and the location information is not accurate in a large private network such as a VPN (Virtual Private Network).

Therefore, in order to solve this problem, the location information DB for each IP address according to an embodiment of the present invention may be a DB for storing location information for each IP based on the location of the user. This technical idea has been disclosed in Korean patent application (Application No. 10-2011-0081595, "Network Identifier Location Determination System and Method thereof", filed "Applicant") filed by the present applicant. The technical ideas disclosed in the prior applications and their descriptions are included as a reference of the present invention and can be treated as described herein.

As a result, the location information DB for each IP address may be a DB in which location information is mapped for each IP based on the location of a party user as disclosed in a previous application. That is, when a party user legitimately accesses a predetermined network system (the web server 200 may be another web server or the like), the party user may use the location information of the IP based on the location value of the mobile phone of the party user. In this case, the location information of the IP in this case is much smaller than the location information received from the ISP system, and even in the case of an IP used in a private network, it is possible to identify accurate location information. Therefore, as the error range of the location information is reduced, it is possible to reduce the case in which it is incorrectly determined that the location corresponding to the IP and the location of the party user correspond to the login request by the fraudulent user. Even if you are using a network or Dynamic Host Configuration Protocol (DHCP), you can accurately determine whether the two locations correspond. For example, according to the previous application, when using a private network or DHCP, a plurality of possible location information may be mapped to the same IP (eg, an IP address). Therefore, in the embodiment of the present invention, if the location-based authentication unit 130 corresponds to the location of the party user, any one of a plurality of location information corresponds to the location of the user terminal 300 and the location of the party user. It may be determined that there is an identity.

After all, the method of determining a location corresponding to a conventional IP is simply a method of allocating an IP by an ISP, a rule, or information of a network operator. By determining the location of the IP using other parameters (that is, the location of a party user), an accurate location can be identified. In particular, while the conventional method has to grasp the location of each IP as information having a large error of about the same unit, according to the technical idea of the present invention, the degree of error of the location information of a party user is determined as the error of the location of each IP. It is effective. In general, when the party user's location information is identified as the location of the party user's terminal 400, the party user's location information includes a GPS value or a value received from a telecommunication company system. Since there are about meters, the error range of each IP location is significantly reduced compared to the conventional method.

On the other hand, the user location determination module 132 may determine the location of the party user of the account corresponding to the login request. To this end, the user location determining module 132 may determine the location of the terminal 400 of the party user. That is, the user location determination module 132 may determine the location of the party user based on the location of the terminal 400 of the party user. The method of determining the location of the terminal 400 of the political party user is similar to the method of determining the location information of the mobile terminal for which the terminal location determination module 131 requests a login, and thus the detailed description thereof will be omitted.

Identification information (eg, a mobile phone number) of the party user terminal 400 may be previously stored in the validity confirmation login authentication system 100 or the web server 200, and based on the stored identification information. The terminal user 400 can be identified.

Then, the location-based authentication unit 130 compares the location of the user terminal 300 determined by the terminal location determining module 131 with the location of the party user determined by the user location determining module 132, thereby Based authentication can be performed.

On the other hand, when location-based authentication is performed by the location-based authentication unit 130 as described above, it may be limited to the login request that the login information authentication is successful by the web server 200. For example, if the login information authentication through the ID and password passes, the web server 200 may transmit the account information to the account verification unit 120. Then, location-based authentication based on the account information may be performed.

Meanwhile, the validity confirming unit 140 may transmit a predetermined confirmation signal to the terminal 400 of the user of the political party. The confirmation signal may be, for example, a message such as SMS or MMS. Alternatively, the confirmation signal may be a push message transmitted to a predetermined application installed in the terminal 400 of the party user. Various implementations may be possible. In addition, the validity confirming unit 140 may determine whether a predetermined response signal is received based on the confirmation signal. The response signal may be, for example, a control signal for logging out the logged-in user terminal 300.

Then, when the response signal is received, the controller 110 can forcibly log out of the user terminal 300.

On the other hand, as described above, the legitimacy confirmation login authentication system 100 according to an embodiment of the present invention may include a configuration that allows a party user to set a block time. To this end, the validity check login authentication system 100 may further include a block time authentication unit 150. In the present specification, the block time information indicating the block time does not necessarily mean that the block end time is included. That is, only information or an event indicating the start of a block may be included in the block time information.

The manner in which the user can set the block time will be described with reference to FIGS. 3 and 4.

First, FIG. 3 is a diagram schematically illustrating a method for setting a block time in a validity confirmation login authentication method according to an embodiment of the present invention.

Referring to FIG. 3A, a political party user may access the web server 200 and set a block time through a predetermined UI provided by the web server 200. In addition, referring to FIG. 3B, the party user may set the block time through the terminal 400 of the party user. In order to set the block time through the party user terminal 400, a predetermined application 10 corresponding to the web server 200 may be installed in the party user terminal 400. That is, the application 10 may communicate with the web server 200 to transmit information on the block time input through the application 10 to the web server 200. As such, when the block time can be set through the application 10, there is an effect that the user does not need to access the web server 200 to set the block time.

In order for a party user to set a block time by accessing the web server 200, the party user may need to log in through login information authentication and / or location-based authentication. When the party time user transmits a block time setting request to the web server 200 through a terminal used by the party user (which may be the terminal 400 of the party user), the web server 200 may be configured as shown in FIG. 3A. Can provide a UI.

The party user may select a UI, for example, "from now on" as shown in FIG. Then, the block time may start from the time point at which the UI is selected. On the other hand, selecting the "off" UI may end the block time. Depending on the implementation, the party user may directly enter the start time and end time of the block time. Then, the input time may be set as the block time.

Even when the block time is set through the terminal 400 of the party user, the application 10 can provide the same UI as described in FIG. 2A or a UI capable of performing a similar function. The party user may then set the block time via the application 10.

On the other hand, the technical idea that can exhibit an effect similar to that set the block time without setting the block time is disclosed by the present specification.

This technical concept is different from the case where the party user fails to transmit the response signal for performing the validity checking procedure by setting the block time separately as described above. It can be implemented by sending a response signal.

For example, an application 10 corresponding to the web server 200 may be installed in the terminal user 400. The application 10 may identify a confirmation signal received from the validity confirmation login authentication system 100. Then, when it is confirmed that the confirmation signal has been received, the application 10 may automatically transmit the response signal. This allows the party user to automatically transmit the response signal at a desired time or situation even when the party user cannot directly transmit the response signal.

Meanwhile, as shown in FIG. 3A or 3B, when the party user is not currently connected to the web server 200, the party user may set a block time. On the other hand, the need to set the block time may occur frequently when the party user is already connected to the web server 200 when the user logs out and tries to set the block time after logout.

For example, when the web service provided by the web server 200 is a game, a party user may want to stop playing the game and log out while playing the game. In this case, according to the technical spirit of the present invention, the party user can simply set the block time together with the logout procedure without having to go to the web page for setting the block time.

An example of this is shown in Fig.

FIG. 4 is a diagram for describing a method for allowing a user to block while performing logout in a validity check login authentication method according to an embodiment of the present invention.

Referring to FIG. 4, when the legitimacy confirmation login authentication system 100 and / or the web server 200 receives a logout request from the user terminal 300 according to an embodiment of the present invention, shown in FIG. 3. The predetermined logout confirmation UI 20 as described above may be provided to the user terminal 300. The logout request from the user terminal 300 may be a case where a predetermined logout request UI (not shown) provided by the web server 200 is selected or a termination request of the web client.

As illustrated in FIG. 4, the logout UI 20 may include a logout UI 21, a logout and block setting UI 22, and a logout cancellation UI 23. When the logout UI 21 is selected by the user terminal 300, only logout may be performed without setting a block time. When the logout and block setting UI 22 is selected, a logout can be started and a block time can be started after logout. That is, a block can be set. If the logout cancellation UI 23 is selected, the logout state may be maintained without logging out.

You can easily set up the block at the same time confirming the logout. After that, of course, additional users may need to perform additional authentication to log in again. If additional authentication is performed, the block may be released. According to an implementation example, as shown in FIG. 4, a block setting UI (eg, 22) may not be provided separately, and a block may be automatically configured when a logout is performed.

When the block time information, that is, block time information is set by the user, the block time authentication unit 150 may store block time information. Then, the controller 110 may check the block time information stored in the block time authentication unit 150. In addition, the login request requested during the block time may in principle not allow login.

That is, according to the spirit of the present invention, login information authentication and location-based authentication may be basically performed on the login request requested to the web server 200. If login information authentication succeeds, log-in is allowed once, but if location-based authentication fails, justification procedure can be performed. Depending on the implementation, even if location-based authentication succeeds, a validity verification procedure may be performed.

However, the controller 110 may not allow a login even for a login request requested during a block time, even if the login request is a login request for which the login information authentication can succeed and location-based authentication succeeds. Can be. The fact that login information authentication and location-based authentication do not allow login of a login request that can succeed does not mean that the login information authentication and location-based authentication should actually be performed. That is, when the login information authentication and the location-based authentication are performed, even if the login request can be successful, the login is not allowed. In fact, the validity check login authentication system 100 and / or the web server 200 may be Login information authentication and / or location based authentication may or may not be performed.

Meanwhile, if a login is requested during the block time, the block time authentication unit 150 may perform a predetermined additional authentication. The additional authentication may be a separate authentication from the login information authentication and the location-based authentication, that is, another type of authentication. Only after passing this additional authentication can login be allowed during block time. Of course, login information authentication and location-based authentication must also pass further to allow login during block time.

The additional authentication process may be performed as shown in FIG. 5.

FIG. 5 is a diagram for describing a method of allowing a party user to log in through additional authentication in the legitimacy confirmation login authentication method according to an embodiment of the present invention.

First, referring to FIG. 5A, the user terminal 300 may provide the web server 200. Although FIG. 5A illustrates a case of accessing a predetermined web site, the technical idea of the present invention may be provided even when a predetermined web application provided by the web server 200 is used.

The party user may input login information (eg, ID, PWD) into a predetermined login UI provided by the web site through the user terminal 300. When authentication through the login information is authenticated by the web server 200, in principle, the web server 200 may allow the user terminal 300 to log in.

However, when the login request from the user terminal 300 is requested during the block time as described above, the validity confirmation login authentication system 100 may be configured to perform block authentication as shown in FIG. 5B and / or additional authentication. Guidance information or the like for performing the login may be provided to the user terminal 300. Of course, the validity check login authentication system 100 may further provide a predetermined UI to the user terminal 300 to perform additional authentication.

Meanwhile, the validity checking procedure according to the technical spirit of the present invention may be transmitted only when the location-based authentication fails. In addition, even if the location-based authentication fails, at least the login information authentication succeeds, and if the location-based authentication fails, the validity verification procedure may be performed. This is because it is generally implemented that login is not allowed at all even if login authentication fails.

If the location-based authentication fails, for example, the login information may be leaked, and the illegal user may log in, or the party user may allow another user to log in. In general, a company may frequently use a specific account, such as a colleague or a subordinate, by a plurality of users. In this case, even if the login information authentication succeeds, the location-based authentication may fail when the location of the name holder of the account is different from the location of the user who performs the current login. Therefore, in this case, the party user may confirm the validity of the corresponding login by not outputting the response signal to the confirmation signal received by the terminal 400.

On the other hand, according to the implementation example, the provider of the web server 200 may wish that a predetermined account is implemented so that only the name holder of the account can be used. Such an example may be a system inside a company or a system particularly requiring security. In this case, the validity check login authentication system 100 may perform a login control so that only a political party can log in. At this time, it may be possible to allow the login only when the location-based authentication is successful, or to implement the validity checking procedure even when the location-based authentication is successful.

In other words, if location-based authentication fails, it may be desirable to go through a validity checking procedure, and even if location-based authentication succeeds, a validity checking procedure may be performed to increase security.

Therefore, in the end, the validity check login authentication system 100 may go through a validity check procedure for all login requests for which login information authentication succeeds, regardless of whether the location-based authentication fails or succeeds. In this case, the location-based authentication may not need to be performed, but may be performed depending on the implementation example.

Accordingly, according to the technical concept of the present invention, the validity checking login authentication system 100 may perform a validity checking procedure for a login request for which login information authentication succeeds and location-based authentication fails, and all logins for which login information authentication succeeds. Can also be done on request. Of course, the justification procedure may be performed for other cases as described above.

In some cases, whether the validity checking procedure is performed may be selected by the user of the political party, or may be determined by the operating body of the web server 200 or the operating body of the validity checking login authentication system 100. The web server 200 and / or the validity confirmation login authentication system 100 may store in advance information about when to establish a validity confirmation procedure, that is, confirmation setting information. In addition, the validity confirmation procedure may be performed to correspond to the stored confirmation setting information.

Although the user terminal 300 is illustrated as a computer in FIG. 1, the user terminal 300 may output a predetermined login request to the validity confirmation login authentication system 100 and / or the web server 200 to implement the technical idea of the present invention. And may include all data processing systems to which an IP address can be assigned.

In addition, although the terminal user's terminal 400 is also illustrated as a mobile phone in FIG. It can be defined to include all data processing systems that can be transmitted.

The legitimacy confirmation login authentication method according to an embodiment of the present invention may be embodied as computer readable codes on a computer readable recording medium. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored. Examples of the computer-readable recording medium include a ROM, a RAM, a CD-ROM, a magnetic tape, a hard disk, a floppy disk, an optical data storage device, and the like in the form of a carrier wave (for example, . In addition, the computer-readable recording medium may be distributed over network-connected computer systems so that computer readable codes can be stored and executed in a distributed manner. And functional programs, codes, and code segments for implementing the present invention can be easily inferred by programmers skilled in the art to which the present invention pertains.

Although the present invention has been described with reference to one embodiment shown in the drawings, this is merely exemplary, and those skilled in the art will understand that various modifications and equivalent other embodiments are possible therefrom. Therefore, the true technical protection scope of the present invention will be defined by the technical spirit of the appended claims.

Claims (7)

An account confirmation unit for confirming account information corresponding to the login request when the user terminal makes a login request to a predetermined account of a web server providing a web service;
A validity confirmation unit for transmitting a predetermined confirmation signal to a terminal of a party user of an account corresponding to the login request; And
And a controller for maintaining a login of the logged in user terminal or logging out the user terminal based on whether a response signal is received from the terminal user of the political party based on the transmitted confirmation signal.
The control unit,
Allow login for all login requests for which login information based authentication based on the login information previously stored in the web server is successful,
The validity verification unit,
A validity check login authentication system, characterized in that a validity checking procedure is performed for all the login requests allowed to log in by sending the confirmation signal to the terminal of the user of the political party corresponding to the login allowed account.
The system of claim 1, wherein the validity confirmation login authentication system is:
A block time authentication unit for storing predetermined block time information, and requesting additional authentication, which is separate from the login information based authentication, to the login request terminal for the login request requested during the block time,
The control unit,
A validity check login authentication system for allowing the login request requested during the block time only if the additional authentication requested by the block time authentication unit succeeds.
The terminal of claim 1, wherein the terminal of the party user,
Receiving the block time information through an application corresponding to the web server,
And a validity check login authentication system for transmitting the input block time information to a block time authentication unit included in the validity check login authentication system.
The method of claim 2, wherein the block time authentication unit,
If there is a logout request from the logged-in user terminal, information for confirming block setting is transmitted to the user terminal. Validation login authentication system, characterized in that the block is set to start.
In the justification login authentication method,
Legitimacy confirmation If the login authentication system makes a login request to a predetermined account of a web server for which the user terminal provides a web service, confirming account information corresponding to the login request;
Transmitting, by the validity confirmation login authentication system, a predetermined confirmation signal to the terminal of the party user; And
The legitimacy confirmation login authentication system performs login control to maintain the login of the logged in user terminal or log out the user terminal based on whether a response signal is received from the terminal of the political party user based on the transmitted confirmation signal. Including the steps of:
The validity verification login authentication method,
After allowing login for all login requests based on the login information previously stored in the web server in advance, login is allowed by transmitting the confirmation signal to the terminal of the user of the political party corresponding to the account that is allowed to log in. Validation login authentication method, characterized in that to perform the validation process for every login request.
The method of claim 5, wherein the validity verification login authentication method,
Storing, by the validity verification login authentication system, predetermined block time information for each account;
Requesting, by the validity check login authentication system, a terminal for requesting login for an additional authentication separate from the login information based authentication for the login request requested during the block time; And
And the legitimacy confirmation login authentication system permitting the login request requested during the block time only if the additional authentication requested is successful.
A computer-readable recording medium having recorded thereon a program for performing the method according to any one of claims 5 and 6.

Images