KR20200132375A - Method for authorizing virtual space user and system for providing virtual space - Google Patents

Abstract

The present invention relates to a virtual space user authentication method. According to the present invention, the virtual space user authentication method comprises the steps of: requesting access; requesting a URL; requesting the issuance of an employment certificate token; issuing the employment certificate token; transmitting the employment certificate token to a station; requesting confirmation of the validity of the employment certificate token; issuing an access token; and accessing the station. According to the present invention, work efficiency can be improved.

Description

Virtual space user authentication method and virtual space provision system {METHOD FOR AUTHORIZING VIRTUAL SPACE USER AND SYSTEM FOR PROVIDING VIRTUAL SPACE}

It relates to a virtual space user authentication method and a virtual business providing system.

As the business environment changes rapidly, there are increasing cases of collaborating with companies outside the company or seeking advice from outside in order to secure business competitiveness and respond quickly to market demands.

In order to select a cooperative company or an advisory company outside the company, a lot of effort is required to determine whether the company has sufficient reliability to provide the relevant work. For example, in case a company A needs legal advice, in order to select a law firm, it is necessary to select whether the law firm is a reliable law firm by considering how well qualified attorneys are employed and the size of the law firm. Effort is required.

In addition, in order to cooperate with companies outside the company or seek advice, a procedure for verifying their identity with the cooperative companies and advisory companies is required. However, this procedure takes a lot of time, and there is a problem in that it is difficult to reliably authenticate the identity.

In addition, the need for an online virtual space for sharing data, exchanging opinions, and managing work schedules when collaborating with external companies is increasing. Reflecting this demand, a system is being provided that provides an online work space where work data can be uploaded and data and opinions can be shared.

However, the conventional system for providing a virtual space online has a disadvantage in that it cannot reliably authenticate the identity of a user who accesses the virtual space. For example, while an employee A who works at Company A participates in a project of Company B that has been contracted with Company A in advance, if Company A leaves Company A, it should no longer be able to participate in the project of Company B. However, if Employee A owns the ID and password of the virtual space where the project data is shared, employee A still enters the virtual space where the project data is shared, unless there are special circumstances such as deleting the ID. can do. In this case, there is a problem in that the unauthorized employee A may read confidential data or leak the data to the outside. In addition, even when the ID owned by Employee A is deleted, there is a problem that the procedure is complicated and difficult since Employee A is not affiliated with Company B.

In addition, in the conventional system for sharing data by providing a virtual space on-line, there is an inconvenience of opening a separate account (ID) to use the virtual space.

Patent Document 1: Korean Patent Registration No. 10-1687383 (announced on December 16, 2016)

Embodiments of the present invention are proposed to solve the above problems, and a virtual space providing system and virtual space capable of cooperating with a trusted external company, seeking advice, or providing a virtual space for outsourcing. We want to provide a user authentication method.

In addition, it intends to provide a virtual space provision system and a virtual space user authentication method that can access the virtual space of collaborating companies, advisory companies, and outsourcing companies without complicated procedures.

In addition, it is intended to provide a virtual space providing system and a virtual space user authentication method that can reliably guarantee the identity of a user accessing a virtual space.

In addition, it is intended to provide a virtual space providing system and a virtual space user authentication method that can improve work efficiency.

In addition, it is intended to provide a virtual space providing system and a virtual space user authentication method capable of accessing a plurality of virtual spaces with only one account without opening a plurality of accounts (IDs).

A virtual space user authentication method according to an embodiment of the present invention comprises the steps of: requesting an access from a user terminal to a station to which access is desired; Requesting an employment verification token to the user terminal from the station to which access is desired; Requesting a URL of a station to which the user belongs from the user terminal to a management server; Guiding the URL of the station to which the user belongs to the user terminal from the management server; Requesting issuance of an employment verification token from the user terminal to the station having the URL; Issuing an employment verification token to the user terminal from the station having the URL; Transmitting the employment verification token issued from the user terminal to the station to which access is desired; Requesting the URL of the station to which the employment verification token has been issued to the management server from the station that desires access; Determining, by the management server, whether the cluster to which the station requesting the URL is subscribed is the same as the cluster to which the station issuing the proof of employment token is subscribed; If the cluster to which the station requesting the URL is subscribed and the cluster to which the station issuing the employee proof token is subscribed are the same, guiding the URL of the station to which the employee proof token is issued from the management server to the station which wants to access the service; Requesting a validity check of the proof of employment token from the station that desires access to the station to which the proof of employment token has been issued; Issuing an access token to the user terminal from the station that desires to access when the validity of the employment verification token is confirmed; It may include the step of accessing the station to which access is desired based on the access token.

In the virtual space user authentication method according to an embodiment of the present invention, when the cluster to which the station requesting the URL is subscribed and the cluster to which the station issuing the employment certificate is subscribed are not the same, the management server issues the employee authentication token. It may include the step of determining whether a station satisfies a preset condition, and if the condition is satisfied, guiding the URL of the station to which the employee proof token is issued from the management server to the station desiring to access.

In the virtual space user authentication method according to an embodiment of the present invention, when the cluster to which the station requesting the URL is subscribed and the cluster to which the station issuing the employee proof token is subscribed are not the same, the station issuing the employee proof token is a different cluster. If there is at least one cluster to which the station that requested the URL and at least one other station subscribed to the other cluster is subscribed to the same, the station to which the employee proof token is issued from the management server It may include the step of guiding the URL of to the station desired to access.

In the virtual space user authentication method according to an embodiment of the present invention, the step of guiding, by the management server, the URL of the station to which the user belongs to the user terminal, extracting the URL of the station to which the user belongs from the management server. Including a step, and the extraction of the URL may be performed by checking a URL corresponding to an ID and password previously authenticated from the station to which the user belongs.

In the virtual space user authentication method according to an embodiment of the present invention, the step of guiding, by the management server, the URL of the group module to which the employee proof token has been issued, to the group module that wants to access, comprises the management server And extracting the URL of the group module to which the token was issued, and extracting the URL may be performed by checking the URL corresponding to the employment verification token.

A system for providing a virtual space according to an embodiment of the present invention includes a station server including a plurality of stations capable of providing a virtual space and issuing an employment verification token; It includes a management server capable of guiding the URL requested from the user terminal or the station, and determining whether the cluster to which the station requesting the URL is subscribed and the cluster to which the station issuing the employee proof token is the same, and , The station requesting access from the user terminal may allow access when the cluster to which the station requesting the URL is subscribed and the cluster to which the station issuing the employee proof token is subscribed are the same.

The management server of the system for providing a virtual space according to an embodiment of the present invention includes: a storage unit for storing at least one of URL information, the station information, and the cluster information for accessing the station; A third URL management unit for transmitting a URL corresponding to the employment verification token to the station, or a URL corresponding to an ID and password to the user terminal; It may include a cluster determination unit that determines whether the cluster to which the station requesting the URL is subscribed is the same as the cluster to which the station that issued the proof of employment token is subscribed.

The management server of the system for providing a virtual space according to an embodiment of the present invention may include a condition calculator that determines whether the station issuing the employment verification token satisfies a preset condition.

The preset condition of the virtual space providing system according to an embodiment of the present invention may include one or more of a job type, an asset, an employee size, a service available, and a service to be provided of a company to which the station belongs.

The station of the virtual space providing system according to an embodiment of the present invention is a second proof-of-employment token management unit capable of issuing a proof-of-employment token that proves a user's tenure or verifying the validity of the proof-of-work token submitted from a user terminal. ; A second URL management unit for requesting the URL corresponding to the submitted employee proof token to the management server; Includes an access permission token management unit that issues an access permission token when the submitted employment verification token is validated, and the station requested to access from the user terminal, when the access permission token is submitted through the user terminal You can allow access.

The second proof-of-work token management unit of the system for providing a virtual space according to an embodiment of the present invention includes: a proof-of-work token requesting unit for requesting submission of the proof-of-work token when there is a request for access to the station from the user terminal; An employment verification token issuing unit for issuing an employment verification token when there is a request for issuance of the employment verification token from the user terminal; When the employment verification token issued from the user terminal is submitted, an employment verification token validity check unit may be included to check the validity of the submitted employment verification token.

The virtual space providing system and the virtual space user authentication method according to embodiments of the present invention have the advantage of providing a virtual space that can cooperate with a trusted external company, seek advice, or outsource.

In addition, you can access virtual spaces of collaborating companies, advisory companies, and outsourcing companies without complicated procedures.

In addition, it is possible to reliably guarantee the identity of users who access the virtual space.

Also, it can improve work efficiency.

In addition, multiple virtual spaces can be accessed with only one account without opening multiple accounts (IDs).

1 is a flowchart illustrating a user authentication method of a system for providing a virtual space according to an embodiment of the present invention.
2 is a flowchart illustrating a user authentication method of a system for providing a virtual space according to an embodiment of the present invention.
3 is a flowchart illustrating a method of authenticating a user of the system for providing a virtual space according to FIGS. 1 and 2 in another manner.
4 is a block diagram showing the configuration of the user terminal of FIG. 1.
5 is a block diagram showing the configuration of the station server of FIG. 1.
6 is a block diagram showing the configuration of the management server of FIG. 1.
7 is a conceptual diagram schematically illustrating an authentication method according to a relationship between a station and a cluster of FIG. 2.

Hereinafter, specific embodiments of the present invention will be described in detail with reference to the drawings.

In addition, in describing the present invention, when it is determined that a detailed description of a related known configuration or function may obscure the subject matter of the present invention, a detailed description thereof will be omitted.

1 is a flow chart showing a user authentication method of a virtual space providing system according to an embodiment of the present invention, Figure 2 is a flow chart showing a user authentication method of a virtual space providing system according to an embodiment of the present invention, Figure 3 Is a flow chart showing a user authentication method of the virtual space providing system according to FIGS. 1 and 2 in different ways, FIG. 4 is a block diagram showing the configuration of the user terminal of FIG. 1, and FIG. 5 is a configuration of the station server of FIG. Fig. 6 is a block diagram showing the configuration of the management server of Fig. 1.

1 to 6, the virtual space providing system 10 according to an embodiment of the present invention may include a user terminal 100, a station server 200, and a management server 300.

The virtual space providing system 10 of the present invention provides a virtual space to a user, and the user can use various types of information and services provided in the virtual space. For example, at the request of a company, stations (210, 220, 230), which are virtual spaces of the company, are formed, and each of the stations (210, 220, 230) forms a cluster (A, B), a group of stations. can do.

A station may be understood as a module that provides a virtual space formed at the request of a company or a group of two or more people, and a cluster may be understood as a group of stations that satisfy certain conditions. For example, when the first station 210 is a module that provides a virtual space formed at the request of a distributor, and the second station 220 is a module that provides a virtual space formed at the request of a legal service company, The first station 210 formed at the request of a distributor and the second station 220 formed at the request of a legal service company form a first cluster (A), and a first station belonging to the first cluster (A). An incumbent (user) of the station 210 may access the second station 220 and receive legal services provided by the second station 220. In this case, the incumbent (user) of the first station 210 undergoes an authentication procedure for accessing the second station 220, and a detailed description thereof will be described later. Here, the legal service is only described as an example, and may include all known fields such as labor, medicine, IT, and education.

In addition, one station is joined to a plurality of clusters, so that one station may have a plurality of clusters.

It can be understood that a cluster is an aggregate of stations that satisfy certain conditions, and that the stations that have joined the cluster have mutual trust. That is, a user belonging to the same cluster can access another station only by a simple authentication procedure provided by the present invention.

In addition, the virtual space providing system 10 of the present invention may provide a virtual space for users to collaborate. For example, if company B performs a specific project, it can be assumed that the project is carried out in collaboration with an employee of company A. In this case, a virtual work space is created at the request of company B, and an employee of company A can perform a project in the virtual work space with employees of company B. Here, the virtual work space may be formed at the request of a company or a group including two or more users.

In addition, the virtual space providing system 10 of the present invention may provide a system for authenticating whether a user belongs to a station that satisfies certain conditions, such as sharing the same cluster with each other. For example, when a user belonging to the first station 210 tries to access the second station 220 through the user terminal 100, the first station 210 and the second station 220 are the same cluster. Whether the user can access the second station 220 may vary depending on whether it belongs to or not.

In addition, the virtual space providing system 10 of the present invention may provide a system capable of authenticating the identity of a user who wants to access the virtual space. For example, when an employee of company A wants to access the virtual space of company B, the identity of the employee of company A may be confirmed by the management server 300 and the station server 200.

The user terminal 100 may be connected to the station server 200 and the management server 300 through a network. Here, the network refers to a connection structure in which information exchange is possible between each node such as terminals and servers, and examples of such a network include a 3rd Generation Partnership Project (3GPP) network and a Long Term Evolution (LTE). ) Network, WIMAX (World Interoperability for Microwave Access) network, Internet, LAN (Local Area Network), Wireless LAN (Wireless Local Area Network), WAN (Wide Area Network), PAN (Personal Area Network), Bluetooth ( Bluetooth) network, satellite broadcasting network, analog broadcasting network, Digital Multimedia Broadcasting (DMB) network, and the like, but are not limited thereto. In addition, the user terminal 100 may be exemplified by a PC or a smart phone.

The station server 200 may include a plurality of stations. 1 and 2 illustrate three stations 210, 220, and 330 for convenience of explanation, a plurality of stations may be formed at the request of a company, and the number of stations is not limited.

Each station (210, 220, 2320) provides a pod (POD), which is a virtual work space, and multiple users can collaborate in each pod. Here, the POD can be understood as a concept corresponding to a work space. For example, a POD may be provided for each business project.

In addition, each station (210, 220, 230) may issue an employment verification token and an access permission token to authenticate the identity of a user who wants to access through the user terminal 100.

Here, the employment certificate token is a concept corresponding to a certificate of employment, and can be understood as a means for proving that a user belongs to a corresponding station. For example, when the first station 210 is formed at the request of company A, the employment certificate token issued by the first station 210 is understood as a means to prove that the user belongs to company A (employment certificate). Can be.

In addition, the access permission token is a concept corresponding to an access permission document, and can be understood as a means for allowing access to a station to which a user intends to access. For example, when the user's identity is authenticated (working at company A) after submitting an employment verification token to the second station 220 from the user terminal 100, the second station 220 issues an access permission token. Thus, the user can access the second station 220 through the user terminal 100.

The management server 300 stores and manages the information of the stations 210, 220, 230 and the clusters (A, B), and the cluster to which the station requesting the URL is subscribed and the cluster to which the station issuing the employee proof token is subscribed. It can be determined whether they are the same, and a detailed description thereof will be described later.

In addition, the management server 300 may be a component for verifying the identity of a user who has requested access. In the management server 300, the identity of the user is not directly verified, but the URL of the station to which the ID and password is issued can be checked, and the URL of the station to which the employment verification token has been issued can be checked. Here, a URL (Uniform Resource Locator) may be understood as an address for accessing each station.

In addition, the management server 300 may check and extract a URL corresponding to the issued employment verification token, and guide where the address (URL) of the station where the employment verification token is issued is.

In addition, the management server 300 may check the URL corresponding to the preset ID and password, and guide where the address (URL) of the station where the ID and password are authenticated and issued is.

According to each configuration of the virtual space providing system 10 according to an embodiment of the present invention, the user terminal 100 may access one of the plurality of stations 200 through a preset authentication process.

When the first station 210 and the second station 220 belong to the first cluster (A), and the first station 210 and the third station 230 belong to the second cluster (B) , The authentication process for accessing the second station 220 from the user's terminal 100 belonging to the first station 210 will be described as an example (see FIG. 1).

When a user belonging to the first station 210 requests access to the second station 220 from the access management unit 111 of the user terminal 100 (step 1), the second proof of employment of the second station 220 The token management unit 222 requests the user terminal 100 for a proof of employment token (step 2). Here, the step of requesting access may be understood as inputting a station to which a user wants to access an input unit (not shown) of the terminal. For example, when the second station 220 includes a virtual space formed by the request of the company B, when the company B is input to the input unit (not shown), a connection request to the second station 220 may be made. have. Here, the user belonging to the first station 210 may be understood as an employee of a company that requested the formation of the first station 210. Also, a user who does not belong to a station may be understood as a user who is currently employed or does not belong to a company, or a user who has not formed a station in the company.

Thereafter, when an ID and password are input to the user terminal 100, the first URL management unit 114 of the user terminal 100 requests a URL for accessing the first station 210 to the management server 300 ( Step 3), the management server 300 guides the URL for accessing the first station 210 to the first URL management unit 114 (step 4). More specifically, the third URL management unit 312 of the management server 300 finds a URL corresponding to an ID and password among URLs stored in the URL storage unit 311 and guides the URL to the first URL management unit 114 . Here, the ID and password are issued and authenticated by the personnel management unit 218 of the first station 210 to which the user belongs, and the URL storage unit 311 stores a URL for accessing the station corresponding to the ID and password. Can be doing.

Thereafter, the first employee proof token management unit 112 of the user terminal 100 requests the first station 210 for a job proof token (step 5). The 5th level of employment verification token is requested by the second station 220 and is valid only when accessing the second station 220.

After that, the second employment authentication token management unit 212 of the first station 210 issues an employment authentication token to the user terminal 100 for accessing the second station 220 (step 6). Specifically, after verifying the validity of the ID and password in the second job verification token issuing unit (not shown) of the second job verification token management unit 212, the job verification token may be issued.

Thereafter, the first employment verification token management unit 112 of the input unit 100 transmits the employment verification token issued from the first station 210 to the second employment verification token management unit 222 of the second station 220. (Step 7).

Thereafter, the second station 220 transmits the information of the received employment verification token to the management server 300 in order to check the validity of the employment verification token issued from the first station 210, and then the received employment verification Request the URL of the station where the token was issued (step 8). Specifically, a URL corresponding to the employment verification token received by the second URL management unit 224 may be requested from the management server 300.

After that, the cluster to which the second station 220, which requested the URL by the management server 300, is subscribed (the first cluster (A)) and the cluster to which the first station 210, which issued the proof of employment It is determined whether 1 cluster (A) is the same. Specifically, the cluster determination unit 317 determines whether the first station 210 and the second station 220 belong to the same cluster (the first cluster A).

When it is determined that the first cluster (A) to which the second station 220 requesting the URL is subscribed and the first cluster (A) to which the first station 210 that issued the proof-of-employment token is subscribed are the same, the management server ( 300) confirms and extracts the URL corresponding to the employment verification token submitted from the second station 220 and the employment verification token stored in the management server 300, and then converts the URL of the station where the token is issued to the second station 220 ) (Step 9). Here, the URL storage unit 311 of the management server 300 may store the URL of the station where the proof-of-employment token is issued, and the third URL management unit 312 is configured to the second station 220 having the URL request. Guide the URL.

Thereafter, the second station 220 requests the first station 210 to check the validity of the employment verification token submitted from the user terminal 100 based on the URL provided from the management server 300 (10). Step, step 11).

Specifically, the first station 210 requests the first station 210 to check the validity of the employment verification token submitted by the second employment verification token management unit 222 of the second station 220, and the second employment certificate of the first station 210 It checks whether the proof of employment token submitted by the token management unit 212 is valid.

If the submitted employment verification token is valid, the second station 220 issues an access permission token to the user terminal 100 (step 12). As an example, an access permission token may be issued from the access permission management unit 226 of the second station 220 to the access management unit 111 of the user terminal 100.

After that, after submitting the access permission token to the second station through the user terminal 100, it is possible to access the second station 220 (step 13).

After accessing the second station 220, a user can collaborate with people of other companies in a virtual space provided by the task management unit 219 according to each team and project. As an example, each task management unit 219 includes a plurality of PODs in which each project can be performed, and a user who accesses each POD is within the POD according to the purpose of the project, etc. You can do your job.

In addition, a user of the first station 210 connected to the second station 220 may use a service provided by the second station 220.

For example, when the business management unit 229 of the second station 220 provides information on legal services, the user of the first station 210 may provide information on the legal services provided by the second station 220 You can use However, legal services are merely described as examples, and may include all known fields such as labor, medicine, IT, and education.

Similarly, the first station 210 and the second station 220 belong to the first cluster (A), the first station 210 and the third station 230 belong to the second cluster (B) If so, the authentication process for accessing the third station 230 from the user's terminal 100 belonging to the first station 210 goes through the same principle.

Specifically, when the connection management unit 111 of the user terminal 100 of the user belonging to the first station 210 makes a connection request to the third station 230 (step 1'), the third station 230 The user terminal 100 requests an employment verification token (step 2').

After that, the third station 230 may be accessed through the user terminal 100 through steps 3, 4, 5, and 7 and through steps 8'to 13'. Here, steps 8'to 13' are processes of the same principle as steps 8 to 13 described above, and detailed descriptions thereof will be omitted.

When the first station 210 and the second station 220 belong to the first cluster (A), and the first station 210 and the third station 230 belong to the second cluster (B) , An authentication process for accessing the second station 220 from the user's terminal 100 belonging to the third station 230 will be described as an example (see FIG. 2).

When the connection management unit 111 of the user terminal 100 of the user belonging to the third station 230 requests a connection to the second station 220, the same process as in steps 1 to 8 described above is performed.

After step 8, the cluster to which the second station 220 that requested the URL by the management server 300 is subscribed (the first cluster (A)) and the cluster to which the third station 230 that issued the proof of employment token is subscribed ( It is determined whether the second cluster (B) is the same. Specifically, the cluster determination unit 317 determines whether the second station 220 and the third station 230 belong to the same cluster.

Since the second station 220 belongs to the first cluster (A) and the third station 230 belongs to the second cluster (B), if it is determined that they are subscribed to different clusters, the user terminal 100 Through it, an indication that the second station 220 cannot be accessed may be displayed. Specifically, an access impossibility signal is transmitted from the cluster determination unit 317 of the management server 300 to the access permission management unit 226 of the second station 220 (step F1), and the access permission management unit 226 A connection impossible signal is transmitted to the connection management unit 111 of the terminal 100 (step F2), and the user terminal 100 may display a connection impossible message to the user.

However, in the management server 300, the first cluster (A) to which the second station 220 requesting the URL is subscribed and the second cluster (B) to which the third station 230 that issued the proof of employment token is subscribed are the same. Even if not, the third station 230 that issued the proof of employment token by the condition calculation unit 318 of the management server 300 determines whether or not a preset condition is satisfied, and if the condition is satisfied, the third station 230 ) Of the URL to the second station 220. After guiding the URL to the second station 220, the process of the same principle as steps 9 to 13 described above may be performed, and a detailed description thereof will be omitted.

Here, the preset condition is to determine whether the third station 230 that issued the proof-of-employment token is subscribed to another cluster (for example, the second cluster B), and the other cluster (for example, the second cluster (B))) At least one other station (for example, the first station 210) and the second station 220 that requested the URL are subscribed to the same cluster (the first cluster (A)) There may be at least one case.

Referring to FIG. 7 in more detail, for example, when the user of the third station 230 wants to access the second station 220, the third station 230 and the second station 220 belong to the same. There is no cluster (the second station 220 belongs to the first cluster (A) and the fourth cluster (D), and the third station 230 belongs to the second cluster (B) and the third cluster (C). has exist).

However, other stations (stations 5, 6, and 7 (250, 260, 270)) and 2nd station subscribed to the cluster to which the third station 230 is subscribed (the second and third clusters (C, B)) The station 220 shares two clusters (a first cluster (A) and a fourth cluster (C)).

In this case, although the first cluster (A) to which the second station 220 is subscribed and the second cluster (B) to which the third station 230 is subscribed are not the same, the third station 230 The URL may be guided to the second station 220.

In addition, the preset condition may be a case in which the third station 230 issuing the proof-of-employment token has a preset size (eg, an asset size of 10 billion, the number of employees 100 or more). However, these preset conditions are merely exemplary, and various preset conditions may be input to the management unit 300. Here, the preset condition may be programmed in the cluster determination unit 317.

Hereinafter, a specific physical configuration capable of implementing the process of accessing the second station 220 from the user terminal 100 described above will be described.

The virtual space providing system 10 according to an embodiment of the present invention may include a user terminal 100, a station server 200, and a management server 300.

The user terminal 100 is a connection management unit 111 that requests access to a station to which a user wants to access, a system that requests issuance of an employment verification token to a station to which the user belongs, or transmits the issued employment verification token to a station that desires access. 1 The present invention may include a token management unit 112 and a first URL management unit 114 that requests a URL for accessing a station to which the user belongs to the management server 300.

The station server 200 may provide a plurality of stations. Hereinafter, three stations are described as an example, but each station is formed at the request of a company, and there is no limit to the number.

Each station (210, 220, 230) is a second proof of employment token management unit (212, 222, 232), a second URL management unit (214, 224, 234), access permission management unit (216, 226, 236), personnel management unit (218, 228) and business management units (219,229).

The second proof-of-employment token management unit 212, 222, and 232 may issue a proof-of-employment token that proves the user's tenure and check the validity of the proof-of-work token submitted from the user terminal. Specifically, the second proof-of-employment token management unit (212, 222, 232) requests the submission of the proof-of-employment token when there is a connection request from the user terminal (not shown), and the proof-of-employment token from the user terminal. If there is a request for issuance, it will include an employment verification token issuing unit (not shown) that issues an employment verification token, and an employment verification token validity check unit (not shown) that checks the validity of the employment verification token submitted from the user terminal. I can.

The second URL management units 214, 224, and 234 may request a URL corresponding to the submitted employee proof token from the management server to the request 300.

The access permission management unit (216, 226, 236) may issue an access permission token when the validity of the employment certificate token is confirmed. Meanwhile, the user terminal 100 may access the station that issued the access permission token by submitting the access permission token issued by the access permission management unit 216. Here, it may be understood that the case in which the validity of the employment verification token is confirmed is consistent with the employment verification token issued by the own station that has received the authentication request. For example, when the first station 210 issues the C employment certificate token, the second station 220 requests the first station 210 to check the validity of the C employment certificate token, the first station 210 ) Can confirm that the C employment proof token is consistent with the one issued by him.

The personnel management units 218, 228, and 238 may issue and manage IDs and passwords of members of a company or group users. These IDs and passwords can be used effectively even when accessing the corporate module formed by the request of another company. For example, if Company A issues an ID and password to a member of Company A, the ID and password issued by Company A can be used to access the station created at the request of Company B.

In addition, the personnel management units 218, 228, and 238 may transmit information on a company managed by the personnel management unit to the station information storage unit 313 of the management server 300.

When a user belonging to another station accesses, the task manager 219, 229, 239 may provide a service provided by the corresponding station to the user. For example, when the second station 220 provides legal services, when a user belonging to the first station 210 accesses the second station 220, the business management unit 229 provides legal services to the user. You can provide information. Specifically, when a user posts a legal article on the business management unit 229, the related information may be provided to the user through the business management unit 229.

In addition, the business management units 219, 229, 239 may provide a virtual work space, a POD, to a member of the company or the group user. Here, a plurality of PODs can be formed. For example, PODs can be provided on a per-project basis, and can be closed after the project is completed.

In addition, the work management units 219, 229, 239 may include a work progress status unit (not shown) capable of checking a progress status of a preset work. For example, the task progress status unit may display to what extent a preset user or a preset group has performed a task for a preset task. For example, the task progress status unit may display tasks not commenced, tasks commenced, tasks 50% completed, specific tasks completed, specific tasks not performed, tasks completed, etc.

In addition, the business management units 219, 229, and 239 may include a related person designation unit (not shown) capable of designating a related person for the preset business. For example, the designated related person may be a horizontal level related person within or outside of the company, or may be a co-worker at a level or equivalent level within the company. At this time, the designated related person may be notified that postings uploaded on the POD are related to him. Here, the means for receiving notification may be a push notification from a mobile terminal, mail transmission to an external email account, a talk messenger (eg, KakaoTalk, etc.).

In addition, the task management units 219, 229, and 239 may include a category designation unit (not shown) capable of setting a category for a preset task. The category designation unit can make it possible to check in which task area a preset task corresponds to. Here, the category may be input using a predetermined input method. For example, when a user uses a smart phone (user terminal), several categories of work are listed and displayed on the screen of the smart phone, and when the user touches the corresponding work category part of the displayed category list, Tasks may be labeled in the selected category.

In addition, the business management units 219, 229, and 239 may include a data leakage prevention unit (not shown) that prevents leakage of data uploaded to the POD. In addition, the data leakage prevention unit can designate the download of uploaded data to be available only to preset users, and to make it impossible to download data outside the POD for other users. For example, when an employee of Company A is working on a project together in a pod of the second station 220 formed by Company B, the employee of Company A is only in the POD of the second station 220 You can perform tasks or view the data, and you can set it so that it cannot be downloaded outside.

In addition, the task management units 219, 229, and 239 may include a deep learning unit (not shown) that collects and analyzes data information uploaded to the POD.

Such a deep learning unit may analyze a phenomenon occurring in another station based on information collected in one station.

In addition, the deep learning unit may transmit information of a corresponding data to another station at a request of another station, or may notify information collected and analyzed by deep learning. Here, deep learning may be defined as a set of machine learning algorithms that attempt to summarize core contents or functions from a large amount of data or complex data uploaded to each station.

In addition, the business management units 219, 229, 239 may be provided with a public relations unit (not shown) capable of exhibiting and promoting services intended by each company.

In this case, the public relations unit may be publicly set to a plurality of stations, and in this case, a large number of officials may read the company's data or sales items revealed in the public relations unit. As an example, the first station 210 established by Company A may include a public relations department, and Company A may post its main sale items to the corresponding public relations department. In this case, the company B may be configured to purchase the sale posted by the public relations unit of the first station 220 through the second station 220.

The management server 300 may include a storage unit that stores at least one of URL information for accessing the stations 210, 220, 230, information about the stations 210, 220, and 230, and information about the cluster (A, B). . Specifically, a URL storage unit 311 for storing URL information for access to the stations 210, 220, 230, a station information storage unit 313 for storing information on the stations 210, 220, 230, and a cluster (A , B) It may include a cluster information storage unit 315 for storing information.

The station information storage unit 313 may store each station information. When each station 210, 220, 230 is formed, a condition for inputting company information may be set, and the information input by each company may be stored in the station information storage unit 313. For example, when company A requests the formation of the first station 210 on the management server 300, it is necessary to input the job type, assets, staff size, available services, and services to be provided of company A, and the station information storage unit 313 can store this information.

In addition, changed information of each station may be managed by the station information management unit 313.

In addition, the station information storage unit 313 may receive information stored in the personnel management units 218, 228, and 238 of the station server 200.

The cluster information storage unit 315 may store cluster information to which each station belongs. For example, the cluster information storage unit 315 stores the number of clusters currently formed, stations belonging to each cluster, services required by the cluster, services that the cluster can provide, and goals that the cluster pursues. It can store various information about.

The cluster information management unit 316 may manage information stored in the cluster information storage unit 315. For example, when there are a plurality of stations of the same industry in the cluster information storage unit 315, it may be provided as a new station.

In addition, the management server 300 transmits a URL corresponding to the employment verification token to the station, or a third URL management unit 312 that transmits a URL corresponding to an ID and password to the user terminal, and the station requesting the URL is subscribed. It may include a cluster determination unit 317 that determines whether the cluster and the cluster to which the station that issued the proof of employment token is the same are the same.

The cluster determination unit 317 may determine whether or not to provide a URL by determining whether a condition for a user of a station that has issued the proof-of-work token to access a station to which he/she wants to be accessed is satisfied. For example, if a condition in which only users of stations 210 and 220 belonging to the first cluster A can access other stations 210 and 220 belonging to the first cluster A is set, 2 When a user of the third station 230 belonging to the cluster B makes a request for access to the second station 220, a connection impossible signal may be transmitted to the second station 220.

In addition, the cluster determination unit 317 may determine whether the station that issued the proof-of-employment token satisfies a preset condition and guide the URL to the station that wants to access it. For example, when a user of the third station 230 belonging to the second cluster (B) has a request for access to the second station 220 belonging to the first cluster (A), the two stations are in the same cluster. Even if it is not affiliated, if a preset condition is satisfied, the second station 220 may be accessed.

The management server 3000 may include a condition calculator 318 that determines whether the station that issued the proof of employment token satisfies a preset condition. For example, if the preset condition is a condition for guiding a URL when a station formed by a company with an asset of 1 billion or more, and the asset of the company forming the third station 230 is 1.1 billion, the third station ( 230) The user can access the first station 210.

In addition, the management server 300 may include a URL storage unit 312 that stores a URL for station access. For example, the URL storage unit may store a URL corresponding to an ID and password issued by each station. In this case, the URL may be a virtual address for accessing the station that issued the ID and password.

In addition, the management server 300 may request the issuance of an employment verification token from the user terminal 100 or the stations 210, 220, 230, or the validity of the issued employment verification token to a specific station 220 or 210. When there is a request for guidance of a URL, the requested URL may be provided. Here, the specific station may be understood as a station to which the user belongs.

In addition, the URL storage unit may store a URL corresponding to the employment verification token issued by each station. In this case, the URL may be a virtual address for accessing the station that issued the corresponding proof of employment token.

In addition, the management server 300 includes a third URL management unit 312 that transmits a URL corresponding to the employment verification token to the stations 210, 220, 230, or transmits a URL corresponding to an ID and password to a user terminal. can do. For example, the URL stored in the URL storage unit 311 may be transmitted to the user terminal 100 or each station 210, 220, 230 through the third URL management unit 312.

In addition, a plurality of management servers 300 are provided, and each of the management servers 300 may encrypt and distribute URLs for accessing the stations 210, 220, and 230. For example, the management server 300 may be arranged for each country, and each management server may store only a part of all URLs. Thereafter, in the case of transmitting the URL to the user terminal 100 or the stations 210 and 220, the URL information encrypted in each management server 300 may be decrypted and transmitted. For example, such encryption and decryption can utilize blockchain technology.

As described above, the virtual space user authentication method and the virtual space providing system according to the embodiments of the present invention have been described as specific embodiments, but this is only an example, and the present invention is not limited thereto, and according to the basic idea disclosed herein It should be construed as having a range of. A person skilled in the art may combine and replace the disclosed embodiments to implement a pattern of a shape not indicated, but this also does not depart from the scope of the present invention. In addition, those skilled in the art can easily change or modify the disclosed embodiments based on the present specification, and it is clear that such changes or modifications also belong to the scope of the present invention.

10: virtual space providing system 100: input unit
111: access management unit 112: first employment verification token management unit
114: first URL management unit 200: station server
210: first station 220: second station
230: third station
212, 222, 232: 2nd Proof of Employment Token Management Department
214, 224, 234: second URL management department 216, 226, 236: access permission management department
218, 228, 238: HR management unit 219, 229, 239: business management unit 300: management server 311: URL storage unit
312: third URL management unit 313: station information storage unit
314: station information management unit 315: cluster information storage unit
316: cluster information management unit 317: cluster determination unit
318: conditional operation unit

Claims (11)

Making a connection request from a user terminal to a station desired to be connected;
Requesting an employment verification token to the user terminal from the station to which access is desired;
Requesting a URL of a station to which the user belongs from the user terminal to a management server;
Guiding the URL of the station to which the user belongs to the user terminal from the management server;
Requesting issuance of an employment verification token from the user terminal to the station having the URL;
Issuing an employment verification token to the user terminal from the station having the URL;
Transmitting the employment verification token issued from the user terminal to the station to which access is desired;
Requesting the URL of the station to which the employment verification token has been issued to the management server from the station that desires access;
Determining whether the cluster to which the station requesting the URL is subscribed by the management server is the same as the cluster to which the station issuing the proof of employment token is subscribed;
If the cluster to which the station requesting the URL is subscribed and the cluster to which the station issuing the employee proof token is subscribed are the same, guiding the URL of the station to which the employee proof token is issued from the management server to the station which wants to access the service;
Requesting a validity check of the proof of employment token from the station that desires access to the station to which the proof of employment token has been issued;
Issuing an access token to the user terminal from the station that desires to access when the validity of the employment verification token is confirmed;
A virtual space user authentication method comprising the step of accessing the station to which access is desired based on the access token. The method of claim 1,
If the cluster to which the station requesting the URL is subscribed and the cluster to which the station issuing the proof of employment token is subscribed are not the same,
The management server determines whether the station issuing the employment verification token satisfies a preset condition, and if the condition is satisfied, the URL of the station on which the employment verification token is issued from the management server is sent to the station that wants to access Virtual space user authentication method comprising the step of guiding. The method of claim 1,
If the cluster to which the station requesting the URL is subscribed and the cluster to which the station issuing the proof of employment token is subscribed are not the same,
Determine whether the station that issued the proof of employment token is subscribed to another cluster, and if at least one other station subscribed to the other cluster and the station requesting the URL have at least one cluster to which the same subscription is present, the management server And guiding the URL of the station to which the employment verification token has been issued to the station desiring to access the virtual space user authentication method. The method of claim 1,
Informing the user terminal of the URL of the station to which the user belongs, by the management server,
Including the step of extracting the URL of the station to which the user belongs from the management server,
The extraction of the URL is performed by checking a URL corresponding to an ID and password previously authenticated from the station to which the user belongs. The method of claim 1,
The step of guiding, by the management server, the URL of the group module to which the employment verification token is issued to the group module that wants to access,
In the management server, including the step of extracting the URL of the group module is issued the proof of employment token,
The extraction of the URL is a virtual space user authentication method performed by checking a URL corresponding to the employment verification token. A station server including a plurality of stations capable of providing a virtual space and issuing a proof of employment token;
It includes a management server capable of guiding the URL requested from the user terminal or the station, and determining whether the cluster to which the station requesting the URL is subscribed and the cluster to which the station issuing the employee proof token is the same, and ,
A virtual space providing system that allows the access to the station requested by the user terminal when the cluster to which the station requesting the URL is subscribed and the cluster to which the station issuing the employment verification token is the same. The method of claim 6,
The management server,
A storage unit for storing at least one of URL information for accessing the station, information on the station, and information on the cluster;
A third URL management unit for transmitting a URL corresponding to the employment verification token to the station, or a URL corresponding to an ID and password to the user terminal;
A virtual space providing system comprising a cluster determination unit determining whether the cluster to which the station requesting the URL is subscribed is the same as the cluster to which the station issuing the proof of employment token is subscribed. The method of claim 7,
The management server
A virtual space providing system including a condition calculating unit that determines whether the station that issued the proof of employment token satisfies a preset condition. The method of claim 8,
The preset condition is a virtual space providing system that includes at least one of the job type, assets, staff size, available service, and service to be provided of the company to which the station belongs. The method of claim 6,
The station,
A second proof-of-employment token management unit capable of issuing a proof-of-employment token that proves the user's tenure, or checking the validity of the proof-of-work token submitted from the user terminal;
A second URL management unit for requesting the URL corresponding to the submitted employee proof token to the management server;
Including an access permission token management unit that issues an access permission token when the validity of the submitted employment certification token is verified,
The system for providing a virtual space for the station requesting access from the user terminal to allow access when the access permission token is submitted through the user terminal. The method of claim 10,
The second employment verification token management unit,
An employment verification token request unit for requesting submission of the employment verification token when there is a request for access to the station from the user terminal;
An employment verification token issuing unit for issuing an employment verification token when there is a request for issuance of the employment verification token from the user terminal;
A system for providing a virtual space including a validity checker for a job verification token to check the validity of the submitted job verification token when the job verification token issued from the user terminal is submitted.

Images