WO2015070032A1 - Système et procédé d'authentification - Google Patents

Système et procédé d'authentification Download PDF

Info

Publication number
WO2015070032A1
WO2015070032A1 PCT/US2014/064579 US2014064579W WO2015070032A1 WO 2015070032 A1 WO2015070032 A1 WO 2015070032A1 US 2014064579 W US2014064579 W US 2014064579W WO 2015070032 A1 WO2015070032 A1 WO 2015070032A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
user terminal
group
mail
mail address
Prior art date
Application number
PCT/US2014/064579
Other languages
English (en)
Inventor
Seong Uk MOON
Yeong Jun JEONG
Original Assignee
Teamblind Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020140139312A external-priority patent/KR101754330B1/ko
Application filed by Teamblind Inc. filed Critical Teamblind Inc.
Priority to JP2015548070A priority Critical patent/JP6033460B2/ja
Publication of WO2015070032A1 publication Critical patent/WO2015070032A1/fr
Priority to US14/753,993 priority patent/US9439072B2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to a system and method for authentication enabling authentication and use of a service without recording information for discriminating a service user from another.
  • Korean Patent Publication No. 10-2009-0056324 discloses a method for providing personal information of a user to other on-line sites once the user registers the personal information in an on-line site.
  • the present invention provides a system and method for authentication, which can prevent service users' identities from being exposed.
  • the present invention also provides a system and method for authentication, which can prevent service users' identities from being exposed even by hacking of a terminal or server side of a service provider, negligence in information management or a manager's misconduct.
  • the present invention also provides a system and method for authentication, which can store information provided by a service user during subscription and authentication procedures in such a manner that the information cannot be decoded from a side of a service provider's server.
  • the present invention also provides a system and method for authentication, which can be implemented to discriminate individual users and to enable a service to be used just by receiving minimum information from a service user.
  • the present invention also provides a system and method for authentication, which can be implemented to prevent an identity of a posting user posting bulletin content from being exposed by allowing the user to subscribe to a service through e- mail authentication and separating the information used in subscribing to the service and the information necessary to actually use the service.
  • the present invention also provides a system and method for authentication, which can make only one activated service use account exist for one e-mail address for the purpose of operating a service in a secure manner.
  • a method for authentication including receiving a subscription request from a user terminal, the subscription request executed by an authentication server communicating with the user terminal and including group discrimination data including a group code and information for discriminating a group from another, if it is determined that the group code and the information included in the group discrimination data correspond to each other, performing a group authentication procedure on the user terminal and processing the group authentication procedure as being successful, issuing a member session key to the user terminal, and providing a service requested by the user terminal in response to the service request including the member session key from the user terminal.
  • a method for authentication including providing a user interface executed by a user terminal communicating with an authentication server through a network to receive group discrimination data including a group code and information for discriminating a group from another, receiving the group code and the group discrimination data, and transmitting a subscription request including the group code and the group discrimination data to the authentication server, if group authentication for the user terminal is processed as being successful from the authentication server, receiving and encrypting a password entered by a user, encrypting the group discrimination data using the password, and transmitting the encrypted password and the encrypted group discrimination data to the authentication server, and if a member session key is received from the authentication server, storing the member session key and transmitting a service request for the authentication server, the service request including the member session key to be offered with a service provided by the authentication server.
  • the system and method for authentication can prevent service users' identities from being exposed.
  • the system and method for authentication can prevent service users' identities from being exposed even by hacking of a terminal or server side of a service provider, negligence in information management or a manager's misconduct.
  • the system and method for authentication can store information provided by a service user during subscription and authentication procedures in such a manner that the information cannot be decoded from a side of a service provider's server.
  • the system and method for authentication can be implemented to discriminate individual users and to enable a service to be used just by receiving minimum information from a service user.
  • the system and method for authentication can be implemented to prevent an identity of a posting user posting bulletin content from being exposed by allowing the posting user to subscribe to a service through e-mail authentication and separating the information used in subscribing to the service and the information necessary to actually use the service.
  • the system and method for authentication can make only one activated service use account exist for one e-mail address for the purpose of operating a service in a secure manner.
  • FIG. 1 is a network diagram illustrating a configuration of an authentication system according to an embodiment of the present invention
  • FIG. 2 is a block diagram illustrating a functional configuration of a user terminal included in the authentication system according to an embodiment of the present invention
  • FIG. 3 is a block diagram illustrating a functional configuration of an authentication server included in the authentication system according to an embodiment of the present invention
  • FIG. 4 is a flowchart sequentially illustrating a process of transmitting an e-mail for group authentication according to a subscription request from a user in an authentication method according to an embodiment of the present invention
  • FIG. 5 is a flowchart sequentially illustrating a process of receiving an e-mail authentication code required for group authentication using an e-mail in the authentication method according to an embodiment of the present invention
  • FIG. 6 is a flowchart sequentially illustrating a process of performing group authentication using an e-mail authentication code in the authentication method according to an embodiment of the present invention
  • FIG. 7 is a flowchart sequentially illustrating a process of performing member authentication for issuing a session key to a user terminal in the authentication method according to an embodiment of the present invention.
  • FIG. 8 is a flowchart illustrating steps performed after executing an application installed in a user terminal in a time series manner in the authentication method according to an embodiment of the present invention.
  • FIG. 1 is a network diagram illustrating a configuration of an authentication system according to an embodiment of the present invention
  • FIG. 2 is a block diagram illustrating a functional configuration of a user terminal included in the authentication system according to an embodiment of the present invention
  • FIG. 3 is a block diagram illustrating a functional configuration of an authentication server included in the authentication system according to an embodiment of the present invention.
  • the authentication system includes a user terminal 10 and an authentication server 30 connected to a network N. Additionally, the authentication system according to an embodiment of the present invention may further include an e-mail authentication terminal 20.
  • the e-mail authentication terminal 20 may be a terminal that is physically identical with the user terminal 10 or may be a separate terminal.
  • the network N may be implemented by all kinds of wired/wireless network, such as a local area network (LAN), a wide area network (WAN), a value added network (VAN), a personal area network (PAN), a mobile radio communication network or a satellite communication network.
  • LAN local area network
  • WAN wide area network
  • VAN value added network
  • PAN personal area network
  • mobile radio communication network or a satellite communication network.
  • the user terminal 10 and the e-mail authentication terminal 20 are communication terminals connected to a server of a remote location through the network N and may be implemented by a portable terminal that can be connected to another terminal or server.
  • the portable terminal may be, for example, a wireless communication device having portability and mobility guaranteed, such as a personal communication system (PCS), a global system for mobile communications (GSM), a personal digital cellular (PDC), a personal handyphone system (PHS), a personal digital assistant (PDA), an international mobile telecommunication (IMT)-2000, a code division multiple access (CDMA)-2000, a W-code division multiple access (W-CDMA), a wireless broadband internet (Wibro) terminal, a smart phone, a tablet computer and all kinds of handheld wireless communication device.
  • PCS personal communication system
  • GSM global system for mobile communications
  • PDC personal digital cellular
  • PHS personal handyphone system
  • PDA personal digital assistant
  • IMT international mobile telecommunication
  • CDMA code division multiple access
  • the user terminal 10 is a terminal used by a user of an on-line service provided by an operator of the authentication server 30.
  • the e-mail authentication terminal 20 is a terminal for receiving an authentication e-mail transmitted from the authentication server 30.
  • the user terminal 10 and the e-mail authentication terminal 20 are simply divided by functions. As described above, the user terminal 10 and the e-mail authentication terminal 20 may be the same with or different from each other.
  • An application for communicating with the authentication server 30 and providing an on-line service provided by the operator of the authentication server 30 may be installed in the user terminal 10.
  • a web browser or a separate e-mail application may be installed in the e-mail authentication terminal 20 to receive and display the authentication e-mail transmitted from the authentication server 30 through an e-mail server (not shown) or preparing the authentication e-mail transmitted from the e-mail authentication terminal 20 to the authentication server 30.
  • the meaning of the expression 'authentication e-mail' will later be described.
  • the authentication server 30 communicates with a plurality of user terminals 10 through the network N and provides an on-line service, discriminates each of the user terminals 10 through a user authentication procedure of the user terminal 10 and provides the service corresponding to the discriminated user terminal 10.
  • the service provided by the authentication server 30 is not limited to a particular service.
  • the service provided by the authentication server 30 may be, for example, a service shared by a plurality of users by registering bulletin content, such as an on-line bulletin board service or an on-line community service.
  • the authentication server 30 allows each user to select or enter the name of a group to which the user belongs and authenticates the user's membership of the group and provides only the user authenticated as a member of the group with bulletin content associated with the group or allows the authenticated user to subscribe in a community of the group.
  • the term 'group' is used to mean a variety of organizations to which individuals belong and may include, for example, all types of organizations formed by the individuals gathering to achieve the same objective. That is to say, the 'group' may include all types of organizations conceptually or socially grouped or grouped with or without intention.
  • the group authentication may be executed by an e-mail.
  • a group code for discriminating each group and a format of an e-mail address corresponding to each group code may be stored in the authentication server 30.
  • the format of the e-mail address may be set as a string of a host address part excluding a part for discriminating a user.
  • the authentication server 30 may execute group authentication by confirming whether a part following after '@' in the e-mail address, 'kmh@snu.ac.kr' entered by 'Kim Minho', is identical with a host address part of the e-mail service, i.e., 'snu.ac.kr' provided from Seoul National University.
  • the authentication server 30 may transmit an e-mail for authentication (to be referred to as 'authentication e-mail' hereinafter) to the e-mail address entered by the user and user's confirmation for the authentication e-mail may be authenticated.
  • 'authentication e-mail' hereinafter
  • the authentication e-mail may be transmitted to the e-mail address
  • a variety of methods for detecting whether the user has confirmed the authentication e-mail or not may be employed.
  • an 'authentication link' to be described later is embedded in the authentication e-mail transmitted from the authentication server 30 to then be transmitted, if the authentication link is selected by the e-mail authentication terminal 20 that has received the authentication e-mail, it is determined that the user has confirmed the authentication e-mail, which will later be described in more detail.
  • an 'authentication link' to be described later is embedded in the authentication e-mail transmitted from the authentication server 30 to then be transmitted.
  • the user is allowed to confirm a 'string for authentication' embedded in the authentication e-mail included in the authentication e-mail through the e-mail authentication terminal 20, and if the user who has confirmed the 'string for authentication' accurately enters the confirmed 'string for authentication' through the user terminal 10 within a preset time, it is determined that the authentication e-mail is confirmed by the user.
  • a group authentication method is executed such that the authentication server 30 transmits the authentication e-mail including an authentication link or a string for authentication to group e-mail addresses entered by the user, which is to be referred to as a first embodiment.
  • an e-mail address of a manager of the authentication server 30 may be provided to the user to allow the user to transmit the authentication e-mail to the manager of the authentication server 30, that is, to a service operator.
  • 'keyword for authentication' to be recorded in the authentication e-mail by the user may optionally be provided.
  • the authentication procedure may be completed by confirming the address of the e-mail transmitted by the user when the authentication e-mail is confirmed.
  • the authentication server 30 may process the group authentication as being successful only when the keyword for authentication, additionally provided to the user, and the keyword for authentication, included in the received e-mail, are identical with each other as the result of comparison.
  • the authentication server 30 may provide only the operator's e-mail address to the user who intends to proceed with a subscription procedure by entering the group e-mail address but may not provide the keyword for authentication.
  • the user may succeed in the group authentication by transmitting the authentication e-mail having the operator's e-mail address as a recipient using the user's own group e-mail address.
  • group authentication may be executed using information other than the e- mail address.
  • the authentication server 30 may pre-store intrinsic IP addresses of wireless LAN access points used by the respective groups, or identifier information, such as SSID by group.
  • the authentication server 30 may pre- store information on off-line addresses of the respective groups.
  • the authentication server 30 may perform user authenticate as to whether the user is a member of a particular group by comparing at least one of information on the identifier of the wireless LAN access point accessed by the user terminal 10 and a current position of the user terminal 10 of the user who intends to subscribe in the service of the particular group as a member with an identifier and an off-line address of a wireless LAN access point of a pre-stored group.
  • 'member authentication' is used to mean a procedure of endowing an intrinsic key for granting a subsequent service connection of the user terminal 10 to the user terminal 10 having completed the group authentication (to be referred to as 'session key').
  • the authentication server 30 receives a password from the user of the user terminal 10 having completed the group authentication, encrypts information concerning the user or the user terminal 10 to be registered in the authentication server 30 and executes the procedure of endowing the session key that is characteristic for each user terminal 10, thereby completing the member authentication.
  • the user terminal 10 includes a subscription request unit 11.
  • the subscription request unit 11 provides a user interface allowing the user who executes an application installed in the user terminal 10 to select a group to which the user belongs to transmit a request for subscription to on-line service for the group to the authentication server 30.
  • the subscription request unit 1 1 may allow the user to enter a group name or to select one of a plurality of pre-stored groups.
  • the subscription request unit 11 may search for a pre-stored group name corresponding to a string of the entered group name to then display the same, thereby selecting the group to which the user belongs.
  • a group code for discriminating a group may be matched with the user's selected group, and the subscription request unit 11 may transmit the group code to the authentication server 30 when transmitting the information on the user's selected group to the authentication server 30.
  • the subscription request unit 1 1 may receive the e-mail address from the user in the format of a string and may transmit the received string together with the group code to the authentication server 30.
  • the authentication server 30 may execute the group authentication using the received group code and the e-mail address.
  • the subscription request unit 1 1 may transmit the group code and the identifier of the wireless LAN access point or the current position information to the authentication server 30 according to embodiment.
  • the user terminal 10 may include an authentication key management unit 12.
  • the 'authentication key' managed by the authentication key management unit 12 is received from the authentication server 30.
  • the authentication server 30 confirms whether the received information corresponds to the e-mail address format of the selected group code and then transmits the authentication e-mail to the received e-mail address.
  • the authentication server 30 may notify the user terminal 10 of transmittal of the authentication e-mail and may simultaneously provide the 'authentication key' to the user terminal 10.
  • the authentication key is an intrinsic pseudorandom key newly generated whenever the authentication e-mail is transmitted.
  • the notification of the transmittal of the authentication e-mail from the authentication server 30 to the user terminal 10 will now be referred to as 'authentication e-mail transmittal notification'.
  • the authentication key management unit 12 may store the received authentication key while receiving the authentication e-mail transmittal notification.
  • the authentication key management unit 12 provides the stored authentication key to an authentication request unit 13 to be described later.
  • the authentication key that is received and stored by the authentication key management unit 12 together with the authentication e-mail transmittal notification will now be referred to as a 'first authentication key'.
  • the authentication server 30 when the authentication server 30 receives an e-mail address from the user terminal 10, confirms whether the received e-mail address has a format corresponds to the user's selected group and then provides an operator's e-mail address to which the user may send an authentication e-mail, and selectively provides keywords for authentication to the user terminal 10 according to embodiment, an authentication key may be generated to then be transmitted to the user terminal 10 and the authentication key management unit 12 may store the generated authentication key. That is to say, in the present embodiment, the authentication key may be an intrinsic pseudorandom key newly generated whenever a receiving address of the authentication e-mail to be received from the user (operator's e-mail address) and keywords for authentication are provided to the user.
  • the authentication server 30 may compare the received information with pre-registered information for the group corresponding to the received group code and may send the authentication key to the user terminal 10. Accordingly, the authentication key management unit 12 may store the authentication key received from the authentication server 30.
  • the authentication key may be an intrinsic pseudorandom key newly generated whenever the information received from the user is compared with the information on the group stored in the authentication server 30 to execute group authentication.
  • the user terminal 10 may include the authentication request unit 13.
  • the authentication request unit 13 is configured to request for final authentication for completing group authentication to the authentication server 30 to enable member authentication.
  • the authentication server 30 transmits again the authentication key transmitted together when the authentication e-mail transmittal notification is provided to the user terminal 10 when notifying the user terminal 10 of the completion of confirmation for the authentication e-mail.
  • the 'authentication e-mail confirmation notification' is a notification generated in a case where it is confirmed that the user has browsed the authentication e-mail when the authentication server 30 transmits the authentication e- mail according to the first embodiment of the present invention.
  • the confirmation may be achieved by confirming whether an authentication link included in the authentication e-mail is selected (whether a request including URL information corresponding to the authentication link is received in the authentication server 30) or whether the string for authentication included in the authentication e-mail is transmitted to the authentication server 30 through the user terminal 10, as described above.
  • the authentication request unit 13 compares the second authentication key received together when the authentication e-mail confirmation notification is received with the first authentication key received and stored by the authentication key management unit 12 together with the authentication e-mail transmittal notification and confirms whether the compared keys are identical with each other or not. Only when the compared keys are identical with each other, the authentication request unit 13 may transmit the identical authentication key and the e- mail address to the authentication server 30, thereby confirming whether the group authentication has been successfully completed or not.
  • the authentication key may not be included in the authentication e-mail transmittal notification but may be included in only the authentication e-mail confirmation notification, so that the authentication request unit 13 may inquire the authentication server 30 whether the group authentication has been successfully completed or not, using only the authentication key included in the authentication e-mail confirmation notification without comparison of authentication keys.
  • the authentication request unit 13 may transmit the authentication key included in the authentication e-mail transmittal notification to the authentication server 30, thereby inquiring whether the group authentication corresponding to the authentication key has been successfully completed or not.
  • the authentication server 30 may also transmit the first authentication key together when the operator's e-mail address to which the user is to send the authentication e-mail (optionally including keywords for authentication) is notified the user terminal 10 (to be referred to as an 'authentication e-mail receiving address notification' hereinafter).
  • the authentication e-mail (including the keywords for authentication in the main text) is sent to the receiving address after the user confirms the authentication e-mail receiving address notification
  • the authentication server 30 confirms the authentication e-mail
  • the authentication e-mail confirmation notification may be transmitted again to the user terminal 10 together with the second authentication key.
  • the first authentication key and the second authentication key are not necessarily discriminated from each other. Rather, an authentication key may be allowed to be included in at least one of two notifications sequentially transmitted.
  • the authentication server 30 when the authentication server 30 receives the identifier of the wireless LAN access point or the current position information with the group code from the user terminal 10, the authentication key corresponding to the user terminal 10 may be generated to then be transmitted to the user terminal 10.
  • the authentication server 30 may notify the user terminal 10 whether the received identifier of the wireless LAN access point or the current position information corresponds to the user's selected group and whether the group authentication has been successfully completed.
  • the user may perform a member authentication procedure using the authentication key included in the notification. That is to say, in the third embodiment of group authentication, the authentication request unit 13 confirms whether the final group authentication by the authentication server 30 has been successfully completed using the authentication key included in the notification received from the authentication server 30 and then performs the member authentication procedure.
  • the user terminal 10 may include a member information setting unit 14.
  • the member information setting unit 14 may receive a password from the user and may provide information pieces associated with the user, including the password, to the authentication server 30.
  • the encryption unit 15 may encrypt the received password and e-mail address to allowing the information concerning the user, stored in the authentication server 30, in an encrypted state, thereby completing the member authentication procedure.
  • the member information setting unit 14 may provide a user interface to receive the password from the user.
  • the 'password' may include a simple string of digits or a string of digits and characters.
  • the password may be patterned with a particular track.
  • the encryption unit 15 may encrypt the e-mail address received by the subscription request unit 1 1 using the input password.
  • the encryption unit 15 may encrypt the input password itself.
  • the member information setting unit 14 may provide the encrypted e-mail address and the encrypted password to the authentication server 30.
  • the e-mail address may first be encrypted by the encrypted password.
  • the member information setting unit 14 may transmit the previously received group code and authentication key together with the encrypted e-mail address and the encrypted password to the authentication server 30.
  • the member information setting unit 14 may receive a 'nickname' to be set by the user together when receiving the password.
  • the nickname may be set as a particular string.
  • the member information setting unit 14 is provided with a confirmation as to redundancy of the nickname from the authentication server 30, thereby setting the nickname that is not redundant with that of another user.
  • the member information setting unit 14 may transmit the nickname finally confirmed by the user to the authentication server 30 together with the encrypted password, thereby allowing individual users' nicknames to be registered in the authentication server 30.
  • the member information setting unit 14 provides the encrypted e-mail address and the encrypted password and additional information to the authentication server 30, so that the authentication server 30 stores the encrypted information and confirms redundant subscription in an identical e-mail address to then issue a session key to the user terminal 10.
  • the user terminal 10 includes a session maintaining unit 16 which stores and renews the session key issued from the authentication server 30 and transmits the session key to the authentication server 30 when communicating with the authentication server 30 to allow the authentication server 30 to discriminate the user terminal 10, and accordingly offer services.
  • the user terminal 10 may further include a bulletin content display unit 17 sending a request for bulletin content to the authentication server 30, another server operated by the operator of the authentication server 30 or a third party server using an authentication application programming interface (API) provided by the operator of the authentication server 30 and receiving and displaying the requested bulletin content.
  • the session maintaining unit 16 may read the stored session key and may transmit the read session key to the authentication server 30 or another server or a third party server operated by the operator of the authentication server 30, provided with the same session key with the session key issued from the authentication server 30 to the user terminal 10.
  • the user terminal 10 may further include a bulletin content registering unit 18 registering the bulletin content by accepting a new registration of bulletin content from the user and transmitting the newly registered bulletin content to the authentication server 30 or another server operated by the operator of the authentication server 30 or a third party server using an authentication application programming interface (API) provided by the operator of the authentication server 30.
  • a bulletin content registering unit 18 registering the bulletin content by accepting a new registration of bulletin content from the user and transmitting the newly registered bulletin content to the authentication server 30 or another server operated by the operator of the authentication server 30 or a third party server using an authentication application programming interface (API) provided by the operator of the authentication server 30.
  • API authentication application programming interface
  • the session maintaining unit 16 may read the stored session key and may transmit the read session key to the authentication server 30 or another server or the third party server operated by the operator of the authentication server 30, provided with the same session key with the session key issued from the authentication server 30 to the user terminal 10.
  • FIG. 3 illustrates a functional configuration of the authentication server 30 performing group authentication according to the first embodiment of the present invention.
  • the authentication server 30 may be configured such that a group authentication unit 32 includes an e-mail transmission unit 32a and an e-mail authentication unit 32b, which will later be described.
  • the group authentication unit 32 may be differently configured, which will also be described below.
  • the authentication server 30 may include a subscription request receiving unit 31. If a subscription request is received from the user terminal 10, the subscription request receiving unit 31 receives and records the user's input group code and e-mail address received in the subscription request unit 1 1 of the user terminal 10 together with the subscription request.
  • the subscription request receiving unit 31 may connect the received group code and e-mail address with each other using an account to then store the same.
  • the information received by the subscription request receiving unit 31 may be recorded in 'Table for Subscription'.
  • the 'Table for Subscription' is a table in which the group code and the e-mail address received from the user terminal 10 together with the subscription request are stored and is used in executing a subscription procedure, including the group authentication and the member authentication.
  • the data recorded in the table for subscription is deleted once the subscription procedure for the corresponding user terminal 10 is completed and a session key is endowed to the user terminal 10.
  • Table 1 Table for Subscription E-mail Address Plaintext e-mail address entered by user
  • the group code and the e-mail address are received by the subscription request receiving unit 31 from the user terminal 10.
  • the authentication key and the e-mail authentication code may be recorded in the table for subscription by being generated by the subscription request receiving unit 31 after the subscription request is received from the user terminal 10.
  • the information recorded in the table for subscription may be deleted after the lapse of a predetermined period of time unless the user takes an action for the authentication e-mail is taken within the predetermined period of time after sending the authentication e-mail.
  • the push identifier may be device discrimination information used by a push server (e.g., GCM of Android operating system (OS) or APNS of iOS), such as a registered ID of the android OS or a device token of the iOS.
  • the device discrimination information may be given each application installed in each user terminal 10 to discriminate the application and receiving a push notification.
  • the subscription request receiving unit 31 temporarily stores the push identifier of the user terminal 10 requesting for subscription in the table for subscription, thereby allowing the authentication e-mail transmittal notification or the authentication e-mail confirmation notification to be transmitted to the user terminal 10 by push technology.
  • the subscription request receiving unit 31 may confirm whether the e-mail address format corresponding to the group code and a host address part of the e-mail address received from the user terminal 10 correspond to each other and may generate the authentication key and the e- mail authentication code to be recorded in the table for subscription if the e-mail address format and the host address part correspond to each other.
  • the authentication key is an intrinsic pseudorandom key newly generated so as to correspond to the subscription request and may be used for discriminating subscription requests from each other.
  • the 'e-mail authentication code' is an intrinsic value, such as an authentication key.
  • the e-mail authentication code may be generated as a pseudorandom key of 50 kbytes or greater.
  • the e-mail authentication code is included in the authentication e-mail sent from the e-mail transmission unit 32a, which will later be described.
  • the e-mail authentication code is included in the authentication e- mail as an authentication link that can be selected by the user, so that the user may select (click or touch) the authentication link, which is sensed by the authentication server 30, thereby identifying which e-mail authentication code has been confirmed so as to correspond to the authentication e-mail.
  • the e-mail authentication code may be provided to the user in the format of a string for authentication, included in the main text of the authentication e-mail, rather than in the format of an authentication link, as described above. That is to say, the e-mail authentication code may be provided as one of the authentication link or the authentication string.
  • a field of the e-mail authentication code may be recorded in the table for subscription.
  • a field of the keyword for authentication may be recorded in the table for subscription.
  • a field of the receiving mail addresses of which the respective users are notified may be included in the table for subscription.
  • a field for recording the identifier or position information of the wireless LAN access point, received from the user may be included in the table for subscription.
  • the group authentication unit 32 includes the e-mail transmission unit 32a, and the e-mail transmission unit 32a may transmit an e-mail including the e-mail authentication code in the format of an authentication link or a string for authentication.
  • the authentication e-mail may include information on whether there is an attempt to member subscription in a given service using the e-mail address to which the authentication e-mail is transmitted, information on subscription approval based on selection of the authentication link (or information on subscription approval based on entry of the string for authentication into the application) and the authentication link (or the string for authentication). Then, if the authentication link is selected or the string for authentication is recorded, the corresponding e-mail authentication code may be transmitted to the authentication server 30, thereby confirming user's approval for a given authentication e-mail.
  • the e-mail transmission unit 32a may transmit the authentication e-mail transmittal notification including an authentication key to the user terminal 10 using the push identifier corresponding to the e-mail address to which the authentication e-mail is transmitted.
  • the group authentication unit 32 may include the e-mail authentication unit 32b. After the user confirms the e-mail through the e-mail authentication terminal 20, the e-mail authentication unit 32b may select the authentication link or inputs the string for authentication, so that the e-mail authentication code is transmitted to the authentication server 30, a value of the group authentication success field corresponding to e-mail authentication code in the table for subscription may be processed as being successful.
  • a field value that is not recorded in the table for subscription may be recorded or the field value may be changed. That is to say, the 'group authentication success field' is a region for recording a value indicating whether the group authentication has been successful or not as the result of successful e-mail authentication completion.
  • the e-mail authentication unit 32b transmits the authentication key together when the authentication e-mail confirmation notification is transmitted to the user terminal 10 using the corresponding push identifier. Accordingly, the user terminal 10 may confirm that the group authentication using the authentication e-mail is completed. In particular, the user terminal 10 may confirm whether the first authentication key and the second authentication key included in the authentication e-mail transmittal notification and the authentication e-mail confirmation notification are identical with each other, and an identical authentication key may be transmitted to the authentication server 30 for make a final authentication request only when the first and second authentication keys are identical with each other.
  • the e-mail authentication unit 32b may process the group authentication success field value as being successful and may transmit the authentication e-mail confirmation notification to the user terminal 10. Thereafter, if an authentication request including the authentication key is received from the user terminal 10, a response indicating that the group authentication has been successfully completed for the authentication request may be transmitted only when the group authentication success field value is confirmed to be processed as being successful.
  • the authentication e-mail confirmation notification may be transmitted to allow the user terminal 10 to confirm the successful group authentication, so that the user terminal 10 executes an application and transmits the authentication key to the authentication server 30, thereby confirming whether the authentication has been successfully completed or not.
  • the group authentication unit 32 may include an 'e-mail receiving unit' and an 'e-mail authentication unit'. After the 'e-mail receiving unit' notifies the user terminal 10 of a receiving mail address and a keyword for authentication, which may include a first authentication key, it may receive an authentication e-mail optionally including the keyword for authentication in its main text and having a receiving mail address as a recipient and an e-mail address previously entered by the user as a sender.
  • the 'e-mail authentication unit' confirms whether the receiving mail address, the e-mail address corresponding to the receiving mail address, and the keyword for authentication correspond to each other in the table for subscription to then process the group authentication success field value as being successful.
  • the e-mail authentication unit may transmit an authentication key (a second authentication key) to the user terminal 10 together with an authentication e-mail confirmation notification.
  • the group authentication unit 32 may compare the identifier of the wireless LAN access point and the current position information with a pre-stored identifier of the wireless LAN access point and an off-line address, thereby performing group authentication. If the group authentication has been successfully completed, the group authentication unit 32 may transmit the authentication key to the user terminal 10 while processing the group authentication success field value in the table for subscription as being successful.
  • the user terminal 10 provides a user with a screen showing that the group authentication has been successfully completed, thereby allowing a password, a nickname, etc. to be set.
  • the authentication server 30 includes a member information management unit 34.
  • the member information management unit 34 receives the nickname and the password entered by the user through the screen of the user terminal 10, showing that the group authentication has been successfully completed.
  • the password may be transmitted in the encrypted form, as described above.
  • the member information that is received by the member information management unit 34 from the user terminal 10 is recorded in the following table for members, which has various fields as follows.
  • the member number may be a discrimination code newly generated by the member information management unit 34 when the member information is received from the user terminal 10 and is recorded in the table for members.
  • the encrypted password and the encrypted e-mail address may be received from the user terminal 10.
  • the encrypted e-mail address may be a hash value stored in the encrypted form using the password, the e-mail address and optically other additional information for encryption.
  • the e-mail address since the e-mail address is encoded in a unidirectionally encrypted manner, it may not be decoded.
  • the e-mail address is stored in the authentication server 30, the e-mail address is stored in the encrypted state so as not to be finally decoded.
  • the user terminal 10 first encrypts the user's entered e- mail address in a decodable state to then be transmitted to the authentication server 30, and the authentication server 30 decodes the e-mail address and then encrypts the same in an undecodable manner.
  • the e-mail address since the encrypted e-mail address was transmitted from the user terminal 10 to the authentication server 30, the e-mail address may be transmitted in an encrypted manner so as not be decodable and may then be stored in the authentication server 30 at it is.
  • the encrypted e-mail address is encrypted by the user terminal 10 so as not be decodable using the user's entered password and a salt value set by a service provider, that is, the operator of the authentication server 30.
  • the table for members may further include a field in which a group code is recorded.
  • the member information management unit 34 records and manages the encrypted password, the encrypted e-mail address, the nickname, etc., received from the user terminal 10.
  • the encrypted password may be obtained by decoding the encrypted password received from the user terminal 10 and then encrypting the same in a different manner, as described above.
  • the authentication server 30 may include a redundancy processing unit 35.
  • the redundancy processing unit 35 may be configured such that member subscription is redundantly performed when there are redundant subscription requests for the same e-mail address or there is a re-subscription request of a user for which member authentication is completed.
  • the redundancy processing unit 35 may determine whether the e-mail address included in the subscription request is identical with the e-mail address pre-recorded in the table for subscription and may notify the user terminal 10 that has requested for subscription that the new subscription request is a redundant subscription attempt. Likewise, when the new subscription request is received, the redundancy processing unit 35 may determine whether the e-mail address included in the subscription request is identical with the e- mail address pre-recorded in the table for redundancy removal, which will later be described, and may notify the user terminal 10 that the new subscription request is a redundant subscription attempt.
  • the redundancy processing unit 35 may determine whether the e-mail address received from the user terminal 10 is identical with the e-mail address registered in the table for redundancy removal and may notify the user terminal 10 that the new subscription request is a redundant subscription attempt.
  • the redundancy processing unit 35 may encrypt a plaintext e-mail address using the same encryption logic used when the encrypted e-mail address recorded in the table for redundancy removal is encrypted, and may then compare the encrypted e-mail address with the encrypted e-mail address recorded in the table for redundancy removal for determining redundancy.
  • the redundancy processing unit 35 when the redundancy processing unit 35 notifies the user terminal 10 that the new subscription request is a redundant subscription attempt, the user terminal 10 may revoke the existing member subscription, may determine whether to make a new member subscription attempt, and may notify the authentication server 30 of the determination result. For example, if there is a request for new member subscription from the user terminal 10 to the same-mail address, the redundancy processing unit 35 may delete all of the existing records associated with the corresponding e-mail address to then perform again a member subscription procedure.
  • the user terminal 10 may transmit the subscription request or the member information together with a 'forced flag' to the authentication server 30.
  • the redundancy processing unit 35 may delete existing records according the presence or absence of the forced flag even if the same e- mail address is pre-recorded in the table for subscription or the table for redundancy removal, and may perform new group authentication and/or member authentication or may ignore the subscription request or registration of member information.
  • the table for redundancy removal may have various fields as follows.
  • the respective fields of the table for redundancy removal may be recorded by encrypting the e-mail address when authentication of an arbitrary user terminal 10 has been successfully completed, and newly generating an e-mail session key.
  • the authentication server 30 may include a session management unit 36.
  • the session management unit 36 may newly generate and manage the 'member session key' of the table for members and the 'e-mail session key' of the table for redundancy removal.
  • the member session key is synchronized with a member session key provided to the user terminal 10 and stored, and the session management unit 36 may discriminate a member using the member session key received from the user terminal 10 and may offer a service.
  • the e-mail session key is a session key stored in the table for redundancy removal and may be provided to the user terminal 10 and stored, like the member session key.
  • the e-mail session key and the member session key are separately provided because there is no information associated with the table for members and the table for redundancy removal for membership determination, the data deleted when the redundancy removal is performed is only the e-mail session key of the table for redundancy removal, and it is not possible for the redundancy processing unit 35 to delete the data due to impossible confirmation of the pertinent member session key.
  • the member session key received from the user terminal 10 exists in the table for members and the e-mail session key exists in the table for redundancy removal, two different session keys are issued to be used for offer the service only when both of the member session key and the e-mail session key are effective.
  • the session management unit 36 may not offer the service in response to a service request including the e-mail session key deleted later.
  • the authentication server 30 may include a bulletin content management unit 37.
  • the bulletin content management unit 37 may receive and store bulletin contents registered from the user terminal 10.
  • the respective bulletin contents may be divided according to group codes.
  • the table for bulletin content management may include, for example, fields for
  • the bulletin content management unit 37 may also manage reply comments for the respective bulletin contents.
  • the authentication server 30 may include a reply comment table.
  • the reply comment table may include fields for ID numbers of the reply comments, ID numbers of the bulletin contents on which the reply comments are dependent, and numbers of members who have registered the reply comments.
  • the authentication server 30 may include a bulletin content providing unit 38.
  • the bulletin content providing unit 38 may provide the bulletin contents and reply comments managed using the bulletin content table and the reply comment table according to the request from the user terminal 10.
  • the bulletin content providing unit 38 may notify a posting user of a new event, such as registration of a reply comment for bulletin content prepared by the posting user.
  • the authentication server 30 may include a push information table.
  • the push information table may include fields for ID numbers of the respective bulletin contents and push identifiers of the user terminal 10 having registered the bulletin contents.
  • the data associated with the respective members may not be included in the push information table.
  • an authentication key, a session key and other member information may be exchanged in such a state as originally generated or entered when they are exchanged between the user terminal 10 and the authentication server 30.
  • the authentication key, the session key and other member information may be exchanged such that one party that generates or enter information transmits the information to the other party in an encrypted state and the other party decodes the received information to be used.
  • an e-mail address for preventing redundant subscription may be separately entered by the user or discrimination information other than the e-mail address may be received, thereby performing redundancy removal.
  • the redundancy removal may not be performed.
  • FIG. 4 is a flowchart sequentially illustrating a process of transmitting an e-mail for group authentication according to a subscription request from a user in an authentication method according to an embodiment of the present invention
  • FIG. 5 is a flowchart sequentially illustrating a process of receiving an e-mail authentication code required for group authentication using an e-mail in the authentication method according to an embodiment of the present invention
  • FIG. 6 is a flowchart sequentially illustrating a process of performing group authentication using an e-mail authentication code in the authentication method according to an embodiment of the present invention.
  • FIG. 7 is a flowchart sequentially illustrating a process of performing member authentication for issuing a session key to a user terminal in the authentication method according to an embodiment of the present invention
  • FIG. 8 is a flowchart illustrating steps performed after executing an application installed in a user terminal in a time series manner in the authentication method according to an embodiment of the present invention.
  • the present invention will be described with regard to the first embodiment of group authentication, in which the group authentication is executed by transmitting an authentication e-mail including an authentication code, but aspects of the present invention are not limited thereto. Rather, the authentication method may also be executed using easily replaceable methods in addition to the methods according to the first to third embodiments of group authentication group authentication.
  • the user terminal 10 transmits the group code and e-mail address corresponding to the group and a push identifier allocated to an application of the user terminal 10 to the authentication server 30 (S 142).
  • the authentication server 30 records the received e-mail address, the group code, the push identifier, etc. in the table for subscription and then determines whether the e-mail address is in the format corresponding to the group code (S341).
  • the authentication server 30 transmits an error message to the user terminal 10 (S342), and the user terminal 10 may display the received error message (S143).
  • the authentication server 30 may determine whether the e-mail address corresponding to the received e- mail address is pre-registered in the table for redundancy removal or not (S343).
  • the authentication server 30 may determine whether a forced flag is included in the information received from the user terminal 10 (S344). If it is determined that the forced flag is included in the information received from the user terminal 10, the authentication server 30 may notify the user terminal 10 that the subscription request is redundant (S345).
  • the user terminal 10 displays the redundancy message (S 144) to allow the user to select to continue to proceed with the subscription procedure or to give up the subscription procedure.
  • the user terminal 10 transmits the group code including the forced flag, the e-mail address and the push identifier back to the authentication server 30 (S 146).
  • steps S341, S343 and S344 are performed again in the authentication server 30.
  • step S343 if it is determined that the e-mail address included in the subscription request is not registered in the table for redundancy removal, or in step S344, if it is determined that the forced flag is included in the subscription request received from the user terminal 10, the authentication server 30 generates the e-mail authentication code and the authentication key corresponding to the subscription request (S346) to then be recorded in the table for subscription together with information pieces included in the subscription request (S347).
  • steps S346 and S347 according to the second embodiment of group authentication, a receiving mail address and a keyword for authentication may be respectively generated to then be recorded in the table for subscription.
  • the authentication server 30 transmits an authentication e-mail including an e-mail authentication code (S348), and the authentication key corresponding to the subscription request may be transmitted to the user terminal 10 together with the authentication e-mail transmittal notification (S349). Meanwhile, after receiving the authentication key, the user terminal 10 may store the received authentication key.
  • the authentication key may be transmitted to the user terminal 10 while notifying the user terminal 10 of the information on the receiving mail address and the keyword for authentication. Accordingly, the authentication key may be stored in the user terminal 10 and the user may transmit the authentication e-mail to the authentication server 30 using the user terminal 10 or other types of terminals.
  • the e-mail authentication terminal 20 receives the transmitted authentication e-mail and displays the e-mail including an authentication link including the e-mail authentication code (or a string for authentication including the authentication code) (S251).
  • the e-mail authentication terminal 20 may be the same terminal with the user terminal 10.
  • the e-mail authentication terminal 20 selects the authentication link or enters the string for authentication through the application installed in the user terminal 10 in a state in which the authentication e-mail is displayed (S252), the e-mail authentication code corresponding to the selected authentication link (or the entered string for authentication) to the authentication server 30 (S253).
  • steps S351 to S253 may be replaced with steps of the authentication server 30 notifying the user terminal 10 of the information on the receiving mail address and the keyword for authentication and transmitting the authentication e-mail having the notified receiving mail address as a recipient and including the keyword for authentication in its main text to the authentication server 30.
  • the authentication server 30 searches for an e-mail authentication code identical with the e-mail authentication code received from the table for subscription and then processes a group authentication success field value corresponding to the searched e-mail authentication code as being successful (S353).
  • step S353 the authentication server 30 compares information on the sender and recipient of the authentication e-mail, entered by the user, and the keyword included in the main text of the authentication e-mail with the information recorded in the table for subscription and processes the group authentication success field value as being successful or unsuccessful.
  • the authentication server 30 may transmit a push message including the corresponding authentication key, that is, the authentication e-mail confirmation notification, using the corresponding push identifier for the subscription request having the group authentication success field value processed as being successful in step S353 of FIG. 5 (S361).
  • the authentication server 30 identifies the group authentication success field value corresponding to the authentication key received in step S I 62 (S362), and it is confirmed that the group authentication success field value has been processed as being successful (S363), a response indicating that the group authentication has been successfully completed is returned to the user terminal 10 (S364).
  • a screen showing that the group authentication has been successfully completed that is, a screen allowing the user to enter member information, including a nickname and a password, is provided to the user terminal 10 (S 163).
  • the user terminal 10 may receive the nickname and the password from the user (S171).
  • the user terminal 10 encrypts the e-mail address using the entered password and also encrypts the password itself (SI 72).
  • the user terminal 10 transmits the member information including the encrypted e-mail address, the encrypted password, the nickname, the group code, etc., and a pre-issued authentication key, to the authentication server 30 (SI 73).
  • the user terminal 10 may first encrypt the user's entered e-mail address in a decodable state to then be transmitted to the authentication server 30, and the authentication server 30 decodes the e-mail address and then encrypts the same in an undecodable manner.
  • the e-mail address since the encrypted e-mail address was transmitted from the user terminal 10 to the authentication server 30, the e-mail address may be transmitted in an encrypted manner so as not be decodable and may then be stored in the authentication server 30 at it is.
  • the authentication server 30 may identify the e-mail address corresponding to the authentication key from the table for subscription using the authentication key received together with the member information (S371).
  • the authentication server 30 confirms whether the corresponding e-mail address is pre-registered in the table for redundancy removal using the identified e-mail address (S372).
  • the plaintext e-mail address may be encrypted using the same encryption logic used when the encrypted e-mail address recorded in the table for redundancy removal is encrypted, and the encrypted e-mail address may then be compared with the encrypted e-mail address recorded in the table for redundancy removal.
  • the encryption logic used in encrypting the e-mail address may be determined or changed by the operator of the authentication server 30.
  • step S372 If it is confirmed in step S372 that the e-mail address is redundant, the authentication server 30 confirms whether a forced flag is included in the member information or not, and if the forced flag is not included in the member information, a redundancy message is transmitted to the user terminal 10 (S375) to notify the user terminal 10 that there are redundant subscription attempts for the same e-mail address.
  • the user terminal 10 having received the redundancy message displays the received redundancy message (S I 74) to allow the user to retry a subscription attempt using the same e-mail address or to give up subscription.
  • the user terminal 10 If the user terminal 10 intends to quit proceeding with the subscription procedure for completion of member authentication, the rest steps of the subscription procedure are all interrupted. However, if there is a user input from the user terminal 10 to continue to proceed with the subscription procedure (SI 75), the user terminal 10 transmits again the member information and the authentication key transmitted in step SI 73 together with the forced flag (S 176).
  • the authentication server 30 receives the member information, the authentication key and the forced flag and executes again steps S371 to S374.
  • step S372 If it is determined in step S372 that the e-mail address is not included in the table for redundancy removal, the authentication server 30 records the e-mail address in the table for redundancy removal by newly generating an e-mail session key and encrypting the newly generated e-mail address (S373).
  • step S372 if it is determined in step S372 that the same e-mail address is included in the table for redundancy removal but it is determined in step S374 that the forced flag is included in the member information, the authentication server 30 renews and stores the new e-mail session key corresponding to the e-mail address of the table for redundancy removal (S376).
  • the authentication server 30 may record the received member information in the table for members and may generate and store the member session key (S377).
  • the authentication server 30 deletes all of the data associated subscription, recorded in the table for subscription (S378) and the e-mail session key and the member session key are issued to the user terminal 10.
  • the user terminal 10 may store the session keys.
  • the user terminal 10 may delete all of the temporarily stored data, including e-mail addresses or group codes, while issuing the session keys.
  • the group authentication procedure and the member authentication procedure are divided into several steps and are described with regard to process steps of the authentication server 30 performed in a time series manner.
  • the group authentication procedure and the member authentication procedure will be described with regard to the user terminal 10 with reference to FIG. 8.
  • the existence of the authentication key may mean that a session key for the corresponding user terminal 10 has not yet been issued, that is, a subscription procedure has not been completed.
  • the user terminal 10 may receive the authentication key and the e- mail address entered by the user and stored to the authentication server 30 (S I 83).
  • the authentication server 30 may confirm the group authentication success field value corresponding to the authentication key received from the table for subscription (S381).
  • the authentication server 30 may transmit a response indicating that the group authentication has been successfully completed or a response indicating that the group authentication has unsuccessfully completed to the user terminal 10 according to whether the group authentication success field value has been processed as being successful or unsuccessful (S383 and S384).
  • a screen showing that the group authentication has been successfully completed that is, a screen allowing the user to enter member information, including a nickname and a password for performing member authentication, is provided, and steps shown in FIG. 7 may be performed.
  • the user terminal 10 may display a subscription request screen (SI 87). Accordingly, a new group and a new e-mail address are received to execute again steps following on and after the group authentication procedure shown in FIGS. 4 to 6. Meanwhile, in a case where no authentication key exists in the user terminal 10 but a session key exists in the user terminal 10, the user terminal 10 may use the service using the session key (SI 92).
  • a screen lock may be cancelled. If the screen is locked (SI 88), the user terminal 10 may provide the user with a user interface to enter a password (SI 89).
  • the password entered by the user may be encrypted and then transmitted to the authentication server 30 together with the session key (SI 90).
  • the authentication server 30 having received the password and the session key may search for a member session key identical with the received session key from the table for members and may compare the encrypted password corresponding to the member searched for from the table for members with the encrypted password received in step SI 90 (S383).
  • the authentication server 30 may transmit an error message to the user terminal 10.
  • step S383 if it is confirmed in step S383 that the two passwords are not identical with each other, the authentication server 30 identifies whether the e-mail session key is effective in the table for redundancy removal (S385), a response indicating that authentication has been successfully completed may be transmitted to the user terminal 10.
  • the user terminal 10 receives the response indicating that authentication has been successfully completed (SI 91), and may normally use the service (SI 92).
  • the group authentication procedure shown in FIGS. 4 to 8 is executed such that the authentication server 30 receives the group code and the identifier of the wireless LAN access point and the current position information from the user terminal 10 and the identifier of the wireless LAN access point and the current position information are compared with a pre-stored identifier of the wireless LAN access point and an off-line address, and if the compared information pieces are matched with each other, the group authentication success field value is processed as being successful and an authentication key is then generated and transmitted to the user terminal 10.
  • an e-mail address entered by the user may be registered.
  • the e-mail address may not be used in group authentication but may be used in redundancy removal.
  • the information required for redundancy removal may be replaced by other information, such as employee numbers, in addition to the e- mail address.
  • the authentication method according to the embodiment shown in FIGS. 4 to 8 includes process steps performed in a time series manner by the authentication system shown in FIGS. 1 to 3. Therefore, even when omitted in the following description, the aforementioned content regarding the authentication system shown in FIGS. 1 to 3 may also be applied to the authentication method according to the embodiment shown in FIGS. 4 to 8.
  • the authentication method according to the embodiment shown in FIGS. 4 to 8 may be embedded in the form of a recording medium which includes computer executable command languages, such as a program module executed by a computer.
  • a computer-readable storage medium may be a useable medium that may be accessed by a computer and may include any or all of volatile and non- volatile media and/or a separable and inseparable media. Further, the computer-readable storage medium may include any or all of a computer storage medium and a communication medium.
  • the computer-readable storage medium may include any or all of volatile and non-volatile media or a separable and inseparable media embodied by an arbitrary method or technology for storing information such as computer-readable command languages, data structures, program modules, and/or other data.
  • the communication medium may typically include any one or more of computer-readable command languages, data structures, program modules, and/or other data which relates to a modulated data signal such as carrier waves, or other transmission mechanism, and may also include a particular information forwarding medium
  • the authentication method according to an embodiment of the present invention may be embodied by a computer program (or a computer program product) which includes computer executable command languages.
  • the computer program includes programmable machine command languages processed by a processor and may be implemented by a high-level programming language, an object-oriented programming language, an assembly language or a machine language.
  • the computer program may be recorded in a visible computer-readable recording medium (for example, a memory, a hard disk, a magnetic/optical medium or a solid-state drive (SSD), etc.).
  • the authentication method may be implemented by executing the computer program by a computing device.
  • the computing device may include at least some of a processor, a memory, a storage device, a high-speed interface connected to the memory and a high- speed extension port, and a low-speed interface connected to a low-speed bus and the storage device.
  • the respective elements may be connected to one another using various buses and may be mounted on a common mother board or may be mounted in another appropriate manner.
  • the processor may process command languages in the computing device.
  • the command languages may include, for example, commands stored in a memory or a storage device to display graphic information for providing a graphic user interface (GUI) to an external input or output device, like a display connected to a high-speed interface.
  • GUI graphic user interface
  • a plurality of processors and (or) a plurality of buses may be appropriately used with a plurality of memories and memory formats.
  • the processors may be embodied by a chip set consisting of chips including in a plurality of independent analog and (or) digital processes.
  • the memory may store information in the computing device.
  • the memory may be composed of volatile memory units or a set thereof.
  • the memory may be composed of nonvolatile memory units or a set thereof.
  • the memory may be other types of computer-readable media, such as magnetic or optical disks.
  • the storage device may provide a computing device with a large-capacity storage space.
  • the storage device may include a computer-readable medium or the like.
  • the storage device may include, for example, devices embedded in a storage area network (SAN) and others.
  • Examples of the storage device may include a floppy disk device, a hard disk device, an optical disk device, a tape device, a semiconductor memory device, such as a flash memory, or the like, or a device array.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

La présente invention concerne un système et un procédé d'authentification. Le procédé consiste à recevoir une requête d'abonnement d'un terminal d'utilisateur, la requête d'abonnement étant exécutée par un serveur d'authentification en communication avec le terminal d'utilisateur et comprenant des données de discrimination de groupes comprenant un code de groupe et des informations servant à discriminer un groupe d'un autre, s'il est déterminé que le code de groupe et les informations comprises dans les données de discrimination de groupes correspondent les uns aux autres, exécuter une procédure d'authentification de groupe sur le terminal d'utilisateur et traiter la procédure d'authentification de groupe comme étant réussie, délivrer une clé de session de membre au terminal d'utilisateur, et fournir un service demandé par le terminal d'utilisateur en réponse à la requête de service, comprenant la clé de session de membre, du terminal d'utilisateur. Selon la présente invention, il est possible d'empêcher une divulgation d'informations concernant des utilisateurs de service.
PCT/US2014/064579 2013-11-08 2014-11-07 Système et procédé d'authentification WO2015070032A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2015548070A JP6033460B2 (ja) 2013-11-08 2014-11-07 認証システム及び認証方法
US14/753,993 US9439072B2 (en) 2013-11-08 2015-06-29 System and method for authentication

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR1020130135210 2013-11-08
KR20130135210 2013-11-08
KR1020140139312A KR101754330B1 (ko) 2013-11-08 2014-10-15 인증시스템 및 인증방법
KR1020140139312 2014-10-15

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US14/753,993 Continuation US9439072B2 (en) 2013-11-08 2015-06-29 System and method for authentication

Publications (1)

Publication Number Publication Date
WO2015070032A1 true WO2015070032A1 (fr) 2015-05-14

Family

ID=53042135

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2014/064579 WO2015070032A1 (fr) 2013-11-08 2014-11-07 Système et procédé d'authentification

Country Status (1)

Country Link
WO (1) WO2015070032A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017140214A1 (fr) * 2016-02-17 2017-08-24 阿里巴巴集团控股有限公司 Procédé et appareil de communication
CN109691156A (zh) * 2016-07-14 2019-04-26 瑞典爱立信有限公司 无线装置的增强型聚合式重新认证
CN117688957A (zh) * 2024-02-04 2024-03-12 国网江苏省电力有限公司电力科学研究院 一种用于多对象多场景的电缆数据交互方法及装置

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030041263A1 (en) * 1997-09-26 2003-02-27 Carol Y. Devine Secure customer interface for web based data management
US20030161476A1 (en) * 2000-06-16 2003-08-28 Fransdonk Robert W. Method and system to store and distribute encryption keys
US20060129499A1 (en) * 1997-09-26 2006-06-15 Mci, Inc. Integrated proxy interface for web based data management reports
US20060274899A1 (en) * 2005-06-03 2006-12-07 Innomedia Pte Ltd. System and method for secure messaging with network address translation firewall traversal
US7225249B1 (en) * 1997-09-26 2007-05-29 Mci, Llc Integrated systems for providing communications network management services and interactive generating invoice documents
US20070174618A1 (en) * 2004-03-16 2007-07-26 Toshihisa Nakano Information security apparatus and information security system
US20080034045A1 (en) * 2006-08-02 2008-02-07 Bardsley Jeffrey S Methods, systems, and computer program products for managing electronic subscriptions

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030041263A1 (en) * 1997-09-26 2003-02-27 Carol Y. Devine Secure customer interface for web based data management
US20030191970A1 (en) * 1997-09-26 2003-10-09 Worldcom, Inc. Secure server architecture for web based data management
US20060129499A1 (en) * 1997-09-26 2006-06-15 Mci, Inc. Integrated proxy interface for web based data management reports
US7225249B1 (en) * 1997-09-26 2007-05-29 Mci, Llc Integrated systems for providing communications network management services and interactive generating invoice documents
US20030161476A1 (en) * 2000-06-16 2003-08-28 Fransdonk Robert W. Method and system to store and distribute encryption keys
US20070174618A1 (en) * 2004-03-16 2007-07-26 Toshihisa Nakano Information security apparatus and information security system
US20060274899A1 (en) * 2005-06-03 2006-12-07 Innomedia Pte Ltd. System and method for secure messaging with network address translation firewall traversal
US20080034045A1 (en) * 2006-08-02 2008-02-07 Bardsley Jeffrey S Methods, systems, and computer program products for managing electronic subscriptions

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017140214A1 (fr) * 2016-02-17 2017-08-24 阿里巴巴集团控股有限公司 Procédé et appareil de communication
CN109691156A (zh) * 2016-07-14 2019-04-26 瑞典爱立信有限公司 无线装置的增强型聚合式重新认证
US11343673B2 (en) 2016-07-14 2022-05-24 Telefonaktiebolaget Lm Ericsson (Publ) Enhanced aggregated re-authentication for wireless devices
CN117688957A (zh) * 2024-02-04 2024-03-12 国网江苏省电力有限公司电力科学研究院 一种用于多对象多场景的电缆数据交互方法及装置
CN117688957B (zh) * 2024-02-04 2024-04-16 国网江苏省电力有限公司电力科学研究院 一种用于多对象多场景的电缆数据交互方法及装置

Similar Documents

Publication Publication Date Title
US9439072B2 (en) System and method for authentication
EP2573986B1 (fr) Procédés et systèmes pour augmenter la sécurité de messages électroniques
US8869241B2 (en) Network acquired behavioral fingerprint for authentication
US9692769B2 (en) Method and system for data communication over network
US9230127B2 (en) Methods and systems for increasing the security of electronic messages
JP5711430B2 (ja) 身分認証管理装置及びその方法
US9774552B2 (en) Methods, servers and systems for verifying reported locations of computing devices
US20150327205A1 (en) Simple mobile registration mechanism enabling automatic registration via mobile devices
US20160321745A1 (en) Account binding processing method, apparatus and system
TWI484367B (zh) 同步多個電子裝置中之使用者帳戶之控制代碼
KR20100126850A (ko) 보안형 단문 메시징 서비스 및 멀티미디어 메시징 서비스를 위한 시스템 및 방법
TWI661333B (zh) 用以傳送憑證之系統及方法
US11861042B2 (en) Individual data unit and methods and systems for enhancing the security of user data
WO2017190668A1 (fr) Procédé et dispositif de vérification d'identité
KR101754330B1 (ko) 인증시스템 및 인증방법
JP6494990B2 (ja) サービスアカウントに対するユーザ認証方法とユーザ認証システム、および記憶媒体
US8739259B1 (en) Multilayer wireless mobile communication device authentication
WO2015070032A1 (fr) Système et procédé d'authentification
WO2022143160A1 (fr) Procédé de reconnaissance d'identité d'utilisateur pour de multiples dispositifs, et dispositif terminal
AU2013200453B2 (en) Methods and Systems for Increasing the Security of Electronic Messages
US20240096151A1 (en) Mutable, configurable device
WO2023280009A1 (fr) Procédé et appareil de contrôle d'accès, dispositif et support de stockage
JP2003242149A (ja) 情報検索システム
TW201837766A (zh) 利用國際行動設備識別碼及國際行動用戶識別碼進行認證的網路會員認證方法

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2015548070

Country of ref document: JP

Kind code of ref document: A

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14859897

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14859897

Country of ref document: EP

Kind code of ref document: A1