WO2015147409A1 - System and method for user authentication when using web service - Google Patents

Abstract

The present invention relates to a system and a method for user authentication when using a web service and, more particularly, comprises: a user information database for storing therein user information including user authentication information and additional information of individual services; an authtoken issuing unit for, if an authtoken issuing request signal for the web service is received from a terminal, issuing an authtoken for which an expiration period is set and transmitting the authtoken to the terminal; and an authentication unit for, if a user authentication information request signal including the authtoken is received from a web service device, performing user authentication using the authtoken, and in the case of an authorized user, transmitting, to the web service device, the user authentication information including an accessID and CI.

Description

System and method for user authentication when using web service

The present invention relates to a system and a method for authenticating a user when using a web service. More particularly, when the web service is executed through a browser, an authentication token is issued from an integrated management device, and the user is authenticated to the web service device using the issued authentication token. The present invention relates to a system and a method for authenticating a user when using a web service for requesting and receiving an AccessID and requesting and receiving the user authentication information or additional information using the AccessID as a key value when the user authentication information or additional information is needed during the execution of the web service. .

Recently, as awareness and use of a user terminal such as a smart phone is expanded, many users use an application through the user terminal, and the number and types of applications that can be executed in the user terminal are also increasing exponentially.

Typically, a user downloads and installs a desired application to a user terminal from a server that provides various applications such as an application store, and uses the installed application. The installed application is configured to be used only by the authenticated user after authenticating whether the user can use the corresponding application.

On the other hand, if you need to use the service function through identity authentication among the various mobile web services provided on a terminal basis, when running the mobile web service through a browser mounted on the terminal, when providing user authentication and service through the identity authentication system The necessary user authentication information is obtained.

However, conventionally, even when using an application service that goes through the authentication process from among web services, in case of downloading and executing another application service, it is inconvenient for the user to directly input user additional information necessary for the authentication process and service use. There was this.

The object of the present invention is that if you are using any one of the web services that go through the authentication process from among the web services, if you download and run another additional web service immediately without the user authentication information and user additional information input procedure required for using the service The present invention provides a system and method for authenticating a user when using a web service to enable a service.

Another object of the present invention is to additionally required to provide user authentication and service by directly accessing the integrated management device for storing and managing user authentication information and additional information in individual web services without installing a separate authentication application for the user authentication function. The present invention provides a system and method for authenticating a user when using a web service that can receive information.

Still another object of the present invention is to provide a user authentication method when using a web service in which a user of a terminal inputs personal information by interlocking personal information stored in a cloud-based server when the user inputs personal information in an online system such as a web server. A system and method are provided.

Another object of the present invention is to provide a system and method for user authentication when using a web service that reflects the personal information stored in advance in the cloud-based server after the authentication of the terminal to the personal information required for input.

An integrated management apparatus according to an embodiment of the present invention includes a user information database storing user information including user authentication information and additional information of individual services; When an authentication token issuance request signal for a web service is received from the terminal, an authentication token issuing unit issuing an authentication token having a validity period and transmitting the authentication token to the terminal; And when the user authentication information request signal including the authentication token is received from the web service device, performs user authentication using the authentication token, and in the case of the authenticated user, the user authentication information including the AccessID and the CI to the web service device. It may include an authentication unit for transmitting.

As an example related to the present invention, when a user authentication information request signal including an AccessID is received, an authentication information providing unit configured to search a user information database to obtain user authentication information mapped to an AccessID, and transmit the obtained user authentication information. It may further include.

As an example related to the present invention, the authentication token issuance request signal may include at least one of terminal identification information, web service identification information, client authentication key, and app guard installation.

As an example related to the present invention, the user authentication information request signal may include an authentication token and a web service device authentication key.

As an example related to the present invention, the authentication unit may determine whether the authentication period is within the validity period set in the authentication token, and if it is within the validity period, issue the AccessID and transmit user authentication information including the issued AccessID and CI to the web service device. .

Terminal according to an embodiment of the present invention communication unit for communicating through a communication network; And a web service processing unit that receives an authentication token from the integrated management device through a communication unit, requests a user authentication to the web service device using the issued authentication token, and receives an AccessID when a web service execution command is input through a browser. Can be.

As an example related to the present invention, when the web service execution command is input, the web service processor may include: a browser module configured to transmit web service identification information to the authentication module and store the AccessID transmitted from the authentication module in a cache; And transmitting an authentication token issuance request signal including at least one of web service identification information, terminal identification information, client authentication key, and app guard installation transmitted from the browser module to the integrated management device, and the validity period is set from the integrated management device. It may include an authentication module that receives the authentication token, transmits a user authentication request signal including the authentication token to the web service device, receives the AccessID from the web service device and transmits the AccessID to the browser module.

As an example related to the present invention, when the web service processing unit requires user authentication information or additional information during execution of a web service, the web service processing unit sends the user authentication information or additional information to the integrated management device via the web service device using the AccessID cached in the browser module as a key value. Can be received upon request.

Web service apparatus according to an embodiment of the present invention includes an authentication information database that stores user authentication information including the AccessID and CI of the user; And when the user authentication request signal including the authentication token is received from the terminal, transmits the user authentication information request signal including the authentication token to the integrated management device, and receives user authentication information including AccessID and CI from the integrated management device. If so, it may include an authentication request processing unit for storing the user authentication information in the authentication information database, and transmits the AccessID to the terminal.

The system according to an embodiment of the present invention is provided with a user information database storing user authentication information and additional information, when issuing an authentication token for a web service from a terminal, issues an authentication token having a validity period set, and provides a web service. When the user authentication information request signal including the authentication token is received from the device, the authentication is performed using the authentication token, and when the user is authenticated, the user authentication information including the AccessID and CI is transmitted to the web service device. Management device; A terminal receiving an authentication token from the integrated management device, requesting user authentication to the web service device with the issued authentication token, and receiving an AccessID when a web service execution command is input through a browser; And when the user authentication request signal including the authentication token is received from the terminal, transmits the user authentication information request signal including the authentication token to the integrated management device, and receives user authentication information including AccessID and CI from the integrated management device. If so, it may include a web service device that stores the user authentication information and transmits the AccessID to the terminal.

In the method for authenticating a user when using a web service according to an embodiment of the present invention, in the method for authenticating a user when the integrated management device uses a web service, when an authentication token issuance request signal for a web service is received from a terminal, Issuing an authentication token having a validity period and transmitting the authentication token to a terminal; And when the user authentication information request signal including the authentication token is received from the web service apparatus that receives the user authentication request signal from the terminal, performs user authentication using the authentication token, and if the user is an authenticated user, includes an AccessID and a CI. And transmitting the user authentication information to the web service device.

A computer-readable recording medium containing a program for executing a method for authenticating a user when using a web service according to an embodiment of the present invention, when executed by the integrated management device, requests for issuing an authentication token from the terminal to the web service. When the signal is received, issuing an authentication token having a validity period and transmitting the authentication token to the terminal; And when the user authentication information request signal including the authentication token is received from the web service apparatus that receives the user authentication request signal from the terminal, performs user authentication using the authentication token, and if the user is an authenticated user, includes an AccessID and a CI. A program for executing a method for authenticating a user when using a web service, including transmitting user authentication information to a web service device, may be stored.

According to an embodiment of the present invention, a method for authenticating a user when using a web service is provided in the method for authenticating a user when the terminal uses a web service. When a web service execution command is input through a browser, an authentication token for the corresponding web service is provided. Transmitting an issue request signal to the integrated management device; When an authentication token having a validity period is issued from the integrated management device, transmitting a user authentication request signal including an authentication token to a web service device, and receiving and storing an AccessID from the web service device; And when the user authentication information or additional information is needed during execution of the web service, requesting and receiving the user authentication information or additional information from the integrated management device via the web service device using the stored AccessID as a key value.

When a web service execution command through a browser is input to a computer-readable recording medium that contains a program for executing a method for user authentication when using a web service according to an embodiment of the present invention, the corresponding web service Transmitting an authentication token issuance request signal for the integrated management device; When an authentication token having a validity period is issued from the integrated management device, transmitting a user authentication request signal including an authentication token to a web service device, and receiving and storing an AccessID from the web service device; And requesting user authentication information or additional information from the integrated management device through the web service device using the stored AccessID as a key value when user authentication information or additional information is needed during the execution of the web service. A program for executing the method may be stored.

Method for authenticating a user when using a web service according to an embodiment of the present invention, when a web service execution command is input through a browser in a terminal, at least one of web service identification information, terminal identification information, client authentication key, and appguard installation Transmitting an authentication token issuing request signal including a to the integrated management device; The integrated management device issuing an authentication token having a validity period and transmitting the authentication token to the terminal; The terminal transmits a user authentication request signal including an authentication token to a web service device; The web service device transmits a user authentication information request signal including an authentication token to the integrated management device; The integrated management device performs user authentication using an authentication token, and in the case of an authenticated user, transmitting user authentication information including an AccessID and a CI to a web service device; The web service apparatus stores the user authentication information and transmits the AccessID to the terminal; And the terminal may store the AccessID.

The terminal according to the embodiment of the present invention transmits and registers the personal identification information to the cloud-based server, the communication unit for communicating with the service providing device; When a preset event that requires input of personal information occurs while communicating with a service providing device, a user authentication process for a terminal including a communication unit is performed by interworking between the service providing device and the authentication server, and when the user authentication process is successful Receive one or more input items necessary for inputting personal information transmitted from the providing apparatus through the communication unit, and include a plurality of personal identification information for a terminal registered in advance in the cloud-based server and a synonym group database registered in advance in the cloud-based server. A controller for matching synonyms and one or more input items, respectively; And a display unit displaying a matching result.

According to the present invention, if any one web service undergoes an identity authentication procedure among web services, and additionally downloads and executes another web service, the service can be directly installed without the user authentication procedure and user additional information input procedure required for use of the service. There is an effect that can be used.

In addition, the present invention does not install a separate authentication application for the user authentication function, and directly connected to the integrated management device for storing and managing user authentication information and additional information in a separate web service additional information required for user authentication and service provision There is an effect that can be provided.

In addition, the present invention can immediately provide the user additional information required for reducing the authentication cost and service provision on the web service provider side, and immediately executes the service without input of the inconvenient authentication information and additional information required for providing the service on the web service user side. It can be used to provide cost savings and convenience.

In addition, when the user of the terminal inputs personal information in an online system such as a web server, the user inputs the corresponding personal information by interlocking the personal information stored in the cloud-based server in advance, so that the user inputs the personal information every time. It is effective to improve user convenience by simplifying without performing and to improve service accessibility through easy registration process.

In addition, the present invention by reflecting the personal information stored in advance in the cloud-based server after the authentication of the terminal to the personal information required for input, eliminating the inconvenience during input according to the small touch screen provided in the terminal and customer optional matters As a result, it is effective to strengthen information security compared to applying personally identifiable information uniformly.

1 is a diagram illustrating a system for user authentication when using a web service according to an embodiment of the present invention.

2 is a block diagram schematically showing the configuration of a terminal according to an embodiment of the present invention.

3 is a diagram illustrating in detail the configuration of the web service processor illustrated in FIG. 2.

4 is a block diagram schematically illustrating a configuration of a web service apparatus according to an exemplary embodiment of the present invention.

5 is a block diagram schematically illustrating a configuration of an integrated management apparatus according to an embodiment of the present invention.

6 illustrates a method for user authentication when using a web service according to an embodiment of the present invention.

7 is a block diagram showing the configuration of a personal information management system according to an embodiment of the present invention.

8 is a block diagram showing the configuration of a cloud-based server according to an embodiment of the present invention.

9 is a block diagram showing the configuration of a terminal according to an embodiment of the present invention.

10 is a block diagram showing the configuration of a service providing apparatus according to an embodiment of the present invention.

11 is a signal flow diagram illustrating a communication process according to an embodiment of a personal information management system of the present invention.

12 is a diagram illustrating a screen of a terminal according to an embodiment of the present invention.

It should be noted that the technical terms used in the present invention are merely used to describe specific embodiments, and are not intended to limit the present invention. In addition, the technical terms used in the present invention should be interpreted as meanings generally understood by those skilled in the art unless the present invention has a special meaning defined in the present invention, and is excessively comprehensive. It should not be interpreted in the sense of or in the sense of being excessively reduced. In addition, when a technical term used in the present invention is an incorrect technical term that does not accurately express the spirit of the present invention, it should be replaced with a technical term that can be understood by those skilled in the art. In addition, the general terms used in the present invention should be interpreted as defined in the dictionary or according to the context before and after, and should not be interpreted in an excessively reduced sense.

Also, the singular forms used in the present invention include plural forms unless the context clearly indicates otherwise. Terms such as “consisting of” or “comprising” in the present invention should not be construed as necessarily including all of the various components or steps described in the present invention, and some of the components or some steps may not be included. It should be construed that it may further include, or further include, additional components or steps.

In addition, terms including ordinal numbers such as first and second used in the present invention may be used to describe components, but the components should not be limited by the terms. The terms are used only to distinguish one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as the second component, and similarly, the second component may also be referred to as the first component.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings, and the same or similar components will be given the same reference numerals regardless of the reference numerals, and redundant description thereof will be omitted.

In addition, in describing the present invention, when it is determined that the detailed description of the related known technology may obscure the gist of the present invention, the detailed description thereof is omitted. In addition, it should be noted that the accompanying drawings are only for easily understanding the spirit of the present invention and should not be construed as limiting the spirit of the present invention by the accompanying drawings.

1 is a diagram illustrating a system for user authentication when using a web service according to an embodiment of the present invention.

Referring to FIG. 1, a system for user authentication when using a web service includes a terminal 100, a web service apparatus 200, and an integrated management apparatus 300.

When the web service execution command is input through the browser, the terminal 100 receives an authentication token (AuthToken) from the integrated management device 300 and requests user authentication from the web service device 200 using the issued authentication token. Receive the AccessID.

The terminal 100 is a client terminal capable of communicating with the web service apparatus 200 or the integrated management apparatus 300, for example, a smart phone, a notepad, a laptop computer, a tablet computer. Terminals, and the like, and need not be limited to any particular terminal if communication through a communication network is possible.

Detailed description of the terminal 100 will be described with reference to FIG. 2.

When the web service device (or service providing device) 200 receives the user authentication request signal including the authentication token from the terminal 100, the web service device (or service providing device) 200 sends the user authentication information request signal including the authentication token to the integrated management device 300. send. When the user authentication information including the AccessID and the CI is received from the integrated management device 300, the web service apparatus 200 stores the user authentication information and transmits the AccessID to the terminal 100. Here, AccessID means a user authentication ID, and CI (Connecting Information) is information that can identify whether the same user is between different Internet services, and may be personal identification information given by an identity verification institution for linking services.

The web service device 200 may communicate with other electronic devices through various communication standards, and may be implemented through an electronic device capable of performing various data processing operations. For example, the web service apparatus 200 may be implemented in the form of a server device, and may be implemented in the form of various electronic devices in addition to the form of the server device. In addition, the web service device 200 may be implemented in the form of a single electronic device or in the form of a combination of two or more electronic devices.

A detailed description of the web service apparatus 200 will refer to FIG. 3.

The integrated management device (or cloud-based server) 300 has a user information database in which user information including user authentication information and additional information is stored, and when issuance of an authentication token for a web service is requested from the terminal 100, Issue an authentication token with a validity period.

The integrated management device 300 performs user authentication using the authentication token when a user authentication information request signal including an authentication token is received from the web service device 200, and includes an AccessID and a CI when the user is an authenticated user. The user authentication information is transmitted to the web service apparatus 200.

The integrated management device 300 may communicate with other electronic devices through various communication standards, and may be implemented through an electronic device capable of performing various data processing operations. For example, the integrated management device 300 may be implemented in the form of a server device, and may be implemented in the form of various electronic devices in addition to the form of the server device. In addition, the integrated management device 300 may be implemented in the form of a single electronic device or in a form in which two or more electronic devices are combined.

A detailed description of the integrated management device 300 will be described with reference to FIG. 4.

In the case of a web service running through a browser mounted on the terminal 100, since a user authentication ID (AcessID) may be exposed in a URL in the form of a POST (Power On Self Test), when the web service and the integrated management device 300 are interworked. Instead of delivering AcessID, if an authentication token (AuthToken) having a validity period (for example, 10 sec) is provided and a user authentication is requested from the web service device 200 to the web service device 200 using the authentication token as a key value, the web service device 200 ) To request the user authentication to the integrated management device 300 to receive a user authentication ID9AcessID) securely between the web service device 200 and the integrated management device (300).

FIG. 2 is a block diagram schematically showing the configuration of a terminal according to an embodiment of the present invention. FIG. 3 is a diagram showing the configuration of a web service processing unit shown in FIG. 2 in detail.

Referring to FIG. 2, the terminal 100 includes a communication unit 110, an input unit 120, a display unit 130, a storage unit 140, a web service processing unit 150, and a control unit 160.

The communication unit 110 is a communication means for connecting the terminal 100 and the web service device or the integrated management device through a communication network. For example, a wireless communication module such as mobile communication or satellite communication, a wired communication module such as the Internet, and Wi-Fi It may include a short-range wireless communication module such as.

The input unit 120 is a means for receiving a user request for controlling the operation of the terminal 100, and converts the user's request into an electric signal according to a user's manipulation. The input unit 120 is an input means for receiving letters, numbers, text, voice, movement, tactile sense, time, etc. from the user. For example, the input means is a keyboard, a keypad, a touch screen, a visual sensing means, a tactile sensing means, a movement detecting means. It may be implemented in various forms such as a voice input means. In addition, the input unit 120 may be implemented in the form of a touch screen integral with the display unit 130. The input unit 120 may be used to receive a web service execution command.

The display unit 130 displays various information related to the operation of the terminal 100. The display unit 130 may be in the form of a visually identifiable display.

The storage 140 stores a program necessary for controlling the operation of the terminal 100 and data generated while executing the program. The storage 140 may be implemented in a form including various kinds of memory devices.

When the web service execution command is input through the browser, the web service processor 150 receives an authentication token from the integrated management device through the communication unit 110, requests a user authentication to the web service device with the issued authentication token, and accessID. Receive

The web service processor 150 may manage a connection with the integrated management device to a web service to receive user authentication information and additional information through the integrated management device, and perform authentication information management function in the web service.

Referring to FIG. 3 for the web service processor 150, the web service processor 150 includes a browser module 152 and an authentication module 154.

When a web service execution command is input, the browser module 152 transmits the corresponding web service identification information to the authentication module 154 and stores the AccessID transmitted from the authentication module 154 in a cache.

The authentication module 154 transmits an authentication token issuing request signal including at least one of web service identification information, terminal identification information, client authentication key, and app guard installation from the browser module 152 to the integrated management device. Receive an authentication token with a valid period set from the integrated management device.

The authentication module 154 transmits a user authentication request signal including an authentication token to the web service device, receives an AccessID from the web service device, and transmits the AccessID to the browser module 152. The browser module 152 then stores the AccessID.

The web service processing unit 150 requests user authentication information or additional information to the integrated management device via the web service device using the AccessID cached in the browser module 154 as a key value when user authentication information or additional information is needed while the web service is executed. And receive.

The controller 160 controls the overall function of the terminal 100 by executing a driving program stored in the storage 140 according to a terminal user input through the input unit 120.

The controller 160 controls operations of each unit, such as the communication unit 110, the input unit 120, the display unit 130, the storage unit 140, and the web service processing unit 150.

The controller 160 may include at least one arithmetic unit, wherein the arithmetic unit is a general purpose central arithmetic unit (CPU), programmable device elements (CPLD, FPGA) implemented for a specific purpose, and custom semiconductor arithmetic. It may be an apparatus (ASIC) or a microcontroller chip.

4 is a block diagram schematically illustrating a configuration of a web service apparatus according to an exemplary embodiment of the present invention.

Referring to FIG. 4, the web service apparatus 200 includes an authentication information database 210 and an authentication request processor 220.

The authentication information database 210 stores user authentication information including AccessIDs, CIs, and the like of users.

When the user authentication request signal including the authentication token is received from the terminal, the authentication request processor 220 transmits the user authentication information request signal including the authentication token to the integrated management device, and includes the AccessID and the CI from the integrated management device. When the user authentication information is received, the user authentication information is stored in the authentication information database 210 and the AccessID is transmitted to the terminal. That is, when the user authentication request signal is received, the authentication request processor 220 requests user authentication to the integrated management device using the authentication token as a key value. Then, the integrated management device performs user authentication based on the authentication token, and transmits user authentication information to the authentication request processor 220 when the user is an authenticated user.

5 is a block diagram schematically illustrating a configuration of an integrated management apparatus according to an embodiment of the present invention.

Referring to FIG. 5, the integrated management apparatus 300 includes a user information database 310, an authentication token issuer 320, an authentication unit 330, an authentication information provider 340, and a controller 350.

The user information database 310 stores user information including user authentication information and additional information of individual services. The user authentication information may include name, gender, date of birth, domestic / foreign status, carrier, mobile phone number, CI value, and the like, and additional information may include membership and coupon issuance, push dispatch information, and the like. As described above, the user information database 310 integrates and stores user information of individual services having user authentication information and additional information.

The user authentication information or additional information stored in the user information database 310 may be updated in real time according to a web service state change (eg, deletion, reinstallation, MDN change, etc.) of the terminal.

In addition, the authentication information issued by the authentication token issuing unit 320 is stored in the user information database 310.

When the authentication token issuing unit 320 receives an authentication token issuing request signal for the web service from the terminal, the authentication token issuing unit 320 issues an authentication token having a valid period and transmits it to the terminal. The authentication token issuance request signal may include terminal identification information, web service identification information, a client authentication key, whether or not an app guard is installed. The authentication token is information used to authenticate a user. The authentication token is a challenge response method or a time-based code sequence method. The authentication token can be a combination of one or more of encrypted numbers and letters, or can be a seed or serial number for generating an OTP.

Since the validity period is set in the authentication token issued by the authentication token issuing unit 320, it is maintained for a certain period of time and automatically discarded after a certain period of time. Therefore, the authentication token issuing unit 320 checks the valid period information of the authentication token stored in the user information database 310 periodically (or in real time), and manages the authentication token information.

When the authentication unit 330 receives a user authentication information request signal including an authentication token from the web service device, the authentication unit 330 performs user authentication using the authentication token, and in the case of an authenticated user, user authentication information including an AccessID and a CI. To the web service device. Here, the user authentication information request signal may include an authentication token, a web service device authentication key, and the like. At this time, the authentication unit 330 determines whether it is within the valid period set in the authentication token, and if it is within the valid period, the authentication unit 330 performs authentication by comparing with the authentication token stored in the user information database 310. In the case of an authenticated user, the authentication unit 330 issues an AccessID and stores the issued AccessID in the user information database 310. Thereafter, the authentication unit 330 obtains user authentication information including the issued AccessID and CI from the user information database 310 and transmits it to the web service device.

When the user authentication information request signal including the AccessID is received, the authentication information providing unit 340 acquires user authentication information mapped to the AccessID by searching the user information database 310 and transmits the obtained user authentication information. .

The controller 350 controls the operations of each unit, such as the user information database 310, the authentication token issuing unit 320, the authentication unit 330, the authentication information providing unit 340.

Such components that may be included in the integrated management apparatus 200 may be implemented in hardware, software, or a combination thereof, and two or more components may be simultaneously implemented by one hardware or software.

6 illustrates a method for user authentication when using a web service according to an embodiment of the present invention.

Referring to FIG. 6, when a terminal executes a web service execution command through a browser (S602), the terminal integrates an authentication token issuance request signal including web service identification information, terminal identification information, a client authentication key, and whether the app guard is installed. Transmission to the management device (S604).

The integrated management device issues an authentication token having a validity period and transmits it to the terminal (S606).

The terminal transmits a user authentication request signal including an authentication token received from the integrated management device to the web service device (S608), and the web service device transmits a user authentication information request signal including the authentication token to the integrated management device ( S610).

The integrated management device performs user authentication using an authentication token (S612), and in the case of an authenticated user, transmits user authentication information including an AccessID and a CI to the web service device (S614).

The web service apparatus stores user authentication information transmitted from the integrated management apparatus (S616), and transmits an AccessID to the terminal (S618). Then, the terminal stores the AccessID (S618). When the terminal executes and uses the web service and needs user authentication information or additional information, the terminal may request and receive user authentication information or additional information from the integrated management device via the web service device using the AccessID cached in the browser module as a key value. . If you are using any one of the web services that go through the authentication process, you can download the other web services and run them directly without any additional authentication process and input of user additional information required to use the service. Can be used.

Meanwhile, according to another aspect of the present invention, when an authentication token issuance request signal for a web service is received from the terminal when executed by the integrated management device, issuing an authentication token having a validity period and transmitting the same to the terminal. Step, when a user authentication information request signal including an authentication token is received from the web service apparatus that receives the user authentication request signal from the terminal, performs user authentication using the authentication token, and if the user is an authenticated user, accessID and CI. There is provided a computer-readable recording medium containing a program for executing a method for user authentication when using a web service, the method comprising transmitting user authentication information to a web service device.

In addition, according to another aspect of the present invention, when executed by the terminal, when a web service execution command is input through a browser, transmitting an authentication token issuance request signal for the corresponding web service to the integrated management device, integrated management device When an authentication token having a validity period is issued from the terminal, transmitting a user authentication request signal including an authentication token to the web service device, receiving and storing an AccessID from the web service device, user authentication information or If additional information is needed, a program for executing a method for user authentication when using a web service including requesting and receiving user authentication information or additional information from the integrated management device via a web service device using the stored AccessID as a key value is included. A computer readable recording medium is provided.

A method for authenticating a user when using such a web service can be written as a program, and codes and code segments constituting the program can be easily inferred by a programmer in the art. Also, a program relating to a method for authenticating a user when using a web service may be stored in a readable media that can be read by the electronic device, and read and executed by the electronic device.

7 is a block diagram showing the configuration of a personal information management system 700 according to an embodiment of the present invention.

As illustrated in FIG. 7, the personal information management system 700 includes a cloud-based server 710, a terminal 720, and a service providing device 730. Not all components of the personal information management system 700 shown in FIG. 7 are essential components, and the personal information management system 700 may be implemented by more components than those shown in FIG. The personal information management system 710 may be implemented by fewer components.

When the terminal 720 is connected to the service providing apparatus 730 including a web server, a web site, or the like, and newly subscribes to the service providing apparatus 730, the service providing apparatus 730 receives shipping information. When a pre-set event including a case in which it is necessary to describe (or input / transmit), the personal information of the terminal 720 should be transmitted to another terminal (not shown) in the form of a push message (or MMS message), The terminal 720 performs user authentication. Thereafter, after the user authentication is normally performed, the terminal 720 confirms one or more input items included in the necessary personal information in response to the corresponding event, and is confirmed from the personal identification information previously registered in the cloud-based server 710. Match one or more input items, respectively. Thereafter, the terminal 720 performs a function corresponding to the corresponding event based on the matched one or more input items.

As shown in FIG. 8, the cloud-based server 710 includes a communication unit 711, a storage unit (DB) 712, and a control unit 713. Not all components of the cloud-based server 710 shown in FIG. 8 are required components, and the cloud-based server 710 may be implemented by more components than those shown in FIG. 8, and fewer of them. The cloud-based server 710 may also be implemented by the component.

The communication unit 711 communicates with an internal component or at least one external terminal through an wired / wireless communication network. In this case, the external terminal may include a terminal 720, a service providing device 730, and the like.

In addition, the communication unit 711 receives personal identification information transmitted from the terminal 720 and identification information of the corresponding terminal 720. Here, personally identifiable information may include basic information (e.g., name, social security number, mobile phone number, home address, home phone number, work name, work address, work phone number, e-mail address, etc.), related person information (e.g. family Name, friend's name, etc.), personal SNS information (including personal blog information, personal website address information, personal Facebook information, etc.), payment information (including card information, bank account information, etc.), additional Information such as hobbies, photos, avatars, self-introduction, etc.

The storage unit 712 stores a user interface (UI), a graphic user interface (GUI), and the like.

In addition, the storage unit (or database) 712 stores data and programs necessary for the cloud-based server 710 to operate.

In addition, the storage unit 712 stores personal image information, identification information, etc. of the terminal 720 transmitted from the terminal 720 under the control of the controller 713.

The storage unit 712 also forms (or configures) a synonym group database (or related keyword database) that stores a plurality of synonyms (or a plurality of related keywords) under the control of the control unit 713.

The controller 713 executes the overall control function of the cloud-based server 710.

In addition, the controller 713 stores personal image information about the terminal 720 transmitted from the terminal 720 in the storage unit 712. In this case, the controller 713 may match (or link with) the personal identification information of the terminal 720 with the identification information of the terminal 720 and store it in the storage unit 712.

In addition, the controller 713 defines (or sets) a plurality of synonyms (or a plurality of related keywords) and stores the defined plurality of synonyms in the storage unit 712 configured with a synonym group database.

In addition, when a preset event occurs while the terminal 720 is connected to the service providing apparatus 730, the control unit 713 stores the storage unit 712 by interworking with the terminal 720 and the service providing apparatus 730. ) Provides (or transmits) personal identification information of the corresponding terminal 720 registered in advance to the terminal 720 and a plurality of synonyms registered in the synonym group database to the terminal 720 or the service providing device 730 through the communication unit 711. do. Here, when the preset event is a new subscription to the corresponding service providing device 730, when the delivery information should be described (or input / transmitted) by the corresponding service providing device 730, the personal information of the terminal 720 may be changed. It may include a case that should be transmitted in the form of a push message (or MMS message) to the terminal (not shown).

As illustrated in FIG. 9, the terminal 720 includes a first communication unit 721, a first storage unit 722, a first display unit 723, and a first control unit 724. Not all components of the terminal 720 illustrated in FIG. 9 are essential components, and the terminal 720 may be implemented by more components than those illustrated in FIG. 9, or by fewer components. The terminal 720 may be implemented.

The first communication unit 721 communicates with an internal component or at least one external terminal through an wired / wireless communication network. In this case, the external terminal may include a cloud-based server 710, a service providing device 730, and the like.

In addition, the first communication unit 721 transmits the personal identification information of the terminal 720 to the cloud-based server 710 under the control of the first control unit 724.

The first storage unit 722 stores a user interface (UI), a graphical user interface (GUI), and the like.

In addition, the first storage unit 722 stores data and programs necessary for the terminal 720 to operate.

In addition, the first storage unit 722 stores the identification information of the terminal 720 under the control of the first control unit 724. In this case, the identification information of the terminal 720 includes a mobile directory number (MDN), a mobile IP, a mobile MAC, a subscriber identity module (SIM) card unique information, a serial number, and the like. In addition, the identification information of the terminal 720 is the International Mobile Subscriber Identity (IMSI) of the USIM provided in the terminal 720, the International Mobile Equipment Identity (IMEI) unique to the terminal 720 ) May be further included.

The first display unit 723 may display content such as a menu screen using a user interface or a graphic user interface stored in the first storage unit 722 under the control of the first control unit 724. Here, the content displayed on the first display unit 723 includes text or image data (including various information data) and a menu screen including data such as an icon, a list menu, a combo box, and the like. In addition, the first display unit 723 may be a touch screen.

In addition, the first display unit 723 displays personal image information generated by the control of the first control unit 724.

The first controller 724 executes the overall control function of the terminal 720.

In addition, the first controller 724 generates personal image information according to a user input (or a user touch) of the terminal 720. Here, personally identifiable information (or digitally identifiable information) includes basic information (e.g., name, social security number, mobile phone number, home address, home phone number, work name, work address, work phone number, e-mail address, etc.) Information (e.g., including family names, friend names, etc.), personal SNS information (e.g., personal blog information, personal website address information, personal Facebook information, etc.), payment information (e.g. card information, bank accounts, etc.) Information, etc.), additional information (eg, hobbies, pictures, avatars, self-introduction, etc.), and the like.

In addition, the first controller 724 registers (or stores) the generated personal image information of the corresponding terminal 720 with the cloud-based server 710 through the first communication unit 721.

In addition, the first controller 724 may register identification information of the terminal 720 together with the personal identification information of the corresponding terminal 720 to the cloud-based server 710 through the first communication unit 721. Here, the identification information of the terminal 720 includes MDN, Mobile IP, Mobile MAC, Sim (Subscriber Identification Module) card unique information, serial number and the like. In addition, the identification information of the terminal 720 may further include the IMSI (International Mobile Station Identification Number) of the USIM provided in the terminal 720, the IMEI (International Mobile Terminal Identification Number) unique to the terminal 720, and the like.

In addition, the first control unit 724 communicates with the service providing apparatus 730 including a web server, a web site, and the like through the first communication unit 721.

In addition, when the first control unit 724 communicates with the service providing apparatus 730 (or connected to the service providing apparatus 730), a preset event requiring personal information input occurs. The controller 724 performs a user authentication process for the corresponding terminal 720 (or a user of the terminal 720) by interworking with the service providing device 730 and an authentication server (not shown). Here, when the preset event is a new subscription to the corresponding service providing device 730, when the delivery information should be described (or input / transmitted) by the corresponding service providing device 730, the personal information of the terminal 720 may be changed. It may include a case in which a terminal (not shown) to be transmitted in the form of a push message (or MMS (Multimedia Message Service) message). In this case, the user authentication method includes a name / resident registration number / date of birth authentication method, a PIN authentication method, a card authentication method, and the like.

As a result of the user authentication, when the user authentication process fails, the first control unit 724 displays information indicating the user authentication failure on the first display unit 723.

As a result of the user authentication, if the user authentication process succeeds, the first controller 724 checks one or more input items (or input fields) included in the corresponding personal information. In this case, the first control unit 724 receives one or more input items included in the corresponding personal information transmitted from the service providing device 730 through the first communication unit 721 and based on the received one or more input items. You can also check the entries included in your personal information.

In addition, the first controller 724 matches one or more input items among personal image information of the terminal 720 registered in advance in the cloud-based server 710. In this case, the matching result corresponds to any one of a success state, a hold state, and a fail state. Here, the success state indicates a case where the input item (or input field) matches any one item (or field) of personal identification information registered in advance in the cloud-based server 710. In addition, the pending state is a synonym group database (or related keyword database) that the entry does not exactly match any one of the personal identification information registered in advance in the cloud-based server 710, but is registered in advance in the cloud-based server 710. Indicates a case where (or is related to) any one of a plurality of synonyms (or a plurality of related keywords) included in the). In addition, the failure state indicates a case where an input item does not match in both personal information registered in advance in the cloud-based server 710 and in a plurality of synonyms included in the synonym group database registered in advance in the cloud-based server 710.

That is, the first controller 724 matches one or more input items to be input corresponding to the occurrence event among the personal identification information of the corresponding terminal 720 registered in advance in the cloud-based server 710. In addition, when there is no information corresponding to one or more input items to be input in response to an event occurring among personal image information of the corresponding terminal 720 registered in the cloud-based server 710 in advance, the first control unit 724 One or more input items to be input corresponding to an event occurring among a plurality of synonyms included in a synonym group database registered in advance in the cloud-based server 710 are matched.

As such, the first control unit 724 may have a unique value (or a single value) among personal information about the terminal 720 registered in advance in the cloud-based server 710 and information (or fields) included in the synonym group database. Value) is set (or entered) as the primary key value.

In addition, the first controller 724 displays one or more input items matched with each other in the success state, the held state, and the failed state on the first display unit 723.

In addition, the first controller 724 edits the corresponding input item according to a user input (or selection) of the terminal 720 with respect to the matched one or more input items displayed on the first display unit 723 in a suspended state or a failed state. (Or modify / select / set) to finally match one or more input items identified when a preset event occurs.

That is, the first control unit 724 is a pending state for the first input item displayed on the first display unit 723 to the synonym group database corresponding to the pending state by the user confirmation (or selection) of the terminal 720. The included information is matched with the corresponding first input item.

As such, when a specific input item is not matched with personal identification information of the terminal 720 that is registered in advance, but matches another type of synonym, the first controller 724 may be a synonym matched to the user of the terminal 720. Inquire whether to use, and when the use is selected, the matched synonym information is automatically matched (or selected / set) with the value of the specific input item.

In this way, a character mapping system may be constructed in case the field value of the personal identification information registered in advance in the cloud-based server 710 and the field value requested by the service providing device 730 are different from each other.

In addition, the first control unit 724 receives (or selects) a specific value for the second input item displayed on the first display unit 723 in a failed state by user editing (or selection) of the terminal 720. Match the received (or selected) specific value to the corresponding second input item.

In addition, when a preset button (or menu) included in the terminal 720 is selected, the first controller 724 may generate a preset event generated by interworking with the service providing apparatus 730 based on the last matched information. Perform the function corresponding to

That is, when a preset button (or menu) is selected, the first control unit 724 performs the corresponding event by interworking with the service providing device 730 based on one or more input items checked when the last matched preset event occurs. Perform the function corresponding to In this case, the function corresponding to the corresponding event is to perform a new subscription function for the corresponding service providing device 730 when newly subscribed to the corresponding service providing device 730, and delivers the delivery information to the corresponding service providing device 730. If you need to fill in (or input / transmit) is to perform the corresponding shipping information entry function, if the personal information of the terminal 720 to send a push message (or MMS message) to another terminal (not shown) It may be to perform a function of sending a push message.

As such, when a preset button (or menu) included in the terminal 720 or the preset button (or menu) included in the screen provided to the terminal 720 by the service providing apparatus 730 is selected, The first controller 724 transmits the last matched one or more input items (or information on the input items) to the service providing apparatus 730 through the first communication unit 721.

In addition, as described above, the reflection of the previously generated cloud-based personal identification information may be determined by the user's selection of the corresponding terminal 720, thereby minimizing the post-security breach.

In addition, the first controller 724 receives an event function execution result transmitted from the service providing apparatus 730 in response to the transmitted last matched one or more input items through the first communication unit 721.

In addition, the first control unit 724 displays the result of performing the function (including normal termination of the event, an event execution error, etc.) on the first display unit 723.

As illustrated in FIG. 10, the service providing apparatus 730 includes a second communication unit 731, a second storage unit 732, a second display unit 733, and a second control unit 734. Not all components of the service providing apparatus 730 shown in FIG. 10 are essential components, and the service providing apparatus 730 may be implemented by more components than those shown in FIG. The service providing device 730 may also be implemented by a component. Here, the service providing apparatus 730 includes a web server, a web site, and the like.

The second communication unit 731 communicates with an internal component or at least one external terminal through an wired / wireless communication network. In this case, the external terminal may include a cloud-based server 710, a terminal 720, and the like.

In addition, the second communication unit 731 is connected to the service providing apparatus 730 transmitted from the cloud-based server 710 under the control of the second control unit 734, personal identification information for the terminal 720, the terminal Receive identification information 720 and the like.

The second storage unit 732 stores a user interface (UI), a graphical user interface (GUI), and the like.

In addition, the second storage unit 732 stores data and programs necessary for the service providing device 730 to operate.

In addition, the second storage unit 732 is personal image information about the terminal 720 connected to the service providing apparatus 730 received through the second communication unit 731 under the control of the second control unit 734, The identification information of the terminal 720 is stored.

The second display unit 733 may display content such as a menu screen using a user interface and a graphic user interface stored in the second storage unit 732 under the control of the second control unit 734. Here, the content displayed on the second display unit 733 includes a menu screen including text or image data (including various information data) and data such as an icon, a list menu, a combo box, and the like. In addition, the second display unit 733 may be a touch screen.

In addition, the second display unit 733 may include personally identifiable information about the terminal 720 connected to the service providing device 730 received under the control of the second control unit 734, identification information of the terminal 720, and the like. Is displayed.

The second control unit 734 executes the overall control function of the service providing device 730.

In addition, a preset event that requires input of personal information occurs in a state in which the terminal 720 communicates with the service providing apparatus 730 through the second communication unit 731 (or connected to the corresponding service providing apparatus 730). In this case, the second controller 734 performs a user authentication process for the corresponding terminal 720 (or a user of the terminal 720) by interworking with the terminal 720 and the authentication server. Here, when the preset event is a new subscription to the corresponding service providing device 730, when the delivery information should be described (or input / transmitted) by the corresponding service providing device 730, the personal information of the terminal 720 may be changed. It may include a case that should be transmitted in the form of a push message (or MMS message) to the terminal (not shown). In this case, the user authentication method includes a name / resident registration number / date of birth authentication method, a PIN authentication method, a card authentication method, and the like.

In addition, when the user authentication process for the terminal 720 is successful, the second controller 734 removes one or more input items (or information on one or more input items) included in the personal information corresponding to the corresponding event that occurred. 2 is transmitted to the terminal 720 through the communication unit 731.

In addition, when the preset button (or menu) included in the terminal 720 or the preset button (or menu) included in the screen provided to the terminal 720 by the service providing device 730 is selected, the second button is selected. The controller 734 performs a function corresponding to the corresponding event based on one or more input items identified when a preset event, which is finally matched in the corresponding terminal 720, is generated by interworking with the terminal 720. In this case, the function corresponding to the corresponding event is to perform a new subscription function for the corresponding service providing device 730 when newly subscribed to the corresponding service providing device 730, and delivers the delivery information to the corresponding service providing device 730. If you need to fill in (or input / transmit) is to perform the corresponding shipping information entry function, if the personal information of the terminal 720 to send a push message (or MMS message) to another terminal (not shown) It may be to perform a function of sending a push message.

That is, when the preset button (or menu) included in the terminal 720 or the preset button (or menu) included in the screen provided to the terminal 720 by the service providing device 730 is selected, the second button is selected. The controller 734 receives one or more finally matched input items (or information on the input items) transmitted from the terminal 720 through the second communication unit 731.

In addition, the second controller 734 performs a function corresponding to the corresponding event based on the received last matched one or more input items.

In addition, the second controller 734 transmits the result of performing the event function to the corresponding terminal 720 through the second communication unit 731.

As such, when the user of the terminal inputs personal information in an online system such as a web server, the personal information may be input by interlocking personal identification information previously stored in the cloud-based server.

In addition, as described above, after performing authentication on the terminal, personal identification information stored in advance in the cloud-based server may be reflected in necessary personal information.

Hereinafter, a control method of the personal information management system according to the present invention will be described in detail with reference to FIGS. 7 to 12.

11 is a signal flow diagram illustrating a communication process according to an embodiment of a personal information management system of the present invention.

First, the terminal 720 registers (or stores) personal identification information with the cloud-based server 710. Here, personally identifiable information (or digitally identifiable information) includes basic information (e.g., name, social security number, mobile phone number, home address, home phone number, work name, work address, work phone number, e-mail address, etc.) Information (e.g., including family names, friend names, etc.), personal SNS information (e.g., personal blog information, personal website address information, personal Facebook information, etc.), payment information (e.g. card information, bank accounts, etc.) Information, etc.), additional information (eg, hobbies, pictures, avatars, self-introduction, etc.), and the like.

That is, the terminal 720 generates personal identification information according to a user input (or user touch) of the terminal 720 and registers the generated personal identification information with the cloud-based server 710. In this case, the terminal 720 may register identification information of the terminal 720 together with the personal image information to the cloud-based server 710. Here, the identification information of the terminal 720 includes MDN, Mobile IP, Mobile MAC, Sim (Subscriber Identification Module) card unique information, serial number and the like. In addition, the identification information of the terminal 720 may further include the IMSI (International Mobile Station Identification Number) of the USIM provided in the terminal 720, the IMEI (International Mobile Terminal Identification Number) unique to the terminal 720, and the like.

For example, the terminal 720 includes a name (Hong Gil-dong), a resident registration number (123456-*******), a mobile phone number (010- ○○○○○-○○○○), home address (○○ Gangnam-gu, Seoul ○○) Boulevard ○○), home phone number (02-512- ○○○○), work name (○○ Bank), work address (△△ △△ △ Gangnam-gu, Seoul), e-mail address (△△△△ @ △△△ Personal identification information including .ΔΔ △) is generated, and the generated personal identification information and identification information of the terminal 720 are registered in the cloud-based server 710 (S1110).

Thereafter, a preset event requiring personal information input in a state in which the terminal 720 communicates with the service providing apparatus 730 including a web server, a web site, or the like (or a state in which the terminal 720 is connected to the corresponding service providing apparatus 730). If so, the terminal 720 performs a user authentication process for the corresponding terminal 720 (or a user of the terminal 720) by interworking with the service providing device 730 and an authentication server (not shown). Here, when the preset event is a new subscription to the corresponding service providing device 730, when the delivery information should be described (or input / transmitted) by the corresponding service providing device 730, the personal information of the terminal 720 may be changed. It may include a case that should be transmitted in the form of a push message (or MMS message) to the terminal (not shown). In this case, the user authentication method includes a name / resident registration number / date of birth authentication method, a PIN authentication method, a card authentication method, and the like.

For example, when the terminal 720 (or a user of the terminal 720) newly subscribes to a corresponding web site requiring personal information input from the □ □ web site, the terminal 720 is connected to the □ □ web site and the authentication server. In operation S1120, a user authentication process for the terminal 720 is performed by interworking with the terminal.

Then, if the user authentication process fails, the terminal 720 outputs information indicating the user authentication failure.

For example, when the user authentication for the corresponding terminal 720 by the interworking between the terminal 720 and the authentication server fails, the terminal 720 outputs information indicating the user authentication failure (S1130).

In addition, if the user authentication process is successful, the terminal 720 checks one or more input items (or input fields) included in the corresponding personal information. In this case, the terminal 720 may receive one or more input items included in the corresponding personal information transmitted from the service providing apparatus 730 and check the input items included in the corresponding personal information.

For example, when the user authentication for the corresponding terminal 720 by the interworking between the terminal 720 and the authentication server is successful, the terminal 720 is included in the personal information necessary in the corresponding □□ web site transmitted from the □□ web site. The user receives an input item such as a name, a mobile phone number, an address (home), an e-mail, and a marriage (S1140).

Thereafter, the terminal 720 matches each of one or more input items among personal image information about the terminal 720 registered in advance in the cloud-based server 710. At this time, the matching result corresponds to any one of a success state, a pending state, and a failure state. Here, the success status indicates a case where the input item matches any one item (or field) of personal identification information registered in advance in the cloud-based server 710. In addition, the pending state is a synonym group database (or related keyword database) that the entry does not exactly match any one of the personal identification information registered in advance in the cloud-based server 710, but is registered in advance in the cloud-based server 710. Indicates a case where (or is related to) any one of a plurality of synonyms (or a plurality of related keywords) included in the). In addition, the failure state indicates a case where an input item does not match in both personal information registered in advance in the cloud-based server 710 and in a plurality of synonyms included in the synonym group database registered in advance in the cloud-based server 710.

That is, the terminal 720 matches one or more input items to be input in response to an event occurring among personal image information about the terminal 720 registered in advance in the cloud-based server 710. In addition, when there is no information corresponding to one or more input items to be input in response to an event occurring among personal image information about the terminal 720 registered in advance in the cloud-based server 710, the terminal 720 is cloud-based. One or more input items to be input corresponding to an event occurring among a plurality of synonyms included in a synonym group database registered in advance in the server 710 are matched.

For example, the terminal 720 is a name (Hong Gil-dong), a social security number (123456-*******), a mobile phone number (010- ○○) for the corresponding terminal 720 registered in advance in the cloud-based server 710. ○○○-○○○○), home address (○○ -daero ○○, Gangnam-gu, Seoul), home phone number (02-512- ○○○○), work name (○○ bank), work address (Gangnam-gu, Seoul △△ As such, among personally identifiable information including △△), an e-mail address (△△△△△@△△△.△△△), etc., the name, mobile phone number, Match entries such as address (home), email, and marital status. At this time, the matching result is the name included in the personal information required on the website (for example, Hong Gil-dong), the mobile phone number included in the personal information required on the website (for example, 010- ○○○○○-○○○○) Each of the backs to a success state. In addition, when there is no address (home) included in the personal information required on the web site and the information corresponding to the e-mail and marital status among the personal information about the terminal 720 registered in advance in the cloud-based server 710 , The terminal 720 is a plurality of synonyms included in the synonym group database registered in advance in the cloud-based server 710, such as residence, location, address, home, address, address (home), (home) address, place of residence, etc. □ The address (house) and e-mail address included in the personal information required on the Web site, among the synonym groups associated with the housing, including the e-mail address, e-mail address, e-mail address, email and electronic mail. Match the information corresponding to each. In addition, when there is information corresponding to an address (home) and an email included in the personal information required on the web site among the synonyms included in the synonym group database (for example, housing and Among the synonym groups involved □□ information corresponding to the address (home) included in the personal information required on the web site exists □ □ among the synonym groups related to the e-mail address included in the synonym group database □□ Included in the personal information required on the web site When the information corresponding to the e-mail is present), the terminal 720 matches the personal information information and the information in the corresponding synonym group with respect to the terminal 720 registered in advance in the cloud-based server 710 in a pending state ( For example, the address (home), which is information in the synonym group, is pre-registered to the cloud-based server 710. Matching the home address (○○ -daero ○○, Gangnam-gu, Seoul, Korea) for the corresponding terminal 720, and the electronic address for the corresponding terminal 720 which is registered in advance in the cloud-based server 710 with the email address which is information in the synonym group. Matches a postal address (△△△△@△△△.△△△). In addition, individuals required by the web site for a plurality of synonyms included in the personal information about the terminal 720 registered in advance in the cloud-based server 710 and the synonym group database registered in advance in the cloud-based server 710. When there is no information corresponding to the marital status included in the information, the terminal 720 matches (or sets) the marital status included in the necessary personal information on the □□ web site to a failed state.

In this way, the terminal 720 sets (or inputs) a unique value as a primary key value to a corresponding input item among personal information and information (or fields) included in the synonym group database (S1150).

Thereafter, the terminal 720 displays one or more input items each matched with a success state, a held state, and a failed state.

In addition, the terminal 720 edits (or modifies / selects / sets) the corresponding input item according to a user input (or selection) of the terminal 720 with respect to the matched one or more input items that are displayed in the held state or the failed state. At least one input item identified when a preset event occurs is finally matched.

For example, as illustrated in FIG. 12, the terminal 720 includes a name 1211, a mobile phone number 1212, an address (home) 1213, and an e-mail 1214 included in necessary personal information on a web site. And matched information 1210 is displayed for an input item such as marital status 1215. In this case, as shown in FIG. 12, the terminal 720 displays a success state (for example, green) 1221 for the name 1211 and the mobile number 1212, respectively, and an address (home) 1213. And e-mail 1214 are each marked as pending (eg yellow) 1222, and a status of failure (eg red) 1223 for marital status 1215. Subsequently, the terminal 720 according to a user input has an address (home) having a pending state 1222 or a failed state 1223 (for example, ○○ -daero ○○ -daero, Gangnam-gu, Seoul) 1213 and an email (for example, △△ Edit the fields for △△@△△△.△△△) 1214 and marital status (for example, no marriage) 1215, and the name 1211, mobile phone included in the personal information required on the website. Input items such as a number 1212, an address (home) 1213, an e-mail 1214, and a marital status 1215 are finally matched.

As such, when a specific input item does not match personal identification information about a terminal 720 that is registered in advance and matches another form of synonym, the terminal 720 may use a synonym matched to a user of the terminal 720. Inquiring whether the user is selected or not, automatically matches (or selects / sets) the matched synonym information with a value of the corresponding specific input item (S1160).

Subsequently, when a preset button is selected, the terminal 720 performs a function corresponding to a previously generated event by interworking with the service providing apparatus 730 based on the final matched information.

That is, when a preset button is selected, the terminal 720 performs a function corresponding to the corresponding event by interworking with the service providing apparatus 730 based on one or more input items checked when the last matched preset event occurs. do. In this case, the function corresponding to the corresponding event is to perform a new subscription function for the corresponding service providing device 730 when newly subscribed to the corresponding service providing device 730, and delivers the delivery information to the corresponding service providing device 730. If you need to fill in (or input / transmit) is to perform the corresponding shipping information entry function, if the personal information of the terminal 720 to send a push message (or MMS message) to another terminal (not shown) It may be to perform a function of sending a push message.

In addition, the terminal 720 outputs a result of performing a function on the corresponding event.

For example, when the preset button (for example, the confirmation button or the edit / modification complete button) 1230 illustrated in FIG. 12 is selected (or clicked), the terminal 720 may be linked to the service providing device 730. The name (for example, Hong Gil-dong), mobile phone number (for example, 010- ○○○○○-○○○○), address (home) included in the personal information required on the web site, which is the last matched information. For example, a new web site can be found on the web site of □□, including ○○ -daero ○○, Gangnam-gu, Seoul, e-mail (e.g. △△△△@△△△.△△△), marital status (e.g. no marriage), etc. Perform a new subscription to the web site based on the personal information required to join. In addition, the terminal 720 outputs information indicating that the new subscription function for the □□ web site is normally performed (S1170).

The above description may be modified and modified by those skilled in the art without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are not intended to limit the technical idea of the present invention but to describe the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The protection scope of the present invention should be interpreted by the following claims, and all technical ideas within the equivalent scope should be interpreted as being included in the scope of the present invention.

The present invention provides a system and method for authenticating a user when using a web service, and if a single web service undergoes an identity authentication process among web services, additionally downloads another web service and executes a separate identity authentication process. And the service can be used immediately without the user additional information input procedure required to use the service.

Claims (16)

1. A user information database storing user information including user authentication information and additional information of individual services;

   When an authentication token issuance request signal for a web service is received from the terminal, an authentication token issuing unit issuing an authentication token having a validity period and transmitting the authentication token to the terminal; And

   When the user authentication information request signal including the authentication token is received from the web service device, the user authentication is performed using the authentication token, and when the user is an authenticated user, the user authentication information including the AccessID and the CI is provided. Integrated management device comprising an authentication unit for transmitting to.
2. The method of claim 1,

   When the user authentication information request signal including an AccessID is received, the user information database is searched to obtain user authentication information mapped to the accessID, and further comprising an authentication information providing unit for transmitting the obtained user authentication information. Management device.
3. The method of claim 1,

   The authentication token issuance request signal is integrated management device, characterized in that it comprises at least one of the terminal identification information, web service identification information, client authentication key, whether the app guard installation.
4. The method of claim 1,

   The user authentication information request signal includes an authentication token and a web service device authentication key.
5. The method of claim 1,

   The authentication unit determines whether it is within the validity period set in the authentication token, if within the validity period, issues an AccessID, and transmits user authentication information including the issued AccessID and CI to the web service apparatus. Integrated management device.
6. A communication unit for communicating through a communication network; And

   When a web service execution command is input through a browser, an authentication token is issued from the integrated management device through the communication unit, and the web service processing unit receives an AccessID by requesting a user authentication to the web service device using the issued authentication token. Terminal.
7. The method of claim 6,

   The web service processing unit,

   A browser module for transmitting web service identification information to an authentication module when a web service execution command is input, and storing the AccessID transmitted from the authentication module in a cache; And

   Sending an authentication token issuance request signal including at least one of web service identification information, terminal identification information, client authentication key, and app guard installation transmitted from the browser module to the integrated management device, and valid period from the integrated management device. And an authentication module for receiving the set authentication token, transmitting a user authentication request signal including the authentication token to the web service device, receiving an AccessID from the web service device, and transmitting the received accessID to the browser module. Terminal.
8. The method of claim 6,

   The web service processing unit requests and receives user authentication information or additional information from the integrated management device via the web service device using the AccessID cached in the browser module as a key value when user authentication information or additional information is needed during execution of the web service. Terminal, characterized in that.
9. An authentication information database storing user authentication information including AccessIDs and CIs of users; And

   When the user authentication request signal including the authentication token is received from the terminal, the user authentication information request signal including the authentication token is transmitted to the integrated management device, and the user authentication information including AccessID and CI is transmitted from the integrated management device. If received, the web service device including an authentication request processing unit for storing the user authentication information in the authentication information database, and transmits the AccessID to the terminal.
10. A user information database storing user authentication information and additional information is provided, and when an issuance of an authentication token for a web service is requested from a terminal, an authentication token having a validity period is issued, and a user authentication including an authentication token from a web service device is provided. An integrated management device that performs user authentication using the authentication token when an information request signal is received, and transmits user authentication information including an AccessID and a CI to the web service device when the user is an authenticated user;

    A terminal receiving an authentication token from the integrated management device, requesting a user authentication to a web service device using the issued authentication token, and receiving an AccessID when a web service execution command is input through a browser; And

    When the user authentication request signal including the authentication token is received from the terminal, the user authentication information request signal including the authentication token is transmitted to the integrated management device, and the user authentication information including AccessID and CI is transmitted from the integrated management device. And a web service device which stores the user authentication information and transmits the AccessID to the terminal, if received.
11. In the method for the integrated management device to authenticate the user when using the web service,

    When an authentication token issuance request signal for a web service is received from the terminal, issuing an authentication token having a validity period and transmitting the authentication token to the terminal; And

    When a user authentication information request signal including the authentication token is received from the web service apparatus that receives the user authentication request signal from the terminal, the user authentication is performed using the authentication token, and if the user is an authenticated user, AccessID and CI And transmitting user authentication information to the web service device.
12. When executed by the integrated management device,

    When an authentication token issuance request signal for a web service is received from the terminal, issuing an authentication token having a validity period and transmitting the authentication token to the terminal; And

    When a user authentication information request signal including the authentication token is received from the web service apparatus that receives the user authentication request signal from the terminal, the user authentication is performed using the authentication token, and if the user is an authenticated user, AccessID and CI And a program for executing a method for authenticating a user when using a web service, the method comprising transmitting user authentication information to the web service apparatus.
13. In the method for the user authentication when the terminal uses a web service,

    When a web service execution command is input through a browser, transmitting an authentication token issuance request signal for the corresponding web service to the integrated management device;

    When an authentication token having a validity period is issued from the integrated management device, transmitting a user authentication request signal including the authentication token to a web service device, and receiving and storing an AccessID from the web service device; And

    When user authentication information or additional information is needed during execution of the web service, requesting and receiving user authentication information or additional information from the integrated management device via the web service device using the stored AccessID as a key value and using the web service. Method for user authentication.
14. When executed by the terminal,

    When a web service execution command is input through a browser, transmitting an authentication token issuance request signal for the corresponding web service to the integrated management device;

    When an authentication token having a validity period is issued from the integrated management device, transmitting a user authentication request signal including the authentication token to a web service device, and receiving and storing an AccessID from the web service device; And

    When user authentication information or additional information is needed during execution of the web service, requesting and receiving user authentication information or additional information from the integrated management device via the web service device using the stored AccessID as a key value and using the web service. A computer-readable recording medium containing a program for executing a method for user authentication.
15. When a web service execution command is input through a browser at the terminal, transmitting a request for issuing an authentication token including at least one of web service identification information, terminal identification information, client authentication key, and whether or not to install AppGuard to the integrated management device. ;

    The integrated management device issuing an authentication token having a validity period and transmitting the authentication token to the terminal;

    The terminal transmitting a user authentication request signal including the authentication token to the web service apparatus;

    The web service device transmitting a user authentication information request signal including the authentication token to the integrated management device;

    The integrated management device performing user authentication using the authentication token, and in the case of an authenticated user, transmitting user authentication information including an AccessID and a CI to the web service device;

    The web service apparatus storing the user authentication information and transmitting the AccessID to the terminal; And

    The terminal stores the AccessID method for user authentication when using a web service.
16. A communication unit which transmits and registers the personal information to the cloud-based server and communicates with the service providing apparatus;

    When a preset event that requires input of personal information occurs while communicating with the service providing device, a user authentication process for a terminal including the communication unit is performed by interworking between the service providing device and an authentication server, and the user authentication process is performed. When successful, at least one input item for inputting the personal information transmitted from the service providing apparatus is received through the communication unit, and the personal identification information for the terminal registered in advance in the cloud-based server and in advance in the cloud-based server. A controller for matching each of a plurality of synonyms included in a registered synonym group database and the one or more input items; And

    And a display unit for displaying the matching result.

Images