WO2016114566A1 - Duplicate login detection method and duplicate login detection system - Google Patents

Abstract

Disclosed are a duplicate login detection method and a duplicate login detection system. A duplicate login detection method according to an embodiment of the present invention comprises the steps of: acquiring login information on a client terminal logging-in to a server to be managed, in response to an occurrence of a request for monitoring a duplicate login; comparing the login information with previous login information on the client terminal collected by the server to be managed, and calculating a velocity value relating to the logging-in; determining a duplicate login of the client terminal as the calculated velocity value exceeds a predetermined threshold value; and performing a logout process for the client terminal having been determined as the duplicate login.

Description

Dual Login Detection Method and Dual Login Detection System

The present invention relates to a technology for enabling a user to easily monitor the login status of a client terminal logging in to a management target server through a control application operating on a mobile device.

In particular, the present invention can easily detect whether the client terminal accessing the managed server through the dual login (Duplicated Login) by comparing with the previous login information, and log off the client terminal to automatically block the dual login. The present invention relates to a dual login detection method and a dual login detection system.

Since the remote authentication protocol has been proposed to identify authorized users and ensure the user's secure communication, it is a method for clients to connect to the server to verify their identity and access their accounts in open network communication environments such as the Internet. Password authentication is widely used. However, as vulnerabilities have been found in validator attacks, man-in-the-middle attacks, replay attacks, and phishing attacks stolen by password authentication, research has been conducted to solve these vulnerabilities to enhance stability and efficiency.

The stolen verifier attack steals user account information (ID and password) stored in the server and logs in. To prevent this, a method of hashing or encrypting user account information on the server has been proposed.

A man-in-the-middle attack is a third-party intercepting and retransmitting user account information sent in plain text in an open network communication environment. Like the stealer attack stolen to prevent this, a method of hashing or encrypting the transmitted user account information may be used. have.

However, converting or encrypting user account information into hash values can be vulnerable to replay attacks. A retransmission attack captures the account information of an authorized user who is sent in plain text or encrypted in an open network communication environment and retransmits it to log in to the server. To prevent this, STP using OTP (one time password) and OTP KEY passwords, dynamic passwords and the like have been proposed.

However, OTPs and schemes using them can be difficult to defend against phishing attacks that create fake Web sites and obtain user account information. In order to prevent phishing attacks, DPASS has been proposed to generate dynamic passwords using GRID analysis, but it can be disadvantageous because it is not user friendly because it requires complex operations to make OPT.

Recently, in order to solve such a problem, a method of distributing an OTP to a user through a means such as a security token, a mobile phone, and an SMS message has been proposed. However, even in this case, if an attacker logs in after the authorized user's normal login or using the stolen login information, the user's account information cannot be prevented from being exposed or changed.

In addition, in the related art, the user login state control for each web site is possible only when the user accesses each web site. When accessing the setting menu for controlling the login status, some web sites require a separate authentication process, which is inconvenient to use. In addition, some web sites can access the setting menu in the initial login state, but there is a problem that user account information may be leaked when the authentication information is stolen.

In the case of a user's login status control procedure, there are functions for managing and protecting the user's account information such as a login status, a logout function, and a log record.

1 is a diagram illustrating a user login state control procedure according to a conventional embodiment.

1 illustrates a method for controlling a login state of an authorized user at a current web site. Referring to FIG. 1, the user login status control function is summarized step by step. First, a user accesses a web site through a web browser installed on a mobile device, and then inputs an authorized access ID and password. And attempt to log in (step (1)). At this time, the login request information is transmitted to the web site operation server, and the user logs in to the web site by the login control service. The login related information of the user who has successfully logged in is stored in the database of the authentication server (step (2)). The user repeats step (1) while logged in to the web site to access the setting menu for login status control. The user confirms the session logged into the web site using his connection ID and password, and blocks the IP address logged out or accessed for the session (step (3)).

However, such a login state control procedure requires a user to frequently check their login status by frequently accessing the corresponding website, and to visit all the websites for controlling the login status of various websites.

In addition, most conventional web sites have a problem in that it is not easy to block a dual login session that accesses by changing an IP address through proxy and IP spoofing.

Some web sites offer blocking for dual login sessions, but only through the login control service module can be used to tell the IP address of the currently logged in device, country of connection, access time, etc. In addition, it is inconvenient for the user to access the web site and determine the dual login session and perform the blocking directly.

The present invention is to solve the above-described problems, and to log in (eg, login occurrence, logout, dual login, whether the login session is normally terminated, etc.) of the client terminal to the website operated by the management server In order to enable the user to easily monitor through a control application (control app) that operates on a mobile device, the user does not need to access the setting menu for controlling the login status operated on the website. do.

In particular, the embodiment of the present invention compares the login information (login ID, IP address, login time, country code, etc.) for the client terminal to log in to the management server as the dual login monitoring request occurs, compared with the previous login information An object of the present invention is to enable a simple determination of whether or not to log in to the client terminal based on the speed value for the login calculated.

In addition, an embodiment of the present invention is to display the login information for the client terminal determined to be a dual login on the screen through the control application, so that the user can easily alarm about the dual login.

In addition, an embodiment of the present invention is to logout the client terminal that is determined to be a dual login to automatically block the dual login of the client terminal to the management server, the object of minimizing the damage due to an illegal login.

In addition, according to an embodiment of the present invention, if the login information generated as the client terminal logs in to the management target server satisfies a predetermined block condition (eg, login area, login time), the client terminal is automatically logged out. It aims to be able to process (block).

In addition, the embodiment of the present invention monitors the client terminal that the login session is not normally terminated in the management target server, alarms the user through the control application, and logs the client terminal according to the user's selection (for example, blocking the login) By processing out, it is aimed at preventing the damage by the leakage of personal information.

In addition, the embodiment of the present invention is to monitor the client terminal to log in to the management target server by displaying the login information for the client terminal to log in to the management target server in conjunction with the login monitoring request occurs on the screen through the control application, It is possible to make a logout process of a client terminal suspected of a illegal login according to a user's selection.

In the dual login detection method according to an embodiment of the present invention, in conjunction with a dual login monitoring request occurs, obtaining login information regarding a client terminal logging in to a management target server, and the login information, the management target Calculating a speed value associated with the login, compared to previous login information about the client terminal collected from a server, and as the calculated speed value exceeds a specified threshold, allowing dual login to the client terminal; And determining, and logging out the client terminal determined to be the dual login.

In addition, the dual login detection system according to an embodiment of the present invention, in conjunction with the dual login monitoring request occurs, the acquisition unit for obtaining the login information about the client terminal to log in to the management target server, the login information, Compared with the previous login information about the client terminal collected from the management target server, the operation unit for calculating the speed value associated with the login, and the calculated speed value exceeds the specified threshold, for the client terminal And a determination unit determining a dual login, and a processing unit configured to log out the client terminal determined as the dual login.

According to an embodiment of the present invention, a user may log in to a client terminal's login state (eg, a login occurrence, a logout, a dual login, a login session is normally terminated, etc.) to a web site operated by a management target server. It is possible to easily monitor through a control application (control app) that operates on a portable mobile device without having to access the setting menu for controlling the login status operated on the corresponding website.

In addition, according to an embodiment of the present invention, as the dual login monitoring request occurs, the login information (login ID, IP address, login time, country code, etc.) for the client terminal to log in to the management server, the previous login Based on the speed value for the login calculated in comparison with the information, it is possible to simply determine whether the dual login for the client terminal is detected.

In addition, according to an embodiment of the present invention, the login information for the client terminal determined to be dual login is displayed on the screen through the control application, so that the user can be easily alarmed about the dual login.

In addition, the embodiment of the present invention can logout the client terminal that is determined to be a dual login to automatically block the dual login of the client terminal to the management server, thereby minimizing the damage due to an illegal login.

In addition, according to an embodiment of the present invention, if the login information generated as the client terminal logs in to the management target server satisfies a predetermined block condition (eg, login area, login time), the client terminal is automatically logged out. Can be processed (blocked).

In addition, the embodiment of the present invention monitors the client terminal that the login session is not normally terminated in the management target server, alarms the user through the control application, and logs the client terminal according to the user's selection (for example, blocking the login) By processing out, it is possible to prevent the damage caused by the leakage of personal information.

In addition, the embodiment of the present invention is to monitor the client terminal to log in to the management target server by displaying the login information for the client terminal to log in to the management target server in conjunction with the login monitoring request occurs on the screen through the control application, The client terminal suspected to be a illegal login can be logged out according to the user's choice.

1 is a diagram illustrating a user login state control procedure according to a conventional embodiment.

2 is a diagram illustrating an overall connection relationship between a dual login detection system and a management target server to detect a dual login by a client terminal according to an embodiment of the present invention.

3 is a block diagram showing the internal configuration of a dual login detection system according to an embodiment of the present invention.

4 is a view for explaining a process of determining a dual login for the client terminal to log in to the management target server in the dual login detection system according to an embodiment of the present invention.

5 is a block diagram showing the internal configuration of a dual login detection system according to another embodiment of the present invention.

6 is a diagram illustrating an example of a login state control procedure in a dual login detection system according to another exemplary embodiment of the present invention.

7 is a diagram illustrating an example of a user login procedure in a control application in a dual login detection system according to another exemplary embodiment of the present invention.

8 is a diagram illustrating an example of an interaction between a management target server and a control application when a user logs in a dual login detection system according to another exemplary embodiment of the present invention.

9 is a diagram illustrating an example of an interaction between a management target server and a control application when a user logs out in a dual login detection system according to another exemplary embodiment of the present invention.

FIG. 10 is a diagram illustrating another example of interaction between a management target server and a control application when a user logs out in a dual login detection system according to another exemplary embodiment of the present invention.

11 is a diagram illustrating an example of a login blocking procedure in the dual login detection system according to another embodiment of the present invention.

12 is a flowchart illustrating a procedure of a dual login detection method according to an embodiment of the present invention.

Hereinafter, an apparatus and method for updating an application program according to an embodiment of the present invention will be described in detail with reference to the accompanying drawings. However, the present invention is not limited or limited by the embodiments. Like reference numerals in the drawings denote like elements.

2 is a diagram illustrating an overall connection relationship between a dual login detection system and a management target server to detect a dual login by a client terminal according to an embodiment of the present invention.

Referring to FIG. 2, the dual login detection system 200 according to an embodiment of the present invention may be implemented by a control application installed in a user's mobile device (eg, smart phone, tablet fish, etc.).

That is, the dual login detection system 200 monitors a client terminal logging in to at least one management target server registered in advance through the control application to detect whether the corresponding login is a dual login, and detects as a dual login. The client terminal can be automatically logged out.

For example, the dual login detection system 200 obtains login information on a client terminal generated by logging in to a management target server, collects previous login information about the client terminal from the management target server, and logs in. By comparing the information with the previous login information, the speed value associated with the login may be calculated, and if the calculated speed value exceeds a specified threshold, the client terminal may be determined as a dual login.

Here, the previous login information may include login information that is the same as the login ID (eg, 'sky01') in the login information, and is determined as the most recent normal login based on the current login.

That is, the dual login detection system 200 uses the same login ID to log in to the management target server (for example, the operation server of the website 'www.sky.com'), which is generated at a time difference. Based on the speed value, it can be determined whether it is a normal login by the same user or a negative login (double login) by another user.

The dual login detection system 200 may detect and automatically block a dual login, for example, according to a speed value calculated using a difference between an absolute distance (distance distance) using a latitude and longitude value and a login time.

In detail, when the client terminal attempts to log in to the server to be managed, the dual login detection system 200 compares the latitude and longitude coordinate values of the first region currently logged in and the second region previously logged in, and compares the first and second values. The distance difference between the second regions may be calculated, and the speed value of the current login for the previous login may be calculated using the distance difference and the login time difference. The dual login detection system 200 may detect a dual login for the current login and automatically log out of the client terminal when the speed value is faster than the specified speed.

Meanwhile, the distance from Busan Station to Kitakyushu Airport is 221.04 km and the distance from Busan Station to Namsan in Seoul is 322.45 km.The distance from Busan Station to Japan Kitakyushu Airport is more. It's close, but in reality it may be faster to move from Busan Station to Namsan in Seoul. In other words, even if the distance is close, if the country is different, the user is difficult to move, so it is likely to be a double login. Therefore, it may be difficult to obtain an accurate result simply by comparing the speed value by the distance difference and the time difference between the first and second regions.

Therefore, since the dual login detection system 200 may be difficult to obtain an accurate result simply by comparing the speed value by the distance difference and the time difference between the first and second regions, the country code in the login information and the previous login information. Can be further compared to increase the precision of dual login detection.

The dual login detection system 200 may specify different speeds and thresholds to be compared with the calculated speed values when the country codes of the first region currently logged in and the second region previously logged in are the same, and when the country codes are different. have. For example, the dual sign-in detection system 200 increases the threshold (speed) to be compared with the calculated speed value in proportion to the distance difference when the country codes of the first region and the second region are different. Can be changed.

In other words, the dual login detection system 200 increases the threshold value when the countries between the two regions are different, thereby increasing the probability of judging as dual login when the countries are close even when the distance is close, thereby increasing the precision of the dual login detection. Can be.

3 is a block diagram showing the internal configuration of a dual login detection system according to an embodiment of the present invention.

Referring to FIG. 3, the dual login detection system 300 according to an embodiment of the present invention may include an acquisition unit 310, an operation unit 320, a determination unit 330, and a processing unit 340. have. In addition, according to the exemplary embodiment, the dual login detection system 300 may be configured by adding the change unit 350, the alarm unit 360, the connection unit 370, and the memory unit 380, respectively.

The obtaining unit 310 acquires the login information regarding the client terminal logging in to the management target server in association with the occurrence of the dual login monitoring request.

The dual login detection system 300 according to an embodiment of the present invention may be implemented through a control application installed in a mobile device. In a control application running on a mobile device, when a menu regarding 'dual login detection' is selected, a dual login monitoring request may occur.

The acquiring unit 310 may include at least one of access information (eg, an address of a web site operated by the managing server) registered to the managing server in response to the occurrence of the dual login monitoring request. It is possible to identify the management target server and to obtain login information about the client terminal (eg, 'PC', 'mobile device', etc.) logging in to the identified management target server from the management target server.

Here, the login information may include at least one of an IP address, a login time, a login ID, a session (communication channel) value, and a country code for the client terminal generated by logging in to the management target server.

The obtaining unit 310 may display the obtained login information on the screen through a control application through the alarm unit 360 to be described later.

According to an embodiment, the dual login detection system 300 may further include a connection 370.

The connection unit 370 may access the management target server by using the connection information on the management target server identified from the memory unit 380 according to the occurrence of the dual login monitoring request. The obtaining unit 310 may obtain at least one login information of an IP address, a login time, a login ID, a session value, and a country code for the client terminal from the connected management target server.

In this case, the connection unit 370 accesses the management target server at a predetermined time interval (for example, '5 minutes'), maintains a connection with the management target server, and the acquisition unit 310 connects with the management target server. The login information may be obtained while the connection is maintained.

In this case, when there are a plurality of the management target servers, the connection unit 370 alternately connects to each of the management target servers by using the connection information for each management target server, and the acquisition unit 310 manages the respective managements. It is also possible to obtain login information about the client terminal logging in to the target server. For example, when the connection unit 370 has three management target servers A, B, and C, the connection information of each management target server is identified and connected to the management target server A, and 5 minutes later, the management target server. After 5 minutes, the process of connecting to the management server C can be repeated.

The calculator 320 compares the login information with previous login information regarding the client terminal collected from the management target server, and calculates a speed value related to the login.

Here, the previous login information may include login information that is the same as the login ID (eg, 'sky01') in the login information, and is determined as the most recent normal login based on the current login.

For example, the operation unit 320 obtains a distance difference between the first region identified by the previous login information and the second region identified by the login information, and logs in the previous login information and the login in the login information. Using the time, a time difference can be obtained, and the speed value associated with the login of the client terminal can be calculated using the distance difference and the time difference.

At this time, the calculation unit 320 is the latitude coordinate value and the longitude coordinate value for the first region identified by the IP address in the previous login information, the latitude coordinate value for the second region identified by the IP address in the login information And a longitude coordinate value, and the distance difference between the first region and the second region may be obtained using the extracted latitude and longitude coordinate values.

에 도시된 로그인 정보와, 도 4의

에 도시된 이전 로그인 정보 A를 참조하면, 연산부(320)는 상기 이전 로그인 정보 A 내 IP 주소 '175.176.139.138'에 의해 식별되는 제1 지역 '서울 남산'에 대한 위도 및 경도로 이루어진 좌표값 '(37.558, 126.985)'을 추출하고, 상기 로그인 정보 내 IP 주소 '123.99.113.81'에 의해 식별되는 제2 지역 '부산역'에 대한 위도 및 경도로 이루어진 좌표값 '(35.114, 129.041)'을 추출하고, 추출한 좌표값을 이용하여, 제1 지역과 제2 지역 간 거리 차 예컨대, '322.45km'를 구할 수 있다.For example, in FIG.

The login information shown in FIG.

Referring to the previous login information A illustrated in FIG. 6, the calculation unit 320 may determine a coordinate value 'consisting of latitude and longitude for the first area' Seoul Namsan 'identified by the IP address' 175.176.139.138 'in the previous login information A'. (37.558, 126.985), and the coordinate values '(35.114, 129.041)' consisting of latitude and longitude for the second area 'Busan Station' identified by the IP address '123.99.113.81' in the login information. Using the extracted coordinate values, a distance difference between the first region and the second region, for example, '322.45 km' may be obtained.

In addition, the operation unit 320 is a time difference between the login time '2015-09-16 13:24:09' and the login time '2015-09-16 10:20:01' in the login information A. '3 hours 4 minutes 8 seconds' is available.

That is, the calculation unit 320 may calculate the speed value '104.7 km / h' of the client terminal logging in from the second area 'Busan station' by calculating the distance difference by the time difference.

For example, the operation unit 320 may selectively use a variety of Open APIs (eg, Whois Open API, Geolocation Open API, IP-API, etc.), and the first region 'previously logged in from the IP address in the previous login information A'. Latitude coordinates and longitude coordinates' (37.558, 126.985) 'for Seoul Namsan' can be extracted. Similarly, the calculation unit 320 selectively uses three techniques (Whois, Geolocation, IP-API), and the latitude and longitude coordinate values of the second area 'Busan station' currently logged in from the IP address in the login information. '(35.114, 129.041)' can be extracted.

Here, when the Whois Open API is used, the accuracy of position detection is very high. However, the latitude and longitude coordinate values can be obtained by interworking with the Google Maps API. Latitude and longitude coordinate values are available for overseas IP. Since only country codes are output, it can be difficult to detect when connected to an overseas IP.

In addition, the geolocation API has a relatively high accuracy, but it may be inconvenient for the user because it needs to check whether the location information is provided to the user every time the website is accessed.

Lastly, IP-API is less accurate than Whois Open API and Geolocation API, but it is not necessary to check whether the location information is provided to the user, and can get latitude and longitude coordinates immediately. Coordinate values and longitude coordinate values may also be obtained.

Accordingly, the operation unit 320 may easily extract latitude and longitude coordinate values from the IP address by selectively using the Open API in consideration of the advantages and disadvantages of the various Open APIs.

The determination unit 330 determines that the client terminal is a dual login as the calculated speed value exceeds a specified threshold.

That is, the determination unit 330 is a speed value associated with the login for the login to the management target server (for example, the operation server of the website 'www.sky.com') that occurs with a time difference using the same login ID. Can be determined based on whether or not a normal login by the same user or a false login (double login) by another user.

For example, the determination unit 330 determines that the client terminal currently logging in to the management target server in the second region as the dual login if the speed value is greater than the designated threshold value (eg, '100 km / h'). If the speed value is smaller than the specified threshold value (slow speed), the client terminal currently logging in to the management target server in the second region may be determined to be a normal login.

Here, the threshold may be designated as a comparison speed (eg, '100 km / h') for determining dual login when the previous login information and the country code in the login information are the same.

For example, as the speed value '104.7 km / h' exceeds the threshold '100 km / h', the determination unit 330 may determine that the client terminal currently logged in in the second region is a dual login. That is, when the speed value is faster than the specified speed, the determination unit 330 may detect the current login as a dual login.

In addition, when the speed value '98 .7 km / h 'calculated in relation to the login does not exceed the threshold' 100 km / h ', the determination unit 330 may determine that the client terminal is a normal login. That is, when the speed value is slower than the specified speed, the determination unit 330 may determine that the current login is a normal login.

In this case, the determination unit 330 may be configured to update the previous login information on the client terminal with the login information in the management target server, so that it may be used as the previous login information in the subsequent double login determination.

In this way, the determination unit 330 is based on the speed value for the login calculated by comparing the login information and the previous login information for the client terminal to log in to the management target server with a time difference using the same login ID. This makes it possible to easily detect whether or not a dual login.

According to an exemplary embodiment, the determination unit 330 may determine whether the time difference between the login time in the previous login information and the login time in the login information is within a predetermined time interval (eg, '1 second'), regardless of the speed value. In addition, the client terminal may be determined to be a dual login.

That is, the determination unit 330 does not calculate the speed value because there is almost no time difference according to the login time in the login information and the previous login information for the client terminal logging in using the same login ID. Can be determined as a dual login.

The processor 340 logs out the client terminal determined as the dual login.

For example, when the client terminal is determined to be a dual login, the processor 340 transmits a message regarding the dual login to the management target server, so that the login information is deleted from the management target server, and thus the logout. Can be processed.

In addition, the processor 340 may release the connection between the client terminal and the management server by using the session value identified from the login information and perform the logout process.

As such, the processor 340 logs out the client terminal determined to be dual login, and automatically blocks the dual login of the client terminal to the management target server, thereby minimizing damage due to an illegal login.

In addition, according to an embodiment, the processing unit 340 checks the grade given to the client terminal, assigns a login allowance time to the client terminal based on the confirmed grade, and if the login allowance time elapses, Regardless of whether the speed value exceeds the threshold, the client terminal may be logged out.

For example, if the rating given to the client terminal is the highest rating as 'Class A', the processing unit 340 corresponds to the rating even when the speed value is determined to be a dual login exceeding a specified threshold. During the login allowed time '1 hour', the client terminal can be allowed to log in to the managed server. The processor 340 may automatically log out the client terminal when the login allowable time '1 hour' has elapsed, so that the client terminal may log in only for a designated time for each grade.

Meanwhile, the distance from Busan Station to Kitakyushu Airport is 221.04 km and the distance from Busan Station to Namsan in Seoul is 322.45 km.The distance from Busan Station to Japan Kitakyushu Airport is more. It's close, but in reality it may be faster to move from Busan Station to Namsan in Seoul. In other words, even if the distance is close, if the country is different, the user is difficult to move, so it is likely to be a double login. Therefore, it may be difficult to obtain an accurate result simply by comparing the speed value by the distance difference and the time difference between the first and second regions.

Accordingly, the dual login detection system 300 further compares the login information with the country code in the previous login information, and when the country code is different, designates a speed to be compared with the calculated speed value, that is, a threshold value differently so that the dual login detection is performed. In order to increase the precision, the changer 350 may be further included.

The changer 350 compares the country code in the previous login information with the country code in the login information. When the comparison result, the country code is different, the first region identified by the previous login information and the login information. The threshold is changed in proportion to the distance difference between the second regions identified by.

For example, when the country codes of the first region and the second region are different, the changer 350 compares the threshold value with the speed value calculated when the country code is the same to the distance difference between the first region and the second region. You can change it in proportion.

In other words, when the countries between the two regions are different, the changer 350 may increase the threshold to increase the possibility of judging as dual login if the countries are different even if the distance is close, thereby providing a double login detection. The precision can be increased.

에 도시된 로그인 정보와, 도 4의

에 도시된 이전 로그인 정보 B를 참조하면, 연산부(320)는 상기 이전 로그인 정보 B 내 IP 주소 '220.108.196.157'에 의해 식별되는 제1 지역 '일본 키타큐슈 공항'에 대한 위도 및 경도로 이루어진 좌표값 '(33.888, 130.873)'을 추출하고, 상기 로그인 정보 내 IP 주소 '123.99.113.81'에 의해 식별되는 제2 지역 '부산역'에 대한 위도 및 경도로 이루어진 좌표값 '(35.114, 129.041)'을 추출하고, 추출한 좌표값을 이용하여, 제1 지역과 제2 지역 간 거리 차 예컨대, '221.04km'를 구할 수 있다.For example, in FIG.

The login information shown in FIG.

Referring to the previous login information B shown in FIG. 6, the calculation unit 320 coordinates of latitude and longitude of the first region 'Japan Kitakyushu Airport' identified by the IP address '220.108.196.157' in the previous login information B. Extract the value '(33.888, 130.873)' and obtain the coordinate value '(35.114, 129.041)' consisting of latitude and longitude for the second area 'Busan station' identified by the IP address '123.99.113.81' in the login information. By using the extracted coordinate values, the distance difference between the first region and the second region, for example, '221.04 km' may be obtained.

In addition, the operation unit 320 may determine a time difference between the login time '2015-09-16 11:15:06' in the previous login information B and the login time '2015-09-16 10:20:01' in the login information. You can get 55 minutes and 5 seconds.

That is, the calculation unit 320 may calculate the speed value '240.3 km / h' of the client terminal logging in from the second area 'Busan Station' by calculating the distance difference by the time difference.

In this case, the changer 350 compares the country code '1010' in the previous login information B and the country code '1111' in the login information, and since the country codes are different, the comparison with the speed value calculated when the country code is the same. In order to change the threshold value '100 km / h' specified in order to increase by 2.21 times in proportion to the distance difference '221.04 km' between the first region and the second region.

Since the speed value '240.3 km / h' is greater than the changed threshold value '221 km / h', the determination unit 330 may determine that the client terminal currently logging in to the management server in the second area 'Busan station' is a dual login. Can be. The processor 340 releases the connection between the client terminal determined as the dual login and the management target server by using the session value identified from the login information and automatically logs out.

In addition, according to an embodiment, if the country code is the same as a result of the comparison, the changer 350 maintains the threshold value, and the threshold value is proportional to the distance difference as the distance difference exceeds a predetermined distance interval. It can also be changed by decreasing it.

For example, when the country code is the same as '1111' in both the first and second regions, the specified threshold value '100 km / h' is maintained, but the distance interval in which the distance difference '322.45km' is determined between the first and second regions. (For example, if the radius '100 km' of the city 'Busan' to which the second area 'Busan Station' currently logs in is exceeded, the threshold may be changed by 3.22 times in proportion to the distance difference '322.45km'. In this case, since the speed value '240.3 km / h' is smaller than the changed threshold value '31 .05 km / h ', the determination unit 330 may determine that the log-in is normal.

According to an embodiment, the dual login detection system 300 may further include an alarm unit 360.

When the client terminal is determined to be a dual login, the alarm unit 360 displays at least one of an IP address, a login time, and a country code of the client terminal in the obtained login information on the screen, thereby providing the user with a dual login. Alarm about login.

That is, according to the present invention, the login information for the client terminal determined to be dual login is displayed on the screen through the control application, so that the dual login to the management target server can be easily alarmed to the user.

As such, according to an embodiment of the present invention, a login state (eg, a login occurrence, a logout, a dual login, whether the login session is normally terminated, etc.) of the client terminal to the web site operated by the management target server is determined. In addition, the user can easily monitor through a control application (control app) that operates on a portable mobile device without having to access a setting menu for controlling a login state operated at a corresponding website.

In addition, according to an embodiment of the present invention, as the dual login monitoring request occurs, the login information (login ID, IP address, login time, country code, etc.) for the client terminal to log in to the management server, the previous login Based on the speed value for the login calculated in comparison with the information, it is possible to simply determine whether the dual login for the client terminal can be detected.

In addition, the embodiment of the present invention can logout the client terminal that is determined to be a dual login to automatically block the dual login of the client terminal to the management server, thereby minimizing the damage due to an illegal login.

4 is a view for explaining a process of determining a dual login for the client terminal to log in to the management target server in the dual login detection system according to an embodiment of the present invention.

에 도시된 로그인 정보와, 도 4의

에 도시된 이전 로그인 정보 A를 비교하여, 클라이언트 단말이 관리대상서버에 로그인하는 속도값 '104.7 km/h'을 연산할 수 있다.4, the dual login detection system according to an embodiment of the present invention, the

The login information shown in FIG.

By comparing the previous login information A shown in the, it is possible to calculate the speed value '104.7 km / h' for the client terminal to log in to the management target server.

Specifically, the dual login detection system extracts a coordinate value '(37.558, 126.985)' consisting of latitude and longitude for the first area 'Namsan, Seoul' identified by the IP address '175.176.139.138' in the previous login information A. And extracting coordinate values (35.114, 129.041) consisting of latitude and longitude for the second area 'Busan station' identified by the IP address '123.99.113.81' in the login information, and using the extracted coordinate values, A distance difference between the first region and the second region, for example, '322.45 km' can be obtained.

The dual login detection system determines a time difference between the previous login information A in the login time '2015-09-16 13:24:09' and the login time in the login information '2015-09-16 10:20:01'. By calculating the time 4 minutes 8 seconds, and dividing the distance difference by the time difference, it is possible to calculate the speed value '104.7 km / h' of the client terminal logging in from the second area 'Busan station.

The dual login detection system determines that the client terminal currently logged in in the second region is a dual login and logs the client terminal automatically as the speed value '104.7 km / h' exceeds the threshold '100 km / h'. Can be processed out.

에 도시된 로그인 정보와, 도 4의

에 도시된 이전 로그인 정보 B를 비교하여, 클라이언트 단말이 관리대상서버에 로그인하는 속도값 '240.3 km/h'을 연산할 수 있다.In addition, the dual login detection system of FIG.

The login information shown in FIG.

By comparing the previous login information B shown in the, it is possible to calculate the speed value '240.3 km / h' that the client terminal logs in to the management target server.

Specifically, the dual login detection system is a coordinate value '(33.888, 130.873)' consisting of latitude and longitude for the first region 'Japan Kitakyushu Airport' identified by the IP address '220.108.196.157' in the previous login information B. Extract the coordinate values '(35.114, 129.041)' consisting of latitude and longitude for the second area 'Busan station' identified by the IP address '123.99.113.81' in the login information, and using the extracted coordinate values Thus, a distance difference between the first region and the second region, for example, '221.04 km' can be obtained.

The dual login detection system determines a time difference between the login time '2015-09-16 11:15:06' and the login time '2015-09-16 10:20:01' in the previous login information B. Minute 5 seconds, and by calculating the distance difference by the time difference, the speed value '240.3 km / h' of the client terminal logging in at the second area 'Busan station' may be calculated.

In this case, the dual login detection system compares the country code '1010' in the previous login information B and the country code '1111' in the login information, and since the country code is different, the designated threshold '100km / h' is determined in the first region. It can be changed by increasing 2.21 times in proportion to the distance difference '221.04km' between the second region and the second region.

In the dual login detection system, since the speed value '240.3 km / h' is greater than the changed threshold '221 km / h', the client terminal currently logging in to the management server in the second area 'Busan station' is determined as dual login, By using the session value identified from the login information, the connection between the client terminal determined to be dual login and the management target server may be released, thereby automatically logging out.

5 is a block diagram showing the internal configuration of a dual login detection system according to another embodiment of the present invention.

Referring to FIG. 5, the dual login detection system 500 according to another embodiment of the present invention may include a connection unit 510, an acquisition unit 520, a determination unit 530, and a processing unit 540. . In addition, according to an embodiment, the dual login detection system 500 may be configured by adding an alarm unit 550, an input unit 560, and a memory space 570, respectively.

The connection unit 510 is connected to the management target server using the access information in conjunction with the login monitoring request occurs.

As the control application runs on the mobile device, a login monitoring request may occur. The connection unit 510 identifies the connection information including a connection ID and a password for the management target server maintained in the memory space 570 according to occurrence of the login monitoring request, and stores the identified connection information in the management target server. You can request a connection by sending it to.

According to an embodiment, the dual login detection system 500 may further include an input unit 560. The input unit 560 receives at least one management target server from the user and access information including a connection ID and a password for accessing a web site operated by the management target server. The memory space 570 may maintain the connection ID and password input by the user in association with the management target server.

For example, the connection unit 510 is linked with the generation of the login monitoring request, the access ID 'sky01' and the password '*** for the web site' www.abc.co.kr 'operated by the managed server A. * 'Can be identified from the memory space 570, and the management target server can be accessed using the identified connection ID and password.

The obtaining unit 520 obtains login information generated as the client terminal logs into the management target server from the connected management target server. Here, the client terminal may be a client terminal such as a mobile device that logs in to the management target server using the same login ID (eg, 'sky01') as the access ID (eg, 'sky01') in the access information.

That is, the acquisition unit 520 is an IP address (eg, 210.180.65.62) and login time (eg, 2014.12.31.21) for the client terminal logging in to the management target server with a login ID that matches the access ID in the access information. 10, at least one login information among a login ID (eg, 'sky01') and a session value may be obtained. Here, the session value may be a value indicating a communication channel between the client terminal logged in to the management target server and the management target server.

The obtaining unit 520 may obtain the login information while maintaining the connection with the management target server. To this end, the connection unit 510 may access the management target server at predetermined time intervals (eg, '5 minutes') and maintain the connection with the management target server.

In this case, when there are a plurality of the management target servers, the connection unit 510 may alternately access each of the management target servers by using the connection information for each management target server. For example, when there are three managed servers A, B, and C, the connection unit 510 identifies the connection information of each managed server, connects to the managed server A, and after 5 minutes, manages the managed server. After 5 minutes, the process of connecting to the management server C can be repeated.

In addition, the acquirer 520 may receive a login management page from a management target server which has not obtained the login information among the plurality of management target servers, and parse and obtain the login information from the login management page. Can be.

As the client terminal logs in to the management target server, the management target server operates a login management page including login information (login ID, IP address, login time, login ID) for the client terminal, and logs in the client terminal. Can manage The acquirer 520 may obtain login information about the client terminal from the login management page received from the management target server.

According to an embodiment, the dual login detection system 500 may further include an alarm unit 550.

The alarm unit 550 displays the obtained login information on the screen and alerts the user. In detail, the alarm unit 550 displays at least one of an IP address, a login time, and a login ID of the client terminal in the obtained login information on a screen, or outputs a voice by using an effect sound. You can alarm about the occurrence of login to the managed server of.

As another example, the input unit 560 may receive a plurality of management target servers, and may be assigned to each management target server an access time for monitoring a login of each client management server of the client terminal.

In detail, when a plurality of management target servers A, B, and C are input by the user, the input unit 560 may set the access time for each management target server, for example, the access time for the management target server A '22. Hour to 6 o'clock, the access time to the management server B '0 to 8 o', and the access time to the management server C '23 to 9 o '.

The alarm unit 550 may display, on a screen, login information acquired by each of the management target servers at an access time allocated to each of the plurality of management target servers, and may alarm the user. The alarm unit 550 may display the login information to be alarmed on the screen in association with the corresponding management target server.

For example, when the login information according to the occurrence of the login of the client terminal is obtained from the management target server A during the access time '22 o'clock to 6 o'clock, the alarm unit 550 may display the login information on the screen to alarm. Can be. In addition, when the login information according to the occurrence of the login of the client terminal is obtained from the management target server B during the 0 o'clock to 8 o'clock, the alarm unit 550 may display the login information on the screen to alarm. In addition, when the login information according to the generation of the login of the client terminal is obtained from the management target server C, the alarm unit 550 may display the login information on the screen to alarm.

As such, according to an embodiment of the present invention, in connection with the occurrence of the login monitoring request, the server maintains the connection with the management target server by using the connection information, and the client terminal logs in to the management target server by using the connection information. By obtaining the login information is generated from the management server, and displayed on the screen, the user can easily alarm the abnormal login occurrence (or login session is not normally terminated) from the client terminal to the management server. have.

The determination unit 530 determines whether the selected block condition is satisfied with respect to the login information. The processor 540 logs out the client terminal when the block condition is satisfied.

Here, the block condition may be a region (for example, 'overseas region', 'all regions except the user's home and office', etc.) or login time (for example, midnight time '0 o'clock to 6 o'clock) Etc.) may be selected.

For example, the determination unit 530 may determine that the block is determined when at least one of a region identified by the IP address of the client terminal in the login information and a login time of the client terminal in the login information is included in the block condition. It can be determined that the condition is satisfied.

For example, the determination unit 530 may include the region 'Gangnam-gu Nonhyeon-dong' identified by the IP address '210.180.65.62' of the client terminal in the login information in the block condition 'All regions except the user's home and office'. If the identified area is not the user's home or office, it may be determined that the block condition is satisfied.

Accordingly, the processor 540 may log out the client terminal. The processor 540 may automatically log out the client terminal by releasing the connection between the client terminal and the management server using the session value identified from the login information.

In addition, the alarm unit 550 displays at least one of the IP address and the login time of the client terminal in the obtained login information on the screen together with whether or not the block condition is satisfied, and displays the user to the user by the client terminal. Alarm of abnormal login to the managed server can be alarmed.

According to an embodiment, the processing unit 540 maintains the login of the client terminal when the login permission is selected by the user with respect to the obtained login information, or maintains the login of the client terminal, or the IP address or login of the client terminal related to the login permission. The ID can be removed from the block condition.

In addition, when the login block is selected by the user with respect to the obtained login information, the processing unit 540 logs out the client terminal or displays the IP address or login ID of the client terminal related to the login block. Can be added to the block condition.

As described above, according to one embodiment of the present invention, the user manages login status information on a management target server (website) by using a control application that runs on a mobile device that is always portable, and through the stolen authentication means. By monitoring the occurrence of logins and notifying users, personal information leakage accidents and damages can be prevented.

6 is a diagram illustrating an example of a login state control procedure in a dual login detection system according to another exemplary embodiment of the present invention.

Referring to FIG. 6, the dual login detection system according to another embodiment of the present invention may be installed and implemented in a mobile device in the form of a login state control application 600 for providing a login control service.

The login state control application 600 may establish a separate connection with the web site operated by the management target server, and collectively control the log-in state of the client terminal for various web sites on the mobile device.

The user of the mobile device enters an access ID and password using the login state control application 600, and logs in to a web site through wired / wireless communication (eg, socket communication) (step (1)). At this time, the access ID, access time, session value, etc. are stored in the database of the authentication server.

When a client terminal (not shown) attempts to log in to the web site, the login request information is transmitted to the web site operation server (management server), and the client terminal logs in to the web site according to a login control service ( Step (2)).

If the login is successful in step (2), the login information is stored in the database of the authentication server (step (3)), and the login information stored in the database is the login state control application 600 of the mobile device through wired or wireless communication (socket communication). Is sent (step (4)).

The login state control application 600 receiving the login information stores the login information in a database of the mobile device to monitor the login state of the corresponding client terminal, logout processing for the client terminal in which the login session is not normally terminated, The client terminal is blocked by adding the IP address of the client terminal suspected of a illegal login to the block condition (step (5)).

7 is a diagram illustrating an example of a user login procedure in a control application in a dual login detection system according to another exemplary embodiment of the present invention.

Referring to FIG. 7, the dual login detection system according to another embodiment of the present invention may be installed and implemented in a mobile device in the form of a control application for providing a login control service.

In a control application running on a mobile device, a procedure of identifying a user's access information (access ID and password) from a memory space and accessing a managed server (website) through socket communication, which is a typical wired / wireless communication method, is illustrated in FIG. 7. It is.

The dual login detection system accesses the management target server through the control application, performs a user login (step 701), and transmits a connection request message (eg, 'connect.msg') (step 702).

The managed server sends a query message (eg, 'userCountCheck.msg') to the database via the socket (step 703) to check the number of connected user IDs (eg, '1'), and then to the managed server. Manage the user ID that logs in.

The management target server detects a login state by waiting for a change (increase or decrease) in the number of connected user IDs until the control application ends in the mobile device through a socket (step 704).

8 is a diagram illustrating an example of an interaction between a management target server and a control application when a user logs in a dual login detection system according to another exemplary embodiment of the present invention.

Referring to FIG. 8, the dual login detection system according to another embodiment of the present invention may be installed and implemented in a mobile device in the form of a control application for providing a login control service.

The management server waits until the number of user IDs connected via the socket changes (step 801).

The user activates the browser (step 802), and sends a login request message (eg, 'browserLogin.msg') to the management server through the browser (step 803).

If login is successful by the login control service, the database registers login information (login ID, IP address, login time, session value, etc.), and as the number of connected user IDs increases, the number of user IDs connected to the waiting socket increases. A message notifying the fact (eg 'userChange.msg') is sent (step 804).

As the socket is informed of a change in the number of connected user IDs, the socket exits the standby state (step 805), and the database logs login information (login ID, IP address, login time, session value, etc.) through the control application user's browser. Is sent to the socket (step 806).

The socket sends login information (eg, 'userData.msg') of all connected user IDs received from the database to the control application of the mobile device (step 807), and the control application sends the received login information to the database of the mobile device. Save it and print it on the screen. At this time, the control application generates an alarm for notifying the user's login status in real time (step 808).

9 is a diagram illustrating an example of an interaction between a management target server and a control application when a user logs out in a dual login detection system according to another exemplary embodiment of the present invention.

Referring to FIG. 9, the dual login detection system according to another embodiment of the present invention may be installed and implemented in a mobile device in the form of a control application for providing a login control service.

A procedure of logging out after a user logs in through a browser installed in a mobile device is shown in FIG. 9.

The management server waits until the ID number of the connected user is changed by using the socket (step 901).

The browser running on the mobile device confirms that the user accessing the management target server is logged in (step 902).

When the browser selects the logout button, the browser transmits a message (for example, 'browserLogout.msg') for the logout process on the managed server to the managed server, and the login control service receives the message (step 903).

The database deletes the user ID logged out by the login control service, reduces the number of connected user IDs, and then sends a message (eg, 'userChange.msg') to notify the socket that has been waiting for the reduced number of connected user IDs. Transmit (step 904).

The managed server terminates the standby state as a change of the number of connected user IDs through the socket (step 905), and sends the login information (eg, 'userData.msg') received from the database to the mobile device. Send to the control application (step 906).

The control application removes the login information logged out from the database of the mobile device through the received login information, and outputs the login information of the currently logged in user on the screen (step 907).

FIG. 10 is a diagram illustrating another example of interaction between a management target server and a control application when a user logs out in a dual login detection system according to another exemplary embodiment of the present invention.

Referring to FIG. 10, the dual login detection system according to another embodiment of the present invention may be installed and implemented in a mobile device in the form of a control application for providing a login control service.

As shown in FIG. 10, the control application may check login state information of users currently connected to the management target server and change a login state of a specific user to a logout state.

The managed server waits until the number of IDs of users connected through the socket changes (step 1001).

The browser of the mobile device confirms that the user accessing the managed server is logged in (step 1002).

The browser of the mobile device clicks one of the login information which is in the login state, and sends logout information (eg, 'logout.msg') to the managed server to change the login state to the logout state (step 1003). ). In this case, the logout information may include a login ID, an IP address, a login time, a session value, and the like.

The database deletes the user ID logged out by the login control service, reduces the number of connected user IDs, and then sends a message (eg, 'userChange.msg') to notify the socket that has been waiting for the reduced number of connected user IDs. Transmit (step 1004).

The managed server ends the standby state (step 1005) in response to the change of the number of connected user IDs through the socket, and transmits the login information (userData.msg) received from the database to the control application of the mobile device. (Step 1006), the login status of the control application is updated (step 1007).

11 is a diagram illustrating an example of a login blocking procedure in the dual login detection system according to another embodiment of the present invention.

Referring to FIG. 11, the dual login detection system according to another embodiment of the present invention may be installed and implemented in a mobile device in the form of a control application for providing a login control service.

The control application provides a function of selecting an IP address to be blocked and logs out when a login attempt is detected from a client terminal identified by the blocked IP address.

First, the control application sets an IP address to be blocked (step 1101).

According to the login procedure (step 1102), when the user attempts to log in from the blocked IP address, the control application compares the login information received from the managed server with the blocked IP address and attempts to log in from the blocked IP address. Detect (step 1103).

The control application logs out the user's ID according to the logout procedure (step 1104) in order to delete the login information including the blocked IP address from the database of the management target server.

12 is a flowchart illustrating a procedure of a dual login detection method according to an embodiment of the present invention.

The dual login detection method according to the present embodiment may be performed by the dual login detection system 300 described above.

Referring to FIG. 12, in step 1210, the dual login detection system 300 checks whether a dual login monitoring request occurs.

If it is determined in step 1210 that a dual login monitoring request occurs, in step 1220, the dual login detection system 300 obtains login information regarding a client terminal logging in to a management target server.

The dual login detection system 300 according to an embodiment of the present invention may be implemented through a control application installed in a mobile device. In a control application running on a mobile device, when a menu regarding 'dual login detection' is selected, a dual login monitoring request may occur.

The dual login detection system 300 may include at least one connection information (eg, an address of a web site operated by a management server) registered in a memory unit according to occurrence of the dual login monitoring request. It is possible to identify the management target server and to obtain login information about a client terminal (eg, 'PC', 'mobile device', etc.) logging in to the identified management target server from the management target server. The dual login detection system 300 may display the obtained login information on a screen through a control application.

Here, the login information may include at least one of an IP address, a login time, a login ID, a session (communication channel) value, and a country code for the client terminal generated by logging in to the management target server.

In step 1230, the dual login detection system 300 compares the login information with previous login information about the client terminal collected from the management target server, and calculates a speed value related to the login.

Here, the previous login information may include login information that is the same as the login ID (eg, 'sky01') in the login information, and is determined as the most recent normal login based on the current login.

For example, the dual login detection system 300 may determine a coordinate value '(37.558, 126.985) consisting of latitude and longitude for the first region' Seoul Namsan 'identified by the IP address' 175.176.139.138' in the previous login information A. ) ', And the coordinate value' (35.114, 129.041) ', which is composed of latitude and longitude for the second area' Busan station 'identified by the IP address' 123.99.113.81' in the login information, and extracted The distance difference between the first region and the second region, for example, '322.45 km' can be obtained by using.

The dual login detection system 300 may determine a time between the login time A within the login time '2015-09-16 13:24:09' and the login time within the login information '2015-09-16 10:20:01'. By calculating the difference '3 hours 4 minutes 8 seconds' and dividing the distance difference by the time difference, the speed value '104.7 km / h' of the client terminal logging in from the second area 'Busan station' may be calculated.

In operation 1240, the dual login detection system 300 determines that the dual login is to the client terminal as the calculated speed value exceeds a specified threshold.

That is, the dual login detection system 300 uses the same login ID to log in to a management target server (for example, an operation server of the website 'www.sky.com') that occurs at a time difference. Based on the speed value, it can be determined whether it is a normal login by the same user or a negative login (double login) by another user.

In one example, the dual login detection system 300, if the speed value is greater than the specified threshold (for example, '100 km / h') (speed is fast), dual login the client terminal currently logging in to the managed server in the second region If the speed value is smaller than the specified threshold value (slow speed), the client terminal currently logging in to the management server in the second region may be determined to be a normal login.

Here, the threshold may be designated as a comparison speed (eg, '100 km / h') for determining dual login when the previous login information and the country code in the login information are the same.

For example, the dual login detection system 300 may determine the dual login for the client terminal currently logged in in the second region as the speed value '104.7 km / h' exceeds the threshold '100 km / h'. have. That is, the dual login detection system 300 may detect as the dual login for the current login when the speed value is faster than the specified speed.

In operation 1250, the dual login detection system 300 logs out the client terminal determined as the dual login.

For example, the dual login detection system 300 transmits a message regarding the dual login to the management target server as the client terminal is determined to be a dual login, so that the login information is deleted from the management target server, The logout process may be performed.

In addition, the dual login detection system 300 may release the connection between the client terminal and the management server using the session value identified from the login information, and perform the logout process.

As such, the dual login detection system 300 may logout the client terminal determined to be the dual login to automatically block the dual login of the client terminal to the management target server, thereby minimizing the damage caused by the illegal login.

The method according to an embodiment of the present invention can be implemented in the form of program instructions that can be executed by various computer means and recorded in a computer readable medium. The computer readable medium may include program instructions, data files, data structures, etc. alone or in combination. The program instructions recorded on the media may be those specially designed and constructed for the purposes of the embodiments, or they may be of the kind well-known and available to those having skill in the computer software arts. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tape, optical media such as CD-ROMs, DVDs, and magnetic disks, such as floppy disks. Magneto-optical media, and hardware devices specifically configured to store and execute program instructions, such as ROM, RAM, flash memory, and the like. Examples of program instructions include not only machine code generated by a compiler, but also high-level language code that can be executed by a computer using an interpreter or the like. The hardware device described above may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.

Although the embodiments have been described by the limited embodiments and the drawings as described above, various modifications and variations are possible to those skilled in the art from the above description. For example, the described techniques may be performed in a different order than the described method, and / or components of the described systems, structures, devices, circuits, etc. may be combined or combined in a different form than the described method, or other components. Or even if replaced or substituted by equivalents, an appropriate result can be achieved.

Therefore, other implementations, other embodiments, and equivalents to the claims are within the scope of the claims that follow.

Claims (20)

In conjunction with the dual login monitoring request, Obtaining login information about a client terminal logging into the management target server; Calculating the speed value associated with the login by comparing the login information with previous login information about the client terminal collected from the management target server; Determining the dual login for the client terminal as the calculated speed value exceeds a specified threshold; And Logging out the client terminal determined as the dual login Dual login detection method comprising a. The method of claim 1, Computing the speed value, Obtaining a distance difference between a first region identified by the previous login information and a second region identified by the login information; Obtaining a time difference using a login time in the previous login information and a login time in the login information; And Calculating a speed value associated with login of the client terminal using the distance difference and the time difference Dual login detection method comprising a. The method of claim 2, Obtaining the distance difference, Extracting latitude and longitude coordinate values for the first region identified by the IP address in the previous login information and latitude and longitude coordinate values for the second region identified by the IP address in the login information. step; And Obtaining a distance difference between the first region and the second region by using the extracted latitude and longitude coordinates; Dual login detection method comprising a. The method of claim 1, Comparing a country code in the previous login information with a country code in the login information; And If the country code is different as a result of the comparison, changing the threshold in proportion to a distance difference between a first region identified by the previous login information and a second region identified by the login information; Dual login detection method further comprising. The method of claim 1, Checking a grade given to the client terminal; Assigning a login allowance time to the client terminal based on the identified level; And Logout processing the client terminal when the log-in allowance time elapses, regardless of whether the speed value exceeds the threshold Dual login detection method further comprising. The method of claim 1, If the time difference between the login time in the previous login information and the login time in the login information is within a predetermined time interval, Omitting the step of calculating the speed value, and determining the dual login for the client terminal Dual login detection method further comprising. The method of claim 1, As the client terminal is determined to be a dual login, Displaying, on the screen, at least one of an IP address, a login time, and a country code of the client terminal in the obtained login information, and alarming the user for dual login. Dual login detection method further comprising. The method of claim 1, The logout process may include: As the client terminal is determined to be a dual login, sending a message about the dual login to the management target server, so that the login information is deleted from the management target server, the logout process Dual login detection method comprising a. The method of claim 1, The logout process may include: Disconnecting the connection between the client terminal and the management server by using the session value identified from the login information. Dual login detection method comprising a. The method of claim 1, If the calculated speed value does not exceed the threshold, determining that the login is normal for the client terminal; And Updating, at the management target server, previous login information about the client terminal with the login information; Dual login detection method further comprising. The method of claim 1, In response to the dual login monitoring request being generated, identifying access information for the management target server from a memory unit, and accessing the management target server using the access information. More, Acquiring the login information, Obtaining at least one login information among an IP address, a login time, a login ID, a session value, and a country code for the client terminal logging in to the management target server with a login ID corresponding to the access ID in the access information; Dual login detection method comprising a. The method of claim 1, Accessing the management target server at regular time intervals and maintaining a connection with the management target server; And Acquiring the login information while maintaining a connection with the management target server; Dual login detection method further comprising. The method of claim 1, When there are a plurality of management target servers, Alternately accessing each of the management target servers using the access information of the management target servers; Obtaining login information about a client terminal logging into each of the management target servers; Dual login detection method further comprising. In conjunction with the dual login monitoring request, An obtaining unit for obtaining login information about a client terminal logging into the management target server; A calculation unit for comparing the login information with previous login information about the client terminal collected from the management target server, and calculating a speed value related to the login; A determination unit that determines the dual login for the client terminal as the calculated speed value exceeds a specified threshold value; And A processor configured to log out the client terminal determined as the dual login Dual login detection system comprising a. The method of claim 14, The calculation unit, Obtaining a distance difference between a first region identified by the previous login information and a second region identified by the login information, Obtaining a time difference using the login time in the previous login information and the login time in the login information; Using the distance difference and the time difference, calculating the speed value associated with the login of the client terminal Dual login detection system. The method of claim 15, The calculation unit, Latitude and longitude coordinate values for the first region identified by the IP address in the previous login information and latitude and longitude coordinate values for the second region identified by the IP address in the login information are extracted. The distance difference between the first region and the second region is calculated using the extracted latitude and longitude coordinates. Dual login detection system. The method of claim 14, Comparing the country code in the previous login information with the country code in the login information, and if the comparison result is a different country code, a first region identified by the previous login information and a second identified by the login information A changer for changing the threshold in proportion to the distance difference between regions Dual login detection system further comprising. The method of claim 14, The processing unit, Checking the grade given to the client terminal, assigning a login allowance time to the client terminal based on the identified grade, and if the login allowance time elapses, whether the speed value exceeds the threshold and Irrespective of the logout process of the client terminal Dual login detection system. The method of claim 14, If the time difference between the login time in the previous login information and the login time in the login information is within a predetermined time interval, The determination unit, Regardless of the speed value, it is determined that the dual login for the client terminal Dual login detection system. The method of claim 14, As the client terminal is determined to be a dual login, An alarm unit configured to display at least one of an IP address, a login time, and a country code of the client terminal in the obtained login information on a screen, thereby alarming the user about dual login; Dual login detection system further comprising.

Images