WO2019017544A1 - Procédé de fourniture de service d'authentification d'utilisateur, serveur web et terminal utilisateur - Google Patents

Procédé de fourniture de service d'authentification d'utilisateur, serveur web et terminal utilisateur Download PDF

Info

Publication number
WO2019017544A1
WO2019017544A1 PCT/KR2018/000287 KR2018000287W WO2019017544A1 WO 2019017544 A1 WO2019017544 A1 WO 2019017544A1 KR 2018000287 W KR2018000287 W KR 2018000287W WO 2019017544 A1 WO2019017544 A1 WO 2019017544A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
url information
user terminal
certificate
web page
Prior art date
Application number
PCT/KR2018/000287
Other languages
English (en)
Korean (ko)
Inventor
이지호
한강
Original Assignee
비씨카드(주)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 비씨카드(주) filed Critical 비씨카드(주)
Priority to CN201880047906.5A priority Critical patent/CN110945503A/zh
Publication of WO2019017544A1 publication Critical patent/WO2019017544A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Definitions

  • the present invention relates to a method of providing a user authentication service, a web server, and a user terminal. More particularly, the present invention relates to a method and apparatus for performing a redirect through URL information included in a cookie, A service providing method, a web server, and a user terminal.
  • a service for allowing an automatic login to be performed upon re-connection to a corresponding web page by using a cookie generated at the initial connection of a web page Even in this case, only after logging into the web page, Because login is possible, the process of entering the login information separately is still a problem.
  • the automatic login service is provided only by the connection request of the web page in a state in which the web page is not accessed or logged in, so that the web page can be conveniently accessed without entering the login information separately,
  • the present invention has been made to solve the above problems of the related art, and it is an object of the present invention to provide a user authentication service providing method for providing a web page automatically logged in by user authentication processing by performing redirection through URL information included in a cookie, And a user terminal.
  • a method of providing a user authentication service in a web server comprising: (a) receiving, from a user terminal, URL information included in a cookie of a requested web page Receiving; (b) supporting or performing a redirect to connect to a web page corresponding to the URL information; And (c) when the SSL communication through the pre-registered certificate normally proceeds, the user performs authentication processing.
  • the user authentication process may provide a web page automatically logged in as a user account corresponding to the URL information included in the cookie to the user terminal.
  • the method for providing a user authentication service may further include: before the step (a), (a0) supporting the generation or generation of the certificate and the URL information when the user authentication of the user terminal is completed; And (a1) transmitting the generated URL information to the user terminal, (i) processing the certificate to be issued on a web page corresponding to the URL information, and (ii) And a process of processing the data to be stored.
  • the certificate may be stored in a certificate directory of a web browser installed in the user terminal.
  • the step (b) includes the steps of: (b1) checking whether the URL information included in the cookie is normally verified through the user account; And (b2) when the normal log-in is confirmed, transmitting the URL information to the user terminal, and processing the URL information to be encrypted and stored in the cookie.
  • the SSL communication process comprises the steps of: (c0) decrypting a predetermined key included in the certificate of the user terminal with a second key included in the certificate of the web server when the predetermined data encrypted with the first key is received, (c1) Encrypting the generated symmetric key with the second key, and transmitting the encrypted symmetric key to the user terminal; and (c2) performing SSL communication with the user terminal using the symmetric key.
  • a method of providing a user authentication service in a web server comprising: (a) transmitting URL information to a user terminal; (b) if the URL access request is received from the user terminal, redirecting or performing redirect to connect to the web page corresponding to the URL information; And (C) when the SSL communication through the pre-registered certificate normally proceeds, the user performs authentication processing.
  • the URL information provided to the user may be transmitted in a text message.
  • the user authentication process may provide a web page automatically logged in as a user account corresponding to the URL information to the user terminal.
  • the method for providing a user authentication service may further include: before (a), (a0) supporting the generation or generation of the certificate and the URL information when the user authentication of the user terminal is completed,
  • the step (a) may include transmitting the generated URL information to the user terminal, and processing the certificate to be issued on a web page corresponding to the URL information.
  • a web server for providing a user authentication service, comprising: an information receiver for receiving URL information included in a cookie of a web page requested to be accessed from a user terminal; A redirecting unit for redirecting or performing a redirect to connect to a web page corresponding to the URL information; And an authentication processing unit for processing authentication by the user when the SSL communication through the pre-registered certificate normally proceeds.
  • the authentication processing unit may provide a web page automatically logged in as a user account corresponding to URL information included in the cookie to the user terminal in the user authentication process.
  • the web server supports to generate or generate the certificate and the URL information when the authentication of the user of the user terminal is completed, transmits the generated URL information to the user terminal, and corresponds to the URL information
  • the authentication information issuing unit may process the certificate to be issued on the web page and encrypt the URL information so that the URL information is stored in the cookie.
  • the certificate may be stored in a certificate directory of a web browser installed in the user terminal.
  • the web server confirms whether or not the login is normally performed through the user account. If the normal login is confirmed, the web server transmits the URL information to the user terminal, May be encrypted and stored in the cookie.
  • the web server decrypts the predetermined data encrypted with the first key included in the certificate of the user terminal with a second key included in the certificate of the web server, generates a symmetric key, To the user terminal, and an SSL communication unit for performing SSL communication with the user terminal using the symmetric key.
  • a web server for providing a user authentication service, comprising: an information transmission unit for transmitting URL information assigned to the user to a user terminal; A redirecting unit for redirecting or performing redirecting to connect to a web page corresponding to the URL information when the URL request is received from the user terminal; And an authentication processing unit for processing authentication by the user when the SSL communication through the pre-registered certificate normally proceeds.
  • the information transmission unit may transmit the URL information given to the user by including the URL information in the text message.
  • the authentication processing unit may provide a web page automatically logged in as a user account corresponding to URL information included in the cookie to the user terminal in the user authentication process.
  • the web server further includes an authentication information issuing unit for supporting the generation and generation of the certificate and the URL information when the user authentication of the user of the user terminal is completed and the information transmitting unit transmits the generated URL information And transmits the certificate to the user terminal so that the certificate is issued on the web page corresponding to the URL information.
  • a user terminal comprising: an input unit for receiving a predetermined web page access request from a user; A web browser driver for reading the URL information included in the cookie stored in the web browser and transmitting the read URL information to the web server when the predetermined web page access request is received to support redirection to connect to the web page corresponding to the URL information,
  • the web browser driver supports user authentication from the web server by performing SSL communication using a certificate registered in the web browser.
  • the web browser driver may receive a web page automatically login from the web server to the user account corresponding to the URL information included in the cookie.
  • the web browser driver may process the certificate to be issued on a web page corresponding to the URL information, encrypt the URL information, and store the encrypted URL information in the cookie.
  • the web browser driver may store the certificate in a certificate directory of the web browser.
  • the user can redirect through the URL information included in the cookie only by requesting access to the web page, .
  • the automatic login service can be provided even if the login information is not input, so that user convenience can be increased.
  • FIG. 1 is a diagram illustrating a system for providing a user authentication service according to an embodiment of the present invention.
  • FIG. 2 is a block diagram illustrating a configuration of a user terminal according to an embodiment of the present invention.
  • FIG. 3 is a block diagram illustrating a configuration of a web server according to an embodiment of the present invention.
  • FIG. 4 is a diagram illustrating a certificate issuance process for a user authentication service according to an embodiment of the present invention.
  • FIG. 5 is a diagram illustrating a URL information retransmission process due to the deletion of a cookie according to an embodiment of the present invention.
  • FIG. 6 is a diagram illustrating a process of providing an automatic login service according to an embodiment of the present invention.
  • FIG. 7 is a diagram illustrating a certificate of a web browser according to an exemplary embodiment of the present invention in a tree structure.
  • FIG. 8 is a diagram illustrating a cookie stored in a web browser according to an exemplary embodiment of the present invention. Referring to FIG. 8
  • FIG. 1 is a diagram illustrating a system for providing a user authentication service according to an embodiment of the present invention.
  • a user authentication service providing system may include a user terminal 100 and a web server 200 that can communicate with each other through a communication network.
  • the communication network can be configured without regard to its communication mode such as wired and wireless.
  • LAN local area network
  • MAN metropolitan area network
  • WAN wide area network
  • the user terminal 100 may be any type of handheld-based wireless device capable of being connected to an external server through a wireless communication network such as a mobile phone, a smart phone, a PDA (Personal Digital Assistant), a PMP A communication device, and a communication device that can be connected to an external server via a network, such as a desktop PC, a tablet PC, a laptop PC, and an IPTV including a set-top box.
  • a wireless communication network such as a mobile phone, a smart phone, a PDA (Personal Digital Assistant), a PMP A communication device, and a communication device that can be connected to an external server via a network, such as a desktop PC, a tablet PC, a laptop PC, and an IPTV including a set-top box.
  • a web browser may be installed in the user terminal 100.
  • the web browser is a program for displaying various information provided on the Internet through a web page, and is installed together with an operating system such as 'Internet Explorer' Program, or it may be a program installed separately according to a user's request such as 'Chrome' or 'Firefox'.
  • the user terminal 100 can execute a web browser to access a web page through a running web browser, and display various information contained in the accessed web page through a web browser.
  • a cookie for the web page may be generated.
  • the user terminal 100 may store and manage the cookie of the web page in the web browser.
  • the cookie may be a temporary file that is automatically generated when a user accesses a web page, and may be an information file containing user information such as an ID and a password.
  • the user terminal 100 may transmit a cookie of a web page to the web server 200 and request a connection to the web page through the cookie when the web page access request is made.
  • the web server 200 is a server for providing a web page, and can provide various information such as text, images, and moving images to the user terminal 100 accessing the web page.
  • the web server 200 can receive a cookie of the web page requested to be accessed from the user terminal 100.
  • the cookie includes URL information about an address that can be connected to a unique web page for each user.
  • the web server 200 checks the URL information included in the cookie, And perform or redirect to connect to the corresponding web page.
  • the web server 200 performs a redirect to connect to a unique web page for each user, which is a web page corresponding to the URL information.
  • the web server 200 can check user information (ID, password, etc.) included in the cookie and automatically log in as a user account have.
  • SSL is an Internet communication protocol protocol for securely transmitting data on the Internet.
  • the SSL communication can be performed between the terminal 200 and the authentication procedure can be performed through the certificate registered in advance on the SSL communication.
  • the web server 200 can check the user information through the cookie and provide the web page automatically logged in as the user account to the user terminal 100 have.
  • FIG. 2 is a block diagram illustrating a configuration of a user terminal 100 according to an embodiment of the present invention.
  • the user terminal 100 may include an input unit 110 and a web browser driver 120.
  • the input unit 110 may be implemented in a predetermined area of the user terminal 100 and may be implemented as a device connected to the user terminal 100 (for example, a keyboard, a mouse, Etc.).
  • the input unit 110 can receive a predetermined web page access request from a user.
  • the input unit 110 can receive a web page access request through a keyboard and receive a web page access request through a touch screen. have.
  • the web browser driver 120 can be operated by running a web browser installed in the user terminal 100 and can control access to a web page through a web browser.
  • the web browser 120 When the web browser driver 120 accesses a specific web page for the first time, the web browser 120 stores the cookie in the web browser and manages the cookie.
  • the web browser driver 120 can receive the URL information from the web server 200, process the certificate to be issued on the web page corresponding to the URL information ,
  • the URL information can be encrypted and stored in the cookie.
  • the web browser driver 120 may store the certificate issued in the certificate directory of the web browser and register the certificate in the web browser.
  • the web browser driving unit 120 can check the cookie stored in the web browser, read the URL information included in the cookie, and transmit the read URL information to the web server 200).
  • the web browser driver 120 can support redirecting to connect to the web page corresponding to the URL information transmitted to the web server 200.
  • the web browser driver 120 can perform SSL communication using the certificate registered in the web browser and can support user authentication from the web server 200.
  • the web browser driver 120 can receive a web page automatically logged in as a user account corresponding to the URL information from the web server 200, And can be controlled to be displayed on the screen of the user terminal 100.
  • FIG. 3 is a block diagram illustrating a configuration of a Web server 200 according to an embodiment of the present invention.
  • the web server 200 may include an authentication information issuing unit 210, an information transmitting and receiving unit 220, a redirect performing unit 230, an SSL communication unit 240, and an authentication processing unit 250 .
  • the authentication information issuing unit 210 can support the generation and generation of the certificate and the URL information when the user authentication of the user of the user terminal 100 is completed.
  • the user authentication process for the user can be performed through a user authentication means such as a card or an official authentication.
  • a user authentication means such as a card or an official authentication.
  • the authentication server 210 can receive the authentication result from the user terminal 100 and recognize that the authentication of the user has been normally completed.
  • the authentication information issuing unit 210 can generate a certificate for the user and generate URL information for an address that can be connected to a unique web page for each user when it is determined that the user authentication is completed for the user.
  • the authentication information issuing unit 210 may transmit the generated URL information to the user terminal 100 to process the certificate to be issued on the web page corresponding to the URL information and the issued certificate may be installed in the user terminal 100
  • the URL information registered in the web browser and transmitted to the user terminal 100 may be encrypted and stored in the cookie.
  • the authentication information issuing unit 210 may issue a certificate to the user terminal 100, And may be stored in the certificate directory of the web browser installed in the terminal 100.
  • the information transmitting and receiving unit 220 can receive the URL information included in the cookie of the web page requested by the user terminal 100 from the user terminal 100 when the user terminal 100 requests the web page access.
  • the information transmitting and receiving unit 220 can check whether or not the URL information is included in the cookie of the web page requested to be accessed. If the URL information contained in the cookie is not confirmed , The authentication information issuing unit 210 may determine that the URL information has been deleted and may transmit the URL information to the user terminal 100 again.
  • the authentication information issuing unit 210 checks whether or not the login is normally performed through the user account. If the normal login is confirmed , The URL information is transmitted to the user terminal 100 again, and the URL information transmitted to the user terminal 100 is encrypted and stored in the cookie.
  • the information transmitting and receiving unit 220 may transmit the URL information generated by the authentication information issuing unit 210 to the user terminal 100 and process the certificate to be issued on the web page corresponding to the URL information.
  • the information transmitting and receiving unit 220 can transmit the URL information given to the user to the user terminal 100 and can receive the URL access request from the user terminal 100. [ At this time, the information transmitting and receiving unit 220 may transmit the URL information given to the user by including it in a text message.
  • the redirect performing unit 230 can confirm the URL information included in the coup of the requested web page and perform redirect or perform redirect to connect to the web page corresponding to the URL information.
  • the redirect performing unit 230 may connect the web page corresponding to the URL information included in the cookie, It is possible to perform a redirect to connect to a given web page.
  • the redirector 230 redirects the connection to the web page corresponding to the URL information and then accesses the corresponding web page from the user terminal 100 and is issued by the authentication information issuing unit 210 to the user terminal
  • the SSL communication unit 240 can perform SSL communication with the user terminal 100 when the SSL communication through the certificate registered in the terminal 100 normally proceeds in the user terminal 100.
  • the SSL communication unit 240 can decrypt the corresponding data with the second key included in the certificate of the web server 200 have.
  • the SSL communication unit 240 generates a symmetric key, encrypts the generated symmetric key with the second key, transmits the encrypted symmetric key to the user terminal 100, and can perform SSL communication with the user terminal 100 with the symmetric key.
  • the authentication processing unit 250 can process the authentication by the user and can transmit the authentication processing message to the user terminal 100, for example.
  • the authentication processing unit 250 can automatically log in to the user account corresponding to the URL information included in the cookie and provide the automatically logged-in web page to the user terminal 100 in the user authentication process.
  • the authentication processing unit 250 can check the user information included in the cookie, acquire the user account information through the user information confirmation, perform the automatic login process using the acquired user account information, And may provide a web page to the user terminal 100.
  • FIG. 4 is a diagram illustrating a certificate issuance process for a user authentication service according to an embodiment of the present invention.
  • the user terminal 100 can proceed with the identity authentication process for the user of the user terminal 100 through the authentication means such as a card or public authentication.
  • the user terminal 100 can transmit the user authentication result to the web server 200 at the user authentication result step, and the web server 200 transmits the user authentication result to the user terminal 100), it is possible to recognize that the authentication of the user has been normally completed.
  • the web server 200 If it is determined that the user authentication is performed normally at the user terminal 100, (3) at the certificate and URL information generation step, the web server 200 generates and registers a certificate for the user, and generates URL information can do.
  • the URL information may be information indicating an address that can be connected to a unique web page assigned to each user.
  • the web server 200 can transmit a response to the authentication of the user to the user terminal 100.
  • the web server 200 transmits the URL information To the user terminal (100).
  • the web server 200 can transmit the authentication request for re-authentication to the user terminal 100 in response to the authentication of the user, and thereafter (1) .
  • the user terminal 100 can execute a web browser and access the web page corresponding to the URL information.
  • the user terminal 100 may perform the certificate issuing procedure on the web page corresponding to the URL information.
  • the certificate issued to the user terminal 100 is mapped to the certificate issued to the Web server 200 in the step (3) of generating the certificate and URL information, And stored in the certificate directory of the web browser running on the terminal 100.
  • the certificate of the web browser can be implemented in a tree structure. A description thereof will be made with reference to FIG.
  • FIG. 7 is a diagram illustrating a certificate of a web browser according to an exemplary embodiment of the present invention in a tree structure.
  • the top level of the certificate may be composed of "Root CA”, and the lower node of "Root CA” may be composed of "Korea Information Authentication", A certificate, B certificate and the like.
  • the lower node of " Korea Information Authentication" may be composed of a " card certificate " issued by a credit card company, and a lower node of the " card certificate "
  • the certificate of the web browser may be configured as a tree structure having an arbitrary degree.
  • the user terminal 100 may encrypt the URL information received from the web server 200 and store the encrypted URL information in a cookie.
  • the cookie may be stored in a web browser. A description thereof will be made with reference to FIG.
  • FIG. 8 is a diagram illustrating a cookie stored in a web browser according to an exemplary embodiment of the present invention. Referring to FIG. 8
  • the web browser can access the web page.
  • a cookie for the web page can be stored.
  • a " Cookie " folder for storing a cookie is created in a directory of a web browser (e.g., " Intetnet Explorer " folder).
  • a cookie is created by accessing a web page, Folder.
  • the cookie can be generated for each web page corresponding to the web page accessed through the web browser. For example, when the web browser accesses the A web page, the A cookie can be generated. In the web browser, When you access the page, a B cookie can be created, and a number of cookies, including A cookies, B cookies, etc., can be stored in the " Cookie " folder.
  • the cookie is a temporary file that is automatically generated when accessing a web page, and may be an information file containing user information such as an ID and a password, and may be generated for each web page.
  • FIG. 5 is a diagram illustrating a URL information retransmission process due to the deletion of a cookie according to an embodiment of the present invention.
  • the user terminal 100 can transmit a web page access request to the web server 200. At this time, the user terminal 100 can transmit the cookie of the requested web page to the web server 200.
  • the web server 200 can check the cookie of the web page for connection to the requested web page, and can check whether the cookie includes the URL information.
  • the web server 200 can confirm whether or not the user terminal 100 has normally logged in through the user account.
  • the web server 200 can retrieve and acquire the URL information generated at the issuing of the certificate. (4) At the URL information transmission step, the web server 200 transmits the URL information to the cookie The URL information may be transmitted to the user terminal 100 so that the URL information can be stored.
  • the user terminal 100 may encrypt the URL information received from the web server 200 and encrypt the URL information to be stored in the cookie.
  • FIG. 6 is a diagram illustrating a process of providing an automatic login service according to an embodiment of the present invention.
  • the user terminal 100 may access a specific web page, and the cookie of the web page may be stored in the web browser of the user terminal 100.
  • the user terminal 100 may transmit a web page access request to the web server 200. At this time, the user terminal 100 can transmit the URL information included in the cookie of the requested web page to the web server 200.
  • a connection to a URL may be requested from the user terminal 100 by transmitting URL information given to the user from the web server 200 to the user terminal 100.
  • the web server 200 can confirm the URL information given to the user in the URL access request.
  • the web server 200 can check the cookie of the web page for connection to the web page requested to be accessed. In the process of checking the cookie, the web server 200 You can check whether URL information is included.
  • the web server 200 can perform redirect so as to be connected to the web page corresponding to the URL information included in the cookie.
  • the web server 200 may try to access the web page requested by the user terminal 100, check the URL information included in the cookie to perform redirect, You can link to the page.
  • the user terminal 100 accesses the corresponding web page through the URL information in accordance with the redirection performed by connecting the web page corresponding to the URL information to the web server 200, To the user terminal 100, a confirmation request for the certificate issued to the user terminal 100.
  • the user terminal 100 can proceed with the SSL communication through the previously registered certificate.
  • SSL communication can be performed in the user terminal 100,
  • the authentication procedure can be performed through a certificate registered in advance on the server.
  • the SSL communication process transmits predetermined data encrypted with the first key included in the certificate of the user terminal 100 from the user terminal 100 to the web server 200 and the web server 200 transmits the predetermined data encrypted with the first key included in the certificate of the web server 200 And decrypt the received data with the second key included in the certificate.
  • the web server 200 generates a symmetric key, encrypts the generated symmetric key with the second key, and transmits the encrypted symmetric key to the user terminal 100, and transmits the symmetric key to the user terminal 100 and the web server 200 using the symmetric key.
  • the user terminal 100 can transmit the SSL communication normal processing result to the web server 200, and the web server 200 It is possible to grasp that the SSL communication through the certificate previously registered in the user terminal 100 proceeds normally through the SSL communication normal processing result.
  • the web server 200 can process the authentication by the user.
  • the web server 200 can provide the web page automatically login to the user terminal corresponding to the URL information included in the cookie to the user terminal 100. Specifically, in the step (7) The web server 200 can confirm the user information included in the cookie, acquire the user account information through the user information confirmation, and perform the automatic login process using the acquired user account information.
  • the web server 200 can provide the web page automatically logged in by performing the automatic login process to the user terminal 100.
  • the user terminal 100 requests access to the web page that is not logged in.
  • Page can be provided.
  • the web page is redirected through the URL information included in the cookie only by the connection request of the web page, Therefore, even if the login information is not input, the automatic login service can be provided and the user's convenience can be increased.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

L'invention concerne un mode de réalisation d'un procédé de fourniture d'un service d'authentification d'utilisateur dans un serveur Web, le procédé de fourniture de service d'authentification d'utilisateur consistant : (a) à recevoir, d'un terminal utilisateur, des informations d'URL incluses dans des témoins de navigation d'une page Web à laquelle l'accès a été demandé ; (b) à effectuer une redirection ou à prendre en charge le fonctionnement de façon à être connecté à une page Web correspondant aux informations d'URL ; (c) à traiter, par un utilisateur, une authentification lorsque la communication SSL se déroule normalement par l'intermédiaire d'un certificat préenregistré.
PCT/KR2018/000287 2017-07-17 2018-01-05 Procédé de fourniture de service d'authentification d'utilisateur, serveur web et terminal utilisateur WO2019017544A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201880047906.5A CN110945503A (zh) 2017-07-17 2018-01-05 用户认证服务提供方法、网页服务器及用户终端

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020170090433A KR102001891B1 (ko) 2017-07-17 2017-07-17 사용자 인증 서비스 제공 방법, 웹 서버 및 사용자 단말
KR10-2017-0090433 2017-07-17

Publications (1)

Publication Number Publication Date
WO2019017544A1 true WO2019017544A1 (fr) 2019-01-24

Family

ID=65016204

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2018/000287 WO2019017544A1 (fr) 2017-07-17 2018-01-05 Procédé de fourniture de service d'authentification d'utilisateur, serveur web et terminal utilisateur

Country Status (3)

Country Link
KR (1) KR102001891B1 (fr)
CN (1) CN110945503A (fr)
WO (1) WO2019017544A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20230012874A (ko) * 2021-07-16 2023-01-26 (주)모니터랩 보안 장치에서 쿠키를 활용한 사용자 인증 방법

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050216582A1 (en) * 2002-07-02 2005-09-29 Toomey Christopher N Seamless cross-site user authentication status detection and automatic login
US20100211796A1 (en) * 2006-08-18 2010-08-19 Kurt Gailey Method and System for Automatic Login Initiated Upon a Single Action with Encryption
US20120260321A1 (en) * 2011-04-07 2012-10-11 International Business Machines Corporation Method and apparatus to auto-login to a browser application launched from an authenticated client application
WO2017010679A1 (fr) * 2015-07-15 2017-01-19 주식회사 수산아이앤티 Dispositif et procédé de transfert de témoins de connexion
US20170111351A1 (en) * 2012-09-19 2017-04-20 Secureauth Corporation Mobile multifactor single-sign-on authentication

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101186695B1 (ko) * 2008-12-19 2012-09-27 주식회사 케이티 연합 쿠키를 이용한 id 연합 기반의 사이트 연동 방법
US8856869B1 (en) * 2009-06-22 2014-10-07 NexWavSec Software Inc. Enforcement of same origin policy for sensitive data
CN103179134A (zh) * 2013-04-19 2013-06-26 中国建设银行股份有限公司 基于Cookie的单点登录方法、系统及其应用服务器

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050216582A1 (en) * 2002-07-02 2005-09-29 Toomey Christopher N Seamless cross-site user authentication status detection and automatic login
US20100211796A1 (en) * 2006-08-18 2010-08-19 Kurt Gailey Method and System for Automatic Login Initiated Upon a Single Action with Encryption
US20120260321A1 (en) * 2011-04-07 2012-10-11 International Business Machines Corporation Method and apparatus to auto-login to a browser application launched from an authenticated client application
US20170111351A1 (en) * 2012-09-19 2017-04-20 Secureauth Corporation Mobile multifactor single-sign-on authentication
WO2017010679A1 (fr) * 2015-07-15 2017-01-19 주식회사 수산아이앤티 Dispositif et procédé de transfert de témoins de connexion

Also Published As

Publication number Publication date
KR20190008713A (ko) 2019-01-25
KR102001891B1 (ko) 2019-07-19
CN110945503A (zh) 2020-03-31

Similar Documents

Publication Publication Date Title
WO2022102930A1 (fr) Système did utilisant une authentification par pin de sécurité basée sur un navigateur, et procédé de commande associé
WO2017111383A1 (fr) Dispositif d'authentification sur la base de données biométriques, serveur de commande relié à celui-ci, et procédé de d'ouverture de session sur la base de données biométriques
WO2016129929A1 (fr) Système d'authentification de sécurité pour la connexion d'un membre d'un site web en ligne, et procédé associé
WO2010068073A2 (fr) Procédé de fourniture de service utilisant des données d'identification de dispositif, son dispositif et support lisible par ordinateur sur lequel son programme est enregistré
WO2016137307A1 (fr) Attestation par mandataire
WO2015069018A1 (fr) Système d'ouverture de session sécurisée et procédé et appareil pour celui-ci
WO2015093734A1 (fr) Système et procédé d'authentification utilisant un code qr
WO2013191325A1 (fr) Procédé pour authentifier un identifiant d'ouverture par plate-forme de confiance, et appareil et système associés
WO2013025085A2 (fr) Appareil et procédé permettant de prendre en charge un nuage de famille dans un système informatique en nuage
WO2014104777A2 (fr) Système et procédé d'ouverture de session sécurisée, et appareil correspondant
WO2013141602A1 (fr) Procédé d'authentification et système pour ce procédé
WO2016064041A1 (fr) Terminal d'utilisateur utilisant une valeur de hachage pour détecter si un programme d'application a été altéré et procédé de détection d'altération utilisant le terminal d'utilisateur
WO2021150032A1 (fr) Procédé permettant de fournir un service d'authentification à l'aide d'une identité décentralisée, et serveur utilisant ledit procédé
WO2020253120A1 (fr) Procédé, système et dispositif d'enregistrement de page web, et support de stockage informatique
WO2014058130A1 (fr) Procédé de commande d'accès à un distributeur de réseau, et système pilote de réseau
WO2014185594A1 (fr) Système et procédé à authentification unique dans un environnement vdi
WO2018151480A1 (fr) Procédé et système de gestion d'authentification
WO2012099330A2 (fr) Système et procédé de délivrance d'une clé d'authentification pour authentifier un utilisateur dans un environnement cpns
WO2019039811A1 (fr) Système et procédé de service à un seul id basés sur une chaîne de blocs
WO2014104539A1 (fr) Procédé et appareil de gestion de mot de passe
WO2016137291A1 (fr) Système de serveur pg utilisant un code de sécurité basé sur l'horodatage, et procédé de commande associé
WO2020062644A1 (fr) Procédé, appareil et dispositif de détection du bogue de détournement json et support d'enregistrement
WO2019182377A1 (fr) Procédé, dispositif électronique et support d'enregistrement lisible par ordinateur permettant de générer des informations d'adresse utilisées pour une transaction de cryptomonnaie à base de chaîne de blocs
WO2017111483A1 (fr) Dispositif d'authentification basée sur des données biométriques, serveur de commande et serveur d'application relié à celui-ci, et procédé de commande associé
WO2017034378A1 (fr) Dispositif de sécurisation d'informations et procédé de sécurisation d'informations utilisant l'accessibilité

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18835176

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18835176

Country of ref document: EP

Kind code of ref document: A1