KR20170067120A - Gateway and method for authentication - Google Patents

Gateway and method for authentication Download PDF

Info

Publication number
KR20170067120A
KR20170067120A KR1020160018230A KR20160018230A KR20170067120A KR 20170067120 A KR20170067120 A KR 20170067120A KR 1020160018230 A KR1020160018230 A KR 1020160018230A KR 20160018230 A KR20160018230 A KR 20160018230A KR 20170067120 A KR20170067120 A KR 20170067120A
Authority
KR
South Korea
Prior art keywords
user
server
authentication
subscriber
information
Prior art date
Application number
KR1020160018230A
Other languages
Korean (ko)
Other versions
KR101824562B1 (en
Inventor
정수환
박정수
김진욱
윤권진
Original Assignee
숭실대학교산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 숭실대학교산학협력단 filed Critical 숭실대학교산학협력단
Publication of KR20170067120A publication Critical patent/KR20170067120A/en
Application granted granted Critical
Publication of KR101824562B1 publication Critical patent/KR101824562B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention includes a communication module, a memory for storing a program for managing user authentication and access, and a processor for executing a program stored in the memory. At this time, when the user requests access to the non-subscriber company server, the processor performs authentication of the user with respect to the non-subscriber company server based on the information of the user and transmits the user's access to the non- Allow. The user information includes authentication information of the subscriber institution server of the user, and the subscriber server of the user is different from the non-subscriber server of the user.

Description

GATEWAY AND METHOD FOR AUTHENTICATION [0002]

The present invention relates to an authentication method of an authentication gateway and an authentication gateway.

In cloud services, account management solutions include signal sign-on (SSO), extranet access management (EAM), and identity access management (IAM).

Integrated authentication is a security solution that enables you to use various systems or Internet services with one login. Integrated authentication can access various systems and services with only one account without having to go through multiple authentication procedures. Therefore, integrated authentication has the advantage of reducing user convenience and management cost.

Integrated authentication management is defined by the Gartner group. Integrated authentication management manages the integrated authentication and user authentication. Integrated authentication management uses a single mechanism based on security policy to manage user access to applications and data.

As such, integrated authentication and integrated authentication management are applications' access-oriented solutions. In contrast, integrated account management is a more comprehensive concept. Integrated account management is often referred to as account management solutions, integrated account management, and integrated authentication management. Integrated account management can manage user access to system resources through identifiers and privileges in various systems.

In this regard, Korean Patent Laid-Open Publication No. 10-2013-0046155 (entitled "Access Control System in Cloud Computing Service") discloses an access control and authorization policy for providing a personal cloud service. Specifically, the present invention includes a user authentication server, a plurality of cloud service servers, and a collaboration service server, and compares the access token information with the user access control list through the cloud service server to approve the service access of the user.

The present invention provides an authentication gateway and an authentication gateway authentication method for performing authentication of a non-subscription server through a base server in an inter-cloud environment.

It should be understood, however, that the technical scope of the present invention is not limited to the above-described technical problems, and other technical problems may exist.

As a technical means for achieving the above technical object, an authentication gateway according to the first aspect of the present invention includes a communication module, a memory for storing a program for managing authentication and access of a user, and a processor for executing a program stored in the memory . At this time, when the user requests access to the non-subscriber company server, the processor performs authentication of the user with respect to the non-subscriber company server based on the information of the user and transmits the user's access to the non- Allow. The user information includes authentication information of the subscriber institution server of the user, and the subscriber server of the user is different from the non-subscriber server of the user.

According to a second aspect of the present invention, there is provided an authentication method of an authentication gateway, including: performing authentication of a user to a non-subscriber server based on information of a user when the user requests access to the non-subscriber server; And allowing the user to access the non-subscriber server performing the authentication. At this time, the information of the user includes the authentication information of the subscriber institution server of the user, and the subscriber server of the user is different from the non-subscriber server of the user.

The present invention can access the information of the non-subscriber based on the information of the minimum base institution and the information of the user received from the base institution in the inter-cloud environment. Therefore, the present invention can provide an integrated account management service so that the information of other organizations can be utilized safely and efficiently. In addition, the present invention can seamlessly provide a plurality of services to a user.

1 is a block diagram of an authentication system in accordance with an embodiment of the present invention.
2 is a flowchart of a basic authentication process according to an embodiment of the present invention.
3 is a flow chart of the authentication process of the authentication server according to the embodiment of the present invention.
4 is a block diagram of an authentication gateway according to an embodiment of the present invention.
5 is a flowchart of an authentication method of an authentication gateway according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings, which will be readily apparent to those skilled in the art. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.

Throughout the specification, when a part is referred to as being "connected" to another part, it includes not only "directly connected" but also "electrically connected" with another part in between . Also, when a part is referred to as "including " an element, it does not exclude other elements unless specifically stated otherwise.

The authentication system 100 according to an embodiment of the present invention will now be described with reference to Figs.

1 is a block diagram of an authentication system 100 in accordance with an embodiment of the present invention.

The authentication system 100 performs authentication of the user 110 to the first institution server 150 and the second institution server 160 according to a request of the user 110 through the authentication server 120. [ The authentication system 100 then permits the user 110 to access the first institution server 150 and the second institution server 160 according to the user 110 authentication.

The authentication server 120 may be an identity and access management server. The authentication server 120 may be an account management solution server, an integrated account management server, and an integrated authentication management server, but is not limited thereto.

In addition, the authentication server 120 may include an authentication gateway 130 and a policy decision server 140.

The authentication gateway 130 performs authentication for the user 110 at the request of the first institution server 150 and the second institution server 160.

The policy decision server 140 may convert the authentication result of the user 110 according to a predetermined rule so that the authentication result of the user 110 can be easily used at each institution server.

The first institution server 150 and the second institution server 160 are servers providing different cloud services in an inter-cloud environment. At this time, the first institution server 150 and the second institution server 160 may be public cloud service servers or private cloud service servers, but the present invention is not limited thereto.

The first institution server 150 and the second institution server 160 may include their own lagacy authentication devices. That is, the first institution server 150 and the second institution server 160 can perform the authentication of the user 110 through the legacy authentication apparatus of its own.

The first institution server 150 and the second institution server 160 may also include an agent for connection with the authentication server 120 and the user 110. Therefore, the user 110 can access the authentication server 120 through the agent included in the first institution server 150 and the second institution server 160.

The user 110 may be a device using the first institution server 150 and the second institution server 160. For example, the device is not particularly limited by type, performance, form, and the like, and may be implemented as a portable terminal or a computer.

The authentication process in the authentication system 100 will be described with reference to FIGS. 2 and 3. FIG.

2 is a flowchart of a basic authentication process according to an embodiment of the present invention.

As shown in FIG. 2 (a), the first institution server 150 may be an institution server that the user 110 has already joined. The user 110 may send an information access request message to the first institution server 150 using the authentication information of the first institution server 150, which is a pre-established institution server (S200).

The first institution server 150 may perform basic authentication on the authentication information of the first institution server 150 of the user 110 via the legacy authentication apparatus included in the first institution server 150. [ Then, the first institution server 150 may transmit the access permission message of the user 110 corresponding to the performed basic authentication to the user 110 (S210).

Then, the user 110 can access the information of the first institution server 150 (S220).

In FIG. 2B, the second institutional server 160 may be a server of an organization to which the user 110 does not subscribe. At this time, the user 110 may request access to the second institution server 160, which is a non-subscriber company server (S230).

The second institution server 160 can perform the basic authentication of the user 110 through the legacy authentication apparatus included in the second institution server 160. [ At this time, since the user 110 does not have the authentication information for the second institution server 160, the second institution server 160 can transmit the unaccessible message of the user 110 to the user 110 S240).

If the user 110 is set to perform authentication with respect to the non-subscription server 120 through the authentication server 120, the second institution server 160 transmits the authentication information to the user 110 via the authentication server 120 Access can be granted.

3 is a flow chart of the authentication process of the authentication server 120 according to an embodiment of the present invention.

Specifically, when the user 110 requests access to the second institution server 160, which is a non-affiliated institution server, the second institution server 160 accesses the authentication server 120 through the authentication gateway 130 of the authentication server 120, And requests authentication of the user 110 (S310).

At this time, the second institution server 160 can transmit the cookie value and the information of the second institution server 160 to the authentication gateway 130. The cookie value is generated so as to include information for identifying the user 110 requesting access to the second institution server 160. The information of the second institution server 160 includes information such as a uniform resource locator (URL) for accessing the second institution server 160 again after the user 110 is authenticated can do.

The authentication gateway 130 authenticates the user 110 based on the information of the user 110 included in the cookie value received from the second institution server 160 according to the access request of the second institution server 160 .

At this time, the information of the user 110 includes the authentication information of the subscriber institution server of the user 110. That is, the authentication gateway 130 can perform authentication through the authentication information of the first institution server 150 among the subscription institution servers of the user 110 included in the information of the user 110.

Also, the first institutional server 150 selected for authentication of the second institutional server 160 may be one that the user 110 preconfigured in the authentication system 100. The first institution server 150 may be a subscription institution server selected by the user 110 when requesting authentication to the second institution server 160.

Specifically, the authentication gateway 130 may transmit the authentication information for the first institution server 150 of the user 110 to the first institution server 150. The authentication gateway 130 may request the first institution server 150 to perform user authentication (S320). The authentication information of the first institution server 150 transmitted by the authentication gateway 130 may include an identifier of the user 110 and information of the second institution server 160. For example, the information of the second institution server 160 may be the URL information of the second institution server 160.

The first institution server 150 receiving the authentication information for the first institution server 150 of the user 110 can perform the authentication of the user 110 based on the authentication information of the user 110. [ The first institution server 150 sends the authentication result of the user 110 and the minimum login information of the user 110 required for the authentication of the user 110 to the second institution server 160 to the authentication server 120 (S330).

For example, the first institutional server 150 may include an identifier of the user 110, an authority level of the user 110 in the first authority server 150, a user authentication time in the first authority server 150, The login information of the user 110 constituted by the information of the first institution server 150 and the URL of the second institution server 160 can be generated. At this time, the authentication time of the user 110 in the first institution server 150 may be the time when the first institution server 150 is logged in to authenticate the second institution server 160.

The authentication gateway 130 receives the authentication result of the user 110 and the login information of the user 110 from the first institution server 150 and transmits the authentication result to the second institution server 160 at step S340.

At this time, the login information of the first institution server 150 and the login information of the second institution server 160 may be different from each other. Therefore, the authentication gateway 130 can generate login information corresponding to an institution server according to an access agreement defined for each institution server through the policy decision server 140 included in the authentication server 120. [ At this time, the authentication gateway 130 can generate login information using extensible markup language (XML) and JavaScript object notation (JSON) according to a predetermined format included in the connection protocol, but is not limited thereto.

For example, if the predetermined format is JSON, the policy determination server 140 may generate the login information of the user 110 as a JSON web token. The policy decision server 140 may encrypt the JWT including the generated login information and transmit the encrypted JWT to the authentication gateway 130 of the authentication server 120.

The authentication gateway 130 may transmit the encrypted JWT to the second institution server 160 as the login information of the user 110. [

The second institution server 160 may grant the access of the user 110 based on the login information included in the JWT of the user 110 received from the authentication gateway 130 at step S350.

At this time, the second institution server 160 can set an access level to the second institution server 160 based on the authority level of the user 110 included in the login information of the user 110. [ And the second authority server 160 may send the access permission message to the user 110. [

The user 110 may access the information of the second institution server 160 according to the access permission of the second institution server 160 (S360). When the user 110 attempts to access the second institutional server 160, the second institutional server 160 accesses the user 110 110 based on the login information of the encrypted user 110 received from the authentication gateway 130 ). ≪ / RTI > The second institution server 160 can set the authority level and the like for the information and the information to be provided to the user 110 based on the login information of the user 110.

Thus, the user 110 accesses the second institution server 160, which is a non-subscription server, based on the user information of the first institution server 150, which is a pre-subscription institution server, through the authentication system 100 .

The first institutional server 150 may also provide only a minimum amount of information about the user 110 to the second institutional server 160 to which the user 110 is not subscribed. Therefore, the user 110 can access the information of the second institution server 160 securely and efficiently. In addition, since only the minimum information is provided to the second institution server 160, it is possible to prevent the second institution server 160 from maliciously using the information of the user 110. [

4, an authentication gateway 130 according to an embodiment of the present invention will be described.

4 is a block diagram of an authentication gateway 130 in accordance with one embodiment of the present invention.

The authentication gateway 130 performs authentication for a plurality of institution servers in response to a request from the user 110. [ At this time, the authentication gateway 130 includes a communication module 400, a memory 410, and a processor 420.

The communication module 400 performs communication with a plurality of institution servers. At this time, the communication module 400 can communicate with the user 110 through the agents included in the plurality of institution servers.

The memory 410 stores a program that manages the authentication and access of the user 110. At this time, the memory 410 collectively refers to a non-volatile storage device that keeps stored information even when power is not supplied, and a volatile storage device that requires power to maintain stored information.

The processor 420 performs the user 110 authentication based on the user information when the user 110 requests access to the non-subscriber server. At this time, the user information includes the authentication information of the subscriber institution server by the user 110.

At this time, the non-subscriber station server and the subscriber station server according to an embodiment of the present invention may be a cloud service server.

The affiliate institution server is an institution server to which the user 110 is subscribed or to which the user 110 has a login history.

The non-subscriber server is also an agency server to which the user 110 does not subscribe, which does not have the information of the user 110 of the user 110 or the login information of the user 110. [ At this time, the non-subscriber server and the subscription server may be different from each other.

At this time, the affiliate server may be an agency server selected by the user 110 among the agency servers to which the user 110 subscribes. That is, the processor 420 may receive the information of the subscriber company server selected by the user 110 together with the access request of the user 110 to the non-subscriber server.

The processor 420 may communicate the user information to the subscription authority server selected by the user 110 via the communication module 400. That is, the processor 420 can perform authentication of the user 110 through the subscriber server selected by the user 110.

When the subscription authority server authenticates the user information and transmits the login information of the user 110 corresponding to the authentication, the processor 420 can receive the login information of the user 110 via the communication module 400 .

At this time, the login information includes an identifier of the user 110, a permission level of the user 110 at the subscriber's server, an authentication time of the user 110 at the subscriber's server, information of the subscriber, .

The processor 420 may generate an encrypted token based on the login information received from the subscription authority server through the policy determination server 140. [ The processor 420 may then send the generated encrypted token to the non-subscription server.

The non-subscriber company server receiving the encrypted token may perform authentication of the user 110 using the encrypted token. At this time, the non-subscriber station server can set the user 110 permission level on the non-subscriber server based on the level of the user 110 included in the encrypted token.

The processor 420 then allows the user 110 access to the non-subscription server that performed the authentication.

The user 110 can access the non-subscriber server permitted to access and browse the information according to the authority of the user 110.

Next, an authentication method of the authentication gateway 130 according to an embodiment of the present invention will be described with reference to FIG.

5 is a flowchart of an authentication method of an authentication gateway 130 according to an embodiment of the present invention.

When the user 110 requests access to the non-affiliated institution server (S500), the authentication gateway 130 performs authentication of the user 110 with respect to the non-affiliated institution server based on the information of the user 110 . At this time, the user information includes authentication information of the subscriber institution server of the user 110. And the subscriber's server of user 110 is different from the non-subscriber's server of user 110. [

Specifically, the authentication gateway 130 may forward the information of the user 110 to the subscription authority server to which the user 110 has subscribed (S510).

The authentication gateway 130 may perform authentication of the user 110 with respect to the non-subscription server through the subscription authority server of the user 110 (S520).

At this time, the authentication gateway 130 may receive the login information corresponding to the user authentication from the subscriber's server in order to perform the authentication of the user 110 with respect to the non-subscriber server. The login information of the user 110 includes an identifier of the user 110, an authority level of the user 110 at the subscriber's server, authentication time of the user 110 at the subscriber's server, information of the subscriber, Of the URL.

The authentication gateway 130 can authenticate the user 110 to the non-subscriber server based on the login information of the user 110 received from the subscriber company server.

If authentication of the user 110 is successful, the authentication gateway 130 permits the user 110 to access the non-subscriber server that has performed the authentication (S530).

The authentication method of the authentication gateway 130 and the authentication gateway 130 according to the embodiment of the present invention is based on the fact that in the intercloud environment the user 110 is able to authenticate the user 110 based on the information of the minimum authorized institution and the information of the user 110 , And access to information of non-affiliated organizations.

Therefore, the authentication method of the authentication gateway 130 and the authentication gateway 130 can provide an integrated account management service to the user 110 so that information of other organizations can be used safely and efficiently. The authentication method of the authentication gateway 130 and the authentication gateway 130 can provide a service of a plurality of institutions to the user seamlessly.

One embodiment of the present invention may also be embodied in the form of a recording medium including instructions executable by a computer, such as program modules, being executed by a computer. Computer readable media can be any available media that can be accessed by a computer and includes both volatile and nonvolatile media, removable and non-removable media. In addition, the computer-readable medium may include both computer storage media and communication media. Computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Communication media typically includes any information delivery media, including computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave, or other transport mechanism.

While the methods and systems of the present invention have been described in connection with specific embodiments, some or all of those elements or operations may be implemented using a computer system having a general purpose hardware architecture.

It will be understood by those skilled in the art that the foregoing description of the present invention is for illustrative purposes only and that those of ordinary skill in the art can readily understand that various changes and modifications may be made without departing from the spirit or essential characteristics of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.

The scope of the present invention is defined by the appended claims rather than the detailed description and all changes or modifications derived from the meaning and scope of the claims and their equivalents are to be construed as being included within the scope of the present invention do.

100: Authentication system
110: User
120: Authentication server
130: Authentication gateway
140: Policy decision server
150: First institution server
160: Second institution server

Claims (11)

In the authentication gateway,
Communication module,
A memory storing a program for managing user authentication and access, and
And a processor for executing a program stored in the memory,
The processor, when the user requests access to a non-subscriber server,
Performing authentication of the user with respect to the non-subscriber server based on the information of the user, allowing the user to access the non-subscriber server performing the authentication,
Wherein the information of the user includes authentication information of a subscriber institution server of the user,
Wherein the user's subscription authority server is different from the user's non-subscription authority server. The method according to claim 1,
The processor forwards the information of the user to the subscriber's server of the user to perform authentication of the user to the non-subscriber server. 3. The method of claim 2,
Wherein the processor receives login information corresponding to the user authentication from the subscription authority server and performs authentication of the user with respect to the non-subscription authority server based on the received login information,
Wherein the login information is composed of an identifier of the user, an authority level of the user at the subscription authority server, an authentication time of the user at the subscription authority server, information of the subscription authority, and a URL of the non- , Authentication gateway. The method of claim 3,
Wherein the processor generates an encrypted token based on the login information received from the subscriber's server through the policy determination server,
And transmits the generated encrypted token to the non-subscriber server. The method of claim 3,
And the non-subscriber station server sets the authority level of the user corresponding to the access request of the user based on the authority level of the user included in the login information. The method according to claim 1,
Wherein the processor performs authentication of the user with respect to the non-subscriber server based on authentication information included in the subscriber server selected by the user among subscriber's servers included in the user information. The method according to claim 1,
Wherein the non-subscriber company server and the subscription authority server are cloud service servers. In an authentication method of an authentication gateway,
Performing authentication of the user to the non-subscriber server based on the information of the user when the user requests access to the non-subscriber company server; And
And allowing the user to access the non-subscriber server performing the authentication,
Wherein the information of the user includes authentication information of a subscriber institution server of the user,
Wherein the user's subscription authority server is different from the user's non-subscription authority server. 9. The method of claim 8,
Wherein performing the authentication of the user to the non-
Transferring the information of the user to a subscriber institution server of the user; And
And performing authentication of the user to the non-subscriber server through the subscriber's server of the user. 10. The method of claim 9,
Wherein performing the authentication of the user to the non-
Receiving login information corresponding to the user authentication from the subscriber's server; And
And performing authentication of the user to the non-subscriber server based on the received login information,
Wherein the login information is composed of an identifier of the user, an authority level of the user at the subscription authority server, an authentication time of the user at the subscription authority server, information of the subscription authority, and a URL of the non- , Authentication method of the authentication gateway. A computer-readable recording medium recording a program for performing the method according to any one of claims 8 to 10 on a computer.
KR1020160018230A 2015-12-07 2016-02-17 Gateway and method for authentication KR101824562B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020150173095 2015-12-07
KR20150173095 2015-12-07

Publications (2)

Publication Number Publication Date
KR20170067120A true KR20170067120A (en) 2017-06-15
KR101824562B1 KR101824562B1 (en) 2018-02-01

Family

ID=59217739

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020160018230A KR101824562B1 (en) 2015-12-07 2016-02-17 Gateway and method for authentication

Country Status (1)

Country Link
KR (1) KR101824562B1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102004821B1 (en) * 2018-07-06 2019-07-29 황치범 Apparatus and method for providing mediation service supporting integrated processing of private authentication
KR20190134135A (en) * 2018-05-25 2019-12-04 삼성에스디에스 주식회사 Service providing method based on cloud platform and system thereof
KR20200132375A (en) * 2019-05-17 2020-11-25 주식회사 모티링크 Method for authorizing virtual space user and system for providing virtual space
CN114070585A (en) * 2021-10-18 2022-02-18 北京天融信网络安全技术有限公司 SSL VPN authentication method, device and gateway
KR102670856B1 (en) * 2023-12-04 2024-05-30 주식회사 범익 Apparatus for relaying customer verification authentication and method therefo

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4758575B2 (en) * 2001-08-09 2011-08-31 ヤフー株式会社 User authentication method and user authentication system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190134135A (en) * 2018-05-25 2019-12-04 삼성에스디에스 주식회사 Service providing method based on cloud platform and system thereof
KR102004821B1 (en) * 2018-07-06 2019-07-29 황치범 Apparatus and method for providing mediation service supporting integrated processing of private authentication
KR20200132375A (en) * 2019-05-17 2020-11-25 주식회사 모티링크 Method for authorizing virtual space user and system for providing virtual space
CN114070585A (en) * 2021-10-18 2022-02-18 北京天融信网络安全技术有限公司 SSL VPN authentication method, device and gateway
KR102670856B1 (en) * 2023-12-04 2024-05-30 주식회사 범익 Apparatus for relaying customer verification authentication and method therefo

Also Published As

Publication number Publication date
KR101824562B1 (en) 2018-02-01

Similar Documents

Publication Publication Date Title
US10581827B2 (en) Using application level authentication for network login
US10673861B2 (en) Identity proxy to provide access control and single sign on
US10057251B2 (en) Provisioning account credentials via a trusted channel
US10104084B2 (en) Token scope reduction
US10277409B2 (en) Authenticating mobile applications using policy files
US10136315B2 (en) Password-less authentication system, method and device
US9038138B2 (en) Device token protocol for authorization and persistent authentication shared across applications
US9584615B2 (en) Redirecting access requests to an authorized server system for a cloud service
US9178868B1 (en) Persistent login support in a hybrid application with multilogin and push notifications
US20170099148A1 (en) Securely authorizing client applications on devices to hosted services
CN105991614B (en) It is a kind of it is open authorization, resource access method and device, server
US10148651B2 (en) Authentication system
US9590972B2 (en) Application authentication using network authentication information
KR101824562B1 (en) Gateway and method for authentication
US11418498B2 (en) Single sign on proxy for regulating access to a cloud service
US9787678B2 (en) Multifactor authentication for mail server access
CN103069742A (en) Method and apparatus to bind a key to a namespace
US20220311626A1 (en) Cloud-based identity provider interworking for network access authentication
CN115190483B (en) Method and device for accessing network
CN114764507A (en) Method and device for realizing resource access, electronic equipment and storage medium
JP2018037025A (en) Program, authentication system, and authentication cooperative system
JP5920891B2 (en) Communication service authentication / connection system and method thereof
KR20170067119A (en) Server and method for oauth risk management of resource

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E90F Notification of reason for final refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant