1. Field
The exemplary embodiments relate to communication and a method and apparatus for controlling communication, and more particularly, to a method and apparatus for communicating with a service provider using an external server and a method and apparatus for controlling communication between a client and a service provider.
2. Description of the Related Art
As information technologies progress, digital devices having various functions have come into the market. A digital device that traditionally provided only a single function has now become capable of providing two or more heterogeneous functions to be more convenient for a user. For example, an inter-protocol television (IPTV) set provides convergence services by adding an Internet access function to a conventional set-top box or television set.
However, it is difficult for such a digital device to have a user interface due to its natural limitation. Therefore, it is difficult for a user to access a desired website using the IPTV set. In order to overcome this shortcoming, conventional communication systems store users' IDs and passwords in a proxy server. As a result, it is possible to alleviate inconvenience to a user caused by entering an ID and password whenever the user tries to access a website. An example of a communication system having such a proxy server is a Single Sign On (SSO) model. The SSO system allows a user to be provided with services from a plurality of service providers through a single successful logon procedure.
In a typical communication system, a user should enter the ID and password each time access to a website is attempted. Furthermore, a user should enter personal information such as a name or a phone number whenever he or she initially subscribes to each website. However, in the SSO system, the user's ID and password initially entered are stored in the proxy server, and the user is allowed to access a plurality of websites using the stored ID and password without entering the ID and password again.
FIG. 1 illustrates a typical SSO system 100 having a proxy server.
A typical SSO system comprises: a proxy server 120; a service provider 140; and a device 130.
In the SSO system 100, a user 110 accesses the proxy server 120 to create an account and registers a device 130 to be used by the SSO system on the proxy server 120 in advance. In addition to the registration of the device 130, a user 110 directly enters an ID and password corresponding to the service provider 140 in order to receive a service of the service provider 140 on the device 130. The input ID and password are stored in the proxy server 120.
Thereafter, when the device 130 requests to access the service provider 140, the proxy server 120 logs on the service provider 140 using the stored ID and password. When the logon procedure into the service provider 140 is completed, an authentication token indicating that the service provider 140 has authenticated communication with the device 130 is transmitted to the proxy server 120. The proxy server 120 delivers the transmitted authentication token to the device 130.
The device 130 directly communicates with the service provider 140 using the authentication token delivered from the proxy server 120 or via the proxy server 120 to receive the service.
However, the conventional technology which uses the proxy server 120 for the authentication between the device 130 and the service provider 140 has some problems as described below.
In order to provide the SSO system, a plurality of service providers should previously make an agreement with one another. However, since it is substantially impossible for the service providers having different security systems to make an agreement with one another, it is difficult to incorporate a considerable number of service providers into the SSO system.
If a user 110 tries to access a non-registered service provider, the user 110 should enter the ID and password only using the proxy server 120. In order to allow a user to enter the ID and password, the user should inconveniently access the proxy server 120. Particularly, since it is substantially impossible to initially store IDs and passwords for all service providers, the aforementioned inconvenience inevitably occurs.
Additionally, since the proxy server 120 stores a plurality of IDs and passwords for a plurality of users, user information may be easily exposed to attackers if the proxy server 120 is hacked.
Furthermore, since the authentication procedure between the device 130 and the service provider 140 should be performed via the proxy server 120, load on the proxy server 120 is high, and management costs of the proxy server 120 increase.