KR101403626B1 - Method of integrated smart terminal security management in cloud computing environment - Google Patents

Method of integrated smart terminal security management in cloud computing environment Download PDF

Info

Publication number
KR101403626B1
KR101403626B1 KR1020130096271A KR20130096271A KR101403626B1 KR 101403626 B1 KR101403626 B1 KR 101403626B1 KR 1020130096271 A KR1020130096271 A KR 1020130096271A KR 20130096271 A KR20130096271 A KR 20130096271A KR 101403626 B1 KR101403626 B1 KR 101403626B1
Authority
KR
South Korea
Prior art keywords
security
user terminal
cloud
service
information
Prior art date
Application number
KR1020130096271A
Other languages
Korean (ko)
Inventor
김철수
권창훈
손원장
최재식
Original Assignee
(주) 뉴코
(주)세이퍼존
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주) 뉴코, (주)세이퍼존 filed Critical (주) 뉴코
Priority to KR1020130096271A priority Critical patent/KR101403626B1/en
Application granted granted Critical
Publication of KR101403626B1 publication Critical patent/KR101403626B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention relates to a smart terminal integrated security management method in a cloud computing environment, and more particularly, to a smart terminal integrated security management method in a cloud computing environment including a cloud security server that provides an integrated security service by being connected to an external device through a network A) the cloud security server registers the user terminal by performing a terminal authentication function according to a registration request of the user terminal; b) the cloud security server registers the security key by performing a security key authentication function upon request for registration of the security key through the user terminal to which a security key having a security token and a data storage function is connected; c) the cloud security server registers the security service by performing a service authentication function according to a registration request of the security service through the user terminal; And d) when the security key is connected to the user terminal, the cloud security server periodically or at the time of performing security service according to the request of the user terminal, performs at least one authentication process based on the service policy created at the security service registration And performing the corresponding security service. Therefore, according to the present invention, security service can be provided only when a security key is connected to a user terminal, so that service security can be further improved, and an electronic certificate that performs public key certificate encryption / decryption and authentication key generation / It provides signature AES 256 bit data encryption storage and OTP generation function for security data storage function. By using both security token authentication and data encryption, it improves security stability and protects users from various security threats safely. The terminal can be protected.

Description

TECHNICAL FIELD [0001] The present invention relates to a method of managing integrated smart terminal security in a cloud computing environment,

The present invention relates to a smart terminal integrated security management method in a cloud computing environment, and more particularly, to a method and system for managing integrated security of a smart terminal in a cloud computing environment, The present invention relates to a method of managing integrated security of a smart terminal in a cloud computing environment and capable of providing a data sharing smart cloud service.

Recently, as the spread of smartphones and tablet PCs is expanding, the mobile market is developing more and new mobile services such as mobile banking, mobile communication, mobile TV, mobile games, Is emerging.

However, personal information and confidential information of a company are leaked due to stolen / lost of the mobile terminal, a third party can maliciously leak out business and business information in the mobile terminal using the smart terminal, There is a possibility of leakage of personal information due to code infection, threat of device usage restriction, illegal charging, and DDoS attacks, and there is a concern that security functions may be weakened due to platform or firmware tampering. Development of security technology is urgent.

This security technology of mobile terminal can be classified into security technology, network security technology, application service technology, and mobile content security technology of user and mobile terminal itself according to security threats generated in mobile terminal for protecting mobile terminal and user information have.

The security technology, the network security technology, the application service technology, and the mobile content security technology of the user and the mobile terminal itself can be implemented by a hardware method and a software method. Hardware-based security technologies are developed by methods such as micro SD, TPM (Trusted Platform Module), and Trust Zone, which include smart cards, Secure Element (SE) functions, and standardization of security is under way. Software-based security technologies are being developed for various technologies such as anti-virus and MDM (Mobile Device Management) on a platform-by-platform basis.

Companies, government offices and individuals store personal information and important information by using mobile storage means connected to the mobile terminal or the internal memory of the mobile terminal. About 86% of the actual memory is used as a device for storing important data .

However, data stored in the internal memory or mobile storage means of a mobile terminal by a third party is easily leaked or damaged to the outside, resulting in an increase in personal information, corporate and financial security accidents every year, Damage is occurring.

In the future, it is expected that the popularization of mobile terminals including smart phones will proceed at a faster pace, so security management of mobile terminals and security enhancement work for security media are urgently required.

On the other hand, cloud service is a service that uses IT technology to provide IT resources as a service. It can borrow and use IT resources as much as necessary, expand and reduce in real time according to the load of the service, and pay only as much as it uses. Therefore, in a cloud computing environment, a service provider integrates servers distributed in various places into a virtualization technology, thereby providing services required by users.

In the cloud computing environment, security issues that can protect assets from security threats such as external hacking attacks are highlighted as the most important issue. However, existing security control systems depend on only fixed security equipment of service providers, And collects and manages security events.

In the current cloud computing environment, a single cloud service provider environment is assumed, but in the future cloud computing services are expected to show new user customized cloud services in which various services are combined through cooperation among various businesses.

The existing Internet is a host - client structure in which a user connects to a server and uses the Internet. In this case, the security boundary is divided into the trusted part and the unreliable part. Trusted and untrusted portions are distinguished by whether the user is manageable or not. Areas that can be directly managed and controlled by the user, such as computers, storage, and firewalls that exist in the user's local area, are reliable, and areas where the user can not see or control are not trusted such as network, server, .

However, in a cloud computing environment made up of outsourcing, the security boundary that a user can perceive between cloud computing components (user, mobile terminal, cloud service provider, etc.) for service provision becomes unclear. In particular, in order to receive collaborative service provision among multi-cloud service providers, the user's information must be transferred, processed and processed between service providers.

In particular, user-centered on-demand outsourcing computing services require user authentication such as user authentication and billing, user service propensity, and various services for providing personalized personal cloud computing as well as cloud computing for enterprises At this point, there is a need for a cloud security service in which user information (personal information and service related information) can be safely transmitted between cloud services (or service providers). As cloud computing continues to evolve, the need for cloud computing reliability, security, legal issues, privacy issues, and standardization is required.

The present invention can provide a data sharing smart cloud service while registering a user terminal, a security key, and a security service in a cloud security server and performing integrated control, integrated authentication and security data management functions of a user terminal, The present invention provides a smart integrated security management method in a cloud computing environment capable of improving security stability through a multi-authentication method combining at least one authentication method among a plurality of authentication methods.

The present invention can provide a security service only when a security key is connected to a user terminal, so that service security can be further improved, and a smart in a cloud computing environment capable of safely protecting a user terminal from various security threats Provides an integrated security management method.

According to a preferred aspect of the present invention, there is provided a smart terminal integrated security management method in a cloud computing environment including a cloud security server connected to an external device through a network to provide an integrated security service, a) the cloud security server registers the user terminal by performing a terminal authentication function according to a registration request of the user terminal; b) the cloud security server registers the security key by performing a security key authentication function upon request for registration of the security key through the user terminal to which a security key having a security token and a data storage function is connected; c) the cloud security server registers the security service by performing a service authentication function according to a registration request of the security service through the user terminal; And d) when the security key is connected to the user terminal, the cloud security server periodically or at the time of performing security service according to the request of the user terminal, performs at least one authentication process based on the service policy created at the security service registration Wherein the step of registering the user terminal in step (a) comprises the steps of: a-1) the cloud security server has a public certificate, and the user terminal is a hardware security module or application Loading a smart security platform formed of a security module; a-2) the cloud security server requesting authentication information from the user terminal when requesting registration of the user terminal; a-3) When the user terminal transmits authentication information by inputting user information, registration information, and password, the cloud security server verifies the authentication information, registers the user terminal, and transmits a registration success message to the user terminal Transmitting; a-4) the user terminal requests transmission of the public certificate to the cloud security server when the registration success message is transmitted, and the cloud security server transmits the public certificate to the user terminal; And a-5) the user terminal transmits the certificate registration success message to the cloud security server after registering the public certificate, and the smart terminal integrated security control method in the cloud computing environment is provided.

The step of registering the security key comprises the steps of: (b-1) mounting the smart security platform formed of the hardware security module or the application security module, the cloud security server having an open certificate; b-2) when the user terminal requests security key registration to the cloud security server, the cloud security server requests authentication information to the user terminal; b-3) when the user terminal inputs user information, registration information, and a password to the cloud security server and transmits authentication information, the cloud security server generates security key registration information and transmits the security key registration information to the user terminal; b-4) transmitting, by the user terminal, security key registration information to the secret key, and registering the secret key and transmitting a registration success message to the user terminal; b-3) the user terminal transmits the security key registration success message to the cloud security server, and the cloud security server requests the public certificate to the user terminal; b-4) transmitting the public certificate information from the secret key to the user terminal when the user terminal requests the public certificate with the secret key, and transmitting the public certificate information to the cloud security server; And b-5) the cloud security server may transmit the certificate registration success message to the user terminal after registering the public certificate information.

delete

The step of registering the security service comprises the steps of: (c-1) requesting authentication information to the user terminal from the cloud security server when the user terminal requests security service registration with the cloud security server; c-2) transmitting, by the user terminal, the secret key of the secret key and the digital signature subject information to the secret key, and transmitting the authentication information including the signature value to the user terminal; c-3) the user terminal transmits the authentication information to the cloud security server, the cloud security server confirms the signature value of the authentication information and requests service information while transmitting an authentication success message; c-4) the user terminal transmits service information to the cloud security server, and the cloud security server creates a service policy while registering the service according to the service information, and then transmits the service policy to the user terminal ; And c-5) the user terminal may register a service registration and service policy transmitted from the cloud security server.

The step of performing the security service may include a method of performing a certificate authentication using digital signature information between the user terminal and a security key, a method of performing OTP authentication between the user terminal and a security key, PIN) for performing authentication by inputting a PIN.

The smart terminal integrated security management method in a cloud computing environment of the present invention is a method of managing a smart terminal integrated security in a cloud computing environment by registering a user terminal, a security key, and a security service in a cloud security server and then performing integrated control of user terminals such as malicious code detection, It is possible to provide data sharing smart cloud service while performing integrated authentication that provides multi-user authentication method combining at least one authentication method of authentication, OTP authentication and PIN authentication, prevention of important information leakage, and security management function to perform data security. There is an effect.

A smart terminal integrated security management method in a cloud computing environment according to the present invention performs a security token function for storing, managing, and utilizing a public certificate, and a security service can be provided only when a security key is connected to a user terminal Service security can be further improved and the digital signature function performing public key certificate encryption / decryption and authentication key generation / signature / verification is performed, and strong AES 256-bit data encryption storage for security data storage function, OTP generation Function to enhance security stability by using both security token authentication and data encryption, and to provide an effect of safely protecting a user terminal from various security threats.

1 is a diagram illustrating an entire configuration of a smart terminal integrated security control system in a cloud computing environment according to an embodiment of the present invention.
2 is a block diagram illustrating a detailed configuration of a smart terminal integrated security control system in a cloud computing environment according to an embodiment of the present invention.
3 is a block diagram illustrating the configuration of the security key of FIG.
4 is a flowchart illustrating a smart terminal integrated security control method in a cloud computing environment according to an exemplary embodiment of the present invention.
5 is a flowchart illustrating a process of registering the user terminal of FIG.
6 is a flowchart illustrating a process of registering the security key of FIG.
7 is a flowchart illustrating a process of registering the security service of FIG.
FIG. 8 is a flowchart illustrating a process of performing the security service of FIG.

The description of the present invention is merely an example for structural or functional explanation, and the scope of the present invention should not be construed as being limited by the embodiments described in the text. That is, the embodiments are to be construed as being variously embodied and having various forms, so that the scope of the present invention should be understood to include equivalents capable of realizing technical ideas. Also, the purpose or effect of the present invention should not be construed as limiting the scope of the present invention, since it does not mean that a specific embodiment should include all or only such effect.

Meanwhile, the meaning of the terms described in the present invention should be understood as follows.

The terms "first "," second ", and the like are intended to distinguish one element from another, and the scope of the right should not be limited by these terms. For example, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.

It is to be understood that when an element is referred to as being "connected" to another element, it may be directly connected to the other element, but there may be other elements in between. On the other hand, when an element is referred to as being "directly connected" to another element, it should be understood that there are no other elements in between. On the other hand, other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.

It is to be understood that the singular " include " or "have" are to be construed as including the stated feature, number, step, operation, It is to be understood that the combination is intended to specify that it does not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.

In each step, the identification code (e.g., a, b, c, etc.) is used for convenience of explanation, the identification code does not describe the order of each step, Unless otherwise stated, it may occur differently from the stated order. That is, each step may occur in the same order as described, may be performed substantially concurrently, or may be performed in reverse order.

All terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. Commonly used predefined terms should be interpreted to be consistent with the meanings in the context of the related art and can not be interpreted as having ideal or overly formal meaning unless explicitly defined in the present invention.

1 is a diagram illustrating an entire configuration of a smart terminal integrated security control system in a cloud computing environment according to an embodiment of the present invention.

Referring to FIG. 1, a smart terminal integrated security control system 100 in a cloud computing environment includes a cloud security server 110, a user terminal 120, and a security key 130.

The cloud security server 110 is connected to an external device through a network to provide integrated security services such as security of the user terminal 120, malicious code vaccination, personal information, and security of important data.

The user terminal 120 may be a fixed type communication device such as a personal computer, a set-top box, a laptop computer, a mobile phone, a smart phone, a PDA (Personal Digital Assistant), a portable multimedia player (PMP), an MP3 (MPEG- It may be a portable communication device, and there is no limitation on its type. In FIG. 1, a user terminal 120 is shown as one smartphone, but a plurality of user terminals 120 may exist in a cloud computing environment.

The user terminal 120 includes a smart security platform 121 and the smart security platform 121 includes a smart security module 121a, a smart vaccination module 121b and a smart cloud backup module 121c .

The smart security module 121a performs location tracking, loss and theft prevention, information leakage prevention function in the user terminal 120, and the smart vaccination module 121b performs malicious code vaccination, personal information infringement detection and protection functions .

The smart cloud backup module 121c performs a function of backing up personal information and important information in the user terminal 120 to the cloud security server 110. [

The security key 130 is a device that performs a security data storage function of performing a security token function for storing a certificate, storing an authentication key, and digital signature, and encrypting and decrypting data when storing data. The security key 130 is a USB memory, a CF , An SD card, a smart card, or the like.

2 is a block diagram illustrating a detailed configuration of a smart terminal integrated security control system in a cloud computing environment according to an embodiment of the present invention.

2, the smart terminal integrated security management system 100 in a cloud computing environment includes a smart terminal 120 and a cloud security server 110 connected through a mobile communication network such as 3G, 4G, and WiFi, The server 110 uses a firewall 101 that detects eligibility for incoming data and protects the network from external intrusion or hacking.

The cloud security server 110 provides services such as smart terminal integration control, smart cloud, smart SSL-VPN (Secure Sockets Layer-Virtual Private Network), integrated authentication, smart vaccine and terminal security management (MDM).

Terminal security management service provides terminal OS protection, malicious code infection prevention, user authentication, information leakage control, software management, lost and stolen countermeasure, information transmission control, external output and screen capture control and service security function.

The smart terminal integrated control service provides security backup through the PC interface with the user terminal 120, location confirmation of the user terminal 120, remote control, platform security, service security, data management and network security functions.

The user terminal 120 includes a plug-in type multi-layered smart security platform 121, and the smart security platform 121 implements a smart mobile on-line solution and a smart security solution.

Smart online solutions provide remote customer support services, OS-security patch services, and cloud services. Smart security solutions include device / media control, integrated authentication, SSL-VPN, lost / Restore, privacy, and spam protection.

3 is a block diagram illustrating the configuration of the security key of FIG.

3, the security key 130 is composed of hardware including a USB controller 131, a flash memory 132, a smart card chip 133, a security processor 134, and a power controller 135.

The USB controller 131 controls communication between a PC or a USB interface for connection with an external device.

The smart card chip 133 performs user authentication and encryption / decryption for data transmission / reception, and controls and manages certificate-related data input / output through the USB interface. The smart card chip 133 performs security user password storage management, RSA algorithm, and certificate storage management functions.

The security processor 134 controls the USB controller 131, the flash memory 132, the smart card chip 133, and the power controller 135 to perform the AES and overall security management functions.

As shown in FIG. 3B, the smart card chip 133 and the secure processor 134 include a software configuration in which the security key 130 can perform a security token function and a secure data storage function. Such software configurations include secure USB memory software, OTP, authentication keys, chip operating systems, memory management, access control, encryption algorithms, and the like.

The power controller 135 controls power supplied to each configuration of the security key 130 to be supplied.

4 is a flowchart illustrating a smart terminal integrated security control method in a cloud computing environment according to an exemplary embodiment of the present invention.

Referring to FIG. 4, the cloud security server 110 has a public certificate, and the user terminal 120 is equipped with a smart security platform. The cloud security server 110 registers the user terminal 120 by performing a terminal authentication function according to a registration request of the user terminal 120. In step S1,

The cloud security server 110 registers the security key 130 by performing a security key authentication function when a registration request of the security key 130 is requested through the user terminal 120 to which the security key 130 is connected.

In addition, the cloud security server 110 registers a security service by performing a service authentication function according to a registration request of the security service through a user terminal (step S3)

When the security key 130 is connected to the user terminal 120 and the service is generated periodically or at the request of the user terminal 120, the cloud security server 110 performs certificate authentication, OTP Authentication, and PIN authentication, and performs the corresponding security service (steps S4 through S6).

5 is a flowchart illustrating a process of registering the user terminal of FIG.

5, the cloud security server 110 requests authentication information from the user terminal 120 in response to a registration request of the user terminal 120, and the user terminal 120 transmits user information, registration information, And transmits the authentication information to the cloud security server 110 (S11 to S13)

The cloud security server 110 verifies the password of the authentication information transmitted from the user terminal 120, registers the user terminal 120 using the user information and the registration information, Message (S14 and S15)

The user terminal 120 requests the transmission of the public certificate to the cloud security server 110 and the cloud security server 110 transmits the public certificate to the user terminal 120. [ S17)

The user terminal 120 registers the public certificate transmitted from the cloud security server 110 and transmits a certificate registration success message to the cloud security server 110. (S18 and S19)

6 is a flowchart illustrating a process of registering the security key of FIG.

6, the user terminal 120 requests registration of the security key 130 to the cloud security server 110 while the security key 130 is connected, and the cloud security server 110 requests the registration of the security key 130 to the user terminal 120 (S21 and S22). ≪ RTI ID = 0.0 >

When the user terminal 120 receives the user information, registration information, and password from the cloud security server 110 and transmits the authentication information, the cloud security server 110 generates the security key registration information and transmits the security key registration information to the user terminal 120 The security key registration information and the signature value are transmitted (S23 to S25)

When the user terminal 120 transmits the security key registration information to the security key 130, the security key 130 registers the security key 130 according to the security key registration information, and then transmits a key registration success message to the user terminal 120 (S26 and S27)

The user terminal 120 transmits a key registration success message of the security key 130 to the cloud security server 110 and the cloud security server 110 transmits a public certificate to the user terminal 120 (S28 and S29)

When the user terminal 120 requests the public key certificate together with the secret key 130, the security key 130 verifies the secret key and transmits the public key certificate information to the user terminal 120 (S30 and S31)

The user terminal 120 transmits the public certificate information transmitted from the security key 130 to the cloud security server 110. The cloud security server 110 registers the public certificate information and then registers the certificate with the user terminal 120 And transmits a success message (S32 to S34)

7 is a flowchart illustrating a process of registering the security service of FIG.

7, when the user terminal 120 requests security service registration to the cloud security server 110 while the security key 130 is connected, the cloud security server 110 transmits authentication information (S41 and S42)

The user terminal 120 inputs the password of the security key 130 and then transmits the password and digital signature subject information of the security key 130. (S43 and S44) Then, the security key 130 transmits the digital signature subject And transmits the signature value to the user terminal 120 (S45)

The user terminal 120 transmits the authentication information including the signature value to the cloud security server 110. The cloud security server 110 confirms the signature value of the authentication information and transmits an authentication success message to the user terminal 120 And requests information of the security service (S46 to S48).

The user terminal 120 transmits information of a security service to be registered to the cloud security server 110. The cloud security server 110 creates a service policy while registering the security service, (S49 to S51)

The user terminal 120 registers service registration and service policies transmitted from the cloud security server 110 (S52)

FIG. 8 is a flowchart illustrating a process of performing the security service of FIG.

8, the user terminal 120 periodically or temporarily generates a security service in a state where the security key 130 is connected. The cloud security server 110 performs a device management / control / policy change and the like together with the signature value It may periodically request or temporarily request according to the request of the user terminal 120. (S61 and S62)

The user terminal 120 checks the service policy and the signature value of the security service currently generated and transmits the digital signature information to the security key 130. The security key 130 transmits the signature value for the digital signature information to the user terminal 120, (120), and the user terminal (120) performs certificate authentication by checking the signature value for the digital signature (S63 to S66)

The security key 130 sends an OTP according to the OTP request to the user terminal 120 and the user terminal 120 requests the OTP verification to the cloud security server 110 (S67 to S69)

The cloud security server 110 verifies the OTP and then transmits the OTP verification result to the user terminal 120 so that the user terminal 120 performs OTP authentication. (S70 and S71) And performs PIN authentication for verification by inputting an identification number (PIN). (S72)

The user terminal 120 performs management / control / policy change / service after performing multiple authentication by combining at least one authentication process among certificate authentication, OTP authentication, and PIN authentication, and transmits the result of the authentication to the cloud security server 110 in step S73. In step S73,

As described above, the smart terminal integrated security control method in a cloud computing environment according to an embodiment of the present invention includes a security backup service through a PC interface with the user terminal 120, a location confirmation service of the user terminal 120, , Hardware access control service, platform security service to prevent malicious code execution, mobile software security verification and secure electronic approval service, terminal data protection and remote management service, prevention of malicious code spread and wireless intrusion detection .

Accordingly, the present invention proposes a PIN number for determining whether the user terminal 120 is shown and a security token through the security key 130, thereby improving security stability, performing an access for authentication in the wireless network service, Encryption / decryption of PIN numbers, and 3DES / SEED / AES algorithms within the security token.

Authentication with a security token is based on a public key system (PKI), supports an RSA algorithm, and a digital signature is signed in the smart card chip 133, and a security key (130).

The smart terminal integrated security control method in a cloud computing environment according to an embodiment of the present invention is utilized as security data storing means using security token and hardware data encryption based on AES 256 bit in mobile banking using a mobile device such as a smart phone And can provide a secure security token function in the mobile game industry that mainly uses the OTP method. In addition, it is used for authentication of the user ID, which is excellent for preventing confidential information leak in the mobile office using the tablet PC or smart phone, It is possible to cope with loss and theft of mobile devices through storage.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the present invention as defined by the following claims It can be understood that

110: Cloud security server 120: User terminal
121: smart security platform 130: security key
131: USB controller 132: flash memory
133: smart card chip 134: secure processor
135: Power controller

Claims (5)

1. A smart terminal integrated security management method in a cloud computing environment including a cloud security server connected to an external device via a network to provide an integrated security service,
a) the cloud security server registers the user terminal by performing a terminal authentication function according to a registration request of the user terminal;
b) the cloud security server registers the security key by performing a security key authentication function upon request for registration of the security key through the user terminal to which a security key having a security token and a data storage function is connected;
c) the cloud security server registers the security service by performing a service authentication function according to a registration request of the security service through the user terminal; And
d) When the security key is connected to the user terminal, the cloud security server periodically performs at least one authentication process based on a service policy generated at the time of security service registration when the security service is performed according to a request of the user terminal And performing the security service,
The registering of the user terminal in the step a)
a-1) the cloud security server has a public certificate, and the user terminal includes a smart security platform formed of a hardware security module or an application security module;
a-2) the cloud security server requesting authentication information from the user terminal when requesting registration of the user terminal;
a-3) When the user terminal transmits authentication information by inputting user information, registration information, and password, the cloud security server verifies the authentication information, registers the user terminal, and transmits a registration success message to the user terminal Transmitting;
a-4) the user terminal requests transmission of the public certificate to the cloud security server when the registration success message is transmitted, and the cloud security server transmits the public certificate to the user terminal; And
a-5) The user terminal transmits the certificate registration success message to the cloud security server after registering the public certificate, and the smart terminal integrated security control method in the cloud computing environment.
delete The method of claim 1, wherein registering the secret key comprises:
b-1) the cloud security server has a public certificate, and the user terminal includes a smart security platform formed of a hardware security module or an application security module;
b-2) when the user terminal requests security key registration to the cloud security server, the cloud security server requests authentication information to the user terminal;
b-3) when the user terminal inputs user information, registration information, and a password to the cloud security server and transmits authentication information, the cloud security server generates security key registration information and transmits the security key registration information to the user terminal;
b-4) transmitting, by the user terminal, security key registration information to the secret key, and registering the secret key and transmitting a registration success message to the user terminal;
b-3) the user terminal transmits the security key registration success message to the cloud security server, and the cloud security server requests the public certificate to the user terminal;
b-4) transmitting the public certificate information from the secret key to the user terminal when the user terminal requests the public certificate with the secret key, and transmitting the public certificate information to the cloud security server; And
b-5) The cloud security server transmits the certificate registration message to the user terminal after registering the public certificate information.
The method of claim 1, wherein registering the security service comprises:
c-1) when the user terminal requests security service registration to the cloud security server, the cloud security server requests authentication information to the user terminal;
c-2) transmitting, by the user terminal, the secret key of the secret key and the digital signature subject information to the secret key, and transmitting the authentication information including the signature value to the user terminal;
c-3) the user terminal transmits the authentication information to the cloud security server, the cloud security server confirms the signature value of the authentication information and requests service information while transmitting an authentication success message;
c-4) the user terminal transmits service information to the cloud security server, and the cloud security server creates a service policy while registering the service according to the service information, and then transmits the service policy to the user terminal ; And
c-5) The smart terminal integrated security control method in a cloud computing environment, wherein the user terminal registers a service registration and a service policy transmitted from the cloud security server.
The method of claim 1, wherein the performing the security service comprises:
A method of performing certificate authentication using digital signature information between the user terminal and a security key, a method of performing OTP authentication between the user terminal and a security key, and a PIN authentication method of inputting and verifying a personal identification number The method of claim 1, wherein the authentication process is performed using at least one of the following methods.
KR1020130096271A 2013-08-14 2013-08-14 Method of integrated smart terminal security management in cloud computing environment KR101403626B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020130096271A KR101403626B1 (en) 2013-08-14 2013-08-14 Method of integrated smart terminal security management in cloud computing environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020130096271A KR101403626B1 (en) 2013-08-14 2013-08-14 Method of integrated smart terminal security management in cloud computing environment

Publications (1)

Publication Number Publication Date
KR101403626B1 true KR101403626B1 (en) 2014-06-03

Family

ID=51131814

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020130096271A KR101403626B1 (en) 2013-08-14 2013-08-14 Method of integrated smart terminal security management in cloud computing environment

Country Status (1)

Country Link
KR (1) KR101403626B1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101575030B1 (en) 2014-07-11 2015-12-07 조선대학교산학협력단 Method of multi-signature generation for shared data in the cloud
KR101679183B1 (en) * 2015-04-30 2016-11-24 주식회사 예티소프트 Server and method for electronic signature
KR101928156B1 (en) 2016-12-29 2018-12-11 서울과학기술대학교 산학협력단 Cloud computing system and event processing method thereof
KR101964757B1 (en) * 2017-10-26 2019-04-03 주식회사 한줌 Certification system and method using OTP
KR102047739B1 (en) * 2019-03-08 2019-11-22 주식회사 다음정보기술 Cloud-based Clean Security Module Remote Utilization System and Method
US10771249B2 (en) 2017-01-09 2020-09-08 Electronics And Telecommunications Research Institute Apparatus and method for providing secure execution environment for mobile cloud
WO2020197096A1 (en) * 2019-03-28 2020-10-01 (주)한국아이티평가원 System and method for managing use of cloud-based application
KR102628775B1 (en) * 2023-02-02 2024-01-23 (주)케이스마텍 Cloud HSM system for accessing token based on certificates and ID and method thereof

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080112674A (en) * 2007-06-22 2008-12-26 주식회사 퍼스트포켓 Apparatus, system, method and computer program recorded medium for authenticating internet service server and user by using portable storage with security function

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080112674A (en) * 2007-06-22 2008-12-26 주식회사 퍼스트포켓 Apparatus, system, method and computer program recorded medium for authenticating internet service server and user by using portable storage with security function

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101575030B1 (en) 2014-07-11 2015-12-07 조선대학교산학협력단 Method of multi-signature generation for shared data in the cloud
KR101679183B1 (en) * 2015-04-30 2016-11-24 주식회사 예티소프트 Server and method for electronic signature
KR101928156B1 (en) 2016-12-29 2018-12-11 서울과학기술대학교 산학협력단 Cloud computing system and event processing method thereof
US10771249B2 (en) 2017-01-09 2020-09-08 Electronics And Telecommunications Research Institute Apparatus and method for providing secure execution environment for mobile cloud
KR101964757B1 (en) * 2017-10-26 2019-04-03 주식회사 한줌 Certification system and method using OTP
KR102047739B1 (en) * 2019-03-08 2019-11-22 주식회사 다음정보기술 Cloud-based Clean Security Module Remote Utilization System and Method
WO2020197096A1 (en) * 2019-03-28 2020-10-01 (주)한국아이티평가원 System and method for managing use of cloud-based application
KR102628775B1 (en) * 2023-02-02 2024-01-23 (주)케이스마텍 Cloud HSM system for accessing token based on certificates and ID and method thereof

Similar Documents

Publication Publication Date Title
KR101403626B1 (en) Method of integrated smart terminal security management in cloud computing environment
Nadikattu IoT and the issue of data privacy
Wang et al. Smartphone security challenges
US20170331849A1 (en) System for resource-centric threat modeling and identifying controls for securing technology resources
US20140189356A1 (en) Method of restricting corporate digital information within corporate boundary
US20100266132A1 (en) Service-based key escrow and security for device data
US20110047378A1 (en) System and method for identifying account and peripheral device thereof
Bosamia et al. Wallet payments recent potential threats and vulnerabilities with its possible security measures
WO2021129859A1 (en) Two-dimensional code processing method and device
Sikder et al. A survey on android security: development and deployment hindrance and best practices
Jana et al. Management of identity and credentials in mobile cloud environment
CN106453398B (en) A kind of data encryption system and method
Hölzl et al. Requirements for an open ecosystem for embedded tamper resistant hardware on mobile devices
KR101206735B1 (en) Apparatus for protecting information associated with security of mobile terminal and method thereof
Tully et al. Mobile security: a practitioner’s perspective
Diwan An experimental analysis of security vulnerabilities in industrial internet of things services
Sharma et al. Smartphone security and forensic analysis
Jana et al. Efficient management of security and privacy issues in mobile cloud environment
Wang et al. MobileGuardian: A security policy enforcement framework for mobile devices
Mu et al. Android mobile security–threats and protection
Igor et al. Security Software Green Head for Mobile Devices Providing Comprehensive Protection from Malware and Illegal Activities of Cyber Criminals.
KR20160102915A (en) Security platform management device for smart work based on mobile virtualization
Darwish et al. Privacy and security of cloud computing: a comprehensive review of techniques and challenges
Takesue A scheme for protecting the information leakage via portable devices
Ghotra et al. Secure display and secure transactions using a handset

Legal Events

Date Code Title Description
A201 Request for examination
A302 Request for accelerated examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20170511

Year of fee payment: 4

FPAY Annual fee payment

Payment date: 20180419

Year of fee payment: 5