WO2018021864A1 - Procédé pour fournir un service en nuage - Google Patents

Procédé pour fournir un service en nuage Download PDF

Info

Publication number
WO2018021864A1
WO2018021864A1 PCT/KR2017/008148 KR2017008148W WO2018021864A1 WO 2018021864 A1 WO2018021864 A1 WO 2018021864A1 KR 2017008148 W KR2017008148 W KR 2017008148W WO 2018021864 A1 WO2018021864 A1 WO 2018021864A1
Authority
WO
WIPO (PCT)
Prior art keywords
license
virtual machine
machine interface
user terminal
software
Prior art date
Application number
PCT/KR2017/008148
Other languages
English (en)
Korean (ko)
Inventor
권오승
최원석
Original Assignee
주식회사 파수닷컴
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020160122414A external-priority patent/KR101882685B1/ko
Application filed by 주식회사 파수닷컴 filed Critical 주식회사 파수닷컴
Priority to JP2019527107A priority Critical patent/JP6821805B2/ja
Priority to US16/321,560 priority patent/US11157597B2/en
Priority to CN201780047321.9A priority patent/CN109643337A/zh
Publication of WO2018021864A1 publication Critical patent/WO2018021864A1/fr
Priority to US17/488,350 priority patent/US11636184B2/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • the present invention relates to a cloud-based service providing method, and more particularly, to a cloud-based service providing method for preventing source code leakage.
  • the service provider's product In order for the application to run on a user terminal, the service provider's product must be installed on the cloud provider's operating system. That is, a service provider can run an application-related business by installing a service provider's product on a cloud provider's operating system. As one way the service runs, you can contract with the cloud provider for infrastructure as a service (IaaS), and with the service provider for products and licenses. In this case, the service provider can install the product in the IaaS that the user has contracted, and the user can use IaaS to conduct business related to the application. This method is cumbersome because the user has to contract with both the cloud provider and the service provider.
  • IaaS infrastructure as a service
  • the service provider can install the product in the IaaS that the user has contracted, and the user can use IaaS to conduct business related to the application. This method is cumbersome because the user has to contract with both the cloud provider and the service provider.
  • the service provider contracts with the cloud provider for IaaS, the service provider contracts with the software as a service (SaaS), and the service provider uses the service to We can do related business.
  • the cloud provider has the right to operate the cloud system. Users who want to do static analysis want security for their source code.
  • the service provider had the problem that it could intercept all the sources of the service provider that produced the application.
  • An object of the present invention for solving the above problems, while providing a SaaS-based service, to provide a service that can prevent the leakage of the user's source code.
  • a virtual machine interface (virtual machine) from the cloud server of the cloud provider (cloud) provider receiving an interface; Installing software of the service provider on the virtual machine interface; Authorizing a user terminal with respect to an ID and a password; And providing the service of the software to the user terminal through the virtual machine interface when the user terminal accesses the software.
  • the method of providing a software service of the license management server may further include transmitting a license for authenticating the software use right to the virtual machine interface, in order to authenticate the right related to an ID and a password to the user terminal. Can be.
  • the authority regarding the ID and password may be granted when the cost for using the software is paid.
  • the method may further include granting the right regarding the ID and the password again.
  • the ID and the password for accessing the software may be discarded.
  • the first message including the user registration information of the user is received from the cloud server, and the membership request to the issuance request management unit Registering the information; Receiving a second message indicating new instance information identified by user identification information from the cloud server, and updating raw instance information stored in a license issuing management unit with the new instance information; Sending a third message to the cloud server requesting an instance unique identifier;
  • a fourth message indicating completion of license issuance may be received from the virtual machine interface.
  • a license management server of a service provider includes a processor; And a database storing at least one instruction executed by the processor, wherein the at least one instruction is provided with a virtual machine interface from a cloud server of a cloud provider, and the virtual Install the service provider's software on the machine interface, authorize the user terminal with ID and password, and if the user terminal accesses the software, via the virtual machine interface It is executable to provide a service of the software to the user terminal.
  • the at least one command may be further executable to transmit a license for authenticating the software use right to the virtual machine interface, in order to authenticate the right regarding the ID and password to the user terminal.
  • the authority regarding the ID and password may be granted when the cost for using the software is paid.
  • the at least one command may be executable to grant the right regarding the ID and the password again when receiving a new license request from the user terminal after the license expires.
  • the at least one command may be executable to discard the ID and the password for accessing the software if the user terminal does not receive a request for issuing a new license after the license expires.
  • the at least one command receives and issues a first message including user registration information from the cloud server before transmitting a license for authentication of the software use right to the virtual machine interface.
  • Register the membership registration information with a request management unit receive a second message indicating new instance information identified by the user identification information from the cloud server, and update the raw instance information stored in the license issuing management unit with the new instance information.
  • an instance that transmits a third message requesting an instance unique identifier to the cloud server receives the instance unique identifier from the cloud server, and receives the instance unique identifier information from the cloud server in the issue request management unit. Updated with the unique identifier, and may be further executed to issue the license through the license issuance management.
  • the at least one command may be further executable to receive a fourth message indicating completion of license issuance from the virtual machine interface when the license is transmitted to the virtual machine interface.
  • the user has the control of IaaS bar bar has the advantages of both the advantages of SaaS and IaaS.
  • the present invention has both the advantages of SaaS that can provide a customized service through a setting suitable for each customer, the hardware expansion is easy, and the advantages of IaaS that can prevent the leakage of user source code It works.
  • 1 is a block diagram schematically illustrating a system that supports license issuance.
  • FIG. 2 is a block diagram illustrating a node constituting a system that supports license issuance.
  • FIG. 3 is a block diagram of IaaS usage.
  • 4 is a block diagram of SaaS usage.
  • FIG. 5 is a block diagram of IaaS-SaaS usage.
  • FIG. 6 is a block diagram specifically illustrating a system for supporting license issuance.
  • FIG. 7 is a flowchart illustrating a process of transmitting information required for issuance of a license to a license management server.
  • FIG. 8 is a flowchart illustrating a process of activating an application (or software) by issuing a license.
  • 9 is a flowchart illustrating a process from issuing a license to using a service by a user terminal.
  • FIG. 10 is a flowchart illustrating a method of reissuing a license.
  • Software service providing method of the license management server (server) of the service provider according to an embodiment of the present invention, the step of receiving a virtual machine interface (virtual machine interface) from the cloud server of the cloud provider (cloud) ; Installing software of the service provider on the virtual machine interface; Authorizing a user terminal with respect to an ID and a password; And providing the service of the software to the user terminal through the virtual machine interface when the user terminal accesses the software.
  • a virtual machine interface virtual machine interface
  • cloud cloud provider
  • a license management server of a service provider may include a processor; And a database storing at least one instruction executed by the processor, wherein the at least one instruction is provided with a virtual machine interface from a cloud server of a cloud provider, and the virtual Install the service provider's software on the machine interface, authorize the user terminal with ID and password, and if the user terminal accesses the software, via the virtual machine interface It is executable to provide a service of the software to the user terminal.
  • first and second may be used to describe various components, but the components should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from another.
  • the first component may be referred to as the second component, and similarly, the second component may also be referred to as the first component.
  • FIG. 1 is a block diagram schematically illustrating a system for supporting license issuance according to an embodiment of the present invention.
  • a system that supports license issuance includes a cloud server 100, a user terminal 140, a license management server 110, an administrator terminal 150, a member mail server 120, and a virtual machine interface 130. ) May be included.
  • the virtual machine interface 130 may be an IaaS or a VM instance.
  • the cloud server 100 may be connected to the user terminal 140, the license management server 110, and the member mail server 120 through a wired network or a wireless network.
  • the cloud server 100 may be a user terminal 140, a license management server 110, and a member mail server by long term evolution (LTE), long term evolution-advanced (LTE-A), or the like defined in the 3GPP standard. May be connected to 120.
  • LTE long term evolution
  • LTE-A long term evolution-advanced
  • the cloud server 100 may be connected to the user terminal 140, the license management server 110, and the member mail server 120 by a wireless LAN (WLAN), a wireless personal area network (WPAN), or the like defined by the IEEE standard. have.
  • WLAN wireless LAN
  • WPAN wireless personal area network
  • the cloud server 100 may be connected to the user terminal 140, the license management server 110, and the member mail server 120 by a wired LAN.
  • the license management server 110 may be connected to the cloud server 100 and the manager terminal 150 through a wired network or a wireless network.
  • the cloud server 100 may receive information necessary for issuance of a license from the user terminal 140, the license management server 110, and the member mail server 120, and execute an application based on the received information. can do.
  • the application here may be software.
  • the user terminal 140 and the license management server 110 may transmit information required for license issuance to the cloud server 100.
  • the user terminal 140 may communicate with a desktop computer, a laptop computer, a tablet PC, a wireless phone, a mobile phone, a smart phone, and a smart phone.
  • DMB digital multimedia broadcasting
  • the virtual machine interface 130 may be software running on the cloud server 100.
  • FIG. 2 is a block diagram illustrating a node constituting a system for supporting license issuance according to an embodiment of the present invention.
  • the node 200 may include at least one processor 210, a memory 220, and a network interface device 230 connected to a network to perform communication.
  • the node 200 may further include an input interface device 240, an output interface device 250, a storage device 260, and the like.
  • the node 200 may be the user terminal 140, the cloud server 100, the license management server 110, the administrator terminal 150, the member mail server 120, and the like described with reference to FIG. 1.
  • Each component included in the node 200 may be connected by a bus 270 to communicate with each other.
  • the processor 210 may execute a program command stored in the memory 220 and / or the storage device 260.
  • the processor 210 may refer to a central processing unit (CPU), a graphics processing unit (GPU), or a dedicated processor on which methods according to the present invention are performed.
  • the memory 220 and the storage device 260 may be configured of a volatile storage medium and / or a nonvolatile storage medium.
  • the memory 220 may be configured as read only memory (ROM) and / or random access memory (RAM).
  • a corresponding second node corresponds to a method (for example, a method performed in the first node).
  • the license management server 110 corresponding thereto may perform an operation corresponding to the operation of the cloud server 100.
  • the cloud server 100 corresponding thereto may perform an operation corresponding to the operation of the license management server 110.
  • FIG. 3 is a block diagram of IaaS usage.
  • IaaS can mean making servers, storage, and networks into virtualized environments that provide infrastructure services as needed.
  • IaaS may be a virtual machine interface 130.
  • the user terminal 140 may purchase an IaaS service from the cloud provider 105. That is, the user terminal 140 may make a contract regarding IaaS with the cloud provider 105, and obtain control and usage rights related to IaaS from the cloud provider 105.
  • the user terminal 140 may receive a product and a license of the service provider 310 from the service provider 115.
  • the product of service provider 310 may be an application.
  • the product of the service provider 310 may be an application that statically analyzes the developer's source code.
  • the user terminal 140 may be authorized to use the product for the service provider 115 through a license provided from the service provider 115.
  • the service provider 115 may be a company that operates the license management server 110 described in FIG. 6.
  • the cloud provider 105 may be a company operating the cloud server described in FIG.
  • the service provider 115 may install the product of the service provider 115 in the IaaS purchased by the user terminal 140.
  • the cloud provider 105 may check the intention to extend the license of the user terminal 140. When the cloud provider 105 confirms the license extension intention of the user terminal 140, the cloud provider 105 may reissue or extend the license through the service provider 115.
  • the cloud provider 105 may revoke the license through the service provider 115.
  • 4 is a block diagram of SaaS usage.
  • SaaS can mean cloud-based software.
  • the service provider 115 may purchase IaaS from the cloud provider 105. That is, the service provider 115 may contract with the cloud provider 105 regarding IaaS, and may acquire control and use rights regarding IaaS from the cloud provider 105.
  • the user terminal 140 may contract with the service provider 310 regarding SaaS.
  • the user terminal 140 may use a product of the service provider 115 through IaaS of the service provider 115 without installing software or an application separately. That is, the user terminal 140 may obtain a right to use IaaS from the service provider 115.
  • the service provider 115 may confirm the intention to extend the contract of the user terminal 140. If the service provider 115 confirms the intention to extend the contract of the user terminal 140, the service provider 115 may extend the contract period.
  • the cloud provider 105 may revoke the use authority of the user terminal 140.
  • FIG. 5 is a block diagram of IaaS-SaaS usage.
  • the service provider 115 may purchase IaaS from the cloud provider 105. That is, the service provider 115 may make a contract with the cloud provider 105 regarding IaaS. In this case, the user terminal 140 may allow the cloud provider 105 to obtain a control right for IaaS.
  • the user terminal 140 may contract with the service provider 310 regarding SaaS.
  • the user terminal 140 may use a product of the service provider 115 through IaaS of the service provider 115 without installing software or an application separately. That is, the user terminal 140 may obtain a right to use IaaS from the service provider 115.
  • the user terminal 140 may acquire both control authority and usage authority related to IaaS.
  • the service provider 115 may not have both control and use rights for IaaS. Therefore, the service provider 115 cannot intercept the user's source code because all control over the IaaS is passed to the user.
  • the service provider 115 may install a product and a license of the service provider 115 in the purchased IaaS.
  • the product of the service provider 115 may be a static analysis tool that accurately detects security weaknesses and defects that occur when executing a program that is difficult to find only by source code parsing based on an execution semantic analysis engine.
  • the service provider 115 may pre-install the product of the service provider 115 in IaaS.
  • the service provider 115 may also transmit a license for executing the product of the service provider 115 to IaaS in advance.
  • the service provider 115 may check the intention to extend the license of the user terminal 140. If the license of the product of the service provider 115 expires, the user may request a license again.
  • the service provider 115 may reissue or extend the license. If the service provider 115 confirms that the user terminal 140 intends not to extend the license, the service provider 115 may revoke the license.
  • the service provider 115 may prepare a virtual machine interface on which the product of the service provider 115 is mounted.
  • the service provider 115 may prepare a product in cooperation with the cloud provider 300.
  • the user terminal 140 may generate (or activate) a virtual machine interface.
  • the user terminal 140 may receive a license from the service provider 115.
  • the virtual machine interface control right of the user terminal 140, the service provider 115 does not have access to the ID or password to access the virtual machine interface.
  • the user terminal 140 may have an ID or password for accessing the virtual machine interface.
  • the user terminal 140 may use a virtual machine interface.
  • the user terminal 140 may request the service provider 115 to provide a virtual machine interface based service (eg, SaaS).
  • a charging method may be negotiated between the service provider 115 and the user terminal 140. The charging method may be determined based on the service usage period, the number of use, the frequency of use, and the like.
  • the service provider 115 may obtain IaaS from the cloud provider 105.
  • the service provider 115 may receive a signal from the cloud provider 105 requesting a license issuance to install a product of the service provider 115.
  • Licenses may be issued in the same or similar manner as described in FIGS. 7, 8 and 10.
  • the service provider 115 may install the license to install the product of the service provider 115 in the IaaS when a license is issued.
  • the service provider 115 may pre-install products and licenses in IaaS.
  • IaaS with installed products and licenses may be referred to as SaaS.
  • SaaS may be generated in the same or similar manner as the license issuance procedure to be described with reference to FIGS. 7, 8 and 10.
  • SaaS can be software or applications that are certified based on a licensed cloud.
  • the service provider 115 may provide SaaS to the user terminal 140.
  • all rights use / disposal, etc.
  • the service provider 115 may not intercept the source code of the user terminal 140.
  • the user terminal 140 may use SaaS. When the license period expires, the user terminal 140 cannot use the SaaS service. When the license period expires, the user terminal 140 may discard IaaS or SaaS.
  • the service provider 115 may prepare a service virtual machine interface on which the product of the service provider 115 is mounted.
  • the service provider 115 may work with the cloud provider 105 to prepare the product.
  • the user terminal 140 may generate instance information to be used for generating a virtual machine interface.
  • the user terminal 140 may receive a license from the service provider 115.
  • the virtual machine interface control right is not accessible to the service provider to the user terminal 140.
  • the user terminal 140 may have an ID or a password.
  • FIG. 6 is a block diagram specifically illustrating a system for supporting license issuance.
  • the system for issuing a license may include a user terminal 140, a cloud server 100, an administrator terminal 150, a member mail server 120, and a virtual machine interface 130.
  • the cloud server 100 may include a processor 3 (102).
  • the license management server 110 may include a reception server 112, a processor 1 114, a subscription request manager 116, and a license issue manager 118.
  • the virtual machine interface 130 may include a processor 2 132 and an application 134.
  • the license management server 110 may include a reception server 112, a processor 1 114, a subscription request manager 116, and a license issue manager 118.
  • the receiving server 112 and the processing unit 1 114 may be connected to the cloud server 100 through a wired / wireless communication method.
  • Processing unit 1 (114) of the license management server 110 may be a processor for automatically performing a license issuing procedure.
  • the processor 1 114 may be a processor of the receiving server 112.
  • the processor 1 114 may be connected to the subscription request manager 116 and the license issue manager 118 by wire.
  • the processor 1 114 may be connected to the processor 2 132 of the virtual machine interface 130 by a wired / wireless communication method.
  • the processor 1 114 may be connected to the processor 2 132 of the virtual machine interface 130 by a wired / wireless communication method.
  • the processor 1 114 may be connected to the virtual manager terminal 150 through a wired / wireless communication method.
  • the processor 1 114 may be connected to the member mail server 120 through a wired / wireless communication method.
  • the license issuing management unit 118 may be connected to the processing unit 2 132 of the virtual machine interface 130 by a wired / wireless communication method.
  • the virtual machine interface 130 may mean IaaS.
  • IaaS can mean making servers, storage, and networks into virtualized environments that provide infrastructure services as needed.
  • IaaS may be a virtual machine interface 130.
  • the virtual machine interface 130 may be a concept that collectively refers to the virtual processor 2 132 and the application 134 in software.
  • the processor 2 132 may be connected to the processor 3 102 of the cloud server 100 through a wired / wireless communication method.
  • the processor 2 132 may execute the application 134.
  • the processor 2 132 may be connected to the license issuing manager 118 and the processor 1 114 through a wired / wireless communication method.
  • the user terminal 140 may access the application 134 through the virtual machine interface 130.
  • the processor 2 132 of the virtual machine interface 130 may be a processor for automatically performing a license authentication procedure.
  • the cloud server 100 may include a processor 3 102 that supports license issuance.
  • the processor 3 102 may be connected to the user terminal 140 through a wired / wireless communication method.
  • the processor 3 102 may activate the virtual machine interface 130.
  • the processor 3 102 may be connected to the member mail server 120.
  • the processor 3 (102) may transmit the mail related to the license authentication to the member mail server 120 in the license authentication procedure.
  • the processor 3 102 may be connected to the user terminal 140 and the cloud server 100 through an interface.
  • the processor 3 102 of the cloud server 100 may exchange signals with the processor 2 132 of the virtual machine interface 130.
  • the processor 3 102 may be a processor that performs a procedure for issuing a license in the cloud server 100.
  • the processor 1 114 may receive new instance information identified by the user identification information from the cloud server 100 or the first message including the user registration information from the cloud server 100 to which the reception server 112 is connected to the terminal. It may monitor whether it receives a second message indicating.
  • the processor 1 114 may obtain the first message or the second message from the receiving server 112.
  • the processor 1 114 may store the first message or the second message in a database included in the license management server 110.
  • the processor 1 114 may store the issued license in a database included in the license management server 110.
  • the processor 1 114 may store the first message, the second message, and the fourth message in the database of the license management server 110.
  • the processor 1 114 may store the license issue time and user identification information in a database included in the license management server 110.
  • the database may later generate big data regarding connection of the application 134 of the user terminal 140 based on the stored information.
  • the database may support an application program interface (API).
  • API application program interface
  • the cloud server 100, the license management server 110, and the virtual machine interface 130 may each include a database capable of storing information.
  • the processor 2 132 may store a fifth message including license issuance completion information in a database of the virtual machine interface 130.
  • Processing unit 3 (102) may require a user registration or login, such as a user in order to obtain user identification information.
  • the user may access the cloud server 100 to register or log in.
  • the user or the like may input user identification information to the cloud server 100, and in this case, the processing unit 3 102 may easily perform the user's login. Identification information of the user can be obtained.
  • the identification information may be an ID and a password in the case of a registered member.
  • the identification information may include a user name, address, nationality, device used, authentication number, etc. for non-members.
  • the application 134 may output a message to the user interface that the license period has expired to the user terminal.
  • the processor 2 132 may transmit a signal for requesting a license reissue to the processor 1 114.
  • the processor 1 114 receiving the signal requesting the license reissuance may transmit a signal requesting the license reissuance to the manager terminal 150.
  • the manager terminal 150 receiving the signal requesting the license reissuance may transmit a license reissuance signal to the processor 1 114.
  • the processor 1 114 receiving the license reissuance signal may issue a license corresponding to the user information.
  • the processor 1 114 may transmit the issued license to the processor 2 132.
  • the processor 2 132 may copy a license file received from the processor 1 114.
  • the processor 2 132 may store the license file received from the processor 1 114 in the application 134.
  • the virtual machine interface 130 may transmit a fifth message including the license issuance completion information to the processor 1 114.
  • the processor 1 114 may transmit a signal that the license period has expired to the manager terminal 150.
  • the manager terminal 150 receiving a signal that the license period has expired may transmit a license revocation signal to the processor 1 114.
  • the processor 1 114 receiving the license revocation signal may transmit a license revocation signal to the license processor 2 132.
  • the processor 2 132 receiving the license revocation signal may revoke the license stored in the virtual machine interface 130.
  • FIG. 7 is a flowchart illustrating a process of transmitting information required for issuance of a license to a license management server.
  • FIG. 7 may be a process in which the license management server 100 monitors subscription information and instance information transmitted from the user terminal 140 to the cloud server 100 in a method of issuing a license. .
  • the user terminal 140 may access the cloud server 100.
  • the user terminal 140 may transmit the member registration information including the identification information of the user to the cloud server 100 (S700).
  • the cloud server 100 may receive membership registration information including identification information of the user from the user terminal 140.
  • the identification information may be an ID and a password in the case of a registered member.
  • the identification information may include a user name, address, nationality, device used, authentication number, bank name, bank account number, etc. for non-members.
  • the cloud server 100 may transmit a first message including user registration information to the reception server 112 of the license management server 110 (S702).
  • the reception server 112 may receive a first message including user registration information of the user from the cloud server 100.
  • the processor 1 114 of the license management server 110 may monitor whether the first server receives the first message (S704).
  • the processing unit 1 114 may register the membership registration information in the issuing request management unit (S706).
  • the user terminal 140 may access the cloud server 100 and transmit information necessary for generating an instance identified by the user identification information to the cloud server 100 (S708).
  • the cloud server 100 may receive information necessary for generating an instance identified by the user identification information from the user terminal 140.
  • the cloud server 100 may generate the instance information based on the received information necessary for generating the instance (S710).
  • the instance information may be identification information of the virtual machine interface 130.
  • the processor 3 of the cloud server 100 may check payment information of the user. When the payment information is valid and the predetermined payment amount is directly deposited into the user terminal 140, the processor 3 may generate an instance corresponding to the deposited amount. The cloud server 100 may check the payment information of the user and may not create an instance if the payment information is not valid.
  • the cloud server 100 may activate the virtual machine interface 130 for the user identified by the user identification information (S712).
  • the cloud server 100 may transmit a second message including the new instance information to the reception server 112 (S714).
  • the reception server 112 may receive a second message including new instance information from the cloud server 100.
  • the second message may include a signal for requesting issuance of a license.
  • the processor 1 114 of the license management server 110 may monitor whether the receiving server 112 receives the second message (S716).
  • FIG. 8 is a flowchart illustrating a process of activating an application (or software) by issuing a license.
  • FIG. 8 may be a process of activating the virtual machine interface 130 based on membership registration information and instance information monitored by the license management server 110 in a method of issuing a license.
  • the license issuance management unit may store the instance information.
  • the processor 1 114 of the license management server 110 may monitor whether the receiving server 112 receives the second message (S716). When the receiving server 112 receives the second message, the processor 1 114 may store new instance information included in the second message received by the receiving server 112 in the license issuing management unit (S718). The stored instance information can be used as big data.
  • the processor 1 114 of the license management server 110 may transmit a third message requesting an instance unique identifier to the cloud server 100 (S720).
  • the cloud server 100 may receive a third message requesting an instance unique identifier from the processor 1 114.
  • the cloud server 100 may transmit an instance unique identifier to the processing unit 1 114 of the license management server 110 in response to the third message (S722).
  • the processor 1 114 may receive an instance unique identifier that is a response to the third message from the cloud server 100.
  • the processor 1 114 may store the instance unique identifier received from the cloud server 100 in the issuance request management unit (S724). Stored instance unique identifier information may be used as big data.
  • the processing unit 1 114 When the processing unit 1 114 receives the instance unique identifier from the cloud server 100, the new instance information of the license issuing management unit is performed.
  • License can be issued through the license issuance management unit (S726).
  • the processor 1 114 may transmit a fourth message including the license issued to the virtual machine interface 130 (S728).
  • the virtual machine interface 130 may receive a fourth message including a license issued from the processor 1 114.
  • the virtual machine interface 130 receiving the fourth message may activate the application.
  • the virtual machine interface 130 receiving the fourth message may activate the processor 2 of the virtual machine interface 130 (S730).
  • the processor 2 of the virtual machine interface 130 may copy the license file received from the processor 1 114.
  • the processor 2 may store the license file received from the processor 1 114 in the application (S732).
  • the virtual machine interface 130 may transmit a fifth message including the license issuance completion information to the processor 1 114 (S734).
  • the processor 2 When the processor 2 transmits the fifth message including the license issuance completion information to the processor 1 114, the processor 2 may be terminated (S736).
  • the processor 1 114 may store information on whether the license is issued to the license issuance management unit. Information on whether the license is issued by the license issuance management unit may be expressed as a license issuance or a license is not issued (S738).
  • 9 is a flowchart illustrating a process from issuing a license to using a service by a user terminal.
  • FIG. 9 may be a process in which a user terminal 140 receives a desired service by accessing a virtual machine interface 130 in a method of issuing a license.
  • the user terminal 140 may access and log in to the virtual machine interface 130 (S740).
  • the virtual machine interface 130 may transmit a sixth message requesting an instance unique identifier to the cloud server 100 (S742).
  • the cloud server 100 may receive a sixth message requesting an instance unique identifier from the virtual machine interface 130.
  • the cloud server 100 may transmit an instance unique identifier to the virtual machine interface 130 in response to the sixth message (S744).
  • the virtual machine interface 130 may receive an instance unique identifier corresponding to the sixth message from the cloud server 100.
  • the application operating in the virtual machine interface 130 may determine whether the same by comparing the instance unique identifier (unique identifier of the virtual machine interface) and the unique identifier of the virtual machine interface 130 included in the license (S746).
  • the application may be operated when the instance unique identifier and the unique identifier of the virtual machine interface 130 included in the license are the same (S748).
  • An application may not work if the instance unique identifier and the license unique identifier are not the same.
  • the processor 1 114 may perform a procedure for issuing a license only when receiving a license request from the virtual machine interface 130. In this case, since the risk of the back door is small, step S738 (step in which the processing unit 2 ends) may not be performed.
  • Backdoors are intentionally created by system designers to provide service technicians or maintenance programmers with access to other PCs. Backdoors are recently used to refer to terms that are vulnerable to hacking.
  • the first message, the second message, and the fifth message are stored in a database included in the license management server 110, and the database may support an API.
  • FIG. 10 is a flowchart illustrating a method of reissuing a license.
  • the application may output a screen indicating that the license period has expired.
  • the license management server 110 may transmit a signal including a seventh message requesting the license reissue to the processor 1 114 (S750).
  • the processor 1 114 receiving the signal requesting the license reissuance may transmit a signal including the seventh message requesting the license reissuance to the manager terminal 150 (S752).
  • the manager terminal 150 may transmit a signal including an eighth message, which is a license reissuance signal, to the processor 1 114 (S754).
  • the processor 1 114 receiving the license reissuance signal may issue a license corresponding to the user information through the license issuance management unit (S756).
  • the processor 1 114 may transmit an eighth message including the issued license to the virtual machine interface 130 (S758).
  • the virtual machine interface 130 may activate the application and the processor 2 (S760).
  • the processor 2 may copy the license file received from the processor 1 114.
  • the processor 2 may store the license file received from the processor 1 114 in the application (S762).
  • the processor 2 may transmit a signal including a ninth message, which is license issuance completion information, to the processor 1 114 (S764).
  • the processor 2 may be terminated (S766).
  • the processor 1 114 may transmit a signal to the administrator terminal 150 that the license period has expired (a signal that the user does not want to be reissued).
  • the manager terminal 150 receiving a signal that the license period has expired may transmit a license revocation signal to the processor 1 114.
  • the processor 1 114 receiving the license revocation signal may transmit a license revocation signal to the license management server 110.
  • the license management server 110 receiving the license revocation signal may revoke the license stored in the virtual machine interface 130.
  • the methods according to the invention can be implemented in the form of program instructions that can be executed by various computer means and recorded on a computer readable medium.
  • Computer-readable media may include, alone or in combination with the program instructions, data files, data structures, and the like.
  • the program instructions recorded on the computer readable medium may be those specially designed and constructed for the present invention, or may be known and available to those skilled in computer software.
  • Examples of computer readable media include hardware devices that are specifically configured to store and execute program instructions, such as ROM, RAM, flash memory, and the like.
  • Examples of program instructions include machine language code, such as produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like.
  • the hardware device described above may be configured to operate with at least one software module to perform the operations of the present invention, and vice versa.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

L'invention concerne un procédé pour fournir un service logiciel d'un serveur de gestion de licences. Le procédé comprend les étapes suivantes : réception d'une interface de machine virtuelle de la part d'un serveur en nuage ; installation d'un logiciel d'un fournisseur de services dans l'interface de machine virtuelle ; transmission d'une licence à l'interface de machine virtuelle ; fourniture d'une autorité en rapport à un identifiant et un mot de passe à un terminal d'utilisateur ; et fourniture d'un service du logiciel au terminal d'utilisateur par le biais de l'interface machine virtuelle lorsque le terminal d'utilisateur accède au logiciel. Les fuites de code source dues à l'analyse statique peuvent ainsi être fondamentalement évitées.
PCT/KR2017/008148 2016-07-29 2017-07-28 Procédé pour fournir un service en nuage WO2018021864A1 (fr)

Priority Applications (4)

Application Number Priority Date Filing Date Title
JP2019527107A JP6821805B2 (ja) 2016-07-29 2017-07-28 クラウド基盤のサービス提供方法
US16/321,560 US11157597B2 (en) 2016-07-29 2017-07-28 Method for providing cloud-based service
CN201780047321.9A CN109643337A (zh) 2016-07-29 2017-07-28 基于云的服务提供方法
US17/488,350 US11636184B2 (en) 2016-07-29 2021-09-29 Method for providing cloud-based service

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR20160097511 2016-07-29
KR10-2016-0097511 2016-07-29
KR10-2016-0122414 2016-09-23
KR1020160122414A KR101882685B1 (ko) 2016-07-29 2016-09-23 클라우드 기반의 서비스 제공 방법

Related Child Applications (2)

Application Number Title Priority Date Filing Date
US16/321,560 A-371-Of-International US11157597B2 (en) 2016-07-29 2017-07-28 Method for providing cloud-based service
US17/488,350 Continuation US11636184B2 (en) 2016-07-29 2021-09-29 Method for providing cloud-based service

Publications (1)

Publication Number Publication Date
WO2018021864A1 true WO2018021864A1 (fr) 2018-02-01

Family

ID=61017209

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2017/008148 WO2018021864A1 (fr) 2016-07-29 2017-07-28 Procédé pour fournir un service en nuage

Country Status (1)

Country Link
WO (1) WO2018021864A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114513785A (zh) * 2022-02-22 2022-05-17 新华三技术有限公司 一种终端认证方法及装置
CN115189896A (zh) * 2022-09-13 2022-10-14 中安网脉(北京)技术股份有限公司 一种虚拟云密码服务***及方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110025728A (ko) * 2009-06-04 2011-03-11 유니시스 코포레이션 보안 맞춤형 애플리케이션 클라우드 컴퓨팅 아키텍처
US20120131341A1 (en) * 2010-11-22 2012-05-24 Network Appliance, Inc. Method and system for improving storage security in a cloud computing environment
KR20130047491A (ko) * 2011-10-31 2013-05-08 삼성에스디에스 주식회사 멀티 테넌트 환경을 위한 SaaS 서비스 프로비저닝 장치 및 방법
JP2013526742A (ja) * 2010-05-21 2013-06-24 エスエフエヌティー・ジャーマニー・ゲーエムベーハー コンピュータシステム上でアプリケーションの実行を制御する方法
KR20140056005A (ko) * 2012-10-30 2014-05-09 삼성에스디에스 주식회사 보안 관점의 분산 시스템 간의 데이터 전송 제어

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110025728A (ko) * 2009-06-04 2011-03-11 유니시스 코포레이션 보안 맞춤형 애플리케이션 클라우드 컴퓨팅 아키텍처
JP2013526742A (ja) * 2010-05-21 2013-06-24 エスエフエヌティー・ジャーマニー・ゲーエムベーハー コンピュータシステム上でアプリケーションの実行を制御する方法
US20120131341A1 (en) * 2010-11-22 2012-05-24 Network Appliance, Inc. Method and system for improving storage security in a cloud computing environment
KR20130047491A (ko) * 2011-10-31 2013-05-08 삼성에스디에스 주식회사 멀티 테넌트 환경을 위한 SaaS 서비스 프로비저닝 장치 및 방법
KR20140056005A (ko) * 2012-10-30 2014-05-09 삼성에스디에스 주식회사 보안 관점의 분산 시스템 간의 데이터 전송 제어

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114513785A (zh) * 2022-02-22 2022-05-17 新华三技术有限公司 一种终端认证方法及装置
CN114513785B (zh) * 2022-02-22 2023-10-20 新华三技术有限公司 一种终端认证方法及装置
CN115189896A (zh) * 2022-09-13 2022-10-14 中安网脉(北京)技术股份有限公司 一种虚拟云密码服务***及方法

Similar Documents

Publication Publication Date Title
WO2013062352A1 (fr) Procédé et système de contrôle d'accès dans un service informatique en nuage
WO2021002692A1 (fr) Procédé de fourniture de service d'actifs virtuels sur la base d'un identifiant décentralisé et serveur de fourniture de service d'actifs virtuels les utilisant
WO2018194379A1 (fr) Procédé d'approbation de l'utilisation d'une carte à l'aide d'un identificateur de jeton sur la base d'une chaîne de blocs et structure en arbre de merkle associée à celui-ci, et serveur l'utilisant
WO2016137307A1 (fr) Attestation par mandataire
WO2010068073A2 (fr) Procédé de fourniture de service utilisant des données d'identification de dispositif, son dispositif et support lisible par ordinateur sur lequel son programme est enregistré
WO2019127973A1 (fr) Procédé, système et dispositif d'authentification d'autorité pour référentiel de miroirs et support de stockage
WO2022102930A1 (fr) Système did utilisant une authentification par pin de sécurité basée sur un navigateur, et procédé de commande associé
WO2019088686A1 (fr) Système et procédé de gestion de distribution de contenu à l'aide d'une technologie de chaîne de blocs
WO2019088687A1 (fr) Système et procédé de gestion de distribution de contenu à l'aide d'une technologie de chaîne de blocs
WO2019225921A1 (fr) Procédé de stockage de clé numérique, et dispositif électronique
WO2013191325A1 (fr) Procédé pour authentifier un identifiant d'ouverture par plate-forme de confiance, et appareil et système associés
WO2020189926A1 (fr) Procédé et serveur permettant de gérer une identité d'utilisateur en utilisant un réseau à chaîne de blocs, et procédé et terminal d'authentification d'utilisateur utilisant l'identité d'utilisateur basée sur un réseau à chaîne de blocs
WO2012099330A2 (fr) Système et procédé de délivrance d'une clé d'authentification pour authentifier un utilisateur dans un environnement cpns
WO2020022700A1 (fr) Élément de sécurité de traitement et d'authentification de clé numérique et procédé de fonctionnement associé
WO2014003516A1 (fr) Procédé et appareil de fourniture de partage de données
WO2018151480A1 (fr) Procédé et système de gestion d'authentification
WO2021112603A1 (fr) Procédé et dispositif électronique permettant de gérer des clés numériques
WO2021256615A1 (fr) Procédé et dispositif de paiement de produit utilisant un haut-parleur d'intelligence artificielle
WO2021235893A1 (fr) Dispositif électronique et procédé destiné à un dispositif électronique permettant de fournir un service fondé sur la télémétrie
WO2020032351A1 (fr) Procédé permettant d'établir une identité numérique anonyme
WO2019039740A1 (fr) Procédé permettant de fournir une mise à jour de service et dispositif électronique prenant en charge ledit procédé
WO2019098790A1 (fr) Dispositif électronique et procédé de transmission et de réception de données d'après un système d'exploitation de sécurité dans un dispositif électronique
WO2019088688A1 (fr) Système et procédé de gestion de distribution de contenu à l'aide d'une technologie de chaîne de blocs
WO2020190099A1 (fr) Dispositif électronique de gestion d'informations personnelles et procédé de fonctionnement de celui-ci
WO2018021864A1 (fr) Procédé pour fournir un service en nuage

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17834805

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2019527107

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17834805

Country of ref document: EP

Kind code of ref document: A1