KR20140090279A - Service security authentication method and web application server therof - Google Patents
Service security authentication method and web application server therof Download PDFInfo
- Publication number
- KR20140090279A KR20140090279A KR1020120142661A KR20120142661A KR20140090279A KR 20140090279 A KR20140090279 A KR 20140090279A KR 1020120142661 A KR1020120142661 A KR 1020120142661A KR 20120142661 A KR20120142661 A KR 20120142661A KR 20140090279 A KR20140090279 A KR 20140090279A
- Authority
- KR
- South Korea
- Prior art keywords
- user terminal
- application server
- web application
- authentication
- certificate
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/16—Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/16—Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
- G06F15/161—Computing infrastructure, e.g. computer clusters, blade chassis or hardware partitioning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Mathematical Physics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
A method for authenticating a service security in a web application server supporting a service based on cloud computing, the method comprising: performing a first authentication with a user terminal to upload an application program based on a first certificate; Storing an uploaded application program from the user terminal; Obtaining a unique identifier for identifying whether the user terminal is a terminal having a proper uploading authority; Performing a secondary authentication for connection to the user terminal based on the second certificate when the user terminal is determined to be a terminal having a proper uploading authority; Transmitting a token to be used for activation control of the uploaded application program to the user terminal when the secondary authentication is normally performed; And performing activation control of the uploaded application program in accordance with the received activation control message when an activation control message including the token is received from the user terminal.
Description
The present invention relates to a service security authentication method in a web application server supporting a cloud computing based service.
Cloud computing technology refers to a technology that supports virtual computing environments to store data, use application programs, and use content through servers on the Internet. Therefore, even if the application program, contents, etc. are not directly stored in a user PC or a smart phone for using a specific program or service, the user can receive various services through the cloud computing technology.
However, in recent years, some security problems have arisen in such cloud computing-based services. For example, when uploading a specific application program to a web application server that provides a cloud service, a malicious program such as a hacking program or a virus program is inserted in the program, thereby damaging the server itself as well as members using the server . In addition, it often happens that the above problem is caused by hacking the certificate of the member who receives the cloud service. Therefore, a service security authentication method with enhanced security is required in order to distinguish malicious users and to identify whether the user is a user having a right authority.
The present invention provides a service security authentication method in which service security is enhanced through cross-certification between a web application server supporting a cloud computing-based service and a user terminal, and a web application server therefor.
In addition, the present invention uses a unique identifier that can not be duplicated in order to identify the uploader of a party authority, and independently obtains a data channel for uploading an application program and a control channel for activation control of the application program, And a web application server for the service security authentication method.
According to an aspect of the present invention, there is provided a service security authentication method in a web application server supporting a service based on a cloud computing,
Performing a primary authentication with a user terminal to upload an application program based on the first certificate;
Storing an uploaded application program from the user terminal;
Obtaining a unique identifier for identifying whether the user terminal is a terminal having a proper uploading authority;
Performing a secondary authentication for connection to the user terminal based on the second certificate when the user terminal is determined to be a terminal having a proper uploading authority;
Transmitting a token to be used for activation control of the uploaded application program to the user terminal when the secondary authentication is normally performed; And
And performing activation control of the uploaded application program according to the received activation control message when an activation control message including the token is received from the user terminal.
In one embodiment, the first certificate is a certificate used by the user terminal for connection authentication to the web application server, issued by the web application server to the user terminal or allowed by the web application server,
The second certificate may be a certificate stored in the web application server and used for connection authentication of the web application server to the user terminal.
In one embodiment, performing the primary authentication comprises:
And performing a primary authentication for connecting to the server according to a connection request from the user terminal using the first certificate.
In one embodiment, the unique identifier may be a CPU (Central Processing Unit) ID of the user terminal.
In one embodiment, prior to performing the secondary authentication,
Transmitting an activation request message for requesting activation of the uploaded application program to the user terminal; And
And receiving a token request message requesting to provide the token from the user terminal that has received the activation request message.
At this time, the unique identifier may be included in the token request message.
In one embodiment, the application program is transmitted to the web application server via a data channel granted through the primary authentication,
The activation control message may be transmitted to the web application server through a control channel assigned through the secondary authentication as a separate secure channel distinguished from the data channel.
In one embodiment, the activation control message is a control message for installing the uploaded application program,
The step of performing the activation control may be the step of installing the uploaded application according to the activation control message.
According to another aspect of the present invention, there is provided a web application server supporting a service based on cloud computing,
A communication unit for performing communication with a user terminal;
A primary authentication processing unit for performing primary authentication with a user terminal to upload an application program based on the first certificate;
A determination unit for determining whether the user terminal is a terminal having a proper upload authority based on a unique identifier received from the user terminal after the first authentication is normally performed;
A secondary authentication processing unit for performing secondary authentication for connection to the user terminal based on the second certificate when the user terminal is determined as a terminal having a proper uploading authority; And
A token to be used for activation control of the uploaded application program is transmitted to the user terminal through the communication unit after the secondary authentication is normally performed and when an activation control message including the token is received from the user terminal, And a control unit for performing activation control of the uploaded application program in accordance with the received activation control message.
In one embodiment, the control unit may transmit an activation request message for requesting activation of the uploaded application program to the user terminal through the communication unit before the secondary authentication processing unit performs the secondary authentication,
When the token request message including the unique identifier is received from the user terminal that has received the activation request message, the determination unit may extract the unique identifier from the token request message and perform the determination.
In one embodiment, the application program is transmitted to the web application server via the data channel assigned by the control unit through the primary authentication,
The activation control message may be transmitted to the web application server through a control channel assigned by the control unit through the secondary authentication as a separate secure channel distinguished from the data channel.
According to another aspect of the present invention, there is provided a method for managing a service security authentication, comprising the steps of: storing one or more programs including instructions for causing a user terminal to perform a method relating to service security authentication through interworking with a web application server A computer readable storage medium,
Performing a primary authentication for a server connection based on a first certificate used for connection authentication to the web application server;
Uploading an application program selected by a user to the web application server when the primary authentication is normally performed;
Sending a token request message to the web application server requesting to provide a token to be used for activation control of the uploaded application program from the web application server; And
And transmitting to the web application server an activation control message including the token if the token has been received after the secondary authentication with the web application server based on the second certificate has been successfully performed. A medium is provided.
In one embodiment, the service security authentication method comprises:
Prior to transmitting the token request message to the web application server,
Receiving an activation request message for an activation request of the uploaded application program from the web application server,
The token request message may include a unique identifier for identifying that the user terminal has a proper uploading authority.
According to an embodiment of the present invention, a service security authentication method in which service security is enhanced through cross-certification between a web application server supporting a cloud computing-based service and a user terminal and a web application server for the same can be provided.
Further, according to an embodiment of the present invention, a unique identifier that can not be duplicated is used to identify an uploader of a party authority, and a data channel for uploading an application program and a control channel for activation control of the application program are independently The service security can be further strengthened by bringing it.
BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a diagram illustrating a configuration of a web application server to which a service security authentication method according to an embodiment of the present invention is applied; FIG.
2 is a service flow diagram illustrating a service security authentication method according to an embodiment of the present invention.
While the present invention has been described in connection with certain exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and similarities. It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings. In addition, numerals (e.g., first, second, etc.) used in the description of the present invention are merely an identifier for distinguishing one component from another.
Also, in this specification, when an element is referred to as being "connected" or "connected" with another element, the element may be directly connected or directly connected to the other element, It should be understood that, unless an opposite description is present, it may be connected or connected via another element in the middle.
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
FIG. 1 is a diagram illustrating a configuration of a web application server to which a service security authentication method according to an embodiment of the present invention is applied.
Referring to Figure 1, a
1, the
However, all of the above components may not necessarily be necessary components for implementing the service security authentication method of the present invention, and the
A client-side program (hereinafter referred to as a client program 50) for executing the service security authentication method according to the embodiment of the present invention in relation to the
Hereinafter, the roles and functions of the respective components constituting the
FIG. 2 is a service flowchart illustrating a service security authentication method according to an embodiment of the present invention.
Referring to FIG. 2, in step S210, the primary authentication between the
Here, the
If the primary authentication is normally performed, the
When the uploading of the application program is completed, the
Accordingly, in step S240, the
Here, the unique identifier is used to identify whether the corresponding user terminal has a proper upload right in the service security authentication process according to the embodiment of the present invention. For example, if it is assumed that the first certificate used in the previous first authentication process is duplicated or hacked by a malicious user, only that the first authentication has been normally performed, the user who has performed the first authentication is a legitimate user It can be difficult to confirm. Therefore, in the embodiment of the present invention, as a purpose of re-confirming whether the user who has performed the primary authentication is a party uploader again, the user terminal is further requested to have a unique identifier. Such a unique identifier may be various identifiers as long as it can identify the user terminal, but is used as an application for distinguishing a malicious user. Therefore, an identifier (for example, a CPU ID or the like) Is preferably used. In some cases, the unique identifier may be encrypted and transmitted according to a predefined encryption scheme between the user terminal and the web application server.
When the unique identifier is received in the above-described manner, the
At this time, the secondary authentication is for terminal authentication, which can be performed based on the
As described above, in the embodiment of the present invention, the second authentication process using the
In step S260, the
In addition, according to the embodiment of the present invention, after the second authentication process is completed, the message transmission / reception between the user terminal and the server is performed by a separate security (authentication) channel distinguished from the data channel provided through the first authentication process Lt; RTI ID = 0.0 > a < / RTI > predetermined control channel. As described above, in the embodiment of the present invention, by differentiating the communication channel for uploading the application program after the primary authentication and the communication channel for transmitting and receiving the control message after the secondary authentication, the service security is further enhanced I have to.
That is, according to the service security authentication method according to the embodiment of the present invention described above, even after the upload of the application program is performed through the data channel assigned in the primary authentication process, the partial uploader authentication process based on the unique identifier, The security of the entire system can be strengthened through several layers of security enhancement steps such as an activation control process through a separate secure channel provided that the second authentication process is normally performed.
Thereafter, when a predetermined activation control message including the provided token is delivered from the
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the following claims And changes may be made without departing from the spirit and scope of the invention.
100: first user terminal
200: Web Application Server
210:
220: Certificate storing unit
230: Program storage unit
240:
250: primary authentication processing unit
260: secondary authentication processing unit
270:
280: Token Offering
Claims (14)
Performing a primary authentication with a user terminal to upload an application program based on the first certificate;
Storing an uploaded application program from the user terminal;
Obtaining a unique identifier for identifying whether the user terminal is a terminal having a proper uploading authority;
Performing a secondary authentication for connection to the user terminal based on the second certificate when the user terminal is determined to be a terminal having a proper uploading authority;
Transmitting a token to be used for activation control of the uploaded application program to the user terminal when the secondary authentication is normally performed; And
Performing activation control of the uploaded application program corresponding to the received activation control message when an activation control message including the token is received from the user terminal
The method comprising the steps of:
Wherein the first certificate is a certificate used by the user terminal to authenticate connection to the web application server and issued by the web application server to the user terminal or allowed by the web application server,
Wherein the second certificate is used for connection authentication of the web application server to the user terminal and is a certificate stored in the web application server.
The step of performing the primary authentication includes:
And performs a primary authentication for connection to a server according to a connection request from the user terminal using the first certificate.
And the unique identifier is a central processing unit (CPU) ID of the user terminal.
Before the step of performing the secondary authentication,
Transmitting an activation request message for requesting activation of the uploaded application program to the user terminal; And
Further comprising receiving a token request message requesting to provide the token from a user terminal that has received the activation request message,
Wherein the unique identifier is included in the token request message.
Wherein the application program is transmitted to the web application server through a data channel assigned through the primary authentication,
Wherein the activation control message is transmitted to the web application server through a control channel assigned through the secondary authentication as a separate secure channel distinguished from the data channel.
The activation control message is a control message for installing the uploaded application program,
Wherein performing the activation control comprises installing the uploaded application according to the activation control message.
A communication unit for performing communication with a user terminal;
A primary authentication processing unit for performing primary authentication with a user terminal to upload an application program based on the first certificate;
A determination unit for determining whether the user terminal is a terminal having a proper upload authority based on a unique identifier received from the user terminal after the first authentication is normally performed;
A secondary authentication processing unit for performing secondary authentication for connection to the user terminal based on the second certificate when the user terminal is determined as a terminal having a proper uploading authority; And
A token to be used for activation control of the uploaded application program is transmitted to the user terminal through the communication unit after the secondary authentication is normally performed and when an activation control message including the token is received from the user terminal, A control unit for performing activation control of the uploaded application program in accordance with the received activation control message,
A web application server.
Wherein the first certificate is used for authentication of connection of the user terminal to the web application server and is stored in the user terminal, and the certificate is issued to the user terminal or a certificate ego,
Wherein the second certificate is used to authenticate connection to the user terminal of the web application server and is a certificate stored in the web application server.
Wherein,
Transmitting an activation request message for requesting activation of the uploaded application program to the user terminal through the communication unit before the secondary authentication processing unit performs the secondary authentication,
Wherein the determination unit extracts the unique identifier from the token request message and performs the determination when the token request message including the unique identifier is received from the user terminal that has received the activation request message.
Wherein the application program is transmitted to the web application server via the data channel assigned by the control unit through the primary authentication,
Wherein the activation control message is transmitted to the web application server via a control channel assigned by the control unit through the secondary authentication as a separate secure channel distinguished from the data channel.
Performing a primary authentication for a server connection based on a first certificate used for connection authentication to the web application server;
Uploading an application program selected by a user to the web application server when the primary authentication is normally performed;
Sending a token request message to the web application server requesting to provide a token to be used for activation control of the uploaded application program from the web application server; And
And transmitting to the web application server an activation control message including the token if the token has been received after the secondary authentication with the web application server based on the second certificate has been successfully performed. media.
The service security authentication method includes:
Prior to transmitting the token request message to the web application server,
Receiving an activation request message for an activation request of the uploaded application program from the web application server,
Wherein the token request message includes a unique identifier for identifying that the user terminal is a terminal having a proper uploading authority.
And the unique identifier is a CPU (Central Processing Unit) ID of the user terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020120142661A KR20140090279A (en) | 2012-12-10 | 2012-12-10 | Service security authentication method and web application server therof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020120142661A KR20140090279A (en) | 2012-12-10 | 2012-12-10 | Service security authentication method and web application server therof |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20140090279A true KR20140090279A (en) | 2014-07-17 |
Family
ID=51737944
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020120142661A KR20140090279A (en) | 2012-12-10 | 2012-12-10 | Service security authentication method and web application server therof |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20140090279A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105100110A (en) * | 2015-08-20 | 2015-11-25 | 沈阳成卓科技有限公司 | Blasting operation intelligent service platform and blasting operation intelligent monitoring method for platform |
WO2016024838A1 (en) * | 2014-08-13 | 2016-02-18 | (주)잉카엔트웍스 | Method and system for providing cloud-based application security service |
KR20180005887A (en) | 2016-07-07 | 2018-01-17 | 삼성에스디에스 주식회사 | Method for authenticating client system, client device and authentication server |
CN112612770A (en) * | 2020-12-28 | 2021-04-06 | 深圳市科创思科技有限公司 | Distributed file uploading method and system |
CN113438246A (en) * | 2021-06-29 | 2021-09-24 | 四川巧夺天工信息安全智能设备有限公司 | Data security and authority control method for intelligent terminal |
-
2012
- 2012-12-10 KR KR1020120142661A patent/KR20140090279A/en not_active Application Discontinuation
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016024838A1 (en) * | 2014-08-13 | 2016-02-18 | (주)잉카엔트웍스 | Method and system for providing cloud-based application security service |
KR20160020294A (en) * | 2014-08-13 | 2016-02-23 | (주)잉카엔트웍스 | Method and system for providing application security service based on cloud |
US10296728B2 (en) | 2014-08-13 | 2019-05-21 | Inka Entworks, Inc. | Method and system for providing cloud-based application security service |
CN105100110A (en) * | 2015-08-20 | 2015-11-25 | 沈阳成卓科技有限公司 | Blasting operation intelligent service platform and blasting operation intelligent monitoring method for platform |
CN105100110B (en) * | 2015-08-20 | 2018-10-26 | 沈阳成卓科技有限公司 | Bursting work intelligent Service Platform and the method for platform intelligent monitoring bursting work |
KR20180005887A (en) | 2016-07-07 | 2018-01-17 | 삼성에스디에스 주식회사 | Method for authenticating client system, client device and authentication server |
CN112612770A (en) * | 2020-12-28 | 2021-04-06 | 深圳市科创思科技有限公司 | Distributed file uploading method and system |
CN112612770B (en) * | 2020-12-28 | 2024-05-14 | 深圳市科创思科技有限公司 | Distributed file uploading method and system |
CN113438246A (en) * | 2021-06-29 | 2021-09-24 | 四川巧夺天工信息安全智能设备有限公司 | Data security and authority control method for intelligent terminal |
CN113438246B (en) * | 2021-06-29 | 2023-05-30 | 四川巧夺天工信息安全智能设备有限公司 | Data security and authority management and control method for intelligent terminal |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9053306B2 (en) | Authentication system, authentication server, service providing server, authentication method, and computer-readable recording medium | |
EP3308499B1 (en) | Service provider certificate management | |
EP3297243B1 (en) | Trusted login method and device | |
EP2874369A1 (en) | Trusted communication session and content delivery | |
US11418498B2 (en) | Single sign on proxy for regulating access to a cloud service | |
US11336449B2 (en) | Information processing apparatus, computer program product, and resource providing method | |
CN107508822B (en) | Access control method and device | |
US11489831B2 (en) | Communication system and computer readable storage medium | |
EP2787707A1 (en) | Method for allowing user access, client, server, and system | |
CN102811228A (en) | Network business login method, equipment and system | |
CN110958119A (en) | Identity verification method and device | |
WO2016054888A1 (en) | Method and device for creating subscription resource | |
US20170034164A1 (en) | Multifactor authentication for mail server access | |
KR20140090279A (en) | Service security authentication method and web application server therof | |
CN105100022A (en) | Cipher processing method, server and system | |
US10708326B2 (en) | Secure media casting bypassing mobile devices | |
CN111800426A (en) | Method, device, equipment and medium for accessing native code interface in application program | |
JP2017523508A (en) | Secure integrated cloud storage | |
KR101824562B1 (en) | Gateway and method for authentication | |
CN109460647B (en) | Multi-device secure login method | |
US9071596B2 (en) | Securely establishing a communication channel between a switch and a network-based application using a unique identifier for the network-based application | |
KR101637155B1 (en) | A system providing trusted identity management service using trust service device and its methods of operation | |
KR20140042049A (en) | Method for managing multi content servers | |
CN110049067B (en) | Transmission method and device of session key and computer-readable storage medium | |
KR101329788B1 (en) | SSO Method Based on Server In Mobile Environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WITN | Withdrawal due to no request for examination |