KR20170042143A - KVM Security System of Semiconductor Manufacturing Equipment - Google Patents

KVM Security System of Semiconductor Manufacturing Equipment Download PDF

Info

Publication number
KR20170042143A
KR20170042143A KR1020150141720A KR20150141720A KR20170042143A KR 20170042143 A KR20170042143 A KR 20170042143A KR 1020150141720 A KR1020150141720 A KR 1020150141720A KR 20150141720 A KR20150141720 A KR 20150141720A KR 20170042143 A KR20170042143 A KR 20170042143A
Authority
KR
South Korea
Prior art keywords
kvm
remote terminal
security
semiconductor manufacturing
manufacturing equipment
Prior art date
Application number
KR1020150141720A
Other languages
Korean (ko)
Inventor
신상용
김효태
Original Assignee
주식회사 라온즈
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 라온즈 filed Critical 주식회사 라온즈
Priority to KR1020150141720A priority Critical patent/KR20170042143A/en
Publication of KR20170042143A publication Critical patent/KR20170042143A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/12Arrangements for remote connection or disconnection of substations or of equipment thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to a KVM security system for remotely controlling semiconductor manufacturing equipment, and more particularly to a KVM security system which controls connection of a remote terminal device, stores a connection history of the remote terminal device, and sets a video security region, thereby strengthening security. For this purpose, the KVM security system for semiconductor manufacturing equipment according to the present invention comprises: a monitoring device which controls operation of semiconductor manufacturing equipment and displays a state thereof; a KVM device which receives security settings from the monitoring device to output an image on which masking processing has been performed; a KVM management device which is connected to the KVM device to control connection to the KVM device; and a remote terminal device which is connected to the KVM management device and remotely controls the monitoring device.

Description

KVM Security System of Semiconductor Manufacturing Equipment (KVM Security System of Semiconductor Manufacturing Equipment)

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a KVM security system for remote control of semiconductor manufacturing equipment, and more particularly, to a KVM security system for controlling connection of a remote terminal apparatus, storing connection history of a remote terminal apparatus, .

An input / output sharing device is a device that can control a plurality of computers by sharing a keyboard, a video device, and a mouse, which are input / output devices, .

Since the KVM device can control an input / output device connected to a plurality of computers from an external remote terminal device, it is possible to efficiently manage a server. By connecting a KVM device to a semiconductor manufacturing device and constructing a KVM system, Control and monitoring.

As described above, the KVM system for remotely controlling the semiconductor manufacturing equipment is advantageous in terms of management efficiency, but contrary to this, there may be a security problem due to the approach of the external manager.

Therefore, there is a need to introduce a KVM security system for semiconductor manufacturing equipment which improves problems such as management of external administrator access and leakage of security issues.

In order to solve such a problem, Korean Patent Registration No. 10-1077652 (registered on October 21, 2011) discloses a remote network management system that issues an approval code to track responsibility for an internal security incident, And a method of authenticating the remote network management system.

However, only the configuration of the connection authentication method of the remote terminal is disclosed, and the configuration for security management after the remote terminal is connected is not disclosed, which may be vulnerable to security.

KR1077652 10

The present invention provides a KVM security system that is developed to solve the above-mentioned problems and which controls connection of a remote terminal apparatus, stores a connection history when a remote terminal apparatus is connected, and sets a video security zone to enhance security .

For this purpose, the KVM security system of the semiconductor manufacturing equipment according to the present invention comprises a monitoring device for controlling the operation of the semiconductor manufacturing equipment and displaying the status, a KVM device for outputting a masked image by receiving security setting from the monitoring device, A KVM management device connected to the KVM device and controlling connection to the KVM device, and a remote terminal device connected to the KVM management device and remotely controlling the monitoring device.

According to another aspect of the present invention, there is provided a security method for a KVM system, including a setting step of setting a screen security zone in a monitoring device by a user, an authentication step of authenticating connection of a remote terminal device by a KVM management device, An output step of outputting a masked image by masking a screen security area in the KVM management device; a storage step of storing the connection history of the remote terminal device by the KVM management device; And a scrap step of scrapping.

According to the KVM security system of the semiconductor manufacturing equipment according to the present invention, when a KVM system is actually introduced to a semiconductor manufacturing company, a KVM device can be connected to a computer of an automation process to remotely manage the KVM system from outside the factory. And it is also advantageous that the computer personnel do not have to observe the regulations of the semiconductor manufacturing factory, such as wearing a tricky dress.

In addition, it has an authentication procedure for remote administrator access, a function to store the connection history of the remote administrator, and an automatic release function in which the remote administrator authentication is released after a certain time, .

In addition, it is possible to provide a KVM system with enhanced security by including a shutdown function for blocking video images by preventing security issues from being made by setting security on a video image output to the remote terminal device.

1 is a schematic block diagram of a KVM security system of a semiconductor manufacturing equipment according to the present invention;
2 is a block diagram of a monitoring device according to the present invention;
3 is a block diagram illustrating a KVM device according to the present invention.
4 is a block diagram showing a KVM management apparatus according to the present invention.
5 is a signal flow diagram of a KVM security system for semiconductor manufacturing equipment in accordance with an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. The configuration of the present invention and the operation and effect thereof will be clearly understood through the following detailed description.

Before describing the invention in detail, the same components are denoted by the same reference numerals even if they are shown in different drawings, and a detailed description thereof will be omitted when it is judged that the gist of the present invention may be blurred to a known configuration .

Hereinafter, a KVM security system for semiconductor manufacturing equipment according to the present invention will be described with reference to the accompanying drawings.

1 is a schematic block diagram of a KVM security system of a semiconductor manufacturing equipment 10 according to the present invention.

1, a KVM security system of a semiconductor manufacturing equipment 10 according to the present invention includes a semiconductor manufacturing equipment 10, a monitoring device 100, a KVM device 200, a KVM management device 300, a communication network 400 , And a remote terminal apparatus 500.

The semiconductor manufacturing equipment 10 is a device for sequentially performing a photolithographic coating process, an exposure process, and a development process, which are general lithography processes as semiconductor track equipment. The semiconductor manufacturing equipment 10 performs a process of forming a circuit pattern of a desired semiconductor device on a wafer by using a photosensitizer sensitive to light.

The semiconductor manufacturing equipment 10 has a built-in monitoring device 100, and can control the semiconductor manufacturing process and monitor the process status through the monitoring device 100.

The monitoring apparatus 100 and the remote terminal apparatus 500 of the present invention to be described later may be a personal computer (PC) such as a desktop provided with an input / output port, or a portable terminal such as a cellular phone or a PDA.

The KVM device 200 is located between the semiconductor manufacturing equipment 10 and the KVM management device 300 and transmits the remote control signal of the remote terminal device 500 to the semiconductor manufacturing equipment 10, And transmits the image information of the monitoring device 100 in the semiconductor manufacturing equipment 10.

Although the KVM device 200 has been described above, the KVM device 200 will be briefly described to facilitate understanding of the present invention.

The KVM device 200 can easily and quickly access the IT resources such as the server and the storage by using a single screen to discover and control the problems of the computing resources and thereby control the remote Network.

The KVM management apparatus 300 is connected to a plurality of KVM apparatuses 200 and connects the remote terminal apparatuses 500 to a plurality of KVM apparatuses 200.

In addition, the KVM management apparatus 300 controls the remote terminal apparatus 500 to connect to a specific KVM apparatus 200 among the plurality of KVM apparatuses 200.

The communication network 400 can be applied to any communication method known in the art as long as it can connect the KVM management apparatus 300 and the remote terminal apparatus 500 via a network. For example, the communication network 400 may be a wired network such as the Internet or an intranet, or a wireless network such as a WiFi network or a mobile communication network, and does not limit the communication mode.

The remote terminal apparatus 500 is a device capable of connecting to the KVM management apparatus 300 through the communication network 400 and remotely controlling the input and output of the monitoring apparatus 100.

The remote terminal apparatus 500 can access the KVM management apparatus 300 through a wired network or a wireless network according to a communication method of the communication network 400. The remote terminal apparatus 500 can be connected to the semiconductor manufacturing equipment 10 through an authentication process of the KVM management apparatus, The monitoring device 100 can be remotely controlled.

2 is a block diagram illustrating a monitoring device 100 in accordance with the present invention.

2, a monitoring apparatus 100 according to the present invention includes an input / output unit such as a graphic processing unit 102, a monitor 104, a mouse 106, and a keyboard 108 and a control unit 110, do.

The graphic processing apparatus 102 is an operation processing apparatus that processes image information of the monitoring apparatus 100 or performs screen output, and assists the graphic processing operation of the control unit 110. The graphics processing unit 102 is referred to as a graphics processor or simply a GPU (Graphic Processing Unit).

The monitor 104 is an output display of the monitoring device 100. The monitor 104 outputs the process status of the semiconductor manufacturing equipment 10 as an image. The monitor 104 is connected to the graphics processing unit 102 so that output information of the graphic processing unit 102 is output to the monitor 104 as an image.

The mouse 106 and the keyboard 108 input data for process control of the semiconductor manufacturing equipment 10 as an input device of the monitoring device 100.

The graphic processor 102 and the monitor 104, which are output devices, and the mouse 104 and keyboard 106, which are input devices, are hereinafter referred to as input / output devices.

The control unit 110 controls the input / output device by the input / output control software, and the input / output device is operated through the control unit 110 to process the data.

The control unit 110 is connected to the input / output device and the KVM device 200 and processes the data transmitted from the KVM device 200 to display the result on the monitor 104 via the graphic processing device 102.

The control unit 110 sets a security area in the video signal generated by the graphic processing unit 102 and transmits a video signal having a security area set therein (hereinafter referred to as a security video) to the KVM device 200.

3 is a block diagram illustrating a KVM device 200 according to the present invention.

3, the KVM device 200 according to the present invention includes an image processing unit 202, an input / output unit 204, and a communication unit 206.

The input / output unit 204 is connected to the control unit 110 of the monitoring apparatus 100 and receives the security image transmitted from the control unit 110 and transmits the received security image to the image processing unit 202. [

The image processing unit 202 performs a masking process on the security image received from the input / output unit 204 and transmits the masked image (hereinafter, it is displayed as a masking image) to the communication unit 206.

In the masking process, a method of blurring or mosaicing a corresponding security area is used. Such a masking process is a part where the gist of the present invention may be blurred, and a detailed description thereof will be omitted.

The masking image processed in the KVM device 200 can prevent a screen displaying confidential information on the semiconductor process from being leaked to a remote manager, thereby enhancing security.

The communication unit 206 transmits the masking image input from the image processing unit 202 to the KVM management apparatus 300. [ The communication unit 206 also transmits the input device data (i.e., the remote control signal of the remote terminal apparatus 500) received from the KVM management apparatus 300 to the input / output unit 204.

First, the security image transmitted from the control unit 110 of the monitoring apparatus 100 is received by the input / output unit 204, and the input / output unit 204 receives the security image And transmits the secure image to the image processing unit 202. The image processing unit 202 performs masking processing on the received secure image and transmits the masked image to the communication unit 206. [

The data of the input device transmitted from the remote terminal device 500 is received by the communication unit 206 of the KVM device 200 via the KVM management device 300 and the communication unit 206 transmits the received input device data Output unit 204. The input / output unit 204 transmits the received input device data to the monitoring device 100. The input /

4 is a block diagram showing a KVM management apparatus 300 according to the present invention.

4, the KVM management apparatus 300 according to the present invention includes a communication unit 302, a control unit 304, an authentication unit 306, a black box unit 308, and a memory 310.

The communication unit 302 receives the masking image transmitted from the communication unit 206 of the KVM apparatus 200 or receives the connection signal and the input signal of the remote terminal apparatus 500 and outputs the masking image, (304).

The control unit 304 is connected to the communication unit 302, the authentication unit 306, the black box unit 308, and the memory 310. The control unit 304 transmits the masking image received from the communication unit 302 to the remote terminal 500 or transmits the connection signal of the remote terminal 500 received from the communication unit 302 to the authentication unit 306 ).

The authentication unit 306 performs an administrator authentication procedure to remotely control the monitoring apparatus 10 through the remote terminal apparatus 500 when receiving the connection signal of the remote terminal apparatus 500 from the control unit 304 .

The administrator authentication procedure may be a method of inputting an administrator ID and a password through an authentication program or a method of giving an authentication code through a separate authentication server.

The remote terminal apparatus 500 permitted to be authenticated through the authentication unit 306 can control the input signal of the monitoring apparatus 100 remotely through the communication network 400 and can control the input signal generated by the monitoring apparatus 100 The output signal can be received.

Accordingly, it is possible not only to control the operation of the mouse 106, the keyboard 108, etc. of the monitoring apparatus 100 through the remote terminal apparatus 500, The displayed image data is also displayed on the remote terminal apparatus 500.

The black box unit 308 scrapes the connection screen of the monitoring apparatus 100 that the remote terminal apparatus 500 has connected to the KVM management apparatus 300 and has viewed. The connection screen scraped by the black box unit 308 is stored in the memory 310. [

The memory 310 stores various programs and data, and the memory 310 according to the present invention stores the connection history or the connection screen of the remote terminal apparatus 500.

The control unit 304 checks the connection time and the termination time of the remote terminal apparatus 500 and determines whether an input signal is generated for a predetermined time after the remote terminal apparatus 500 is connected to the KVM management apparatus 300 The authentication of the KVM management apparatus 300 for the remote terminal apparatus 500 can be automatically canceled.

It is preferable that the system user sets a predetermined time for performing the automatic authentication release function. In addition, it is also possible for the administrator to directly set a certain time, and input of a mouse, keyboard, Based on the point in time when they did not.

In addition, the control unit 304 may perform a shutdown function for simultaneously blocking an image output from the KVM device 200 in an emergency of the KVM security system. By using the shutdown function, the KVM management apparatus 300 can block all images output to the remote terminal apparatus 500.

It is preferable that the shutdown function operates the user directly in case the security of the system becomes weak due to a remote hacking or a server connection failure.

Such an automatic release function and shutdown function are effective in preventing a security threat or a leakage of confidential information caused by remote control, and can further enhance the KVM security system of the semiconductor process equipment of the present invention.

5 is a signal flow diagram of the KVM security method of the semiconductor manufacturing equipment 10 according to the embodiment of the present invention.

A KVM security process of the semiconductor manufacturing equipment 10 according to the present invention will be described. First, a user sets a screen security zone in the monitoring device 100 (S1).

Next, when the administrator accesses the KVM management apparatus 300 through the remote terminal apparatus 500 (S2), the KVM management apparatus 300 authenticates the remote terminal apparatus 500 (S3).

When authentication of the remote terminal apparatus 500 by the KVM management apparatus 300 is completed, the security image masked by the KVM apparatus 200 is output to the remote terminal apparatus 500 (S4).

While the remote terminal apparatus 500 is connected to the KVM management apparatus 300, the KVM management apparatus 300 stores the connection history of the remote terminal apparatus 500 in the memory 310 (S5). In addition, the KVM management apparatus 300 scrapes the connection screen of the remote terminal apparatus 500 and stores it in the memory 310 (S6).

The above-described storing process is continuously performed while the remote terminal apparatus 500 is connected. When the remote terminal device 500 releases the connection of the remote terminal device 500, the connection is released and the entire process is terminated (S7)

The foregoing description is merely illustrative of the present invention, and various modifications may be made by those skilled in the art without departing from the spirit of the present invention.

Therefore, the embodiments disclosed in the specification of the present invention do not limit the present invention. The scope of the present invention should be construed according to the following claims, and all the techniques within the scope of equivalents should be construed as being included in the scope of the present invention.

10: Semiconductor manufacturing equipment
100: monitoring device 102: graphics processing device
104: Monitor 106: Mouse
108: keyboard 110:
200: KVM unit 202: Image processing unit
204 input / output unit 206 communication unit
300: KVM management device 302:
304: control unit 306:
308: Black box part 310: Memory
400: communication network 500: remote terminal device

Claims (6)

In a KVM system of semiconductor manufacturing equipment,
A monitoring device for controlling operation of the semiconductor manufacturing equipment and displaying status,
A KVM device for receiving a security setting from the monitoring device and outputting a masked image,
A KVM management device connected to the KVM device and controlling connection to the KVM device;
And a remote terminal device connected to the KVM management device and remotely controlling the monitoring device. The apparatus of claim 1, wherein the KVM device
And a video processor for performing a masking process on the security image input from the monitoring device and outputting the masked image to the remote terminal device. The apparatus of claim 1, wherein the KVM management apparatus
A communication unit for connecting the KVM apparatus and the remote terminal apparatus;
An authentication unit for performing an administrator authentication procedure to remotely control the monitoring apparatus through the remote terminal apparatus;
A control unit for recording a connection time and an end time of the remote terminal apparatus;
A black box unit for scrolling a connection screen of the remote terminal apparatus,
And a memory for storing data generated in the control unit and the black box unit. 4. The apparatus of claim 3, wherein the control unit
When the remote terminal device is not connected to the terminal device for a predetermined time after the remote terminal device is connected, the authentication is canceled. 4. The apparatus of claim 3, wherein the control unit
And performs a shutdown function for simultaneously blocking images output from the KVM device in an emergency. A setting step of setting a screen security area in the monitoring device by the user;
An authentication step of the KVM management apparatus authenticating connection of the remote terminal apparatus,
An output step of causing the KVM device to mask the screen security area to output the masked image to the remote terminal device;
A storage step of the KVM management apparatus storing a connection history of the remote terminal apparatus;
And scavenging the connection screen of the remote terminal device by the KVM management device.
KR1020150141720A 2015-10-08 2015-10-08 KVM Security System of Semiconductor Manufacturing Equipment KR20170042143A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150141720A KR20170042143A (en) 2015-10-08 2015-10-08 KVM Security System of Semiconductor Manufacturing Equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150141720A KR20170042143A (en) 2015-10-08 2015-10-08 KVM Security System of Semiconductor Manufacturing Equipment

Publications (1)

Publication Number Publication Date
KR20170042143A true KR20170042143A (en) 2017-04-18

Family

ID=58704106

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150141720A KR20170042143A (en) 2015-10-08 2015-10-08 KVM Security System of Semiconductor Manufacturing Equipment

Country Status (1)

Country Link
KR (1) KR20170042143A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112075066A (en) * 2018-05-04 2020-12-11 斯坦费尔德有限公司 Remote support device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112075066A (en) * 2018-05-04 2020-12-11 斯坦费尔德有限公司 Remote support device

Similar Documents

Publication Publication Date Title
WO2016137307A1 (en) Attestation by proxy
RU2635224C2 (en) Method and device for secure sensory input
KR101489152B1 (en) Apparatus and method for preventing screen capture
CN104040510A (en) Secure direct memory access
US11461436B1 (en) Trust zone hosted secure screen mode for discretionary presentation of sensitive corporate information to trusted endpoints
KR101839647B1 (en) Per process networking capabilities
US11943256B2 (en) Link detection method and apparatus, electronic device, and storage medium
WO2020050584A1 (en) System and method for secure transactions with a trusted execution environment (tee)
CN107873125A (en) Active/standby devices scramble is shown
US20130061316A1 (en) Capability Access Management for Processes
CN113569288A (en) Authority management method and device and electronic equipment
CN109154903B (en) Recovery environment for virtual machines
WO2022124572A1 (en) System and method for dynamic verification of trusted applications
KR20170042143A (en) KVM Security System of Semiconductor Manufacturing Equipment
EP3519931A1 (en) Electronic device and method for creating shortcut to web page in electronic device
EP2825992B1 (en) Method and apparatus for controlling content capture of prohibited content
CN113821841B (en) Resource management method, computing device and readable storage medium
JP2006259942A (en) Security management system, server device, client terminal and security protection method used therefor
WO2016200007A1 (en) Secure chat method using distributed key exchange protocol and self-defense security technology
US11245694B2 (en) User terminal apparatus and control method thereof
US10635840B2 (en) Banner notification in locked host monitor
JP7283232B2 (en) Information provision method and information provision system
WO2020256277A1 (en) System and method for universal mobile device lock using blockchain
KR20140076765A (en) Method for authenticating user by using secure keypad based on image
WO2020105854A1 (en) Electronic device and control method therefor