WO2009066826A1 - Storage security system and method using communication network - Google Patents

Storage security system and method using communication network Download PDF

Info

Publication number
WO2009066826A1
WO2009066826A1 PCT/KR2007/006295 KR2007006295W WO2009066826A1 WO 2009066826 A1 WO2009066826 A1 WO 2009066826A1 KR 2007006295 W KR2007006295 W KR 2007006295W WO 2009066826 A1 WO2009066826 A1 WO 2009066826A1
Authority
WO
WIPO (PCT)
Prior art keywords
storage
authentication
authentication information
authentication server
host
Prior art date
Application number
PCT/KR2007/006295
Other languages
French (fr)
Inventor
Sung-Gab Lee
Jaejin Lee
Phoebe Min
Original Assignee
Seoul National University Industry Foundation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Seoul National University Industry Foundation filed Critical Seoul National University Industry Foundation
Publication of WO2009066826A1 publication Critical patent/WO2009066826A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Definitions

  • the present invention relates to a storage security apparatus and method, and more particularly, to security of at least one of a mobile storage and a portable storage. This work was supported by the IT R&D program of MIC/IITA. [2006-S-040-01, Development of Flash Memory-based Embedded Multimedia Software]
  • ⁇ storage storing data may be a magnetic disk, a semiconductor memory and the like. As the storage has been miniaturized due to improvement of storage manufacturing technology, various types of portable storages are developed.
  • a ⁇ ser of a portable storage may conveniently store a large amount of data in the portable storage, however, when the user loses the portable storage, a finder may easily access the data stored in the portable storage. Specifically, since the data stored in the conventional portable storage may be unlimitedly copied, modified, and deleted by a person having the portable storage, a demand for a security method of the portable storage increases.
  • the security method using the bio-information needs an apparatus for recognizing the bio-information and needs a lot of computation for analyzing the bio- information
  • the portable storage becomes complex and a cost of the portable storage increases.
  • a security method using computation power of a host by software for cost reduction is disclosed, however, a hazard of software hacking still remains.
  • the security method of assigning the secret number to the portable storage has a possibility that the secret number may be exposed by carelessness of the user.
  • the conventionally-disclosed security methods may not know whether the data stored in the portable storage is leaked to others. Also, the conventionally-disclosed security methods may access the data stored in the portable storage by decoding the secret number by generating all possible secret numbers, or using the bio-information forged in advance.
  • the data may be accessed by separating a memory chip from the portable storage and directly reading the memory chip.
  • the present specification discloses a storage security apparatus and method which can strengthen security of a portable storage without increasing costs.
  • the example of present invention provides an apparatus and method of authenticating an access to data stored in a storage using a network.
  • the example of present invention also provides a system and method of authenticating whether an access to data stored in a storage is possible, and storing an access record of the storage in an authentication server when power is applied to the storage.
  • the example of present invention also provides an apparatus and method of verifying whether the data stored in a storage is accessed by another person when the storage is lost or stolen.
  • a storage security apparatus including: a host interface unit transceiving data to/from a host; a storage storing the data received via the host interface unit; and an authentication unit receiving authentication information via a network, and authenticating an access to the storage based on the received authentication information.
  • a storage security system including: an authentication server; and a storage requesting authentication information to authentication server via a network, and when the storage requests the authentication information, the authentication server transmits the authentication information to the storage via the network, and the storage receives the transmitted authentication information and determines whether to transmit data to a host based on the received authentication information.
  • a storage security method which controls access to a storage transceiving data with a host, the method including: requesting authentication information to authentication server via a network; receiving the requested authentication information; and determining whether to transmit data to the host based on the received authentication information.
  • an apparatus and method of authenticating an access to data stored in a storage using a network there is provided an apparatus and method of authenticating an access to data stored in a storage using a network.
  • an apparatus and method of verifying whether data stored in a storage is accessed by another person when the storage is lost or stolen is provided.
  • FIG. 1 is a diagram illustrating a storage security system according to an exemplary embodiment of the present invention
  • FIG. 2 is a diagram illustrating a storage security apparatus 200 according to another exemplary embodiment of the present invention
  • FIG. 3 is a flowchart illustrating a storage security method according to an exemplary embodiment of the present invention.
  • FIG. 4 is a flowchart illustrating a storage security method according to another exemplary embodiment of the present invention.
  • FJG. 1 is a diagram illustrating a storage security system according to an exemplary embodiment of the present invention.
  • the storage security system includes an authentication server 110 and a storage 130.
  • the storage 130 requests authentication information to the authentication server 110 via a mobile network 120.
  • the authentication server 110 transmits the authentication information to the storage 130 via the mobile network 120.
  • the authentication information corresponding to the storage 130 is stored in the authentication server 110 in advance.
  • the authentication server 110 may update the authentication information corresponding to the storage 130 as required.
  • the storage 130 ⁇ receives the transmitted authentication information, and determines whether to transmit data to a host based on the received authentication information.
  • the mobile network 120 may be a mobile network based on a cellular scheme.
  • the mobile network 120 may be at least one of a Code Division Multiple Access (CDMA) network and a Global System for Mobile communication (GSM) network.
  • CDMA Code Division Multiple Access
  • GSM Global System for Mobile communication
  • the storage security system maintains security of the data of the storage 130 by using at least one of the CDMA network and the GSM network in which an accessible range are widest from among current mobile communication methods even though the storage 130 accesses the host from anywhere.
  • the authentication server 110 may store a record of the request.
  • the record of the request may include a date and a time in which the storage 130 requests the authentication information.
  • the record of the request may also include location information, and a current location of the storage 130 may be traced based on the location information.
  • the authentication server 110 stores the record of the request of the authentication information from the storage 130 when a third person makes an attempt to access the storage 130.
  • the legitimate user can know a fact that the third person attempted to access the storage 130, a date of the attempted access, a time of the attempted access, and a location of the attempted access based on the record of the request of the authentication information from the storage 130, the record being stored in the authentication server 110.
  • the legitimate user may report identification information and a fact of either loss or theft to the authentication server 110 and block an access of the third person to the storage 130.
  • the authentication server 110 transmits the authentication information including contents of "access denied" to the storage 130.
  • the storage 130 may block an access of the host to the storage 130, thereby blocking an access of the third person to the storage 130.
  • the storage 130 may request the authentication information to the authentication server 110.
  • the storage 130 may request the authentication information when the power is applied to the storage 130, a record of an access attempt to the storage 130 remains in the authentication server 110.
  • the storage 130 may request the authentication information to the authentication server.
  • the authentication server 110 may store a record of the attempted access for each access attempt to the storage 130.
  • authentication process via the network is automatically performed by hardware inside the storage in the present invention, a user cannot intervene in an authentication process. Accordingly, a user cannot deceptively imitate authentication.
  • the authentication information since the authentication information is not accessed by user, the authentication information may not be easily exposed.
  • FIG. 2 is a diagram illustrating a storage security apparatus 200 according to an exemplary embodiment of the present invention.
  • the storage security apparatus 200 includes a host interface unit 210, a control unit 220, an authentication unit 230, and a storage 240.
  • the host interface unit 210 transmits data to a host, and receives the data from the host.
  • the storage 240 stores the data received via the host interface unit 210.
  • the storage 240 transmits the data corresponding to the read command, to the host interface unit 210.
  • the authentication unit 230 receives authentication information via a network, and authenticates an access to the storage 240 based on the received authentication information.
  • the authentication unit 230 requests the authentication information to an authentication server via the network. In this instance, the authentication unit 230 receives the requested authentication information from the authentication server.
  • the authentication unit 230 may request the authentication information to the authentication server.
  • each time a host accesses the storage 240 the authentication unit 230 may request the authentication information to the authentication server.
  • the control unit 220 determines whether to transmit the data stored in the storage 240 to the host, based on the authentication information received by the authentication unit 230.
  • the control unit 220 receives the data to be stored in the storage 240 from the host interface unit 210.
  • the control unit 220 stores the data in the storage 240 by encrypting the data received from the host interface unit 210. Security of the data stored in the storage 240 may be strengthened by data encryption process of the control unit 220.
  • the authentication information includes information about whether an access to the storage 240 is permitted. When the authentication information received by the authentication unit 230 is "access denied", the authentication unit 230 may determine that authentication of the host access to the storage 240 fails. When the authentication information received by the authentication unit 230 is "access denied", the control unit 220 prevents the data stored in the storage 240 from being transmitted to the host.
  • the authentication unit 230 may determine that authentication of the host access to the storage 240 succeeds. When the authentication information received by the authentication unit 230 is "access permitted", the control unit 220 may transmit the data stored in the storage 240 to the host.
  • an authentication process is automatically performed by the authentication unit 230 and the control unit 220, and a record of an access of the authentication unit 230 to the network is stored in the authentication server. Accordingly, since a user cannot intervene in the authentication process, authentication may not be deceptively imitated, and the authentication information may be securely protected.
  • the stored data with encryption may not be analyzed even when the third person forcibly separates and reads a memory chip of the storage
  • FIG. 3 is a flowchart illustrating a storage security method according to an exemplary embodiment of the present invention.
  • the storage security method controls an access to a storage transmitting data to a host and receiving the data from the host.
  • the storage security method requests an authentication information to an authentication server via a network.
  • the storage security method receives the requested authentication information from the authentication server.
  • the storage security method determines whether to transmit data to the host, based on the received authentication information.
  • the storage security method determines whether the received authentication information is "storage access permitted".
  • the storage security method transmits the data to the host.
  • the storage security method senses a power applied to storage.
  • the storage security method when the storage security method senses the power applied to the storage, the storage security method requests authentication information to an authentication server via a network.
  • the storage security method when the authentication information is requested, stores a record of a request to the authentication server.
  • the storage security method may be implemented as program instructions which can be executed on various types of computers and may be recorded in computer-readable media.
  • the media may also include, alone or in combination with the program instructions, data files, data structures, and the like.
  • the program instructions recoded in the said media may be those specially designed and constructed for the purposes of the present invention, or they may be of the kind well-known and available to those having skill in the computer software arts.
  • Examples of computer-readable media include magnetic media such as hard disks, floppy disks, and magnetic tape; optical media such as CD ROM disks and DVD; magneto-optical media such as optical disks; and memory devices that are specially configured to store and perform program instructions, such as read-only memory (ROM), random access memory (RAM), flash memory, and the like.
  • Examples of program instructions include both machine code, such as produced by a compiler, and files containing higher level code that may be executed by the computer using an interpreter.
  • the described hardware devices may be configured as one or more software modules in order to perform the operations of the above-described, embodiments of the present invention, vice versa.

Abstract

A storage security apparatus and method are provided. The storage security apparatus includes: a host interface unit transceiving data to/from a host; a storage storing the data received via the host interface unit; and an authentication unit receiving authentication information via a network, and authenticating an access to the storage based on the received authentication information. The storage security apparatus may authenticate an access to the data of the storage using the network. Also, when the storage is lost or stolen, whether another person accesses the storage may be verified by storing a record of an access to the storage in an authentication server during an authentication process of the storage.

Description

STORAGE SECURITY SYSTEMAND METHOD USING COMMUNICATION
NETWORK
Technical Field The present invention relates to a storage security apparatus and method, and more particularly, to security of at least one of a mobile storage and a portable storage. This work was supported by the IT R&D program of MIC/IITA. [2006-S-040-01, Development of Flash Memory-based Embedded Multimedia Software]
Background Art
\ storage storing data may be a magnetic disk, a semiconductor memory and the like. As the storage has been miniaturized due to improvement of storage manufacturing technology, various types of portable storages are developed.
A Universal Serial Bus (USB) memory drive having an interface of a USB scheme, a Secure Digital (SD) card, an external hard disk drive, a micro drive, and the like are widely used as the portable storages.
A μser of a portable storage may conveniently store a large amount of data in the portable storage, however, when the user loses the portable storage, a finder may easily access the data stored in the portable storage. Specifically, since the data stored in the conventional portable storage may be unlimitedly copied, modified, and deleted by a person having the portable storage, a demand for a security method of the portable storage increases.
Recently, a security method of assigning a secret number to the portable storage and disabling access to the data when a wrong secret number is inputted, and a security method using bio-information including fingerprint identification, iris identification, and the like in order to access the data stored in the portable storage are disclosed.
Since the security method using the bio-information needs an apparatus for recognizing the bio-information and needs a lot of computation for analyzing the bio- information, the portable storage becomes complex and a cost of the portable storage increases. A security method using computation power of a host by software for cost reduction is disclosed, however, a hazard of software hacking still remains.
The security method of assigning the secret number to the portable storage has a possibility that the secret number may be exposed by carelessness of the user.
Also, when the portable storage is lost or stolen, the conventionally-disclosed security methods may not know whether the data stored in the portable storage is leaked to others. Also, the conventionally-disclosed security methods may access the data stored in the portable storage by decoding the secret number by generating all possible secret numbers, or using the bio-information forged in advance.
Also, another person who has the lost or stolen portable storage may unlimitedly make an attempt for various methods in order to access the data stored in the portable storage. For example, the data may be accessed by separating a memory chip from the portable storage and directly reading the memory chip.
The present specification discloses a storage security apparatus and method which can strengthen security of a portable storage without increasing costs.
Disclosure of Invention Technical Goals
The example of present invention provides an apparatus and method of authenticating an access to data stored in a storage using a network.
The example of present invention also provides a system and method of authenticating whether an access to data stored in a storage is possible, and storing an access record of the storage in an authentication server when power is applied to the storage.
The example of present invention also provides an apparatus and method of verifying whether the data stored in a storage is accessed by another person when the storage is lost or stolen.
Technical solutions
According to an aspect of the present invention, there is provided a storage security apparatus including: a host interface unit transceiving data to/from a host; a storage storing the data received via the host interface unit; and an authentication unit receiving authentication information via a network, and authenticating an access to the storage based on the received authentication information.
According to another aspect of the present invention, there is provided a storage security system including: an authentication server; and a storage requesting authentication information to authentication server via a network, and when the storage requests the authentication information, the authentication server transmits the authentication information to the storage via the network, and the storage receives the transmitted authentication information and determines whether to transmit data to a host based on the received authentication information.
According to still another aspect of the present invention, there is provided a storage security method which controls access to a storage transceiving data with a host, the method including: requesting authentication information to authentication server via a network; receiving the requested authentication information; and determining whether to transmit data to the host based on the received authentication information.
Advantageous Effects
According to the example of the present invention, there is provided an apparatus and method of authenticating an access to data stored in a storage using a network.
Also, according to the example of the present invention, there is provided a system and method of authenticating whether an access to data stored in a storage is possible and storing an access record of the storage in an authentication server when a power is applied to the storage.
Also, according to the example of the present invention, there is provided an apparatus and method of verifying whether data stored in a storage is accessed by another person when the storage is lost or stolen.
Brief Description of Drawings
FIG. 1 is a diagram illustrating a storage security system according to an exemplary embodiment of the present invention;
FIG. 2 is a diagram illustrating a storage security apparatus 200 according to another exemplary embodiment of the present invention; FIG. 3 is a flowchart illustrating a storage security method according to an exemplary embodiment of the present invention; and
FIG. 4 is a flowchart illustrating a storage security method according to another exemplary embodiment of the present invention.
Best Mode for Carrying Out the Invention
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the like elements throughout. The embodiments are described below in order to explain the present invention by referring to the figures.
FJG. 1 is a diagram illustrating a storage security system according to an exemplary embodiment of the present invention. Referring to FIG. 1, the storage security system includes an authentication server 110 and a storage 130.
The storage 130 requests authentication information to the authentication server 110 via a mobile network 120. When the storage 130 requests the authentication information, the authentication server 110 transmits the authentication information to the storage 130 via the mobile network 120.
The authentication information corresponding to the storage 130 is stored in the authentication server 110 in advance. The authentication server 110 may update the authentication information corresponding to the storage 130 as required.
The storage 130^ receives the transmitted authentication information, and determines whether to transmit data to a host based on the received authentication information.
Depending on exemplary embodiments, the mobile network 120 may be a mobile network based on a cellular scheme.
Depending on exemplary embodiments, the mobile network 120 may be at least one of a Code Division Multiple Access (CDMA) network and a Global System for Mobile communication (GSM) network.
The storage security system maintains security of the data of the storage 130 by using at least one of the CDMA network and the GSM network in which an accessible range are widest from among current mobile communication methods even though the storage 130 accesses the host from anywhere.
When the storage 130 requests the authentication information, the authentication server 110 may store a record of the request. The record of the request may include a date and a time in which the storage 130 requests the authentication information. The record of the request may also include location information, and a current location of the storage 130 may be traced based on the location information.
If a legitimate user's storage 130 is lost or stolen, the authentication server 110 stores the record of the request of the authentication information from the storage 130 when a third person makes an attempt to access the storage 130. The legitimate user can know a fact that the third person attempted to access the storage 130, a date of the attempted access, a time of the attempted access, and a location of the attempted access based on the record of the request of the authentication information from the storage 130, the record being stored in the authentication server 110.
When a legitimate user's storage 130 is lost or stolen, the legitimate user may report identification information and a fact of either loss or theft to the authentication server 110 and block an access of the third person to the storage 130.
When the third person makes the attempt to access the storage 130 after an access of the third person to the storage 130 is blocked, the authentication server 110 transmits the authentication information including contents of "access denied" to the storage 130.
When the storage 130 receives the authentication information including the contents of "access denied", the storage 130 may block an access of the host to the storage 130, thereby blocking an access of the third person to the storage 130.
Depending on exemplary embodiments, when the storage 130 is connected with the host and power is applied from the host to the storage 130, the storage 130 may request the authentication information to the authentication server 110. In this instance, by requesting the authentication information when the power is applied to the storage 130, a record of an access attempt to the storage 130 remains in the authentication server 110.
Depending on exemplary embodiments, each time the host attempts to access the data stored in the storage 130, the storage 130 may request the authentication information to the authentication server. In this case, the authentication server 110 may store a record of the attempted access for each access attempt to the storage 130.
If a network is the mobile network of the cellular scheme such as the CDMA network and the GSM network, the authentication server 110 may determine a spatial location of a cell in which the storage 130 is currently located. Accordingly, the authentication server 110 may be aware of a time when the attempt to access the storage 130 is made, and the spatial location. Referring to the access record stored in the authentication server 110, the legitimate user may know the time and the place in which the attempt to access the storage 130 is made.
Since authentication process via the network is automatically performed by hardware inside the storage in the present invention, a user cannot intervene in an authentication process. Accordingly, a user cannot deceptively imitate authentication.
And also since the authentication information is not accessed by user, the authentication information may not be easily exposed.
Also, since the present invention may be applied with other conventionally disclosed storage security schemes, a security function may be strengthened.
The host includes all terminals accessing the data stored in the storage 130 including a personal computer, a work station, a desktop computer, a laptop computer, a personal digital assistant, and the like.
FIG. 2 is a diagram illustrating a storage security apparatus 200 according to an exemplary embodiment of the present invention.
Referring to FIG. 2, the storage security apparatus 200 includes a host interface unit 210, a control unit 220, an authentication unit 230, and a storage 240. The host interface unit 210 transmits data to a host, and receives the data from the host.
The storage 240 stores the data received via the host interface unit 210. When the storage 240 receives a read command from the host interface unit 210, the storage 240 transmits the data corresponding to the read command, to the host interface unit 210. The authentication unit 230 receives authentication information via a network, and authenticates an access to the storage 240 based on the received authentication information. The authentication unit 230 requests the authentication information to an authentication server via the network. In this instance, the authentication unit 230 receives the requested authentication information from the authentication server. Depending on exemplary embodiments, when power is applied to the storage security apparatus 200, the authentication unit 230 may request the authentication information to the authentication server. Depending on exemplary embodiments, each time a host accesses the storage 240, the authentication unit 230 may request the authentication information to the authentication server.
When the authentication unit 230 requests the authentication information to the authentication server, a record of a request is stored in the authentication server. The record of the request includes a date and a time in which the request exists. Also, the record of the request includes a place in which the request was made.
The control unit 220 determines whether to transmit the data stored in the storage 240 to the host, based on the authentication information received by the authentication unit 230. The control unit 220 receives the data to be stored in the storage 240 from the host interface unit 210. The control unit 220 stores the data in the storage 240 by encrypting the data received from the host interface unit 210. Security of the data stored in the storage 240 may be strengthened by data encryption process of the control unit 220. The authentication information includes information about whether an access to the storage 240 is permitted. When the authentication information received by the authentication unit 230 is "access denied", the authentication unit 230 may determine that authentication of the host access to the storage 240 fails. When the authentication information received by the authentication unit 230 is "access denied", the control unit 220 prevents the data stored in the storage 240 from being transmitted to the host.
When the authentication information received by the authentication unit 230 is
"access permitted", the authentication unit 230 may determine that authentication of the host access to the storage 240 succeeds. When the authentication information received by the authentication unit 230 is "access permitted", the control unit 220 may transmit the data stored in the storage 240 to the host.
According to the present invention, in an access authentication of the storage 240, an authentication process is automatically performed by the authentication unit 230 and the control unit 220, and a record of an access of the authentication unit 230 to the network is stored in the authentication server. Accordingly, since a user cannot intervene in the authentication process, authentication may not be deceptively imitated, and the authentication information may be securely protected.
Also, since the authentication process of the authentication unit 230 and the control unit 220 is processed in hardware, a risk of software hacking is minimized.
Also, since the authentication server is managed by a network service provider, a third person cannot imitate an authentication environment. Since the control unit
220 encrypts and stores the data, the stored data with encryption may not be analyzed even when the third person forcibly separates and reads a memory chip of the storage
240.
FIG. 3 is a flowchart illustrating a storage security method according to an exemplary embodiment of the present invention.
The storage security method controls an access to a storage transmitting data to a host and receiving the data from the host.
Referring to FIG. 3, in operation S310, the storage security method requests an authentication information to an authentication server via a network.
In- operation S320, the storage security method receives the requested authentication information from the authentication server. The storage security method determines whether to transmit data to the host, based on the received authentication information.
In operation S330,, the storage security method determines whether the received authentication information is "storage access permitted".
In operation S340, when the received authentication information is "storage access permitted", the storage security method transmits the data to the host.
In operation S350, when the received authentication information is different from "storage access permitted", the storage security method prohibits an access of the host to the storage.
Depending on exemplary embodiments, when the authentication information is requested from the authentication server, the storage security method may store a record of a request to the authentication server.
Depending on exemplary embodiments, in operation S310, when the host accesses the data stored in the storage, the authentication information may be requested to the authentication server. FIG. 4 is a flowchart illustrating a storage security method according to another exemplary embodiment of the present invention.
Referring to FIG. 4, in operation S410, the storage security method senses a power applied to storage.
In operation S420, when the storage security method senses the power applied to the storage, the storage security method requests authentication information to an authentication server via a network. In operation S470, when the authentication information is requested, the storage security method stores a record of a request to the authentication server.
In operation S430, the storage security method receives the authentication information from the authentication server via a network.
In operation S440, the storage security method determines whether the received authentication information is "storage access permitted".
In operation S450, when the received authentication information is "storage access permitted", the storage security method permits the host access to the storage.
In operation S460, when the received authentication information is different from "storage access permitted", the storage security method prohibits the host access to the storage.
The storage security method, according to the exemplary embodiments of the present invention, may be implemented as program instructions which can be executed on various types of computers and may be recorded in computer-readable media. The media may also include, alone or in combination with the program instructions, data files, data structures, and the like. The program instructions recoded in the said media, may be those specially designed and constructed for the purposes of the present invention, or they may be of the kind well-known and available to those having skill in the computer software arts. Examples of computer-readable media include magnetic media such as hard disks, floppy disks, and magnetic tape; optical media such as CD ROM disks and DVD; magneto-optical media such as optical disks; and memory devices that are specially configured to store and perform program instructions, such as read-only memory (ROM), random access memory (RAM), flash memory, and the like. Examples of program instructions include both machine code, such as produced by a compiler, and files containing higher level code that may be executed by the computer using an interpreter. The described hardware devices may be configured as one or more software modules in order to perform the operations of the above-described, embodiments of the present invention, vice versa. The foregoing descriptions of specific embodiments of the present invention have been presented for purposes of illustration and description. They are not intended to be exhaustive or to limit the invention to the precise forms disclosed, and obviously many modifications and variations are possible in light of the above teaching. Therefore, it is intended that the scope of the invention be defined by the claims appended thereto and their equivalents.
Although a few embodiments of the present invention have been shown and described, the present invention is not limited to the described embodiments. Instead, it would be appreciated by those skilled in the art that changes may be made to these embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.

Claims

1. A storage security apparatus comprising: a host interface unit transceiving data to/from a host; a storage storing the data received via the host interface unit; and an authentication unit receiving authentication information via a network, and authenticating the access to the storage based on the received authentication information.
2. The apparatus of claim 1, further comprising: a control unit determining whether to transmit the data stored in the storage to the host based on the authentication information.
3. The apparatus of claim 2, wherein the control unit encrypts the data received from the host interface unit, and stores the encrypted data in the storage.
4. The apparatus of claim 1, wherein the authentication unit requests the authentication information to an authentication server via the network, and receives the authentication information from the authentication server.
5. The apparatus of claim 4, wherein, when power is applied, the authentication unit requests the authentication information.
6. The apparatus of claim 4, wherein, when the authentication unit requests the authentication information to the authentication server, a record of the request is stored in the authentication server.
7. The apparatus of claim 6, wherein the record of the request includes at least one of a date, a time, and a place where the request was made.
8. The apparatus of claim 1, wherein the authentication information includes information about whether an access to the storage is permitted.
9. A storage security system comprising: an authentication server; and a storage requesting authentication information to the authentication server via a network, and when the storage requests the authentication information, the authentication server transmits the authentication information to the storage via the network, and the storage receives the transmitted authentication information and determines whether to transmit data to a host, based on the received authentication information.
10. The system of claim 9, wherein, when the storage requests the authentication information, the authentication server stores a record of the request.
11. The system of claim 9, wherein, when power is applied, the storage requests authentication information to the authentication server.
12. The system of claim 9, wherein the network is a mobile network based on a cellular scheme.
13. A storage security method which controls an access to a storage transceiving data with a host, the method comprising: requesting authentication information to an authentication server via a network; receiving the requested authentication information; and determining whether to transmit data to the host based on the received authentication information.
14. The method of claim 13, wherein, when power is applied to the storage, the requesting requests the authentication information to the authentication server.
15. The method of claim 13, wherein, when the host accesses the data stored in the storage, the requesting requests the authentication information to the authentication server.
16. The method of claim 13 , further comprising: storing a record of a request via the authentication server when the authentication information is requested from the authentication server.
17. A computer-readable recording medium storing a program for implementing the method according to any one of claims 13 through 16.
PCT/KR2007/006295 2007-11-22 2007-12-06 Storage security system and method using communication network WO2009066826A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2007-0119851 2007-11-22
KR1020070119851A KR20090053162A (en) 2007-11-22 2007-11-22 Storage security system and method using communication network

Publications (1)

Publication Number Publication Date
WO2009066826A1 true WO2009066826A1 (en) 2009-05-28

Family

ID=40667639

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2007/006295 WO2009066826A1 (en) 2007-11-22 2007-12-06 Storage security system and method using communication network

Country Status (2)

Country Link
KR (1) KR20090053162A (en)
WO (1) WO2009066826A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040092525A (en) * 2003-04-24 2004-11-04 엔에이치엔(주) Management apparatus and system for contents of mobile terminal
KR20050054507A (en) * 2003-12-05 2005-06-10 주식회사 넥스모빌 A offer method of a storage service using an wireless network
KR100651611B1 (en) * 2005-07-22 2006-12-01 프롬투정보통신(주) Safe control method when detecting the access to storage media
US20070074292A1 (en) * 2005-09-28 2007-03-29 Hitachi, Ltd. Management of encrypted storage networks
US20070101143A1 (en) * 2003-11-13 2007-05-03 Yoshiaki Iwata Semiconductor memory card

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040092525A (en) * 2003-04-24 2004-11-04 엔에이치엔(주) Management apparatus and system for contents of mobile terminal
US20070101143A1 (en) * 2003-11-13 2007-05-03 Yoshiaki Iwata Semiconductor memory card
KR20050054507A (en) * 2003-12-05 2005-06-10 주식회사 넥스모빌 A offer method of a storage service using an wireless network
KR100651611B1 (en) * 2005-07-22 2006-12-01 프롬투정보통신(주) Safe control method when detecting the access to storage media
US20070074292A1 (en) * 2005-09-28 2007-03-29 Hitachi, Ltd. Management of encrypted storage networks

Also Published As

Publication number Publication date
KR20090053162A (en) 2009-05-27

Similar Documents

Publication Publication Date Title
US11151231B2 (en) Secure access device with dual authentication
CN100421102C (en) Digital rights management structure, portable storage device, and contents management method using the portable storage device
CN108604982B (en) Method for operating a data security system and data security system
US20080022415A1 (en) Authority limit management method
US11962694B2 (en) Key pair generation based on environmental factors
CN102521165A (en) Security U disk and recognition method and device thereof
KR20070039528A (en) Data management method, program thereof, and program recording medium
JP2007034875A (en) Use management method for peripheral, electronic system and constituent device therefor
JP2013545195A (en) Bound data card and mobile host authentication method, apparatus and system
US6976172B2 (en) System and method for protected messaging
CN101320355B (en) Memory device, storing card access apparatus and its read-write method
JP2001504611A (en) Method for securing and controlling access to information from a computer platform having a microcomputer
JP4993114B2 (en) Shared management method for portable storage device and portable storage device
CN110807186B (en) Method, device, equipment and storage medium for safe storage of storage equipment
CN101883357A (en) Method, device and system for mutual authentication between terminal and intelligent card
CN110851881B (en) Security detection method and device for terminal equipment, electronic equipment and storage medium
JP3698693B2 (en) Access control apparatus and computer program thereof
KR100676086B1 (en) Secure data storage apparatus, and access control method thereof
WO2009066826A1 (en) Storage security system and method using communication network
JP4388040B2 (en) Unauthorized connection prevention system, unauthorized connection prevention method, user terminal, and program for user terminal
WO2009005296A2 (en) System and method for processing certification of digital contents and computer-readable medium having thereon program performing function embodying the same
KR20050049973A (en) Method for controlling store of mobile storage and terminal using this
KR101460297B1 (en) Removable storage media control apparatus for preventing data leakage and method thereof
EP2104054A2 (en) Separated storage of data and key necessary to access the data
US11971967B2 (en) Secure access device with multiple authentication mechanisms

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07851267

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07851267

Country of ref document: EP

Kind code of ref document: A1