KR101632541B1 - Method for Service File Security Using Universal Subscriber Identity Module - Google Patents

Method for Service File Security Using Universal Subscriber Identity Module Download PDF

Info

Publication number
KR101632541B1
KR101632541B1 KR1020150148010A KR20150148010A KR101632541B1 KR 101632541 B1 KR101632541 B1 KR 101632541B1 KR 1020150148010 A KR1020150148010 A KR 1020150148010A KR 20150148010 A KR20150148010 A KR 20150148010A KR 101632541 B1 KR101632541 B1 KR 101632541B1
Authority
KR
South Korea
Prior art keywords
mobile terminal
server
security
usim card
file
Prior art date
Application number
KR1020150148010A
Other languages
Korean (ko)
Inventor
한남석
Original Assignee
한남석
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한남석 filed Critical 한남석
Priority to KR1020150148010A priority Critical patent/KR101632541B1/en
Application granted granted Critical
Publication of KR101632541B1 publication Critical patent/KR101632541B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security

Abstract

The present invention relates to a service method and a system for protecting a file including various types of documents, pictures, videos, or so forth, stored in a smartphone or a cloud server. The method comprises: a step (a) of making a telecommunication company subscriber to use a mobile terminal to connect a telecommunication company server in order to download and install a security applet; a step (b) of registering an identification of a USIM card in the telecommunication company server; a step (c) of making the telecommunication company server to transmit the received USIM card identification to a security server and generating personalized data through the security server; a step (d) of making the mobile terminal to receive the personalized data including a master key to store the personalized data in the USIM card; a step (e) of making the mobile terminal to download and install a security application, when the master key is stored in the USIM card; a step (f) of encrypting an object file; a step (g) of making the mobile terminal to upload the encrypted file to a cloud server and downloading the encrypted file through the cloud server under a request of the mobile terminal; and a step (h) of decrypting the downloaded encrypted file. According to the present invention, even if the encrypted file is leaked, content is unable to be recovered so that the subscriber may safely store a file, while enjoying subscriber convenience.

Description

[0001] The present invention relates to a file security service method using a USIM (Universal Subscriber Identity Module)

BACKGROUND OF THE INVENTION 1. Field of the Invention [0001] The present invention relates to a method of providing file security services using a USIM, and more particularly, to a service method for protecting various documents stored in a smart phone or a cloud server,

In the past, various files stored in a smart phone or a cloud server, pictures, videos, etc. are often hacked or leaked and illegally distributed. For example, a case in which various personal information of an individual is exposed or distributed, such as an exposure photograph of an entertainer stored in a cloud server is hacked and distributed, or a cloud server account of a security company is leaked, have.

In order to prevent this, various methods of securing the file information stored in the smart phone, the cloud server, and the like are performed, but the effectiveness is low.

Korean Registered Patent No. 10-1293260 (Announcement 2013.08.09)

SUMMARY OF THE INVENTION The present invention has been made to solve the above problems, and it is an object of the present invention to provide a mobile terminal and a mobile terminal, which can issue and store a cipher key on a USIM card installed in the mobile terminal and store the encrypted file in a mobile terminal or a cloud server using a cipher key, The purpose of the file security service is to provide a file security service that can not be restored or checked even if the file is hacked or leaked.

(A) downloading and installing a security applet connected to a mobile communication company server by a mobile terminal owned by a mobile communication subscriber; (b) registering an ID of a Universal Subscriber Identity Module (USIM) card in a mobile communication company server using the security applet installed in the mobile terminal; (c) the mobile communication company server transmits the ID of the USIM card received from the mobile terminal to the security server, and the security server receives the master key from the KMS (Key Management System) to generate personalization data; (d) receiving the personalization data including the master key from the security server via the OTA (over the air), and storing the received personalization data in the USIM card; (e) when the mobile terminal stores a master key in a USIM card, downloading and installing a security application from a mobile communication company server; (f) encrypting the target file using the security application when the encryption target file stored in the mobile terminal is selected by the mobile communication subscriber; (g) uploading the encrypted file to the cloud server and storing the encrypted file in the mobile terminal, and allowing the cloud server to download the encrypted file at the request of the mobile terminal, and (h) And decrypting the encrypted file downloaded from the cloud server by using the stored master key.

Further, in the present invention, in the step (f), the mobile terminal may further include a step of encrypting and deleting the target file.

Also, in the present invention, the mobile terminal may further include a step of displaying the decrypted file as visible information.

Also, in the present invention, the KMS may further include backing up the generated master key to HSM (Hierarchical Storage Management) and storing the master key.

In addition, the present invention provides a security system for a mobile communication terminal, comprising: a USIM card installed in a mobile terminal, in which a security applet downloaded from a mobile communication company server is installed and a master key received from a security server is stored; A mobile communication company server transmitting the security applet and security application to the mobile terminal, receiving and registering the ID of the USIM card installed in the mobile terminal, and transmitting the ID of the USIM card to the security server; A security server for receiving the ID of the USIM card from the mobile communication company server and generating personalized data using a master key of the KMS and storing the generated personalization data in a USIM card installed in the mobile terminal; A KMS for generating and transmitting a master key to the security server, and a cloud server for storing the encrypted file uploaded from the mobile terminal and transmitting the stored file to the mobile terminal. Feature.

According to the present invention, contents are not recoverable even if an encrypted file is leaked by issuing and storing an encryption key in a USIM card installed in a mobile terminal of a subscriber of a mobile communication company, encrypting various files and storing them in a mobile terminal or a cloud server, To provide secure file storage and to provide subscriber convenience for mobile communication companies and to provide high-tech security services that can increase sales.

1 is a block diagram illustrating a file security service system using a USIM according to an embodiment of the present invention.
2 is a flowchart illustrating a file security service method using a USIM according to the present invention.

Hereinafter, a file security service system using a USIM according to the present invention will be described in detail with reference to the accompanying drawings.

1, the mobile terminal 10 is possessed by a subscriber of a mobile communication company providing various mobile communication services, and includes, for example, a smart phone or a feature phone. The mobile terminal 10 is equipped with a USIM card 11. That is, the USIM card 11 is installed in the mobile terminal 10, and a security applet downloaded from the mobile communication company server 20 is installed, and the master key received from the security server 30 is stored . A security applet is a software component that runs in another program, such as a web browser or control panel, and is a kind of small communication program created in Java that is inserted into the home page source of the Internet. The security applet is smaller and smaller than a regular program so that it does not eat too much of the transmission time. Here, the SIM (Subscriber Identity Module) is a module in the form of a card that stores personal information so as to provide a variety of services such as authentication, charging, and security functions to a subscriber in a mobile phone. UICC (Universal Integrated Circuit Card) Card, USIM application that can load various application service applications such as banking, securities, credit card, and electronic money. Therefore, Universal Subscriber Identity Module (USIM) is a combination of SIM card and UICC with subscriber information. It is a one card implementation of various functions such as user authentication, global roaming, and e-commerce. SIM is an extended standard.

The mobile communication company server 20 transmits a security applet to the mobile terminal 10 so that the security applet is installed in the USIM card 11 and transmits the security application to be installed in the mobile terminal 10. [ The mobile communication company server 20 receives and registers the ID of the USIM card 11 mounted on the mobile terminal 10 and transmits the ID of the USIM card to the security server 30. [

The security server 30 receives the ID of the USIM card 11 from the mobile communication company server 20 and generates personalization data using the master key of the KMS 40 and transmits the personalization data to the USIM card 11 mounted on the mobile terminal 10 . In addition, the KMS 40 generates and transmits a master key to the security server 30. In addition, the HSM (hierarchical storage management) 45 backs up and stores the master key generated by the KMS 40.

The cloud server 50 stores the encrypted file uploaded from the mobile terminal 10 and transmits the stored file to the mobile terminal 10. The clouding service of the cloud server 50 can store various contents such as photos, documents, and videos in the cloud server 50 to a mobile terminal subscriber in a mobile communication company, and can access the Internet to be used in various devices such as a notebook or a smart phone Service.

A file security service method using the USIM according to the present invention will now be described with reference to FIG.

In FIG. 2, the mobile terminal 10 held by the subscriber of the mobile communication company accesses the mobile communication company server 20 and downloads the security applet (S1). The mobile terminal 10 installs the downloaded security applet on the USIM card 11 (S2). Then, the mobile terminal 10 transmits the unique ID of the USIM card 11 to the mobile communication company server 20 using the installed security applet (S3).

The mobile communication company server 20 transmits the ID of the USIM card 11 received from the mobile terminal 10 to the security server 30 (S4). In addition, the security server 30 receives the master key generated from the KMS 40 (S5). That is, the security server 30 receives the master key corresponding to the USIM card 11 ID of the corresponding mobile terminal 10 from the KMS 40, respectively. At this time, the master key generated by the KMS 40 is backed up and stored in the HSM (Hierarchical Storage Management) Then, the security server 30 generates personalization data corresponding to the ID of the USIM card 11 (S6). The mobile terminal 10 receives the personalization data including the master key from the security server 30 via the OTA and stores the personalization data in the USIM card 11 (S7).

When the master key is stored in the USIM card 11 (S8), the mobile terminal 10 downloads and installs the security application from the mobile communication company server 20 (S9). When the encryption target file stored in the mobile terminal 10 is selected by the mobile communication company subscriber, the mobile terminal 10 encrypts the target file using the security application (S10). At this time, the mobile terminal 10 can delete the target file after encrypting it.

Next, the mobile terminal 10 uploads the encrypted file to the cloud server 50 to be stored (S11). The cloud server 50 allows the encrypted file requested by the mobile terminal 10 to be downloaded (S12). Moreover, the encrypted file can be stored in the mobile terminal 10. The mobile terminal 10 decrypts the encrypted file downloaded from the cloud server 50 using the master key stored in the USIM card 11 (S13). The mobile terminal 10 can display the decrypted file as visible information through display or transmit it to another device.

Therefore, according to the file security service method using the USIM of the present invention, after a master key corresponding to the ID of the USIM card installed in the mobile terminal of the mobile communication subscriber is issued and stored, the content including various documents, So that it is not possible to decrypt the file without the master key stored in the USIM card, so that even if hacking or leakage occurs, the contents can not be checked, so that the file information of the individual can not be viewed or distributed without permission There is one advantage.

While the invention has been shown and described with respect to the specific embodiments thereof, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined by the appended claims. Anyone who has it will know it easily.

10: mobile terminal 11: USIM card 20: mobile communication company server 30: security server 40: KMS 45: HSM 50:

Claims (5)

A USIM card installed in the mobile terminal, in which an applet downloaded from the mobile communication company server is installed and a master key received from the security server is stored; A mobile communication company server transmitting applet and security application to the mobile terminal, receiving and registering the ID of the USIM card installed in the mobile terminal, and transmitting the ID of the USIM card to the security server; A security server for receiving the ID of the USIM card from the mobile communication company server and generating personalized data using a master key of the KMS and storing the generated personalization data in a USIM card installed in the mobile terminal; A KMS for generating and transmitting a master key to the security server; An HSM for backing up and storing a master key generated by the KMS, and a cloud server for storing the encrypted file uploaded from the mobile terminal and transmitting the stored file to the mobile terminal. As a result,
(a) connecting a mobile terminal held by a mobile communication subscriber to a mobile communication company server to download and install a security applet;
(b) registering an ID of a Universal Subscriber Identity Module (USIM) card in a mobile communication company server using the security applet installed in the mobile terminal;
(c) The mobile communication company server transmits the ID of the USIM card received from the mobile terminal to the security server, and the security server receives the master key from the KMS (Key Management System) to generate personalization data. Backing up the key to HSM (Hierarchical Storage Management) and storing the key;
(d) receiving the personalization data including the master key from the security server via the OTA (over the air), and storing the received personalization data in the USIM card;
(e) when the mobile terminal stores a master key in a USIM card, downloading and installing a security application from a mobile communication company server;
(f) encrypting the target file using the security application when the encryption target file stored in the mobile terminal is selected by the mobile communication subscriber, the mobile terminal encrypting the target file after the encryption;
(g) allowing the mobile terminal to upload the encrypted file to the cloud server and store the encrypted file, and allowing the cloud server to download the encrypted file at the request of the mobile terminal;
(h) the mobile terminal decrypts the encrypted file downloaded from the cloud server using the master key stored in the USIM card, and
(i) the mobile terminal displays the decrypted file as visible information.
delete delete delete delete
KR1020150148010A 2015-10-23 2015-10-23 Method for Service File Security Using Universal Subscriber Identity Module KR101632541B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150148010A KR101632541B1 (en) 2015-10-23 2015-10-23 Method for Service File Security Using Universal Subscriber Identity Module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150148010A KR101632541B1 (en) 2015-10-23 2015-10-23 Method for Service File Security Using Universal Subscriber Identity Module

Publications (1)

Publication Number Publication Date
KR101632541B1 true KR101632541B1 (en) 2016-06-21

Family

ID=56354075

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150148010A KR101632541B1 (en) 2015-10-23 2015-10-23 Method for Service File Security Using Universal Subscriber Identity Module

Country Status (1)

Country Link
KR (1) KR101632541B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019216847A3 (en) * 2017-11-17 2020-01-02 Turkcell Teknoloji Arastirma Ve Gelistirme Anonim Sirketi A sim-based data security system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130031435A (en) * 2011-09-21 2013-03-29 주식회사 팬택 Method and apparatus for generating and managing of encryption key portable terminal
KR101293260B1 (en) 2011-12-14 2013-08-09 한국전자통신연구원 Mobile communication terminal and method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130031435A (en) * 2011-09-21 2013-03-29 주식회사 팬택 Method and apparatus for generating and managing of encryption key portable terminal
KR101293260B1 (en) 2011-12-14 2013-08-09 한국전자통신연구원 Mobile communication terminal and method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Pearson et al., "A Privacy Manager for Cloud Computing.", Cloud Computing. Springer Berlin Heidelberg, 90-106, 2009.* *
아이마켓코리아, "[기업보안] 암호화키 관리의 중요성/보안키 관리 시스템(KMS)", 인터넷 블로그(http://itblog.imarketkorea.com/20), 2014.06.25.* *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019216847A3 (en) * 2017-11-17 2020-01-02 Turkcell Teknoloji Arastirma Ve Gelistirme Anonim Sirketi A sim-based data security system

Similar Documents

Publication Publication Date Title
US10223096B2 (en) Logging operating system updates of a secure element of an electronic device
US9118662B2 (en) Method and system for distributed off-line logon using one-time passwords
EP2765750A1 (en) Controlling application access to mobile device functions
CN109039652B (en) Digital certificate generation and application method
CA3186475A1 (en) Transaction messaging
US9942047B2 (en) Controlling application access to mobile device functions
CA3058012C (en) Cryptography chip with identity verification
US11095620B1 (en) Secure method, system, and computer program product for exchange of data
US11405782B2 (en) Methods and systems for securing and utilizing a personal data store on a mobile device
CN103973646A (en) Method, client device and system for storing services by aid of public cloud
KR101660674B1 (en) an NFC mobile phone ID card certification system by the using of HCE function
US20160210596A1 (en) Method, device and system for controlling presentation of application
JP5781678B1 (en) Electronic data utilization system, portable terminal device, and method in electronic data utilization system
KR101473656B1 (en) Method and apparatus for security of mobile data
US20150074415A1 (en) Image Verification By An Electronic Device
KR101680536B1 (en) Method for Service Security of Mobile Business Data for Enterprise and System thereof
KR101632541B1 (en) Method for Service File Security Using Universal Subscriber Identity Module
Lee et al. An NFC Anti-Counterfeiting framework for ID verification and image protection
CN110008654B (en) Electronic file processing method and device
JP5678150B2 (en) User terminal, key management system, and program
CN108875437A (en) A kind of ID card information querying method and system
EP3975015B1 (en) Applet package sending method and device and computer readable medium
KR20110035759A (en) Method and system for issuing of mobile application
KR100753829B1 (en) Mobile reader and contents server having contents security function, and method in mobile reader
CN114218536A (en) Resource request method and system

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20190401

Year of fee payment: 4