KR101769370B1 - Method and apparatus for protecting data of usb storage - Google Patents

Abstract

The present invention relates to a method for allowing access to a USB storage device for protecting data stored in the USB storage device, and a device and a USB storage device therefor.
More particularly, the present invention relates to a method for protecting information stored in the USB storage device or the device by determining whether or not mutual access is allowed through an authentication process for security when a USB storage device is connected to an arbitrary device And a method of operating the device. When a device is connected to a USB storage device, the device information is received from the connected USB storage device to search for the USB storage device as a secure USB storage device, Receives a certificate, transmits a second certificate to the USB storage device, receives an acknowledgment signal, and determines whether to permit access to the USB storage device through an authentication process.
In this manner, in order to determine whether or not the device is allowed to access the connected USB storage device, the device certificate stored in the device and the USB storage device certificate connected to the USB storage device are all checked, So that the data stored in the USB storage device can be thoroughly protected.

Description

METHOD AND APPARATUS FOR PROTECTION DATA OF USB STORAGE FIELD OF THE INVENTION [0001]

The present invention relates to a method for protecting data stored in a USB storage device and a device therefor, and more particularly, to a method for allowing access to a USB storage device capable of improving data stability and a device and a USB storage device .

More particularly, the present invention relates to a method for protecting information stored in the USB storage device or the device by determining whether or not mutual access is allowed through an authentication process for security when a USB storage device is connected to an arbitrary device Device and an operation method thereof.

2. Description of the Related Art In recent years, a new type of storage device that can replace a conventional hard disk drive, a home (Zip) drive, a CD drive, and a floppy disk drive has been proposed. (Hereinafter referred to as "USB storage device") is being spotlighted. The USB storage device typically has a flash memory as a data storage means and is connected to a USB interface configured in a conventional computer. Since the USB storage device does not require a separate power source and can be driven without a separate hardware drive as in other conventional storage devices, the USB storage device has been spreading rapidly in recent years. In particular, the recently introduced computer operating system (OS) has a driverless function that allows the USB memory device to recognize the USB memory device immediately without installing any separate driving software (driving driver) .

However, personal information stored in a USB storage device having such characteristics must be protected due to the importance of security and privacy. Accordingly, in the prior art, there is a security method of a USB storage device capable of protecting data stored therein by controlling access from the outside by setting a security on a USB storage device and requesting a password input, Lt; / RTI > However, in the related art, there is a problem that data can not be protected if a password is leaked or the user can not remember it.

In addition, various devices can be connected to various external devices by improving the performance of various devices and diversifying functions, and various extension terminals such as USB (Universal Serial Bus), PCMCIA, Firewire, and IEEE 1394 Devices. In particular, the USB connection terminal is one of the most widely used expansion terminals, and is used as various storage media such as a USB memory and a USB HDD (Hard Disk Drive).

However, the conventional devices and USB storage devices are difficult to set up to protect stored data when a plurality of users use devices and USB storage devices, or exchange data stored in the USB storage devices, There was an impossible problem.

Therefore, in order to solve the problem of the conventional device, when a separate external device is connected to the device, the device and the USB storage device can restrict access to data stored in the external device through a predetermined authentication procedure There is an urgent need to develop a data security method for a USB storage device and a device or USB storage device using the method.

It is an object of the present invention to provide a data security method of a USB storage device and a device using the method, which can prevent security and privacy leakage of a user.

It is another object of the present invention to provide a device and a method of operating the same that are capable of protecting data stored in a USB storage device from access by a third party.

According to another aspect of the present invention, there is provided a method of authenticating a USB storage device in a device, the method comprising: transmitting a device information request signal to the connected USB storage device when connection to the USB storage device is detected; ; Retrieving, when receiving the device information, whether the USB storage device is a secure USB storage device, based on the received device information; Transmitting a first certificate request signal to the USB storage device when the USB storage device is a secure USB storage device; Transmitting the second certificate to the USB storage device when receiving a second certificate request signal from the USB storage device; And allowing access to the USB storage device if a second certificate confirmation signal is received from the USB storage device and the first certificate matches the pre-stored authentication information.

According to another aspect of the present invention, there is provided a device connected to a USB storage device, the device transmitting a device information request signal to the connected USB storage device when a USB storage device is connected, A USB interface unit for transmitting and receiving data to and from the connected USB storage device; A storage unit for storing a first certificate, a second certificate and authentication information received from the USB storage device; An authentication unit for verifying whether the received first certificate and the authentication information stored in the storage unit match when the first certificate is received through the USB interface unit; And if the device information is received from the USB interface unit, the USB storage device searches for a secure USB storage device based on the received device information, and if the USB storage device is a secure USB storage device, Transmitting a second certificate request signal to the USB storage device, receiving a second certificate request signal from the USB storage device, transmitting the second certificate to the USB storage device, receiving a second certificate confirmation signal from the USB storage device, And a control unit for controlling access to the USB storage device when authentication information is confirmed in the authentication unit.

According to another aspect of the present invention, there is provided a USB storage device capable of security setting, the USB storage device being connected to a device, transmitting a first certificate to the connected device, An interface unit for receiving the data; A storage unit for storing the first certificate, the second certificate and the authentication information; An authentication unit for verifying whether the authentication information stored in the storage unit matches the received second certificate when the second certificate is received through the interface unit; And a controller for controlling access to the device when the second certificate is confirmed.

According to the embodiment of the present invention, when the USB storage device is connected to the device, the device checks the device certificate stored in the device and the USB storage device certificate connected to the USB storage device to determine whether to allow access to the connected USB storage device It is possible to securely protect the data stored in the USB storage device, since access to the USB storage device is permitted only when the certificates are all matched.

Meanwhile, according to another embodiment of the present invention, various user interfaces can be provided in the process of authenticating the USB storage device in the device, so that the convenience for the user can be increased.

1 is a diagram schematically showing another example of an entire broadcast system including a device according to another embodiment of the present invention.
FIG. 2 is a diagram illustrating an embodiment in which the device and the USB storage device shown in FIG. 1 are authenticated.
3 is a view showing in greater detail another example of the device shown in Fig.
FIG. 4 and FIG. 5 are views showing any one of the devices according to the embodiments of the present invention as a set-top box and a display device.
6 is a diagram for explaining a process in which any one of the devices according to the embodiments of the present invention communicates with third devices.
7 is a flowchart illustrating an authentication process of a device and a USB storage device according to an embodiment of the present invention.
8 is a flowchart illustrating a process of allowing access to a USB storage device in a device according to an exemplary embodiment of the present invention.
9 is a flowchart illustrating a process of allowing access to a device in a USB storage device according to an embodiment of the present invention.
10 is a block diagram illustrating an internal structure of a device according to an embodiment of the present invention.
11 is a block diagram illustrating an internal structure of a USB storage device according to an embodiment of the present invention.
12 to 13 are views showing a display screen including an authentication progress notification message according to an embodiment of the present invention.
14 is a view illustrating a display screen including an authentication completion message according to an embodiment of the present invention.
15 is a view illustrating a display screen including an authentication failure message according to an embodiment of the present invention.
16 is a view illustrating a display screen including a first certificate selection menu according to an embodiment of the present invention.
17 is a view illustrating a display screen including a second certificate selection menu according to an embodiment of the present invention.
18 is a view illustrating a display screen including an authentication failure message according to an embodiment of the present invention.
19 is a view showing a display screen including a menu for setting an external device connection mode according to an embodiment of the present invention.
20 is a flowchart illustrating a process of registering a USB storage device in a device according to an embodiment of the present invention.
21 to 23 are views showing a display screen including a certificate selection menu according to an embodiment of the present invention.

Hereinafter, the present invention will be described in more detail with reference to the drawings.

The suffix "module" and " part "for components used in the following description are given merely for ease of description, and the" module "and" part "

Meanwhile, the device described in this specification is an intelligent device that adds a computer support function to a broadcast reception function, for example, and is equipped with an internet function while being faithful to a broadcast reception function, so that a handwriting input device, a touch screen, It can be equipped with a more convenient interface. With the support of wired or wireless internet function, it can be connected to internet and computer and can perform functions such as e-mail, web browsing, banking or game. A standardized general-purpose OS can be used for these various functions.

Accordingly, the device described in the present invention can be freely added or deleted from various applications, for example, on a general-purpose OS kernel, so that various user-friendly functions can be performed. More specifically, the device may be, for example, a network TV, an HBBTV, a smart TV, or the like, and may be applied to a smartphone in some cases.

BRIEF DESCRIPTION OF THE DRAWINGS The above and other features and advantages of the present invention will be more apparent from the following detailed description taken in conjunction with the accompanying drawings, in which: FIG.

As used herein, the terminology used herein generally refers to general terms that are widely used while taking into consideration the functions of the present invention, but this may vary depending on the intention or custom of a technician working in the field or the emergence of new technology. In addition, in certain cases, there may be a term arbitrarily selected by the applicant, in which case the meaning thereof will be described in the description of the corresponding invention. Therefore, it is intended that the terminology used herein should be interpreted based on the meaning of the term rather than on the name of the term, and on the entire contents of the specification.

FIG. 1 is a diagram schematically illustrating an example of an overall security system including a device 100 according to an embodiment of the present invention.

1, an overall security system including a device according to an exemplary embodiment of the present invention includes a USB storage device 200, a service provider 300, and a content provider (CP) Can be distinguished.

The device 100 may include, for example, a network TV, a smart TV, an IPTV, and the like.

The USB storage device 200 is a storage device connectable to the device 100 through a USB interface terminal. The USB storage device 200 may include various devices capable of storing data such as a USB memory and a USB HDD (Hard Disk Drive).

The content provider 400 produces and provides various contents. The content provider 400 may include a terrestrial broadcaster, a cable SO (System Operator) or a MSO (Multiple System Operator), a satellite broadcaster, an Internet broadcaster, Etc. may be exemplified.

In addition, the content provider 400 may provide various applications in addition to the broadcast content.

The service provider 300 may provide the contents provided by the contents provider 400 as a service package. For example, the service provider 300 of FIG. 1 may package and provide a first terrestrial broadcast, a second terrestrial broadcast, a cable MSO, a satellite broadcast, various Internet broadcasts, and applications to a user.

Meanwhile, the service provider 300 can provide a service to the device 100 using a unicast or multicast scheme. The unicast method is a method of transmitting data 1: 1 between one sender and one receiver. For example, in a unicast method, when a receiver requests data from a server, the server can transmit data to the receiver upon request. The multicast method is a method of transmitting data to a plurality of receivers of a specific group. For example, the server can transmit data to a plurality of pre-registered receivers at once. An Internet Group Management Protocol (IGMP) protocol may be used for multicast registration.

A network provider (not shown) may provide a network for providing services to the client 100. The device 100 may be provided with a service by building a home network end user (HNED).

As a means for protecting contents transmitted in the device system as described above, conditional access or content protection can be used. As an example of such restriction reception or content protection, a scheme such as a cable card (CableCARD) and a DCAS (Downloadable Conditional Access System) may be used.

On the other hand, the device 100 is also capable of providing contents via a network. In this case, contrary to the above, conversely, the device 100 may be a content provider, and the content provider 400 may receive content from the device 100. In this case, there is an advantage that an interactive content service or a data service is possible.

FIG. 2 is a diagram illustrating an embodiment in which the device and the USB storage device shown in FIG. 1 are authenticated.

According to the embodiment, the device 100 may store the security SDK and the authentication agent in the storage unit 101. [

A security SDK (Software Development Kit) is a set of development tools that allow an application program for security setting to be created in the device 100, and is configured to restrict access to an external device from a device through a security SDK previously stored in the device .

In addition, when the device 100 is set to security, the authentication agent can perform an operation of confirming that the external device connected to the device is an external device authenticated according to the stored security setting.

That is, according to the embodiment, when the encrypted certificate is received from the USB storage device 200 connected to the device 100, the authentication agent decrypts the received certificate, The security setting of the USB storage device can be checked.

In addition, the storage unit 101 for storing the security SDK and the authentication agent may be provided in a specific area within the control unit (CPU) of the device 100 in order to protect security setting related data.

 According to the embodiment, the USB storage device 200 may store the security module and the device certificate in the storage unit 201.

The security module is a module for controlling security settings in the USB storage device 200.

That is, according to the embodiment, when the USB storage device 200 is connected to the device 100 and a signal for accessing the file stored in the USB storage device 200 is received at the video display time 100, The module may request certificate and device information from the device 100 and thereby determine whether the device 100 conforms to a predetermined security setting.

The device certificate may store information on the USB storage device and predetermined security information, and may be encrypted and stored in the storage unit 201 to protect the information stored in the device certificate.

In addition, the security module and the device certificate storage unit 201 may be provided in a specific area within the control unit (CPU) of the USB storage device 200 in order to protect security setting related data.

According to an embodiment of the present invention, when transmitting a device certificate request signal to the USB storage device 200 in the device 100, the USB storage device stores the stored device certificate between the device 100 and the USB storage device 200 (500).

The authentication protocol may include various protocols for data security such as Secure Socket Layer (SSL), Transport Layer Security (TLS), Secure HyperText Transfer Protocol (SHTTP), and Secure File Transfer Protocol (SFTP).

In addition, in order to prevent leakage of security data while the certificate is being transmitted, the certificate may be transmitted in an encrypted state. The encrypted certificate may be decrypted by the authentication agent of the device to confirm the security setting.

FIG. 3 is a detailed view of an example of the device shown in FIG. 1 and FIG. 2. Referring to FIG.

3, a device 100 according to an embodiment of the present invention includes a broadcast receiving unit 105, an external device interface unit 135, a storage unit 140, a user input interface unit 150, 170, a display unit 180, an audio output unit 185, a power supply unit 190, and a photographing unit (not shown). The broadcast receiving unit 105 may be a video display device including a tuner 110, a demodulating unit 120, and a network interface unit 130.

3, a case where the device according to the embodiment of the present invention is an image display device will be described as an example.

The video display device can be designed so as not to include the network interface unit 130 while having the tuner 110 and the demodulator 120 according to the need, 110 and the demodulation unit 120 are not included.

The tuner 110 selects an RF broadcast signal corresponding to a channel selected by the user or all previously stored channels among RF (Radio Frequency) broadcast signals received through the antenna. Also, the selected RF broadcast signal is converted into an intermediate frequency signal, a baseband image, or a voice signal.

For example, if the selected RF broadcast signal is a digital broadcast signal, it is converted into a digital IF signal (DIF). If the selected RF broadcast signal is an analog broadcast signal, it is converted into an analog baseband image or voice signal (CVBS / SIF). That is, the tuner 110 can process both a digital broadcast signal and an analog broadcast signal. The analog baseband video or audio signal (CVBS / SIF) output from the tuner 110 can be directly input to the controller 170.

Also, the tuner 110 can receive RF carrier signals of a single carrier according to an Advanced Television System Committee (ATSC) scheme or RF carriers of a plurality of carriers according to a DVB (Digital Video Broadcasting) scheme.

Meanwhile, the tuner 110 sequentially selects RF broadcast signals of all the broadcast channels stored through the channel memory function among the RF broadcast signals received through the antenna, and converts the RF broadcast signals into an intermediate frequency signal, a baseband image, or a voice signal have.

The demodulator 120 receives the digital IF signal DIF converted by the tuner 110 and performs a demodulation operation.

For example, when the digital IF signal output from the tuner 110 is the ATSC scheme, the demodulator 120 performs 8-VSB (8-Vestigal Side Band) demodulation, for example. Also, the demodulation unit 120 may perform channel decoding. To this end, the demodulator 120 includes a trellis decoder, a de-interleaver, and a reed solomon decoder to perform trellis decoding, deinterleaving, Solomon decoding can be performed.

For example, when the digital IF signal output from the tuner 110 is a DVB scheme, the demodulator 120 performs CODDMA (Coded Orthogonal Frequency Division Modulation) demodulation, for example. Also, the demodulation unit 120 may perform channel decoding. For this, the demodulator 120 may include a convolution decoder, a deinterleaver, and a reed-solomon decoder to perform convolutional decoding, deinterleaving, and reed solomon decoding.

The demodulation unit 120 may perform demodulation and channel decoding, and then output a stream signal TS. At this time, the stream signal may be a signal in which a video signal, a voice signal, or a data signal is multiplexed. For example, the stream signal may be an MPEG-2 TS (Transport Stream) multiplexed with an MPEG-2 standard video signal, a Dolby AC-3 standard audio signal, or the like. Specifically, the MPEG-2 TS may include a header of 4 bytes and a payload of 184 bytes.

Meanwhile, the demodulating unit 120 may be separately provided according to the ATSC scheme and the DVB scheme. That is, it can be provided as an ATSC demodulation unit and a DVB demodulation unit.

The stream signal output from the demodulation unit 120 may be input to the controller 170. The control unit 170 performs demultiplexing, video / audio signal processing, and the like, and then outputs the video to the display unit 180 and audio to the audio output unit 185.

The external device interface unit 135 can connect the external device and the device 100. [ To this end, the external device interface unit 135 may include an A / V input / output unit (not shown) or a wireless communication unit (not shown).

The external device interface unit 135 can be connected to an external device such as a DVD (Digital Versatile Disk), a Blu ray, a game device, a camera, a camcorder, a computer (notebook) The external device interface unit 135 transmits external video, audio, or data signals to the controller 170 of the device 100 through the connected external device. Also, the control unit 170 can output the processed video, audio, or data signal to the connected external device. To this end, the external device interface unit 135 may include an A / V input / output unit (not shown) or a wireless communication unit (not shown).

The A / V input / output unit includes a USB terminal, a CVBS (Composite Video Banking Sync) terminal, a component terminal, an S-video terminal (analog), a DVI (Digital) Visual Interface) terminal, an HDMI (High Definition Multimedia Interface) terminal, an RGB terminal, a D-SUB terminal, and the like.

The wireless communication unit can perform short-range wireless communication with other electronic devices. The device 100 may include, for example, Bluetooth, Radio Frequency Identification (RFID), Infrared Data Association (UDA), Ultra Wideband (UWB), ZigBee, Digital Living Network Alliance May be networked with other electronic devices in accordance with the communication standard of

Also, the external device interface unit 135 may be connected to various set-top boxes via at least one of the various terminals described above to perform input / output operations with the set-top box.

Meanwhile, the external device interface unit 135 may receive the application or application list in the adjacent external device, and may transmit the received application or application list to the control unit 170 or the storage unit 140.

The external device interface unit 135 may include a USB interface unit connected to any USB storage device and capable of transmitting and receiving data in association with an embodiment of the present invention.

The USB interface unit may transmit a request signal for device information to the connected USB storage device and transmit / receive data to / from the connected USB storage device when the USB storage device is connected to the USB interface unit. The device information may include a serial number of the USB storage device.

The network interface unit 130 provides an interface for connecting the device 100 to a wired / wireless network including the Internet network. The network interface unit 130 may include an Ethernet terminal or the like for connection to a wired network and may be a WLAN (Wireless LAN) (Wi- Fi wireless broadband (Wibro), World Interoperability for Microwave Access (Wimax), and HSDPA (High Speed Downlink Packet Access) communication standards.

The network interface unit 130 can transmit or receive data with other users or other electronic devices via a network connected thereto or another network linked to the connected network. Particularly, it is possible to transmit some content data stored in the device 100 to another user registered in advance in the device 100 or to a selected user or selected electronic device among other electronic devices.

On the other hand, the network interface unit 130 can access a predetermined web page through the connected network or another network linked to the connected network. That is, it is possible to access a predetermined web page through a network and transmit or receive data with the server. In addition, content or data provided by a content provider or a network operator can be received. That is, it can receive contents such as a movie, an advertisement, a game, a VOD, a broadcast signal, and related information provided from a content provider or a network provider through a network. In addition, the update information and the update file of the firmware provided by the network operator can be received. It may also transmit data to the Internet or a content provider or network operator.

In addition, the network interface unit 130 can select and receive a desired application among applications open to the public via a network.

The storage unit 140 may store a program for each signal processing and control in the control unit 170 or may store the processed video, audio, or data signals.

The storage unit 140 may also function to temporarily store video, audio, or data signals input from the external device interface unit 135 or the network interface unit 130. In addition, the storage unit 140 may store information on a predetermined broadcast channel through the channel memory function.

The storage unit 140 may store a list of applications or applications input from the external device interface unit 135 or the network interface unit 130. [

Also, with respect to the embodiment of the present invention, the storage unit 140 may store the first certificate, the second certificate, and the authentication information received from the USB storage device through the external device interface unit 135. [ The first certificate may be a certificate including information on the USB storage device, and the second certificate may include a certificate including information on the device.

Also, according to the embodiment, the storage unit 140 may store security software for confirming security settings.

Also, the storage unit 140 may be included in a specific secured area in the controller 170. [ This will be described in detail below with reference to FIG.

The storage unit 140 may be a flash memory type, a hard disk type, a multimedia card micro type, a card type memory (for example, SD or XD Memory, etc.), RAM, ROM (EEPROM, etc.), and the like. The device 100 may reproduce and provide a content file (a moving image file, a still image file, a music file, a document file, an application file, etc.) stored in the storage unit 140 to a user.

FIG. 3 shows an embodiment in which the storage unit 140 is provided separately from the control unit 170, but the scope of the present invention is not limited thereto. The storage unit 140 may be included in the controller 170.

The user input interface unit 150 transmits a signal input by the user to the control unit 170 or a signal from the control unit 170 to the user.

For example, the user input interface unit 150 may be configured to turn on / off the power, select the channel, and display the screen from the remote control device 200 according to various communication methods such as a radio frequency (RF) communication method and an infrared Or a control signal from the control section 170 to the remote control apparatus 200. The remote control apparatus 200 may be configured to receive the control signal from the control section 170,

Also, for example, the user input interface unit 150 can transmit a control signal input from a local key (not shown) such as a power key, a channel key, a volume key, and a set value to the controller 170.

For example, the user input interface unit 150 may transmit a control signal input from a sensing unit (not shown) that senses a user's gesture to the control unit 170, or may sense a signal from the control unit 170 (Not shown). Here, the sensing unit (not shown) may include a touch sensor, an audio sensor, a position sensor, an operation sensor, and the like.

The control unit 170 demultiplexes the input stream or processes the demultiplexed signals through the tuner 110 or the demodulation unit 120 or the external device interface unit 135 to generate a signal for video or audio output Can be generated and output.

The video signal processed by the controller 170 may be input to the display unit 180 and displayed as an image corresponding to the video signal. The video signal processed by the controller 170 may be input to the external output device through the external device interface 135. [

The audio signal processed by the control unit 170 may be output to the audio output unit 185 through audio. The voice signal processed by the control unit 170 may be input to the external output device through the external device interface unit 135.

In addition, the control unit 170 can control the overall operation in the device 100. [ For example, the control unit 170 may control the tuner 110 to control the tuner 110 to select an RF broadcast corresponding to a channel selected by the user or a previously stored channel.

In addition, the controller 170 may control the device 100 according to a user command or an internal program input through the user input interface unit 150. In particular, the user can connect to the network and download a list of applications or applications desired by the user to the device 100.

For example, the controller 170 controls the tuner 110 to input a signal of a selected channel according to a predetermined channel selection command received through the user input interface unit 150. And processes video, audio or data signals of the selected channel. The control unit 170 allows the display unit 180 or the audio output unit 185 to output the video or audio signal processed by the user through the channel information or the like selected by the user.

For example, the control unit 170 may control the operation of the external device through the external device interface unit 135, for example, a camera or a camcorder, according to an external device video playback command received through the user input interface unit 150 So that the video signal or the audio signal of the audio signal output through the display unit 180 or the audio output unit 185 can be outputted.

Meanwhile, the control unit 170 may control the display unit 180 to display an image. For example, a broadcast image input through the tuner 110, an external input image input through the external device interface unit 135, an image input through the network interface unit, or an image stored in the storage unit 140 , And display on the display unit 180 can be controlled. At this time, the image displayed on the display unit 180 may be a still image or a moving image, and may be a 2D image or a 3D image.

Also, the control unit 170 can control to reproduce the content. The content at this time may be content stored in the device 100, received broadcast content, or external input content input from the outside. The content may be at least one of a broadcast image, an external input image, an audio file, a still image, a connected web screen, and a document file.

On the other hand, when entering the application view item, the control unit 170 can control to display a list of applications or applications that can be downloaded from the device 100 or from an external network.

The control unit 170 can control, in addition to various user interfaces, to install and operate an application downloaded from the external network. Further, it is possible to control so that an image related to the executed application is displayed on the display unit 180 by the user's selection.

Although not shown in the drawing, a channel browsing processing unit for generating a channel signal or a thumbnail image corresponding to an external input signal may be further provided.

The channel browsing processing unit receives the stream signal TS output from the demodulation unit 120 or the stream signal output from the external device interface unit 135 and extracts an image from an input stream signal to generate a thumbnail image . The generated thumbnail image may be directly or encoded and input to the controller 170. In addition, the generated thumbnail image may be encoded in a stream format and input to the controller 170. The control unit 170 may display a thumbnail list having a plurality of thumbnail images on the display unit 180 using the input thumbnail images. On the other hand, the thumbnail images in this thumbnail list can be updated in sequence or simultaneously. Accordingly, the user can easily grasp the contents of a plurality of broadcast channels.

The display unit 180 converts an image signal, a data signal, an OSD signal processed by the control unit 170 or a video signal and a data signal received from the external device interface unit 135 into R, G, and B signals, respectively Thereby generating a driving signal.

The display unit 180 may be a PDP, an LCD, an OLED, a flexible display, a 3D display, or the like.

Meanwhile, the display unit 180 may be configured as a touch screen and used as an input device in addition to the output device.

The audio output unit 185 receives a signal processed by the control unit 170, for example, a stereo signal, a 3.1 channel signal, or a 5.1 channel signal, and outputs it as a voice. The voice output unit 185 may be implemented by various types of speakers.

As described above, the device 100 may further include a sensing unit (not shown) having at least one of a touch sensor, a voice sensor, a position sensor, and an operation sensor to detect a user's gesture. A signal sensed by a sensing unit (not shown) may be transmitted to the controller 170 through the user input interface unit 150.

On the other hand, a photographing unit (not shown) for photographing a user may be further provided. The image information photographed by the photographing unit (not shown) may be input to the control unit 170.

The control unit 170 may sense the gesture of the user by combining the images photographed by the photographing unit (not shown) or the signals sensed by the sensing unit (not shown).

In addition, according to the embodiment, the control unit 170 may further include an authentication unit (not shown) for performing authentication according to a predetermined security setting.

When the first certificate is received through the external device interface unit 135, the authentication unit (not shown) can check whether the received first certificate matches the authentication information stored in the storage unit 140. [

The authentication unit (not shown) loads the security software in the storage unit 140, decrypts the first certificate through the loaded security software, authenticates the decrypted first certificate and the security software You can verify that the information is consistent.

In addition, according to the embodiment, when the device information is received at the external device interface unit 135, the control unit 170 searches the USB storage device for a secure USB storage device based on the received device information Transmits the first certificate request signal to the USB storage device when the USB storage device is a secure USB storage device and transmits the second certificate to the USB storage device when receiving the second certificate request signal from the USB storage device A second certificate confirmation signal is received from the USB storage device, and when the authentication information is confirmed in the authentication unit, the access control unit can control access to the USB storage device.

Also, the control unit 170 may search for the connected USB storage device as a secure USB storage device based on the serial number included in the device information.

The control unit 170 mounts the file system of the USB storage device in the file system of the device and confirms the file stored in the USB storage device when the confirmation process is completed through the first certificate and the second certificate To allow access.

The power supply unit 190 supplies the corresponding power supply throughout the device 100.

Particularly, it is possible to supply power to a control unit 170 that can be implemented in the form of a system on chip (SOC), a display unit 180 for displaying an image, and an audio output unit 185 for audio output .

To this end, the power supply unit 190 may include a converter (not shown) for converting the AC power into DC power. Meanwhile, for example, when the display unit 180 is implemented as a liquid crystal panel having a plurality of backlight lamps, an inverter (not shown) that can perform a PWM operation for variable luminance or dimming driving is further provided It is possible.

The remote control apparatus 200 transmits the user input to the user input interface unit 150. [ To this end, the remote control apparatus 200 can use Bluetooth, RF (radio frequency) communication, infrared (IR) communication, UWB (Ultra Wideband), ZigBee, or the like.

Also, the remote control apparatus 200 can receive the video, audio or data signal output from the user input interface unit 150 and display it on the remote control apparatus 200 or output sound or vibration.

The above-described device 100 may be a fixed type, at least one of digital broadcasting of the ATSC system (8-VSB system), digital broadcasting of the DVB-T system (COFDM system), digital broadcasting of the ISDB- And may be a digital broadcast receiver capable of receiving one.

Meanwhile, the block diagram of the device 100 shown in FIG. 3 is a block diagram for one embodiment of the present invention. Each component of the block diagram may be integrated, added, or omitted depending on the specifications of the device 100 that is actually implemented. That is, two or more constituent elements may be combined into one constituent element, or one constituent element may be constituted by two or more constituent elements, if necessary. In addition, the functions performed in each block are intended to illustrate the embodiments of the present invention, and the specific operations and apparatuses do not limit the scope of the present invention.

3, the device 100 does not include the tuner 110 and the demodulation unit 120 shown in FIG. 3, and the network interface unit 130 or the external device interface unit 135 It is also possible to receive and reproduce the image content.

Meanwhile, according to an embodiment of the present invention, the device 100 may further include a certificate storage unit (not shown) and a security software storage unit (not shown). The certificate storage unit, the security software storage unit, and the process of the device performing authentication with an external device using the same will be described in detail with reference to FIG.

Meanwhile, the device 100 is an example of an image signal processing apparatus that performs signal processing of an image stored in the apparatus or an input image. Another example of the image signal processing apparatus includes a display unit 180 shown in FIG. 3, A set top box excluding the audio output unit 185, a DVD player, a Blu-ray player, a game device, a computer, and the like may be further exemplified. The set-top box will be described with reference to Figs. 4 and 5 below.

FIG. 4 and FIG. 5 are diagrams showing one of the devices according to the embodiments of the present invention as a set-top box and a display device.

Referring to Fig. 4, the set-top box 250 and the display device 300 can transmit or receive data by wire or wireless.

The set top box 250 may include a network interface unit 255, a storage unit 258, a signal processing unit 260, a user input interface unit 263, and an external device interface unit 265.

The network interface unit 255 provides an interface for connection to a wired / wireless network including the Internet network. It can also transmit or receive data to other users or other electronic devices via the connected network or other network linked to the connected network.

The storage unit 258 may store a program for each signal processing and control in the signal processing unit 260 or may store a video, It may perform a function for temporary storage of a signal.

The signal processing unit 260 performs signal processing of an input signal. For example, it is possible to demultiplex or decode an input video signal, and perform demultiplexing or decoding of an input audio signal. To this end, a video decoder or a voice decoder may be provided. The processed video signal or audio signal can be transmitted to the display device 300 through the external device interface unit 265. [

The user input interface unit 263 transfers a signal input by the user to the signal processing unit 260 or a signal from the signal processing unit 260 to the user. For example, various control signals, such as power on / off, operation input, and setting input, input through a local key (not shown) or the remote control device 200, may be received and transmitted to the signal processing unit 260.

The external device interface unit 265 provides an interface for transmitting or receiving data with an external device connected by wire or wirelessly. In particular, it provides an interface for transmitting or receiving data with the display device 300. It is also possible to provide an interface for data transmission or reception with an external device such as a game device, a camera, a camcorder, a computer (notebook computer) or the like.

The set-top box 250 may further include a media input unit (not shown) for playing a separate media. An example of such a media input unit is a Blu-ray input unit (not shown) or the like. That is, the set-top box 250 can include a Blu-ray player. The input media such as a Blu-ray disc can be transmitted to the display device 300 via the external device interface 265 for display after signal processing such as demultiplexing or decoding in the signal processor 260 .

The display device 300 includes a tuner 270, an external device interface unit 273, a demodulator 275, a storage unit 278, a control unit 280, a user input interface unit 283, a display unit 290, And an audio output unit 295, as shown in FIG.

The tuner 270, the demodulation unit 275, the storage unit 278, the control unit 280, the user input interface unit 283, the display unit 290, and the audio output unit 295, The user interface unit 150, the display unit 180, and the audio output unit 185 of the tuner 110, the demodulator 120, the storage unit 140, the controller 170, .

On the other hand, the external device interface unit 273 provides an interface for data transmission or reception with an external device connected by wire or wirelessly. In particular, it provides an interface for data transmission or reception with the set-top box 250.

Accordingly, the video signal or the audio signal input through the set top box 250 is output through the display unit 180 or the audio output unit 185 via the control unit 170.

5, the set-top box 250 and the display device 300 are the same as the set-top box 250 and the display device 300 shown in FIG. 4 except that the tuner 270 and the multi- There is a difference in that the position of the projection 275 is located in the set-top box 250 rather than in the display device 300. [ Hereinafter, the difference will be mainly described.

The signal processing unit 260 may perform signal processing of a broadcast signal received through the tuner 270 and the demodulation unit 275. Also, the user input interface unit 263 can receive inputs such as channel selection, channel storage, and the like.

6 is a block diagram illustrating an internal structure of a device according to an embodiment of the present invention.

In particular, this figure shows only the configuration for performing the authentication process for the USB storage device among the configurations of the devices shown in FIGS. 1 and 3.

According to the embodiment, the device 1001 may include an external device interface unit 1005 that can be connected to a predetermined external device. In the present invention, the external device interface is described as being configured in the USB (Universal Serial Bus) format. However, in consideration of those skilled in the art, it is clear that the external device interface unit may be configured in various input / output forms such as Firewire, IEEE 1394, and PCMCIA as well as the USB format.

In addition, it may include a certificate storage unit 1002. As shown in FIG. 3, the device may include a storage unit 140, and the certificate storage unit 1002 may be included in the storage unit 140.

The certificate storage unit 1002 may be configured as a separate storage area other than the storage unit 140 in order to restrict the device certificate stored in the certificate storage unit from connection with another external device. In other words, it may be included in a specific area within the control unit 1004.

 When a predetermined USB storage device is connected to the device and an authentication process is performed, the security software storage unit 1003 decrypts the certificate received from the USB storage device, and based on the decrypted information, May be stored.

The control unit 1004 can control each module of the device.

According to the embodiment of the present invention, when the USB storage device is connected through the external device interface unit 1005, the control unit 1004 receives a USB storage device connection signal from the USB storage device through the external device interface unit The USB storage device transmits a request signal of the USB storage device certificate to the USB storage device.

When the USB storage device certificate is received according to the request signal, security software is loaded in the security software storage unit 1003 to decrypt the received USB storage device certificate, and based on the decrypted information, It is determined whether or not the USB storage device certificate matches the certificate.

When the device certificate request signal is received from the USB storage device, the device certificate is loaded from the certificate storage unit 1002, and the device certificate is transmitted to the USB storage device through the external device interface unit 1005 .

In addition, when the USB storage device access permission signal is received from the USB storage device and the decrypted USB storage device certificate matches the certificate, the device controls access to the information stored in the USB storage device.

7 is a block diagram illustrating an internal structure of a USB storage device according to an embodiment of the present invention.

According to the embodiment, the USB storage device 1101 can be connected to a predetermined device via the interface unit 1102. [ In the present invention, the case where the type of the interface unit is the USB interface unit is explained. However, considering the point of view of those skilled in the art, when the interface unit transmits and receives data between predetermined devices such as PCMCIA, Firewire and IEEE 1394 It will be obvious that the present invention can be replaced by various possible means.

In addition, the interface unit 1102 can transmit and receive data including a first certificate including information on the USB storage device and a second certificate including information on a connected device.

The buffer 1103 temporarily stores information to be transmitted to resolve the difference in data transmission speed between the CPU 1106 and the storage unit 1105 of the USB storage device when predetermined data is transmitted and received through the interface unit 1102 Speed storage device. And can quickly transmit and receive the data through the buffer 1103.

The DMA transfer unit 1104 loads data stored in the storage unit 1105 through a DMA (Direct Memory Access) channel and transfers the loaded data to the interface unit 1102 through the buffer 1103, And transmits the data to the storage unit 1105 so that the information received from the buffer 1103 can be stored in the storage unit 1105.

The storage unit 1105 is composed of a flash memory. The flash memory is a kind of EEPROM (Electrically Erasable and Programmable ROM), and is composed of a NOR type that supports input / output in byte units and a NAND type that supports input / . The NOR type flash memory is mainly used for code memory because it has a fast reading speed but a low writing speed. NAND type flash memory is mainly used as a large data storage device because of its high writing speed and low unit cost per unit space.

The USB storage device certificate for authenticating the USB storage device may be stored in the storage 1105. In order to restrict access to the USB storage device certificate from the outside, 1108 < / RTI >

Accordingly, the certificate storage area 1108 may be provided using the NOR type flash memory. Also, it is possible to protect the data stored in the certificate storage area 1108 even if the data stored in the storage unit 1105 is leaked or damaged due to memory existing in the CPU 1106. [

Also, the certificate storage area 1108 may store authentication information according to the security settings of the first certificate and the USB storage device.

The security software storage unit 1107 decrypts a certificate received from the predetermined device when the USB storage device is connected to a predetermined device and performs an authentication process, and based on the decrypted information, May be stored.

Also, the security software storage unit 1107 may be stored in the CPU 1106 like the certificate storage area 1108, and may restrict access to the security software storage unit from the outside.

The control unit 1106 controls the operation of each module of the USB storage device.

According to an embodiment of the present invention, the controller 1106 may include an authentication unit (not shown).

When the second certificate is received from the device via the interface unit 1102, the authentication unit (not shown) can check whether the authentication information stored in the certificate storage area 1108 matches the received second certificate .

According to the embodiment, the authentication unit (not shown) loads the security software in the security software storage unit 1107, decrypts the second certificate through the loaded security software, and decrypts the decrypted second It is possible to check whether the certificate matches the authentication information according to the security software.

In addition, the control unit 1106 may control to transmit an access permission signal to the device when the authentication unit verifies the second certificate.

When the security setting authentication process is completed, the control unit 1106 mounts the file system of the USB storage device to the file system of the device and controls the device to access the file stored in the USB storage device .

8 is a diagram for explaining a process in which any one of the devices according to the embodiments of the present invention communicates with third devices. The device shown in Fig. 8 may include a device capable of broadcasting reception in accordance with the embodiments of the present invention described above.

As shown in FIG. 8, a device 100 according to an embodiment of the present invention may communicate with a broadcast station 210, a network server 220, or an external device 230.

The device 100 may receive a broadcasting signal including a video signal transmitted from the broadcasting station 210. [ The device 100 may process a video signal, a voice signal, or a data signal included in the broadcast signal so as to be suitable for output from the device 100. [ The device 100 can output video or audio based on the processed video signal.

Meanwhile, the device 100 may communicate with the network server 220. The network server 220 is a device capable of transmitting and receiving signals with the device 100 via any network. For example, the network server 220 may be a mobile phone terminal that can be connected to the device 100 through a wired or wireless base station. In addition, the network server 220 may be a device capable of providing content to the device 100 via the Internet network. The content provider can provide the content to the device 100 using the network server.

Meanwhile, the device 100 can communicate with the external device 230. The external device 230 is a device capable of transmitting and receiving signals directly with the device 100 by wire or wirelessly. For example, the external device 230 may be a media storage device or a playback device used by a user. That is, the external device 230 corresponds to, for example, a camera, a DVD or a Blu-ray player, or a personal computer.

The broadcast station 210, the network server 220, or the external device 230 may transmit a signal including a video signal to the device 100. The device 100 can display an image based on a video signal included in an input signal. The device 100 may also transmit signals to the external device 230 from the broadcast station 210 or the network server 220 to the device 100. In addition, a signal transmitted from the external device 230 to the device 100 may be transmitted to the broadcasting station 210 or the network server 220. That is, the device 100 includes a function of directly reproducing contents included in a signal transmitted from the broadcasting station 210, the network server 220, and the external device 230 in the device 100, do.

9 is a flowchart illustrating a process of authenticating a device and a USB storage device according to an embodiment of the present invention.

In the drawings and the following drawings, a USB storage device connected through a USB (Universal Serial Bus) terminal of a device is described as an embodiment. However, from the standpoint of those skilled in the art, , IEEE 1394, and PCMCIA.

The certificate described in this figure and subsequent drawings is a concept that includes data of an entity which has made the tampering impossible by using a unique key or secret key of the certification authority. It is used for checking the identity when conducting electronic commerce, (CA) with public key infrastructure (PKI) in two different fields in electronic signatures, which are electronic information issued by a public key certificate authority (CA) for the purpose of authentication, It can include all of the cross-certificates that have a trust infrastructure and enable interoperability.

Referring to FIG. 9, in accordance with an embodiment of the present invention, when a USB storage device is connected to an external device interface unit of a device and a connection of the USB storage device is detected in the device, (S 101).

The USB storage device is a storage device connectable to the device 100 through a USB interface terminal, and may include various devices capable of storing data such as a USB memory and a USB HDD (Hard Disk Drive).

Also, the device information may include information on the serial number of the USB storage device, manufacturer, storage capacity, user, and security setting information.

The device information transmitting means may include various input / output formats such as USB, Firewire, IEEE 1394, and PCMCIA according to the format of the external device interface unit.

Next, if the device information is received (S 102), it is determined whether the USB storage device is a secure USB storage device based on the received device information. If the USB storage device is a secure USB storage device, And transmits a first certificate request signal to the USB storage device (S103).

According to an embodiment, the device information may include a serial number of the USB storage device, and based on the serial number, the USB storage device is detected as a secure USB storage device.

That is, the device can store the serial number list of the secured USB storage device, and when the serial number of the connected USB storage device is received, the received serial number is included in the serial number list of the secured USB storage device And can check whether the USB storage device is a secure USB storage device.

If it is determined that the connected USB storage device does not correspond to the secured USB storage device, the connected USB storage device is an accessible USB storage device without having to undergo a separate authentication process, The file system of the device is mounted to the file system of the device so that the file stored in the USB storage device can be accessed.

On the other hand, if the connected USB storage device corresponds to the secure USB storage device, the device transmits a first certificate request signal to the USB storage device.

The first certificate is a predetermined encrypted file, and is a certificate including information that can determine whether or not the USB storage device matches previously stored security information.

Next, when the first certificate is transmitted from the USB storage device to the device (S104), the device checks whether the transmitted first certificate matches the authentication information stored in the device (S105).

The device may store a security data table including authentication information, or may include a random number generation module or the like, in order to confirm security settings set in the device.

Further, according to an embodiment, the device may further comprise: when the first certificate is received, loading the security software stored in the device, decrypting the first certificate via the loaded security software, , It is possible to authenticate the USB storage device by checking whether the USB storage device matches the authentication information according to the security software.

That is, the authentication information previously stored in the device may be compared with the received first certificate to determine whether the USB device satisfies the condition for accessing the device.

The first certificate may be stored in a specific area of the USB storage device to limit external access. This has been described in detail in FIG. In addition, since a plurality of certificates may be stored in the USB storage device, the device may include a menu for receiving a selection signal of the first certificate to be transmitted from the USB storage device to the device among the plurality of certificates . This will be described in detail below with reference to FIG.

When the second certificate request signal is received from the USB storage device, the second certificate is transmitted to the USB storage device (S 106).

In the embodiment of the present invention, the device receives the first certificate from the USB storage device to confirm the security information, and only when a confirmation signal of the second certificate stored in the device is received from the USB storage device, When the second certificate request signal is received from the USB storage device to receive the confirmation signal for the second certificate stored in the device from the USB storage device, To the connected USB storage device.

Further, according to the embodiment, the second certificate is a predetermined encrypted file, and is a certificate including information capable of determining whether or not the device conforms to previously stored security information.

In addition, the second certificate may be stored in a specific area of the device to restrict external access. This has been described in detail in FIG. The device may include a menu for receiving a selection signal of the second certificate to be transmitted to the USB storage device among the plurality of certificates because the device may store a plurality of certificates. This will be described in detail below with reference to FIG.

Next, when the second certificate is received, the USB storage device determines whether the received second certificate matches the authentication information stored in the USB storage device (S 107).

According to an embodiment, the USB storage device may store a security data table including authentication information, or may include a random number generation module or the like, in order to check security settings through the received second certificate.

According to the embodiment, when the second certificate is received, the USB storage device loads the security software stored in the USB storage device, decrypts the second certificate through the loaded security software, Based on the two-certificate, the device can authenticate the device by verifying that it matches the authentication information in accordance with the security software.

That is, the authentication information pre-stored in the USB storage device may be compared with the received second certificate to determine whether the device satisfies the condition for accessing the USB storage device.

Next, if the received second certificate matches the authentication information, the USB storage device transmits a second certificate confirmation signal to the device (S 109)

That is, if it is determined through the second certificate received in the USB storage device that the device satisfies the condition for accessing the USB storage device, it transmits an acknowledgment signal for the second certificate to the device.

Next, the device permits access to the USB storage device when the second certificate confirmation signal is received and the first certificate is confirmed according to the previously stored authentication information (S 109).

That is, according to the embodiment, the file system of the USB storage device may be mounted to the file system of the device to allow access to the file stored in the USB storage device.

The device can access the contents stored in the USB storage device through the process described above, so that the device can protect the information stored in the USB storage device.

That is, through this, access is permitted only when both the first certificate stored in the USB storage device and the second certificate stored in the device correspond to the authentication information, so that the data stored in the device or the USB storage device can be protected more securely .

10 is a flowchart illustrating a process of registering a USB storage device in a device according to an embodiment of the present invention.

According to an embodiment, the device may register a new USB storage device in the device certificate stored in the device. That is, a pairing process can be performed on the USB storage device.

The device can perform the USB storage device registration process when a USB storage device connection signal is received from the device or when a selection signal of a menu item for performing the pairing process is received from the user.

When the USB storage device registration process is started, the device searches the device for registration information on the USB storage device connected to the device (S 201).

According to an embodiment, the registration information may include a connection history of the USB storage device, and may be stored in a memory of the device. Thus, the device searches the memory to determine whether the registration information exists.

If the USB storage device connected to the device is a registered USB storage device as a result of the search, the process proceeds to step S101 of FIG. 9, and a process for confirming the certificate is performed. Also, the registration process may be terminated as shown in the figure.

On the other hand, if the USB storage device connected to the device is the unregistered USB storage device, the device executes the pairing menu (S 202).

The device may display a pairing menu containing a list of certificates stored in the device. In addition, the device certificate may be stored differently by manufacturer, device, or user. This will be described in detail below with reference to FIGS. 20 to 22. FIG.

Next, the device receives one or more certificate selection signals from the pairing menu (S 203).

When the pairing menu is displayed, the user can select a certificate to be paired with the USB storage device connected to the device from the list of certificates included in the pairing menu.

Accordingly, the user can input any one or more certificate selection signals using the user input interface device.

Next, the device receives the password for the selected certificate (S 204).

According to an embodiment, a certificate stored in the device may be set with a password for accessing the certificate.

Accordingly, when a certificate selection signal is received from the user, the device can display a password input window for receiving the password of the selected certificate, and the user can input the password through the user input interface device. The password may be input in various forms such as a predetermined character string, a user gesture, and a user image.

According to the embodiment, when an incorrect password is inputted more than a predetermined number of times, the password input window is removed and the password can not be inputted anymore, thereby preventing the password from being leaked.

Next, when the password is input, the device updates the database storing the pairing information of the device and the USB storage device (S 205).

According to an embodiment, the device may store the pairing information of the USB storage device and the device in a database. Accordingly, when the password is input, the device can pair the USB storage device connected to the device with the selected certificate, and store the pairing information in the database of the device.

In addition, when the paired USB storage device is reconnected to the device, the USB storage device authentication step may be performed without performing the USB storage device registration process by performing the database update step.

Accordingly, through the USB storage device registration process, the user can pair the new USB storage device with an appropriate certificate among the certificates stored in the device to perform the security procedure.

11 is a view illustrating a display screen 1100 including a list of certificates mapped for each user according to an embodiment of the present invention.

According to the embodiment, since one device can be used by a plurality of users, it can be mapped to a different certificate for each user.

11, a user 'KANG' 1103 is mapped to a certificate A 1101, a user 'YOON' 1104 is mapped to a certificate B 1102, a user 'JOHN' 1105 is mapped to a certificate B 1102, May be mapped to certificate C (1103).

Also, the certificate list may include character information and image information for each certificate, and may include a user name, a user ID, or a user image of each user.

Also, with respect to the embodiment of the present invention, the certificate mapped for each user is a predetermined encrypted file, and is a certificate including information capable of determining whether or not the USB storage device matches the security information stored in the device A first certificate stored in the USB storage device and a second certificate stored in the device as a predetermined encrypted file including information capable of determining whether or not the device matches the security information stored in the USB storage device .

In other words, each user can store a different certificate for each user, so that even when one user uses several devices, the security setting can be confirmed through one certificate and access between the devices can be made possible, There is an effect that convenience can be improved.

12 is a view showing a display screen 1201 including a list of certificates mapped for each group according to an embodiment of the present invention.

According to an embodiment, a user can use one or more devices in a specific space, so that a plurality of devices can be mapped to a single certificate.

12, the PC and Tablet included in the 'KANG's HOME' group 1205 can be mapped to the certificate A 1202, and the TV and AUDIO included in the 'HITOL HOTEL' group 1206 can be mapped to the certificate A FAX, SERVER, PC included in the 'KSY's offics' group 1207 may be mapped to the certificate C 1204,

Also, with respect to the embodiment of the present invention, the certificate mapped for each user is a predetermined encrypted file, and is a certificate including information capable of determining whether or not the USB storage device matches the security information stored in the device And may include a first certificate stored in the USB storage device.

That is, for example, when the authentication information corresponding to the certificate A is stored in the PC and the tablet included in the 'KANG's HOME' group, the certificate A is stored in the USB storage device, And " KANG's HOME " groups. ≪ / RTI >

In addition, according to another embodiment of the present invention, the certificate mapped on a user-by-user basis is a predetermined encrypted file, and includes a certificate including information capable of determining whether or not the device conforms to the security information stored in the USB storage device As well as a second certificate stored in the device.

That is, for example, when the certificate A is stored in the PC and Tablet included in the 'KANG's HOME' group, the USB storage device storing the authentication information corresponding to the certificate A is stored in the PC and ' You can perform actions to allow access to the tablet.

Thus, the user can conveniently set security for a plurality of devices in a specific space.

13 is a view showing a display screen 1701 including an authentication progress notification message according to an embodiment of the present invention.

According to an embodiment, when a device receives a USB storage device certificate from a USB storage device connected to the device, it may display a predetermined guidance message 1702. [

When a predetermined device is connected through the external device interface unit of the device, data stored in the device may be lost if the device is removed or impacted while transmitting / receiving predetermined data with the device, A message can be displayed to prevent the loss.

According to an embodiment, the information message may include information on the connected USB storage device, information on the certificate being transmitted, and time remaining until the transfer is completed.

Also, the guide message may be minimized and displayed in a predetermined area of the display unit of the device (1702) so as not to interfere with the display screen of the content currently used in the device.

In addition, the user can select the cancel menu item 1703 to stop the transmission of the certificate.

Accordingly, while the predetermined data is being transmitted / received between the device and the USB storage device, the USB storage device can be removed and data stored in the USB storage device can be prevented from being lost.

Also, unlike the case shown in this figure, when transmitting the device certificate to the USB storage device, the device displays a predetermined announcement message, such as when receiving the USB storage device certificate from the device, The storage device, or the device can be prevented from being damaged.

FIG. 14 is a view showing a display screen 1301 including an authentication completion message according to an embodiment of the present invention.

According to the embodiment, when the authentication process with the USB storage device connected to the device is completed in the device, and the device is allowed to access the connected USB storage device, the authentication completion message 1302 can be displayed.

The authentication completion message 1302 may include information on the connected USB storage device, a device certificate, and a USB device certificate.

When the authentication completion message 1302 is output, the user can select the check menu item 1303 to perform an operation for accessing the USB storage device.

FIG. 15 is a view illustrating a display screen 1401 including an authentication failure message according to an embodiment of the present invention.

According to an exemplary embodiment of the present invention, when a device transmits a USB storage device certificate request signal to a USB storage device connected to a device and the USB storage device certificate is not searched even though the USB storage device certificate is searched, 1402, < / RTI >

In addition, when the USB storage device is transferred to the device, the device decrypts the USB storage device certificate, and when determining whether the security setting is consistent based on the decrypted information, It may display the error message 1402 if it does not match the security settings previously stored in the device.

The error message 1402 may include information on the USB storage device to which the access is denied. In addition, the user can select the confirmation menu item 1403 to end the procedure for authenticating the USB storage device.

16 is a view illustrating a display screen 1501 including a first certificate selection menu according to an embodiment of the present invention.

According to an embodiment of the present invention, a device transmits a USB storage device certificate request signal to a USB storage device connected to a device, and when a certificate exists in the USB storage device, if a plurality of certificates exist in the USB storage device, The device can display the USB storage device certificate selection menu 1502. [

Since one USB storage device can be connected to a plurality of devices or a plurality of other devices, a plurality of USB storage device certificates can be stored in one USB storage device.

Accordingly, when a plurality of USB storage device certificates are retrieved from the connected USB storage device, the device may display the menu 1502 to receive a certificate corresponding to the device.

The menu 1502 may include information on the connected USB storage device and information on the certificates stored in the connected USB storage device.

Also, it may include selection menu items 1503, 1504 and 1505 for selecting one of the plurality of certificates stored in the USB storage device.

According to the embodiment, when any one certificate is selected, an input window for receiving a predetermined password for extracting the selected certificate from the USB storage device can be displayed.

Accordingly, even when a plurality of certificates are stored in the USB storage device, the user can select a certificate corresponding to the device currently in use, so that the user can smoothly perform the authentication process.

17 is a view illustrating a display screen including a device certificate selection menu according to an embodiment of the present invention.

According to an embodiment, when the device certificate request signal is received from the USB storage device, the device can display the device certificate selection menu 1602. [

A device is available to various users and can perform various functions, so that a plurality of device certificates can be stored in one device.

Accordingly, the device may display the menu 1602 to transmit a certificate corresponding to the currently connected USB storage device.

The menu 1602 may include information on the USB storage device connected to the current device as text information or image information and may include menu items 1603 and 1604 for selecting a plurality of certificates stored in the device , 1605).

In addition, each menu item for selecting the certificate may include information on a certificate provider, a certificate creation date and time, and a certificate expiration date, etc., in order to identify each of the certificates.

According to an embodiment, when any one of the menu items for selecting the certificate is selected, the device may display an input window for receiving a predetermined password for transmitting the selected certificate.

Accordingly, even when a plurality of certificates are stored in the device, the user can select a certificate corresponding to the connected USB storage device, thereby enabling the authentication process to proceed smoothly.

18 is a view showing a display screen 1801 including an authentication failure message according to an embodiment of the present invention.

According to an embodiment, when a USB storage device is connected to a device, a USB storage device certificate request signal is transmitted to the connected USB storage device.

A menu including the authentication failure message indicating that the certificate does not exist if the certificate corresponding to the request signal does not exist as a result of the search, searching the connected USB storage device according to the request signal, 1802).

The authentication failure message may include information on a port to which the USB storage device is connected, information on the connected USB storage device, and information on the certificate.

The user can select the certificate re-search menu item 1803 in the menu 1802 to allow the user to retrieve the certificate from the USB storage device again, select the cancel menu item 1804, May be terminated.

Also, according to the embodiment, when the user selects the re-searching menu item 1803, the user can display a directory list of the USB storage device for selecting a location where the certificate is stored.

Through the menu 1802, the user can easily determine whether or not the connected USB storage device can be accessed. If the user can not retrieve the certificate due to an error in the device, the user can re- Authentication can be attempted.

19 is a diagram showing a display screen 1901 including an external device connection mode setting menu according to an embodiment of the present invention.

According to an embodiment, when a USB storage device is connected to the device, a menu 1902 for setting a mode for connecting the connected USB to the device may be displayed.

It may not be possible to determine whether the connected USB storage device is a USB storage device having a security function or a general USB storage device only by connecting the USB storage device to the device, And can receive the mode selection signal from the user.

That is, when the user inputs a selection signal of a menu item 1903 for accessing the secure mode in the menu 1902, the device transmits a USB storage device certificate request signal to the connected USB storage device, An authentication process as described with reference to FIG. 8 is performed.

On the other hand, when the user inputs a selection signal of a menu item 1904 for accessing the normal mode in the menu 1902, the user does not need to perform the authentication process as shown in FIG. 8, To the file system of the device to allow access.

Accordingly, not only when the USB storage device having the security function is connected to the device but also when the general USB storage device is connected, the user can promptly determine what process the device should proceed through the menu 1902 There is an effect that can be decided.

20 to 22 are views showing a display screen including a certificate selection menu according to an embodiment of the present invention.

According to an embodiment, the device may store a certificate for performing an authentication procedure when a USB storage device is connected to the device. In addition, by pairing a predetermined USB storage device with a certificate stored in the device, the paired USB storage device can be registered as an external device connectable to the device.

In addition, since the manufacturer of the USB storage device, the user of the USB storage device, and the type of the USB storage device may be various, if all the USB storage devices are paired with one certificate, certificate management becomes difficult. Depending on the USB storage device to be paired, the paired certificate may be different. That is, the device may store a plurality of certificates.

20, the device includes a certificate list 2102, 2103, 2104 for each manufacturer in a certificate selection menu 2101 for receiving a selection signal of a device certificate to pair with a USB storage device connected to the device Can be displayed. The certificate list may include image or text information for each manufacturer.

That is, the certificates to be paired may differ depending on the manufacturer of the USB storage device. Since USB storage devices of the same manufacturer are similar in appearance to each other, the USB storage device is paired with different certificates according to the manufacturer of the USB storage device as described above, thereby increasing the accuracy in registering the USB storage device in the device .

21, the device includes a certificate selection menu 2201 for receiving a device certificate selection signal for pairing a USB storage device connected to the device, a certificate list 2202, 2203, 2204, 2205 ) Can be displayed. The per-user certificate list may include image or character information capable of recognizing each user.

That is, the certificate to be paired according to the user of the USB storage device may be different. A plurality of users can receive contents or services through a single device but the plurality of users may want to register each USB storage device with the device, By having them pair to different certificates, the data of each user can be protected more securely.

22, the device includes a certificate selection menu 2301 for receiving a device certificate selection signal for pairing a USB storage device connected to the device, a certificate list 2302, 2303, 2304). ≪ / RTI > The type-specific certificate list of the USB storage device may include image or character information capable of recognizing the type of the USB storage device.

That is, the certificates to be paired may differ depending on the type of the USB storage device. Since the USB storage device may be a variety of types such as a network hard disk, a USB memory, a DVD-ROM connected via USB, and a camera connected via USB, a device may have different certificates It is possible to reduce an erroneous operation of erroneously selecting the certificate.

It is to be understood that the present invention is not limited to the above-described embodiments, and that various changes and modifications may be made without departing from the scope of the present invention. As shown in FIG.

Meanwhile, the operation method of the device of the present invention can be implemented as a code that can be read by a processor on a recording medium readable by a processor included in the device. The processor-readable recording medium includes all kinds of recording apparatuses in which data that can be read by the processor is stored. Examples of the recording medium that can be read by the processor include a ROM, a RAM, a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like, and may also be implemented in the form of a carrier wave such as transmission over the Internet . In addition, the processor-readable recording medium may be distributed over network-connected computer systems so that code readable by the processor in a distributed fashion can be stored and executed.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, It will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the present invention.

100: device
105: Broadcast receiver
110: tuner
120: demodulator
130: Network interface unit
135: External device interface unit
140:
150: user input interface unit
170:
180:
185: Audio output section
190: Power supply
200: remote control device

Claims (16)

A method for authenticating a USB storage device in a device,
Transmitting a device information request signal to the connected USB storage device when connection of the USB storage device is detected;
Retrieving, when receiving the device information, whether the USB storage device is a secure USB storage device, based on the received device information;
Transmitting a first certificate request signal to the USB storage device when the USB storage device is a secure USB storage device;
Receiving at least one first certificate list from the USB storage device, wherein the first certificate list is restricted to any one of a manufacturer-specific certificate list, a user-specific certificate list, or a list of certificate types of the USB storage device box-;
Displaying a selection menu for selecting a specific certificate from among the list of certificates by manufacturer, the list of certificates by user, and the list of certificates by type of USB storage device;
Receiving a signal from the selection menu to select a specific certificate identified as a manufacturer, a specific certificate identified as a user, or a specific certificate identified as a type of a USB storage device;
Transmitting the second certificate to the USB storage device in response to a second certificate request signal of the USB storage device; And
Allowing the access to the USB storage device if a second certificate confirmation signal is received from the USB storage device and the selected specific certificate matches the pre-stored authentication information
Wherein the USB storage device is capable of authenticating the USB storage device. The method according to claim 1,
Wherein the device information includes a serial number of the USB storage device,
Wherein the step of searching for the secured USB storage device comprises:
Searching for a secured USB storage device based on the serial number
Wherein the USB storage device is capable of authenticating the USB storage device. The method according to claim 1,
Wherein the first certificate is a certificate including information on the USB storage device,
Wherein the second certificate is a certificate including information about the device
A method for authenticating a USB storage device in a device. The method according to claim 1,
Wherein the step of permitting access comprises:
Mounting the file system of the USB storage device in the file system of the device and allowing access to the file stored in the USB storage device
Wherein the USB storage device is capable of authenticating the USB storage device. The method according to claim 1,
Wherein the step of permitting access comprises:
Loading security software;
Decrypting the first certificate through the loaded security software; And
Checking whether the decrypted first certificate matches the authentication information according to the security software
Wherein the USB storage device is capable of authenticating the USB storage device. A device connectable to a USB storage device,
A USB interface unit for transmitting a request signal for device information to the connected USB storage device and transmitting / receiving data to / from the connected USB storage device when connection of the USB storage device is detected;
A storage unit for storing a first certificate, a second certificate and authentication information received from the USB storage device;
An authentication unit for verifying whether the received first certificate and the authentication information stored in the storage unit match when the first certificate is received through the USB interface unit;
Wherein the device information is received by the USB interface unit and the USB storage device is detected as a secure USB storage device based on the received device information and if the USB storage device is a secure USB storage device, Sending a certificate request signal, sending the second certificate to the USB storage device in response to a second certificate request signal of the USB storage device, receiving a second certificate confirmation signal from the USB storage device, A control unit for controlling access to the USB storage device when authentication information is confirmed in the USB storage device; And
And a display unit for outputting a video signal,
Wherein,
Receiving at least one first certificate list from the USB storage device, displaying a selection menu for selecting a specific one of the at least one first certificate list, receiving a signal for selecting a specific certificate from the selection menu ,
Wherein the first certificate list comprises:
A certificate list per manufacturer, a list of certificates by user, or a list of certificates by type of the USB storage device.
A device that can be connected to a USB storage device. The method according to claim 6,
Wherein the device information includes a serial number of the USB storage device,
Wherein,
Based on the serial number, whether the connected USB storage device is a secure USB storage device
A device that can be connected to a USB storage device. The method according to claim 6,
Wherein the first certificate is a certificate including information on the USB storage device,
Wherein the second certificate is connectable to a USB storage device that is a certificate containing information about the device. The method according to claim 6,
Wherein,
Mounts the file system of the USB storage device in the file system of the device and controls access to the file stored in the USB storage device
A device that can be connected to a USB storage device. The method according to claim 6,
Wherein,
You can store more security software,
Wherein,
Loading the security software in the storage unit, decrypting the first certificate through the loaded security software, and checking whether the decrypted first certificate and the authentication information according to the security software match
A device that can be connected to a USB storage device. The method according to claim 6,
Wherein,
And a control unit
A device that can be connected to a USB storage device. delete delete delete delete delete

Images