KR20140129714A - Apparatus for contents security of cloud server using usb device in virtual device interface environment and method thereof - Google Patents

Apparatus for contents security of cloud server using usb device in virtual device interface environment and method thereof Download PDF

Info

Publication number
KR20140129714A
KR20140129714A KR20130048338A KR20130048338A KR20140129714A KR 20140129714 A KR20140129714 A KR 20140129714A KR 20130048338 A KR20130048338 A KR 20130048338A KR 20130048338 A KR20130048338 A KR 20130048338A KR 20140129714 A KR20140129714 A KR 20140129714A
Authority
KR
South Korea
Prior art keywords
usb
usb device
information
cloud server
vdi
Prior art date
Application number
KR20130048338A
Other languages
Korean (ko)
Inventor
백종경
문명식
Original Assignee
킹스정보통신(주)
인텔렉추얼디스커버리 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 킹스정보통신(주), 인텔렉추얼디스커버리 주식회사 filed Critical 킹스정보통신(주)
Priority to KR20130048338A priority Critical patent/KR20140129714A/en
Publication of KR20140129714A publication Critical patent/KR20140129714A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/123Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Remote Sensing (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to an apparatus and a method for preventing content leakage of a cloud server using a USB device in a virtual device interface (VDI) environment. The present invention has an effect of preventing leakage of important content stored in a cloud server, in advance, due to an unauthorized USB device by accessing the VDI environment.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an apparatus and method for preventing leakage of contents of a cloud server using a USB device in a VDI environment,

The present invention relates to an apparatus and method for preventing content leakage of a cloud server using a USB device in a VDI environment, and more particularly, to an apparatus and method for preventing content leakage in a cloud server by accessing a virtual device interface (VDI) environment through an unauthorized USB device, The present invention relates to an apparatus and method for preventing content leakage of a cloud server using a USB device in a VDI environment in which leakage of a content can be prevented.

Generally, cloud computing refers to the Internet-based (cloud) computing technology. Cloud computing represents the Internet as a cloud in a computer network diagram. It has a hidden, complex infrastructure and a computing style in which IT-related functions are provided as services. Users can use the services provided by cloud computing using the Internet.

That is, the cloud computing is a combination of various computing concepts and communication technologies such as virtualization computing, utility computing, on-demand computing, and the like. In general, a plurality of data centers constituted by a plurality of computers are integrated into a virtualization technology, Refers to a technology that implements a virtual computer or service, which is accessed by a user to provide various software, security solutions, and computing capabilities in an on-demand manner.

The cloud computing is an on-demand type outsourcing service of IT resources through the Internet. It stores programs or documents individually stored in a personal computer or a server of an enterprise in an Internet-based virtual server or storage, A cloud application such as a web browser is operated using various terminals including a mobile terminal, and a user can perform a desired operation.

At this time, users can select and use as many computing resources as cloud applications, storage, OS, and security at a desired point in time, and pay a price based on usage.

Although cloud computing has not been fully realized yet, research on cloud computing services, service platform technology, and virtualization technology is being actively conducted by large corporations including Google, Microsoft and IBM.

Such cloud computing technology development focuses mainly on desktop-based computing environments or server-side virtualization technologies for effective mass processing, but does not consider service technologies for a mobile environment based on a variety of small terminals It is true.

However, in a recent communication environment utilizing various mobile terminals such as a mobile phone, a smartphone, a notebook, a navigation and a PMP, it is desired to utilize the user's cloud application and the service effectively regardless of the place, The requirements are getting bigger and bigger.

Of course, with the growth of web-based cloud application technology, web-based cloud services that can use cloud applications such as web office and web mail are spreading everywhere with a web browser supporting standard technology, Can use this environment, but there is no effective cloud service interworking method for individual cloud applications that provide complex interfaces and functions.

Meanwhile, in recent years, there have been a lot of cases in which confidential information of a company is leaked through a USB (Universal Serial Bus) device, and the aforementioned cloud computing environment is no exception. Therefore, there is a need for a control method for accessing the cloud application environment through the unauthorized USB (Universal Serial Bus) device in the cloud computing environment and leaking important information.

Korea Patent No. 10-1212828

SUMMARY OF THE INVENTION The present invention has been made in order to solve the above-mentioned problems, and it is an object of the present invention to provide a VDI (Virtual Device Interface) environment through an unauthorized USB device to prevent leakage of contents stored in a cloud server An apparatus and method for preventing leakage of contents of a cloud server using a USB device in a VDI environment.

According to a first aspect of the present invention, there is provided a virtual device interface (VDI) for connecting a cloud server providing a cloud computing service in response to a request of a client terminal through a wired / wireless communication network, An apparatus for preventing leakage of contents stored in a cloud server using a USB device in an environment, the apparatus comprising: an upper or lower filter driver level of a USB function driver provided in a kernel area of the client terminal; And acquiring device information of the USB device connected through the USB communication interface of the VDI environment in the upper or lower filter driver; A USB authentication module for comparing the device information of the USB device acquired from the USB information acquisition module with the device information of the USB device previously authorized and determining whether the connected USB device is authorized or not according to the comparison result; And a USB control module for accepting or blocking data transmission of the connected USB device according to a predetermined security policy by receiving approval or non-approval discrimination information of the connected USB device from the USB authentication module, The present invention provides a device for preventing content leakage of a cloud server using a USB device in an environment.

Here, the USB information acquisition module changes the USB device connected to the USB communication interface of the VDI environment to the standby state, acquires the device information of the connected USB device, and stores it in a list in a separate memory .

Preferably, when the USB control module receives the data transmission event from the USB device determined to be unauthorized by the upper or lower filter driver after receiving the unauthorized discrimination information of the connected USB device from the USB authentication module, The USB device identified as unauthorized can be changed to the blocked state.

Preferably, the device information of the pre-authorized USB device may be stored in a separate server or database (DB).

Preferably, the device information of the USB device may be at least one of a manufacturer ID, a product ID (or model number), and a manufacturing serial number.

A second aspect of the present invention is a method for providing a cloud service using a USB device in a virtual device interface (VDI) environment in which a client terminal connects with a cloud server providing cloud computing service through a wired / wireless communication network, (A) a USB information acquisition module connected to an upper or lower filter driver level of a USB function driver provided in a kernel area of the client terminal, Acquiring device information of a USB device connected to the USB communication interface; (b) comparing the device information of the USB device obtained in the step (a) with the device information of the USB device previously authorized through the USB authentication module connected to the USB information acquisition module, Determining whether the USB device is authorized or not; And (c) transmitting data of the connected USB device in accordance with a pre-established security policy based on authorization or non-authorization determination information of the USB device connected in the step (b) through a USB control module connected to the USB authentication module Allowing or blocking the content of the cloud server using the USB device in the VDI environment.

Preferably, in the step (a), the USB information acquisition module changes the USB device connected to the USB communication interface of the VDI environment to the standby state, acquires the device information of the connected USB device, In the form of a list.

Preferably, in the step (c), the USB control module receives the unauthorized discrimination information of the connected USB device in the step (b), and then transmits the data from the USB device determined not to be in the upper or lower filter driver When a transmission event is provided, the USB device determined to be unauthorized can be changed to the blocking state.

Preferably, in the step (b), the device information of the USB device previously authorized may be stored in a separate server or a database (DB).

Preferably, in the step (a), the device information of the USB device may be at least one of a manufacturer ID, a product ID (or model number), and a manufacturing serial number.

A third aspect of the present invention is to provide a recording medium on which a program for executing a content leakage prevention method of a cloud server using a USB device in the VDI environment described above is recorded.

The method of preventing content leakage of a cloud server using a USB device in a VDI environment according to the present invention can be implemented by a computer readable code on a computer readable recording medium. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored.

For example, the computer-readable recording medium includes a ROM, a RAM, a CD-ROM, a magnetic tape, a hard disk, a floppy disk, a removable storage device, a nonvolatile memory, , And optical data storage devices.

According to the apparatus and method for preventing content leakage of a cloud server using the USB device in the VDI environment of the present invention as described above, it is possible to access a VDI (Virtual Device Interface) environment through an unauthorized USB device, There is an advantage that it is possible to prevent the outflow of the liquid.

FIG. 1 is a block diagram illustrating a content leakage prevention apparatus of a cloud server using a USB device in a VDI environment according to an embodiment of the present invention. Referring to FIG.
2 is a diagram illustrating a kernel structure for operating a USB device in a client terminal according to an embodiment of the present invention.
3 is a flowchart illustrating a method of preventing content leakage of a cloud server using a USB device in a VDI environment according to an exemplary embodiment of the present invention.

Hereinafter, advantages and features of the present invention and methods of achieving them will be made clear with reference to the embodiments described below in detail with reference to the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as being limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Is provided to fully convey the scope of the invention to those skilled in the art, and the invention is only defined by the scope of the claims. Like reference numerals refer to like elements throughout the specification. "And / or" include each and every combination of one or more of the mentioned items.

Although the first, second, etc. are used to describe various elements, components and / or sections, it is needless to say that these elements, components and / or sections are not limited by these terms. These terms are only used to distinguish one element, element or section from another element, element or section. Therefore, it goes without saying that the first element, the first element or the first section mentioned below may be the second element, the second element or the second section within the technical spirit of the present invention.

The terminology used herein is for the purpose of illustrating embodiments and is not intended to be limiting of the present invention. In the present specification, the singular form includes plural forms unless otherwise specified in the specification. It is noted that the terms "comprises" and / or "comprising" used in the specification are intended to be inclusive in a manner similar to the components, steps, operations, and / Or additions.

Unless defined otherwise, all terms (including technical and scientific terms) used herein may be used in a sense commonly understood by one of ordinary skill in the art to which this invention belongs. Also, commonly used predefined terms are not ideally or excessively interpreted unless explicitly defined otherwise.

In the following description of the present invention, detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The following terms are defined in consideration of the functions in the embodiments of the present invention, which may vary depending on the intention of the user, the intention or the custom of the operator. Therefore, the definition should be based on the contents throughout this specification.

FIG. 1 is a block diagram illustrating a content leakage prevention apparatus of a cloud server using a USB device in a VDI environment according to an exemplary embodiment of the present invention. FIG. FIG. 8 is a diagram illustrating a kernel structure for operating a device. FIG.

Referring to FIGS. 1 and 2, an apparatus for preventing content leakage of a cloud server using a USB device in a VDI environment according to an embodiment of the present invention includes a cloud server 100 and at least one (Contents) stored in the cloud server 200 by using the USB device 300 in a VDI (Virtual Device Interface) environment for connecting the client terminals 200 of the USB terminal 300 to each other. An acquisition module 1000, a USB authentication module 2000, and a USB control module 3000.

Here, the VDI (Virtual Device Interface) provides a virtual desktop to which a plurality of terminals (cloud devices) of the user can access, and can share data with a netbook, a smart phone, a computer, And an interface to receive the data.

That is, the VDI environment is an environment that can be used as a local environment through an OS (Operating System) environment provided by the cloud server 100 without utilizing resources of a local environment.

In this VDI environment, the user operates the VDI view program (OS) provided to the client terminal 200. That is, when the USB device 300 is connected to the client terminal 200 in the VDI environment, the USB communication interface 210 of the client terminal 200, which will be described later, detects the USB connection and uses the USB device 300 in the VDI environment The PNP event to the VDI view program. The USB device 300 can be used in the VDI environment through the PNP event thus transmitted.

The cloud server 100 performs a function of providing a cloud computing service in response to a request from the client terminal 200. [

That is, the cloud server 100 provides a cloud computing service to the client terminal 200, and provides the computing resources requested by the client terminal 200 through the wired / wireless communication network 10. The cloud server 100 provides a computing service for allowing the client terminal 200 to use a device requested by the client terminal 200. [

Such a cloud server 100 is provided with a file provided from a provider (content provider) that provides large-capacity data such as an application program file, a game program file, a text data file, a document file, a picture file, a music file, And a plurality of storages (Storage) for storing data.

The wired / wireless communication network 10 may be a wired / wireless network or the Internet. The Internet may include a TCP / IP protocol and a plurality of services existing in the upper layer, that is, HTTP (Hyper Text Transfer Protocol) Which provides services such as Telnet, File Transfer Protocol (FTP), Domain Name System (DNS), Simple Mail Transfer Protocol (SMTP), Simple Network Management Protocol (SNMP), Network File Service (NFS) Refers to a global open computer network architecture and provides an environment in which a client terminal 200 can be connected to a cloud server 100. Meanwhile, the Internet may be a wired or wireless Internet, or may be a core network integrated with a wired public network, a wireless mobile communication network, or a portable Internet.

The client terminal 200 is typically a computer such as a desktop PC or a notebook PC. However, the client terminal 200 is not limited to a computer. The client terminal 200 may be connected to the cloud server 100 via the wired / wireless communication network 10, And may be any kind of wired or wireless communication device that can be provided with service.

For example, the client terminal 200 may include a Palm Personal Computer (PDA), a Personal Digital Assistant (PDA), and a smart phone capable of communicating with the cloud server 100 through the wired / Wireless home appliances / communication devices having a user interface for accessing the cloud server 100, such as a smart phone, a wireless application protocol phone (WAP phone), and a mobile game station (mobile play-station) have.

Particularly, the client terminal 200 is provided with an apparatus for effectively preventing the contents of the cloud server 100 from being leaked by using the USB device 300 in the VDI environment. And may be connected to the level of the upper or lower filter driver 250 or 230 of the USB function driver 240 provided in the USB related kernel region of the terminal 200 to participate in the operation of the device.

2, the structure of the USB related kernel region of the client terminal 200 includes a USB communication interface 210, a USB bus driver (BUS Driver) 220, a lower filter driver (Lower) A filter driver 230, a USB function driver 240 and an upper filter driver 250 level (or layer).

The USB communication interface 210 is implemented by, for example, PNP (Plug & Play), and connects the USB device 300 and the VDI view program (OS) ) To transmit / receive data.

The USB bus driver 220 is a data module, which transmits and receives network packets and hardware interfaces.

The USB function driver 240 is tailored to a particular device or class of devices. As a result, the driver of the other function is loaded depending on the actual USB device 300 being used.

The filter drivers 230 and 250 are intermittent drivers and intercept I / O requests transmitted to drivers that are already commercially available, such as a file system driver and a disk driver, Provides an opportunity to supplement or add new functionality.

For example, if you need to monitor data transmitted to a USB port, you need to create a USB filter driver because the operating system provides a USB driver. Each port installed on a personal computer, or the tools used to monitor a specific task, are mostly created using a filter driver.

Another example using the filter drivers 230 and 250 is a file system filter driver. File system drivers (e.g., FAT, NTFS, CDFS, LAN Manager redirector, etc.) do not provide encryption or decryption capabilities for files when they are stored or read from disk. Therefore, you can use a file system filter driver to add encryption or decryption capabilities to a file, or to perform functions such as virus checking.

The filter drivers 230 and 250 are divided into an upper filter driver 250 and a lower filter driver 230 depending on where the I / O request is transmitted to the driver in the driver layer.

The upper filter driver 250 is a driver that intercepts an I / O request and performs necessary operations before a request of a user process reaches a file system driver. The sub-filter driver 230 is located under the file system driver. When an I / O request handled by the file system driver is passed to a driver managing an auxiliary storage device such as a hard disk, this I / O request is intercepted and required.

The filter drivers 230 and 250 operate in a manner that corrects the operation in only a few aspects of the current driver without rewriting the entire driver. The SCSI filter driver works this way. These filter drivers 230 and 250 play a role of concealing the limitations of the low-level device driver.

For example, if the lower driver has a limit on the size of the data transfer, the filter will be able to split the large data transfer into smaller sizes and transfer it to lower levels. The filter driver 230, 250 may add new features, such as compression or encryption, to the device without modifying the sub-device driver or the program using the device. The filter driver 230, 250 may add or remove costly operations (such as performance monitoring) where the driver is not always performed.

In particular, the contents leakage prevention of the cloud server according to an exemplary embodiment of the present invention includes a USB information acquisition module 1000, a USB authentication module 2000, and a USB control module 3000.

The USB information acquisition module 1000 is connected to the level of the upper or lower filter driver 250 or 230 of the USB function driver 240 provided in the kernel area of the client terminal 200, 250 or 230) through the USB communication interface 210 of the VDI environment.

The USB information acquisition module 1000 changes the USB device 300 connected to the USB communication interface 210 of the VDI environment to the standby state and then acquires the device information of the connected USB device and acquires device information Memory (not shown) in the form of a list.

On the other hand, the device information of the USB device 300 preferably includes at least one of a USB manufacturer ID, a product ID (or model number), and a production serial number.

The USB authentication module 2000 compares the device information of the USB device 300 acquired from the USB information acquisition module 1000 with the device information of the USB device that is previously authorized, And performs the function of discriminating whether or not the user 300 is authorized.

Meanwhile, the device information of the previously-applied USB device is not shown in the figure, but is preferably stored in a separate server or database.

The USB control module 3000 receives the authorization or non-authorization determination information of the connected USB device 300 from the USB authentication module 2000 and transmits the data transmission of the connected USB device 300 according to a pre- Or to allow or block the device.

The USB control module 3000 receives the unauthorized discrimination information of the connected USB device 300 from the USB authentication module 2000 and then determines whether the unauthorized USB device 300 300, it is preferable to change the USB device 300 that has been judged to be unauthorized to a blocked state.

Hereinafter, a content leakage prevention method of a cloud server using a USB device in a VDI environment according to an embodiment of the present invention will be described in detail.

3 is a flowchart illustrating a method of preventing content leakage of a cloud server using a USB device in a VDI environment according to an exemplary embodiment of the present invention.

Referring to FIGS. 1 to 3, a method of preventing content leakage of a cloud server using a USB device in a VDI environment according to an embodiment of the present invention includes: (For example, a USB manufacturer ID, a USB manufacturer ID, etc.) of a USB device connected to the USB communication interface 210 of the VDI environment through the USB information acquisition module 1000 connected to the upper or lower filter driver 250 Product ID (or model number), production serial number, etc.) (S100).

At this time, the USB information acquisition module 1000 changes the USB device 300 connected to the USB communication interface 210 of the VDI environment to the standby state, acquires the device information of the connected USB device, It is desirable to store the data in the form of a list in a memory.

The USB information acquisition module 1000 acquires the device information of the USB device (S100). More specifically, when the USB device 300 is connected, the device start control unit and the device start control unit The device request controller acquires the device descriptor table for acquiring the device information of the USB device.

Then, device information (e.g., USB manufacturer ID, product ID (or model number), production serial number, etc.) of the USB device is acquired using the secured device descriptor table.

After comparing the device information of the USB device acquired in the step S100 with the device information list of the USB device which has been previously approved through the USB authentication module 2000 connected to the USB information acquisition module 1000, And determines whether the connected USB device is authorized or not (S200).

At this time, it is preferable that the device information list of the pre-authorized USB device is stored in a separate server or database, for example.

[0040] In more detail, when the USB device 300 is connected, the device start control unit of the normal device power control unit acquires the device information of the USB device . If the device information acquisition of the USB device is successful in the device start control unit, the device information list of the stored authorized USB device is compared with the device information of the acquired USB device to determine whether or not the USB device is authorized.

If the device start control unit fails to acquire the device information of the USB device, the device request control unit attempts to acquire the device information of the USB device again. If the device information acquisition of the USB device is successful in the device request control unit, the device information list of the authorized USB device held is compared with the device information of the acquired USB device to determine whether or not the USB device is authorized.

Otherwise, if the device request control unit fails to acquire the device information of the USB device, it generates a virtual serial for the USB device, compares the stored device information list of the authorized USB device with the generated virtual serial, Or not.

Then, in step S200, based on the authorization or non-authorization determination information of the connected USB device, the data of the USB device connected thereto in accordance with the pre-established security policy through the USB control module 3000 connected to the USB authentication module 2000 The transmission is permitted or blocked (S300).

At this time, the USB control module 3000 receives the unauthorized discrimination information of the connected USB device 300 in step S200, and then transmits the unauthorized discrimination information from the USB device 300 identified as unauthorized by the upper or lower filter driver 250 or 230 When receiving the data transmission event, it is preferable to change the USB device 300 identified as the non-authorized person to a blocked state.

Meanwhile, the method of preventing content leakage of a cloud server using a USB device in a VDI environment according to an embodiment of the present invention can also be implemented as computer readable code on a computer readable recording medium. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored.

For example, the computer-readable recording medium includes a ROM, a RAM, a CD-ROM, a magnetic tape, a hard disk, a floppy disk, a removable storage device, a nonvolatile memory, , And optical data storage devices.

In addition, the computer readable recording medium may be distributed and executed in a computer system connected to a computer communication network, and may be stored and executed as a code readable in a distributed manner.

Although the present invention has been described in connection with the preferred embodiments thereof with reference to the accompanying drawings, it is to be understood that the invention is not limited to the disclosed embodiments, It is to be understood that the invention is not limited thereto and that various changes and modifications can be made within the scope of the appended drawings.

100: Cloud server,
200: client terminal,
300: USB device,
1000: USB information acquisition module,
2000: USB authentication module,
3000: USB control module

Claims (10)

A client terminal uses a USB device in a VDI (Virtual Device Interface) environment for connecting with a cloud server providing cloud computing service in response to a request of the client terminal through a wired / wireless communication network, Comprising:
The USB driver is connected to an upper or lower filter driver level of a USB function driver provided in a kernel area of the client terminal and is connected to a USB A USB information acquisition module for acquiring device information of the device;
A USB authentication module for comparing the device information of the USB device acquired from the USB information acquisition module with the device information of the USB device previously authorized and determining whether the connected USB device is authorized or not according to the comparison result; And
And a USB control module for allowing or disabling data transmission of the connected USB device in accordance with a predetermined security policy by receiving approval or non-approval discrimination information of the connected USB device from the USB authentication module. In a cloud server using a USB device.
The method according to claim 1,
The USB information acquisition module may change the USB device connected to the USB communication interface of the VDI environment to the standby state and then acquire the device information of the connected USB device and store the acquired device information in the form of a list in a separate memory An apparatus for preventing content leakage of a cloud server using a USB device in a VDI environment.
The method according to claim 1,
When the USB control module receives the data transmission event from the USB device determined not to be used by the upper or lower filter driver after receiving the unauthorized discrimination information of the connected USB device from the USB authentication module, And the USB device is changed to the blocked state. [Claim 13] A device for preventing content leakage of a cloud server using a USB device in a VDI environment.
The method according to claim 1,
Wherein the device information of the USB device is stored in a separate server or a database (DB) in the cloud server using the USB device in the VDI environment.
The method according to claim 1,
Wherein the device information of the USB device comprises at least one of a manufacturer ID, a product ID (or a model number), and a production serial number.
A method for preventing leakage of contents stored in a cloud server using a USB device in a VDI (Virtual Device Interface) environment for connecting a client terminal with a cloud server providing cloud computing service through a wired / wireless communication network,
(a) a USB connected to a USB communication interface of a VDI environment via a USB information acquisition module connected to an upper or lower filter driver level of a USB function driver provided in a kernel area of the client terminal; Obtaining device information of the device;
(b) comparing the device information of the USB device obtained in the step (a) with the device information of the USB device previously authorized through the USB authentication module connected to the USB information acquisition module, Determining whether the USB device is authorized or not; And
(c) allowing data transmission of the connected USB device according to a pre-established security policy based on authorization or non-authorization determination information of the USB device connected in the step (b) through a USB control module connected to the USB authentication module Or blocking the content of the cloud server using the USB device in the VDI environment.
The method according to claim 6,
In the step (a), the USB information acquisition module changes the USB device connected to the USB communication interface of the VDI environment to the standby state, acquires the device information of the connected USB device, The method of claim 1, wherein the content is stored in a VDI environment.
The method according to claim 6,
In the step (c), the USB control module receives a data transmission event from the USB device determined not to be used by the upper or lower filter driver, after receiving the unauthorized discrimination information of the connected USB device in the step (b) And if it is provided, changes the USB device determined to be unauthorized to a blocked state. The method of preventing leakage of contents of a cloud server using a USB device in a VDI environment.
The method according to claim 6,
Wherein the device information of the previously authorized USB device is stored in a separate server or a database in the step (b).
The method according to claim 6,
In the step (a), the device information of the USB device includes at least one of a manufacturer ID, a product ID (or a model number), and a production serial number. In the VDI environment, Way.
KR20130048338A 2013-04-30 2013-04-30 Apparatus for contents security of cloud server using usb device in virtual device interface environment and method thereof KR20140129714A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR20130048338A KR20140129714A (en) 2013-04-30 2013-04-30 Apparatus for contents security of cloud server using usb device in virtual device interface environment and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR20130048338A KR20140129714A (en) 2013-04-30 2013-04-30 Apparatus for contents security of cloud server using usb device in virtual device interface environment and method thereof

Publications (1)

Publication Number Publication Date
KR20140129714A true KR20140129714A (en) 2014-11-07

Family

ID=52454926

Family Applications (1)

Application Number Title Priority Date Filing Date
KR20130048338A KR20140129714A (en) 2013-04-30 2013-04-30 Apparatus for contents security of cloud server using usb device in virtual device interface environment and method thereof

Country Status (1)

Country Link
KR (1) KR20140129714A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190078198A (en) 2017-12-26 2019-07-04 국민대학교산학협력단 Secure memory device based on cloud storage and Method for controlling verifying the same
KR20210100353A (en) * 2020-02-06 2021-08-17 주식회사 티오이십일콤즈 User device based on cloud and clould computing system with the same

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190078198A (en) 2017-12-26 2019-07-04 국민대학교산학협력단 Secure memory device based on cloud storage and Method for controlling verifying the same
KR20210100353A (en) * 2020-02-06 2021-08-17 주식회사 티오이십일콤즈 User device based on cloud and clould computing system with the same

Similar Documents

Publication Publication Date Title
US10454942B2 (en) Managed clone applications
US11483252B2 (en) Controlling distribution of resources on a network
US10229283B2 (en) Managing applications in non-cooperative environments
CN107710209B (en) System and method for using per-application profiles in a computing device
CN111382421B (en) Service access control method, system, electronic equipment and storage medium
CA2930253C (en) Single set of credentials for accessing multiple computing resource services
EP3301604B1 (en) Controlling distribution of resources on a network
US9246918B2 (en) Secure application leveraging of web filter proxy services
US9787655B2 (en) Controlling access to resources on a network
US9680763B2 (en) Controlling distribution of resources in a network
US9197417B2 (en) Hosted application sandbox model
US9065771B2 (en) Managing application execution and data access on a device
WO2015096695A1 (en) Installation control method, system and device for application program
US11757937B2 (en) Enabling webapp security through containerization
US20150046979A1 (en) Storage Detection Apparatus, System, and Method
US20210286890A1 (en) Systems and methods for dynamically applying information rights management policies to documents
US10754972B2 (en) Multi-factor administrator action verification system
US20130298187A1 (en) Managing virtual identities
US10210337B2 (en) Information rights management using discrete data containerization
EP3552096A1 (en) Co-existence of management applications and multiple user device management
US9015854B2 (en) Access rights management in enterprise digital rights management systems
KR20140129714A (en) Apparatus for contents security of cloud server using usb device in virtual device interface environment and method thereof
US11687644B2 (en) Secure visual and computational boundary for a subset of resources on a computing machine
KR20140129716A (en) System for storage security of cloud server in cloud computing environment and method thereof
US20140325605A1 (en) System for storage security of cloud server in cloud computing environment and method thereof

Legal Events

Date Code Title Description
N231 Notification of change of applicant
WITN Withdrawal due to no request for examination