KR20170108667A - System and method for providing a security service based on a security cloud - Google Patents
System and method for providing a security service based on a security cloud Download PDFInfo
- Publication number
- KR20170108667A KR20170108667A KR1020160032935A KR20160032935A KR20170108667A KR 20170108667 A KR20170108667 A KR 20170108667A KR 1020160032935 A KR1020160032935 A KR 1020160032935A KR 20160032935 A KR20160032935 A KR 20160032935A KR 20170108667 A KR20170108667 A KR 20170108667A
- Authority
- KR
- South Korea
- Prior art keywords
- security
- service
- cloud
- user terminal
- secure
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
The present invention relates to a security service providing system and method.
When a user uses an important service for personal security such as mobile payment, internet banking, and telemedicine provided from a remote service provider using a smart terminal, it is stored in the file system of the smart terminal operating system or connected to the external The personal authentication procedure is performed using the credential information stored in the storage device. In addition, sensitive data such as the user's card information, medical data, etc. are also stored in the smart terminal operating system.
In addition, a user using the service must install a security application for each service provider that provides payment, banking, telemedicine, etc., and the service provider must also install a separate application for each service provider Security applications should be provided.
In such an environment, since the user terminal can easily access the security data stored in the operating system, when the user terminal is hacked or infected with the malicious code, the credential information, the encryption key, etc. can easily leak to the outside .
In addition, since a user using the service must install a plurality of security applications in order to receive different security services, the complexity of the usage environment of the user terminal increases. In addition, since the service provider also has to additionally build a separate system to take into consideration the environment of various users, the management and maintenance costs increase.
Accordingly, it is an object of the present invention to provide a system and method for providing a secure cloud-based security service in which a security service can be performed between a service user terminal and a service provider server using a secure cloud.
According to an aspect of the present invention, there is provided a secure cloud-based security service providing system including a service user terminal for operating an application and a common application; A security cloud that provides a security services platform; And a service provider server for communicating with the secure cloud to provide a security service using the secure cloud, wherein the service user terminal communicates with the secure cloud through the common application, The server communicates with the secure cloud through a gateway. The secure cloud manages a user virtual machine that manages confidential data, executes security applications, performs an authentication function, and performs encryption / For each user terminal.
According to the present invention, the problem of reliability of an application in which security is important, which may occur due to security weakness of an existing user terminal operating system, can be solved. That is, according to the present invention, by using the security cloud, the reliability of the security application execution environment can be ensured and the system can be operated efficiently.
Therefore, according to the present invention, security and efficiency of a system providing security-critical services such as mobile settlement, internet banking, and telemedicine can be enhanced.
1 is a diagram illustrating a configuration of a security cloud-based security service providing system according to the present invention;
BACKGROUND OF THE INVENTION 1. Field of the Invention [0002] The present invention relates to a secure cloud service providing system, and more particularly,
FIG. 3 is a flowchart illustrating a method of requesting and processing execution of a security service after a service user terminal receives a valid security service list by the processes shown in FIG. 2;
4 is a diagram illustrating an example of a function of a service broker in a secure cloud applied to a security cloud-based security service providing system according to the present invention;
BRIEF DESCRIPTION OF THE DRAWINGS The above and other objects, advantages and features of the present invention and methods of achieving them will be apparent from the following detailed description of embodiments thereof taken in conjunction with the accompanying drawings.
The present invention may, however, be embodied in many different forms and should not be construed as being limited to the exemplary embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, And advantages of the present invention are defined by the description of the claims.
It is to be understood that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. In the present specification, the singular form includes plural forms unless otherwise specified in the specification. &Quot; comprises "and / or" comprising ", as used herein, unless the recited component, step, operation, and / Or added.
1 is a diagram illustrating a configuration of a security cloud-based security service providing system according to the present invention.
1, a cloud-based security service providing system according to the present invention (hereinafter simply referred to as a security service providing system) includes a variety of
The
The
The user
The
The
FIG. 2 is a flowchart illustrating a method of exchanging data between a service user terminal and a secure cloud through a secure session, which is applied to a secure cloud-based security service providing system according to the present invention.
The service user inputs ID / PWD for accessing the
The
The
If the passwords PWD match, the
When the
Thereafter, the
The
In the above steps, there is no mutual operation between the
3 is a flowchart illustrating a method of requesting and processing execution of a security service after a service user terminal receives a valid security service list through the processes shown in FIG. 2
When the
The
The
The
If the service user requests the termination of the
When all security sessions are terminated, all session keys that were created are invalidated. When the security service is subsequently restarted, a new session key is generated and the security service is performed.
FIG. 4 is a diagram illustrating a service broker function of a security cloud applied to a security cloud-based security service providing system according to the present invention. In particular, FIG. 8 is an exemplary diagram illustrating the role of a service broker to enable security services to be performed.
The
The
Data exchange between the
The present invention described above is summarized as follows.
It is an object of the present invention to provide a method and system for processing secure user data and performing a security application in secure
The present invention provides security service between the
According to the present invention, an actual security service such as a function of retaining user credential information and an encryption process is performed in the
Also, in the present invention, a common application is provided so that various applications executed in the
In addition, the
The present invention manages and operates security data stored and operated in an existing service user terminal and a security application performing security data processing in a virtualized security cloud environment.
The present invention allows the service user terminal (100) and the service provider server (300) to exchange data through a secure communication channel provided by the secure cloud (200). Accordingly, the service user can use the security service in the enhanced security environment, and the service provider can provide the environment that the service user can use by registering the security service in the
The foregoing description is merely illustrative of the technical idea of the present invention, and various changes and modifications may be made by those skilled in the art without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.
Claims (1)
A security cloud that provides a security services platform; And
And a service provider server for communicating with the secure cloud to provide a security service using the secure cloud,
The service user terminal communicates with the secure cloud through the common application, and the service provider server communicates with the secure cloud through a gateway. The secure cloud manages confidential data, And provides a user virtual machine for performing an authentication function or an encryption / decryption function for each service user terminal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160032935A KR20170108667A (en) | 2016-03-18 | 2016-03-18 | System and method for providing a security service based on a security cloud |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020160032935A KR20170108667A (en) | 2016-03-18 | 2016-03-18 | System and method for providing a security service based on a security cloud |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20170108667A true KR20170108667A (en) | 2017-09-27 |
Family
ID=60036435
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020160032935A KR20170108667A (en) | 2016-03-18 | 2016-03-18 | System and method for providing a security service based on a security cloud |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20170108667A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP4030320A1 (en) * | 2021-01-19 | 2022-07-20 | Assa Abloy AB | Secure cloud processing |
-
2016
- 2016-03-18 KR KR1020160032935A patent/KR20170108667A/en unknown
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP4030320A1 (en) * | 2021-01-19 | 2022-07-20 | Assa Abloy AB | Secure cloud processing |
US11847232B2 (en) | 2021-01-19 | 2023-12-19 | Assa Abloy Ab | Secure cloud processing |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3408987B1 (en) | Local device authentication | |
US9917829B1 (en) | Method and apparatus for providing a conditional single sign on | |
CN110582768B (en) | Apparatus and method for providing secure database access | |
CN105187362B (en) | Method and device for connection authentication between desktop cloud client and server | |
CA2725992C (en) | Authenticated database connectivity for unattended applications | |
CN109587101B (en) | Digital certificate management method, device and storage medium | |
US9374360B2 (en) | System and method for single-sign-on in virtual desktop infrastructure environment | |
CN109905350B (en) | Data transmission method and system | |
US9544137B1 (en) | Encrypted boot volume access in resource-on-demand environments | |
WO2019062666A1 (en) | System, method, and apparatus for securely accessing internal network | |
EP2702744B1 (en) | Method for securely creating a new user identity within an existing cloud account in a cloud system | |
US20150121498A1 (en) | Remote keychain for mobile devices | |
CN111447220B (en) | Authentication information management method, server of application system and computer storage medium | |
EP3973423A1 (en) | Computing system and methods providing session access based upon authentication token with different authentication credentials | |
KR20150092890A (en) | Security-Enhanced Device based on Virtualization and the Method thereof | |
CA2903749A1 (en) | Apparatus, system and method for secure data exchange | |
JP5452192B2 (en) | Access control system, access control method and program | |
KR102012262B1 (en) | Key management method and fido authenticator software authenticator | |
JP2020535530A (en) | Resource processing methods, equipment, systems and computer readable media | |
KR101348079B1 (en) | System for digital signing using portable terminal | |
CN113037736B (en) | Authentication method, device, system and computer storage medium | |
KR101836211B1 (en) | Electronic device authentication manager device | |
US9509503B1 (en) | Encrypted boot volume access in resource-on-demand environments | |
KR101502999B1 (en) | Authentication system and method using one time password | |
KR20170108667A (en) | System and method for providing a security service based on a security cloud |