KR20200046157A - Data transmission security system of cloud service and a providing method thereof - Google Patents

Abstract

The present invention relates to a data transmission security system of a cloud server and to a providing method thereof. More specifically, in the data transmission security system of the cloud server, by performing additional authentication using a physical authentication key for a plurality of registered user terminals, the user terminal accesses a cloud device through a dedicated upload/download browser which is activated to be provided with a cloud service with enhanced security for a large file, and by using an encryption program and a security key provided in the physical authentication key and performing encryption when uploading the large file, decryption is performed when downloading, so that only users registered as a group can play or edit the large file.

Description

DATA TRANSMISSION SECURITY SYSTEM OF CLOUD SERVICE AND A PROVIDING METHOD THEREOF}

The present invention relates to a data transmission security system of a cloud server and a method for providing the same, and more specifically, through a dedicated upload / download browser activated by performing additional authentication using a physical authentication key for a plurality of registered user terminals. The user terminal accesses a cloud device to receive a cloud service with enhanced security for large files, and uses the encryption program and security key provided in the physical authentication key to download and encrypt the encryption when uploading the large files. The present invention relates to a data transmission security system of a cloud server and a method of providing the same, so that only users registered as a group can perform playback or editing of the large-capacity file by performing time decoding.

With the development of computer network technology, the existing computing environment, which relied on the independent hardware performance of each terminal, is in the form of cloud computing, which provides the corresponding service at the request of the terminal by utilizing all computing resources on the network. Is evolving.

A cloud computing service can be defined as an 'on-demand outsourcing service of computing resources' through a network such as the Internet. In a cloud computing environment, service providers integrate data centers distributed in various places with virtualization technology to provide services required by users. Service users do not install and use necessary computing resources such as applications, storage, operating systems (OS), and security on terminals owned by each user, but are created through virtualization technology. You select and use as many services as you like at the desired time. The user does not pay the purchase cost of each computing resource, but pays the price based on usage.

According to the cloud computing service, users access the cloud network through a network connection and a terminal that performs only basic computing functions at any place to perform tasks requiring large-capacity storage devices and high-performance computing resources, and also provide advanced services. There is an advantage.

Recently, with the popularization of smart phones, it is possible to access the Internet anytime, anywhere, and cloud services are being activated. The cloud service is a service that stores the user's contents such as movies, photos, music, media files, documents, address books, etc. on an external server and can be downloaded and used on any device including a smartphone or tablet PC.

However, the size of the storage space provided by the cloud service is limited, and in order to use more than a certain space, a certain amount of usage fee must be paid. In addition, a storage space for storing a large amount of downloaded data must also be secured in the computing device.

Web hard services, network storage services (NAS), and external hard devices are examples of means for using such cloud services and storing and managing large amounts of data.

Among them, the web hard service does not require the carrying of the device and is operated in a cloud manner, but a fee must be paid periodically or a fee for using data packets must be paid. In addition, the network storage service has the advantage that it is difficult for individuals without expertise to build by themselves without assistance, and it is not necessary to carry, but there is a limitation that it cannot provide cloud services such as media streaming and data backup to a server. .

In addition, the external hard device has the advantage that there is no additional cost after purchasing the device once, and there is a hassle to always have in order to use it, and it should be used only as a simple data storage device that cannot provide a separate cloud service. There is a limit.

Korean Registered Patent [10-1081489] is based on cloud computing technology that provides on-demand outsourcing of computing resources through the Internet, and provides the same user environment in other terminals in addition to the existing user's personal terminal. Disclosed is a method and system for providing an integrated user environment that can be applied and used.

On the other hand, Korean registered patent [10-1545146] discloses a system and method for performing cloud storage-based tasks.

Currently, according to the amount of data that is growing exponentially, the demand for storage of data and utilization of the stored data is increasing. In general, e-mail is mainly used as a method of storing data and transmitting data to others, but in this case, an e-mail server with a vast capacity must be built and maintained. There is a problem that has to handle a large load.

Another way is to use webhard services and cloud services, and service providers have to continuously increase large-capacity servers and maintain an increased system, and from the user's point of view, there is a limit to the capacity and cost that can be provided. Of course, due to the storage space of multiple users managed in one place, there is the inconvenience of taking a burden on the safety of data due to hacking.

On the other hand, in this cloud computing environment, storage security is required to prevent the file data stored in the storage of the cloud server from being leaked by a routine other than a normal routine by an authorized user. In other words, security is needed to prevent file leakage through network hacking and file leakage through direct storage media.

For example, data related to a video such as a movie or a drama has a terabyte size, and when there are a large number of users editing it, it is preferable to use a cloud service because each user cannot have a storage device. . However, in the cloud service, since encryption, access control, data loss prevention, and anomaly detection are important issues, countermeasures are necessary to supplement them.

Korean Registered Patent [10-1081489] (Registration Date: 2011. 11. 02.) Korean Registered Patent [10-1545146] (Publication date: 2015. 08. 11.) Korean Open Patent [10-2016-0026951] (Publication date: 2016. 03. 09.) Korean Registered Patent [10-0875964] (Registration Date: December 18, 2008)

Therefore, the present invention has been devised to solve the above problems, and an object of the present invention is to provide a dedicated upload / download browser that is activated by performing additional authentication using a physical authentication key for a plurality of registered user terminals. Through this, the user terminal accesses a cloud device to receive a cloud service with enhanced security for large files, and uses the encryption program and security key provided in the physical authentication key to encrypt the file when uploading the large file. It relates to a data transmission security system of a cloud server and a method for providing the same, so that only users registered as a group can play or edit the large file by performing decryption when downloading.

The objectives of the embodiments of the present invention are not limited to those mentioned above, and other objects not mentioned will be clearly understood by those skilled in the art from the following description. .

In the data transmission security system of a cloud server according to an embodiment of the present invention for achieving the above object, a plurality of user terminal 100 is provided with a cloud service in the active state of the dedicated upload / download browser; A cloud that is connected to the user terminal through a communication network and executes at least one of searching, downloading, uploading, deleting, backing up, and deduplication of one or more data to a storage space in response to a request for a cloud service from the user terminal. Device 200; A physical authentication key 400 for performing additional authentication according to physical access to the user terminal; And receiving device information, user terminal device information, and member information from the cloud device, registering and authenticating the user terminal and cloud device, registering the physical authentication key, and accessing the registered physical authentication key. Accordingly, a management server 300 for processing settings related to the provision of the cloud service for an authenticated cloud device, and the user terminal, as the physical authentication key is additionally authenticated according to the request for the cloud service , Characterized in that the dedicated upload / download browser is activated, and the physical authentication key is in the form of a Universal Serial Bus (USB), is hardware to which copy protection is applied, and encrypts and decrypts encryption programs and files. It is characterized in that a security key is provided for the above Upload / download browser, file transfer protocol characterized in that the (FTP File Transfer Protocol) connection in the form of software.

The user terminal 100 is connected to a cloud device providing a cloud service through a communication network, the terminal communication unit 101 for transmitting and receiving data; A terminal authentication unit 102 for authenticating and registering the cloud device; An authentication key connection unit 104 that physically connects with the physical authentication key; An input unit 105 for receiving a user request for controlling the operation of the user terminal; An output unit 106 that provides a screen corresponding to the cloud service; A control unit 103 for requesting execution of at least one of search, download, upload, delete, backup and deduplication of one or more data to one or more storage spaces defined in the cloud device; And a terminal storage unit 107 storing data downloaded from the storage space. And an encryption / decryption unit 108 for encrypting or decrypting a file using the security key by loading the encryption program and the security key provided in the physical authentication key.

The cloud device 200 includes: a cloud communication unit 201 connected to one or more user terminals through a communication network to transmit and receive data according to the cloud service; A cloud authentication unit 202 for authenticating and registering the user terminal; An authentication key confirmation unit (203) for receiving and confirming the physical authentication key related information from the user terminal; A service providing unit 204 for providing a cloud service including management of one or more data, provision of media content, and backup of stored data; It characterized in that it comprises a cloud storage unit 205 is defined at least one storage space for storing data for the cloud service.

The management server 300 is connected to one or more cloud devices through a communication network, the server communication unit 301 for transmitting and receiving data; A server authentication unit 302 for authenticating and registering a cloud device and a user terminal registered in the cloud device; An authentication key authentication unit 303 for authenticating the physical authentication key received from the user terminal; A server management unit 304 that processes settings related to cloud service provision from an authenticated cloud device; A member DB 305 for storing user's member information; And a device DB 306 for storing device information of the cloud device registered for each member's account and device information of each user's physical authentication key.

In addition, in the method for providing data transmission security of a cloud server according to an embodiment of the present invention, the management server registers members and devices according to the registration request of the user terminal (S501 to S505); A physical authentication key registration step (S506) of registering a physical authentication key according to the registration request received by the management server; A physical authentication key authentication step (S507 to S511) in which the authentication of the physical authentication key is performed as the physical authentication key is accessed; A dedicated browser activation step (S512) in which a dedicated upload / download browser is activated to the user terminal as the physical authentication key is authenticated; And a data management and transmission step (S513) in which data between the user terminal and the cloud device is managed and transmitted through the activated upload / download browser, and the physical authentication key is a Universal Serial Bus (USB). Bus) type, hardware with copy protection, and an encryption program and a security key for encrypting and decrypting files, and the dedicated upload / download browser is a file transfer protocol (FTP: File Transfer Protocol). ) It is characterized in that it is a connection type software.

The member and device registration step comprises: recognizing the user terminal to the cloud device and requesting registration of the terminal by inputting member information such as an account and a password (S501); The cloud device performing initial authentication for the user terminal (S502); If the user terminal is a normal user, the cloud device requesting the management server to register the terminal and the device (S503); The management server registering a member and a device (S504); And if the member and the device are normally registered, the management server approving the use of the cloud device (S505).

The physical authentication key authentication step, the physical authentication key is accessed through the user terminal (S507); The user terminal requesting confirmation of the physical authentication key from the cloud device (S508); Requesting, by the cloud device, to authenticate the physical authentication key to the management server (S509); Authenticating the physical authentication key at the management server (S510); And a step in which a session is connected between the user terminal and the cloud device as the physical authentication key is authenticated (S511).

In the data management and transmission step (S513), an encryption program and a security key are loaded from the physical authentication key (S601); The encryption program is installed in the user terminal (S602); Downloading a large file from the cloud device according to the request of the user terminal (S603); A step in which the downloaded large-capacity file is decrypted (S604); The decrypted large-capacity file is played or edited according to the request of the user terminal (S605); Encrypting the edited large-capacity file (S606); And a step (S607) of uploading the encrypted large-capacity file at the request of the user terminal.

According to a data transmission security system of a cloud server and a method of providing the same, according to an embodiment of the present invention, through a dedicated upload / download browser activated by performing additional authentication using a physical authentication key for a plurality of registered user terminals Since the user terminal can access the cloud device, it is possible to receive a cloud service with enhanced security.

In addition, according to the data transmission security system of a cloud server and a method of providing the same, according to an embodiment of the present invention, the capacity of data recorded for the production of a video or a movie is very large, and the user individually stores it for editing Users can be provided with convenience because they can be easily uploaded and downloaded via a cloud device without the need for a disk.

In addition, according to the data transmission security system and a method of providing the cloud server according to an embodiment of the present invention, encryption is performed when uploading a large amount of files using an encryption program and a security key provided in the physical authentication key, By performing decryption at the time of download, only the users registered as a group can play or edit the large file, so there is an effect that a grouping operation with enhanced security is possible.

In addition, according to the data transmission security system of the cloud server and a method of providing the same according to an embodiment of the present invention, by using a physical authentication key, it is possible to prevent data from being leaked through network hacking rather than a normal user.

1 is a block diagram of a data transmission security system of a cloud server according to an embodiment of the present invention.
2 is a detailed configuration diagram of an embodiment of the user terminal of FIG. 1;
3 is a detailed configuration diagram of an embodiment of the cloud device of FIG. 1;
4 is a detailed configuration diagram of an embodiment of the management server of FIG. 1;
5 is a flowchart of a method for providing data transmission security of a cloud server according to an embodiment of the present invention.
6 is a detailed flowchart of the data management and transmission steps of FIG. 5;
7 is a view for explaining a dedicated upload / download browser according to an embodiment of the present invention.

The present invention can be applied to various changes and can have various embodiments, and specific embodiments will be illustrated in the drawings and described in detail. However, this is not intended to limit the present invention to a specific embodiment, it should be understood to include all modifications, equivalents, and substitutes included in the spirit and scope of the present invention.

When an element is said to be "connected" or "connected" to another component, it is understood that other components may be directly connected to or connected to the other component, but other components may exist in the middle. It should be.

On the other hand, when a component is said to be "directly connected" or "directly connected" to another component, it should be understood that no other component exists in the middle.

The terms used in this specification are only used to describe specific embodiments, and are not intended to limit the present invention. Singular expressions include plural expressions unless the context clearly indicates otherwise. In this application, terms such as “include” or “have” are intended to indicate that a feature, number, process, operation, component, part, or combination thereof described in the specification exists, and that one or more other features are present. It should be understood that the presence or addition possibilities of fields or numbers, processes, operations, components, parts or combinations thereof are not excluded in advance.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by a person skilled in the art to which the present invention pertains. Terms such as those defined in a commonly used dictionary should be interpreted as having meanings consistent with meanings in the context of related technologies, and should not be interpreted as ideal or excessively formal meanings unless explicitly defined in the present application. Does not.

Hereinafter, the present invention will be described in more detail with reference to the accompanying drawings. Prior to this, the terms or words used in the present specification and claims should not be interpreted as being limited to ordinary or dictionary meanings, and the inventor appropriately explains the concept of terms in order to explain his or her invention in the best way. Based on the principle that it can be defined, it should be interpreted as meanings and concepts consistent with the technical spirit of the present invention. In addition, unless there are other definitions in the technical terms and scientific terms used, those skilled in the art to which this invention pertains have the meanings commonly understood, and the subject matter of the present invention in the following description and the accompanying drawings. Descriptions of well-known functions and configurations that may be obscured are omitted. The drawings introduced below are provided as examples in order to sufficiently convey the spirit of the present invention to those skilled in the art. Accordingly, the present invention is not limited to the drawings presented below and may be embodied in other forms. In addition, the same reference numbers throughout the specification indicate the same components. It should be noted that the same components in the drawings are denoted by the same reference numerals wherever possible.

1 is a block diagram of a data transmission security system of a cloud server according to an embodiment of the present invention.

Referring to Figure 1, the data transmission security system of the cloud server according to the present invention, by executing a dedicated upload / download browser, one or more user terminals 100 requesting a cloud service, the user terminal 100 and the communication network It is connected through, and in response to a request for a cloud service, a cloud device 200 that executes at least one of search, download, upload, delete, backup, and deduplication of one or more data to a storage space, and physically communicates with the user terminal. Registering and authenticating the physical authentication key 400, the user terminal 100, the cloud device 200, and the physical authentication key to perform additional authentication according to access to the cloud service provision related to the authenticated cloud device It includes a management server 300 for processing the settings.

The user terminal 100 can access the cloud device 200 through an internal or external network by executing a dedicated upload / download browser program installed, and receive a cloud service based on a mass storage mounted on the cloud device 200. have.

In addition, the user terminal 100 uses the encryption program and security key provided in the physical authentication key 400 to perform encryption when uploading the large file to the cloud device 200 and decrypt it when downloading. Can be done. Accordingly, the large file can be played or edited only in a terminal equipped with an encryption program.

That is, when a large-capacity file is a video file for re-mastering, for example, the video file must be played or edited for re-mastering, but uploading and downloading are impossible without the physical authentication key 400. Or it is possible to make editing impossible.

The user terminal 100 may access the cloud device 200 through an internal network or an external network.

In order to perform this function, the user terminal 100 connects to an internal network or an external network to transmit and receive data, a communication medium in which a client program is recorded, an AP executing the client program, an execution screen of the client program, and Hardware means such as a display for displaying content provided from the cloud device 200 may be mounted.

In addition, the user terminal 100 is connected to the cloud device 200 through the initial driving WiFi, Bluetooth, NFC tag method, etc. can perform device registration and authentication with each other, and the home or office sharer in the WiFi method (US It may be connected to the internal network by connecting to the network, it may be interlocked with the cloud device 200 through the internal network again.

A plurality of such user terminals 100 may be registered and authenticated as a group.

The user terminal 100 of the present invention includes, for example, a navigation device, a laptop, a mobile communication terminal, a smart phone, a portable media player (PMP), a personal digital assistant (PDA), a tablet PC (Tablet PC), It can be a variety of devices, such as set-top boxes and smart TVs.

Meanwhile, the cloud device 200 may be equipped with a large-capacity cloud platform for providing cloud services. The cloud platform can provide functions such as automatic backup of media files, media content streaming, file download from external systems, double backup of data, and document editing, and can be equipped with a large storage for this.

The cloud device 200 may provide a cloud service by a cloud platform in conjunction with a dedicated upload / download browser (client program) of the user terminal 100, and the cloud service may be set according to the setting of the management server 300. The delivery method may be determined.

On the other hand, the physical authentication key 400 has a universal serial bus (USB) type, and is hardware to which copy protection is applied.

A private certificate is stored in the physical authentication key 400, and it is transmitted to the cloud device 200 to request and receive an authentication key, and the cloud device 200 is delivered to the management server 300. Authenticate the authentication key.

Only when the connection of the physical authentication key 400 is confirmed can the dedicated upload / download browser program be activated in the user terminal 100.

Therefore, it is impossible to access the cloud device 200 through the user terminal without the physical authentication key 400.

In addition, the physical authentication key 400 may be provided with an encryption program and a security key for encrypting and decrypting files. Therefore, a large file must be encrypted before being uploaded to the cloud device 200, and the downloaded large file can be edited or played back after being decrypted.

On the other hand, in order to prevent the physical authentication key 400 from being copied, the unique number of the USB is encrypted and recorded, and then, when the dedicated upload / download browser program is executed using the USB, the unique number of the corresponding USB is encrypted and decrypted. It is also possible to check whether or not to duplicate by comparing the unique number.

Meanwhile, the management server 300 may provide a function of managing one or more cloud devices 200 installed in each home or office. In addition, the management server 300 is connected to the user terminal 100 and the cloud device 200 through a communication network, and supports the user terminal 100 to use the cloud device 200.

The user terminal 100, cloud device 200, and physical authentication key 400 according to the system of the present invention must be registered and authenticated to the management server 300 before use, and the management server 300 is registered and authenticated device Information about the fields can be recorded and stored in a database.

In addition, the management server 300 may store device-specific settings for providing cloud services of each cloud device 200, and provide the setting values when driving to support the cloud devices 200 to operate normally. . In addition, the management server 300 provides the latest firmware (firmware) for the service and security of the cloud device 200 so that the firmware of the cloud device 200 is always kept up to date.

In particular, the management server 300 may provide a function of backing up some or all of the data stored therein by member or device according to a request of the cloud device 200.

According to the above-described structure, the data transmission security system of the cloud server according to an embodiment of the present invention installs a cloud device in each home or office, and a user registers his user terminal, cloud device, and physical authentication key. Large cloud services can be used through the cloud platform provided by the cloud device.

Hereinafter, a user terminal according to an embodiment of the present invention will be described with reference to FIG. 2.

2 is a detailed configuration diagram of an embodiment of the user terminal of FIG. 1.

Referring to FIG. 2, the user terminal 100 of the data transmission security system of the cloud server according to the present invention is connected to a cloud device providing a cloud service through a communication network, and a terminal communication unit 101 for transmitting and receiving data, and a cloud device Terminal authentication unit 102 for authenticating and registering, authentication key access unit 104 for physical access to a physical authentication key, input unit 105 for receiving a user request for controlling the operation of the user terminal 100, cloud service Output unit 106 for providing a screen corresponding to, a control unit for requesting execution of at least one of search, download, upload, delete, backup and deduplication for one or more data to one or more storage spaces defined in the cloud device ( 103), a terminal storage unit (107) for storing data downloaded from the storage space, and an encryption program provided in the physical authentication key And whereby the security key has been loaded, a encryption / decryption unit 108 to encrypt or decrypt the file by using the secret key.

The terminal communication unit 101 may transmit and receive data in cooperation with a cloud device through a communication network. Here, the communication network may be an internal network or an external network, and may access the cloud device 200 through a router as a gateway.

The terminal communication unit 101 may include any one of a Wi-Fi module, a Bluetooth module, a short-range wireless communication (NFC) module, and a LTE modem, and a cloud device through an appropriate protocol according to the situation It can communicate with (200).

In addition, the terminal communication unit 101 is a communication means for interconnecting the user terminal 100 and the management server 300 through a communication network, for example, a wireless communication module such as mobile communication, satellite communication, wired communication module such as the Internet , A short-range wireless communication module such as Wi-Fi.

The terminal authentication unit 102 may register and authenticate the interlocked cloud device. In the embodiment of the present invention, the cloud service requires that the user terminal 100 and the cloud device 200 have a device registration procedure and an authentication procedure between each other, and the user terminal 100 uses a Bluetooth protocol through an NFC tag when it is first driven. Connection and pairing with the cloud device, or in accordance with a user's direct setting input through the user terminal 100, registers an account to register and authenticate devices with each other.

The control unit 103 may perform functions such as file search, download, upload, delete, and sharing settings, which are the main functions of the cloud service in conjunction with a cloud device.

The file search function is a function that enables a user to search for a file stored in a cloud device or a user terminal by entering a file name, an extension name, a type, a size, a date, and a tag in the file explorer provided by the control unit 103. The file explorer can change the search order according to the sorting method and can provide functions such as list, icon, and preview depending on the viewing method.

In addition, the search result by the file search function may be displayed for each file type such as a photo, a video, or a document according to the type of data, and may be separately displayed according to a storage location of the file.

The file download function is a function to store one or more of a plurality of files stored in the cloud device in a default folder of the user terminal.

The file upload function is a function of uploading one or more of a plurality of files stored in the user terminal in the storage space of the cloud device when one or more are selected.

The file deletion function is a function for performing deletion after a verification procedure when one or more are selected according to file search for a cloud device or a user terminal.

The file sharing function is a function for setting data sharing between members by granting access rights from other members or systems to the cloud device or user terminal according to file search.

Further, the control unit 103 may further include a deduplication function for selectively deleting duplicate files when two or more identical files exist for data stored in the storage space.

The authentication key connection unit 104 physically connects with the physical authentication key, and informs the control unit 103 whether or not the connection is made.

The input unit 105 is a means for receiving a user request for controlling the operation of the user terminal 100, and converts the user's request into an electrical signal according to the user's operation. The input unit 105 is an input means for receiving letters, numbers, text, voice, movement, tactile, time, etc. from a user. For example, the input means is a keyboard, keypad, touch screen, visual sensing means, tactile sensing means, motion sensing means , It may be implemented in various forms, such as voice input means.

The user may input an authentication key and work file designation information through the input unit 105. Here, the authentication key may include an ID / password, a private key, and the like.

The output unit 106 is preferably implemented as a display means for displaying screen information according to driving various applications, for example, a flat panel display device such as a liquid crystal display (LCD) or organic light emitting diodes (OLED).

The output unit 106 may provide a screen for a cloud service according to execution of a dedicated upload / download browser. Folders and files, which are data in the storage space of the cloud device, may be provided in the form of a list, and a user may perform a desired operation by selecting a folder or file through an interface implemented on the screen.

The terminal storage unit 107 stores a program necessary for controlling the operation of the user terminal 100 and data generated during the execution of the program. In the terminal storage unit 107, an application for performing a cloud storage-based operation is stored.

The control unit 103 performs the respective operations of the terminal communication unit 101, the authentication key connection unit 104, the input unit 105, the output unit 106, the terminal storage unit 107, and the encryption / decryption unit 108. Sense and control.

Accordingly, the user terminal according to an embodiment of the present invention may be provided with a cloud service such as registering and authenticating a cloud device, accessing an authenticated cloud device through an information communication network, and managing or transmitting a large data file.

3 is a detailed configuration diagram of an embodiment of the cloud device of FIG. 1.

Referring to FIG. 3, the cloud device 200 of the data transmission security system of the cloud server according to the present invention includes: a cloud communication unit 201 connected to one or more user terminals through a communication network to transmit and receive data according to a cloud service; A cloud authentication unit 202 for authenticating and registering the user terminal; An authentication key confirmation unit (203) for receiving and confirming physical authentication key related information from the user terminal; A service providing unit 204 for providing a cloud service including management of one or more data, provision of media content, and backup of stored data; And a cloud storage unit 205 in which one or more storage spaces for storing data for the cloud service are defined.

The cloud communication unit 201 may provide a large-capacity cloud service when a registered and authenticated user terminal accesses through an internal network or an external network. The cloud device 200 is equipped with a cloud platform for providing a service, and according to a request from a user terminal, transmits media content in real time or receives and stores a data file requested to be stored.

The cloud authentication unit 202 performs device registration and authentication procedures for interworking with a user terminal and a management server.

In order to use the cloud service of the present invention, device registration and authentication as well as device registration and authentication with the management server must be preceded, as well as device registration and authentication with the management server, and according to the connection according to the initial connection between the user terminals, the user's It receives and registers member information and device information, and then, when access to the corresponding user terminal is requested, it authenticates and responds to the request of the user terminal.

In addition, the cloud authentication unit 202 provides the member information and device information input during initial registration to the management server to register the two devices in the corresponding account to receive service. In addition, the cloud authentication unit 202 registers the physical authentication key by providing the physical authentication key information to the management server.

The authentication key confirmation unit 203 receives and verifies physical authentication key related information from the user terminal.

The service providing unit 204 may implement a cloud service, such as data management, media content provision, and data backup, according to a user terminal request. In particular, the service providing unit 204 may perform a procedure in response to a file search, download, upload, delete, and sharing setting requested from the user terminal in conjunction with the control unit (103 of FIG. 2).

To this end, the service providing unit 204 interlocks with the control unit of the user terminal to search for, download, upload, delete, backup, and remove duplicate data from the storage space through the file management module and the user terminal. The request may include a media module that provides media content stored in the storage space in a streaming manner, and a backup module that further stores data in the storage space on the management server through an information communication network.

The cloud storage unit 205 may store data for a cloud service. According to the initial setting, the cloud storage unit 205 may be composed of a plurality of folders and files under one root folder, and file systems such as FAT32, NTFS, and ExFAT may be applied.

As the cloud storage unit 205, a storage medium such as a large-capacity magnetic disk, HDD, SHDD, and SDD for data storage may be used, and functions such as storage capacity expansion or replacement may be performed by a device manager supported by the cloud device. I can apply. Also, two or more storage media may operate as one device by applying the RAID method.

According to the above-described structure, the cloud device according to the embodiment of the present invention may provide a cloud service upon request in conjunction with a user terminal, and also access a management server through a communication network to back up data stored in the cloud storage unit. You can.

4 is a detailed configuration diagram of an embodiment of the management server of FIG. 1.

4, the management server 300 of the data transmission security system of the cloud server according to the present invention is connected to one or more cloud devices through a communication network, a server communication unit 301 for transmitting and receiving data, a cloud device and a cloud device Server authentication unit 302 for authenticating and registering the user terminal registered in, Authentication key authentication unit 303 for authenticating the physical authentication key received from the user terminal, Process settings related to cloud service provision from the authenticated cloud device Server management unit 304, member DB 305 for storing user's member information, and device DB for storing device information of each user's account registered cloud device and each user's physical authentication key 306 It includes.

The server communication unit 301 may be connected to each user's cloud device through a communication network to provide a cloud service, and transmit and receive data required to manage each cloud device.

The server authentication unit 302 may perform a user account and cloud device registration and authentication procedure to provide a cloud service.

In order to provide a cloud service according to an embodiment of the present invention, the user's account and its cloud device and physical authentication key must be registered, and authentication of the normal user and device is completed, and approval of the cloud device is required. The server authentication unit 320 can manage the cloud device for each registered user, that is, a member's account, and authorizes the provision of the cloud service to the cloud device when normal authentication is completed.

The authentication key authentication unit 303 receives the information of the physical authentication key received from the user terminal and verifies and authenticates whether it is an authentication key usable in the account and the cloud device.

The server management unit 304 may manage registered and authenticated cloud devices. The cloud device may be registered for each user account, periodically check whether the device operates normally when the cloud device is driven, and provide a function such as firmware update according to the version up.

In addition, the server management unit 304 may periodically or irregularly back up some or all of the data in the storage space according to the request of the cloud device. This is an on-line backup function, which ensures reliability of data retention.

The member DB 305 may store user's member information. Member information may include an account, and the cloud device may be registered and managed for each account. In addition, the device DB 306 may store registered device information for each account, and in particular, when requesting an on-line backup, the backup data may be stored for each account.

On the other hand, the management server 300 for any system attempting to access through the communication network, determines whether a normal connection, performs the access approval or blocking accordingly, and provides a security solution for illegal unauthorized access attempt (Not shown) may further include.

According to the above-described structure, the management server 300 according to an embodiment of the present invention initially registers and authenticates a user terminal and a cloud device at the request of a cloud device through a communication network, and members provide cloud services through the cloud device Management functions for each device can be provided for receiving.

5 is a flowchart of a method for providing data transmission security of a cloud server according to an embodiment of the present invention.

Referring to FIG. 5, in the method for providing data transmission security of a cloud server according to an embodiment of the present invention, when the user first registers, the user terminal 100 owned by the user is recognized by the cloud device 200, and an account, password, etc. Enter the member information of the terminal to request registration of the terminal (S501). According to this request, the cloud device 200 performs initial authentication for the corresponding user terminal 100 (S502), and in the case of a normal user, the cloud device 200 registers the terminal and the device with the management server 300. Request (S503).

In the registration request step (S503), the cloud device 200 must already have a network setting for each home or office.

Accordingly, the management server 300 registers members and devices in the system (S504). Member information and device information are respectively stored in a database, and as the association between the member's account and the device is established, the management server 300 then manages the cloud device 200 for each account. If members and devices are normally registered, the management server 300 approves the use of the cloud device 200 (S505).

Meanwhile, the management server 300 registers a physical authentication key based on information about the physical authentication key received from the user terminal 100 or directly input from the administrator (S506).

Thereafter, as the physical authentication key 400 is accessed (S507), the user terminal 100 requests confirmation of the authentication key from the cloud device 200 (S508).

Thereafter, the cloud device 200 requests authentication of the physical authentication key 400 to the management server 300 (S509).

Thereafter, when authentication key authentication is completed for the physical authentication key 400 (S510), the cloud device 200 prepares for providing a cloud service by connecting one or more sessions to the registered user terminal 100 (S511). ). In step S511, the cloud device 200 may maintain a standby state until a request of the user terminal 100 connected to the session is received.

Thereafter, in the user terminal 100, a dedicated upload / download browser is activated (S512), and the user terminal 100, such as file management, such as file copying, moving, deleting, and sharing using a mass storage, according to a user's request Requesting a cloud service, the cloud device 200 may perform a management procedure in response to this (S513), and return a result. In addition, the result may be displayed on the screen of the user terminal 100.

In addition, as a cloud service, the user can use media content such as watching a real-time video in addition to a function of utilizing a large storage such as file storage, and a video file pre-stored in the cloud device 200 through the user terminal 100 By executing the media content as described above, media streaming can be requested, and the cloud device 200 transmits the corresponding video file in a streaming manner in response thereto, so that it can be played in the user terminal 100.

6 is a detailed flowchart of the data management and transmission step (S513) of FIG. 5.

Referring to FIG. 6, when the physical authentication key 400 is connected to the user terminal 100, an encryption program and a security key are loaded (S601), and an encryption program is installed in the user terminal 100 (S602).

Thereafter, when the user terminal 100 downloads a large file from the cloud device 200 (S603), it may be decrypted using the security key (S604), and play or edit (S605).

Subsequently, the user terminal 100 encrypts a large file that has been played or edited using the security key (S606) and uploads it to the cloud device 200 (S607).

7 is a view for explaining a dedicated upload / download browser according to an embodiment of the present invention.

In the present invention, when the authentication of the physical authentication key is completed in the management server 300, a dedicated upload / download browser is activated to the user terminal. Meanwhile, an FTP access program may be used as the dedicated upload / download browser software.

7 shows an execution screen of a FileZilla program as a dedicated upload / download browser program that can be used in the present invention.

① is the host, the part to enter the address of the server you want to access, ② is the user name, ID, ③ is the password, ④ is the part where the folders and files in the user terminal are displayed, and ⑤ is the connection This is where folders and files of a server are displayed. To upload a file, drag the file from the ④ area to the ⑤ area. To download the file, drag the file from the ⑤ area to the ④ area.

In general, FTP can be used as a web browser such as Internet Explorer or Windows Explorer, but it is convenient in many ways to install and access the FTP client program separately. To access the FTP server, you need the server's IP address or Internet address (URL). Unlike the WWW (http: //), the FTP server's Internet address is used in the form of 'ftp: //'. For example, Microsoft's WWW address is 'http://www.microsoft.com', but the FTP address is 'ftp://ftp.microsoft.com'.

In other words, when using the FTP client program, enter the IP address or Internet address of the server site to be accessed, an authorized user account, and a password, and then access and the top-level folder (directory) is displayed. From then on, you can select a folder / file as if you were using Windows Explorer, and download it to any folder on your PC (Download). Conversely, you can also upload files / folders on your PC to an FTP server (upload).

The FTP service basically provides two types of data access methods, an active mode and a passive mode. The method of using the above-mentioned network port 20 (for data transmission) / 21 (for signal control) between the server and the client is an active mode. However, if these ports (especially number 20) are blocked by some network security devices (firewalls, etc.), problems may occur, such as not displaying properly even if the user accesses an FTP server.

In this case, the data transmission port can be assigned to a random number other than 20 in order to transmit data. Passive mode access can be established and accessed in the FTP client program. If the file list of the FTP server does not appear in manual mode, you should check with the Internet service provider or network administrator of the security device to check the port blocking setting of the security device.

On the other hand, SFTP connection is a security enhancement to a normal FTP connection, and it can prevent hacking or security problems in advance by encrypting account information, etc., when transferring data between a server and a client. The connection method is the same as the normal FTP connection method, except that the FTP server must support it and the network port for signal control uses 22, not 21.

In addition, the SFTP connection can use a public key for security enhancement or a personal authentication key to transmit and receive data more securely. For reference, if you connect in SFTP mode, all hidden files of the FTP server are also displayed. SFTP connection can also be easily configured and used through the FTP client program.

Although the method for providing data transmission security of the cloud server according to an embodiment of the present invention has been described above, the computer-readable recording medium storing a program for implementing the method for providing data transmission security of the cloud server and data transmission security of the cloud server Needless to say, a program stored in a computer-readable recording medium for implementing the provided method can also be implemented.

That is, those skilled in the art will readily understand that the above-described method for providing data transmission security of a cloud server may be provided by being included in a recording medium that can be read through a computer by tangibly implementing a program of instructions for implementing it. . In other words, implemented in the form of program instructions that can be executed through various computer means, it can be recorded on a computer-readable recording medium. The computer-readable recording medium may include program instructions, data files, data structures, or the like alone or in combination. The program instructions recorded on the computer-readable recording medium may be specially designed and configured for the present invention or may be known and available to those skilled in computer software. Examples of the computer-readable recording medium include magnetic media such as hard disks, floppy disks, and magnetic tapes, optical media such as CD-ROMs, DVDs, and floptical disks. Included are magnet-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, USB memory, and the like. The computer-readable recording medium may be a transmission medium such as an optical or metal wire or a waveguide including a carrier wave that transmits a signal designating a program command, data structure, or the like. Examples of program instructions include high-level language code that can be executed by a computer using an interpreter, etc., as well as machine language codes produced by a compiler. The hardware device may be configured to operate as one or more software modules to perform the operation of the present invention, and vice versa.

The present invention is not limited to the above-described embodiments, and the scope of application is various, of course, and various modifications can be implemented without departing from the gist of the present invention as claimed in the claims.

100: user terminal 200: cloud device
300: management server 400: physical authentication key
101: terminal communication unit 102: terminal authentication unit
103: control unit 104: authentication key connection unit
105: input section 106: output section
107: terminal storage unit 108: encryption / decryption unit
201: cloud communication unit 202: cloud authentication unit
203: authentication key confirmation unit 204: service provider
205: cloud storage unit 301: server communication unit
302: server authentication unit 303: authentication key authentication unit
304: server management unit 305: member database
306: device database

Claims (2)

In the data transmission security system of the cloud server,
A plurality of user terminals 100 in which a cloud service is provided in an active state of a dedicated upload / download browser;
Cloud connected to the user terminal through a communication network and executing at least one of search, download, upload, delete, backup and deduplication of one or more data to the storage space in response to a request for a cloud service from the user terminal. Device 200;
A physical authentication key 400 for performing additional authentication according to physical access to the user terminal; And
As the device information of the cloud device, the device information of the user terminal, and the member information are received from the cloud device, the user terminal and the cloud device are registered and authenticated, the physical authentication key is registered, and the registered physical authentication key is accessed. , Management server 300 that processes settings related to the cloud service provided for an authenticated cloud device
Including,
The user terminal,
When the physical authentication key is further authenticated according to the request for the cloud service, the dedicated upload / download browser is activated,
The physical authentication key,
It has the form of a Universal Serial Bus (USB), is a hardware to which copy protection is applied, and is characterized by having an encryption program and a security key for encrypting and decrypting files,
The dedicated upload / download browser,
File transfer protocol (FTP: File Transfer Protocol) data transfer security system of the cloud server, characterized in that the software.
In the method of providing data transmission security of the cloud server,
A member and device registration step in which the management server registers members and devices according to the registration request of the user terminal (S501 to S505);
A physical authentication key registration step (S506) of registering a physical authentication key according to the registration request received by the management server;
A physical authentication key authentication step (S507 to S511) in which the authentication of the physical authentication key is performed as the physical authentication key is accessed;
A dedicated browser activation step (S512) in which a dedicated upload / download browser is activated to the user terminal as the physical authentication key is authenticated; And
Data management and transmission step of managing and transmitting data between the user terminal and the cloud device through the activated upload / download browser (S513).
Including,
The physical authentication key,
It has the form of a Universal Serial Bus (USB), is a hardware to which copy protection is applied, and is characterized by having an encryption program and a security key for encrypting and decrypting files,
The dedicated upload / download browser,
A method of providing data transfer security of a cloud server, characterized in that it is a file transfer protocol (FTP) connection type software.

Images