WO2021080110A1 - Système et procédé permettant de gérer et d'identifier l'affiliation d'un terminal dans un environnement en nuage - Google Patents

Système et procédé permettant de gérer et d'identifier l'affiliation d'un terminal dans un environnement en nuage Download PDF

Info

Publication number
WO2021080110A1
WO2021080110A1 PCT/KR2020/007514 KR2020007514W WO2021080110A1 WO 2021080110 A1 WO2021080110 A1 WO 2021080110A1 KR 2020007514 W KR2020007514 W KR 2020007514W WO 2021080110 A1 WO2021080110 A1 WO 2021080110A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
information
belonging
affiliation
case
Prior art date
Application number
PCT/KR2020/007514
Other languages
English (en)
Korean (ko)
Inventor
이삼일
박시우
정진우
Original Assignee
주식회사 트러스랩
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 트러스랩 filed Critical 주식회사 트러스랩
Publication of WO2021080110A1 publication Critical patent/WO2021080110A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames
    • H04L61/3015Name registration, generation or assignment
    • H04L61/302Administrative registration, e.g. for domain names at internet corporation for assigned names and numbers [ICANN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Definitions

  • the present invention relates to a system and method for identifying and managing affiliation of a terminal in a cloud environment, and more particularly, identification of affiliation of a terminal and software installed in the terminal in a cloud environment, and a terminal whose affiliation is identified, and It relates to a system and method capable of managing software by division.
  • a server (or set of servers) supports terminals of various organizations, companies, or departments. At this time, when the terminal is newly set up (registered), it is necessary to identify the affiliation and accurately set the identifier for the belonging of the terminal.
  • an administrator or a terminal user directly inputs affiliation information from the terminal and transmits it to the server, and approves the affiliation information received from the server or sets it to an unspecified group.
  • This is a manual method in which the administrator reassigns the affiliation after the operation.
  • the present invention enables identification of the affiliation of a terminal connecting to and communicating with a server in a cloud environment and software installed in the terminal, and Its purpose is to provide a system and method that can be managed by division.
  • the system according to an embodiment of the present invention for solving the above problems includes (1) a terminal accessing a server, and (2) setting the affiliation of the terminal using information received from the terminal, and determining the set affiliation. It is a system of a cloud environment each including a server that manages a terminal by performing license management, software update management, policy management, or security management for each of its affiliates.
  • the terminal knows the terminal's own affiliation information from the information stored therein, but if there is authentication information or additional information of the installed software, it grasps the affiliation information from it, and uses the identified affiliation information to belong to a hash of a certain size. It is generated as an identifier, but when the belonging information is composed of a plurality of layers, the belonging identifier is determined by selecting at least two layers and selecting to include the lowest layer, combining the belonging information of the selected layers, and processing the combination information with a hash function. Can be generated.
  • the server may set the belonging of the terminal using the belonging identifier received from the terminal.
  • the affiliation information may include a first layer, which is information related to an organization or company, and a second layer, which is information related to a team, department, or group.
  • the server stores corresponding information including the belonging identifier and the belonging information matched thereto in the first case, if the belonging identifier received from the terminal corresponds to the belonging identifier of the corresponding information, the corresponding information belongs.
  • the affiliation of the terminal can be set using the information.
  • the terminal transmits its own belonging information in addition to the belonging identifier, if the format of the belonging identifier received from the terminal conforms to a predetermined format, the terminal uses the belonging information received together. You can set the affiliation of.
  • the terminal transmits its own private IP address and public IP address in addition to the belonging identifier, if the format of the belonging identifier received from the terminal conforms to the predetermined format, the received private IP address together.
  • the affiliation of the terminal can be set using the IP address and public IP address.
  • the server uses the received private IP address and public IP address in the fifth case in which the terminal fails to grasp its belonging information and transmits its own private IP address and public IP address instead of the belonging identifier. You can use this to set the affiliation of the terminal.
  • the server may select a terminal belonging setting method in any one of the second to fifth cases according to the security level.
  • the fifth case may be applied with a lower level of security than the second to fourth cases.
  • the server may store the terminal's belonging identifier to be displayed in the form of a string of m base numbers (where m is a multiple of 4) separated by a delimiter.
  • the terminal connects to a server and transmits information, so that the server sets its own affiliation and uses the set affiliation to perform license management, software update management, policy management, or security management for each affiliation.
  • a terminal in a cloud environment that allows the terminal to manage itself by performing (1) a storage unit that stores information, (2) the information stored in the storage unit identifies the terminal's own affiliation information, but provides authentication information of the installed software or When there is additional information, the affiliation information is identified from it, and a hash of a certain size is generated as an affiliation identifier using the identified affiliation information. If the affiliation information consists of multiple layers, select at least two layers and be sure to be the lowest.
  • It includes a control unit that selects to include a layer, combines belonging information of the selected layers, processes the combination information with a hash function to generate a belonging identifier, and controls to transmit the generated belonging identifier to the server, wherein the belonging information is the organization Or a first layer, which is information related to a company, and a second layer, which is information related to a team, department, or group.
  • the server sets the affiliation of the terminal using information received from the terminal accessing it, and license management, software update management, policy management, or security management for each affiliation using the set affiliation.
  • a server in a cloud environment that manages the terminal by performing (1) a communication unit that communicates with the terminal, (2) a control unit that controls to set the affiliation of the terminal by using the identification when a belonging identifier is received by the communication unit, and the The terminal knows about the terminal's own affiliation information from the information stored therein, but if there is authentication information or additional information of the installed software, it grasps the affiliation information from it, and uses the identified affiliation information to obtain a hash of a certain size as a member identifier.
  • the affiliation information includes a first layer, which is information related to an organization or company, and a second layer, which is information related to a team, department, or group.
  • a method is a method for identifying and managing affiliation of a terminal in a cloud environment of a terminal and a server, comprising: (1) a transmission step in which the terminal accesses the server and transmits information, (2) the server The configuration step of setting the affiliation of the terminal using the information received from the server, (3) management of managing the terminal by performing license management, software update management, policy management, or security management for each affiliation using the affiliation in which the server is set. Includes steps.
  • the terminal identifies the terminal's own affiliation information from the information stored therein, but if there is authentication information or additional information of the installed software, the affiliation information is identified therefrom, and a certain size of the affiliation information is used.
  • a hash is generated as a membership identifier, but if the membership information is composed of a plurality of layers, selecting at least two layers and selecting to include the lowest layer, combining the membership information of the selected layers, and processing the combination information with a hash function. Generating a belonging identifier, and transmitting the generated belonging identifier to the server may be included.
  • the setting step may include the step of setting the affiliation of the terminal by the server using the belonging identifier received from the terminal.
  • the affiliation information may include a first layer, which is information related to an organization or company, and a second layer, which is information related to a team, department, or group.
  • the corresponding response may include the step of setting the affiliation of the terminal by using the belonging information of the information.
  • the server transmits its own belonging information in addition to the belonging identifier in the first case, if the format of the belonging identifier received from the terminal conforms to the predetermined format, the received belonging information is stored together. It may include the step of setting the affiliation of the terminal by using.
  • the server transmits its own private IP address and public IP address in addition to the belonging identifier in the first case, if the format of the belonging identifier received from the terminal conforms to the predetermined format, It may include the step of setting the belonging of the terminal using the received private IP address and public IP address.
  • the received private IP address and public IP address are performed in the setting step. It may include the step of setting the affiliation of the terminal using the IP address.
  • the setting step may include a step in which the server can select a terminal belonging setting method from the second case to the fifth case according to the security level, and the fifth case is more than the second case to the fourth case. It can be applied with a lower level of security.
  • the setting step may include storing, by the server, the belonging identifier of the terminal to be displayed in the form of a string of m base numbers (where m is a multiple of 4) separated by a delimiter.
  • the present invention configured as described above has the advantage of being able to identify affiliation of a terminal that connects to a server and communicates with a server in a cloud environment and the software installed in the terminal, and manages the terminal and software with which the affiliation is identified by division. .
  • the present invention eliminates the need for direct intervention of users and administrators each time a terminal affiliation is set, thus increasing the convenience of the terminal affiliation setting, reducing the time required for the terminal affiliation setting, and preventing an error in the terminal affiliation setting. There is an advantage to be able to.
  • FIG. 1 shows a configuration diagram of a system 100 according to an embodiment of the present invention.
  • FIG. 3 shows a block diagram of the server 20.
  • FIG. 4 is a flowchart of a method for identifying and managing affiliation of a terminal in a cloud environment according to an embodiment of the present invention.
  • FIG. 5 shows an example of a process of a method for identifying and managing affiliation of a terminal in a cloud environment according to an embodiment of the present invention.
  • terminal 20 server
  • control unit 100 system
  • FIG. 1 shows a configuration diagram of a system 100 according to an embodiment of the present invention.
  • the system 100 (hereinafter referred to as “this system”) according to an embodiment of the present invention is a system in a cloud environment, and includes a terminal 10 and a server 20, as shown in FIG. 1, It is a system that enables identification and management of the affiliation of the terminal 10.
  • the terminal 10 or the server 20 may be plural.
  • affiliation may collectively refer to one independent organization or company, or a team, department, or group belonging to it.
  • one terminal 10 may belong to only one organization or company, but in the case of a team, group, or department having a characteristic of a hierarchical structure, one terminal 10 It may belong to the target you belong to.
  • the server 20 may support multiple organizations, companies, teams, groups, or departments. Therefore, when the terminal 10 is newly registered, it must be possible to identify affiliation and accurately register the belonging identifier of the terminal 10, and the system 100 can perform this function.
  • the terminal 10 is an electronic device that connects to the server 20 and communicates, and is an electronic device belonging to a certain affiliation.
  • the terminal 10 may be an electronic device that requires membership setting (registration) through identification of its belonging in the server 20, or may be an electronic device in which the membership setting has already been made in the server 20.
  • terminal 10 it is assumed that the server 20 has not yet set up affiliation, and when referred to as “registered terminal 10”, it is assumed that affiliation setting has been made at the server 20. Do it.
  • the terminal 10 is a desktop PC (desktop personal computer), a laptop PC (laptop personal computer), a tablet PC (tablet personal computer), a netbook computer (netbook computer), a workstation (workstation), PDA (personal digital computer). assistant), a smartphone, a smartpad, a mobile phone, or an Internet of Things (IoT) device, but is not limited thereto.
  • desktop PC desktop personal computer
  • laptop PC laptop personal computer
  • a tablet PC tablet personal computer
  • netbook computer netbook computer
  • workstation workstation
  • PDA personal digital computer
  • assistant personal digital computer
  • smartphone smartphone
  • smartpad smartpad
  • mobile phone or an Internet of Things (IoT) device, but is not limited thereto.
  • IoT Internet of Things
  • the terminal 10 communicates with the server 20 to transmit and receive various types of information.
  • the terminal 10 transmits its own hardware-related unique identifier (eg, MAC address, etc.), a public IP address, and the like to the server 20.
  • the terminal 10 may transmit information that enables the server 20 to identify a member of the terminal 10 itself, that is, an affiliation identifier or a private IP address, to the server 20.
  • the terminal 10 may include an input unit 11, a storage unit 12, a communication unit 13, a display unit 14, a control unit 15, and the like, as shown in FIG. 2.
  • the input unit 11 is a component that receives various types of information. That is, the input unit 11 generates input data in response to a user's input.
  • the input unit 11 may include at least one input means.
  • the storage unit 12 is a component that stores various types of information. That is, various types of information necessary for the operation of the terminal 10 (that is, a hardware-related unique identifier of the terminal 10, a public IP address, affiliation information, an affiliation identifier, a private IP address, etc.), software, and the like may be stored.
  • the communication unit 13 is a component that communicates with the server 20 and the like.
  • the communication unit 13 transmits information (such as belonging identifier or private IP address) that enables identification of affiliation of the terminal 10 itself, in addition to its own hardware-related unique identifier, public IP address, etc. I can.
  • the communication unit 13 may receive a request for its own current state information from the server 20 and transmit information on the corresponding current state to the server 20.
  • the communication unit 13 may receive management information according to affiliation of the terminal 10 from the server 20.
  • the communication unit 13 may include a wired/wireless communication module of various communication methods.
  • the display unit 14 is a component that displays display data according to the operation of the terminal 10.
  • the display unit 14 may be combined with the input unit 11 to be implemented as a touch screen or the like.
  • the control unit 15 is a component that controls the input unit 11, the storage unit 12, the communication unit 13, the display unit 14, and the like.
  • the control unit 15 collects/generates various information (such as belonging identifier or private IP address) for identification of its belonging, and transmits it to the server 20 together with its own hardware-related unique identifier and public IP address. Control to do it. This function may be performed through software installed in the storage unit 12.
  • the server 20 establishes (registers) affiliation of the terminal 10 by using the information received from the terminal 10. Thereafter, the server 20 may manage the registered terminal 10 for each of its affiliations by using the set belonging information.
  • FIG. 3 shows a block diagram of the server 20.
  • the server 20 may include an input unit 21, a storage unit 22, a communication unit 23, a display unit 24, a control unit 25, and the like, as shown in FIG. 3.
  • the input unit 21 is a component that receives various types of information. That is, the input unit 21 generates input data in response to the input of the server manager.
  • the input unit 21 may include at least one input means.
  • the storage unit 22 is a component that stores various types of information. That is, various types of information necessary for the operation of the server 20 (ie, a hardware-related unique identifier of the terminal 10, a public IP address, affiliation information, a membership identifier, a private IP address, etc.), software, and the like may be stored. This information may be information received by the terminal 10.
  • the communication unit 23 is a component that communicates with the terminal 10 and the like.
  • the communication unit 23 in addition to the hardware-related unique identifier of the terminal 10 from the terminal 10, a public IP address, etc., information that enables identification of affiliation for the terminal 10 itself (affiliation identifier or private IP address, etc.) ) Can be received.
  • the communication unit 23 may request the current state information of the terminal 10 and receive the corresponding current state information.
  • the communication unit 23 may transmit management information according to affiliation of the terminal 10 to the terminal 10.
  • the communication unit 23 may include wired/wireless communication modules of various communication methods.
  • the display unit 24 is a component that displays display data according to the operation of the server 20.
  • the display unit 24 may be combined with the input unit 21 to be implemented as a touch screen or the like.
  • the control unit 25 is a component that controls the input unit 21, the storage unit 22, the communication unit 23, the display unit 24, and the like. Particularly, the control unit 25 collects/generates various information (such as belonging identifier or private IP address) for identification of its belonging, and transmits it to the server 20 together with its own hardware-related unique identifier and public IP address. Control to do it. This function may be performed through software installed in the storage unit 22.
  • the input units 11 and 21 are a keyboard (key board), a keypad (key pad), a dome switch (dome switch), a touch panel (touch panel), a touch key (touch key), a mouse (mouse), or It may include a menu button or the like, but is not limited thereto.
  • the storage units 12 and 22 may have a hard disk type, a magnetic media type, a compact disc read only memory (CD-ROM), an optical recording medium type ( Optical Media type), magneto-optical media type, multimedia card micro type, flash memory type, read only memory type, or RAM It may be a type (random access memory type) or the like, but is not limited thereto.
  • the storage unit 22 may be a cache, a buffer, a main memory device, an auxiliary memory device, or a storage system separately provided depending on its purpose/location, but is not limited thereto.
  • the communication units 13 and 23 are 5G (5th generation communication), LTE-A (long term evolution-advanced), LTE (long term evolution), Bluetooth, BLE (bluetooth low energe), or NFC (near field) communication) may be performed, and wired communication such as cable communication may be performed, but the present invention is not limited thereto.
  • the display units 14 and 24 include a liquid crystal display (LCD), a light emitting diode (LED) display, an organic light emitting diode (OLED) display, and a microelectromechanical system (MEMS). ; micro electro mechanical systems) may include a display or an electronic paper display, but is not limited thereto.
  • LCD liquid crystal display
  • LED light emitting diode
  • OLED organic light emitting diode
  • MEMS microelectromechanical system
  • micro electro mechanical systems may include a display or an electronic paper display, but is not limited thereto.
  • controllers 15 and 25 may be a processor or software executed by a corresponding processor, but are not limited thereto.
  • this method a method for identifying and managing affiliation of a terminal in a cloud environment according to an embodiment of the present invention.
  • FIG. 4 is a flowchart of a method for identifying and managing affiliation of a terminal in a cloud environment according to an embodiment of the present invention.
  • FIG. 5 shows an example of a process of a method for identifying and managing affiliation of a terminal in a cloud environment according to an embodiment of the present invention.
  • a method for identifying and managing affiliation of a terminal in a cloud environment includes S100 to S300, as shown in FIG. 4.
  • S100 to S300 may be controlled by the controllers 15 and 25 of the terminal 10 and the server 20.
  • the controllers 11 and 21 may perform a control function for S100 to S300 using dedicated software installed in the terminal 10 and the server 20.
  • S100 is a step in which the terminal 10 collects/generates information for identifying its belonging and transmits it to the server 20.
  • the terminal 10 may identify affiliation, such as a belonging identifier or private IP address, in addition to its own hardware-related unique identifier and public IP.
  • the information for it may be transmitted to the server 20 together.
  • S200 is a step in which the server 20 sets (registers) the affiliation of the terminal 10 by using the information received from the terminal 10.
  • the server 20 may pre-store a belonging database that may belong to the terminal 10.
  • the belonging database may include a name, address, phone number, domain, email, or IP address related to an organization, company, team, department, or group.
  • the IP address may include a private IP address in addition to the public IP address. This is because in the case of using a router, the public IP may be the same even if the team, department, or group is different. That is, even if the public IP address is the same, the private IP address of the terminal 10 may vary according to a team, a department, or a group.
  • S200 may perform various identification and setting of affiliation for the terminal 10. have.
  • the server 20 when the terminal 10 generates itself as its belonging identifier and transmits it to the server 20 (hereinafter referred to as “first case”), the server 20 is the belonging identifier received from the terminal 10 It is possible to identify and set the affiliation of the terminal 10 by using.
  • the terminal 10 can grasp its own belonging information from information previously stored therein. Thereafter, the terminal 10 may generate a hash of a predetermined size as a membership identifier by using the identified belonging information. That is, the terminal 10 may generate a hash by processing the identified belonging information with a hash function. Thereafter, the terminal 10 may transmit the generated belonging identifier to the server 20.
  • the belonging information is information related to the belonging of the terminal 10.
  • the affiliation information may be a name, address, phone number, domain, or email related to an organization, company, team, department, or group.
  • Such affiliation information may be identified using authentication information of software installed inside the terminal 10 or additional information of the software. That is, when the software is installed, its own authentication information may be stored together in the terminal 10 according to affiliation, or additional information about affiliation may be stored together by the installer's writing. Accordingly, the terminal 10 can grasp its own belonging information by using this belonging information.
  • the belonging information identified by the terminal 10 may be composed of a plurality of hierarchies.
  • the information on the affiliation constitutes a plurality of layers (first layer, second layer, etc.).
  • the first layer corresponds to a layer higher than the second layer.
  • it is reflected in the belonging database stored in the server 20 to store the plurality of hierarchies.
  • the first layer may include information related to an organization or company
  • the second layer may include information related to a team, department, or group. That is, the first layer may be information on a name, address, phone number, domain, or email related to an organization or company.
  • the second layer may be information about a name, address, phone number, domain, or email related to a team, department, or group.
  • the second layer may include a plurality of lower layers. That is, in a team, department, or group according to the second layer, a plurality of sub-teams, sub-departments, or sub-groups may exist.
  • the terminal 10 may select at least two layers, but select to necessarily include the lowest layer to generate combination information combining the belonging information of the selected layers. .
  • affiliation information about the lowest level allows you to grasp information about the upper level as well. For example, if company A has departments B and C, and department B has subdivisions a, b, and c, then the information on the hierarchy of subdivisions b is sufficient for the B department and company A above it. Can be grasped.
  • the name may be mixed and used by different departments.
  • the a, b, and c subdivisions exist in department C. Therefore, in order to grasp more identified information, in addition to the selection of the lowest layer, it is necessary to also select another layer higher than that of the lowest layer.
  • combination information having a larger identification function can be generated by using the minimum belonging information.
  • the present invention is not limited thereto, and the terminal 10 may generate combination information by selecting belonging information of all the identified layers. Thereafter, according to the first case, the terminal 10 may generate a belonging identifier by processing the combination information with a hash function and transmit it to the server 20.
  • the terminal 10 may generate a membership identifier by combining and lowering the identified belonging information and generating a hash using a Message-Digest Algorithm 5 (MD5) hash function.
  • MD5 Message-Digest Algorithm 5
  • the terminal 10 may convert the hash into a certain format and display it. That is, the terminal 10 may convert the hash to be displayed in the form of a string of m base numbers (where m is a multiple of 4) separated by a separator. In addition, the terminal 10 may transmit the converted information to the server 20 as a belonging identifier. This hash conversion function may be performed by the server 20. In particular, when the hash is converted into a string format and displayed, in S200 to be described later, when a manual confirmation of the server 20 side administrator is required when identifying and setting affiliation of the terminal 10, the readability of the recognition can be improved. have. At this time, the administrator may decide to approve, suspend, or reject when requesting a new registration.
  • hashes are 36 characters (8-4-4-4-4-12) such as “231e2310-e31b-31d4-a231-231231231231”, similar to the format of a universally unique identifier (UUID). Can be converted to be marked with a hyphen (-).
  • each character may be a hexadecimal number, and a separator may be omitted, such as “231e2310e31b31d4a231231231231231”.
  • the correspondence information includes belonging information matching the received belonging identifier, and may be information including information about the belonging identifier in the belonging database.
  • the correspondence information may be information in which an affiliation identifier and affiliation information matched therewith are stored in the form of a table or the like.
  • the server 20 responds when the received belonging identifier corresponds to the belonging identifier of the corresponding information.
  • the affiliation of the terminal 10 may be identified and set using the belonging information of the information. For example, after checking whether the received belonging identifier is in the belonging database, the server 20 may set the affiliation of the corresponding terminal 10 according to the belonging information according to the checked information.
  • the server 20 can identify and set the affiliation of the terminal 10 even if there is no corresponding information. That is, the server 20 may set the affiliation of the terminal 10 using the belonging information received together if the format of the belonging identifier received from the terminal 10 conforms to a predetermined format. For example, if the received affiliation identifier format conforms to a predetermined format, the server 20 checks whether the affiliation information received together is in the belonging database, and then the corresponding terminal 10 according to the affiliation information according to the checked information. You can set your affiliation.
  • the predetermined format may be related to a format that can only be generated according to a method in which the terminal 10 generates a belonging identifier in S100. For example, whether or not the belonging identifier has a predetermined size, whether the belonging identifier can be displayed in the form of a string of a predetermined size of m base numbers (however, m is a multiple of 4) separated by a delimiter, such as UUID. However, it is not limited thereto.
  • the server 20 can identify and set the affiliation of the terminal 10 even if there is no corresponding information and the belonging information is not received from the terminal 10. That is, the server 20 may set the affiliation of the terminal 10 using the IP address received together if the format of the belonging identifier received from the terminal 10 conforms to a predetermined format. For example, if the received affiliation identifier format conforms to the predetermined format, the server 20 checks whether the IP address received together is in the affiliate database, and then the corresponding terminal 10 according to the affiliation information according to the checked information. You can set your affiliation.
  • the server 20 can identify and set the affiliation of the terminal 10 even if there is no corresponding information and the belonging identifier and the belonging information are not received from the terminal 10. That is, the server 20 may set the affiliation of the terminal 10 by using the IP address received from the terminal 10. For example, after checking whether the received IP address is in the belonging database, the server 20 may set the belonging of the corresponding terminal 10 according to the belonging information according to the checked information.
  • the server 20 pre-stores information on affiliation of each IP address or IP address, and such information is It may be in a form that includes information.
  • a public IP can be used by a plurality of affiliates, it may be desirable to use a private IP as well to distinguish them. That is, in the fourth and fifth cases, the terminal 10 may transmit its own private IP address and public IP address to the server 20.
  • the server 20 may set a security level, select at least two of the second to fifth cases according to the security level, and set the belonging of the terminal 10 according to the selected case. have.
  • the security level is very high
  • the security level when the security level is low, it may be implemented so that the belonging of the terminal 10 is automatically set according to the belonging setting of the terminal 10 according to any one of the second to fifth cases.
  • a case other than the fifth case may correspond to a situation in which the security level is high. Accordingly, it may be preferable that the belonging setting of the terminal 10 according to the fifth case be used when the security level is lower than in other cases.
  • the server 20 may register the belonging identifier while setting the belonging to the terminal 10. That is, in the first to fourth cases, since the terminal 10 transmits the belonging identifier, the corresponding belonging identifier may be stored in the belonging database as the belonging identifier for the terminal 10, but is not limited thereto. That is, the server 20 may generate and store a membership identifier other than the received belonging identifier. In addition, in the fifth case, since the terminal 10 does not transmit the belonging identifier, the server 20 may separately generate the belonging identifier in the terminal 10 and store it in the belonging database.
  • S300 is a step of performing management of the registered terminal 10. That is, when the membership setting for the terminal 10 is completed in accordance with S200, the server 20 may manage the registered terminal 10 for each affiliation by using the stored affiliation identifier.
  • the management performed by the server 20 on the registered terminal 10 by affiliation may include license management, software update management, policy management, or security management, but is not limited thereto.
  • the server 20 may request information on the current state of the registered terminal 10.
  • the current state information may be information related to the state of hardware or software of the registered terminal 10.
  • the server 20 may receive the corresponding current state information from the registered terminal 10 and transmit management information according to the affiliation of the registered terminal 10 to the terminal 10 by referring to this information.
  • the management information may include updated license data, software data, policy data, or security data, and the terminal 10 may receive the corresponding management information and update it by reflecting it.
  • the server 20 may transmit management information of various levels to the registration terminal 10 according to which of the second to fifth cases the registration terminal 10 belongs to is set. That is, this corresponds to a case in which the registration terminal 10 (second terminal) according to other cases has a higher security level than the registration terminal 10 (first terminal) according to the fifth case. Therefore, even if the first terminal and the second terminal belong to the same, the server 20 may differently transmit the first management information for the first terminal and the second management information for the second terminal. For example, software data for specific software update may not be transmitted to the first terminal, but may be transmitted to the second terminal.
  • a program according to an embodiment of the present invention is a program stored in a medium for identification and management of the belonging of the terminal 10 in a cloud environment according to the method described above.
  • a program according to an embodiment of the present invention may be recorded in a recording medium that can be read by a computer or a similar device.
  • the recording medium is a hard disk type, magnetic media type, compact disc read only memory (CD-ROM), optical media type, and magnetic-optical medium.
  • Type magnetic-optical media type
  • multimedia card micro type card type memory (eg, SD or XD memory, etc.), flash memory type, ROM (read only memory); ROM), RAM (random access memory; RAM), or a buffer, a main memory device, or an auxiliary memory device formed of a memory composed of a combination thereof, but is not limited thereto.
  • a communication network such as the Internet, an intranet, a local area network (LAN), a wide LAN (WLAN), or a storage area network (SAN) in the program and input device according to an embodiment of the present invention, Alternatively, it may be stored in an attachable storage device that can be accessed through a communication network composed of a combination thereof.
  • LAN local area network
  • WLAN wide LAN
  • SAN storage area network
  • the present invention eliminates the need for direct intervention of users and administrators whenever the terminal 10 is assigned, thus increasing the convenience of setting the terminal affiliation and reducing the time required for the setting of the terminal affiliation. There is an advantage that can be prevented.
  • the present invention relates to a system and method capable of identifying affiliation of a terminal that connects to a server and communicates with a server in a cloud environment and the affiliation of the software installed in the terminal and manages the terminal and software with the identification of affiliation by division. There is availability.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

La présente invention concerne un système et un procédé permettant de gérer et d'identifier l'affiliation d'un terminal dans un environnement en nuage. Un système selon un mode de réalisation de la présente invention est un système dans un environnement en nuage, et comprend : un terminal connecté à un serveur ; et le serveur qui établit l'affiliation du terminal au moyen des informations reçues en provenance du terminal, et gère le terminal au moyen de l'affiliation établie. Dans un premier cas, dans lequel le terminal reconnaît les informations d'affiliation du terminal à partir d'informations stockées dans le terminal, utilise les informations d'affiliation reconnues pour générer un hachage d'une certaine taille en tant qu'identifiant d'affiliation, et transmet l'identifiant d'affiliation généré au serveur, le serveur établit l'affiliation du terminal au moyen de l'identifiant d'affiliation reçu en provenance du terminal.
PCT/KR2020/007514 2019-10-22 2020-06-10 Système et procédé permettant de gérer et d'identifier l'affiliation d'un terminal dans un environnement en nuage WO2021080110A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020190131229A KR102081173B1 (ko) 2019-10-22 2019-10-22 클라우드 환경에서 단말의 소속 식별 및 관리를 위한 시스템과 방법
KR10-2019-0131229 2019-10-22

Publications (1)

Publication Number Publication Date
WO2021080110A1 true WO2021080110A1 (fr) 2021-04-29

Family

ID=69647782

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2020/007514 WO2021080110A1 (fr) 2019-10-22 2020-06-10 Système et procédé permettant de gérer et d'identifier l'affiliation d'un terminal dans un environnement en nuage

Country Status (2)

Country Link
KR (1) KR102081173B1 (fr)
WO (1) WO2021080110A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102081173B1 (ko) * 2019-10-22 2020-02-25 주식회사 트러스랩 클라우드 환경에서 단말의 소속 식별 및 관리를 위한 시스템과 방법

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008003809A (ja) * 2006-06-21 2008-01-10 Hitachi Ltd 情報共有制御システム
KR101079968B1 (ko) * 2008-06-30 2011-11-04 주식회사 케이티 이동 통신 단말의 사용자가 소속된 그룹에 따라 상기 이동통신 단말의 런처를 자동 변경시켜주는 방법 및 시스템
KR20130064701A (ko) * 2011-12-08 2013-06-18 팔로 알토 리서치 센터 인코포레이티드 프라이버시―보존 협력 필터링
KR20130136331A (ko) * 2012-06-04 2013-12-12 임재길 원활하게 교류가 이루어지도록 하는 사내 커뮤니케이션 시스템 및 이를 이용한 방법.
JP2017059174A (ja) * 2015-09-18 2017-03-23 デジタルア−ツ株式会社 プログラム、情報処理装置及び情報処理方法
KR102081173B1 (ko) * 2019-10-22 2020-02-25 주식회사 트러스랩 클라우드 환경에서 단말의 소속 식별 및 관리를 위한 시스템과 방법

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008003809A (ja) * 2006-06-21 2008-01-10 Hitachi Ltd 情報共有制御システム
KR101079968B1 (ko) * 2008-06-30 2011-11-04 주식회사 케이티 이동 통신 단말의 사용자가 소속된 그룹에 따라 상기 이동통신 단말의 런처를 자동 변경시켜주는 방법 및 시스템
KR20130064701A (ko) * 2011-12-08 2013-06-18 팔로 알토 리서치 센터 인코포레이티드 프라이버시―보존 협력 필터링
KR20130136331A (ko) * 2012-06-04 2013-12-12 임재길 원활하게 교류가 이루어지도록 하는 사내 커뮤니케이션 시스템 및 이를 이용한 방법.
JP2017059174A (ja) * 2015-09-18 2017-03-23 デジタルア−ツ株式会社 プログラム、情報処理装置及び情報処理方法
KR102081173B1 (ko) * 2019-10-22 2020-02-25 주식회사 트러스랩 클라우드 환경에서 단말의 소속 식별 및 관리를 위한 시스템과 방법

Also Published As

Publication number Publication date
KR102081173B1 (ko) 2020-02-25

Similar Documents

Publication Publication Date Title
WO2012057581A4 (fr) Système d'infonuagique et son procédé de synchronisation de données
WO2013025085A2 (fr) Appareil et procédé permettant de prendre en charge un nuage de famille dans un système informatique en nuage
WO2020224249A1 (fr) Procédé, dispositif et appareil de traitement de transaction basé sur chaîne de blocs, et support de stockage associé
WO2021071032A1 (fr) Procédé et appareil de contrôle d'accès au dispositif pour l'internet des objets
WO2014185594A1 (fr) Système et procédé à authentification unique dans un environnement vdi
WO2014069787A1 (fr) Sécurité par le biais d'orchestrateurs de métadonnées
WO2013008994A1 (fr) Procédé de découverte de dispositifs et procédé de téléchargement de contenu
EP2761447A2 (fr) Appareil et procédé de synchronisation de données d'application
WO2012099330A2 (fr) Système et procédé de délivrance d'une clé d'authentification pour authentifier un utilisateur dans un environnement cpns
WO2013024986A2 (fr) Système de détermination de position d'identifiant de réseau et procédé associé
WO2014204084A1 (fr) Procédé de service de partage d'application et appareil appliqué à ce dernier
WO2013085144A1 (fr) Procédé permettant de fournir un service d'invitation dans un groupe sns et serveur sns associé
WO2015030511A1 (fr) Dispositif terminal pour protection de terminal, procédé de protection de terminal associé, et dispositif serveur de gestion de terminal
WO2021040283A1 (fr) Serveur de système de gestion de temps et de présence pouvant effectuer une gestion de temps et de présence sur la base d'informations d'accès ap sans fil, et son procédé de fonctionnement
WO2012070900A2 (fr) Système de partage d'événement et données entre dispositifs personnels
WO2021080110A1 (fr) Système et procédé permettant de gérer et d'identifier l'affiliation d'un terminal dans un environnement en nuage
WO2016085050A1 (fr) Terminal utilisateur fonctionnant conjointement avec des dispositifs périphériques, et procédé pour empêcher une fuite d'informations à l'aide de ce dernier
WO2014021675A1 (fr) Procédé et appareil permettant une mise à jour d'informations personnelles dans un système de communication
WO2015093754A1 (fr) Procédé et dispositif de partage d'informations de connexion dans un dispositif électronique
WO2013100484A1 (fr) Terminal utilisateur et procédé de partage de données entre applications associées
WO2012108678A2 (fr) Appareil et procédé de réglage de disposition relative à un partage de document
WO2017034098A1 (fr) Procédé de fourniture d'un service de notification de modification d'informations et système permettant d'exécuter ledit procédé
WO2020085787A2 (fr) Disque en nuage de type usb et système de gestion de données utilisant celui-ci
WO2013151371A1 (fr) Système et procédé de détermination d'une adresse ip d'enregistrement de service d'une salle d'ordinateurs personnels (pc)
WO2014021674A1 (fr) Procédé et appareil permettant la mise à jour d'informations personnelles dans un système de communication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20878178

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20878178

Country of ref document: EP

Kind code of ref document: A1