[go: up one dir, main page]

WO2022265393A1 - Système et procédé d'authentification de niveau de sécurité de fournisseur de contenus - Google Patents

Système et procédé d'authentification de niveau de sécurité de fournisseur de contenus Download PDF

Info

Publication number
WO2022265393A1
WO2022265393A1 PCT/KR2022/008479 KR2022008479W WO2022265393A1 WO 2022265393 A1 WO2022265393 A1 WO 2022265393A1 KR 2022008479 W KR2022008479 W KR 2022008479W WO 2022265393 A1 WO2022265393 A1 WO 2022265393A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
security level
content
content provider
provider terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2022/008479
Other languages
English (en)
Korean (ko)
Inventor
김욱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of WO2022265393A1 publication Critical patent/WO2022265393A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/06009Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
    • G06K19/06037Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking multi-dimensional coding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present invention relates to a system and method for authenticating a security level of a content provider, and more particularly, to a system and method capable of verifying the security level of a content provider and providing the content along with the content provider.
  • digital content delivered through the wired/wireless Internet is viruses, worms, malware, ransomware, spyware, adware, malicious advertisements, Trojan horses, phishing, pharming, browser hijackers, rootkits, browser extensions, banking Trojan horses, and coins. It can include various malicious programs such as miners, downloaders, formjacking, keyloggers, MitM (man in the middle) browser attacks, potentially harmful apps, script-based attacks, and social networking scams.
  • a security program installed in a device of a user who downloads content recognizes malicious programs included in the content and removes them ex post facto.
  • existing security programs are operated in such a way that, after specific malicious programs are known, a module for detecting and removing them is additionally patched, so new malicious programs not registered in the security program have a weak security problem.
  • Patent Document 1 Korean Patent Publication No. 10-2015-0064655 (2015. 06. 11.)
  • Patent Document 2 Korean Patent Registration No. 10-0660294 (2006. 12. 20.)
  • An object of the present invention is to provide a reliable system and method for providing a security level of a content provider together with content.
  • the present invention is intended to enable Internet users to check security levels of content providers related to content.
  • the present invention is to allow content providers to continuously manage the security state of their own computing devices in order to increase their own security level provided together with the content.
  • the security level management server When receiving a terminal-specific number from a content provider terminal, the security level management server according to an embodiment of the present invention for achieving the above technical problem generates a terminal authentication key based on the terminal-specific number and transmits the terminal to the content provider terminal.
  • an authenticator for authenticating a security level of the content provider terminal corresponding to the terminal authentication key when receiving the terminal authentication key from a content server or a content receiver terminal; a storage unit for storing the terminal authentication key of the contents provider terminal when receiving the security level of the contents provider terminal from the contents provider terminal; and a communication unit configured to transmit/receive data with the contents server or the contents receiver terminal.
  • the security level management server may further include an encryption/decryption unit for encrypting the security level of the content provider terminal received from the content provider terminal.
  • the encryption/decryption unit when the encryption/decryption unit receives a terminal authentication key and an encrypted security level from the content server or the content receiver terminal, the encrypted encryption is performed using a decryption key corresponding to the terminal authentication key.
  • the security level can be decrypted.
  • the authentication unit may authenticate the security level of the content provider terminal by comparing the decrypted security level with a security level corresponding to the terminal authentication key stored in the storage unit.
  • the communication unit may transmit the security level decrypted by the encryption/decryption unit to the content server or content receiver terminal.
  • the communication unit when the authentication unit receives a terminal authentication key from the content server or content receiver terminal, the communication unit transmits a decryption key corresponding to the terminal authentication key to the content server or content receiver terminal. can transmit
  • the communication unit may transmit the terminal authentication key generated by the authentication unit based on the terminal-specific number of the contents provider terminal to the contents provider terminal.
  • the terminal-specific number may be based on a hardware-specific number included in the content provider terminal.
  • the security level of the content provider terminal may be determined by an agent program running in the content provider terminal.
  • the terminal authentication key may be in the form of a QR code.
  • a method for authenticating the security level of a content provider terminal for achieving the above technical problem is, when receiving a terminal-specific number from the content provider terminal, a terminal authentication key is generated based on the terminal-specific number. generating and transmitting to the content provider terminal; When the security level of the content provider terminal is received from the content provider terminal, storing the terminal authentication key of the content provider terminal in association with the terminal; and authenticating a security level of the content provider terminal corresponding to the terminal authentication key when the terminal authentication key is received from the content server or the content receiver terminal.
  • encrypting the security level of the content provider terminal received from the content provider terminal may further include.
  • Step when a terminal authentication key and an encrypted security level are received from the content server or the content receiver terminal, the encrypted security level is decrypted using a decryption key corresponding to the terminal authentication key.
  • Step may further include.
  • the step of authenticating the security level of the content provider terminal by comparing the decrypted security level with the security level stored in the security level management server and corresponding to the terminal authentication key can include
  • transmitting the decrypted security level to the content server or the content receiver terminal may further include.
  • a terminal authentication key when a terminal authentication key is received from the content server or the content receiver terminal, transmitting a decryption key corresponding to the terminal authentication key to the content server or the content receiver terminal; can include
  • the method may further include transmitting the terminal authentication key generated based on the terminal identification number of the contents provider terminal to the contents provider terminal.
  • the terminal-specific number may be based on a hardware-specific number included in the content provider terminal.
  • the step of determining the security level of the content provider terminal by an agent program executed in the content provider terminal may further include.
  • the terminal authentication key may be in the form of a QR code.
  • the security level for the computing device of the content provider can be provided together with the content.
  • the present invention has the effect of allowing content providers to continuously manage the security state of their own computing devices in order to increase their own security level provided together with the content.
  • FIG. 1 illustrates a system for confirming a security level of a content provider and providing the content along with content according to an embodiment of the present invention.
  • FIG 2 illustrates a process in which the security level management server 100 checks the security level of the content provider terminal 200 and the content receiver terminal 400 checks it according to an embodiment of the present invention.
  • FIG 3 illustrates a process in which the security level management server 100 checks the security level of the content provider terminal 200 and the content receiver terminal 400 checks it according to another embodiment of the present invention.
  • FIG 4 illustrates a process in which the security level management server 100 checks the security level of the content provider terminal 200 and the content receiver terminal 400 checks it according to another embodiment of the present invention.
  • FIG 5 illustrates a process in which the security level management server 100 checks the security level of the content provider terminal 200 and the content receiver terminal 400 checks it according to another embodiment of the present invention.
  • FIG 6 shows the configuration of the security level management server 100 according to an embodiment of the present invention.
  • one component when it is described that one component is “connected” to another component, it should be understood that it includes the case where it is directly connected as well as the case where it is connected through another component in the middle, and “direct connection” or “direct connection” It should be understood that one component is connected to another component only when it is described as “connected” without other components in the middle. Likewise, other expressions describing relationships between components should be understood in the same sense.
  • the present invention relates to a system and method for authenticating a security level of a content provider, and more particularly, to a system and method capable of verifying the security level of a content provider and providing the content along with the content provider.
  • FIG. 1 illustrates a system for confirming a security level of a content provider and providing the content along with content according to an embodiment of the present invention.
  • a system for providing a security level of a content provider together with content may include a security level management server 100 .
  • the security level management server 100 may be connected to the content provider terminal 200, the content server 300, and the content receiver terminal 400 through the communication network 500.
  • the security level management server 100 may be composed of a single or a plurality of computer devices. Also, according to another embodiment of the present invention, the security level management server 100 may be implemented as software on a cloud computing platform. In addition, the present invention can be implemented using various computing technologies such as single server-based, distributed computing-based, virtualization technology, grid computing, and utility computing. In addition to the computer technology exemplified in the specification of the present invention, those skilled in the computer field will be able to implement the functions of the security level management server 100 using various computer technologies, and the present invention is not limited by the computer technology that implements them. don't
  • the content provider terminal 200 may correspond to any one of a general-purpose computer, laptop, tablet, smartphone, or mobile phone, but is not limited thereto, and is connected to the communication network 500 for a security level. It includes all possible types of computing devices capable of communicating with the management server 100 and/or the content server 300 .
  • the content provider terminal 200 may download the agent program 250 from the security level management server 100 .
  • the content provider terminal 200 may download and use the agent program 250 in the form of an application program from a general app store.
  • the content provider terminal 200 can download and use the agent program 250 from a third server using an Internet address link.
  • the reservation user terminal 120 is a dedicated terminal for the present invention, and functions corresponding to the agent program 250 may be implemented as software or hardware from the time of manufacture.
  • the content provider terminal 200 in which the agent program 250 used in the present invention is installed only needs to be able to perform the functions for the present invention, and is not limited by specific implementation methods for implementing the functions.
  • the agent program 250 of the content provider terminal 200 inspects the security state of the content provider terminal 200, and assigns a security level according to the inspection result to the security level management server 100. And / or can be provided to the content server 300.
  • the agent program 250 may determine a security level based on the results of examining the network security state, the cloud security state, and the terminal security state of the content provider terminal 200 .
  • the network security state may be determined according to whether a harmful site is accessed, whether a network intrusion blocking function is present, whether a reputation-based execution block is performed, whether an action-based intrusion prevention function is activated or not, and the like.
  • the cloud security state may be determined by examining the security state of the cloud storage space used by the content provider terminal 200 .
  • the terminal security status may be evaluated according to the OS update status of the content provider terminal 200, whether a security program is used and updated, whether an access password is used, whether the access password is periodically changed, whether a computer virus or malware is infected, and the like.
  • the security level may be expressed as a score. For example, 100 points may be expressed as 50 points, 60 points, or 85 points according to the security state of the content provider terminal 200 .
  • the security level may be expressed as an alphabetic level. For example, a good security state may be assigned an A grade, a normal security state a B grade, a bad security state a C grade, and a very poor security state a D grade.
  • the security level may be expressed as a numerical level.
  • the security level may be determined in various ways, and any method capable of quantitatively displaying the security state of the content provider terminal 200 may be used, and is not limited by the specific method.
  • the content provider terminal 200 may provide its own security level determined through the agent program 250 to the content server 300 along with the content to the content server 300 .
  • the content provider terminal 200 may provide the identifier of the content provider terminal 200 along with its own content to the content server 300, and the content server 300 may provide the content provider terminal 200 with The identifier of the terminal 200 may be transmitted to the security level management server 100 to check the security level of the corresponding content provider terminal 200 .
  • the identifier of the content provider terminal 200 may use a terminal authentication key generated based on a unique number of the content provider terminal 200 .
  • the content server 300 may correspond to a server that performs different functions according to Internet services used by content providers.
  • the content provided to the content server 300 may include software, games, movies, music, images, text, etc., but is not limited thereto.
  • the content server 300 when a content provider uses a mail service, the content server 300 is a mail server and checks the security level of the content provider terminal 200 that sent the mail to send the mail recipient content. It can be provided to the receiver terminal 400.
  • the content receiver terminal 400 may refer to the security level of the content provider terminal 200 while receiving mail from the content provider or storing or executing an attached file. For example, when the security level of the content provider terminal 200 is low, the mail receiver may not receive the mail or may not store a file attached to the mail in his or her computer.
  • the content server 300 when a content provider uses a messenger service, the content server 300 is a server that provides a messenger service, checks the security level of the content provider terminal 200 that has transmitted the message, It can be provided to the content receiver terminal 400, which is a message receiver.
  • the content receiver terminal 400 may refer to the security level of the content provider terminal 200 while receiving a messenger message from the content provider or storing or executing an attached file. For example, if the security level of the content provider terminal 200 is low, the message receiver may not receive the corresponding message or may not save the file attached to the message to his or her computer.
  • the content server when a content provider uses an SNS service, corresponds to the SNS server and can provide a security level of the content provider terminal 200 together with the content uploaded by the content provider. .
  • the content server 300 may display the security level of the content provider terminal 200 on the uploaded specific file.
  • the content receiver terminal 400 a user of the SNS service, may refer to the security level of the content provider terminal 200 while downloading or executing a file uploaded by the content provider to the SNS service. For example, when the security level of the content provider terminal 200 is low, the SNS user may not download or execute the corresponding file.
  • the content server 300 can be various servers such as a file sharing server, bulletin board service server, and shared cloud server, depending on the type of Internet service and/or content used by the content provider. Do.
  • the content server 300 may be composed of a single computer device or a plurality of computer devices. Also, according to another embodiment of the present invention, the content server 300 may be implemented as software on a cloud computing platform. In addition, the present invention can be implemented using various computing technologies such as single server-based, distributed computing-based, virtualization technology, grid computing, and utility computing. In addition to the computer technology exemplified in the specification of the present invention, those skilled in the art will be able to implement the functions of the content server 300 using various computer technologies, and the present invention is not limited by the computer technology that implements them.
  • the content receiver terminal 400 may correspond to any one of a general-purpose computer, a laptop computer, a tablet computer, a smart phone, or a mobile phone, but is not limited thereto, and is connected to the network 500 to provide a content server ( 300) and/or all possible types of computing devices capable of communicating with the security level management server 100.
  • FIG 2 illustrates a process in which the security level management server 100 checks the security level of the content provider terminal 200 and the content receiver terminal 400 checks it according to an embodiment of the present invention.
  • FIG. 2( a ) illustrates an embodiment according to the present invention in which the content server 300 confirms whether the security level of the content provider terminal 200 is authentic and provides the content to the receiver terminal 400 .
  • the agent program 250 installed in the content provider terminal 200 may assign a unique number to the content provider terminal 200 and transmit it to the security level management server 100 ( Step A in Fig. 2).
  • the agent program 250 recognizes an identifier (eg, MAC address or CPU number) uniquely assigned to the hardware of the content provider terminal 200, and based on this, the unique identifier of the content provider terminal 200 number can be generated.
  • the agent program 250 may receive a specific unique number from the security level management server 100 and generate a unique number of the content provider terminal 200 based on this.
  • the agent program 250 may generate a unique number of the content provider terminal 200 based on the hardware identifier of the unique number and content provider terminal 200 assigned from the security level management server 100 .
  • the security level management server 100 generates and stores a terminal authentication key for the corresponding terminal based on the unique number of the content provider terminal 200, and stores the terminal authentication key for the content provider terminal 200. It can be provided to the agent program 250 (Step B). According to an embodiment of the present invention, the security level management server 100 can search the generated terminal authentication key in an internal or external storage space of the security level management server 100 (for example, a database). It can be stored as , and it can be checked through a search whether the terminal authentication key transmitted from another device is stored in the storage space.
  • an internal or external storage space of the security level management server 100 for example, a database
  • the security level management server 100 may use the unique number transmitted by the content provider terminal 200 as a terminal authentication key. In this case, the security level management server 100 may omit the step of providing the terminal authentication key to the agent program 250 of the content provider terminal 200 (step B).
  • the agent program 250 may inspect the security state of the content provider terminal 200, assign a security level according to the result, and transmit it to the security level management server 100. (Step C). According to an embodiment of the present invention, the agent program 250 may transmit the terminal authentication key together with the security level, and the security level management server 100 confirms the terminal authentication key, thereby transmitting the security level to the content provider terminal. (200) can be authenticated.
  • the security level management server 100 stores the security level transmitted from the agent program 250 in association with the terminal authentication key, encrypts the security level, and converts the encrypted security level to an agent. It can be transmitted to program 250 (step D).
  • the security level management server 100 may store a decryption key capable of decrypting the encrypted security level in association with the terminal authentication key.
  • an encryption key for encrypting a security level may use a terminal authentication key as a public key, and may store a private key corresponding to the terminal authentication key as a decryption key.
  • the encryption key for encrypting the security level may be used as a public key other than the terminal authentication key, and a private key corresponding to the public key may be stored as a decryption key.
  • an encryption key of a symmetric-key method other than the terminal authentication key may be used as an encryption key for encrypting the security level, and the encryption key may be stored as a decryption key.
  • the agent program 250 of the content provider terminal 200 when the agent program 250 of the content provider terminal 200 provides content to the content server 300, one or more of a terminal authentication key, security level, and encrypted security level is transmitted to the content server 300. It can be transmitted along with (E step). For example, the terminal authentication key and the encrypted security level may be transmitted together with the contents, and in this case, the security level management server 100 may provide the security level as a result of step G.
  • the content server 300 provides a terminal authentication key and an encrypted security level to the security level management server 100 in order to verify the authenticity of the security level of the content provider terminal 200. You can (step F).
  • the security level management server 100 identifies the content provider terminal 200 using the terminal authentication key, and uses the decryption key for the identified content provider terminal 200 to generate encrypted data.
  • the security level may be decrypted, compared with the security level of the content provider terminal 200 stored in the security level management server 100, authenticity of the security level may be confirmed, and the result may be provided to the content server 300. (Phase G).
  • the security level management server 100 may provide the authenticity of the security level to the content server 300 or provide the confirmed security level to the content server 300 (step G). ).
  • the content server 300 provides the security level corresponding to the content to the content receiver terminal 400 when the security level of the content provider terminal 200 confirmed through step G is real. You can (step H). According to an embodiment of the present invention, if the security level of the content provider terminal 200 confirmed through step G is fake, the content server 300 deletes the content from the content server 300, and A certain penalty may be imposed on the terminal 200 .
  • the content receiver terminal 400 can check the security level of the corresponding content and request the content to the content server (step I), and the content server 300 transmits the corresponding content to the content server. It can be transmitted to the receiver terminal 400 (step J).
  • FIG. 2(b) illustrates an embodiment according to the present invention in which the authenticity of the security level of the content provider terminal 200 is directly checked from the security level management server 100 in the content receiver terminal 400.
  • the security level confirmation process shown in FIG. 2 (b) is the same as steps A to E, steps I and J described in FIG. 2 (a), except that the content provider terminal 200 ), there is a difference in steps F to H, which are the process of verifying the authenticity of the security level.
  • the content server 300 receiving at least one of a terminal authentication key, a security level, and an encrypted security level from the content provider terminal 200 together with the content transfers the terminal to the content receiver terminal 400. At least one of the authentication key, security level, and encrypted security level may be transmitted (Step F).
  • the content receiver terminal 400 transmits the terminal authentication key and the encrypted security level to the security level management server 100 in order to verify the authenticity of the security level for the content provider terminal 200. can be provided (step G).
  • the content server 300 may provide the terminal authentication key and/or the encrypted security level in the form of a QR code (step F), and the content receiver terminal 400 may provide the corresponding QR code may be photographed and the result may be transmitted to the security level management server 100 (step G).
  • a content recipient accesses the content server 300 using his/her PC, and the content server 300 transmits a terminal authentication key and/or an encrypted security level corresponding to the content selected by the content recipient in the form of a QR code.
  • the content recipient photographs the corresponding QR code with their mobile phone, and to verify the authenticity of the security level for the content provider terminal 200, the corresponding QR code or QR code Information corresponding to may be provided to the security level management server 100 (step G).
  • the content receiver terminal 400 may include a plurality of terminals.
  • the security level management server 100 identifies the content provider terminal 200 using the terminal authentication key, and uses the decryption key for the identified content provider terminal 200 to generate encrypted data.
  • the security level may be decrypted, compared with the security level of the content provider terminal 200 stored in the security level management server 100, authenticity of the security level may be confirmed, and the result may be provided to the content receiver terminal 400. Yes (H level).
  • the security level management server 100 may provide the authenticity of the security level to the content receiver terminal 400 or provide the confirmed security level to the content receiver terminal 400 ( H stage).
  • FIG 3 illustrates a process in which the security level management server 100 assigns a security level to the content provider terminal 200 and the content server 300 confirms it according to another embodiment of the present invention.
  • FIG. 3( a ) illustrates an embodiment according to the present invention in which the content server 300 checks the security level of the content provider terminal 200 and provides the content to the receiver terminal 400 .
  • the agent program 250 installed in the content provider terminal 200 may assign a unique number to the content provider terminal 200 and transmit it to the security level management server 100 ( Step A in Fig. 3).
  • the security level management server 100 generates and stores a terminal authentication key for the corresponding terminal based on the unique number of the content provider terminal 200, and stores the terminal authentication key for the content provider terminal 200. It can be provided to the agent program 250 (Step B).
  • the security level management server 100 may use the unique number transmitted by the content provider terminal 200 as a terminal authentication key. In this case, the security level management server 100 may omit the step (step B) of providing the terminal authentication key to the agent program of the content provider terminal 200 .
  • the agent program 250 may inspect the security state of the content provider terminal 200, assign a security level according to the result, and transmit it to the security level management server 100. (Step C). According to an embodiment of the present invention, the agent program 250 may transmit the terminal authentication key together with the security level, and the security level management server 100 confirms the terminal authentication key, thereby transmitting the security level to the content provider terminal. (200) can be authenticated.
  • the security level management server 100 may encrypt the security level transmitted from the agent program 250 and transmit the encrypted security level to the agent program 250 (step D). .
  • the security level management server 100 does not store the transmitted security level, but may store a decryption key capable of decrypting the encrypted security level in association with the terminal authentication key.
  • the agent program 250 of the content provider terminal 200 when the agent program 250 of the content provider terminal 200 provides content to the content server 300, it may transmit a terminal authentication key and an encrypted security level along with the content ( Step E).
  • the content server 300 may provide a terminal authentication key and an encrypted security level to the security level management server 100 in order to check the security level of the content provider terminal 200. (Step F).
  • the security level management server 100 identifies the content provider terminal 200 using the terminal authentication key, and uses the decryption key for the identified content provider terminal 200 to generate encrypted data.
  • the security level may be decrypted and the decrypted security level may be provided to the content server 300 (step G).
  • the content server 300 may provide the security level of the content provider terminal 200 confirmed through step G to the content receiver terminal 400 (step H).
  • the content receiver terminal 400 can check the security level of the corresponding content and request the content to the content server (step I), and the content server 300 transmits the corresponding content to the content server. It can be transmitted to the receiver terminal 400 (step J).
  • Figure 3 (b) shows an embodiment according to the present invention in which the content receiver terminal 400 directly checks the security level of the content provider terminal 200 from the security level management server 100.
  • the security level confirmation process shown in FIG. 3 (b) is the same as steps A to E, steps I and J described in FIG. 3 (a), except that the content provider terminal 200 ), there is a difference in stages F to H, which are the process of verifying the authenticity of the security level.
  • the content server 300 receiving the terminal authentication key and the encrypted security level together with the content from the content provider terminal 200 transfers the terminal authentication key and encrypted security level to the content receiver terminal 400. Ratings can be transmitted (step F).
  • the content receiver terminal 400 may transmit the terminal authentication key and the encrypted security level to the security level management server 100 in order to check the security level for the content provider terminal 200. Yes (Phase G).
  • the content server 300 may provide the terminal authentication key and/or the encrypted security level in the form of a QR code (step F), and the content receiver terminal 400 may provide the corresponding QR code may be photographed and the result may be transmitted to the security level management server 100 (step G).
  • the content server 300 transmits a terminal authentication key and/or an encrypted security level corresponding to the content selected by the content recipient as a QR code.
  • the content receiver terminal 400 may include a plurality of terminals.
  • the security level management server 100 identifies the content provider terminal 200 using the terminal authentication key, and uses the decryption key for the identified content provider terminal 200 to generate encrypted data.
  • the security level may be decrypted, and the decrypted security level may be provided to the content receiver terminal 400 (step H).
  • the content receiver terminal 400 may request the content to the content server after checking the security level for the content (step I), and the content server 300 may send the corresponding content.
  • the content may be transmitted to the receiver terminal 400 (step J).
  • FIG 4 illustrates a process in which the security level management server 100 assigns a security level to the content provider terminal 200 and the content receiver terminal 400 confirms it according to another embodiment of the present invention.
  • FIG. 4( a ) illustrates an embodiment according to the present invention in which the content server 300 confirms the security level of the content provider terminal 200 and provides the content to the receiver terminal 400 .
  • steps A through E may be performed in the same process as the embodiment in FIG. 3 .
  • the content server 300 may transmit a terminal authentication key to the security level management server 100 in order to check the security level of the content provider terminal 200 (Step F).
  • the security level management server 100 identifies the content provider terminal 200 using the terminal authentication key, and transmits the decryption key for the identified content provider terminal 200 to the content server 300. ) can be provided (G step).
  • the content server 300 decrypts the encrypted security level using the decryption key corresponding to the terminal authentication key received from the security level management server 100, A security level may be provided to the content receiver terminal 400 (Step H).
  • the content receiver terminal 400 can check the security level of the corresponding content and request the content to the content server (step I), and the content server 300 transmits the corresponding content to the content server. It can be transmitted to the receiver terminal 400 (step J).
  • Figure 4 (b) shows an embodiment according to the present invention in which the content receiver terminal 400 directly checks the security level of the content provider terminal 200 from the security level management server 100.
  • the security level confirmation process shown in FIG. 4 (b) is the same as steps A to E, steps I and J described in FIG. 4 (a), except that the content provider terminal 200 ), there is a difference in stages F to H, which are the process of verifying the authenticity of the security level.
  • the content server 300 receiving the terminal authentication key and the encrypted security level together with the content from the content provider terminal 200 transfers the terminal authentication key and encrypted security level to the content receiver terminal 400. Ratings can be transmitted (step F).
  • the content receiver terminal 400 may transmit a terminal authentication key to the security level management server 100 in order to check the security level of the content provider terminal 200 (step G). .
  • the content server 300 may provide the terminal authentication key and/or the encrypted security level in the form of a QR code (step F), and the content receiver terminal 400 may provide the corresponding QR code may be photographed and the result may be transmitted to the security level management server 100 (step G).
  • the content server 300 transmits a terminal authentication key and/or an encrypted security level corresponding to the content selected by the content recipient as a QR code.
  • the content receiver terminal 400 may include a plurality of terminals.
  • the security level management server 100 identifies the content provider terminal 200 using the terminal authentication key, and sends a decryption key for the identified content provider terminal 200 to the content receiver terminal ( 400) can be provided (H step).
  • the content receiver terminal 400 decrypts the encrypted security level using a decryption key corresponding to the terminal authentication key received from the security level management server 100, and decrypts the content corresponding to the decryption security level can be checked.
  • the content receiver terminal 400 may request the content from the content server 300 after checking the security level of the content (Step I), and the content server 300 may request the corresponding content. It is possible to transmit the content to the content receiver terminal 400 (step J).
  • FIG 5 illustrates a process in which the security level management server 100 assigns a security level to the content provider terminal 200 and the content server 300 confirms it according to another embodiment of the present invention.
  • 5( a ) illustrates an embodiment according to the present invention in which the content server 300 checks the security level of the content provider terminal 200 and provides the content to the content receiver terminal 400 .
  • the agent program 250 installed in the content provider terminal 200 may assign a unique number to the content provider terminal 200 and transmit it to the security level management server 100 ( Step A).
  • the security level management server 100 generates and stores a terminal authentication key for the corresponding terminal based on the unique number of the content provider terminal 200, and stores the terminal authentication key for the content provider terminal 200. It can be provided to the agent program 250 (Step B).
  • the security level management server 100 may use the unique number transmitted by the content provider terminal 200 as a terminal authentication key. In this case, the security level management server 100 may omit the step of providing the terminal authentication key to the agent program 250 of the content provider terminal 200 (step B).
  • the agent program 250 may inspect the security state of the content provider terminal 200, assign a security level according to the result, and transmit it to the security level management server 100. (Step C). According to an embodiment of the present invention, the agent program 250 may transmit the terminal authentication key together with the security level, and the security level management server 100 confirms the terminal authentication key, thereby transmitting the security level to the content provider terminal. (200) can be authenticated.
  • the security level management server 100 may store the security level transmitted from the agent program 250 in association with the terminal authentication key.
  • the content provider terminal 200 may transmit the terminal authentication key along with the content (Step D).
  • the content server 300 may provide a terminal authentication key to the security level management server 100 in order to check the security level of the content provider terminal 200 (step E).
  • the security level management server 100 identifies the content provider terminal 200 using the terminal authentication key, and corresponds to the identified content provider terminal 200 (security level management server ( 100), the security level stored in association with the terminal authentication key may be checked, and the checked security level may be provided to the content server 300 (step F).
  • the content server 300 may transmit the security level received from the security level management server 100 to the content receiver terminal 400 (step G).
  • the content receiver terminal 400 can check the security level of the content and request the content to the content server (step H), and the content server 300 transmits the corresponding content to the content server. It can be transmitted to the receiver terminal 400 (step I).
  • Figure 5 (b) shows an embodiment according to the present invention in which the content receiver terminal 400 directly checks the security level of the content provider terminal 200 from the security level management server 100.
  • the security level confirmation process shown in FIG. 5 (b) is the same as steps A to D, steps H and I described in FIG. 5 (a), except that the content provider terminal 200 ), there is a difference in the E stage to G stage, which is the process of checking the security level.
  • the content server 300 receiving the terminal authentication key together with the content from the content provider terminal 200 may transmit the terminal authentication key to the content receiver terminal 400 (step E).
  • the content receiver terminal 400 may transmit a terminal authentication key to the security level management server 100 in order to check the security level for the content provider terminal 200 (step F). .
  • the content server 300 may provide a terminal authentication key in the form of a QR code (step E), and the content receiver terminal 400 photographs the QR code to secure the result. It can be transmitted to the rating management server 100 (step F).
  • the content server 300 transmits the terminal authentication key corresponding to the content selected by the content recipient in the form of a QR code to the content recipient's PC.
  • the content receiver photographs the corresponding QR code with his mobile phone, and uses the corresponding QR code or information corresponding to the QR code to verify the authenticity of the security level for the content provider terminal 200. It can be provided to the security level management server 100 (step F).
  • the content receiver terminal 400 may include a plurality of terminals.
  • the security level management server 100 identifies the content provider terminal 200 using the terminal authentication key, and assigns a security level corresponding to the identified content provider terminal 200 to the content receiver terminal. (400) can be provided (step G).
  • the content receiver terminal 400 can check the security level from the security level management server 100 .
  • the content receiver terminal 400 may request the content from a content server after checking the security level of the corresponding content (Step H), and the content server 300 may transmit the corresponding content.
  • the content may be transmitted to the receiver terminal 400 (step I).
  • FIG 6 shows the configuration of the security level management server 100 according to an embodiment of the present invention.
  • the security level management server 100 may include a communication unit 110, an encryption/decryption unit 120, an authentication unit 130, and a storage unit 140.
  • the communication unit 110 of the security level management server 100 is connected to the communication network 500, and can transmit and receive data with the content provider terminal 200 and the content server 300. .
  • the encryption/decryption 120 of the security level management server 100 encrypts the security level provided by the agent program 250 of the content provider terminal 200, and the storage unit 140
  • the encrypted security level stored in may be decrypted using a decryption key, or the encrypted security level transmitted from the outside through the communication unit 110 may be decrypted using a decryption key.
  • a decryption key used for decryption may be externally transmitted through the communication unit 110 or stored in the storage unit 140 .
  • the authentication unit 130 of the security level management server 100 corresponds to the terminal authentication key using the terminal authentication key transmitted by the content server 300 or the content receiver terminal 400. It is possible to authenticate the content provider terminal 200 that does.
  • the authentication unit 130 decrypts the encrypted security level in the encryption/decryption unit 120 using a decryption key corresponding to the terminal authentication key, thereby providing a content provider corresponding to the terminal authentication key.
  • the security level of the terminal 200 may be checked and authenticated.
  • the storage unit 140 of the security level management server 100 may store a unique number of the content provider terminal 200, a terminal authentication key, and/or a security level.
  • the storage unit 140 may store an encrypted security level and/or a decryption key capable of decrypting the encrypted security level.
  • the storage unit 140 may be stored in the form of a database or the like so that stored data can be searched for.
  • the storage unit 140 may store data in an internal storage or an external storage of the security level management server 100 .
  • the security level management server 100 has been described as including a communication unit 110, encryption/decryption unit 120, authentication unit 130 and storage unit 140 according to FIG. ,
  • the security level management server 100 is not limited to these components, and various modifications that perform the same function are possible.
  • each component of the security level management server 100 may be implemented as software or as dedicated hardware.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computing Systems (AREA)
  • Automation & Control Theory (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un système et un procédé d'authentification d'un niveau de sécurité d'un terminal fournisseur de contenus, le système : générant, lorsqu'un numéro unique de terminal est reçu d'un terminal fournisseur de contenus, une clé d'authentification de terminal d'après le numéro unique de terminal et la transmettant au terminal fournisseur de contenus ; lorsqu'un niveau de sécurité du terminal fournisseur de contenus est reçu du terminal fournisseur de contenus, stockant le niveau de sécurité par rapport à la clé d'authentification de terminal du terminal fournisseur de contenus ; et lorsque la clé d'authentification de terminal est reçue d'un serveur de contenus ou d'un terminal de récepteur de contenus, authentifiant le niveau de sécurité du terminal fournisseur de contenus correspondant à la clé d'authentification de terminal. Le système et le procédé d'authentification d'un niveau de sécurité d'un terminal fournisseur de contenus selon la présente invention peuvent fournir à la fois un contenu et un niveau de sécurité d'un dispositif informatique d'un fournisseur de contenus fournissant le contenu.
PCT/KR2022/008479 2021-06-17 2022-06-15 Système et procédé d'authentification de niveau de sécurité de fournisseur de contenus Ceased WO2022265393A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2021-0078871 2021-06-17
KR1020210078871A KR102534012B1 (ko) 2021-06-17 2021-06-17 컨텐츠 제공자의 보안등급을 인증하는 시스템 및 그 방법

Publications (1)

Publication Number Publication Date
WO2022265393A1 true WO2022265393A1 (fr) 2022-12-22

Family

ID=84525803

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2022/008479 Ceased WO2022265393A1 (fr) 2021-06-17 2022-06-15 Système et procédé d'authentification de niveau de sécurité de fournisseur de contenus

Country Status (2)

Country Link
KR (1) KR102534012B1 (fr)
WO (1) WO2022265393A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100850362B1 (ko) * 2007-04-12 2008-08-04 한국전자통신연구원 개인 휴대 임베디드 단말에 대한 보안성 강화 방법 및 그시스템
KR20090129472A (ko) * 2007-04-23 2009-12-16 엘지전자 주식회사 보안 레벨을 기반으로 하는 컨텐츠 사용 방법, 컨텐츠 공유 방법 및 디바이스
JP2010262677A (ja) * 2010-08-11 2010-11-18 Fujitsu Ltd セキュリティ管理装置及びセキュリティ管理方法
KR20140116312A (ko) * 2013-03-22 2014-10-02 주식회사 엘지유플러스 주소록 정보의 동기화 방법 및 주소록 동기화 장치
KR20160011863A (ko) * 2014-07-23 2016-02-02 (주)이노라인 Qr코드를 이용하고 2채널로 2차 인증을 하는 인증 시스템 및 그 방법
KR101869027B1 (ko) * 2016-03-02 2018-06-19 (주)지인소프트 보안서비스 제공 시스템

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100660294B1 (ko) 2004-10-06 2006-12-20 에스케이 텔레콤주식회사 컨텐츠 보안 기능을 구비한 단말기 및 컨텐츠 보안 방법
KR20150064647A (ko) 2013-12-03 2015-06-11 삼성전자주식회사 컨텐츠 보안 방법 및 컨텐츠 보안 기능을 제공하는 단말기

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100850362B1 (ko) * 2007-04-12 2008-08-04 한국전자통신연구원 개인 휴대 임베디드 단말에 대한 보안성 강화 방법 및 그시스템
KR20090129472A (ko) * 2007-04-23 2009-12-16 엘지전자 주식회사 보안 레벨을 기반으로 하는 컨텐츠 사용 방법, 컨텐츠 공유 방법 및 디바이스
JP2010262677A (ja) * 2010-08-11 2010-11-18 Fujitsu Ltd セキュリティ管理装置及びセキュリティ管理方法
KR20140116312A (ko) * 2013-03-22 2014-10-02 주식회사 엘지유플러스 주소록 정보의 동기화 방법 및 주소록 동기화 장치
KR20160011863A (ko) * 2014-07-23 2016-02-02 (주)이노라인 Qr코드를 이용하고 2채널로 2차 인증을 하는 인증 시스템 및 그 방법
KR101869027B1 (ko) * 2016-03-02 2018-06-19 (주)지인소프트 보안서비스 제공 시스템

Also Published As

Publication number Publication date
KR102534012B1 (ko) 2023-05-17
KR20220168860A (ko) 2022-12-26

Similar Documents

Publication Publication Date Title
WO2021060853A1 (fr) Système de contrôle d'accès au réseau et procédé associé
WO2014069777A1 (fr) Commande de transit pour des données
WO2020171538A1 (fr) Dispositif électronique et procédé de fourniture de service de signature numérique de chaîne de blocs utilisant ce dernier
WO2020189926A1 (fr) Procédé et serveur permettant de gérer une identité d'utilisateur en utilisant un réseau à chaîne de blocs, et procédé et terminal d'authentification d'utilisateur utilisant l'identité d'utilisateur basée sur un réseau à chaîne de blocs
WO2023136658A1 (fr) Système et procédé reposant sur un dispositif de commande de commande d'accès réseau
WO2018012747A1 (fr) Système mandataire d'authentification à deux canaux permettant de détecter l'altération frauduleuse d'une application et procédé associé
WO2023163509A1 (fr) Système de commande de connexion de réseau reposant sur un dispositif de commande et procédé associé
WO2017111383A1 (fr) Dispositif d'authentification sur la base de données biométriques, serveur de commande relié à celui-ci, et procédé de d'ouverture de session sur la base de données biométriques
WO2015069018A1 (fr) Système d'ouverture de session sécurisée et procédé et appareil pour celui-ci
WO2018151390A1 (fr) Dispositif de l'internet des objets
WO2019132272A1 (fr) Identifiant en tant que service basé sur une chaîne de blocs
WO2013141602A1 (fr) Procédé d'authentification et système pour ce procédé
WO2020189927A1 (fr) Procédé et serveur de gestion de l'identité d'un utilisateur à l'aide d'un réseau de chaîne de blocs, et procédé et terminal d'authentification d'utilisateur à l'aide d'une identité d'utilisateur sur la base d'un réseau de chaîne de blocs
WO2017119548A1 (fr) Procédé d'authentification d'utilisateur à sécurité renforcée
WO2016064041A1 (fr) Terminal d'utilisateur utilisant une valeur de hachage pour détecter si un programme d'application a été altéré et procédé de détection d'altération utilisant le terminal d'utilisateur
WO2023211121A1 (fr) Système de commande d'émission et de réception de fichier d'application sur la base d'un proxy, et procédé associé
WO2023146308A1 (fr) Système de commande d'accès au réseau sur la base d'un contrôleur, et procédé associé
WO2023163514A1 (fr) Système de commande d'accès au réseau basé sur un dispositif de commande et procédé associé
WO2021060859A1 (fr) Système d'authentification et de contrôle d'accès au réseau d'un terminal, et procédé associé
WO2018043832A1 (fr) Procédé d'exploitation d'un navigateur web sécurisé
WO2020067734A1 (fr) Équipement réseau sans adresse et système de sécurité de communication l'utilisant
WO2020032351A1 (fr) Procédé permettant d'établir une identité numérique anonyme
WO2017111483A1 (fr) Dispositif d'authentification basée sur des données biométriques, serveur de commande et serveur d'application relié à celui-ci, et procédé de commande associé
WO2023211104A1 (fr) Système permettant de contrôler un accès au réseau basé sur un dispositif de commande, et procédé associé
WO2023177238A1 (fr) Système de commande de connexion au réseau basé sur un contrôleur, et son procédé

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22825316

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22825316

Country of ref document: EP

Kind code of ref document: A1