APPARATUS, METHOD AND SYSTEM FOR CONTEXT-AWARE SECURITY CONTROL IN CLOUD ENVIRONMENT

US 20150237027A1
Filed: 08/23/2014
Published: 08/20/2015
Est. Priority Date: 02/20/2014
Status: Active Grant

First Claim

Patent Images

1. An apparatus for context-aware security control in a cloud environment, comprising:

an authentication header inspection unit configured to generate an authentication header based on received context information of a user and a received key of the user, to compare the generated authentication header with an authentication header of packet data received from a remote user terminal, and to output results of the comparison; and

a packet data processing unit configured to perform one of transmission, modulation and discarding of packet data from a cloud server of a cloud service network based on the results of the comparison by the authentication header inspection unit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus, method and system for context-aware security control in a cloud environment are provided. The apparatus includes an authentication header inspection unit and a packet data processing unit. The authentication header inspection unit generates an authentication header based on the received context information and key of a user, compares the generated authentication header with the authentication header of packet data received from a remote user terminal, and outputs the results of the comparison. The packet data processing unit performs one of the transmission, modulation and discarding of packet data from the cloud server of a cloud service network based on the results of the comparison by the authentication header inspection unit.

Citations

19 Claims

1. An apparatus for context-aware security control in a cloud environment, comprising:
- an authentication header inspection unit configured to generate an authentication header based on received context information of a user and a received key of the user, to compare the generated authentication header with an authentication header of packet data received from a remote user terminal, and to output results of the comparison; and
  
  a packet data processing unit configured to perform one of transmission, modulation and discarding of packet data from a cloud server of a cloud service network based on the results of the comparison by the authentication header inspection unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The apparatus of claim 1, wherein the authentication header inspection unit restores the authentication header of the packet data received from the remote user terminal by parsing a data reception request transmitted by the remote user terminal, and inspects validity of the restored authentication header based on the generated authentication header.
  - 3. The apparatus of claim 1, wherein the generated authentication header and the authentication header of the packet data received from the remote user terminal are generated using a hash-based message authentication code (HMAC) function.
  - 4. The apparatus of claim 1, wherein the packet data processing unit performs transmission among transmission, modulation and discarding of the packet data, and the packet data processing unit transmits the original packet data received from the cloud server to the remote user terminal without change.
  - 5. The apparatus of claim 1, wherein the packet data processing unit performs modulation among transmission, modulation and discarding of the packet data, and the packet data processing unit modulates the packet data received from the cloud server and then transmits the modulated packet data to the remote user terminal.
  - 6. The apparatus of claim 1, wherein the packet data processing unit performs discarding among transmission, modulation and discarding of the packet data, and the packet data processing unit blocks the packet data received from the cloud server, thereby terminating a session between the remote user terminal and the cloud server.
  - 7. The apparatus of claim 1, further comprising a policy input interface unit configured to provide an interface through which a type of context information and packet data processing policies of the packet data processing unit are input.
  - 8. The apparatus of claim 1, wherein the apparatus for context-aware security control, comprising the authentication header inspection unit and the packet data processing unit, is installed at an entrance of the cloud service network in in-line mode.
  - 9. The apparatus of claim 1, wherein:
    - the context information of the user comprises location information; and
      
      the location information is provided in such a way that a single unique value is mapped to a specific Global Positioning System (GPS) range block.

10. A method for context-aware security control in a cloud environment, comprising:
- generating, by an authentication header inspection unit, an authentication header based on received context information of a user and a received key of the user;
  
  comparing, by the authentication header inspection unit, the generated authentication header with an authentication header of packet data received from a remote user terminal, and outputting, by the authentication header inspection unit, results of the comparison; and
  
  performing, by a packet data processing unit, one of transmission, modulation and discarding of packet data received from a cloud server of a cloud service network based on the results of the comparison by the authentication header inspection unit.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, wherein outputting the results of the comparison comprises:
    - restoring the authentication header of the packet data received from the remote user terminal by parsing a data reception request transmitted by the remote user terminal; and
      
      inspecting validity of the restored authentication header based on the generated authentication header.
  - 12. The method of claim 10, wherein the generated authentication header and the authentication header of the packet data received from the remote user terminal are generated using a hash-based message authentication code (HMAC) function.
  - 13. The method of claim 10, wherein performing one of transmission, modulation and discarding comprises, when the transmission is performed, transmitting the original packet data received from the cloud server to the remote user terminal without change.
  - 14. The method of claim 10, wherein performing one of transmission, modulation and discarding comprises, when the modulation is performed, modulating the packet data received from the cloud server and then transmitting the modulated packet data to the remote user terminal.
  - 15. The method of claim 10, wherein performing one of transmission, modulation and discarding comprises, when the discarding is performed, blocking the packet data received from the cloud server, thereby terminating a session between the remote user terminal and the cloud server.
  - 16. The method of claim 10, wherein:
    - the context information of the user comprises location information; and
      
      the location information is provided in such a way that a single unique value is mapped to a specific Global Positioning System (GPS) range block.

17. A system for context-aware security control in a cloud environment, comprising:
- a context information provision terminal configured to output context information including UPS value-based location information and a key;
  
  a remote user terminal configured to generate an authentication header based on context information and a key received from the context information provision terminal, and to output a data reception request, along with the authentication header; and
  
  a context-aware security controller configured to receive the data reception request from the remote user terminal, and to control data transmission to the remote user terminal according to context-aware policies defined between the remote user terminal and a cloud server of a cloud service network.
- View Dependent Claims (18, 19)
- - 18. The system of claim 17, wherein the remote user terminal comprises:
    - an authentication header generation unit configured to generate the authentication header based on the context information and the key; and
      
      a receiver agent unit configured to receive the context information and the key from the context information provision terminal and transfer the context information and the key to the authentication header generation unit, and to transmit the data reception request, together with the generated authentication header, to the context-aware security controller.
  - 19. The system of claim 17, wherein the context-aware security controller comprises:
    - an authentication header inspection unit configured to generate an authentication header based on context information of a user and a key of the user received from a system administrator, to compare the generated authentication header with an authentication header of packet data received from the remote user terminal result, and to output results of the comparison; and
      
      a packet data processing unit configured to perform one of transmission, modulation and discarding of packet data received from the cloud server based on results of the comparison by the authentication header inspection unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
KIM, Sung-Jin, LEE, ChulWoo, KIM, ByungJoon, KIM, HyoungChun

Granted Patent

US 9,294,463 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/205 involving negotiation or de...

APPARATUS, METHOD AND SYSTEM FOR CONTEXT-AWARE SECURITY CONTROL IN CLOUD ENVIRONMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS, METHOD AND SYSTEM FOR CONTEXT-AWARE SECURITY CONTROL IN CLOUD ENVIRONMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links