Apparatus, method and system for context-aware security control in cloud environment
First Claim
1. An apparatus for context-aware security control in a cloud environment, the apparatus, communicated with one or more terminals and at least one server via a cloud network, comprising at least one computer processor, a communications interface, and a non-transitory computer-readable medium bearing algorithm arranged for causing the computer processor to perform:
- an authentication header inspector which generates an authentication header based on context information and a key transmitted from a first user terminal, and compares the generated authentication header with an authentication header of packet data received from a second user terminal; and
a packet data processor, communicated between a cloud server and the first and the second user terminals via a cloud service network, configured at an entrance of the cloud service network based on in-line mode, and configured to selectively perform one of transmission, modulation and discarding of packet data transmitted from the cloud server in response to determination of the comparison of the generated authentication header with an authentication header of packet data received from the second user terminal transmitted to the cloud server,wherein the packet data processor performs modulation among transmission, modulation and discarding of the packet data, and the packet data processor modulates the packet data received from the cloud server and then transmits the modulated packet data to the second user terminal,wherein the generated authentication header and the authentication header of the packet data received from the second user terminal are generated using a hash-based message authentication code (HMAC) function, andwherein the context information of the user comprises location information, and the location information is provided in such a way that a single unique value is mapped to a specific Global Positioning System (GPS) range block.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus, method and system for context-aware security control in a cloud environment are provided. The apparatus includes an authentication header inspection unit and a packet data processing unit. The authentication header inspection unit generates an authentication header based on the received context information and key of a user, compares the generated authentication header with the authentication header of packet data received from a remote user terminal, and outputs the results of the comparison. The packet data processing unit performs one of the transmission, modulation and discarding of packet data from the cloud server of a cloud service network based on the results of the comparison by the authentication header inspection unit.
9 Citations
13 Claims
-
1. An apparatus for context-aware security control in a cloud environment, the apparatus, communicated with one or more terminals and at least one server via a cloud network, comprising at least one computer processor, a communications interface, and a non-transitory computer-readable medium bearing algorithm arranged for causing the computer processor to perform:
-
an authentication header inspector which generates an authentication header based on context information and a key transmitted from a first user terminal, and compares the generated authentication header with an authentication header of packet data received from a second user terminal; and a packet data processor, communicated between a cloud server and the first and the second user terminals via a cloud service network, configured at an entrance of the cloud service network based on in-line mode, and configured to selectively perform one of transmission, modulation and discarding of packet data transmitted from the cloud server in response to determination of the comparison of the generated authentication header with an authentication header of packet data received from the second user terminal transmitted to the cloud server, wherein the packet data processor performs modulation among transmission, modulation and discarding of the packet data, and the packet data processor modulates the packet data received from the cloud server and then transmits the modulated packet data to the second user terminal, wherein the generated authentication header and the authentication header of the packet data received from the second user terminal are generated using a hash-based message authentication code (HMAC) function, and wherein the context information of the user comprises location information, and the location information is provided in such a way that a single unique value is mapped to a specific Global Positioning System (GPS) range block. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method for context-aware security control in a cloud environment, comprising:
-
receiving a key and context information transmitted from a first user terminal; generating, using coding comprising a hash-based message authentication code (HMAC) function, an authentication header based on the context information and key transmitted from the first user terminal; comparing the generated authentication header with an authentication header of packet data transmitted from a second user terminal; and selectively performing one of transmission, modulation and discarding of packet data received from a cloud server of a cloud service network in response to determination of the comparison of the generated authentication header with an authentication header of packet data received from the second user terminal transmitted to a cloud server, wherein the selectively performing one of transmission, modulation and discarding comprises, when the modulation is performed, modulating the packet data received from the cloud server and then transmitting the modulated packet data to the second user terminal, and wherein the context information of the user comprises location information, and the location information is provided in such a way that a single unique value is mapped to a specific Global Positioning System (GPS) range block. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system for context-aware security control in a cloud environment, comprising:
-
a context information provision terminal which outputs context information including GPS value-based location information and a key; a remote user terminal which generates an authentication header based on context information and a key received from the context information provision terminal, and outputs a data reception request, along with the authentication header; and a context-aware security controller which receives the data reception request from the remote user terminal, and controls data transmission to the remote user terminal according to context-aware policies defined between the remote user terminal and a cloud server of a cloud service network, wherein the context-aware security controller generates an authentication header based on context information of a user and a key of the user received from a system administrator, compares the generated authentication header with an authentication header of packet data received from the remote user terminal, and outputs results of the comparison; and wherein the context-aware security controller performs one of transmission, modulation and discarding of packet data received from the cloud server based on the results of the comparison, wherein the context-aware security controller performs the modulation, and the context-aware security controller modulates the packet data received from the cloud server and then transmits the modulated packet data to the remote user terminal, wherein the authentication header generated by each of the remote user terminal and the context-aware security controller is generated using a hash-based message authentication code (HMAC) function, and wherein the location information is provided in such a way that a single unique value is mapped to a specific Global Positioning System (GPS) range block. - View Dependent Claims (12, 13)
-
Specification