1. Field of the Invention
The present invention relates to an apparatus and method for providing a security service for User Interface (UI) application programs (or applications) in a network system, and more particularly, to an apparatus and method for offering a security service in a multimedia-based user interface.
2. Description of the Related Art
As the use of a network, such as inter-computer data exchange, is increasing due to the advent of the Internet, a need to protect data transmitted over the network has occurred. The protection of data transmitted over the network is called ‘network security’, which is distinguished from the computer system security.
Network security can be conducted over several layers among 7 Open System Interconnection (OSI) layers, including an application layer and a network layer. For example, a network that uses an IEEE802.11-based wireless Local Area Network (LAN) protects the information exchanged by wireless communication in the network layer using a security technique such as Wired Equipment Privacy (WEP) and Wi-Fi Protected Access (WPA).
The conventional network security can be performed through the following process. First, once a client accesses a server, the server provides its public key and server certificate (that a certificate authority issued by authenticating the public key of the server with electronic signature) to the client. The client determines if the server certificate was signed by a trustable certificate authority and if the certificate is still available, and then extracts the public key of the server from the server certificate. Thereafter, the client encrypts an arbitrary message to be used as a session key with the public key of the server and sends the encrypted message to the server. Then the server can obtain the session key by decrypting the encrypted message using its private key. Using the session key, the server encrypts messages based on Symmetric Key Cryptosystem, and then sends the encrypted messages to the client.
Because the conventional network security technology encrypts all messages before transmission without distinction of upper-layer applications, the message complexity is considerably high, causing a reduction in network transmission speed. In addition, for secure communication, the server and the client should take steps of receiving certificates issued from the certificate authority individually, and authenticating the certificates, but this method is unsuitable for the home network that includes a plurality of clients.