1. Field
The present disclosure relates to a technology for controlling virtual private network (VPN) access of a wireless communication terminal, and more particularly, to a system and method for controlling VPN access.
2. Discussion of Related Art
In spite of the merits of high portability and mobility, a mobile terminal has a security problem, and thus its connection to a corporate business system is generally allowed to a limited extent only. Since most general personal computers (PCs) are fixedly placed in a company and used for business only, it is relatively easy to apply a security policy by installing a security program and so on. However, most mobile terminals are owned by individuals and used in a bring your own device (BYOD) fashion, and thus, the application of a security policy is limited. In particular, when a mobile terminal connects to a corporate business system from the outside of an institution, such as a company, the problem of information leakage may arise.
Therefore, in the related art, a secure connection is set for every business application installed on a mobile terminal according to secure sockets layer (SSL), so that access to a corporation business system is allowed through such a secure connection. However, in this case, there is an inconvenience that each business application should have a separate security environment for an SSL connection.
To solve this problem, a case in which the operating system (OS) of a mobile terminal directly supports a security mode is increasing lately. In this case, the operating system of the mobile terminal is internally divided into a normal area and a secure area, and it is not possible to access data and applications installed in the secure area from the application in the normal area. After going through an authentication procedure for accessing the secure area, the mobile terminal operates in the security mode. In the security mode, an environment in which it is possible to connect to various business systems via a VPN is provided, so that business system developers may enable mobile terminals to safely connect to corporate business systems via VPNs without creating a separate security environment for every application.
Meanwhile, cases in which a mobile terminal operating in the security mode connects to a corporate business system via a VPN may be classified into the following two types. In the case of the first type, the mobile terminal connects to the corporate business system via a corporate intranet, and in the case of the second type, the mobile terminal connects to the corporate business system via a mobile communication network or a public wireless fidelity (WiFi) network from the outside of the company. Even in the same security mode, a supported security level is required to vary according to a case of the terminal being in the company and a case of the terminal being outside the company. This is because, outside the company, it may be necessary to show a confidential document to an outsider, and the terminal may be used by an outsider.