1. Field of the Invention
The present invention relates to a method and apparatus for ensuring security of a session, and more particularly, to a method and apparatus for ensuring security of a client in a session defined using a remote user interface (RUI).
2. Description of the Related Art
As wired/wireless network technologies have rapidly developed and services using wired/wireless network, such as online shopping, have increased, security information (e.g., credit card numbers, passwords, etc.) has been increasingly transferred. Since security information is transferred between two remote devices via a wired/wireless network, security may be compromised. It is always possible others may obtain security information and use it illegally (e.g., for hacking or wiretapping). In particular, when a communication link is formed between two remote devices via another third device, there is even more risk.
FIG. 1 illustrates a conventional session defined using a remote user interface (RUI).
Referring to FIG. 1, two devices of a home network, i.e., an RUI server 110 and an RUI client 120, define a predetermined session by using the RUI. The RUI client 120 accesses contents of a contents server 130 by using the RUI provided by the RUI server 110. The RUI server 110 receives data related to the contents from the contents server 130, and provides RUIs based on the data to the RUI client 120.
In the conventional session illustrated in FIG. 1, the RUI client 120 should access the contents of the contents server 130 via the RUI server 110. This denotes that the RUI client 120 should also transmit security information (e.g., a credit card number, a password, etc) via the RUI server 110 to the contents server 130. For example, when payment is required in order to use the contents of the contents server 130, all information that is input by the RUI client 120 for the payment is transmitted to the contents server 130 via the RUI server 110. Since the security information is transmitted to the contents server 130 via the RUI server 110, it is more likely that others can steal the security information of the RUI client 120 by hacking or wiretapping the RUI server 110.
Accordingly, there is a need for a method and apparatus for ensuring security by which the RUI client 120 can efficiently transmit security information to the contents server 130 without passing through the RUI server 110.