KR101451323B1 - Application security system, security server, security client apparatus, and recording medium - Google Patents

Abstract

The present invention relates to an application security system which includes: a security client module which transmits execution result information by executing a security process according to the reception of an inspection command, and controls to execute an application installed in a terminal according to an application execution control command according to the execution result information; and a security server which transmits the inspection command to the security client module to execute the security process in the security client module by communicating with the security client module, and transmits the application execution control command to the security client module by determining an execution state of the application according to the execution result information received from the security client module.

Description

TECHNICAL FIELD [0001] The present invention relates to an application security system, a security server, a security client device, and a recording medium.

The present invention relates to an application security system, a security server, a secure client device, and a recording medium.

Nowadays, various security-related client programs for spreading malicious codes, viruses, and preventing unauthorized access are installed in various communication terminals including mobile terminals such as a PC and a notebook computer as well as smart phones and tablet PCs have.

In order to perform a new security function, the security function using the security-related client program needs to update all of the security-related client programs themselves because the security code related to the security- You should update the inspection code stored in the security-relevant client program. This is a fatal problem that makes it impossible to respond quickly in the security technology field where rapid response is indispensable.

In addition, conventionally, a client program has been separately developed for an antivirus function, an anti-hacking function, and an inverse code analysis prevention function. Therefore, in order to provide an antivirus function, an anti-hacking function, , Anti-virus function, anti-hacking function, and anti-reverse function of the code.

In this way, the different security functions must be installed in separate client programs and installed separately. In addition to the inconvenience of installation and use, the antivirus function, the anti-hacking function, It is not possible to increase the security because it can not interoperate closely.

In addition, since existing security-related client programs are designed to be suitable for a PC environment, they require a lot of data or high terminal performance. This is a disadvantage in that it is not suitable for mobile environments such as smart phones and tablet PCs, which are widely used these days.

In view of the foregoing, it is an object of the present invention to provide an application security system, a security server, a security client device, and a recording medium that provide server-based application security to enable rapid security response.

Another object of the present invention is to provide an application security system, a security server, a security client device, and a recording medium, in which different security functions operate in a closely interlocked manner to enhance security.

It is another object of the present invention to provide an application security system suitable for a mobile environment such as a smart phone and a tablet PC by reducing security related data to be stored in a terminal for performing a security function, , A security server, a security client device, and a recording medium.

In order to achieve the above object, in one aspect, the present invention provides an information processing apparatus that executes a security process according to receipt of an inspection command and transmits execution result information, To be executed; And transmitting the inspection command to the secure client module so that the security process is executed in the secure client module, wherein the secure client module is configured to communicate with the secure client module to determine whether to execute the application according to the execution result information received from the secure client module And transmits the application execution control command to the secure client module.

The inspection command received by the security client module from the security server may be one of an inspection command for prevention of code reverse analysis, an inspection command for anti-virus inspection, and an inspection command for anti-hacking inspection.

According to another aspect of the present invention, there is provided a communication system including: a communication unit for communicating with a security client module built in an application installed in a terminal; And transmitting a check command to the secure client module so that the secure client module executes a security process to receive execution result information for the security process in the secure client module, And a control unit for determining whether to execute the application and providing an application execution control command to the security client module through the communication unit.

According to another aspect of the present invention, there is provided an information processing apparatus comprising: a control unit for executing a security process according to an inspection command to output execution result information, and controlling the execution of a specified application according to an application execution control command; And a communication unit receiving the inspection command from the security server, transmitting the execution result information to the security server, and receiving the application execution control command from the security server.

According to another aspect of the present invention, there is provided a recording medium on which a program for executing an application security method is recorded. The recording medium includes a function of executing a security process according to an inspection command received from a security server, And a function of controlling the execution of the application in accordance with an application execution control command received from the security server. According to an aspect of the present invention, there is provided a computer-

As described above, according to the present invention, it is possible to provide an application security system, a security server, a security client device, and a recording medium that provide server-oriented application security to enable rapid security response.

According to another aspect of the present invention, there is provided an application security system, a security server, a security client device, and a recording medium, which can enhance security by operating in cooperation with each other.

In addition, according to the present invention, an application security system suitable for a mobile environment such as a smart phone, a tablet PC, and the like by reducing the security related data to be stored in the terminal to perform the security function and reducing the load of the terminal for the security function, A security server, a security client device, and a recording medium.

1 is a diagram schematically illustrating an application security system according to an embodiment of the present invention.
2 is a block diagram of a security server for application security according to an embodiment of the present invention.
3 is a block diagram of a secure client module for application security according to an embodiment of the present invention.
4 is a diagram illustrating security process modules and an application execution control module in a secure client module for application security according to an exemplary embodiment of the present invention.
FIG. 5 is a diagram schematically illustrating the interworking between a secure client module and a security server for application security according to an exemplary embodiment of the present invention. Referring to FIG.
6 is a diagram illustrating a process of executing an application through application security according to an embodiment of the present invention.
7 is a flowchart illustrating an operation procedure of a secure client module for application security according to an embodiment of the present invention.
8 is a flowchart illustrating an operation procedure of a security server for application security according to an embodiment of the present invention.

Hereinafter, some embodiments of the present invention will be described in detail with reference to exemplary drawings. In the drawings, like reference numerals are used to denote like elements throughout the drawings, even if they are shown on different drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

In describing the components of the present invention, terms such as first, second, A, B, (a), and (b) may be used. These terms are intended to distinguish the components from other components, and the terms do not limit the nature, order, order, or number of the components. When a component is described as being "connected", "coupled", or "connected" to another component, the component may be directly connected or connected to the other component, Quot; intervening "or that each component may be" connected, "" coupled, "or " connected" through other components.

1 is a diagram schematically illustrating an application security system according to an embodiment of the present invention.

Referring to FIG. 1, an application security system according to an embodiment of the present invention is a system for protecting an application 111 installed in a terminal 110 and a user thereof from a security point of view. That is, the application security system according to the embodiment of the present invention can prevent the application 111 from being hacked or tampered with by tampering with the application 111, or by taking the copyright of the developer (source code) It is a system to protect copyright owners.

Referring to FIG. 1, an application security system according to an embodiment of the present invention includes: A security client device that executes a security process for protecting an application 111 installed in the terminal 110 in order to provide application security and a security client device that instructs the secure client device to execute a security process, And a security server 120 that receives execution result information from the secure client device and provides an application execution control command to the secure client device.

The security client device may be a terminal physically separated from the terminal 110 in which the application 111 to be protected is installed and may be a terminal having the application 111 as a protected object 110, or the like.

1, the security client device includes a software module (not shown) included in the application 110 installed in the terminal 110, which is included in the terminal 110 in which the application 111 to be protected is installed, Software Module).

1, the security client apparatus includes a software module 111 included in the application 111 installed in the terminal 110, and a security module 111 that is included in the terminal 110 in which the protected application 111 is installed, Which is a security client module 112 that is a security module (Software Module). However, it is not limited thereto.

In this manner, the application 110 in which the security client module 112 is embedded can be downloaded and installed in the terminal 110 through the application store server.

A code corresponding to the security client module 112 is basically included in the application 110 downloaded and installed from the application store server.

On the other hand, the application 111 downloaded from the application store server and installed may include the application execution code for actual execution. In some cases, the application 111 may be downloaded from the related server (service server corresponding to the application) And control information (e.g., link information, etc.) that can be downloaded may be included.

The code corresponding to the secure client module 112 is stored in the first location in the memory of the terminal 110 and the application execution code that is already included in the distribution of the application 111 or downloaded each time it is executed is stored in the memory 110 of the terminal 110 And may be stored in a second position different from the first position.

Here, the first position in the memory is a storage position at which the processor of the terminal 110 first accesses when an application execution request is input, and is a position at which the application execution code is known or recognized. The second location in memory is a storage location where the application execution code is actually stored but can not be recognized as being stored in the terminal 110 as well as outside.

In addition, the application execution code which is already included in the distribution of the application 111 or is downloaded each time it is executed can be encrypted and stored when it is stored in the second location in the memory.

For example, when an application execution code that is already included in the distribution of the application 111 or is downloaded each time it is executed is encrypted and stored, a file header of the application execution code or a part of the application execution code may be encrypted and stored And may be encrypted and stored in such a manner that the positions of the information in the file of the application executable code are interchanged or may be encrypted and stored in such a manner that specific or arbitrary information in the file of the application executable code is replaced with other information. The present invention is not limited to such a cipher system, but various cipher systems are also possible.

The processor of the terminal 110 reads the code corresponding to the security client module 112 stored in the first location in the memory and transmits the corresponding security process And executes the application execution code stored in the second location in the memory or downloads the application execution code from the related server to the second location in the memory and executes the application 111 ) Is actually executed.

As described above, it is possible to provide enhanced security for the application 111 through code storage location related features, encryption of application executable code, and the like.

In addition, when the application execution code is not included in the application 111 at the time of initial distribution of the application 111 but is downloaded each time the application 111 is executed, it is possible to further enhance the security of the application 111 . The security client module 112 executes the security process corresponding to the receipt of the inspection command from the security server 120 and transmits the execution result information to the security server 120. In accordance with the execution result information, And controls the application installed in the terminal 110 to be executed according to the control command.

Security server 120 in conjunction with secure client module 112 makes important decisions and makes important decisions and decisions for application security.

More specifically, the security server 120 communicates with the secure client module 112 to send a verify command to the secure client module 112 to cause the secure process to be performed in the secure client module 112, , A security process corresponding to the inspection command is executed in the security client module 112, and the execution result information is received.

Thereafter, the security server 120 determines whether the application 111 is safe to be executed in the terminal 110 according to the execution result information received from the secure client module 112, determines whether to execute the application 111, And sends an application execution control command to the security client module 112 accordingly.

When the secure client module 112 is embedded in the application 111 installed in the terminal 110 in order to trigger the operation of the secure client module 112, A control code for allowing the secure client module 112 to operate may be inserted.

This control code is read at the first execution time of the application 111 to operate the security client module 112 and allow the operated security client module 112 to communicate with the security server 120, Is a code that allows the security server 120 to receive an inspection command to execute an inspection routine associated with the security process for the security server 120. [

The application 111 in which the security client module 112 is embedded may be encrypted by replacing the file contents of part or all of the code file in order to prevent code reverse analysis.

Here, regarding the substitution of the file contents of the application 111, the application 111 in which the security client module 112 is embedded changes the storage position of the file contents with respect to a part or all of the code file, May be substituted.

The security server 120 has a hardware configuration similar to that of a typical Web server, a web application server, or a WAP server. However, as described in detail below with reference to FIG. 2, a software module that is implemented in any language such as C, C ++, Java, PHP, .Net, Python, Ruby, (Module).

The security server 120 may also be connected to an unspecified number of clients (including the terminal 110) and / or other servers via the network 130, thereby allowing the security server 120 to perform operations Or a computer software (server program) installed for such a computer system, which receives a request for execution and derives a result of the operation on the computer.

In addition to the above-described server program, the security server 120 may also include a wide range of application programs (Application Programs) operating on the security server 120 and various databases built in or outside the system .

Here, the database may mean a collection of data structured by managing data such as information or data for use by a server or another device, and may mean a storage medium storing an aggregate of such data.

Such a database may include a plurality of databases classified according to a data structure, a management method, and the like.

In some cases, the database may include a database management system (DBMS), which is software that allows the user to add, modify, delete, etc. information or data.

In addition, the security server 120 may store and manage content, various information, and data in a database. Here, the database may be implemented inside or outside the security server 120.

In addition, the security server 120 uses a server program that is variously provided according to an operating system such as DOS, Windows, Linux, UNIX, or Macintosh to general server hardware Typical examples include a Web site used in a Windows environment, an Internet Information Server (IIS), Apache, Nginx, and Light HTTP used in a UNIX environment.

Meanwhile, the terminal 110 may include a general PC such as a general desktop or a notebook computer, and may include a mobile terminal such as a smart phone, a tablet PC, a PDA (Personal Digital Assistants), and a mobile communication terminal. But should be broadly interpreted as any electronic device capable of communicating with security server 120. [

The network 130 as a network connecting the terminal 110 and the security server 120 may be a closed network such as a LAN (Local Area Network) or a WAN (Wide Area Network) Network. Herein, the Internet includes various services existing in the upper layer of the TCP / IP protocol such as HyperText Transfer Protocol (HTTP), Telnet, File Transfer Protocol (FTP), Domain Name System (DNS), Simple Mail Transfer Protocol (NFS), and Network Information Service (NIS), which are used in the Internet.

In addition, when the terminal 110 includes a mobile terminal such as a smart phone, a tablet PC, a PDA (personal digital assistant), and a mobile communication terminal, the network 130 may be a wireless access network such as a mobile communication network or a WiFi As shown in FIG.

Hereinafter, the security client module 112 and the security server 120 constituting the application security system briefly described above will be described in more detail with reference to FIGS. 2 and 3. FIG.

2 is a block diagram of a security server 120 for application security in accordance with an embodiment of the present invention.

2, a security server 120 for application security according to an exemplary embodiment of the present invention includes a communication unit 112 for communicating with a security client module 112 built in an application 111 installed in a terminal 110 210, and a control unit 220 that performs various control functions for application security in cooperation with the security client module 112.

The control unit 220 transmits the inspection command to the security client module 112 through the communication unit 210 so that the security client module 112 executes the security process.

After transmitting the inspection command, the control unit 220 receives execution result information for the security process in the security client module 112 through the communication unit 210. [

The control unit 220 determines whether to execute the application 111 in the terminal 110 according to the received execution result information and controls the execution of the application 111 in the terminal 110 And provides an application execution control command to the secure client module 112 via the communication unit 210. [

2, a security server 120 for application security according to an exemplary embodiment of the present invention includes a storage unit 120 for storing and managing all inspection codes for various security processes to be executed by the security client module 112, (230).

As described above, in the embodiment of the present invention, the security server 120 stores all the inspection codes, but conventionally, all the inspection codes are stored on the client side. Accordingly, when the inspection code is changed, there is a limit to update the entire client, and as a result, rapid security response using the changed inspection code can not be achieved.

However, as in the embodiment of the present invention, when the security server 120 stores all the inspection codes, the security client module 112 executes and stores the data provided by the security server 120, Since only the result is transmitted to the security server 120, the security response due to the change of the inspection code can be expedited. In addition, it is possible to promptly respond to an operation of bypassing the security client module 112 and an occurrence of an accident.

Meanwhile, among the inspection codes stored in the security server 120, there may be sensitive inspection codes that should not be shared among various companies. Accordingly, the storage unit 230 of the security server 120 stores all of the inspection codes for the security process, and adds the additional inspection codes received from the terminal of the vendor developing the application 111 as inspection codes for the security process Additional registration is possible.

Accordingly, the application developer can apply the security function corresponding to the enterprise external confidential information without the assistance of the development and operation company of the security client module 112 and the security server 120, And can actively operate.

As described above, the security client module 112 executes the corresponding security process only by an inspection command of the security server 120, informs the security server 120 of the execution result information, instructs the security server 120 It controls the execution of the application 111 as defined according to the application execution control command, but does not perform any single operation or judgment thereof.

That is, application protection according to an embodiment of the present invention is provided not on the basis of a client but on a server basis. When a necessary code is registered in the security server 120 at the time of detecting a vulnerability of a client code and updating a function, The module 112 need only operate according to the instructions of the security server 120 regardless of the logic. Accordingly, the terminal 110 can quickly respond to security in a mobile environment such as a smart phone, a tablet PC, and the like, and effectively defend against a disabling tool that disables a security product.

Meanwhile, the security client module 112 may provide both a Decompile Protection, an Anti-Virus, and an Anti-Hacking test.

Accordingly, the inspection command transmitted from the security server 120 to the secure client module 112 may include, for example, a Decompile Protection, an Anti-Virus, and an Anti-Hacking Etc. < / RTI >

In addition, the inspection command transmitted from the security server 120 to the secure client module 112 may further include, for example, a defensive code integrity check command, a defensive code download command, and a defensive code execution command.

In the following, a secure client module 112 that interacts with the security server 120 for application security will be described.

3 is a block diagram of a secure client module 112 for application security in accordance with an embodiment of the present invention.

3, the security client module 112 for application security according to an exemplary embodiment of the present invention includes a controller 310 that performs core operations in cooperation with the security server 120, a security server 120, And a communication unit 320 for communicating with the base station.

The control unit 310 executes the security process according to the inspection command received from the security server 120 through the communication unit 320 and outputs the execution result information.

The communication unit 320 transmits the execution result information of the security process output to the control unit 310 to the security server 120.

The control unit 320 receives the application execution control command from the security server 120 through the communication unit 320 after outputting the execution result information of the security process, ).

The security client module 112 of FIG. 3 may be the terminal 110 itself or a software module embedded in the application 111 installed in the terminal 110.

Meanwhile, the security client module 112 may integrate a decryption protection function, an anti-virus function, and an anti-hacking function into a single product.

4, the control unit 310 of the secure client module 112 includes an integrated security module 410 for executing various security processes, and an execution result of the security process of the integrated security module 410 And an application execution control module 420 that controls the execution of the application 111 by an instruction of the security server 120 according to the information.

Referring to FIG. 4, the integrated security module 410 includes a code reverse analysis prevention module 411, an anti-virus module 412, an anti-hacking module 413, and the like.

The code reverse analysis prevention module 411 receives an inspection command for prevention of reverse code analysis from the security server 120 according to the execution of the control code inserted in the first execution part of the application 111, Executes an inspection routine to check whether a code reverse analysis event for the application 111 has occurred, and transmits the first inspection result information to the security server 120 as execution result information of the security process.

Conventional code reverse analysis prevention is supported in such a manner that only a specific table portion of a header is modulated without encryption to a code file which is a core file of an application. In this case, only the logic that modulates a particular part of the table can be exposed to all threats if exposed.

However, as described above, according to the embodiment of the present invention, not only the specific table portion of the header is modified with respect to the code file which is the core file of the application, Use countermeasures to effectively prevent code reverse analysis.

In addition, in order to prevent the inverse analysis of the conventional code, the code file which is the core file of the application is encrypted. In this case, since the code file is simply completely encrypted, when the encryption key value is leaked, do. However, in an embodiment of the present invention, a code table, which is a key file of an application, may be modified by modifying a specific table portion of a header, , Even if the encryption key is leaked, it can not be restored to a normal file, so that it is safe from a security threat.

When the antivirus module 412 receives the inspection command for the anti-virus inspection from the security server 120, the anti-virus module 412 executes the second inspection routine as the security process, And transmits the second check result information to the security server 120 as execution result information of the security process.

When the anti-hacking module 413 receives the inspection command for the anti-hacking inspection from the security server 120, the anti-hacking module 413 executes the third inspection routine as the security process to detect a hacking tool, And transmits the third check result information to the security server 120 as execution result information of the security process.

The above-described anti-hacking and anti-virus function checks a malicious program installed in the terminal 110 and a process currently executed in the terminal 110 immediately before or during execution of the application 111 to be protected It is possible to detect malicious code and a hacking tool which can harm the application 110 to be protected from the currently executing processes based on the database or to detect a malicious code and a hacking tool Malicious code and a hacking tool targeting the malicious code 110 are detected.

Detection methods of malicious codes and hacking tools consist of a method of comparing integrity values of code files in a package or integrity values of contents of a method table and a string table in a code file.

The operation timing of each of the code reverse analysis prevention module 411, the anti-virus module 412 and the anti-hacking module 413 mentioned above is related to the execution of the application 111. [

For example, only when the code reverse analysis prevention module 411 is operated before the execution request of the application 111 is actually executed and it is determined that the code reverse analysis has not occurred as a result of the operation, Any one of the anti-virus module 412 and the anti-hacking module 413 may be operated first and then the remaining operations may be performed. At this time, the anti-virus module 412 and the anti-hacking module 413 may operate simultaneously. As a result of the operation of the code reverse analysis prevention module 411, when it is determined that the code reverse analysis has occurred, the anti-virus module 412 and the anti-hacking module 413 do not operate.

More specifically, before the execution request of the application 111 occurs and is actually executed, the code reverse analysis prevention module 411 executes the first inspection routine according to the inspection command of the security server 120, If the execution result information is transmitted to the security server 120 and it is determined that the code reverse analysis does not occur in the security server 120, the anti-virus module 412 and the anti-hacking module 413 check The second inspection routine and the third inspection routine are executed and the execution result information is sent to the security server 120 so that it is determined that the malicious code and the hacking tool are not present at all. An application execution control command including information is sent to the application execution control module 420 of the security client module 112. [ Accordingly, the application execution control module 420 controls the application 111 to be executed.

After the application 111 is executed, the anti-virus module 412 and the anti-hacking module 413 are continuously operated during the execution, so that the inspection for the anti-virus and the anti-hacking can be performed in real time.

At this time, the security server 120 receives the execution result information of the inspection routine from the anti-virus module 412 and the anti-hacking module 413, determines whether or not the application 111 can be continuously executed, And then sends an execution control command to the application execution control module 420 of the secure client module 112. Accordingly, the application execution control module 420 controls whether or not the application 111 is executed.

As described above, in the related art, major security functions such as code reverse analysis prevention, anti-virus and anti-hacking are provided as separate products (applications). However, in a mobile environment, The risk of such a situation is not suitable. Therefore, in order to protect the application according to an embodiment of the present invention, major security functions such as code reverse analysis prevention, anti-virus and anti-hacking are cooperatively provided cooperatively in one security client module 112, There is also an advantage in that it is able to respond effectively to various security threats even when performance is limited.

Hereinafter, the security server 120 and the security client module 112 described above in conjunction with each other provide an application security function will be described in more detail with reference to FIGS. 5 to 8. FIG.

5 is a diagram schematically illustrating the interworking between the security client module 112 and the security server 120 for application security according to an embodiment of the present invention.

5, the security server 120 stores all of the check codes for the security process executed in the secure client module 112, and the control code embedded in the initial execution part of the application 111 is transmitted to the terminal 110 , The secure client module 112 transmits a check command for the security process to be executed in the secure client module 112 to the secure client module 112 (S510).

At this time, the security server 120 may transmit the encryption data corresponding to the encrypted inspection code and the key for decrypting the encrypted data to the security client module 112 in order to execute the inspection routine related to the security process.

The security client module 112 receives the inspection command for the security process, the encrypted data and the key from the security server 120, decrypts the encrypted data based on the key, and checks the security process related to the security process indicated by the inspection command And transmits execution result information of the security process to the security server 120 (S520).

In this regard, since a security module (an inspection code) required for security is conventionally stored in a plain text file format, a weak point can be easily obtained through inverse analysis. However, in an embodiment of the present invention, the security server 120 transmits the encrypted data in order to protect the security module, and in use, decrypts and uses the encrypted data using the key transmitted from the security server 120 Therefore, vulnerability through reverse analysis like the conventional one can be supplemented.

In step S520, when the security server 120 confirms execution result information received from the secure client module 112, if a reverse code analysis or malicious code or a hacking tool for the application 111 is detected, the application 111 ) To the secure client module 112 (S530).

In step S520, the security server 120 checks the execution result information received from the secure client module 112, and if the reverse code analysis for the application 111 or the malicious code or the hacking tool is not detected, 111) may be executed to the secure client module 112 (S530).

At this time, if there are more security processes to be executed in the secure client module 112, the secure server 120 and the secure client module 112 may repeatedly perform the steps S510 and S520 .

In step S530, when the security server 120 transmits an application execution control command to the security client module 112 to cause the application 111 to be executed, the security client module 112 decrypts the code file of the application 111 And send the code to the secure client module 112 for execution.

Accordingly, the security client module 112 can decode the code file of the application 111 using the code received from the security server 120, and control the application 111 to be executed.

FIG. 6 is a diagram illustrating a process of executing an application 111 through application security according to an exemplary embodiment of the present invention.

6, when an execution request of the application 111 is generated (S610), that is, when the control code inserted in the first execution part of the application 111 is read, the security client module 112 operates to read the code The analysis prevention function is executed (S620).

In the step S620 in which the code reverse analysis prevention function is executed, the code reverse analysis prevention module 411 in the secure client module 112 transmits a check command for prevention of code reverse analysis to the security server 120 and executes a first checking routine as a security process in accordance with a check command for prevention of code reverse analysis to check whether a code reverse analysis event for the application 111 has occurred, And transmits the first inspection result information to the security server 120 as execution result information.

The security server 120 determines whether a code de-parsing event for the application 111 has occurred based on the first inspection result information received from the security client module 112. [

If it is determined that the code reverse analysis event for the application 111 has occurred according to the first inspection result information, the security server 120 transmits an application execution control command for blocking the execution of the application 111 to the secure client module (112). In this case, the execution step (S630) of the anti-virus and anti-hacking function is not performed.

The security server 120 transmits an inspection command for at least one of the anti-virus inspection and the anti-hacking inspection to the security client module 112. If it is determined that the anti- And controls at least one of the virus module 412 and the anti-hacking module 413 to operate. Accordingly, the anti-virus and anti-hacking checking functions are executed (S630).

In step S630, the anti-virus module 412 in the secure client module 112, when receiving the inspection command for the anti-virus inspection from the security server 120, The second inspection routine is executed to check whether or not malicious code damaging the application 111 exists in the terminal 110 based on the database and the second inspection result information is transmitted to the security server 120 as execution result information of the security process, Lt; / RTI >

In step S630, the anti-hacking module 413 in the security client module 112 receives an inspection command for the anti-hacking inspection from the security server 120, A third checking routine is executed as a process to check whether or not a hacking tool that damages the application 111 exists in the terminal 110 based on the database and the third check result information is transmitted to the security server 120).

The security server 120 determines that the code reverse analysis event for the application 111 has not yet occurred according to the first inspection result information received from the reverse code analysis prevention module 411 of the secure client module 112 And transmits the second inspection result information and the third inspection result information from the anti-virus module 412 and the anti-hacking module 413 after transmitting the inspection command for the anti-virus inspection and the anti-hacking inspection to the security client module 112, An application execution control command for causing the application 111 to be executed when it is determined that the application 111 is safe according to the received second test result information and the third test result information is transmitted to the secure client module 112 ). Accordingly, the application 111 is executed in the terminal 110 by the secure client module 112 (S640).

After execution of the application 111, the anti-virus module 412 and the anti-hacking module 413 continue to operate during the execution of the application 111, so that an inspection for antivirus and anti-hacking can be performed in real time (S650 ).

7 is a flowchart illustrating an operation procedure of a secure client module 112 for application security according to an embodiment of the present invention.

7, the secure client module 112 for application security according to an embodiment of the present invention collects terminal information (S700), and then accesses the security server 120 (S702) Only the process corresponding to the command issued by the server 120 is executed and the execution result information is transmitted to the security server 120.

Referring to FIG. 7, the secure client module 112 receives command data of the security server 120 (S704). At this time, the received command data may be data for a defense code integrity check command, a defense code download command, a defense code execution command, and the like.

If the command data received by the secure client module 112 is a check code integrity check command (S706), a defense code integrity check (check) is performed to collect defense code integrity information (S708).

If the command data received by the secure client module 112 is a defense code download command (S710), the defense code is downloaded from the security server 120 and stored (S712). At this time, the security client module 112 encrypts and stores the defense code received from the security server 120.

If the command data received by the secure client module 112 is a defense code execution command in step S714, the secure client module 112 performs step S712 using the information received from the security server 120 And stores the decrypted code in a memory (S716).

After the decrypted defense code is loaded into the memory, the secure client module 112 deletes the decrypted defense code (S718).

Then, the security client module 112 executes the defense code loaded in the memory together with the resource received from the security server 120 (S720).

As described above, the defense code operating method can improve the security of the defense code by preventing the defense code transmitted from the security server 120 from being analyzed unauthorized.

Meanwhile, the secure client module 112 may receive command data of the application 111 after connecting to the security server 120 (S730). In this case, the command data of the application 111 may be a request for memory protection (S732), memory modulation check (S734), resource decryption (S736) and the like.

In this regard, the security client module 112 may include a routing detection function for checking whether there is a file or a process having an administrator authority not permitted by the current terminal system, a function for detecting whether the execution state of the application 111 as the protected program is a debugging mode A memory encryption function for encrypting a memory portion having important information in which an application 111, which is a program to be protected, is used, a memory control function for checking whether a memory has been tampered during a certain period of time in the application 111, A file modulation checking function for checking whether or not the file used by the application 111, which is the program to be protected, is tampered with can be performed.

8 is a flowchart illustrating an operation procedure of the security server 120 for application security according to an embodiment of the present invention.

8, the security server 120 includes an inspection code (defense code) for a security process to be executed in the security client module 112, resource information to be used in the inspection code (defense code) (Defense code execution result value) of the security processor sent from the security client module 112, and then transmits the command to the security client module 112 according to the result.

Referring to FIG. 8, the security server 120 receives data on the terminal information confirmed by the security client module 112 in the terminal 110 from the security client module 112 (S800).

The security server 120 generates a key (user key) for the user using the terminal information received from the security client module 112 (S802).

Thereafter, the security server 120 requests the security client module 112 to perform an inspection code integrity verification (S804).

Accordingly, the security server 120 receives data on the integrity value from the secure client module 112 (S806).

Thereafter, the security server 120 determines whether the source code is a normal file or a latest file (S810). Here, the source code may be an inspection code or a defensive code, and may be a code file of the application 111, as the case may be.

If it is determined in step S810 that the source code is not a normal file or a latest file, the security server 120 further determines whether the number of attempts to use the source code is equal to or greater than a predetermined number (e.g., five) (S812).

As a result of the determination in step S812, the security server 120 transmits an instruction to terminate the current process (security process related to application execution) to the security client module 112 when a predetermined number of attempts or more are attempted S828).

If it is determined in step S810 that the source code is a normal file or a latest file, or if it is determined in step S812 that the number of attempts is less than a predetermined number, the security server 120 The stored source code is transmitted to the secure client module 112, and a save command for the source code is issued (S814).

Thereafter, the security server 120 receives the integrity data of the stored file (S816), and transmits an instruction to the security client module 112 to execute the source code in the corresponding step (S820).

Thereafter, the security server 120 checks the result value of the source code (S822) and determines whether the result value is normal (S824). If the result is not normal, the security client module 112 (Step S828) to terminate the current process (security process related to application execution).

If it is determined in step S8204 that the resultant value is normal, the security server 120 determines whether there is a next source code (S826), and repeats the process from step S804 until the next source code does not exist .

In the foregoing, a method of providing application security according to an embodiment of the present invention, and a security server 120 and a security client module 112 for the method have been described.

Meanwhile, a method of providing application security according to an embodiment of the present invention may include an application installed in the terminal 110 (which may be included in a platform that is basically installed in the terminal, or included in an operating system, And an application 111 compatible with the operating system of the terminal 110 and installed directly on the terminal 110 through an application providing server such as an application store server, an application or a web server associated with the service, ). ≪ / RTI >

Here, the operating system of the terminal 110 may be an operating system such as a window installed on a general PC such as a desktop or a Macintosh, an iOS installed on a mobile terminal such as a smart phone or a tablet PC, ), And the like.

In this regard, a method of providing application security according to an embodiment of the present invention is implemented as an application installed in the terminal 110 or directly installed by a user (i.e., a program) And can be recorded on a computer-readable recording medium.

That is, the secure client module 112 for executing the application security method according to an embodiment of the present invention may be implemented as a program and recorded in a computer-readable recording medium.

The program for implementing an application security method according to an embodiment of the present invention includes a function of executing a security process according to an inspection command received from the security server 120, And a function of controlling the execution of the application in accordance with the application execution control command received from the security server 120. [ In addition to this, all the functions corresponding to the application security method according to the embodiment of the present invention described above can be executed.

Such a program may be recorded on a recording medium that can be read by a computer and executed by a computer so that the above-described functions can be executed.

As described above, in order to execute an application security method according to an embodiment of the present invention in which a computer reads a program recorded on a recording medium and is embodied as a program, the above-mentioned program is stored in a computer- C ++, JAVA, machine language, and the like.

The code may include a function code related to a function or the like that defines the functions described above and may include an execution procedure related control code necessary for the processor of the computer to execute the functions described above according to a predetermined procedure.

In addition, such code may further include memory reference related code as to what additional information or media needed to cause the processor of the computer to execute the aforementioned functions should be referenced at any location (address) of the internal or external memory of the computer .

In addition, when a processor of a computer needs to communicate with any other computer or server, etc., to perform the above-described functions, the code may be stored in a computer's communication module (e.g., a wired and / ) May be used to further include communication related codes such as how to communicate with any other computer or server in the remote, and what information or media should be transmitted or received during communication.

The functional program for implementing the present invention and the related code and code segment may be implemented by programmers in the technical field of the present invention in consideration of the system environment of the computer that reads the recording medium and executes the program, Or may be easily modified or modified by the user.

Also, the computer-readable recording medium on which the above-described program is recorded may be distributed to a computer system connected via a network so that computer-readable codes can be stored and executed in a distributed manner. In this case, one or more of the plurality of distributed computers may execute some of the functions presented above and send the results of the execution to one or more of the other distributed computers, The computer may also perform some of the functions described above and provide the results to other distributed computers as well.

As described above, the computer-readable recording medium on which the program for executing the application security method according to an embodiment of the present invention is recorded may be a ROM, a RAM, a CD-ROM, a magnetic tape, a floppy disk , And optical media storage devices.

In addition, a computer-readable recording medium storing an application, which is a program for executing an application security method according to an embodiment of the present invention, includes an application store server, an application or a web server (For example, a hard disk) included in an application provider server including an application server, a server, or the like, an application providing server itself, or another computer storing the program or a storage medium thereof.

A computer capable of reading a recording medium on which an application, which is a program for executing an application security method according to an embodiment of the present invention, can be read is not limited to a general PC such as a general desktop or a notebook computer but also a smart phone, Digital assistants, and mobile communication terminals. In addition, the present invention should be interpreted as all devices capable of computing.

If a computer capable of reading a recording medium on which a program (a program for the security client module 112) for executing a method of providing application security according to an embodiment of the present invention or an application 111 containing the application is stored In case of a mobile terminal such as a smart phone, a tablet PC, a PDA (Personal Digital Assistants) and a mobile communication terminal, the mobile terminal can download and install the application from an application providing server including an application store server, a web server, May be downloaded to the general PC from the application providing server and then installed in the mobile terminal through the synchronization program.

As described above, according to the present invention, it is possible to provide an application security system, a security server, a security client device, and a recording medium that provide server-oriented application security to enable rapid security response.

According to another aspect of the present invention, there is provided an application security system, a security server, a security client device, and a recording medium, which can enhance security by operating in cooperation with each other.

In addition, according to the present invention, an application security system suitable for a mobile environment such as a smart phone, a tablet PC, and the like by reducing the security related data to be stored in the terminal to perform the security function and reducing the load of the terminal for the security function, A security server, a security client device, and a recording medium.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the inventions. , Separation, substitution, and alteration of the invention will be apparent to those skilled in the art. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas falling within the scope of the same shall be construed as falling within the scope of the present invention.

Claims (14)

A security client module that executes a security process according to receipt of an inspection command to transmit execution result information and controls an application installed in the terminal to be executed according to an application execution control command according to the execution result information; And
Communicating with the security client module, transmitting the inspection command to the security client module so that the security process is executed in the security client module, and determining whether to execute the application according to the execution result information received from the security client module And a security server for transmitting the application execution control command to the security client module,
Wherein the application is encrypted by replacing a file content of a part or all of the code file. The method according to claim 1,
A control code for causing the security client module to operate in a portion where the application is initially executed and to cause the inspection command to be received from the security server to communicate with the security server to execute an inspection routine related to the security process, The application security system comprising: 3. The method of claim 2,
The security server includes:
Storing the inspection code for the security process and transmitting the inspection command to the security client module when the control code inserted in the initial execution part of the application is read by the terminal,
And transmits the encrypted resultant information of the security process to the security client module, wherein the security client module transmits the encrypted resultant data to the security client module in order to execute the check routine related to the security process, Module to send the application execution control command to the secure client module,
The secure client module comprising:
Receiving the inspection command, the encrypted data and the key from the security server, decrypting the encrypted data based on the key, executing an inspection routine related to the security process,
And transmits the execution result information of the security process to the security server and controls the execution of the application in the terminal according to the application execution control command when the application execution control command is received from the security server. Application security system. delete The method according to claim 1,
The application comprises:
And the contents of the file are replaced by changing the storage location of the file contents with respect to a part or the whole of the code file. The method according to claim 1,
Wherein the inspection command received by the security client module from the security server is one of an inspection command for preventing code reverse analysis, an inspection command for anti-virus inspection, and an inspection command for anti-hacking inspection. . The method according to claim 6,
The security server includes:
If it is determined from the execution result information received from the security client module that a code reverse analysis event for the application has not occurred yet after transmitting the check command for preventing code reverse analysis first, Sending a check command for at least one of the checks to the secure client module,
And transmits the application execution control command to the secure client module to block execution of the application when it is determined that a code de-parsing event for the application is generated from the execution result information received from the secure client module Application security system. 8. The method of claim 7,
The security server includes:
If it is determined that all the applications are safe from the virus and hacking through the execution result information received from the secure client module after transmitting both the inspection command for the anti-virus inspection and the inspection command for the anti-hacking inspection, And transmits the application execution control command to the secure client module that the application can be executed. A communication unit for communicating with a security client module installed in the terminal; And
Wherein the secure client module transmits an inspection command to the secure client module so as to execute the security process, receives execution result information for the security process in the secure client module, And an application execution control command to the security client module through the communication unit,
Wherein the application is encrypted by replacing a file content of a part or all of the code file. 10. The method of claim 9,
And a storage unit for storing and managing all the inspection codes for the security process to be executed by the security client module. 10. The method of claim 9,
The inspection command includes:
A code reverse analysis prevention, an anti-virus check, and an anti-hacking check. 10. The method of claim 9,
The inspection command includes:
A defense code integrity check command, a defense code download command, and a defense code execution command. A control unit for executing the security process according to the inspection command to output the execution result information and controlling the execution of the designated application according to the application execution control command; And
And a communication unit for receiving the inspection command from the security server, transmitting the execution result information to the security server, and receiving the application execution control command from the security server,
Wherein the application is encrypted by replacing a file content of a part or all of the code file. A recording medium on which a program for executing an application security method is recorded,
A function of executing a security process according to a check command received from a security server,
A function of transmitting execution result information of the security process to the security server;
And a control unit for controlling execution of an application in which a file content of a part or all of the code file is replaced and encrypted according to an application execution control command received from the security server.

Images