KR101793540B1 - Verification system and method of taking picture and recording in mobile - Google Patents

Abstract

The present invention relates to a mobile device management and mobile application lock (MDM/MAL) linkage system for mobile recording and imaging. The MDM/MAL linkage system includes an MDM/MAL activation module installed on a smart device having an MDM/MAL application installed thereon. The MDM/MAL activation module includes: a security camera/recorder recording module which controls corresponding contents to be generated only in apps controlled by the MDM/MAL app; a video processing module configured to mark random values to be checked in a decoding operation separately in a header field of data when the corresponding contents are videos; and an image and voice processing module which is configured to identify the corresponding contents after a first marking operation when the corresponding contents are images or voices. Therefore, the system can support a user authorized for security and positions in a business to utilize a smart device to perform tasks safely and conveniently within the MDM/MAL system.

Description

Technical Field [0001] The present invention relates to a MDM / MAL interworking system for mobile shooting and recording,

The present invention relates to a Mobile Device Management (MDM) / Mobile Application Lock (MAL) interworking system for mobile shooting and recording. More specifically, the present invention utilizes a MDM / MAL system operating in a specific organization such as a public enterprise, a private enterprise, and a defense to enable a camera and a sound recorder, And a secure content delivery technology using a lightweight DRM encryption technology overcoming the limited resources utilization technology of a smart device such as a virtualization base of a smart device.

In recent years, there has been a positive element that leads to a new era of IT due to the spread and spread of various smart devices (smart phone, tablet PC, etc.), but due to the function of smart devices that are becoming more and more advanced, Causing various problems in terms of security. Therefore, organizations that have a high level of security such as public corporations, private enterprises, and national defense for the purpose of physical security of such devices are required to use mobile device management (MDM) or mobile application control system Application Lock: MAL).

 However, it is an information protection solution that can be used as a positive element of security, but on the contrary, the device is an organizationally authorized terminal and the security policy of the personal laptop is not so different. In particular, content such as photos, video, and audio that can be collected by a smart device may not be used in the organization but may be a big problem when used outside. However, if it is safely used safely in an organization for business purposes, It would be useful. Rather, an authorized digital camera or voice recorder can be used in the organization by being authorized within the organization, but there is a problem that there is no way to control the device or the medium at all even if the device or medium is taken out.

 Therefore, it is necessary to encrypt contents (image, photo, image, voice, etc.) generated in the activation of the corresponding function in the technology boundary of the existing MDM / MAL and secure storage (eg, a closed network and a network separated from the Internet) through a network, a business camera and a voice recorder can be used in the workplace sufficiently, and a method of satisfying related laws and regulations is required.

Accordingly, an object and object to be solved by the present invention is to provide a technology and a system for using a camera and a sound recorder in a smart device (e.g., a smart phone) of a person for business reasons and safely delivering generated content to the in- .

According to an aspect of the present invention, there is provided an MDM (Mobile Application Management) / MAL (Mobile Application Lock) interworking system for mobile photography and recording, including a MDM / / MAL activation module; Wherein the MDM / MAL activation module comprises: a security camera / sound recorder module for controlling the content to be generated only in an app controlled by the MDM / MAL application; A moving picture processing module configured to separately mark a predetermined random value that can be confirmed in decoding in a data header field when the corresponding content is a moving picture; And an image / voice processing module configured to perform a primary marking operation to identify the corresponding content when the corresponding content is an image or a voice, Can be used to support the safe and convenient use of the MDM / MAL system in performing its tasks.

In one embodiment, the MDM / MAL activation module comprises: a DRM video encryption module for performing DRM encryption using a private key DB, the video identified through the video processing module; And a DRM image / voice encryption module for performing DRM encryption using the private key DB for the image / voice identified through the image / voice processing module, The security level of the image / voice may be higher than that of the image / voice.

In one embodiment, the MDM / MAL activation module may further include a transmission module for controlling the corresponding encrypted content to be delivered to the business network in the corresponding business premises if the smart device is determined to be within the business premises.

In one embodiment, a receiving server module configured to receive the encrypted corresponding content from the smart device; And a network switching system configured to receive the encrypted corresponding content from the receiving server module, wherein the network switching system comprises an Internet network data transmission module configured to receive the encrypted corresponding content from the receiving server module, ; A manganese shared storage configured to store the encrypted corresponding content in a manner such that real-time hacking of the encrypted corresponding content is physically impossible; And a closed network data receiving module configured to obtain the corresponding content from the manganese shared storage, and to transmit the corresponding content to the receiving server, which is a business network in the corresponding business premises.

In one embodiment, the receiving server module is configured to identify the moving picture by checking a random value promised in the data header field when the corresponding content is moving picture, And an image / speech processing module configured to identify the image or the voice if the corresponding content is an image or a voice.

In one embodiment, the receiving server module comprises: a DRM moving picture decoding module configured to perform DRM decoding using the private key DB; And a DRM image / speech decoding module configured to perform DRM decoding on the identified image or voice using the private key DB.

In one embodiment, the content audit logging module is configured to store the DRM decoded video and the DRM decoded video or audio in a content DB and manage the list as audit information. And a user transmission module configured to transmit the corresponding content to a user PC in the workplace of the user of the smart device when it is determined that the content can be managed by the content audit logging module.

In an exemplary embodiment, a terminal control termination event generation module for generating a control termination event for a terminal corresponding to the smart device, the control termination event including an event related to a terminal WiFi active message (MSG) or a control termination message, ; A terminal function control module configured to perform a control and control termination to the terminal if the control termination event is an event related to the control termination message, and to generate a control termination completion MSG; And

And a control unit configured to receive the control canceled MSG from the terminal function control module and transmit the control canceled MSG to an external transmitting / receiving module in the MDM / MAL management server, And may further include a receiving module.

According to the present invention, the present invention is a technology devised to overcome the limitations that are difficult to use in practicing the authorized work (camera and sound recorder) in the existing MDM / MAL system. In other words, it has the advantage of being able to support the use of security and convenience in the MDM / MAL system when the user is authorized by the security in the workplace and using the smart device to perform the task using the smart device.

 Therefore, if security (MDM / MAL) is provided at the worksite in terms of utilization of the present invention, it is possible to utilize various functions of the smart device (camera, sound recorder, WIFI, tethering, It will be possible. In addition, because it supports business use, the organization has the advantage of leaving content audit logs and actively utilizing them for various audit activities after the fact.

 Further, By using the negative functions of MDM / MAL that can be raised from the user side through the use of a variety of authorized interlocking applications, it is possible to enhance the efficiency of work and guarantee the utilization of functions of smart devices conveniently in security-conscious places There is an advantage that it can be.

1 is a detailed block diagram of a smart device equipped with an MDM / MAL according to the present invention.
FIG. 2 shows a detailed configuration diagram of a business network in a business establishment including a reception server module and a network exchange system according to the present invention.
FIG. 3 illustrates a process configuration and a method for performing the process according to the terminal control revocation event according to the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The above and other features and advantages of the present invention will become more apparent from the following detailed description of the present invention when taken in conjunction with the accompanying drawings, It will be possible. The present invention is capable of various modifications and various forms, and specific embodiments are illustrated in the drawings and described in detail in the text. It is to be understood, however, that the invention is not intended to be limited to the particular forms disclosed, but on the contrary, is intended to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention. The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention.

While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. It is to be understood, however, that the invention is not to be limited to the specific embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

Like reference numerals are used for similar elements in describing each drawing.

The terms first, second, etc. may be used to describe various components, but the components should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from another.

For example, without departing from the scope of the present invention, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component. The term "and / or" includes any combination of a plurality of related listed items or any of a plurality of related listed items.

Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.

Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the contextual meaning of the related art and are to be interpreted as either ideal or overly formal in the sense of the present application Should not.

The suffix "module "," block ", and "part" for components used in the following description are given or mixed in consideration of ease of specification only and do not have their own distinct meanings or roles .

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, preferred embodiments of the present invention will be described with reference to the accompanying drawings. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS In the following description of the present invention, detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

Hereinafter, an MDM (Mobile Device Management) / MAL (Mobile Application Lock) interworking system for mobile shooting and recording according to the present invention will be described.

The present invention utilizes the MDM / MAL system, which is operated in a specific organization such as a public enterprise / a private company / defense, to use a camcorder and a voice recorder, which had been only forbidden, for business purpose. And to secure content delivery technology that overcomes the limited resource utilization technology of smart devices and utilizes lightweight DRM encryption technology. In particular, by using DRM encryption technology, it is possible to apply management and audit function for various security incidents that may occur after the end, and it will be possible to raise awareness of safe contents utilization through this.

 Finally, the technology can be used and applied to various functions (WIFI, Tethering, NFC, Bluetooth and various sensors) that can be controlled by MDM / MAL within the smartphone, not limited to cameras and sound recorders.

In the meantime, the present invention can be applied to an existing module (a camera and a voice recorder) in a specific secure multimedia application (a camera app and a voice recorder app controlled by MDM / MAL) without using a separate OS area (virtualization platform) ) Is used to safely generate DRM data at the same time as content is generated, and the content is protected, transferred to the network connection system with the closed network of the workplace through the Internet, and finally decoded and transmitted.

  First, the basic prerequisite is to utilize the corresponding smart device with MDM / MAL installed. Therefore, in order to use cameras and recorders in the workplace, users must use specific apps that can be controlled by MDM / MAL. Unlike general camera / sound recorder app, this app is a dedicated app that is authorized through MDM / MAL activation module. When you perform photo / video / voice recording through this app, it is not stored in the smart phone's own storage space, (private key) based DRM encryption and transmits it to the business network (closed network) using the Internet module and transmits it securely to the business network using network connection (storage based or TCP / IP based) system. In addition, when the encrypted content is received, the encrypted content is decrypted using a private key-based DRM, and the decrypted content is transferred to an e-mail or data transmission system to the users of the respective sites and utilized for business.

First, FIG. 1 shows a detailed configuration diagram of a smart device equipped with an MDM / MAL according to the present invention. In this regard, in order to use a camera and a sound recorder in a smart device equipped with an MDM / MAL, the MDM / MAL activation module 100 is first operated in a related multimedia application to authorize the application to be safe. At this time, the general camera and recorder module should be deactivated and only the dedicated apps controlled by MDM / MDL are activated by the camera and recorder module. The content for each function is generated through a function that can be activated in the authorized application, that is, the security camera / sound recording module 110. At this time, the content to be generated is subjected to encryption processing in accordance with the type and classification thereof in accordance with the moving image / image / voice 120. In the case of a moving picture, the moving picture processing module 130 separately marks the promised random value that can be confirmed in decryption in the data header field, and transmits the identified contents to the DRM video encryption module 140 in a Private And performs DRM encryption using the Key DB 170. At this time, the corresponding private key value is managed in the same way in the business network (closed network) and is used for decryption. If the content is an image / audio, the image / sound processing module 150 performs first marking, and the DRM image / voice encryption module 160 uses the private key DB 170 And performs DRM encryption. At this time, the reason for dividing the video and the image / audio into two is that the video (the degree of security) is higher than the image and the voice, and the capacity (size) can do. The encrypted content is transferred from the transmission module 180 of the corresponding application to the corresponding work site, and the encrypted content information is immediately deleted. At this time, the contents should be securely transferred to the work network (closed network) of the business site rather than being managed in the Internet network.

In this regard, detailed operation of each component in the smart device side of the interlocking system will be described as follows. The interlocking system includes an MDM / MAL activation module 100 installed in a smart device installed with an MDM / MAL application. Meanwhile, the MDM / MAL activation module 100 includes a security camera / sound recorder photographing module 110 for controlling the content to be generated only in an app controlled by the MDM / MAL application. In addition, the MDM / MAL activation module 100 may further include a moving picture processing module (not shown) configured to separately mark a predetermined random value that can be confirmed in decryption in the data header field when the corresponding content is a moving picture 130). In addition, the MDM / MAL activation module 100 further includes an image / audio processing module 150 configured to perform a primary marking and identify the corresponding content when the corresponding content is an image or a voice.

The MDM / MAL activation module 100 further includes a DRM video encryption module 140 for performing DRM encryption using a private key DB 170 using the video identified through the video processing module . The MDM / MAL activation module 100 further includes a DRM image / voice encryption module 110 for performing DRM encryption using the private key DB 170 using the image / voice identified through the image / (160). At this time, the DRM moving image encryption module 140 may perform a separate encryption process so that the security level of the moving image is higher than the security level of the image / voice.

The MDM / MAL activation module 100 may further include a transmission module 180 for controlling the corresponding encrypted content to be delivered to the business network in the corresponding business site if the smart device is determined to be within the business site.

Next, FIG. 2 shows a detailed configuration diagram of a business network in a business establishment including a reception server module and a network exchange system according to the present invention. That is, the encrypted content generated in FIG. 1 is safely moved to a business network (closed network), processed and decrypted according to contents, and the audit log is transmitted to the end user.

First, the encrypted content received in FIG. 1 is received by a receiving server module 200 in the Internet network and transmitted to a network exchange (data transmission) system 300. At this time, the data transmission module 310a of the Internet network of the network exchange system in the Internet zone transfers the content to the manganese shared storage 310b. At this time, in order to use the technology of this patent, it is recommended that the network exchange (data transmission) system of the workplace adopts a storage method 310b in which real-time hacking is physically impossible. The content thus shared is brought to the business network (closed network) through the closed network data receiving module 310c.

At this time, the encrypted contents fetched from the closed network data receiving module 310c are decrypted according to the type and classification according to the moving image / image / voice 210. First, in the case of a moving image, the video processing module 220 confirms a random value promised in the data header field, and decrypts the identified content in the DRM video decryption module 230 using the private key DB 240 . At this time, the corresponding private key value is managed in the same manner as the private key DB 170 in the multimedia application controlled by the MDM / MAL. If the content is an image / audio, the image / sound processing module 250 similarly checks a random value promised in the data header field and transmits the identified content to the DRM image / And performs DRM decoding using the Key DB 240. Since the decrypted content is created in business, it is managed as a list of audit information in the post-content audit logging module 270 at the time of a security incident, and is stored and controlled in the content DB 280 for a specific period of time. After the completion of the audit process, the user is immediately transferred to the designated end user through the user transmission module 290. When the user PC is finally stored in the user PC, the user PC DRM encryption module 400 encrypts and stores the encrypted data.

In this regard, detailed operation of each component in the server side of the interlocking system will be described as follows.

The receiving server module 200 is configured to receive the encrypted corresponding content from the smart device. The interworking system further includes a network switching system 300 configured to receive the encrypted corresponding content from the receiving server module 200. [ Meanwhile, the network switching system 300 includes an Internet network data transmission module 310a configured to receive the encrypted corresponding contents from the reception server module. In addition, the network switching system 300 further includes a manganese shared storage 310b configured to store the encrypted corresponding content in a manner such that real-time hacking of the encrypted corresponding content is physically impossible. The network switching system 300 further includes a closed network data receiving module 310 configured to obtain the corresponding content from the manganese shared storage 310b and to transmit the corresponding content to the receiving server 200, Gt; 310c < / RTI >

Meanwhile, the receiving server module 200 may include a moving picture processing module 220 configured to identify the moving picture by confirming a random value assigned to the data header field when the corresponding content is moving picture do. In addition, the receiving server module 200 further includes an image / voice processing module 250 configured to identify the image or voice when the corresponding content is an image or a voice.

Meanwhile, the reception server module 200 includes a DRM moving picture decoding module 230 configured to perform DRM decoding using the private key DB. In addition, the reception server module 200 further includes a DRM image / speech decoding module 260 configured to perform DRM decoding using the private key DB.

Meanwhile, the reception server module 200 includes a content audit logging module 270 configured to store the DRM-decrypted video and the DRM decoded image or voice in the content DB 280 and manage the list as audit information . Also, if the reception server module 200 determines that the contents can be managed by the contents audit logging module, the reception server module 200 transmits a user transmission module 290 configured to deliver the corresponding contents to a user PC in the workplace of the user of the smart device .

Finally, FIG. 3 illustrates a process configuration and a method for performing the process according to the terminal control revocation event according to the present invention. In this regard, the above-described MDM / MAL interworking system includes a terminal control revocation event generation module 200a, an AP search and acquisition module 200b, an encryption module 200c, an AP MAC address verification unit 200d, an AP MAC address DB A terminal function control module 200f, and an application deletion module 200g. In addition, the above-described MDM / MAL interworking system may further include an external transmission / reception module 200h in the terminal, and an external transmission / reception module 200i in the MDM / MAL management server.

Meanwhile, the external transmission / reception module 200h in the terminal is implemented in a smart device (terminal), and the external transmission / reception module 200i in the MDM / MAL management server is implemented in a (management) server. On the other hand, the terminal control revocation event generation module 200a, the AP search and acquisition module 200b, the encryption module 200c, the AP MAC address verification unit 200d, the AP MAC address DB 200e, 200f and the application deleting module 200g may be implemented in a smart device (terminal) or a management server according to an application.

On the other hand, the terminal control revocation event generation module 200a is configured to generate a control revocation event for the terminal corresponding to the smart device. At this time, the control revocation event may include an event related to the terminal WiFi activation message (MSG) or the control revocation message. The AP search and collection module 200b is also configured to retrieve and collect information about the AP from the terminal WiFi active MSG. In addition, the encryption module 200c is configured to encrypt various messages or information, including a terminal WiFi activation message (MSG) or a control revocation message. Also, the AP MAC address verifying unit 200d is configured to check the MAC address of the searched AP. At this time, if the MAC address of the searched AP is confirmed, the AP MAC address is stored in the AP MAC address DB 200e, and the terminal control revocation event generation module 200a can additionally re-search and collect other messages.

On the other hand, if the P MAC address verifying unit 200d can not confirm the MAC address of the searched AP and the controlled revocation event is an event related to the control revocation message, the terminal function control module 200f transmits a control command Perform a revocation, and generate a controlled revoke completion MSG. The external transmitting / receiving module 200h in the terminal receives the control canceled MSG from the terminal function control module 200f and transmits the control canceled MSG to the external sending / receiving module 200i in the MDM / And receives the app delete MSG in the terminal. In addition, the external transmission / reception module 200h in the terminal transmits the in-terminal application deletion MSG to the application deletion module 200g, and the application deletion module 200g deletes the application.

According to the present invention, the present invention is a technology devised to overcome the limitations that are difficult to use in practicing the authorized work (camera and sound recorder) in the existing MDM / MAL system. In other words, it has the advantage of being able to support the use of security and convenience in the MDM / MAL system when the user is authorized by the security in the workplace and using the smart device to perform the task using the smart device.

 Therefore, if security (MDM / MAL) is provided at the worksite in terms of utilization of the present invention, it is possible to utilize various functions of the smart device (camera, sound recorder, WIFI, tethering, It will be possible. In addition, because it supports business use, the organization has the advantage of leaving content audit logs and actively utilizing them for various audit activities after the fact.

 Further, By using the negative functions of MDM / MAL that can be raised from the user side through the use of a variety of authorized interlocking applications, it is possible to enhance the efficiency of work and guarantee the utilization of functions of smart devices conveniently in security-conscious places There is an advantage that it can be.

According to a software implementation, not only the procedures and functions described herein, but also each component may be implemented as a separate software module. Software code can be implemented in a software application written in a suitable programming language. The software code is stored in a memory and can be executed by a controller or a processor.

Claims (8)

In a MDM (Mobile Device Management) / MAL (Mobile Application Lock) interworking system for mobile shooting and recording,
Includes an MDM / MAL activation module installed in a smart device with an MDM / MAL application installed;
The MDM / MAL activation module includes:
A security camera / sounder photographing module for controlling the contents to be generated only in an app controlled by the MDM / MAL app;
A moving picture processing module configured to separately mark a predetermined random value that can be confirmed in decoding in a data header field when the corresponding content is a moving picture;
An image / audio processing module configured to perform primary marking and identify the corresponding content when the corresponding content is an image or a voice;
A control termination event generation module for generating a control termination event for a terminal corresponding to the smart device, the control termination event including an event related to a terminal WiFi activation message (MSG) or a control termination message;
A terminal function control module configured to perform a control and control termination to the terminal if the control termination event is an event related to the control termination message, and to generate a control termination completion MSG; And
And a control unit configured to receive the control canceled MSG from the terminal function control module and transmit the control canceled MSG to an external transmitting / receiving module in the MDM / MAL management server, Further comprising a receiving module,
MDM / MAL interworking system for mobile shooting and recording. The method according to claim 1,
The MDM / MAL activation module includes:
A DRM video encryption module for performing DRM encryption using a private key DB of the video identified through the video processing module; And
Further comprising a DRM image / voice encrypting module for performing DRM encryption using the private key DB for the image / voice identified through the image / voice processing module,
Wherein the DRM moving image encryption module performs a separate encryption process so that the security level of the moving image is higher than the security level of the image /
MDM / MAL interworking system for mobile shooting and recording. 3. The method of claim 2,
The MDM / MAL activation module includes:
And a transmission module for controlling the encrypted corresponding content to be delivered to a business network in the corresponding business establishment if it is determined that the smart device is within the business establishment,
MDM / MAL interworking system for mobile shooting and recording. The method of claim 3,
A receiving server module configured to receive the encrypted corresponding content from the smart device; And
Further comprising a network switching system configured to receive the encrypted corresponding content from the receiving server module,
The network switching system comprises:
An internet network data transmission module configured to receive the encrypted corresponding content from the reception server module;
A manganese shared storage configured to store the encrypted corresponding content in a manner such that real-time hacking of the encrypted corresponding content is physically impossible; And
Further comprising a closed network data receiving module configured to obtain the corresponding content from the manganese shared storage and to transmit the corresponding content to the receiving server,
MDM / MAL interworking system for mobile shooting and recording. 5. The method of claim 4,
The receiving server module includes:
A moving picture processing module configured to identify a moving picture by confirming a random value promised in the data header field when the corresponding content is a moving picture; And
Further comprising an image / speech processing module configured to identify the image or voice if the delivered corresponding content is an image or a voice,
MDM / MAL interworking system for mobile shooting and recording. 6. The method of claim 5,
The receiving server module includes:
A DRM moving picture decoding module configured to perform DRM decoding on the identified moving picture using a private key DB; And
Further comprising a DRM image / speech decoding module configured to perform DRM decoding using the private key DB,
MDM / MAL interworking system for mobile shooting and recording. The method according to claim 6,
A content audit logging module configured to store the DRM decoded video and the DRM decoded video or audio in a content DB and manage the list as audit information; And
Further comprising a user transmission module configured to deliver the corresponding content to a user PC in the business premises of a user of the smart device when it is determined that the content can be managed by the content audit logging module,
MDM / MAL interworking system for mobile shooting and recording. delete

Images