KR20010036603A - Total reservation program with compensated information security on the web - Google Patents

Total reservation program with compensated information security on the web Download PDF

Info

Publication number
KR20010036603A
KR20010036603A KR1019990043690A KR19990043690A KR20010036603A KR 20010036603 A KR20010036603 A KR 20010036603A KR 1019990043690 A KR1019990043690 A KR 1019990043690A KR 19990043690 A KR19990043690 A KR 19990043690A KR 20010036603 A KR20010036603 A KR 20010036603A
Authority
KR
South Korea
Prior art keywords
stage
program
web
information
data
Prior art date
Application number
KR1019990043690A
Other languages
Korean (ko)
Inventor
류한성
Original Assignee
허인수
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 허인수 filed Critical 허인수
Priority to KR1019990043690A priority Critical patent/KR20010036603A/en
Publication of KR20010036603A publication Critical patent/KR20010036603A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6263Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

PURPOSE: A synthetic reservation program supplementing security of information on a web is provided to gain the maximum profit with analyzing the taste of users automatically by that the information about users is stored in the database file of a server CONSTITUTION: A synthetic reservation program supplementing security of information on a web includes a few stages. In the first stage, a user is input. In the second stage, it is tested if the essential field is empty or not. In the third stage, the input of the input data is modified to the header to be sent in the encoding program. In the fourth stage, the input data in the encoding program are encoded. In the fifth stage, it is decided if sending from the user is carried out or not. If so, the data are sent to the server. Otherwise, the cancel message is output.

Description

웹상에서 정보보안성을 보완한 종합예약프로그램{Total reservation program with compensated information security on the web}Total reservation program with compensated information security on the web}

사용자의 주요한 인적사항들을 보호하기 인터넷을 통해 전송되는 데이터를 암호하고 데이터베이스에 자동으로 업데이트하는 프로그램이다.It is a program that encrypts data sent over the Internet and automatically updates it in the database to protect important user information.

기존에 있는 홈페이지에서는 인터넷을 통해 데이터를 전송하는 과정은 다음과 같다.In the existing homepage, the process of transmitting data through the Internet is as follows.

첫째 사용자가 폼 태그로 만들어진 부분에 내용을 입력하게 되면 그 내용들은 인터넷 프로토콜 헤더에 모이게 된다.First, when a user enters content in a form tag, the content is gathered in the Internet Protocol header.

둘째 이렇게 모인 데이터는 액션방식을 통해 유.알.엘.(URL)에 덧붙여 전송된다. 이렇게 되면 인터넷의 개방성 때문에 누구든지 마음만 먹으면 전송되는 데이터를 가로챌 수가 있다. 따라서 이러한 문제점을 보완하고 데이터베이스에 안전하게 사용자의 정보를 보관하기 위해 전송되는 데이터를 암호화 한다.Secondly, the collected data is transmitted in addition to U.L.L. (URL) through action method. This makes it possible for anyone to intercept the data that is transmitted because of the openness of the Internet. Therefore, to solve this problem and encrypt the data transmitted to keep the user's information securely in the database.

ㆍ사용자의 입력으로부터 CGI 프로그램 지키기ㆍ Protecting CGI Programs from User Input

웹에서 프로그램밍을 할 때 가장 먼저 생각해야 될 것이 서버로 침입하여 파일을 훔치거나 손상시키려는 시도를 막아내는 것이다. CGI의 보안측면에서 보면 거의 대부분의 문제점은 사용자가 입력한 데이터에 잘못된 부분이 있는지 검사하는 것을 잊는 것이다. CGI 프로그램이 어떤 형태로든 동적인 데이터를 받아들일 때는 잘못된 데이터를 받아들일 잠재적인 위험성이 있다. 즉, 〈input type=text〉나 〈textarea〉와 같이 미리 알고 조심하는 곳 뿐만 아니라 Query_String이나 숨겨진 필드와 같이 잘 인식하지 못하는 곳에서도 데이터가 올 수 있다.The first thing to think about when programming on the web is to prevent attempts to break into the server and steal or corrupt files. In terms of CGI's security, most of the problems are forgotten to check the user input for errors. When a CGI program accepts dynamic data in any form, there is a potential risk of accepting incorrect data. In other words, data can come from places you know and care about, such as <input type = text> or <textarea>, as well as places you don't recognize well, such as Query_String or hidden fields.

따라서 모든 프로그램은 입력 양식을 통해 사용자에게서 받은 데이터를 그대로 사용해서는 안된다. 즉, 검색이 매치되는 항목을 찾을 때까지 루프를 통한 검색을 해서는 안된다. 검색 작업은 반드시 그룹 항목의 최대 숫자를 기본으로 수행해야 한다. 루프의 횟수를 그룹 항목의 최대 숫자에 따르도록 하면 프로그램이 올바른 메모리 영역을 넘어 인덱스하는 것을 막을 수 있다.Therefore, all programs should not use the data received from the user through the input form. In other words, you shouldn't search through the loop until the search finds a match. The search must be based on the maximum number of group entries. Keeping the number of loops according to the maximum number of group entries prevents the program from indexing beyond the correct memory area.

또 다른 방법으로는 CGI 프로그램에서 사용자 입력 데이터를 사용하기 전에 메타문자가 있는지를 미리 검색하는 방법이다. 사용자의 입력 데이터로 쉘을 호출하기 전에 다음과 같은 대체 패턴으로 메타 문자를 검색한다.Another method is to search for metacharacters before using user input data in CGI programs. Before invoking the shell with the user's input data, the metacharacters are retrieved using the following alternative pattern:

$var==s/([;〈〉\*\|'&\$!#\(\)\[\]\{\}:'″])/$ var == s / ([; 〈〉 \ * \ | '& \ $! # \ (\) \ [\] \ {\}:' ″]) /

만약 메시지에서 위의 문자 중 하나를 발견하면 이 메시지를 보낸 클라이언트에게 강한 경고 메시지를 보여주고 그의 도메인 이름을 파일에 기록해 두게 된다.If it finds one of the above characters in the message, it will display a strong warning message to the client who sent the message and record its domain name in a file.

ㆍ예약이 이루어질 경우 고객의 성명과 연락처, 기타 인적사항등이 암호화되어 서버로 전송되고 데이터베이스 파일의 레코드를 업데이트한다.• If a reservation is made, the customer's name, contact information, and other personal details are encrypted and sent to the server, and the record in the database file is updated.

이렇게 작성된 데이터베이스 파일로부터 각 고객의 성향을 자동으로 분석하여 회원업체의 편의성을 도모하도록 한다. 그리고 이 경우 각 회원업체와 관리자에게 자동으로 메일을 발송하게 된다.From the database file created in this way, each customer's disposition is analyzed automatically for the convenience of member companies. In this case, mail is automatically sent to each member company and manager.

ㆍ암호화 프로그램ㆍ Encryption Program

암호화 프로그램은 고객의 중요한 인적사항과 세부정보들을 인터넷을 통해 전송할 때 발생하는 보안상의 문제를 해결하기 위한 것이다. 사용자가 입력한 데이터는 암호화 프로그램에서 암호화한다. 만약 암호화 프로그램이 설치되어 있지 않다면 서버에서 자동 전송하여 플러그인 형식으로 클라이언트에 설치되게 된다.The encryption program is designed to solve security problems that occur when sending important personal information and details of the customer through the Internet. Data entered by the user is encrypted by the encryption program. If the encryption program is not installed, it is automatically sent from the server and installed on the client as a plug-in.

도 1은 클라이언트에서의 예약방법과 전송에 대한 순서도.1 is a flow chart of a reservation method and transmission in a client.

도 2는 서버에서의 암호화 복원과 데이터베이스 파일을 자동 업데이트 및 자동 메일 전송에 대한 순서도.2 is a flow chart for encryption restoration at the server and automatic update of database files and automatic mail transfer.

종합예약 프로그램의 보안을 위해 암호화 하는 프로그램Encryption program for the security of the comprehensive reservation program

데이터베이스에 자동으로 업데이트하는 알고리듬Algorithm to automatically update the database

데이터베이스의 레코드를 자동으로 분석하는 프로그램Program that automatically analyzes records in the database

인터넷상에서 원하는 정보를 충분히 제공받은 다음 사용자는 원하는 곳의 예약 및 각종 전자 상거래를 사용자의 정보가 암호화 되므로 안심하고 사용할수 있게 된다.After enough information is provided on the Internet, the user can use the reservation and various e-commerce of the desired place with confidence because the user's information is encrypted.

그리고 업체들도 고객의 정보를 안전하게 보관할 수 있고 고객의 성향을 분석하여 앞으로의 개선방향을 잡을 수 있으므로 이익의 극대화를 이룰 수 있다.In addition, companies can maximize customer profits by keeping customer information safe and analyzing the customer's disposition to guide future improvement.

Claims (3)

인터넷상에서 데이터를 전송할 때 암호화하는 프로그램이 프로그램이 클라이언트에 설치가 되어 있지 않으면 자동 감지하여 서버에서 클라이언트로 전송되어 설치되도록 되어있다.When transmitting data on the Internet, the encryption program automatically detects if the program is not installed on the client and is sent from the server to the client for installation. 암호화되어 전송된 데이터를 서버로 전송하고 에러가 발생하지 않으면 복원한 후 데이터베이스 파일에 자동으로 업데이트하는 알고리즘Algorithm for transmitting encrypted data to the server and restoring it automatically if no error occurs 저장된 데이터베이스 파일로부터 사용자의 유형과 취향을 분석하는 고객 관리용 프로그램Customer management program that analyzes user types and tastes from stored database files
KR1019990043690A 1999-10-09 1999-10-09 Total reservation program with compensated information security on the web KR20010036603A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1019990043690A KR20010036603A (en) 1999-10-09 1999-10-09 Total reservation program with compensated information security on the web

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1019990043690A KR20010036603A (en) 1999-10-09 1999-10-09 Total reservation program with compensated information security on the web

Publications (1)

Publication Number Publication Date
KR20010036603A true KR20010036603A (en) 2001-05-07

Family

ID=19614692

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1019990043690A KR20010036603A (en) 1999-10-09 1999-10-09 Total reservation program with compensated information security on the web

Country Status (1)

Country Link
KR (1) KR20010036603A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10214297A (en) * 1996-11-28 1998-08-11 Fujitsu Ltd Closed-membership service system using internet, and method therefor
JPH11120241A (en) * 1997-10-14 1999-04-30 Internatl Business Mach Corp <Ibm> Electronic commercial transaction system
JPH11154184A (en) * 1997-11-25 1999-06-08 Nippon Telegr & Teleph Corp <Ntt> Method and system for managing safety of information distribution
JPH11187008A (en) * 1997-12-17 1999-07-09 Card Call Service Kk Delivering method for cryptographic key

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10214297A (en) * 1996-11-28 1998-08-11 Fujitsu Ltd Closed-membership service system using internet, and method therefor
JPH11120241A (en) * 1997-10-14 1999-04-30 Internatl Business Mach Corp <Ibm> Electronic commercial transaction system
JPH11154184A (en) * 1997-11-25 1999-06-08 Nippon Telegr & Teleph Corp <Ntt> Method and system for managing safety of information distribution
JPH11187008A (en) * 1997-12-17 1999-07-09 Card Call Service Kk Delivering method for cryptographic key

Similar Documents

Publication Publication Date Title
US10552636B2 (en) Security systems and methods for encoding and decoding digital content
US9558371B2 (en) System for network administration and local administration of privacy protection criteria
Darrell et al. Robust estimation of a multi-layered motion representation
US6567917B1 (en) Method and system for providing tamper-resistant executable software
US20020059364A1 (en) Content certification
US20010034709A1 (en) Anonymous and private browsing of web-sites through private portals
US20100251377A1 (en) Dynamic learning method and adaptive normal behavior profile (nbp) architecture for providing fast protection of enterprise applications
US20090282036A1 (en) Method and apparatus for dump and log anonymization (dala)
CN101783807B (en) System and method for digital rights management using a standard rendering engine
US20070198701A1 (en) System And Method For Tracking Contents Via Internet
US20140304514A1 (en) Application programming interface for web application platform security system
US9548985B2 (en) Non-invasive contextual and rule driven injection proxy
JP2002169808A (en) Secure multi-database system
JP2012502311A (en) Apparatus, system, method and corresponding software component for encrypting and processing data
CN106874778A (en) Intelligent terminal file acquisition and data recovery system and method based on android system
WO2000046681A1 (en) Content certification
US20080320306A1 (en) Tag authentication system
CN112837194A (en) Intelligent system
CA2855828C (en) Security systems and methods for encoding and decoding digital content
KR20010036603A (en) Total reservation program with compensated information security on the web
US11144664B2 (en) Risk management support device
US20010032317A1 (en) Process for administrating over changes to server-administrated client records in a stateless protocol
Gaur Assessing the security of your web applications
Liver et al. Privacy application infrastructure: Confidential data masking
JP2000306026A (en) Electronic document processing method

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E601 Decision to refuse application