KR20150075819A - Method for protecting operation based on application in screen capture prevention system - Google Patents

Abstract

According to the present invention, whether or not capture prevention function is applied on a terminal and an operation system, is safely determined, and in order to guarantee the operation of the terminal and the operation system, whether or not capture prevention function is enabled, is determined by comparing a signature and a certificate through an application. To this end, the method according to the present invention comprises the steps of: generating a certificate based on a key based on information or specific patterns unique to an application; adding the certificate and a signature to a profile related to enable/disenable capture prevention function; installing the profile at an operations system (OS) of a terminal; and using a certificate and a key within the application to determine whether or not a signature of the profile installed in an OS is identical to each other, thereby ensuring the proper operation of capture prevention function.

Description

METHOD FOR PROTECTING OPERATION BASED ON APPLICATION IN SCREEN CAPTURE PREVENTION SYSTEM FIELD OF THE INVENTION [0001]

The present invention relates to an OS (Operating System) having a screen capture function and a screen capture blocking function and a technique for preventing a screen leak on a terminal, and more particularly, The present invention relates to a technique for preventing a user from arbitrarily capturing an image.

2. Description of the Related Art [0002] Recently, a smart phone equipped with a high-performance processor and a large-capacity memory and allowing a user to freely install and use an application is rapidly spreading.

Smartphone integrates data communication functions such as schedule management, fax transmission and reception, and Internet access to mobile phone functions. Unlike conventional mobile phones that use only a given function, It can be installed, added or deleted as desired, can be directly connected to the Internet using wireless Internet, can be connected in various ways using various browsing programs, users can create desired applications, It is rapidly spreading in the mobile phone market because it can implement an interface suitable for various applications through the application, and can share applications between smart phones having the same operating system (OS).

In accordance with the spread of smart phones, almost all tasks and services in general life such as office work, settlement service, certificate issuance, banking, and electronic commerce have been performed through online and computerized environments. In such online and computerized environments, digital content is subject to the generation, viewing, storage, editing, and transmission of information. In this case, the digital contents may mean various types of digital information including images, text, multimedia, and the like, for example, digital documents, moving pictures, and the like.

However, due to the nature of digital information, such digital contents are vulnerable to leakage through illegal activities because they are easily copied or transferred without loss of the information. Therefore, in order to provide a sound digital content usage environment, a protection means, that is, a security system that can prevent digital contents from illegal acts is indispensably required. For example, digital content can be protected through encryption and decryption systems, watermarks or fingerprinting systems, screen capture prevention systems, and the like.

The screen capture prevention system is a system for preventing digital content from being leaked by illegally capturing, storing, using, and distributing digital contents displayed through a terminal such as a PC. Such a screen capture prevention system can be implemented in various forms.

For example, Korean Patent Publication No. 2004-0033540 discloses a screen capture prevention system for a digital work. The capture prevention system detects a request for use of a system service and a system function requested by application programs for a system service using an application program, analyzes the service request pattern, and blocks illegal capturing and information change. Korean Patent Laid-Open Publication No. 2006-0032332 discloses a still image capturing prevention system that can not capture a normal full screen when capturing a still image.

However, in the conventional capture prevention systems, it is inevitable to maintain the system in accordance with the change of the screen capture type and the increase of the screen capture program, and the capture prevention function is useless for the camera and the mobile device. . In addition, there is a problem that it is also difficult to prevent screen capture on a mobile device.

On the other hand, the smartphone OS of recent years has built-in screen mirroring and capture prevention function, and it is possible to configure a server that controls a terminal with a specific management application and remotely, thereby applying or releasing screen mirroring or capture prevention function However, in this case, since all the terminals must be registered and managed in the server system, the response and accuracy of the remote network section are inevitably degraded. In addition, since a large-capacity processing system is required and the cost is increased, there is a problem.

Also, in order to distinguish terminal registration from the server system, unique information such as IMEI is required. However, there is a case where the smartphone OS does not provide the unique information. Thus, And can not be used.

As described above, the conventional capture prevention system has a problem that the cost of maintenance of the system is excessive, and there is a problem that it is impossible to prevent the leakage of information due to screen capture on the latest smartphone OS . Therefore, it is required to develop a technology that can reliably and efficiently prevent leakage of digital contents by screen capture.

The present invention has been made to solve the above problems and it is an object of the present invention to provide a user terminal such as a computer terminal or a portable terminal, When paid contents are displayed, the terminal is controlled using a profile containing specific setting contents, the application is appropriately controlled to apply / cancel the capture prevention, and it is possible to safely check whether the capture prevention application / And to prevent information or content from being leaked through the network.

In order to achieve the foregoing, a method for ensuring a capture prevention function in a terminal of the present invention includes the steps of generating a certificate based on application-specific information or a key based on a specific pattern, setting a capture prevention function, Adding a certificate and a signature to a profile associated with the release, installing the profile in the operating system (OS) of the terminal, and determining whether the signature of the profile installed in the operating system matches with the certificate and key in the application .

The terminal according to an exemplary embodiment of the present invention may include a capture prevention function.

Certificates according to an embodiment of the present invention may be different for each profile associated with the setting and release of the capture prevention function.

The operating system of the terminal according to the embodiment of the present invention can activate only one profile in connection with setting or canceling the capture prevention function.

A method for ensuring a capture prevention function in a terminal according to an embodiment of the present invention includes the steps of setting or canceling the capture prevention function when it is determined that the signatures match, The method may further include applying a transform to the digital content.

The step of adding a certificate and a signature to a profile related to setting and canceling the capture prevention function according to an embodiment of the present invention includes the steps of: checking the attributes of the profile and generating information of the profile; Generating the hash data based on the hash value, the profile information and the hash value, and adding the certificate and signature to the generated hash data based on the digital signature algorithm.

An application according to an embodiment of the present invention may embed a service server function.

According to the present invention, since it is possible to determine whether or not the capture prevention function is set only by comparing the signature and the certificate through the application, it is possible to securely check whether the capture prevention function is applied on the terminal and the operating system, .

In addition, it is possible to safely confirm whether or not the capture prevention function is applied, thereby preventing information or content from being leaked through the screen capture.

FIG. 1 is a network structure diagram illustrating a process of distributing and delivering digital contents according to an embodiment of the present invention.
2 is a structural diagram of a terminal according to an embodiment of the present invention.
3 is a flowchart illustrating a method of installing a profile related to a capture prevention function in an operating system of a terminal according to an embodiment of the present invention.
4 is a flowchart illustrating a method for confirming whether a capture prevention function is set or released according to an exemplary embodiment of the present invention.

While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

Like reference numerals are used for like elements in describing each drawing. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

And / or < / RTI > includes any combination of a plurality of related listed items or any of a plurality of related listed items.

It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, .

On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between.

The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention.

The singular expressions include plural expressions unless the context clearly dictates otherwise. In the present application, the terms "comprises" or "having" and the like are used to specify that there is a feature, a number, a step, an operation, an element, a component or a combination thereof described in the specification, But do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.

Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the contextual meaning of the related art and are to be interpreted as either ideal or overly formal in the sense of the present application Do not.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings, wherein like or corresponding elements are denoted by the same reference numerals, and a duplicate description thereof will be omitted.

Referring to FIG. 1, a network structure diagram illustrating a process of distributing and delivering digital contents according to the present invention is shown.

In FIG. 1, reference numeral 100 denotes a terminal incorporating a screen capture function and a screen capture blocking function according to the present invention. Reference numeral 200 denotes a server for providing digital contents to the terminal 100, It is the network used.

The terminal 100 is a terminal of a user who uses digital contents. When the user desires the digital contents, the terminal 100 requests the server 200 according to a user request, and receives and stores the digital contents. At this time, the screen capture function and the screen capture blocking function in the terminal 100 can be controlled using a profile containing the corresponding setting contents. Such a terminal 100 may be a variety of devices used by a user and may be a portable device such as a notebook computer, a mobile phone, a tablet PC, a navigation device, a smart phone, a PDA (personal digital assistant), a portable multimedia player (PMP) Video Broadcasting). ≪ / RTI > Of course, this is merely an example and should be construed as including not only the above-mentioned examples but also devices that are currently developed, commercialized, or capable of all communication to be developed in the future.

The server 200 is a device for providing services such as selling and / or downloading digital content to a third party. The server 200 receives and stores digital content transmitted from a digital content creator (not shown) So that the digital contents are confirmed by the unspecified number of terminals 100 and then the data of the corresponding digital contents can be received through the transmission request.

Various types of communication networks can be used as the communication network 300 used for transmission of digital contents. For example, an IP network providing data transmission and reception services for a large amount of data through an Internet protocol, an All IP network including an IP network based on IP, an IP network, a Wibro (Wireless Broadband) network A wireless LAN including a Wi-Fi network, a WPAN, a wired communication network, a mobile communication network, a HSDPA (High Speed Downlink Packet Access) network, and a satellite communication network. And may include a next generation communication network to be developed in the future.

Referring to FIG. 2, a configuration of a terminal 100 including an application 110 and a certificate storage unit 120 is shown.

The terminal 100 may include a web browser (not shown) to allow the server 200 to access the content media and display the content media, and an application 110 to enable or disable the capture prevention function. It is obvious that the browser and the application 110 can be installed in the terminal 100 in the form of a program.

The certificate storage unit 120 receives and stores information on a key, a certificate, and a signature from the application 110 in an operating system (OS) of the terminal 100. Here, the information about the key and the certificate is generated based on application-specific information or a specific pattern, and the signature is used to confirm whether or not the owner is tampered with the profile for setting or canceling the capture prevention function.

FIG. 3 is a flowchart illustrating an embodiment of a method of installing a certificate and a signature in a profile related to a capture prevention function and operating the terminal 100 in an operating system.

Referring to FIG. 3, attributes of a profile related to setting or canceling the capture prevention function can be confirmed and profile information can be generated (step S310). Here, the attribute is data collected to generate the profile information, including information about whether the profile is about the capture prevention function setting or the capture prevention function, information about the file size, information about the file format, and the like have.

If the profile information is generated based on the attribute of the profile, a hash value corresponding to the profile can be generated (step S320). In one embodiment, various hash algorithms may be used in generating the hash value, and a hash value may be generated for the profile with a particular hash algorithm at the request of the application 110.

The hash data can be generated based on the profile information and the hash value (step S330). The hash data may be generated by concatenating the data bits corresponding to the hash value successively to the data bits corresponding to the profile information.

When the hash data is generated, a key is generated based on the digital signature algorithm, and information about the certificate can be added to the generated hash data (step S340). The keys may be generated based on application specific information or a specific pattern, which may have different forms for each profile, and certificates may be generated differently for each profile.

When the information about the certificate and the key is added to the hash data, the owner and the signature for confirming the tampering can be added to the profile for setting or canceling the capture prevention function and installed in the operating system of the terminal 100 Step S350). Since the signatures differ from profile to profile, it is possible to determine whether the capture prevention function is set or released only by comparing the signature with the certificate without reading the profile.

On the other hand, in the case of an operating system that can be installed only in a remote server system, a service server function may be embedded in an application to replace the installation function.

4 is a flow chart illustrating an embodiment of a method for verifying whether capture protection is enabled or disabled in an application on a terminal.

If an event occurs (step S410), the application 110 may generate a request to determine whether the capture prevention function is activated in the operating system (step < RTI ID = 0.0 > Step S420). The application 110 may use the certificate and key in the application to determine whether the signature of the profile installed in the operating system is matched (step S430). If the signature is found to be matched, the capture protection function can be enabled or disabled by the control of the application 110 (step S440), and if the signature is found to be inconsistent, (Step S450).

As an example of applying the transform to the digital contents, there is a method in which a scene or a part of a scene is covered, a scene is processed in black, a distortion or a distortion is set by setting transparency of the scene, And the like.

The method for ensuring the capture prevention function in the terminal implemented through the embodiment of the present invention can determine whether the capture prevention function is set only by comparing the signature and the certificate through the application, It can be safely confirmed whether or not the function is applied and the operation state can be guaranteed. In addition, it is possible to safely confirm whether or not the capture prevention function is applied, thereby preventing information or content from being leaked through the screen capture. In addition, it is possible to reliably and efficiently prevent leakage of digital contents by screen capture on a terminal and an operating system having a screen capture function and a screen capture blocking function.

The description of the disclosed technique is merely an example for structural or functional explanation and the scope of the disclosed technology should not be construed as being limited by the embodiments described in the text. That is, the embodiments are to be construed as being variously embodied and having various forms, so that the scope of the disclosed technology should be understood to include equivalents capable of realizing technical ideas.

On the contrary, all terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which the disclosed technology belongs, unless otherwise defined. Commonly used predefined terms should be interpreted to be consistent with the meanings in the context of the related art and can not be interpreted as having ideal or overly formal meaning unless explicitly defined in the present application.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the present invention as defined by the following claims It can be understood that

Claims (7)

A method for ensuring a capture prevention function in a terminal,
Generating a certificate based on application-specific information or a key based on a specific pattern;
Adding the certificate and signature to a profile associated with the setting and release of the capture prevention function;
Installing the profile in an operating system (OS) of the terminal; And
Determining, using the certificate and the key in the application, whether the signature of the profile installed in the operating system is consistent. The method according to claim 1,
Wherein the terminal incorporates a capture prevention function. The method according to claim 1,
Wherein the certificate is different from each other for each profile associated with the setting and release of the capture protection feature. The method according to claim 1,
Wherein the operating system of the terminal is activated with only one profile in connection with setting or canceling the capture prevention function. The method according to claim 1,
Further comprising setting or canceling the capture prevention function when it is determined that the signature matches, and applying a modification to the digital content transmitted to the terminal when it is determined that the signature does not match, A method for ensuring functionality. The method according to claim 1,
Wherein the step of adding the certificate and signature to a profile associated with setting and canceling the capture prevention function comprises:
Identifying attributes of the profile and generating information of the profile;
Generating a hash value for the profile;
Generating hash data based on the information of the profile and the hash value; And
And adding the certificate and the signature to the generated hash data based on an electronic signature algorithm. The method according to claim 1,
Wherein the application includes a service server function.

Images