KR20230017662A - Method and system for providing data security for telecommuting - Google Patents

Abstract

The present disclosure relates to a data security method for telecommuting. The data security method for telecommuting may include the steps of: receiving an authentication request from a camera connected to a user terminal; transmitting an authentication code to the camera when it is determined that the user terminal can access the security data based on the authentication request; receiving an image encrypted by the camera based on the authentication code from the user terminal; and decrypting the encrypted image and determining whether the security data can be operated by the user terminal based on the decrypted image.

Description

Data security method and system for telecommuting {METHOD AND SYSTEM FOR PROVIDING DATA SECURITY FOR TELECOMMUTING}

The present disclosure relates to a data security method and system for telecommuting, and specifically, security of work-related data by identifying users who are not authorized to access work-related data using a camera in a remote or telecommuting environment. It relates to a data security method and system for telecommuting that can be strengthened.

Along with the development of IT, due to changes in the work environment, such as the spread of various infectious diseases, the frequency of remote work or telecommuting from one's own home or a separate place without going to work is increasing. However, it is difficult for workers who handle corporate trade secrets or personal information to work from home. This is because in a telecommuting environment, there is a high risk of leakage of trade secrets or personal information, and there is no monitoring method for such leakage of sensitive information. Recently, a case of group infection of COVID-19 occurred in a call center that handles personal information of customers, which has become a social problem. In order to solve this problem, a data security method for telecommuting is required for industries that operate security data such as personal information.

On the other hand, in the industry that provides services for a large number of customers, handling of various personal information (eg, name, resident registration number and phone number) is essential. However, if a customer's personal information is leaked to a third party other than the employee, it can be used for crime, and personal information may be leaked, resulting in personal financial and property damage. In order to prevent such problems, it is necessary to designate a personal information handler to process personal information, or to process it in a space where access is physically controlled or blocked, or through an internal network or access control system where external access is physically controlled. do.

The present disclosure provides a data security method for telecommuting, a computer program stored in a recording medium, and a system to solve the above problems.

The present disclosure may be implemented in a variety of ways including as a method, apparatus or computer program stored on a computer readable storage medium.

In the data security method for telecommuting according to an embodiment of the present disclosure, when it is confirmed that the user terminal can access security data based on an authentication request from a user terminal or a camera connected to the user terminal, an authentication code is sent to the camera. Transmitting, receiving an image encrypted by a camera based on an authentication code from a user terminal, and decrypting the encrypted image, and determining whether security data can be operated by the user terminal based on the decrypted image. includes

According to an embodiment, the step of determining whether the secure data can be operated includes identifying whether non-approved users other than the authorized user exist based on the decrypted image.

According to one embodiment, the step of transmitting the authentication code to the camera includes receiving an authentication request from a camera connected to a user terminal.

According to an embodiment, the step of determining whether the security data can be operated includes identifying the existence of non-approved users other than the authorized user based on the decrypted image.

According to an embodiment, the step of determining whether security data can be operated includes identifying whether or not a predetermined photographing device or recording device exists based on the decrypted image.

According to an embodiment, the step of determining whether security data can be operated may include a deep learning-based image analysis model trained to identify an image of an authorized user or a predetermined photographing device or recording device based on the decrypted image. and determining whether security data can be operated through.

According to an embodiment, the step of determining whether security data can be operated may include a deep learning-based image analysis model trained to identify an image of an authorized user or a predetermined photographing device or recording device based on the decrypted image. and determining whether security data can be operated through.

According to one embodiment, the data security method includes transmitting an access token associated with the operation of security data to the user terminal when it is determined that the operation of security data by the user terminal is possible.

According to an embodiment, a data security method includes invalidating an access token transmitted to a user terminal when it is determined that security data cannot be operated by the user terminal.

According to an embodiment, a data security method includes receiving a service request based on the access token from a user terminal, determining whether the access token is valid, and providing a service stream to the user terminal when the access token is valid. Include steps.

According to an embodiment, when the access token is invalidated or expired, receiving a service request based on the access token from a user terminal, determining whether the access token is valid, and blocking provision of a service stream to the user terminal. It includes steps to

According to one embodiment, the image encrypted by the camera includes images taken at regular intervals.

A data security method for telecommuting according to another embodiment of the present disclosure includes transmitting an authentication request to a server by a user terminal or a camera connected to the user terminal, and the user terminal accesses security data based on the authentication request. If it is possible, receiving an authentication code from the server by the camera, encrypting the image captured by the camera based on the authentication code, and transmitting the encrypted image to the server by the user terminal. and receiving, by a user terminal, information on whether the secure data can be operated based on the encrypted image from the server.

According to one embodiment, the data security method includes receiving an access token associated with the operation of security data from a server when it is determined by the server that the operation of security data is possible.

According to an embodiment, a data security method includes invalidating an access token received from a server when it is determined by the server that security data cannot be operated.

According to an embodiment, a data security method includes transmitting a service request based on an access token to a server, and receiving a service stream from the server when the access token is valid.

According to an embodiment, a data security method includes stopping a service stream provided from a server when the received access token is invalidated or expired.

According to one embodiment, the step of stopping the service stream includes displaying a security area on a display of a user terminal, stopping output of audio currently being output by the user terminal, or displaying a message associated with stopping the service stream. do.

According to an embodiment, the surrounding image includes a 360-degree panoramic image centered on the camera.

A computer program stored in a computer-readable recording medium is provided to execute the above-described data security method in a computer according to an embodiment of the present disclosure.

An information processing system according to another embodiment of the present disclosure includes a communication module, a memory, and at least one processor connected to the memory and configured to execute at least one computer-readable program included in the memory, and includes at least one When the program receives an authentication request from a camera connected to the user terminal and confirms that the user terminal has access to security data based on the authentication request, it transmits an authentication code to the camera and encrypts the data by the camera based on the authentication code. The encrypted image is received from the user terminal, the encrypted image is decrypted, and based on the decrypted image, whether or not the user terminal can operate security data is determined.

An information processing system according to another embodiment of the present disclosure includes a communication module, a memory, and at least one processor connected to the memory and configured to execute at least one computer-readable program included in the memory, and includes at least one The program transmits an authentication request to the server by a camera connected to the user terminal, and when it is confirmed that the user terminal has access to security data based on the authentication request, the camera receives an authentication code from the server, The image taken by the camera is encrypted based on the authentication code, the user terminal transmits the encrypted image to the server, and the user terminal operates the security data determined based on the encrypted image from the server. Receive availability information.

According to some embodiments of the present disclosure, there is an advantage in that leakage of personal information can be prevented by expressing a security area on a display where data related to the operation of security data is displayed.

According to some embodiments of the present disclosure, using an image encrypted based on an authentication code, preventing a user from forging, falsifying, or leaking an image, and stealing or intercepting an image from an unauthorized person ( It has the advantage of preventing spoofing.

According to some embodiments of the present disclosure, by invalidating an access token associated with the operation of secure data and immediately blocking operations related to personal information, not only personal information displayed on a display, but also other output devices (eg, speakers, printers, etc.) There is an advantage in that leakage of personal information output by the can be prevented.

The effects of the present disclosure are not limited to the effects mentioned above, and other effects not mentioned are clear to those skilled in the art (referred to as "ordinary technicians") from the description of the claims. will be understandable.

Embodiments of the present disclosure will be described with reference to the accompanying drawings described below, wherein like reference numbers indicate like elements, but are not limited thereto.
1 is a diagram illustrating an example of a data security method operating in a user terminal according to an embodiment of the present disclosure.
2 is a schematic diagram illustrating a configuration in which an information processing system is communicatively connected to a plurality of user terminals connected to a camera in order to provide a data security service according to an embodiment of the present disclosure.
3 is a block diagram showing internal configurations of a camera, a user terminal, and an information processing system according to an embodiment of the present disclosure.
4 is a functional block diagram showing internal configurations of a camera, a user terminal, and a processor of an information processing system according to an embodiment of the present disclosure.
5 illustrates a service stream for operating security data between an authentication request unit of a camera, an image processing unit, a user terminal, an authentication unit of an information processing system, an image analysis unit, and a service stream unit before a service stream is initiated according to an embodiment of the present disclosure. A flow chart showing how this is done.
6 is a diagram illustrating an example of a data security method of displaying a security area on a display of a user terminal according to an embodiment of the present disclosure.
7 is a diagram illustrating an example of a data security method of displaying a message on a display of a user terminal according to an embodiment of the present disclosure.
8 is a flowchart illustrating a data security method by an information processing system according to an embodiment of the present disclosure.
9 is a flowchart illustrating a data security method by a user terminal according to an embodiment of the present disclosure.
10 is a flowchart illustrating a data security method performed by an information processing system when a camera periodically photographs the surroundings according to an embodiment of the present disclosure.
11 is a flowchart illustrating a data security method performed by a user terminal when a camera periodically photographs the surroundings according to an embodiment of the present disclosure.

Hereinafter, specific details for the implementation of the present disclosure will be described in detail with reference to the accompanying drawings. However, in the following description, if there is a risk of unnecessarily obscuring the gist of the present disclosure, detailed descriptions of well-known functions or configurations will be omitted.

In the accompanying drawings, identical or corresponding elements are given the same reference numerals. In addition, in the description of the following embodiments, overlapping descriptions of the same or corresponding components may be omitted. However, omission of a description of a component does not intend that such a component is not included in an embodiment.

Advantages and features of the disclosed embodiments, and methods of achieving them, will become apparent with reference to the following embodiments in conjunction with the accompanying drawings. However, the present disclosure is not limited to the embodiments disclosed below and may be implemented in various different forms, but only the present embodiments make the present disclosure complete, and the present disclosure does not extend the scope of the invention to those skilled in the art. It is provided only for complete information.

Terms used in this specification will be briefly described, and the disclosed embodiments will be described in detail. The terms used in this specification have been selected from general terms that are currently widely used as much as possible while considering the functions in the present disclosure, but they may vary according to the intention of a person skilled in the related field, a precedent, or the emergence of new technology. In addition, in a specific case, there is also a term arbitrarily selected by the applicant, and in this case, the meaning will be described in detail in the description of the invention. Therefore, the terms used in the present disclosure should be defined based on the meaning of the terms and the general content of the present disclosure, not simply the names of the terms.

Expressions in the singular number in this specification include plural expressions unless the context clearly dictates that they are singular. Also, plural expressions include singular expressions unless the context clearly specifies that they are plural. When it is said that a certain part includes a certain component in the entire specification, this means that it may further include other components without excluding other components unless otherwise stated.

Also, the term 'module' or 'unit' used in the specification means a software or hardware component, and the 'module' or 'unit' performs certain roles. However, 'module' or 'unit' is not meant to be limited to software or hardware. A 'module' or 'unit' may be configured to reside in an addressable storage medium and may be configured to reproduce one or more processors. Thus, as an example, a 'module' or 'unit' includes components such as software components, object-oriented software components, class components, and task components, processes, functions, and attributes. , procedures, subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, or variables. Functions provided within components and 'modules' or 'units' may be combined into a smaller number of components and 'modules' or 'units', or further components and 'modules' or 'units'. can be further separated.

According to one embodiment of the present disclosure, a 'module' or 'unit' may be implemented with a processor and a memory. 'Processor' should be interpreted broadly to include general-purpose processors, central processing units (CPUs), microprocessors, digital signal processors (DSPs), controllers, microcontrollers, state machines, and the like. In some circumstances, 'processor' may refer to an application specific integrated circuit (ASIC), programmable logic device (PLD), field programmable gate array (FPGA), or the like. 'Processor' refers to a combination of processing devices, such as, for example, a combination of a DSP and a microprocessor, a combination of a plurality of microprocessors, a combination of one or more microprocessors in conjunction with a DSP core, or a combination of any other such configurations. You may. Also, 'memory' should be interpreted broadly to include any electronic component capable of storing electronic information. 'Memory' includes random access memory (RAM), read-only memory (ROM), non-volatile random access memory (NVRAM), programmable read-only memory (PROM), erasable-programmable read-only memory (EPROM), It may also refer to various types of processor-readable media, such as electrically erasable PROM (EEPROM), flash memory, magnetic or optical data storage, registers, and the like. A memory is said to be in electronic communication with the processor if the processor can read information from and/or write information to the memory. Memory integrated with the processor is in electronic communication with the processor.

In the present disclosure, an 'image' may include at least one image included in a surrounding photograph, video, snapshot, etc. taken by a camera, or at least one image continuously photographed in time.

In the present disclosure, a '360-degree panoramic image' is a 360-degree direction around a camera created by combining an image taken by a camera capable of 360-degree shooting or at least two or more images taken from different directions by one or more cameras. An image representing a view of may be included.

In the present disclosure, in general, a “user” may mean a user having authority to process security data including business trade secrets, personal information, and the like.

In the present disclosure, "non-approved user" may mean a user who is not authorized to process security data including business trade secrets, personal information, etc., as distinguished from "user".

1 is a diagram illustrating an example of a data security method operating in a user terminal 120 according to an embodiment of the present disclosure. As shown, the user 110 may be working remotely or working from home using the user terminal 120, and through the user terminal 120, security data including trade secrets or personal information of the company or institution to which the user 110 belongs. can handle Security data output through the display of the user terminal 120 may be intentionally or unintentionally exposed to another person (eg, the non-approved user 140) present in the work space of the user 110. In this way, in order to prevent a security accident in which security data is exposed to an unauthorized user 140, a camera 130 connected to the user terminal 120 may be used. Here, the camera 130 may be a camera having a panoramic view shooting function capable of capturing its surroundings in a 360-degree direction.

In one embodiment, the camera 130 may transmit an authentication request to an external server (eg, information processing system). In response to this authentication request, when the server determines that the user terminal 120 (or the user 110) is accessible to or allowed to access security data, it may transmit an authentication code to the camera 130. Upon receiving the authentication code, the camera 130 may encrypt an image taken of the surroundings based on the authentication code and transmit the encrypted image to the user terminal 120 . The user terminal 120 may transmit the received encrypted image to the server. The server receiving the encrypted image may determine whether the user terminal 120 can operate security data based on the encrypted image. When the server determines that the operation of the security data is possible, the server may transmit an access token related to the operation of the security data to the user terminal 120 . The user terminal 120 transmits a service request based on the access token (eg, a service request related to the processing of security data) to the server, and the server sends a service stream to the user terminal 120 if the received access token is valid. can provide

In one embodiment, when the camera 130 connected to the user terminal 120 captures an image including the non-approved user 140 in addition to the user 110, the user terminal 120 operates secure data from the server. You can receive information that it is impossible. In this case, the user terminal 120 may provide information indicating that secure data operation is impossible to the user 110 through a display or other output device. In the present disclosure, an unauthorized user 140 may refer to a person who is not permitted access to secure data or who is not authorized to enter the user 110's work space. For example, the non-approved user 140 is an acquaintance of the user 110, such as a family member or friend, but may not be a member of a company or organization to which the user 110 belongs. In another example, the non-approved user 140 may refer to a person possessing a predetermined photographing or recording device for the purpose of photographing or recording the user 110's secure data processing process.

In one embodiment, when it is determined that the operation of the secure data is impossible, the user terminal 120 displays ( 122), the security area 126 can be set. For example, the security area 126 may include an opaque layer or a partial transparent layer exposed on the display 122 so that security data cannot be visually read. Although the security area 126 is partially transparent in FIG. 1 , this is for illustration only, and is not limited thereto. For example, the security area 126 may be an area to which any visual processing or graphic processing such as mosaic or blur processing is applied so that the security data 124 cannot be checked with the naked eye. Additionally or alternatively, the user terminal 120 presents the secure area 126 on the display 122 and at the same time an unauthorized user 140 is detected so that the secure data 124 cannot be displayed or operated. A message 128 may be displayed.

In one embodiment, when an unauthorized user 140 is detected, a service stream including secure data provided from the server to the user terminal 120 may be stopped. Specifically, in this case, a new access token may not be provided until the access token provided from the server to the user terminal 120 is invalidated or its validity period expires. Alternatively or additionally, an unapproved user 140 may be detected at the same time the service stream is stopped, and may display secure data 124 or display a message 128 indicating that the operation is unavailable.

In one embodiment, when an unauthorized user 140 is detected, the operation of another output device (not shown) connected to the user terminal 120 may be stopped. For example, output of a speaker outputting audio related to security data or a printer outputting data related to security data may be stopped.

In this way, by expressing the security area on the display of the user terminal where data related to the management of security data is displayed, it is possible to prevent leakage of business secrets or personal information of the company. In addition, by encrypting the image based on the authentication code, the camera prevents forgery or falsification of images by authorized users as well as users without access to security data, and prevents unauthorized persons from sniffing or sniffing images. You can prevent spoofing. In addition, when an unauthorized user is detected, the access token associated with the operation of the security data provided from the server to the user terminal is invalidated and the operation related to the security data is immediately blocked, as well as personal information displayed on the display, as well as other outputs. Leakage of security data output by the device can be prevented.

2 is a plurality of user terminals connected to cameras 210_1, 210_2, and 210_3 and cameras 210_1, 210_2, and 210_3 in which an information processing system 240 provides a data security service according to an embodiment of the present disclosure ( 220_1, 220_2, 220_3) is a schematic diagram showing a configuration connected to enable communication. The information processing system 240 may include a system capable of providing a data security service to a plurality of user terminals 220_1 , 220_2 , and 220_3 through the network 230 . According to one embodiment, the information processing system 240 includes one or more server devices and/or databases capable of storing, providing, and executing computer-executable programs (eg, downloadable applications) and data related to data security services; or one or more distributed computing devices and/or distributed databases based on cloud computing services. A data security service may be provided to the user through a secure data management application installed in each of the plurality of user terminals 220_1, 220_2, and 220_3. For example, the information processing system 240 may provide information on security data operation possibility based on images captured by the cameras 210_1, 210_2, and 210_3 through a security data operation application or provide a service related thereto. there is. Additionally, the information processing system 240 may learn/update an AI image analysis model to identify security threats based on learning data (eg, images) collected from the cameras 210_1, 210_2, and 210_3. In addition, the information processing system 240 can effectively detect security threats by executing an AI image analysis model on images taken by the cameras 210_1, 210_2, and 210_3.

The plurality of user terminals 220_1, 220_2, and 220_3 and the cameras 210_1, 210_2, and 210_3 may communicate with the information processing system 240 through the network 230. The network 230 may be configured to enable communication between the plurality of user terminals 220_1, 220_2, and 220_3 and the cameras 210_1, 210_2, and 210_3 and the information processing system 240. Depending on the installation environment, the network 230 may be, for example, a wired network such as Ethernet, a wired home network (Power Line Communication), a telephone line communication device and RS-serial communication, a mobile communication network, a wireless LAN (WLAN), It may consist of a wireless network such as Wi-Fi, Bluetooth, and ZigBee, or a combination thereof. The communication method is not limited, and the user terminals (220_1, 220_2, 220_3) as well as a communication method utilizing a communication network (eg, mobile communication network, wired Internet, wireless Internet, broadcasting network, satellite network, etc.) that the network 230 may include ) and short-range wireless communication between the cameras 210_1, 210_2, and 210_3 may also be included.

In FIG. 2, a mobile phone terminal 220_1, a tablet terminal 220_2, and a PC terminal 220_3 are illustrated as examples of user terminals, but are not limited thereto, and the user terminals 220_1, 220_2, and 220_3 may perform wired and/or wireless communication. It can be any computing device capable of this and on which the secure data management application can be installed and executed. For example, the user terminal includes a smartphone, a mobile phone, a navigation device, a computer, a laptop computer, a digital broadcasting terminal, a personal digital assistant (PDA), a portable multimedia player (PMP), a tablet PC, a game console, and a wearable device ( wearable device), internet of things (IoT) device, virtual reality (VR) device, augmented reality (AR) device, and the like. In addition, although three user terminals 220_1, 220_2, and 220_3 are shown in FIG. 2 to communicate with the information processing system 240 through the network 230, it is not limited thereto, and a different number of user terminals may be connected to the network ( 230) to communicate with the information processing system 240.

In FIG. 2 , the cameras 210_1 , 210_2 , and 210_3 are shown as cameras capable of capturing 360 degrees, but are not limited thereto. For example, it may be any device capable of providing a panoramic image by synthesizing images taken without blind spots around the user terminals 220_1, 220_2, and 220_3 or images taken in different spaces at the same time. . The panoramic image capture function of the cameras 210_1, 210_2, and 210_3 may be implemented in various ways. For example, the cameras 210_1, 210_2, and 210_3 include an image sensor capable of capturing a view of about 180 degrees in one direction and an additional image sensor capable of capturing a view of about 180 degrees in the opposite direction. can include In another example, the cameras 210_1, 210_2, and 210_3 may have a panning function to capture a 360-degree view using at least one image sensor.

3 is a block diagram showing internal configurations of a camera 210, a user terminal 220, and an information processing system 240 according to an embodiment of the present disclosure. The user terminal 220 may refer to any computing device capable of executing a secure data management application and capable of wired/wireless communication, for example, a mobile phone terminal 220_1 of FIG. 2, a tablet terminal 220_2, and a PC. The terminal 220_3 and the like may be included. As shown, the user terminal 220 may include a memory 322 , a processor 324 , a communication module 326 and an input/output interface 328 . Similarly, the information processing system 240 may include a memory 342 , a processor 344 , a communication module 346 and an input/output interface 348 . In addition, the camera 210 may include a memory 312 , a processor 314 , a communication module 316 , an input/output interface 318 and a photographing module 313 . As shown in FIG. 3, the camera 210, the user terminal 220, and the information processing system 240 use respective communication modules 316, 326, and 346 to transmit information and/or information through the network 230. It can be configured to communicate data. In addition, the input/output device 350 may be configured to input information and/or data to the user terminal 220 through the input/output interface 328 or output information and/or data generated from the user terminal 220. In FIG. 3 , the camera 210 is shown to input or output information and/or data with the input/output interface 328 of the user terminal 220 through the input/output interface 318, but is not limited thereto, and the camera 210 ) and the user terminal 220 may communicate information and/or data through the network 230 using respective communication modules 316 and 326 .

The memories 312, 322, and 342 may include any non-transitory computer readable media. According to one embodiment, the memories 312, 322, 342 are non-volatile mass storage devices such as random access memory (RAM), read only memory (ROM), disk drives, solid state drives (SSDs), flash memory, and the like. A permanent mass storage device may be included. As another example, a non-perishable mass storage device such as a ROM, SSD, flash memory, disk drive, etc. may be included in the user terminal 220 or the information processing system 240 as a separate permanent storage device separate from memory. In addition, the memories 312, 322, and 342 include an operating system and at least one program code (eg, an authentication request module installed and driven in the camera 210, and a secure data management application installed and driven in the user terminal 220). code for etc.) can be stored.

These software components may be loaded from a computer-readable recording medium separate from the memories 312, 322, and 342. Recording media readable by such a separate computer may include recording media directly connectable to the camera 210, the user terminal 220, and the information processing system 240, for example, a floppy drive, a disk, and a tape. , a DVD/CD-ROM drive, a computer-readable recording medium such as a memory card. As another example, software components may be loaded into the memories 312, 322, and 342 through a communication module rather than a computer-readable recording medium. For example, the at least one program is a memory (eg, application, etc.) based on a computer program (eg, application, etc.) installed by files provided by developers or a file distribution system that distributes application installation files through the network 230. 312, 322, 342).

The processors 314, 324, and 344 may be configured to process commands of a computer program by performing basic arithmetic, logic, and input/output operations. Instructions may be provided to processors 314, 324, 344 by memory 312, 322, 342 or communication module 316, 326, 346. For example, processors 314, 324, and 344 may be configured to execute instructions received according to program code stored in a recording device such as memory 312, 322, and 342.

The communication modules 316, 326, and 346 may provide configurations or functions for the camera 210, the user terminal 220, and the information processing system 240 to communicate with each other through the network 230, and the camera 210 ), the user terminal 220 and/or the information processing system 240 may provide configurations or functions for communicating with other cameras, user terminals, or other systems (for example, a separate cloud system). For example, the processor 314 of the camera 210 and/or the processor 324 of the user terminal 220 generate requests or data (eg, Encrypted image, authentication request, service request, etc.) may be transferred to the information processing system 240 through the network 230 under the control of the communication modules 316 and 326 . Conversely, a control signal or command provided under the control of the processor 344 of the information processing system 240 passes through the communication module 346 and the network 230 to the communication module 316 of the camera 210 or the user terminal. It may be received by the user terminal 220 through the communication module 326 of (220). For example, the camera 210 may receive an authentication code from the information processing system 240 through the communication module 316 . The user terminal 220 may receive information on whether security data can be operated from the information processing system 240 through the communication module 326 .

The input/output interface 328 may be a means for interface with the camera 210 or the input/output device 350 . As an example, the input device may include a device such as a camera, keyboard, microphone, mouse, etc. including an audio sensor and/or image sensor, and the output device may include a device such as a display, speaker, haptic feedback device, or the like. can As another example, the input/output interface 328 may be a means for interface with a device in which components or functions for performing input and output are integrated into one, such as a touch screen. For example, when the processor 324 of the user terminal 220 processes a command of a computer program loaded into the memory 322, information provided by the camera 210 or the information processing system 240 or other user terminals, and A service screen configured using / or data may be displayed on the display through the input/output interface 328 . Although the input/output device 350 is not included in the user terminal 220 in FIG. 3, it is not limited thereto, and the user terminal 220 and the user terminal 220 may be configured as one device. In addition, the input/output interface 348 of the information processing system 240 is connected to the information processing system 240 or means for interface with a device (not shown) for input or output that the information processing system 240 may include. can be Also, the input/output interface 318 of the camera 210 may be connected to the camera 210 or may be a means for interface with a device (not shown) for input or output that may be included in the camera 210 . In FIG. 3, the input/output interfaces 318, 328, and 348 are shown as elements configured separately from the processors 314, 324, and 344, but are not limited thereto. 344) can be configured to be included.

The camera 210, the user terminal 220, and the information processing system 240 may include more components than those of FIG. 3 . However, there is no need to clearly show most of the prior art components. According to one embodiment, the user terminal 220 may be implemented to include at least some of the aforementioned input/output devices 350 . In addition, the user terminal 220 may further include other components such as a transceiver, a global positioning system (GPS) module, a camera, various sensors, and a database. For example, when the user terminal 220 is a smartphone, it may include components that are generally included in a smartphone, for example, an acceleration sensor, a gyro sensor, a camera module, various physical buttons, and a touch screen. Various components such as a button using a panel, an input/output port, and a vibrator for vibration may be implemented to be further included in the user terminal 220 .

According to one embodiment, the processor 314 of the camera 210 may be configured to run an application. At this time, a program code associated with the corresponding application may be loaded into the memory 312 of the camera 210 . While the application is running, the processor 314 of the camera 210 receives information and/or data provided from the input/output device (not shown) or the user terminal 220 through the input/output interface 318 or the communication module 316. Information and/or data may be received from the user terminal 220 or the information processing system 240 through, and the received information and/or data may be processed and stored in the memory 312 . In addition, such information and/or data may be provided to the user terminal 220 or the information processing system 240 through the communication module 316 .

According to an embodiment, the processor 314 of the camera may receive an image, video, etc. captured or input through the photographing module 313, and store the received image and/or video in the memory 312 or It can be provided to the user terminal 220 or the information processing system 240 through the communication module 316 and the network 230 . In one embodiment, the processor 314 may encrypt the received image or video based on the authentication code and transmit the processed encrypted image or video to the user terminal 220 .

According to one embodiment, the processor 324 of the user terminal 220 may be configured to run an application. At this time, a program code associated with the corresponding application may be loaded into the memory 322 of the user terminal 220 . While the application is running, the processor 324 of the user terminal 220 receives information and/or data provided from the input/output device 350 or the camera 210 through the input/output interface 328 or the communication module 326. Information and/or data may be received from the camera 210 or the information processing system 240 through, and the received information and/or data may be processed and stored in the memory 322 . In addition, such information and/or data may be provided to the camera 210 or the information processing system 240 through the communication module 326 .

While the application is running, the processor 324 processes text, image, audio input or selected through an input device such as a camera, microphone, etc. including a touch screen, keyboard, audio sensor and/or image sensor connected to the input/output interface 328 etc., the received text, image and/or audio may be stored in the memory 322 or provided to the information processing system 240 through the communication module 326 and the network 230. In one embodiment, the processor 324 may receive a service access request through an input device 350 such as a keyboard, touch screen, or mouse, and may receive an encrypted image through the camera 210, , service access request information and an encrypted image may be provided to the information processing system 240 through the network 230 and the communication module 326.

The processor 324 of the user terminal 220 may transmit and output information and/or data to the input/output device 350 through the input/output interface 328 . For example, the processor 324 of the user terminal 220 may be a display output capable device (eg, a touch screen, a display, etc.), an audio output capable device (eg, a speaker), a document output capable device (eg, a printer), and the like. Processed information and/or data may be output through the output device 350 . In one embodiment, the processor 324 may display a secure data related service, a secure area, a secure data related message, and the like on the display of the user terminal 220 .

The processor 344 of the information processing system 240 may be configured to manage, process, and/or store information and/or data received from the camera 210, a plurality of user terminals 220, and/or a plurality of external systems. can In one embodiment, the processor 344 receives input information from the user terminal 220 to the user interface and authentication request information from the camera 210, and receives the user's input information and/or authentication request information and pre-stored user identification. Information may be prepared, and access information for security data according to the comparison result may be provided to the camera 210 or the user terminal 220 through the communication module 316 and the network 230 .

Although the camera 210 and the user terminal 220 are shown separately in FIG. 3, it is not limited thereto, and the camera 210 is built into the user terminal 220 to photograph the surroundings of the user terminal 220. It may be composed of arbitrary modules and devices capable of encrypting an image or video and transmitting the encrypted image and/or authentication request information to the information processing system 240 through a network.

4 is a functional block diagram showing internal configurations of a camera, a user terminal, and a processor of an information processing system according to an embodiment of the present disclosure. As shown, the processor 314 of the camera may include an authentication request unit 410, an image processing unit 420, and the like. According to an embodiment, the authentication request unit 410 may generate authentication request information including a session key to be transmitted to the information processing system 240 based on input information received from the user terminal 220 .

According to an embodiment, the processor 324 of the user terminal 220 may include an authentication request unit (not shown), and the authentication request unit of the user terminal will send a session to the information processing system 240 based on the user's input. Authentication request information including keys can be created.

According to an embodiment, the image processing unit 420 may continuously or periodically capture images or videos around the user terminal by controlling the capturing module of the camera 210 . The image processor 420 may encrypt an image or video captured by the photographing module based on information on access to secure data including the replaced session key received from the information processing system 240 . For example, as an image encryption method, an Elliptic-curve Diffie-Hellman (ECDH) key exchange method using elliptic curve cryptography may be used, but is not limited thereto.

According to an embodiment, the image processing unit 420 may generate a 360-degree panoramic image around the user terminal 220 using at least one surrounding image captured by the photographing module of the camera 210 . As shown in FIG. 4 , the processor 344 of the information processing system 240 may include an authentication unit 440 , an image analysis unit 450 and a service stream unit 460 . According to an embodiment, the authentication unit 440 compares user input information and/or authentication request information received from the user terminal 220 or the camera 210 with previously input user identification information, and the user terminal 220 Alternatively, it may determine whether or not to allow access to the user's secure data. If the authentication unit 440 determines that access to the user terminal 220 or the user's security data is possible, the authentication unit 440 replaces the session key and uses it to generate an authentication code to be transmitted to the camera 210. can do.

According to an embodiment, the image analyzer 450 may decrypt an encrypted image transmitted from the user terminal 220 . Also, the image analyzer 450 may determine whether security data can be operated based on the decrypted image. Here, whether the security data can be operated depends on whether there is an unauthorized user around the user terminal 220 based on the decrypted image, a predetermined recording device capable of recording voice containing security data or taking a picture of security data, or It may be determined based on whether a photographing device exists or not. For example, whether or not security data can be operated is based on information related to the registered user's appearance (eg, face, height, gait, body shape, etc.) It can be determined depending on whether it is included in the image. In this case, the existence of an unauthorized user, a recording device, or a photographing device may be determined by an artificial neural network model trained on the basis of learning data including information related to the user's appearance or appearance of the recording device or photographing device.

According to an embodiment, the image analyzer 450 may determine whether to transmit an access token to the user terminal 220 based on information on whether the user terminal 220 can operate security data. For example, when it is determined that there are no non-approved users around the user terminal 220 and that there is no non-approved recording device or photographing device, the image analyzer 450 provides information to the user terminal 220. You can decide to send an access token. In addition, when it is determined that an unauthorized user exists around the user terminal 220 or a certain unauthorized recording device or photographing device exists, the image analyzer 450 does not transmit an access token to the user terminal 220. It may be determined to invalidate the access token transmitted to the terminal in advance, or to transmit the invalidated access token.

According to an embodiment, the service stream unit 460 may determine whether the access token is valid based on service request information including the access token received from the user terminal 220 . When it is determined that the access token is valid, the service stream unit 460 may determine to provide a service stream to the user terminal 220 . When the access token is invalidated or its validity period has expired, the service stream unit 460 may determine not to provide a service stream or may stop providing a service stream.

5 illustrates a service stream for operating security data between an authentication request unit of a camera, an image processing unit, a user terminal, an authentication unit of an information processing system, an image analysis unit, and a service stream unit before a service stream is initiated according to an embodiment of the present disclosure. A flow chart showing how this is done.

As shown, the authentication request unit 410 of the camera or the authentication request unit (not shown) of the user terminal may transmit an authentication request 512 including a session key to the authentication unit 440 of the information processing system. The authentication request 512 may be initiated by user input (not shown) of the user 110 to the user terminal. The user's input may include access request information for a user interface displayed on the display of the user terminal or user's identification information. User identification information is information about the user and may include a user identifier (ID) and/or password, name, contact information, e-mail address, etc., but is not limited thereto. According to another example, the authentication request 512 may be automatically initiated by the user terminal without input from the user 110 as a predetermined program code is executed on the user terminal of the user 110 . At this time, the user terminal or camera may transmit information including at least one of a user identification number stored in the user terminal or camera, an identification number of a camera connected to the user terminal, or an identification number of the user terminal together with the authentication request 512. .

Upon receiving the authentication request 512, the authentication unit 440 of the information processing system compares the user's identification information included in the authentication request and the previously stored user's identification information, and confirms that access to security data is possible if the information matches. can be determined (542). When it is determined that access to secure data is possible, the session key received from the authentication request unit 410 of the camera or the authentication request unit (not shown) of the user terminal is replaced with a new session key, and the authentication code 544 including the session key is replaced with the user terminal. It can be transmitted to the image processing unit 420 of.

In response to transmission of the authentication code 544 from the authentication unit 440 of the information processing system, the image processing unit 420 of the camera may generate a 360-degree panoramic image by photographing the surroundings of the user terminal 430 . The 360-degree panoramic image may include an image taken by a camera capable of 360-degree shooting or an image obtained by synthesizing two or more images taken from different directions using two or more image sensors.

The image processing unit 420 of the camera may encrypt the 360-degree panoramic image based on the authentication code 544 including the replaced session key received from the authentication unit 440 of the information processing system. For example, image encryption may be performed using Elliptic-curve Diffie-Hellman (ECDH) using elliptic curve cryptography, but is not limited thereto. Also, the image processing unit 420 of the camera may transmit the encrypted image 524 to the user terminal 430 . If the authentication code 544 is not confirmed, since the encrypted image 524 is not decrypted, even if the encrypted images 524 and 532 are leaked to the outside or exposed to hacking, the image cannot be reproduced or forged.

The user terminal 430 may transmit the encrypted image 532 received from the image processing unit 420 of the camera to the image analysis unit 450 of the information processing system. The image analysis unit 450 of the information processing system may decrypt the encrypted image 532 received from the user terminal 430 based on the authentication code 544 . The image analyzer 450 of the information processing system may determine whether there is an unauthorized user around the user terminal 430 based on the decoded image (552). An unauthorized user may include, but is not limited to, a user other than a user having access to secure data or an unauthorized recording device or photographing device. The image analyzer 450 may be an artificial neural network model trained to identify an approved user and/or a non-approved user based on an input image. The image analyzer 450 may determine whether security data can be operated based on the input image and output corresponding information.

When the image analyzer 450 determines that there is no unauthorized user around the user terminal 430 , an access token 554 may be transmitted to the user terminal 430 . The user terminal 430 may transmit service request information to the service stream unit 460 of the information processing system based on the access token 554 received from the image analyzer 450 (534). The service stream unit 460 may determine whether the access token 554 included in the received service request is valid (562). If the access token 554 is valid, the service stream unit 460 may provide the service stream 564 to the user terminal 430 . The service stream 564 may include text, graphic data, images and/or videos including security data such as personal information, or a user interface configured to display such data.

6 is a diagram illustrating an example of a data security method of displaying a security area on a display of a user terminal according to an embodiment of the present disclosure.

In one embodiment, the image processing unit of the camera receiving the authentication code including the replaced session key from the authentication unit of the information processing system may photograph the surroundings of the user terminal and generate a 360-degree panoramic image. The image processing unit of the camera may encrypt the 360-degree panoramic image and transmit the encrypted image to the image analysis unit of the information processing system. The image analyzer may decrypt the received encrypted image and identify whether or not an unauthorized user exists based on the decrypted image. When it is determined that there is no non-approved user in the vicinity of the user terminal, the image analyzer may transmit an access token to the user terminal. The user terminal may transmit access request information through a user interface including an access token to the service stream unit of the information processing system. If the received access token is valid, the service stream unit may provide a service stream. The service stream may include security data 610 such as personal information.

Meanwhile, while the service stream is being provided from the service stream unit of the information processing system to the user terminal, the image processing unit of the camera periodically photographs the surroundings of the user terminal, regenerates and encrypts a 360-degree panoramic image, and transmits the image to the user terminal. . The image analyzer may decrypt the encrypted image periodically received from the user terminal, and based on this decryption, whether or not there is an unauthorized user may be identified again. While the service stream unit is providing a service stream to the user terminal, when it is identified that an unauthorized user exists around the user terminal, the image analysis unit may invalidate an access token already provided to the user terminal. If the access token is invalidated while providing the service stream including the secure data 610, the display of the user terminal may display a secure area 620 to prevent unauthorized users from visually identifying the secure data 610. there is.

In another embodiment, the validity period of the access token may expire due to conditions such as the elapse of a certain amount of time while providing a service stream. When the validity period of the access token has expired, the display of the user terminal may display a security area 620 to prevent an unauthorized user from visually identifying the security data 610 . Although the security area 620 is illustrated as a translucent layer in FIG. 6 , this is for illustration only, and the security area 620 may include a completely opaque layer or other forms of visual representation. For example, the security area 620 may include graphic data to which mosaic processing, blur processing, and the like are applied.

Additionally or alternatively, if the access token becomes invalid or expires while providing the service stream, the service stream unit of the information processing system may stop providing the service stream. When the provision of the service stream is stopped, the display of the secure data 610 on the display of the user terminal may be stopped. Also, an operation of an output device (eg, a speaker or a printer) of the user terminal may be stopped.

7 is a diagram illustrating an example of a data security method of displaying a message on a display of a user terminal according to an embodiment of the present disclosure.

In one embodiment, when the service stream unit of the information processing system is providing a service stream to the user terminal, when it is identified that an unauthorized user exists around the user terminal, the image analysis unit invalidates the access token provided to the user terminal in advance. can do. If the access token is invalidated while providing the service stream including the security data 610, the display of the user terminal displays the security area 710 to prevent unauthorized users from visually identifying the security data 610, and at the same time A message notifying the existence of an unauthorized user can be displayed.

In another embodiment, the validity period of the access token may expire due to conditions such as the elapse of a certain amount of time while providing a service stream. When the validity period of the access token expires, the display of the user terminal displays a security area 710 to prevent the unauthorized user from visually identifying the security data 610 and at the same time displays a message informing of the existence of the unauthorized user. can

Additionally or alternatively, if the access token becomes invalid or expires while providing the service stream, the service stream unit of the information processing system may stop providing the service stream. When the provision of the service stream is stopped, the display of the secure data 610 may be stopped and a message notifying the interruption of the provision of the service stream may be displayed on the display of the user terminal.

8 is a flowchart illustrating a data security method by an information processing system according to an embodiment of the present disclosure. A data security method for telecommuting may be performed by an information processing system interworking with a user terminal and a camera. A data security method may be initiated when a processor of an information processing system receives an authentication request from a user terminal or a camera connected to the user terminal (S801).

After that, the processor may determine whether the user terminal can access secure data (S802). In one embodiment, the processor may compare user input information included in the authentication request with pre-stored user identification information, and determine whether access to security data is possible according to the comparison result.

When it is determined that the user terminal can access secure data, the processor may transmit an authentication code to the camera (S803). In one embodiment, the processor may receive an authentication request including a session key from the camera. When it is determined that the user terminal can access secure data, the received session key may be replaced and an authentication code including the replaced session key may be transmitted to the camera. On the other hand, when it is determined that the user terminal cannot access the secure data, the processor may end the procedure without transmitting an authentication code to the camera.

The processor of the information processing system may receive an image captured by the camera and encrypted (based on the authentication code) from the user terminal (S804). Thereafter, the processor may decrypt the encrypted image and determine whether the user terminal can operate the security data based on the decrypted image (S805). In one embodiment, the processor may analyze the decoded image to determine whether an unauthorized user or an unapproved predetermined recording and/or capturing device exists.

When it is determined that there is no unauthorized user around the user terminal and it is determined that the user terminal can operate the secure data, the processor may transmit an access token related to the operation of the secure data to the user terminal (S807). On the other hand, if it is determined that an unauthorized user or an unapproved predetermined recording device and/or photographing device exists around the user terminal, the processor may end the procedure without transmitting an access code.

The processor may receive a service request based on the access token from the user terminal (S808). Then, the processor may determine whether the access token received from the user terminal is valid (S809).

If the access token received from the user terminal is valid, the processor may provide a service stream to the user terminal (S810). If the access token received from the user terminal is invalid or its validity period has expired, the processor may end the procedure without providing a service stream.

9 is a flowchart illustrating a data security method by a user terminal according to an embodiment of the present disclosure.

A data security method for telecommuting may be performed by a user terminal interworking with a camera and an information processing system. The data security method may be initiated when the processor of the user terminal transmits an authentication request by the user terminal or a camera connected to the user terminal (S901). In one embodiment, the camera may transmit an authentication request including a session key. In one embodiment, the user terminal may transmit an authentication request including a session key.

When it is determined that the user terminal can access security data (S902), the camera may receive an authentication code from the information processing system (S903). In one embodiment, when it is determined that the user terminal can access secure data, the camera may receive an authentication code including a session key replaced by the information processing system. On the other hand, when it is determined that the user terminal cannot access the secure data, a message indicating that the secure data cannot be accessed may be displayed on the display of the user terminal.

The camera may photograph the surroundings of the user terminal and encrypt the photographed image based on the authentication code (S904). Thereafter, the processor of the user terminal may receive the encrypted image from the camera and transmit it to the information processing system (S905). In addition, the processor may receive information on whether security data can be operated from the information processing system (S906).

When it is determined that the user terminal can operate the security data (S907), the process of the user terminal may receive an access token related to the operation of the security data from the information processing system (S908). On the other hand, if it is determined that there is an unauthorized user or an unapproved predetermined recording and/or photographing device around the user terminal (ie, when it is determined that secure data operation is impossible), in one embodiment, the processor is A message indicating that access to secure data is impossible may be displayed on the display of the terminal.

The processor of the user terminal may transmit a service request based on the access token received to the information processing system (S909). When the access token received from the user terminal is valid (S910), the processor may receive a service stream from the information processing system (S911). In contrast, if the access token received from the user terminal is invalid or its validity period has expired, in one embodiment, the processor may display a message indicating that access to secure data is not possible on the display of the user terminal.

10 is a flowchart illustrating a data security method performed by an information processing system when a camera periodically photographs the surroundings according to an embodiment of the present disclosure. As described above with reference to FIG. 8 , when the access token received by the processor of the information processing system from the user terminal is valid, the processor may provide a service stream to the user terminal (S810). In one embodiment, while a service stream is provided to a user terminal, images of surroundings may be periodically captured by a camera. In addition, images periodically photographed by the camera and encrypted may be transmitted to the information processing system through the user terminal (S804). In another embodiment, while a service stream is provided to a user terminal, the information processing system may transmit a command instructing a camera to capture surroundings. For example, the information processing system transmits a command for instructing the camera to shoot the surroundings at regular intervals, or sends a command for instructing the camera to shoot the surroundings according to the expiration of the validity period of an access token or a request for access to new security data. can also be transmitted. Accordingly, the image captured by the camera may be encrypted and transmitted to the information processing system through the user terminal.

Thereafter, the processor of the information processing system may decrypt the encrypted image and determine whether the user terminal can operate the security data based on the decrypted image (S805). Steps to be executed thereafter may be the same as or correspond to those described with reference to FIG. 8 , and thus detailed description thereof will be omitted.

11 is a flowchart illustrating a data security method performed by a user terminal when a camera periodically photographs the surroundings according to an embodiment of the present disclosure. As described above with reference to FIG. 9 , when it is determined that the access token received from the user terminal is valid (S910), the processor may receive a service stream from the information processing system (S911). In one embodiment, while the user terminal receives a service stream from the information processing system, the camera may periodically photograph the surroundings of the user terminal. In addition, images periodically captured by the camera may be encrypted based on an authentication code (S904). In another embodiment, while the user terminal is receiving a service stream from the information processing system, the camera may receive a command instructing to capture the surroundings from the information processing system or the user terminal. For example, the user terminal or the information processing system may transmit a command instructing the camera to capture the surroundings according to a predetermined period, or may transmit a command instructing the camera to capture the surroundings according to expiration of the validity period of the access token. Accordingly, the image captured by the camera may be encrypted based on the authentication code.

Thereafter, the processor of the user terminal may receive the encrypted image from the camera and transmit it to the information processing system (S905). Steps to be executed thereafter may be the same as or correspond to those described with reference to FIG. 9 , and thus detailed description thereof will be omitted.

The data security method described above may be implemented as computer readable code on a computer readable recording medium. A computer-readable recording medium includes all types of recording devices in which data readable by a computer system is stored. Examples of computer-readable recording media include ROM, RAM, CD-ROM, magnetic tape, floppy disk, and optical data storage devices. In addition, the computer-readable recording medium is distributed in computer systems connected through a network, so that computer-readable codes can be stored and executed in a distributed manner. In addition, functional programs, codes, and code segments for implementing the above-described embodiments can be easily inferred by programmers in the technical field to which the present invention belongs.

The methods, acts or techniques of this disclosure may be implemented by various means. For example, these techniques may be implemented in hardware, firmware, software, or combinations thereof. Those skilled in the art will appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchange of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends on the particular application and the design requirements imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementations should not be interpreted as causing a departure from the scope of the present disclosure.

In a hardware implementation, the processing units used to perform the techniques may include one or more ASICs, DSPs, digital signal processing devices (DSPDs), programmable logic devices (PLDs) ), field programmable gate arrays (FPGAs), processors, controllers, microcontrollers, microprocessors, electronic devices, and other electronic units designed to perform the functions described in this disclosure. , a computer, or a combination thereof.

Accordingly, the various illustrative logical blocks, modules, and circuits described in connection with this disclosure may be incorporated into a general-purpose processor, DSP, ASIC, FPGA or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or may be implemented or performed in any combination of those designed to perform the functions described in A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, eg, a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other configuration.

In firmware and/or software implementation, the techniques include random access memory (RAM), read-only memory (ROM), non-volatile random access memory (NVRAM), PROM ( on a computer readable medium, such as programmable read-only memory (EPROM), erasable programmable read-only memory (EPROM), electrically erasable PROM (EEPROM), flash memory, compact disc (CD), magnetic or optical data storage device, or the like. It can also be implemented as stored instructions. Instructions may be executable by one or more processors and may cause the processor(s) to perform certain aspects of the functionality described in this disclosure.

If implemented in software, the techniques may be stored on or transmitted over as one or more instructions or code on a computer readable medium. Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a computer. By way of non-limiting example, such computer readable media may include RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or desired program code in the form of instructions or data structures. It can be used for transport or storage to and can include any other medium that can be accessed by a computer. Also, any connection is properly termed a computer-readable medium.

For example, if the software is transmitted from a website, server, or other remote source using coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, the coaxial cable , fiber optic cable, twisted pair, digital subscriber line, or wireless technologies such as infrared, radio, and microwave are included within the definition of medium. Disk and disc as used herein include CD, laser disc, optical disc, digital versatile disc (DVD), floppy disk, and blu-ray disc, where disks are usually magnetic data is reproduced optically, whereas discs reproduce data optically using a laser. Combinations of the above should also be included within the scope of computer readable media.

A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium can be coupled to the processor such that the processor can read information from or write information to the storage medium. Alternatively, the storage medium may be integral to the processor. The processor and storage medium may reside within an ASIC. An ASIC may exist within a user terminal. Alternatively, the processor and storage medium may exist as separate components in a user terminal.

Although the embodiments described above have been described as utilizing aspects of the presently-disclosed subject matter in one or more stand-alone computer systems, the disclosure is not limited thereto and may be implemented in conjunction with any computing environment, such as a network or distributed computing environment. . Further, aspects of the subject matter in this disclosure may be implemented in a plurality of processing chips or devices, and storage may be similarly affected across multiple devices. These devices may include PCs, network servers, and portable devices.

Although the present disclosure has been described in relation to some embodiments in this specification, various modifications and changes may be made without departing from the scope of the present disclosure that can be understood by those skilled in the art. Moreover, such modifications and variations are intended to fall within the scope of the claims appended hereto.

110: user 120: user terminal
122 display 124 secure data
126: security area 128: message
130: camera 140: non-approved user
210: camera 220: user terminal
230: network 240: information processing system

Claims (20)

A data security method for telecommuting, performed by at least one processor, comprising:
When it is determined that the user terminal has access to security data based on an authentication request from a user terminal or a camera connected to the user terminal, transmitting an authentication code to the camera;
Receiving an image encrypted by the camera from the user terminal based on the authentication code; and
Decrypting the encrypted image and determining whether the user terminal can operate the security data based on the decrypted image
Including, data security method. According to claim 1,
The step of transmitting the authentication code to the camera,
Receiving an authentication request from a camera connected to the user terminal
Including, data security method. According to claim 1,
The step of determining whether the security data can be operated is
And identifying the existence of non-approved users other than the authorized user based on the decrypted image, the data security method. According to claim 1,
The step of determining whether the security data can be operated is
Identifying whether or not a predetermined photographing device or recording device exists based on the decoded image
Including, data security method. According to claim 3 or 4,
The step of determining whether the security data can be operated is
Based on the decrypted image, determining whether the security data can be operated through a deep learning-based image analysis model trained to identify the image of the approved user or the predetermined photographing or recording device
Including, data security method. According to claim 1,
Transmitting an access token associated with the operation of the security data to the user terminal when it is determined that the operation of the security data by the user terminal is possible.
Further comprising, data security method. According to claim 6,
invalidating the access token transmitted to the user terminal when it is determined that the security data cannot be operated by the user terminal;
Further comprising, data security method. According to claim 6,
Receiving a service request based on the access token from the user terminal;
determining whether the access token is valid; and
If the access token is valid, providing a service stream to the user terminal.
Further comprising, data security method. According to claim 6,
Receiving a service request based on the access token from the user terminal;
determining whether the access token is valid; and
blocking provision of a service stream to the user terminal when the access token is invalidated or expired;
Further comprising, data security method. According to claim 1,
The image encrypted by the camera includes an image taken at regular intervals, data security method. A data security method for telecommuting, performed by at least one processor, comprising:
Transmitting an authentication request to a server by a user terminal or a camera connected to the user terminal;
receiving, by the camera, an authentication code from the server when it is determined that the user terminal can access secure data based on the authentication request;
Encrypting an image captured by the camera based on the authentication code;
transmitting, by the user terminal, the encrypted image to the server; and
Receiving, by the user terminal, information on whether the security data can be operated, determined based on an encrypted image, from the server
Including, data security method. According to claim 11,
Receiving an access token associated with the operation of the security data from the server when it is determined that the operation of the security data is possible by the server.
Further comprising, data security method. According to claim 12,
invalidating the access token received from the server when it is determined by the server that the security data cannot be operated;
Further comprising, data security method. According to claim 12,
sending a service request based on the access token to the server; and
If the access token is valid, receiving a service stream from the server
Further comprising, data security method. According to claim 14,
Stopping the service stream provided from the server when the access token received from the server is invalidated or expired
Further comprising, data security method. According to claim 15,
The step of stopping the service stream,
displaying a security area on a display of the user terminal, stopping output of audio being output by the user terminal, or displaying a message associated with stopping the service stream;
Including, data security method. According to claim 11,
The image of the surroundings includes a 360-degree panoramic image centered on the camera, data security method. A computer program stored in a computer readable recording medium to execute the data security method according to any one of claims 1 to 17 on a computer. As an information processing system,
communication module;
Memory; and
at least one processor connected to the memory and configured to execute at least one computer readable program contained in the memory
including,
The at least one program,
When it is confirmed that the user terminal has access to security data based on an authentication request from a user terminal or a camera connected to the user terminal, an authentication code is transmitted to the camera,
Receiving an image encrypted by the camera based on the authentication code from the user terminal;
An information processing system comprising instructions for decrypting the encrypted image and determining whether the security data can be operated by the user terminal based on the decrypted image. As an information processing system,
communication module;
Memory; and
at least one processor connected to the memory and configured to execute at least one computer readable program contained in the memory
including,
The at least one program,
Sending an authentication request to a server by a user terminal or a camera connected to the user terminal,
When it is confirmed that the user terminal has access to secure data based on the authentication request, the camera receives an authentication code from the server,
The camera encrypts an image of the surroundings based on the authentication code,
By the user terminal, transmitting the encrypted image to the server,
An information processing system comprising instructions for receiving, by the user terminal, information on whether the security data can be operated, determined based on an encrypted image, from the server.

Images