KR100710846B1 - Apparatus for management of usb memory - Google Patents

Abstract

The present invention provides a device for managing a secondary memory medium, USB management server for performing a security management for the data of the secondary storage medium; The auxiliary storage medium is connected to the USB management server to perform real-time interworking, and has an auxiliary memory medium interface unit for performing an interface with the auxiliary storage medium and a biometric medium interface unit for performing an interface with a biometric medium. A USB management agent for performing security management on data; An auxiliary storage medium which interfaces with the auxiliary memory medium interface unit and divides a storage space into a security area and a general area; A biometric medium that performs an interface with the biometric medium interface unit and performs biometric recognition by a fingerprint sensor or an image camera sensor. It will be possible to prevent leakage.

Secondary storage media, USB memory, biometrics, confidential data protection, fingerprint recognition, video camera

Description

Apparatus for management of ＢＳ {memory}

1 is a block diagram of an apparatus for managing an auxiliary memory medium according to an embodiment of the present invention.

2 is a conceptual diagram illustrating a configuration example of FIG. 1.

FIG. 3 is a block diagram illustrating a relationship between a USB management server, a USB management agent, an auxiliary memory medium, and a biometric medium in FIG.

4 is a conceptual diagram illustrating a detailed configuration of FIG. 3.

FIG. 5 is a detailed block diagram of the USB management server in FIGS. 3 and 4.

FIG. 6 is a detailed block diagram of the USB management agent in FIGS. 3 and 4.

7 is a detailed block diagram of the auxiliary storage medium interface unit in FIGS. 4 and 6.

8 is a detailed block diagram of the biometric medium interface unit in FIGS. 4 and 6.

9 is a detailed block diagram of the auxiliary storage medium in FIGS. 3 and 4.

FIG. 10 is a detailed block diagram of a biometric medium in FIGS. 3 and 4.

11 is a flowchart illustrating a method of managing an auxiliary memory medium according to an embodiment of the present invention.

12 is a flowchart illustrating a method of managing an auxiliary memory medium for a USB memory according to an embodiment of the present invention.

13 is a flowchart illustrating a method of managing an auxiliary memory medium for a biometric medium according to an embodiment of the present invention.

Explanation of symbols on the main parts of the drawings

10: center system 20: local system

30: user PC 40: patch server

100: USB management server 110: initialization unit

120: GUI 130: management unit

150: DB processing unit 160: interface unit

170: patch portion 200: USB management agent

210: interface unit 220: patch unit

230: management unit 240: GUI

250: initialization unit 260: auxiliary memory medium management unit

270: biometric medium management unit 280: auxiliary memory medium interface unit

290: biometric medium interface unit 300: auxiliary storage medium

310: NAND flash memory 320: interface unit

330: USB port 400: biometric media

410: fingerprint sensor 420: video camera sensor

430: Interface unit 440: USB port

The present invention relates to an apparatus for managing an auxiliary memory medium, and more particularly, to an apparatus for managing an auxiliary memory medium suitable for preventing leakage of confidential data when using an auxiliary memory medium (USB memory) which is portable and mobile.

Generally, USB (Universal Serial Bus) memory is a removable storage device that is connected to a USB port of a computer. Connect your USB stick to a USB port, such as a notebook computer or personal computer, to save and retrieve stored documents.

Using such a USB memory, users can read data stored in the USB memory from any computer and freely store the data in the USB memory.

However, if the data is confidential, storing confidential data on a freely available USB memory can cause serious problems with the security of the data.

Therefore, the necessity of USB memory management technology that can protect confidential data is emerging.

Accordingly, the present invention has been proposed to solve the above-mentioned problems in the related art, and an object of the present invention is to provide an apparatus for managing an auxiliary memory medium which can prevent leakage of confidential data when using an auxiliary memory medium that is portable and mobile. It is.

In order to achieve the above object, an auxiliary memory medium management apparatus according to an embodiment of the present invention,

A USB management server for performing security management on the data of the auxiliary storage medium; The auxiliary storage medium is connected to the USB management server to perform real-time interworking, and has an auxiliary memory medium interface unit for performing an interface with the auxiliary storage medium and a biometric medium interface unit for performing an interface with a biometric medium. A USB management agent for performing security management on data; An auxiliary storage medium which interfaces with the auxiliary memory medium interface unit and divides a storage space into a security area and a general area; And a biometric medium for performing an interface with the biometric medium interface unit and performing biometrics by a fingerprint sensor or an image camera sensor.

delete

Hereinafter, an embodiment according to the present invention as described above, the technical spirit of the management device of the auxiliary storage medium with reference to the drawings as follows.

1 is a block diagram of an apparatus for managing an auxiliary memory medium according to an embodiment of the present invention, and FIG. 2 is a conceptual diagram illustrating an example of the configuration of FIG. 1.

As shown therein, a patch server 40 having a DBMS (Database Management System) and patching data is connected to the patch server 40 to perform real-time interworking with the USB management agent. USB management server 100 to perform security management on the data of the auxiliary storage medium 300, connected to the USB management server 100 performs a real-time interlocking and security of the data of the auxiliary storage medium 300 A center system 10 having a USB management agent 200 for performing management; The USB management server 100 and the USB management server 100 connected to the patch server 40 in the center system 10 to perform real-time interworking and security management of the data of the auxiliary storage medium 300. A local system 20 having a USB management agent 200 connected to and performing real-time interworking and security management of the data of the auxiliary storage medium 300; The USB management agent 200 and the USB management agent 200 connected to the USB management agent 200 in the local system 20 to perform real-time interworking and security management of the data of the auxiliary storage medium 300. And a user memory device 30 having a biometric medium connected to the auxiliary storage medium 300 and the USB management agent 200.

FIG. 3 is a block diagram showing a relationship between a USB management server, a USB management agent, an auxiliary storage medium, and a biometric medium in FIG. 1, and FIG. 4 is a conceptual view showing the detailed configuration of FIG. 3.

As shown therein, the USB management server 100 for performing security management on the data of the auxiliary storage medium; A biometric media connected to the USB management server 100 to perform real-time interworking and to interface the auxiliary memory medium interface unit 280 and the biometric medium 400 to interface with the auxiliary memory medium 300. A USB management agent (200) having an interface unit (290) for performing security management on the data of the auxiliary storage medium (300); An auxiliary memory medium 300 that interfaces with the auxiliary memory medium interface unit 280 and divides a storage space into a security area and a general area; And a biometric medium 400 for performing an interface with the biometric medium interface 290 and performing biometrics by a fingerprint sensor or an image camera sensor.

FIG. 5 is a detailed block diagram of the USB management server in FIGS. 3 and 4.

As shown in this, the USB management server 100, the initialization unit 110 for managing the initialization operation of the USB management server 100; A GUI (120) for managing a GUI (Graphic User Interface) function in the USB management server (100); A management unit 130 for performing security management on the auxiliary storage medium 300 and the biometric medium 400; A DB processing unit 150 connected to the management unit 130 and managing a DB (Database, Database); An interface unit 160 connected to the management unit 130 and connected to the DB processing unit 150 to interface with the USB management agent 200; It is connected to the management unit 130 and the DB processing unit 150, the patch unit 170 for performing a data patch with the USB management agent 200; characterized in that it comprises a.

The management unit 130 is connected to the DB processing unit 150, the user management unit 131 for managing whether the user connected to the USB management agent 200 is an authorized user; A policy manager 132 connected to the interface unit 160 and managing to send down a corresponding policy according to a security level; A certified flash-memory disk (CFD) manager 133 for managing whether the auxiliary storage medium 300 is authorized; A biometric manager 134 for managing whether the biometric medium 400 is an authorized user when fingerprint recognition or biometric recognition is performed; A document information manager 135 for managing document information of a secret document using the auxiliary memory medium 300; A connection manager 136 for performing a log process connected to the USB management agent 200 to manage the connected records; A loss management unit 137 for managing a loss report when the auxiliary storage medium 300 is lost and performing an IP (Internet Protocol) tracking when using the auxiliary storage medium 300 lost by another computer; A tracking manager 138 for tracking and managing IP when an IP tracking request is made by the lost manager 137; A log manager 139 for managing a record connected to the USB management agent 200; An environment setting manager 140 for managing the environment settings required by the manager 130; A version manager 141 managing a version of the USB management agent 200; Other management unit 142 which performs management of other tasks required by the management unit 130 including exception processing such as failure processing on hardware; Characterized in that it comprises one or more of the.

The interface unit 160 may include: a protocol processing unit 161 connected to the management unit 130 to perform protocol processing required for wired and wireless communication; And an input / output unit 162 connected to the protocol processing unit 161 and performing input / output processing with the USB management agent 162.

FIG. 6 is a detailed block diagram of the USB management agent in FIGS. 3 and 4.

As shown therein, the USB management agent 200 includes: an interface unit 210 for performing an interface with the USB management server 100; A patch unit 220 for performing data patch with the USB management server 100; A management unit 230 for performing security management on the auxiliary memory medium 300 and the biometric medium 400; A GUI 240 for managing GUI functions in the USB management agent 200; An initialization unit (250) connected to the GUI (240) and managing an initialization operation of the USB management agent (200); A secondary storage medium management unit 260 connected to the management unit 230 and performing management of the auxiliary storage medium 300; A biometric medium management unit 270 connected to the management unit 230 and managing the biometric medium 400; An auxiliary storage medium interface unit 280 for processing an interface between the auxiliary storage medium management unit 260 and the auxiliary storage medium 300; And a biometric medium interface unit 290 for processing an interface between the biometric medium management unit 270 and the biometric medium 400.

The interface unit 210 includes an input / output unit 211 for performing input / output processing with the USB management server 100; And a protocol unit 212 connected to the input / output unit 211 and connected to the management unit 230 to perform protocol processing necessary for wired / wireless communication.

The management unit 230, a user management unit 231 for managing whether the user connected to the USB management agent 200 is an authorized user; A policy manager 232 connected to the interface unit 210 and managing to send down a corresponding policy according to a security level; A certified flash-memory disk (CFD) manager 233 for managing whether the auxiliary storage medium 300 is authorized; A biometric manager 234 that manages whether the biometric medium 400 is an authorized user when fingerprint recognition or biometric recognition is performed; A document information management unit 235 for managing document information of a secret document using the auxiliary memory medium 300; Other management unit 236 which performs management of other operations required by the management unit 230, including exception processing such as failure processing on hardware and serial CFD key generation; It characterized by including one or more of.

The auxiliary storage medium management unit 260 is connected to the protocol unit 212 in the interface unit 210 to control a Floppy Disk Driver (FDD), a Hard Disk Drive (HDD), and an Institute of Electrical and Electronics Engineers (IEEE). 1394 Control, CDROM R / W (Compact Disk Read Only Memory Read / Write) Control, Parallel Interface Control, Serial Interface Control, Transmission Control Protocol / User Datagram Protocol (TCP / UDP) Local Area Network (LAN) Control by Port, USB A media control unit 261 which performs media control including at least one media control among control, Bluetooth control, keyboard control, mouse control, MMC (MultiMedia Card) control, and SD (Secure Digital Card) control; An auxiliary storage medium processing unit 262 connected to the protocol unit 212 and connected to the auxiliary storage medium interface unit 280 to perform signal processing on the auxiliary storage medium 300; And an encryption unit 263 connected to the auxiliary storage medium processing unit 262 to perform an encryption process on the data.

The biometric medium management unit 270 may include a biometric medium processing unit 271 connected to the protocol unit 212 in the interface unit 210 to perform signal processing on the biometric medium 400; And a logon manager 272 connected to the biometric medium processor 271 and performing log on management.

7 is a detailed block diagram of the auxiliary storage medium interface unit in FIGS. 4 and 6.

As shown therein, the auxiliary storage medium interface unit 280 is connected to the auxiliary storage medium management unit 260 of the USB management agent 200 and includes a Win32 subsystem 281 equipped with an operating system; A disk driver unit 282 which is managed by the Win32 subsystem 281 and performs disk drive; A storage volume driver unit 283 which is managed by the Win32 subsystem 281 and performs driving on a storage volume; A function driver unit 284 which is managed by the Win32 subsystem 281 and performs function management; A security driver unit 285 which is managed by the Win32 subsystem 281 and performs security management; A USB hub driver unit 286 managed by the Win32 subsystem 281 and recognizing USB; A bus driver unit 287 which is managed by the Win32 subsystem 281 and performs bus driving; Root hub hardware 288 that is managed by the Win32 subsystem 281 and connected to the USB port 330 of the auxiliary storage medium 300, characterized in that it comprises a.

8 is a detailed block diagram of the biometric medium interface unit in FIGS. 4 and 6.

As shown here, the biometric medium interface unit 290 is connected to the biometric medium management unit 270 in the USB management agent 200, fingerprint recognition, iris recognition, retinal recognition, face recognition, hand Application Programming Interface (API) for receiving and processing one or more pieces of recognition information among shape recognition, hand vessel recognition, signature recognition, ear recognition, EMG signal recognition, gait recognition, typing rhythm recognition, and lips recognition, and performing authentication. )Wow; A USB / parallel device driver unit 292 connected to the API 291 and processing driving of a USB or parallel device; And a USB / parallel device 293 connected to the USB / parallel device driver unit 292 and connected to the biometric medium 400.

9 is a detailed block diagram of the auxiliary storage medium in FIGS. 3 and 4.

As shown therein, the auxiliary storage medium 300 includes: a NAND flash memory 310 divided into a security area for storing data in a binary file and a general area for storing data in a general file; An interface unit 320 connected to the NAND flash memory 310 and processing an interface with the USB management agent 200; And a USB port 330 connected to the interface unit 320 and connected to the root hub hardware 288 in the auxiliary storage medium interface unit 280 in the USB management agent 200. do.

The NAND flash memory 310 includes: a security area 311 comprising a binary file information and flag bit 312 area and a binary file storage 313 area; And a general area 314 comprising a file allocation table (FAT) file system 315 area and a file storage 316 area.

The interface unit 320 includes: a NAND flash interface 321 connected to the NAND flash memory 310 to perform an interface; A NAND boot logic 322 connected to the NAND flash interface 321 and storing boot logic; The NAND is connected to the NAND flash interface 321 and counts a flag bit to determine whether the user of the auxiliary storage medium 300 is an authorized user. A flag counter 323 for deleting data stored in the flash memory 310; A security handler 324 connected to the NAND flash interface 321 and performing security management; A smart USB 2.0 engine 325 connected to the NAND flash interface 321 and performing USB transfer processing; And a USB 2.0 XCVR 326 connected to the NAND flash interface 321 and processing transmission / reception (XCVR, Transceiver) through the USB port 330.

FIG. 10 is a detailed block diagram of a biometric medium in FIGS. 3 and 4.

As shown here, the fingerprint sensor 410, iris sensor, retina sensor, face sensor, hand recognition sensor, hand vessel recognition sensor, signature recognition sensor, ear recognition sensor, EMG signal recognition sensor, step Input means comprising at least one of a hook recognition sensor, a typing rhythm recognition sensor, and a lip recognition sensor; An interface unit 430 for receiving fingerprint recognition information or image recognition information from the input means and processing an interface with the USB management agent 200; An interface unit 430 connected to the interface unit 430 and processing an interface with the USB management agent 200; And a USB port 330 connected to the interface unit 420 and connected to the USB / parallel device 293 in the biometric medium interface unit 290 in the USB management agent 200. do.

The interface unit 430 may include: a complementary metal oxide semiconductor (CMOS) sensor interface 431 for receiving fingerprint recognition information or image recognition information through the input means; A USB interface 432 connected to the CMOS sensor interface 431 and performing USB interface processing; A memory 433 connected to the CMOS sensor interface 431 and storing a program and data; A general purpose microprocessor (434) connected to the CMOS sensor interface (431) and performing control of the interface unit (430); A smart USB 2.0 engine 435 connected to the CMOS sensor interface 431 and performing USB transfer processing; And a USB 2.0 XCVR 436 connected to the CMOS sensor interface 431 and processing transmission / reception (XCVR, Transceiver) through the USB port 440.

In addition, the auxiliary storage medium 300 according to an embodiment of the present invention, as shown in Figure 9, NAND flash memory divided into a security area for storing data in a binary file and a general area for storing data in a normal file 310; An interface unit 320 connected to the NAND flash memory 310 and processing an interface with the USB management agent 200; And a USB port 330 connected to the interface unit 320 and connected to the root hub hardware 288 in the auxiliary storage medium interface unit 280 in the USB management agent 200. .

The NAND flash memory 310 includes: a security area 311 comprising a binary file information and flag bit 312 area and a binary file storage 313 area; And a general area 314 comprising a file allocation table (FAT) file system 315 area and a file storage 316 area.

The interface unit 320 includes: a NAND flash interface 321 connected to the NAND flash memory 310 to perform an interface; A NAND boot logic 322 connected to the NAND flash interface 321 and storing boot logic; The NAND is connected to the NAND flash interface 321 and counts a flag bit to determine whether the user of the auxiliary storage medium 300 is an authorized user. A flag counter 323 for deleting data stored in the flash memory 310; A security handler 324 connected to the NAND flash interface 321 and performing security management; A smart USB 2.0 engine 325 connected to the NAND flash interface 321 and performing USB transfer processing; And a USB 2.0 XCVR 326 connected to the NAND flash interface 321 and processing transmission and reception (XCVR, Transceiver) through the USB port 330.

11 is a flowchart illustrating a method of managing an auxiliary memory medium according to an embodiment of the present invention.

As shown in FIG. 2, when the auxiliary storage medium 300 is mounted on the user PC 30, the USB management agent 200 performs a CFD authentication request and the USB management server 100 performs a CFD authentication process. 1 step (ST1 to ST6); The USB management agent 200 is a second step (ST7 ~ ST13) to receive the authentication result from the USB management server 100 to examine the level of security; And after the second step, a third step (ST14 to ST20) for executing the security task in the user PC 30 by executing policy execution through the media control in the USB management agent 200. Characterized in that.

In the first step, when the auxiliary storage medium 300 is mounted on the user PC 30, the USB management agent 200 performs a CFD authentication request, and the USB management server 100 performs CFD authentication. An eleventh step (ST1 to ST4) for determining an authentication result; In the eleventh step, log recording of the authentication result is performed. If the authentication result is authorization, the USB management server 100 transmits a policy to the USB management agent 200. If the authentication result is unauthorized, the USB management server 100 12) (ST5, ST6) to notify the non-authorization to the USB management agent (200).

In the second step, the USB management agent 200 receives an authentication result from the USB management server 100 and determines a content of the authentication result (ST7); If the authentication result in the twenty-first step is unauthorized, the work at the user PC 30 is terminated. If the authentication result in the twenty-first step is authorized, the USB management agent 200 determines the level of security. A twenty-second step ST8; A twenty-third step (ST9) of performing a biometric authentication request from the USB management agent 200 to the USB management server 100 when the security level is determined to be biometric authentication necessary in the twenty-second step; The USB management server 100 receiving the biometric authentication request in step 23 performs biometric authentication, performs a log record on the authentication result, and then transmits the authentication result to the USB management agent 200. Steps ST10 to ST12; After the twenty-fourth step, the USB management agent 200 is a twenty-fifth step (ST13) for determining the authentication result received from the USB management server (100); The USB management agent 200 executes the policy execution through the media control if the security level is unnecessary biometric authentication in the twenty-second step, and performs the policy execution through the media control if the authentication result is authorized in the twenty-fifth step. And a twenty-sixth step of terminating the work at the user PC 30 if the authentication result is not authorized in the twenty-fifth step.

The third step may include a thirty-first step (ST14) of executing policy through media control in the USB management agent (200) after the second step; A thirty-second step (ST15) for performing a security task in the user PC (30) after the thirty-first step; The thirty-third of transmitting a work result from the user PC 30 to the USB management agent 200 with respect to the security task performed in step 32, and processing the work result in the USB management server 100; Steps ST16 and ST17; After the 33rd step, if the CFD detachment is performed by detachment of the auxiliary memory medium 300, the system manager releases every system word from the USB management agent 200 and performs log recording from the USB management server 100. And performing step 34 (ST18 to ST20).

12 is a flowchart illustrating a method of managing an auxiliary memory medium for a USB memory according to an embodiment of the present invention.

As shown in FIG. 41, steps 41 and ST22 of setting flag bits in the auxiliary storage medium 300 and determining whether the bits are in the normal mode; A step 42 of determining whether it is a security mode if it is not the normal mode in step 41; A 43rd step (ST24, ST25) of generating a key and performing CFD verification in the secure mode in the 42nd step; A 44 th step (ST26) of activating the security area when the CFD verification is performed in the 43 th step; A forty-fifth step (ST27, ST28) for clearing a flag bit and activating a FAT area after performing the 44th step in the normal mode in the forty-first step; A step 46 (ST29, ST30) of increasing the counter value of the flag counter (323) and comparing the set value if the CFD verification is not performed in the 43rd step; A step 47 (ST31 to ST33) of performing location tracking and deleting data of the auxiliary storage medium (300) when the counter value increased in the forty-sixth is larger than a set value; In operation 42, if the security mode is not the 48th step (ST34) to perform the initial setting mode; characterized in that it comprises.

The 47 th step may include deleting the binary file information and the data of the flag bit 312 and deleting the data in the binary file storage 313 area when deleting the data of the auxiliary memory medium 300. It is characterized by.

13 is a flowchart illustrating a method of managing an auxiliary memory medium for a biometric medium according to an embodiment of the present invention.

As shown in the drawing, when the USB management agent 200 is operated, the key is read from the auxiliary storage medium 300 and then transmitted to the USB management server 100 to determine whether the key is an authorized key. 51 steps ST41 to ST43; A 52nd step (ST44) of determining whether to use biometrics if the key is applied in the 51st step; If it is determined in step 52 that the biometrics are used, then performing a fingerprint or face reading and transmitting the read biometric information to the USB management server 100 to determine whether biometric authentication is performed (ST45 to ST47); Step 54 (ST48, ST49) for deactivating the auxiliary storage medium (300) and performing a general operation if a key is not applied in the 51st step or biometric authentication in the 53rd step; If it is determined in step 52 that the biometric is not used or the biometric authentication in step 53, the USB management server 100 to execute the policy through the USB management agent 200 to the secondary storage medium ( And a fifty-fifth step (ST50, ST51) to perform the secret operation for the 300).

The auxiliary memory medium and the apparatus for managing the auxiliary memory medium and the method according to the present invention configured as described above will be described in detail with reference to the accompanying drawings. In the following description of the present invention, when it is determined that a detailed description of related known functions or configurations may unnecessarily make the gist of the present invention unnecessary, the detailed description thereof will be omitted. In addition, terms to be described below are terms defined in consideration of functions in the present invention, which may vary according to intention or precedent of a user or an operator, and thus, the meaning of each term should be interpreted based on the contents throughout the present specification. will be.

First, the present invention is intended to prevent the leakage of confidential data when using the secondary storage medium that is convenient to carry and move.

To this end, as shown in FIGS. 1 and 2, the patch system 40, the USB management server 100, and the USB management agent 200 are installed in the center system 10 installed in the head office of the company or the main office of the police station. . In addition, the local system 20 to be installed in each branch of the company or the police station, such as the USB management server 100 and the USB management agent 200 to be installed. In addition, a plurality of user PCs 30 are connected to the USB management agent 200 of the local system 20. The user PC 30 becomes a USB management agent 200, and the auxiliary memory medium 300 and the biometric medium 400 are connected to the USB management agent 200.

In this way, user authentication through biometrics, access control and security policy for the user PC 30, so as to prevent leakage of confidential flows by internal / external parties when using a portable and portable auxiliary storage medium (USB). To manage, protect and automatically delete confidential data stored in the secondary memory (USB).

Herein, AM3S represented in FIGS. 2 and 4 is an alias of a management system for auxiliary storage medium (USB).

Thus, the master DBMS of FIG. 2 integrates and manages a local DB distributed in units of a USB management server 100 which is an AM3S server and a USB management agent 200 which is an AM3S agent.

In addition, AM3S performs real-time interworking among servers, agents, and auxiliary storage media.

And the USB management server 100 performs the following functions.

Policy management (subject: group, department, individual, etc .; object: HDD, LAN, etc.)

-Authentication management (server access, auxiliary storage medium authentication, biometric medium authentication)

-Information management (PC, auxiliary memory, user, etc.)

-Lost / Tracked Management

-Installation guidance management

Log management

-Manage server environment settings

In addition, the USB management agent 200 performs the following functions.

-Media control according to policy (HDD, LAN, FDD, etc.)

-Control and authentication of licensed auxiliary storage media and biometric media

-Temporary storage of auxiliary memory media when working with secret documents

File encryption storage

And the secondary memory medium 300 is equipped with a protection and automatic erasure function of confidential data. The auxiliary memory medium 300 performs the following functions.

-Mode-specific access function (normal mode, security mode)

-Tracking report and secret data erasing function when lost

-Binary file area

In addition, biometric media is used for biometric authentication.

Meanwhile, the configuration of the present invention will be described in more detail with reference to FIGS. 3 to 10 as follows.

First, the USB management server 100 performs security management on the data of the auxiliary storage medium 100.

In the USB management server 100, the initialization unit 110 manages the initialization operation of the USB management server 100.

In addition, the GUI 120 manages GUI functions in the USB management server 100.

The manager 130 performs security management on the auxiliary storage medium 300 and the biometric medium 400.

The management unit 130 is a user management unit 131, policy management unit 132, CFD management unit 133, biometric management unit 134, document information management unit 135, connection management unit 136, snack management unit 137, tracking The manager 138, the log manager 139, the environment manager 140, the version manager 141, the other manager 142 and the like.

Thus, the user manager 131 is connected to the DB processor 150 to manage whether the user connected to the USB management agent 200 is an authorized user.

In addition, the policy management unit 132 is connected to the interface unit 160 manages to send down the corresponding policy according to the security level to the USB management agent 200.

In addition, the CFD manager 133 manages whether the auxiliary storage medium 300 is applied. This determines whether the USB is authorized or unauthorized USB.

The biometric manager 134 manages whether the biometric medium 400 is an authorized user when fingerprint recognition or biometric recognition is performed.

In addition, the document information management unit 135 manages the document information of the secret document using the auxiliary storage medium (300).

In addition, the connection manager 136 performs a log process connected to the USB management agent 200 and manages the connected records.

Thus, when performing the CFD authentication process, the user manager 131, the policy manager 132, the CFD manager 133, and the connection manager 134 combine to perform the authentication process.

In addition, the loss management unit 137 manages a loss report when the auxiliary memory medium 300 is lost, and performs an IP (Internet Protocol) tracking when using the auxiliary memory medium 300 lost by another computer.

In addition, the tracking management unit 138 tracks and manages the IP when there is an IP tracking request by the loss management unit 137.

By the loss management unit 137 and the tracking management unit 138, the secondary memory medium 300 can be used in a state where security is enhanced.

In addition, the log management unit 139 manages the records connected to the USB management agent 200.

In addition, the environment setting manager 140 manages the environment settings required by the manager 130.

In addition, the version manager 141 manages the version of the USB management agent 200.

The other manager 142 also manages other tasks required by the manager 130, including exception handling such as failure processing on hardware. In this case, it refers to processing a failure signal in software due to an error or a hardware error that occurs during the control of an exception-treated media driver.

And the DB processing unit 150 is connected to the management unit 130, and performs the management of the DB.

In addition, the interface unit 160 is connected to the DB processing unit 150 and performs an interface with the USB management agent 200, and may include a protocol processing unit 161, an input / output unit 162, and the like.

In addition, the patch unit 170 is connected to the management unit 130 and the DB processing unit 150, and performs a data patch with the USB management agent 200.

In addition, the USB management agent 200 is connected to the USB management server 100 to perform real-time interworking, and performs security management for the data of the auxiliary storage medium (300).

In the USB management agent 200, the interface unit 210 performs an interface with the USB management server 100, and may include an input / output unit 211 and a protocol unit 212.

The patch unit 220 performs a data patch with the USB management server 100.

In addition, the management unit 230 performs security management for the auxiliary storage medium 300 and the biometric medium 400, the user management unit 231, policy management unit 232, CFD management unit 233, biometric management unit 234 ), The document information management unit 235, the other management unit 236, and the like.

The USB management agent 200 may include a GUI 240, an initialization unit 250, an auxiliary storage medium management unit 260, a biometric medium management unit 270, an auxiliary storage medium interface unit 280, and a biometric medium interface unit ( 290) and the like.

In addition, as shown in FIG. 9, the auxiliary storage medium 300 interfaces with the auxiliary memory medium interface unit 280 and divides the storage space into a security area and a general area.

In addition, the NAND flash memory 310 is composed of a secure area 311 consisting of a binary file information and flag bit 312 area and a binary file storage 313 area, a FAT file system 315 area, and a file storage 316 area. It consists of a general area 314.

In addition, the interface unit 320, USB port 330 is configured to include.

The biometric medium 400 performs an interface with the biometric medium interface 290 and performs biometrics by a fingerprint sensor or an image camera sensor.

The biometric medium 400 includes a fingerprint sensor 410 or an image camera sensor 420, an interface unit 430, a USB port 330, and the like.

The input means of the biometric medium 400 may include a fingerprint sensor 410, an iris sensor, a retina sensor, a face sensor, a hand shape sensor, a hand blood vessel sensor, a signature sensor, an ear sensor, and an EMG. Signal recognition sensor, gait sensor, typing rhythm sensor, lip sensor may be included.

Meanwhile, a management method of the auxiliary storage medium according to an embodiment of the present invention will be described with reference to FIGS. 11 to 13.

First, as shown in FIG. 11, when the auxiliary storage medium 300 is mounted on the user PC 30 (ST1), the CF management agent 200 performs a CFD authentication request (ST2), and at the USB management server 100. CFD authentication is performed to determine the authentication result (ST4).

Then, log recording of the authentication result is performed (ST5).

In addition, if the authentication result is authorized, the USB management server 100 transmits a policy to the USB management agent 200. If the authentication result is unauthorized, the USB management server 100 notifies the USB management agent 200 to the non-authorization (ST6). ).

Then, the USB management agent 200 receives the authentication result from the USB management server 100 and determines the contents of the authentication result (ST7).

Thus, if the authentication result is unauthorized, the task at the user PC 30 is terminated. If the authentication result is authorization, the USB management agent 200 determines the security level (ST8).

At this time, if the security level is determined to require biometric authentication, the biometric authentication request from the USB management agent 200 to the USB management server 100 (ST9).

So, the USB management server 100 receiving the biometric authentication request executes biometric authentication (ST10), performs a log record on the authentication result (ST11), and then transmits the authentication result to the USB management agent 200 ( ST12).

Then, the USB management agent 200 determines the authentication result received from the USB management server 100 (ST13).

If the security level is not required for biometric authentication, the USB management agent 200 performs policy execution through media control, if the authentication result is authorized, the policy execution through media control is performed, and if the authentication result is unauthorized, the user PC ( 30) to terminate the work.

In addition, the USB management agent 200 performs policy execution through media control (ST14).

Then, the user PC 30 can perform security tasks (ST15).

The operation result is transmitted from the user PC 30 to the USB management agent 200 with respect to the performed security task (ST16), and the USB management server 100 performs processing on the operation result (ST17).

In addition, when the CFD detachment is performed by detachment of the auxiliary storage medium 300 (ST18), the media control is released from the USB management agent 200 (ST19), and the log management is performed by the USB management server 100 (ST20). .

On the other hand, as shown in FIG. 12, the flag bit is set in the auxiliary storage medium 300 (ST21), and it is determined whether it is the normal mode (ST22).

If it is not the normal mode, it is determined whether the security mode (ST23).

Thus, in secure mode, a key is generated (ST24) and CFD verification is performed (ST25).

When the CFD verification is performed, the security area is activated (ST26).

If in normal mode or after the secure area is activated, the flag bit is cleared (ST27) and the FAT area is activated (ST28).

If the CFD verification fails, the counter value of the flag counter 323 is increased (ST29) and compared with a set value (for example, three times) (ST30).

At this time, if the increased counter value is larger than the set value, the position tracking is executed (ST31), the data of the binary file information and the flag bit 312 are deleted (ST32), and the data of the binary file storage 313 area is deleted ( ST33).

If not in the security mode, the initial setting mode is performed (ST34).

Meanwhile, as shown in FIG. 13, when the USB management agent 200 is operated, the key is read from the auxiliary storage medium 300 (ST41), and then the key is transmitted to the USB management server 100 (ST42). It is determined whether or not the key has been entered (ST43).

If the key has been applied, it is determined whether biometrics are used (ST44).

Thus, if it is determined that the biometrics are used, fingerprint or face reading is performed (ST45), and then the read biometric information is transmitted to the USB management server 100 (ST46) to determine whether biometric authentication is performed (ST47).

If the key is not authorized or is not biometric authentication, the secondary storage medium 300 is deactivated (ST48), and the general operation is performed (ST49).

If it is determined that the biometric is not used or biometric authentication, the policy is executed by the USB management server 200 through the USB management agent (200) (ST50) to perform a secret operation on the secondary storage medium (300). (ST51).

As such, the present invention is to prevent the leakage of confidential data when using the secondary storage medium that is convenient to carry and move.

As described above, the management device of the auxiliary storage medium according to the present invention has the effect of preventing the leakage of confidential data when using the auxiliary storage medium that is convenient to carry and move.

Although the above has been described as being limited to the preferred embodiment of the present invention, the present invention is not limited thereto and various changes, modifications, and equivalents may be used. Therefore, the present invention can be applied by appropriately modifying the above embodiments, it will be obvious that such application also belongs to the scope of the present invention based on the technical idea described in the claims below.

Claims (27)

A patch management server having a DBMS and patching data, and a USB management server connected to the patch server 40 to perform real-time interworking with the USB management agent to perform security management on the data of the auxiliary storage medium 300. (100), the center system 10 is connected to the USB management server 100 and performs a real-time interlock and the USB management agent 200 for performing security management for the data of the auxiliary storage medium 300 and ; The USB management server 100 and the USB management server 100 connected to the patch server 40 in the center system 10 to perform real-time interworking and security management of the data of the auxiliary storage medium 300. A local system 20 having a USB management agent 200 connected to and performing real-time interworking and security management of the data of the auxiliary storage medium 300; The USB management agent 200 and the USB management agent 200 connected to the USB management agent 200 in the local system 20 to perform real-time interworking and security management of the data of the auxiliary storage medium 300. A secondary memory medium (300) connected to the user, and a user PC (30) having a biometric medium connected to the USB management agent (200); management device for a secondary memory medium comprising a. A USB management server 100 for performing security management on the data of the auxiliary storage medium; Biometric recognition connected to the USB management server 100 to perform real time interworking, and to interface with the auxiliary memory medium interface unit 280 and the biometric medium 400 to interface with the auxiliary memory medium 300 A USB management agent (200) having a media interface unit (290) for performing security management on the data of the auxiliary storage medium (300); An auxiliary memory medium 300 that interfaces with the auxiliary memory medium interface unit 280 and divides a storage space into a security area and a general area; Management of the auxiliary memory medium, comprising: a biometric medium 400 for performing an interface with the biometric medium interface unit 290 and performing biometric recognition by a fingerprint sensor or an image camera sensor. Device. The method according to claim 2, The USB management server 100, An initialization unit 110 for managing an initialization operation of the USB management server 100; A GUI (120) for managing GUI functions in the USB management server (100); A management unit 130 for performing security management on the auxiliary storage medium 300 and the biometric medium 400; A DB processing unit 150 connected to the management unit 130 and performing management of the DB; An interface unit 160 connected to the management unit 130 and connected to the DB processing unit 150 to interface with the USB management agent 200; And a patch unit 170 connected to the management unit 130 and the DB processing unit 150 and performing a data patch with the USB management agent 200. Device. The method of claim 3, wherein the management unit 130, A user manager 131 connected to the DB processor 150 to manage whether a user connected to the USB management agent 200 is an authorized user; A policy manager 132 connected to the interface unit 160 and managing to send down a corresponding policy according to a security level; A CFD manager 133 managing whether the auxiliary storage medium 300 is applied; A biometric manager 134 for managing whether the biometric medium 400 is an authorized user when fingerprint recognition or biometric recognition is performed; A document information manager 135 for managing document information of a secret document using the auxiliary memory medium 300; A connection manager 136 for performing a log process connected to the USB management agent 200 to manage the connected records; A loss management unit 137 for managing a loss report when the auxiliary storage medium 300 is lost and performing IP tracking when using the auxiliary storage medium 300 lost by another computer; A tracking manager 138 for tracking and managing IP when an IP tracking request is made by the lost manager 137; A log manager 139 for managing a record connected to the USB management agent 200; An environment setting manager 140 for managing the environment settings required by the manager 130; A version manager 141 managing a version of the USB management agent 200; Other management unit 142 which performs management of other tasks required by the management unit 130 including exception processing such as failure processing on hardware; Apparatus for managing a secondary memory medium, characterized in that configured to include one or more of the. The method of claim 3, wherein the interface unit 160, A protocol processor 161 connected to the manager 130 to perform protocol processing necessary for wired and wireless communication; And an input / output unit (162) connected to the protocol processing unit (161) and performing input / output processing with the USB management agent (162). The method according to claim 2, The USB management agent 200, An interface unit 210 for performing an interface with the USB management server 100; A patch unit 220 for performing data patch with the USB management server 100; A management unit 230 for performing security management on the auxiliary memory medium 300 and the biometric medium 400; A GUI 240 for managing GUI functions in the USB management agent 200; An initialization unit (250) connected to the GUI (240) and managing an initialization operation of the USB management agent (200); A secondary storage medium management unit 260 connected to the management unit 230 and performing management of the auxiliary storage medium 300; A biometric medium management unit 270 connected to the management unit 230 and managing the biometric medium 400; An auxiliary storage medium interface unit 280 for processing an interface between the auxiliary storage medium management unit 260 and the auxiliary storage medium 300; And a biometric medium interface unit (290) for processing an interface between the biometric medium management unit (270) and the biometric medium (400). The method of claim 6, wherein the interface unit 210, An input / output unit 211 which performs input / output processing with the USB management server 100; And a protocol unit (212) connected to the input / output unit (211) and connected to the management unit (230) to perform protocol processing necessary for wired / wireless communication. The method of claim 6, wherein the management unit 230, A user manager 231 for managing whether a user connected to the USB management agent 200 is an authorized user; A policy manager 232 connected to the interface unit 210 and managing to send down a corresponding policy according to a security level; A CFD manager 233 for managing whether the auxiliary storage medium 300 is applied; A biometric manager 234 that manages whether the biometric medium 400 is an authorized user when fingerprint recognition or biometric recognition is performed; A document information management unit 235 for managing document information of a secret document using the auxiliary memory medium 300; Other management unit 236 which performs management of other operations required by the management unit 230, including exception processing such as failure processing on hardware and serial CFD key generation; Apparatus for managing a secondary memory medium, characterized in that configured to include one or more of the. The method of claim 6, wherein the auxiliary storage medium management unit 260, Connected to the protocol unit 212 in the interface unit 210, FDD (Floppy Disk Driver) control, HDD (Hard Disk Drive) control, Institute of Electrical and Electronics Engineers (IEEE) 1394 control, CDROM R / W (Compact Disk) Read Only Memory Read / Write (Control / Write) Control, Parallel Interface Control, Serial Interface Control, Local Area Network Control by TCP / UDP (Transmission Control Protocol / User Datagram Protocol), USB Control, Bluetooth Control, Keyboard Control, Mouse Control For example, a media control unit 261 that performs media control including at least one media control among MMC (MultiMedia Card) control and SD (Secure Digital Card) control; An auxiliary storage medium processing unit 262 connected to the protocol unit 212 and connected to the auxiliary storage medium interface unit 280 to perform signal processing on the auxiliary storage medium 300; And an encryption unit (263) connected to the auxiliary storage medium processing unit (262) to perform encryption processing on the data. The method of claim 6, wherein the biometric media management unit 270, A biometric medium processing unit 271 connected to the protocol unit 212 in the interface unit 210 to perform signal processing on the biometric medium 400; And a logon manager (272) connected to the biometric medium processor (271) and performing log on (Log On) management. The method of claim 6, wherein the auxiliary storage medium interface unit 280, A Win32 subsystem 281 connected to the auxiliary storage medium management unit 260 of the USB management agent 200 and equipped with an operating system; A disk driver unit 282 which is managed by the Win32 subsystem 281 and performs disk drive; A storage volume driver unit 283 which is managed by the Win32 subsystem 281 and performs a drive on the storage volume; A function driver unit 284 which is managed by the Win32 subsystem 281 and performs function management; A security driver unit 285 which is managed by the Win32 subsystem 281 and performs security management; A USB hub driver unit 286 managed by the Win32 subsystem 281 and recognizing USB; A bus driver section 287 which is managed by the Win32 subsystem 281 and performs bus driving; Root hub hardware (288) that is managed by the Win32 subsystem (281), and is connected to the USB port (330) of the secondary storage medium (300). The method of claim 6, wherein the biometric medium interface unit 290, Is connected to the biometric media management unit 270 in the USB management agent 200, fingerprint recognition, iris recognition, retina recognition, face recognition, hand shape recognition, hand vessel recognition, signature recognition, ear recognition, EMG signal recognition, An API 291 for receiving and processing one or more pieces of recognition information from gait recognition, typing rhythm recognition, and lips recognition, and performing authentication; A USB / parallel device driver unit 292 connected to the API 291 and processing driving of a USB or parallel device; And a USB / parallel device (293) connected to the USB / parallel device driver unit (292) and connected to the biometric medium (400). The method according to any one of claims 2 to 12, wherein the auxiliary storage medium 300, A NAND flash memory 310 divided into a security area for storing data in a binary file and a general area for storing data in a general file; An interface unit 320 connected to the NAND flash memory 310 and processing an interface with the USB management agent 200; And a USB port 330 connected to the interface unit 320 and connected to the root hub hardware 288 in the auxiliary storage medium interface unit 280 in the USB management agent 200. Device for managing secondary storage media. The method of claim 13, wherein the NAND flash memory 310, The security area 311 comprising a binary file information and flag bit 312 area and a binary file storage 313 area; And a general area (314) consisting of a FAT file system (315) area and a file storage (316) area. The method of claim 13, wherein the interface unit 320, A NAND flash interface 321 connected to the NAND flash memory 310 to perform an interface; A NAND boot logic 322 connected to the NAND flash interface 321 and storing boot logic; Data stored in the NAND flash memory 310 connected to the NAND flash interface 321 and counting a flag bit to determine whether a user of the auxiliary memory medium 300 is an authorized user, and at a predetermined number of times or more, a recognition error occurs. A flag counter 323 which causes the to be deleted; A security handler 324 connected to the NAND flash interface 321 and performing security management; A smart USB 2.0 engine 325 connected to the NAND flash interface 321 and performing USB transfer processing; And a USB 2.0 XCVR 326 that is connected to the NAND flash interface 321 and processes transmission and reception through the USB port 330. The method according to any one of claims 2 to 12, wherein the biometric medium 400, Fingerprint sensor 410, iris sensor, retina sensor, facial sensor, hand sensor, hand vessel sensor, signature sensor, ear sensor, EMG sensor, gait sensor, typing rhythm recognition An input means composed of at least one of a sensor and a lip recognition sensor; An interface unit 430 for receiving fingerprint recognition information or image recognition information from the input means and processing an interface with the USB management agent 200; An interface unit 430 connected to the interface unit 430 and processing an interface with the USB management agent 200; And a USB port 330 connected to the interface unit 420 and connected to the USB / parallel device 293 in the biometric medium interface unit 290 in the USB management agent 200. Management device for auxiliary storage medium. The method according to claim 16, The interface unit 430, A CMOS sensor interface 431 for receiving fingerprint recognition information or image recognition information through the input means; A USB interface 432 connected to the CMOS sensor interface 431 and performing USB interface processing; A memory 433 connected to the CMOS sensor interface 431 and storing a program and data; A general purpose microprocessor (434) connected to the CMOS sensor interface (431) and performing control of the interface unit (430); A smart USB 2.0 engine 435 connected to the CMOS sensor interface 431 and performing USB transfer processing; And a USB 2.0 XCVR (436) connected to the CMOS sensor interface (431) and processing transmission / reception through the USB port (440). delete delete delete delete delete delete delete delete delete delete

Images