KR101534307B1 - Caused by the use of smart device internal confidential data leakage prevention ＆ trace system and method - Google Patents

Abstract

The present invention relates to a system and method for preventing leakage of an internal secret data using a smart device, which can use a high function of a smart device only in a wireless Internet area composed of an authorized AP in conjunction with an existing wireless security measure, It is intended to provide a security solution in connection with access security solutions such as cameras.
An object of the present invention is to provide a smart device including an operating system, a smart device installed with security software as an application, a camera mounted on the smart device, a wireless communication device, a microphone, an internal or external storage medium, To prevent leakage of confidential data within the organization through the use of smart devices and to track the cause of security incidents in case of leakage of internal confidential data and to enable smart devices such as wireless internet, mobile communication network, GPS, internal or external storage media or Bluetooth An agent layer for collecting security policy information currently set and newly received security policy information; A manager layer for minimizing the resource load of the smart device through wireless communication with the agent layer and generating all of the security functions to generate an auditable event log and storing the event in the integrated DB; And a management console layer which is connected to the manager layer, searches the data stored in the integrated database, and provides a monitoring screen through the general web and the mobile web in cooperation with the WAS.

Description

[0001] 1. Field of the Invention [0002] The present invention relates to a system and method for preventing leakage of internal confidential data through a smart device,

In the present invention, devices such as a camera, a USB, a microphone, a Bluetooth, a memory (SD) card, a 3G / 4G communication, a wireless Internet (WiFi) As it becomes more sophisticated, it intercepts organizational confidential data leaks due to the use of smart devices, interlocks with existing wireless environment security systems (wireless IDS, wireless IPS, wireless NAC, etc.) and IP cameras used for access security management The present invention relates to an anti-leakage / tracking system for internal confidential data that can track the cause of a security incident.

2. Description of the Related Art Generally, in an enterprise or a governmental institution, a network security system such as a firewall, an intrusion detection system (IDS), and an intrusion prevention system (IPS) And controls network access to internal users, periodic visitors, unauthorized persons and unlicensed terminals by operating NAC (Network Access Control).

Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), Wi-Fi Protected Access2 (WPA2), WIDS, WIPS, etc. to cope with security breaches in wireless networks. , And NAC is extended to wireless to block illegal APs.

 Various PC security solutions including Digital Rights Management (DRM) and Data Leakage / Loss Prevention (DLP) are applied to users' PCs and notebooks to cope with security breaches such as data illegal manipulation and leakage attempts.

The above-described firewall installs a router or an application gateway so that all the information flows only through them, thereby selectively accepting, rejecting, or modifying information transmitted between a network in the enterprise or an organization and the Internet.

The intrusion detection system (IDS) collects and analyzes security events occurring in the network to be managed, and when the malicious network traffic is detected, the IDS performs a function of alarming the administrator.

The intrusion prevention system (IPS) collects and analyzes security events occurring in a network to be managed, and when malicious network traffic is detected, the intrusion prevention system alerts and immediately blocks the administrator.

Since the above-mentioned network access control (NAC) checks the security status of all devices accessing the network and accesses only the devices having safety, it not only secures the network security but also enforces the security policy implementation of the END device more easily And blocks the rogue AP from the source on the wireless.

The MAC filter function is the most primitive method of registering the MAC address of the wireless LAN card to be permitted / blocked and blocking wireless connection, but is a convenient method when there are not many wireless devices to be used.

Wired Equivalent Privacy (WEP) is a symmetric key algorithm that encrypts and decrypts data using the same key and algorithm as the most basic method of wireless data encryption. There are two encryption schemes of bit cipher. WPA (Wi-Fi Protected Access) is based on the IEEE 802.11i standard called Temporal Key Integrity Protocol (TKIP), which complements WEP (Wired Equivalent Privacy) key encryption. 802.1x and EAP (Extensible Authentication Protocol) To improve performance. WPA, which uses a password that changes frequently, is more secure than WEP. Wi-Fi Protected Access2 (WPA2), which adds WPA's data encryption feature called Advanced Encryption Standard (AES), is replacing DES and 3DES as the de facto industry encryption standard.

The WIDS (Intrusion Detection System) detects an unauthorized user or an AP and detects an attack attempt through a wireless LAN by installing an AP or equivalent wireless RF sensors in real time.

The Intrusion Protection System (WIPS) automatically detects and classifies the corporate wireless LAN users and terminals according to the security policy, detects the location of the attacker who is illegally installed or attempts to infiltrate in real time Perform security measures that can remove risks in advance.

Digital rights management (DRM) is a technology that protects the rights and interests of content providers safely, prevents illegal copying, and supports all the processes from generation of contents such as charging fee and settlement to distribution management. This includes digital rights management technology, copyright and enforcement software and security technologies, and payment technology, all of which enable legitimate users to use content and pay the right price.

The DLP (Data Leakage Prevention Solution) searches all the information on the PC and the network used by the in-house employees, detects the user's behavior, and blocks the external leakage in advance.

Recently, the number of smartphones is rapidly increasing, but it is a very personalized device, but mobile terminals with a combination of "mobile phone + PC + internet" provide users with various high functions. , There is no system that prevents anticipated security incidents from occurring and can be traced after a security incident occurs.

Smart devices are very personalized devices that contain personal information. They are used as business tools in the smart work era and mobile office environment. The existing security measures include the use of convenient functions provided by smart devices, There is a limit to prevent security accidents such as unauthorized leakage and to track down the cause of accidents.

SUMMARY OF THE INVENTION Accordingly, the present invention has been made to solve the above-mentioned problems occurring in the prior art, and it is an object of the present invention to provide an access point (AP) in cooperation with existing wireless security measures (wireless IDS, wireless IPS, wireless NAC, (WiFi), and provides a system and method for preventing leakage of internal confidential data due to the use of a smart device in conjunction with an access security solution such as an IP camera or a smart camera will be.

It is another object of the present invention to provide an access point (AP) list which is internally authorized by a security manager when an agent (Agent) is installed in the absence of an existing wireless security solution.

In order to accomplish the object of the present invention, there is provided a system for preventing and tracking leakage of internal confidential data through a smart device, including a smart device on which an OS is installed, security software installed as an application, a camera mounted on the smart device, Smart device devices, including Bluetooth, microphones, internal and external storage media, wireless communication networks (WiFi, 3G / 4G) and GPS modules, prevent leakage of confidential data within the organization, (3G / 4G), whether or not GPS is activated, whether internal or external storage media are activated, whether or not Bluetooth is enabled, whether or not the smart device is enabled for WiFi, An agent layer for collecting security policy information currently set and security policy information newly received; A manager layer for minimizing a resource load of a smart device through wireless communication with the agent layer and performing all security functions in a manager layer to generate an auditable event as a log and store the event in a consolidated database; And a management console layer connected to the manager layer for retrieving stored data of the database and providing a monitoring screen through a general web and a mobile web in cooperation with a web application server (WAS) .

The agent layer includes a network connection unit for supporting access to an authorized access point (AP), an information collection unit for collecting basic information for grasping a security state of the smart device, A policy execution unit for performing a security function according to a policy (device control policy, another solution interworking policy) received by the policy synchronizing unit, A log generation and storage unit for generating and storing all generated events as a log, and an update unit for supporting application update of the latest version of the smart device.

The manager layer includes an access subject authenticating unit for authenticating access to a smart device device to be accessed from the agent to the manager layer, a security policy managing unit for registering / modifying / deleting the control rule for using the smart device device, (AP) access by interworking with wireless security solutions (wireless IDS, wireless IPS, wireless NAC) and access control solutions and IP cameras or smart cameras used for access security, and security for confidential outflow An integrated log management unit for generating and storing as audit data all audit events generated in the manager layer and the log information fetched from the agent layer; A system for analyzing data stored in a database (DB) and generating statistical data A real-time monitoring unit for displaying a security state (device activation) of the smart device to be controlled in real time to prevent unauthorized actions; a GPS-based controller for providing a user position using the GPS module; And an accident tracking function unit for alerting the manager to an attempt to leak internal secret data through the smart device.

The management console layer includes a WAS unit for operating in a web environment, a general web unit for providing a GUI through general web browsing of a PC environment and providing control information, and a mobile web unit for providing a control screen using the smart device. .

The system and method for preventing leakage of internal confidential data through a smart device according to the present invention can be applied to wireless security solutions (wireless IDS, wireless IPS, wireless NAC) and IP cameras , It is possible to prevent threats to be leaked to the outside by taking pictures or listening to confidential information using a camera or a microphone provided by a smart device used as a business tool in a mobile office or a smart work environment, Threats that can leak out to the outside using smart device's USB, SD card, Bluetooth, wireless internet (Wifi), mobile communication network (3G / 4G) etc. can be prevented in advance.

In addition, if it is used in violation of the security policy applied to the smart device, it can be automatically detected by the agent to inform the administrator of the threat, thereby reducing the risk of confidential leakage. In case of confidential leakage, And provides a function of tracking the occurrence of an infringement by a certain person, thereby providing both prevention control and post-detection control.

In addition, if the present invention is interlocked with a security solution including an agent and a DRM and a DLP function in a smart device or a smart tab, it is possible to prevent an illegal change attempt, illegal leakage attempt, illegal shooting , Illegal eavesdropping, etc., and if it is linked with the access security management solution that manages the access right to the personnel who are able to access the area by the security area classified according to the security policy operated by the organization, It is possible to provide a much stronger security measure than the security sticker applied to the security sticker.

FIG. 1 is a block diagram illustrating an internal confidential data leakage prevention and tracking system using a smart device according to an exemplary embodiment of the present invention.
FIG. 2 is a flowchart illustrating a basic operation of the system for preventing leakage of internal confidential data and tracking system using the smart device according to the present invention.

FIG. 1 is a block diagram of a smart device according to an embodiment of the present invention; FIG.

FIG. 1 is a block diagram illustrating an internal secret data leakage prevention and tracking system using a smart device according to an exemplary embodiment of the present invention. The secret information capture 100a, the confidential file external medium movement 100b, A manager layer 300, and a management console layer 400 so that confidential information of the confidential outflow-threatening unit 100 including the user terminal 100 is not leaked through the smart device.

Whether or not to activate the wireless Internet (WiFi) of the smart device, whether to activate the mobile communication network (3G / 4G), GPS activation, whether the internal or external storage medium is activated, An agent layer 200 for collecting security policy information, and an agent module 200 for minimizing a resource load of a smart device through wireless communication with the agent layer 200, performing all security functions, A management console layer 300 connected to the manager layer 300 for retrieving stored data of the database and providing a monitoring screen through a general web and a mobile web in cooperation with a web application server (WAS) (400).

The agent layer 200 includes a network connection unit 200a for supporting connection to an authorized access point (AP), an information collecting unit 200b for collecting basic information for grasping a security state of the smart device, A policy synchronization unit 200c for comparing the policy received from the manager layer 300 with a currently set policy and for changing a policy received from the policy synchronization unit 200c A log generation and storage unit 200e for generating and storing all the events caused by the agent of the agent layer as a log, And an update unit 200f for updating the latest version of the application.

The manager layer 300 includes an access subject authentication unit 300a for authenticating access to the smart device from the agent to the manager layer using a PKI interworking module, (Wireless IDS, wireless IPS, wireless NAC), an access management solution, and an unauthorized access point (not shown) in cooperation with an IP camera or a smart camera used for access security AP) and provides traceable data on the cause of the accident in the event of a security incident to the confidential outflow; a log information fetched from the agent layer (200) and a manager layer An integrated log management unit 300d for generating and storing as audit data all the auditable events generated in the integrated database DB, A real time monitoring unit 300f for displaying a security status (device activation) of the smart device to be monitored in real time to prevent unauthorized actions, A GPS-based controller 300g for providing a user's position using the module, and an accident-tracking function unit 300h for alerting the administrator to an internal confidentiality attempt through the smart device.

The incident tracking function unit includes a time and frequency of use of the smart device camera in the company, GPS information, and a USB connection attempt between the smart device and the in-house computer.

The management console layer 400 includes a WAS unit 400a for operating in a web environment, a general web unit 400b for providing a GUI through general web browsing of a PC environment and providing control information, And a mobile web part 400c for providing a control screen by using the mobile web part 400c.

Hereinafter, the operation of the system for preventing leakage of internal secret data through the smart device according to the embodiment of the present invention will be described in more detail with reference to the accompanying drawings.

First, the present invention creates an auditable event generated by an agent and a manager as a log, and stores it in an integrated DB operated by a manager. The management console provides a web console and a mobile console for the administrator's efficient accessibility. The auditable event includes the identification and authentication information of the agent and the accessing entity of the manager, the setting and change through the GUI, and the device control by the policy.

In addition, the smart device according to the present invention includes a smart phone or a smart pad on which an operating system (OS) is installed to perform internet connection, data communication other than voice communication, and to install and mount various peripherals or applications.

FIG. 1 is a block diagram illustrating an internal confidential data leakage prevention and tracking system using a smart device according to an embodiment of the present invention. The confidential outflow threatening unit 100, which is a threat of confidential outflow due to the use of the smart device, A confidential file external medium movement 100b and a confidential information tapping operation 100c. The confidential information photographing 100a uses a camera function of a smart device to photograph a drawing, a design chart, important information, and the like And the confidential file external medium movement 100b refers to movement of company confidential data to an SD card or a web hard via an in-house PC or the Internet, and the confidential information interception (100c) This means illegal recording of important information.

The agent layer 200 includes a network connection unit 200a, an information collection unit 200b, a policy synchronization unit 200c, a policy execution unit 200d, a log generation / storage 200e, and an update 200f.

The network connection unit 200a makes it possible to connect to the network after confirming that the WiFi access point to be identified is in the list of the authorized access point AP. When the access point AP is connected to the access point AP, 3G, and 4G) data communication is automatically deactivated to block unauthorized access.

The information collecting unit 200b determines whether the agent is capable of activating the wireless Internet (WIFI) of the smart device, activating the mobile communication network (3G / 4G), activating the GPS, storing data (USB, SD card) And the security policy information transmitted from the manager layer 300 to collect the security policy information and the security status of the smart device.

Here, the mobile communication network (3G / 4G) includes voice or data communication of 3G (CDMA) scheme or 4G (LTE) scheme and the storage medium (USB, SD card) , A USB memory, and the like, and the short-range wireless communication includes a short-range communication method such as Bluetooth using a smart device.

 The policy synchronization unit 200c receives the device control policy transmitted from the manager and changes the security policy of the agent to the latest policy. That is, the setting of the remote lock password and the setting of the automatic lock timeout can be compared with the security policy information stored in the agent so as to be changed to the latest policy information.

The policy implementing unit 200d performs a security function according to the received security policy (device control policy, other solution interworking policy) or performs a control by receiving a command from a remote administrator.

The log generation / storage unit 200e generates and stores all events corresponding to the auditable events collected by the agent as a log.

The information collected through the agent includes smart device identification code, user identification code, outflow time, GPS information, outflow type code, detailed outflow information, outflow data (picture file or document file title), hash code In the log data format.

The update unit 200f supports updating of a product or a patch of the latest version of the application installed in the smart device by applying various methods (USB, OTA, etc.) in a more convenient manner.

The manager layer 300 includes an access subject authenticating unit 300a, a security policy managing unit 300b, an other solution interlocking unit 300c, an integrated log managing unit 300d, a statistic generating unit 300e, a real time monitoring unit 300f, A GPS-based control unit 300g, and an accident tracking function unit 300h.

In the access subject authentication unit 300a, a key pair (public key, private key) using a public key infrastructure (PKI) technology is used for a smart device user or a smart device device to be accessed from the agent to the manager To authenticate access.

The security policy management unit 300b performs management such as registration / modification / deletion of a control rule for use of a smart device in order to prevent leakage of confidential information in the company. The security policy management unit 300b manages the wireless security solution (wireless IDS, wireless IPS, wireless NAC Etc.), access control solutions, and interworking rules that can be interfaced with IP cameras and smart cameras used for access security.

In the other solution interworking unit 300c, an unauthorized access point (AP) is interlocked with an established wireless security solution (wireless IDS, wireless IPS, wireless NAC, etc.), an access management solution, ) And provides data to trace the cause of the accident in the event of a security incident to a confidential disclosure.

In the integrated log management unit 300d, the log information retrieved from the agent and the auditable events generated in the manager layer are all generated and stored as audit data, so that the cause of the security incident can be grasped through correlation analysis when a security incident occurs.

The statistic generator 300e analyzes statistical data by analyzing the stored data of the integrated database. That is, a large amount of data including various information such as a log of smart device users and security manager actions stored in the integrated database, an agent layer occurrence log, a manager layer occurrence log, and an access history to an agent and a manager is multidimensional And analyze various statistical data.

The real-time monitoring unit 300f can display the security state (device activation) of the target smart device in real time to prevent unauthorized actions.

The GPS-based controller 300g provides a user location and other additional services using GPS. That is, the present location of the smart device, the movement of the smart device, and other additional services are provided as a control element.

The accident tracking function unit 300h detects the occurrence of an internal air tightness at the time when the internal air tightness is leaked by the smart device through the operation results of the other solution interlocking unit 300c, the integrated log managing unit 300d and the GPS based controlling unit 300e , And by whom and how it was leaked. In other words, if an in-house use time, number of times of using a smart device camera, GPS information, and a USB connection attempt between the smart device and the in-house computer are detected, it is determined as an internal confidential outflow attempt and the time, .

The management console layer 400 includes a WAS unit 400a, a general web unit 400b, and a mobile web unit 400c. The management console layer 400 can display dynamic screens on the web and mobile by applying FLEX or HTML5 technology. And bringing the console to the general web and mobile, allowing you to manage confidential data leakage threats on the go.

The log data transmitted from the log generation / storage unit 200e is transmitted to a manager, and after parsing, information such as GPS position, alarm information, time, and user is displayed in an icon and window form on the map, The type code is as follows.

CONNECTIVITY_CHANGE: "Network state changed",

SCREEN_OFF: "Screen is off",

SCREEN_ON: "Screen is on",

USER_PRESENT: "Device is powered on",

TIME_TICK: "Device time has changed",

TIME_SET: "Device time specified",

DATE_CHANGED: "Device date changed",

TIMEZONE_CHANGED: "The device's time zone has changed",

ALARM_CHANGED: "Device alarm time has changed",

SYNC_STATE_CHANGED: "SYNC_STATE_CHANGED",

BOOT_COMPLETED: "Boot is complete",

CLOSE_SYSTEM_DIALOGS: "System window closed",

PACKAGE_INSTALL: "Package has been downloaded and installed"

PACKAGE_ADDED: "Package Installed",

PACKAGE_REPLACED: "Package has been updated to a new version",

PACKAGE_REMOVED: "package has been removed",

PACKAGE_CHANGED: "Package changed",

PACKAGE_RESTARTED: "Package has been restarted",

PACKAGE_DATA_CLEARED: "The cache of the package has been deleted",

UID_REMOVED: "Device UID has been deleted",

WALLPAPER_CHANGED: "Wallpaper changed",

CONFIGURATION_CHANGED: "Device settings have been changed",

LOCALE_CHANGED: "Device locale information changed",

BATTERY_CHANGED: "Battery information changed",

BATTERY_LOW: "Battery low",

BATTERY_OKAY: "Battery is good enough"

ACTION_POWER_CONNECTED: "Charging cable connected",

ACTION_POWER_DISCONNECTED: "Charging cable is missing",

ACTION_SHUTDOWN: "Device is powered off",

ACTION_REQUEST_SHUTDOWN: "ACTION_REQUEST_SHUTDOWN",

DEVICE_STORAGE_LOW: "Device's storage is low"

DEVICE_STORAGE_OK: "Device has enough storage",

MANAGE_PACKAGE_STORAGE: "Package Management Manager will run",

UMS_CONNECTED: "Device is connected in USB mode",

UMS_DISCONNECTED: "Device has exited USB mode",

MEDIA_REMOVED: "SD card removed from device",

MEDIA_UNMOUNTED: "SD card has been UNMOUNTED on device",

MEDIA_CHECKING: "Checking SD card for disk",

MEDIA_NOFS: "SD card is connected",

MEDIA_MOUNTED: "SD card is connected",

MEDIA_SHARED: "USB is connected and SD card is UNMOUNT",

MEDIA_BAD_REMOVAL: "SD card has been removed but not UNMOUNT",

MEDIA_UNMOUNTABLE: "Can not MOUNT SD card",

MEDIA_EJECT: "User ran SD card removal",

MEDIA_SCANNER_STARTED: "Media scanners have started a directory scan",

MEDIA_SCANNER_FINISHED: "Media scanner has finished scanning the directory",

MEDIA_SCANNER_SCAN_FILE: "The media scanner has saved the scanned file list in the media database",

MEDIA_BUTTON: "Media button pressed",

CAMERA_BUTTON: "Camera used",

GTALK_CONNECTED: "GTALK connected",

GTALK_DISCONNECTED: "GTALK disconnected",

INPUT_METHOD_CHANGED: "Input Method changed",

AIRPLANE_MODE: "flight mode has been triggered",

PROVIDER_CHANGED: "File provider changed",

HEADSET_PLUG: "Headset connected",

NEW_OUTGOING_CALL: "Call is in progress",

REBOOT: "Device is rebooting",

DOCK_EVENT: "Connected to device dock",

REMOTE_INTENT: "Connected to another storage device",

PRE_BOOT_COMPLETED: "Device booting is complete",

WIFI_STATE_CHANGED: "WIFI status changed",

BACKGROUND_DATA_SETTING_CHANGED: "Data settings have changed",

STATE_CHANGED: "Connected or disconnected from Bluetooth device",

RINGER_MODE_CHANGED: "Ringer Mode has changed",

SYNC_CONN_STATUS_CHANGED: "SYNC_CONN_STATUS_CHANGED",

SMS_RECEIVED: "Text message received"

Based on the logs collected as above, various alarms are provided to the control personnel to quickly identify the type and location of the risk.

FIG. 2 is an overall operation flowchart according to an embodiment of the present invention. The basic operation flow after execution of an agent application in a smart device is as follows.

① Network connection: Agent determines whether it is an authorized access point (AP) after identification of an access point (AP), and then connects normally to the wireless Internet network (WIFI). If the identified access point (AP) does not exist in the list held by the agent, it is reconfirmed whether it is the authorized access point from the manager, and the network access is made possible.

② Information gathering: Whether activation of wireless Internet (WIFI) which can know the security status of smart device, activation of mobile communication network (3G / 4G), activation of GPS, activation of storage medium (USB, SD card etc.) Bluetooth), and the currently set security policy and the security policy information delivered from the manager.

③ Policy Synchronization: Compares the security policy stored in the agent with the security policy received from the server and changes to the latest policy.

④ Policy execution part: Perform security function according to security policy or control by receiving command from remote administrator.

- Device control policy: Enables or disables the use of network (WiFI, 3G / 4G), storage media (USB, SD card), Bluetooth, camera, GPS.

- Remote Lock Password: Set the password used to remotely lock the smart device.

- Auto lock timeout time: Set the timeout time for the smart device to lock automatically.

- Rules for linking with other solutions: Establish linkage rules for interworking with established wireless security solutions (wireless IDS, wireless IPS, wireless NAC, etc.), access control solutions, and IP cameras and smart cameras used for access security.

⑤ Log generation: Logs all the situations caused by the agent.

⑥ Log storage: ⑤ The logs generated during log creation are saved, and the logs are periodically sent to the manager and stored in the integrated DB.

⑦ Repeat: As long as the agent is not deleted by the normal process, it returns to the ② information collection process and repeats it.

Although specific embodiments of the present invention have been illustrated and described above, it will be appreciated that the system and method for preventing and tracking internal secret data leakage through the smart device of the present invention can be implemented in various ways by those skilled in the art.

It should be understood, however, that such modified embodiments are not to be understood individually from the spirit and scope of the invention, and such modified embodiments are intended to be included within the scope of the appended claims.

100: Confidential Spill Threat Department
100a: a confidential information photographing unit, 100b: a confidential file external medium moving unit,
100c: Confidential information eavesdropping section
200: Agent layer
200a: information collection unit, 200b: security policy management unit
200c: policy synchronization unit 200d: policy execution unit
200e: log generation / storage unit 200f:
300: Manager layer
300a: Access subject authentication unit 300b: Security policy management unit
300c: other solution interworking unit 300d: integrated log management unit
300e: statistic generating unit 300f: real-time monitoring unit
300g: GPS-based control unit 300f: accident tracking function unit
400: Management console layer
400a: General Web 400b: Mobile Web

Claims (22)

A smart phone equipped with an operating system (OS), security software installed as an application, a camera mounted on the smart device, a Bluetooth, a microphone, an external storage medium, a wireless communication network (WiFi, 3G / 4G ), Preventing leakage of confidential data in an organization through a smart device device including a GPS module, and tracking the cause of security incidents when an accident occurs,
Whether or not to activate the wireless Internet (WiFi) of the smart device, to activate the mobile communication network (3G or 4G), to activate the GPS, to activate the internal or external storage medium, to activate the Bluetooth, An agent layer 200 for collecting security policy information;
All security functions are performed in the manager layer through wireless communication with the agent layer 200 to generate an auditable event as a log and store the event in a consolidated database. The wireless security solution (wireless IDS, wireless IPS, wireless NAC ), Access control solutions, access to unauthorized access points (APs) in conjunction with IP cameras or smart cameras used for access security, and providing traceable data on the causes of accidents in case of security incidents A manager layer 300 including the other solution interworking unit 300c; And
And a management console layer (400) connected to the manager layer (300) for retrieving stored data of the database and providing a monitoring screen through a general web and a mobile web in cooperation with a web application server (WAS) Features a smart device to prevent leakage of internal confidential data and tracking system. The method according to claim 1,
The agent layer 200 includes a network connection unit 200a for supporting connection to an access point (AP) to which the smart device is authorized;
An information collecting unit (200b) for collecting basic information that can grasp the security state of the smart device;
A policy synchronization unit 200c for comparing the policy received from the manager layer 300 with the currently set policy;
A policy execution unit 200d for performing a security function according to a policy received from the policy synchronization unit 200c;
A log generation and storage unit 200e for generating and storing all the events collected by the agent of the agent layer 200 as logs; And
And an update unit (200f) for updating the application of the latest version of the smart device,
Wherein the policy is configured to include a device control policy and a policy for interlocking with another solution, and a system for preventing and tracking leakage of confidential data through a smart device. 3. The method of claim 2,
The network connection unit 200a enables access to the wireless Internet only through an access point (AP) among wireless Internet (WiFi) networks identified by the smart device, and the access point Wherein the data communication of the mobile communication network (3G, 4G) of the smart device is automatically deactivated and the non-authorized access is blocked when the smart device is connected. 3. The method of claim 2,
For the security of the smart device, the information collecting unit 200b determines whether the agent has activated the wireless Internet (WIFI) of the smart device, activates the mobile communication network (3G / 4G), whether the GPS is activated, The security policy information transmitted from the manager layer 300 and the security policy information transmitted from the manager layer 300 can be collected to determine the security state of the smart device. Tracking system. 3. The method of claim 2,
The policy synchronization unit 200c compares the device control policy, the remote lock password setting, and the auto lock timeout time settings transmitted from the manager layer with the security policy information stored in the agent to change the policy information to the latest policy information. A system for preventing and tracking leakage of confidential data through. 3. The method of claim 2,
Wherein the policy execution unit (200d) performs a security function according to a security policy or performs a control by receiving a command from a remote administrator. 3. The method of claim 2,
The log generation and storage unit 200e logically generates and stores all the events corresponding to the auditable events collected by the agent,
The log data collected and stored in the log generating and storing unit 200e includes information such as a smart device identification code, a user identification code, a leak time, GPS information, a leak type code, detailed leak information, A file or a document file title), and a log data format including a hash code for ensuring data integrity. 3. The method of claim 2,
Wherein the update unit (200f) supports update of a product or a patch of a latest version of an application installed in the smart device. The method according to claim 1,
The manager layer 300 includes an access subject authentication unit 300a for authenticating access to the smart device to access the manager layer 300 using a public key infrastructure (PKI) interworking module and a hash value.
A security policy management unit 300b for registering / modifying / deleting control rules for use of the smart device device;
It blocks access to unauthorized access points (APs) in conjunction with established wireless security solutions (wireless IDS, wireless IPS, wireless NAC), access control solutions and IP cameras or smart cameras used for access security, An other solution interworking unit 300c for providing traceable data on the cause of the accident in the event of a security incident on the network;
An integrated log management unit 300d for generating and storing audit information generated in the manager layer 300 and log information obtained from the agent layer 200 as audit data;
A statistic generator 300e for analyzing data stored in the integrated database (DB) and generating statistical data;
A real-time monitoring unit 300f for displaying a security state (device activation) of the smart device in real time to prevent unauthorized actions;
A GPS-based controller 300g for providing user location information using the GPS module;
And an accident tracking function unit (300h) for alarming an administrator when an attempt is made to leak internal secret data through the smart device. 10. The method of claim 9,
The access subject authenticating unit 300a authenticates the access to the smart device through the key pair (public key, private key) using public key infrastructure (PKI) technology in the agent layer to access the manager layer Features a smart device to prevent leakage of internal confidential data and tracking system. 10. The method of claim 9,
The security policy management unit 300b manages control rules for smart device device use to prevent leakage of confidential information in the company, and controls security policies (wireless IDS, wireless IPS, wireless NAC), access management solution and access security This system manages the interworking rules for interworking with the IP camera or smart camera to be used. 10. The method of claim 9,
The other solution interworking unit 300c is an unauthorized access point (AP) in cooperation with an established wireless security solution (wireless IDS, wireless IPS, wireless NAC), an access management solution, an IP camera or a smart camera used for access security, And provides traceable data on the cause of the accident in the event of a security incident to the confidential outflow. The system for preventing and tracking leakage of internal confidential data through a smart device. 10. The method of claim 9,
The integrated log management unit 300d generates and stores log information retrieved from the agent layer and an auditable event generated in the manager layer as audit data to identify the cause thereof through correlation analysis in the event of a security incident, Confidential data leakage prevention and tracking system. 10. The method of claim 9,
The statistics generator 300e may be configured to generate a log of smart device users and security administrator activities stored in the integrated database, an agent layer occurrence log, a manager layer occurrence log, and mass storage data including access history information to the agent and the manager, And analyzing the collected data to derive a variety of statistical data. 10. The method of claim 9,
Wherein the real-time monitoring unit (300f) displays the security state (device activation) of the target smart device in real time. 10. The method of claim 9,
The GPS-based controller 300g can provide information on the current position of the smart device, the movement of the smart device, and other additional services as a control element using the location information of the smart device using the GPS, Prevention and tracking system. 10. The method of claim 9,
The accident tracking function unit 300h may be configured to detect an operation of the other solution interlock part 300c, the integrated log management part 300d and the GPS based control part 300e when the internal air tightness is leaked by the smart device Track when, by whom, how it has been released,
Wherein the internal confidential outflow attempt is determined to be an internal confidential outflow attempt when an in-house use time, number of times, GPS information in using a smart device camera, and USB connection attempt between a smart device and an in-house computer are detected. To prevent leakage of internal confidential data and tracking system. The method according to claim 1,
The management console layer 400 includes a WAS unit 400a for operating in a web environment;
A general web part 400b for providing a GUI through general web browsing of a PC environment and providing control information; And
And a mobile web part (400c) for providing a control screen using the smart device. 19. The method of claim 18,
The WAS unit 400a, the general web unit 400b, and the mobile web unit 400c can display a variety of dynamic screens on the web and mobile by applying FLEX or HTML5 technology, It is a system to prevent leakage of internal confidential data through smart device and to manage the threat of leakage of confidential data even when moving due to import. The method according to claim 1,
When the smart device is interfaced with the security solution including the agent and DRM and DLP function, the security administrator of the smart device can efficiently and effectively prevent the illegal act including illegal change attempt, illegal leakage attempt, illegal shooting, Monitoring and preventing leakage of internal confidential data through a smart device. A smart phone equipped with an operating system (OS), security software installed as an application, a camera mounted on the smart device, a Bluetooth, a microphone, an external storage medium, a wireless communication network (WiFi, 3G / 4G ), A method for preventing leakage of internal confidential data through a smart device device including a GPS module to prevent leakage of confidential data within the organization, and tracking the cause of a security incident,
(A) determines whether the AP is an authorized access point after identifying the AP by the agent, and then accesses the wireless Internet network (WIFI) normally. If the identified access point (AP) does not exist in the list held by the agent A network connection process for reconfirming whether the access point is authorized by the manager and performing network connection;
(B) whether or not to activate wireless Internet (WIFI) to know the security status of the smart device, to activate the mobile communication network (3G / 4G), to activate the GPS, to activate the storage medium ), Information on the current security policy, security policy information delivered from the manager;
(C) a policy synchronization process for comparing the security policy stored in the agent with the security policy received from the server and changing the security policy to the latest policy;
(D) a policy execution process for performing a security function according to a security policy or performing a control by receiving a command from a remote administrator;
(E) a log generation process for generating all logs generated as a result of the agent;
(F) a log storing step of storing the log generated in the log generating step, and the stored log is periodically transmitted to the manager and stored in the integrated DB,
Wherein the process returns to the information collection process and repeats the process as long as the agent is not deleted by the normal process of the steps (A) to (F). 22. The method of claim 21,
The policy execution step may include a device control policy step for activating or deactivating the use of a network (WiFI, 3G / 4G), a storage medium (USB, SD card), Bluetooth, a camera and GPS;
Setting a password to be used when remotely locking the smart device;
Setting a timeout time for allowing the smart device to be automatically locked; And
And establishing an interworking rule for interworking with a pre-built wireless security solution (wireless IDS, wireless IPS, wireless NAC, etc.), an access control solution, and an IP camera or a smart camera used for access security To prevent leakage of internal confidential data through a smart device.

Images