KR101676782B1 - Document Security Management System using MDM, Mobile Virtualization and short-distance and angle detection face recognition technologies - Google Patents

Document Security Management System using MDM, Mobile Virtualization and short-distance and angle detection face recognition technologies Download PDF

Info

Publication number
KR101676782B1
KR101676782B1 KR1020150098113A KR20150098113A KR101676782B1 KR 101676782 B1 KR101676782 B1 KR 101676782B1 KR 1020150098113 A KR1020150098113 A KR 1020150098113A KR 20150098113 A KR20150098113 A KR 20150098113A KR 101676782 B1 KR101676782 B1 KR 101676782B1
Authority
KR
South Korea
Prior art keywords
mobile device
face
mobile
mdm
security
Prior art date
Application number
KR1020150098113A
Other languages
Korean (ko)
Inventor
이성중
Original Assignee
주식회사 엑스큐어넷
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 엑스큐어넷 filed Critical 주식회사 엑스큐어넷
Priority to KR1020150098113A priority Critical patent/KR101676782B1/en
Application granted granted Critical
Publication of KR101676782B1 publication Critical patent/KR101676782B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06K9/00221

Abstract

A document security management system using MDM and mobile virtualization and face and angle identification face recognition technology is disclosed. A document security management system using MDM and mobile virtualization and a face and angle identification facial recognition technology includes a mobile hypervisor for creating a parallel virtualized stack in which a plurality of operating systems are simultaneously executed by virtualizing hardware of a device, A device management unit connected to the in-house network through a mobile communication modem (3G, 4G) or wireless LAN (Wi-Fi) and allowing an application to operate in a general area and an encrypted virtual area; If the feature values of the eyes, nose, and mouth of the photographed face photograph are not authenticated by comparing the feature values of the eyes, nose, and mouth, the document viewer program running on the mobile device according to the remote control of the MDM server It is equipped with an MDM agent which controls the security document to be closed or not visible on the display screen according to the remote lock control command A mobile device; A business server which is connected to the mobile device through a communication network (Wi-Fi, 3G, or 4G) and stores security documents and business documents in a company that requires military, security, and Top Secret confidentiality; A virtualization server for storing and managing data for virtualization of the mobile device for each mobile device; And a feature point of a face photograph photographed by a camera of the mobile device is not recognized when a feature point of a face photograph previously stored by the face recognition technology is compared or when a direction of a screen of the mobile device is changed, When the photograph is not recognized or when the distance or angle of the user's face and the smartphone are changed, the screen of the mobile device disappears or the content of the security document viewed disappears or the remote lock function of the mobile device is controlled MDM server.

Description

{Document security management system using MDM, mobile virtualization, and short-distance and angle detection face recognition technologies using face recognition technology}

The present invention relates to a document security management system using MDM, mobile virtualization, and short-distance and angular identification facial recognition technology, and more particularly to a document security management system using general- (Document, moving picture, voice file, etc.) to be downloaded or browsed in the mobile phone, as well as in cases where the mobile phone is downloaded Permission to handle confidential documents (documents, videos, voice files, etc.) transmitted Confidentiality of confidential documents through face recognition technology using camera of mobile smartphone paid to user You can not view or listen to the contents, The present invention relates to a document security management system using MDM and mobile virtualization and near-field and angle identification facial recognition technology, which enhances user authentication authentication of secret documents of smartphone through alcohol and MDM and face recognition technology.

Recently, as the virtualization technology that runs multiple operating systems on one device has been extended to mobile devices of iOS and Android, data based on BYOD (Bring Your Own Device), which allows employees to use their personal mobile devices for corporate business It is expected to strengthen the safety and security of mobile devices to IT departments of companies that are in the process of security problems.

Virtualization is widely applied to server virtualization, cloud computing, desktop virtualization, and embedded virtualization. By applying virtualization to mobile devices, it is possible to solve the security and management problems of data by using "Dual Identity" or "Dual Personal" technology as a separate execution environment for important data and applications.

Mobile device virtualization can be used as a separate operating system by running multiple operating systems on a single smartphone or by supporting two instances on the same operating system.

FIG. 1 is a diagram for classifying the type of mobile virtualization according to a location of a hypervisor.

Mobile device virtualization is defined as driving a hypervisor on a device chipset or directly on the operating system of the device. Hypervisor refers to software that allows multiple operating systems to run simultaneously on a single host device. By virtualizing the underlying device hardware using a hypervisor, a parallel (virtualized) Create a stack.

The hypervisor is classified into two types depending on its location. Accordingly, mobile virtualization is divided into two types: '1 type (Type 1)' and '2 type (Type 2)'.

'Type 1' is called 'Bear Metal Virtualization' and works directly on top of the host mobile hardware, direct application of the lower supervisor on the device's chipset, direct access to hardware resources do. 'Bare metal' means that there are no requirements regarding the existing installed software or operating system (OS).

'Type 2' is called 'Hosted Virtualization' and a new operating system, called a guest OS, runs within the 'host' mobile operating system environment.

That is, '1 type' is characterized in that a plurality of execution environments are completely isolated, and '2 type' is characterized in that the performance of the host OS greatly affects the performance of the guest OS.

      division              Type 1 (Type 1)                   2 Type (Type 2) Location of Hyperbar - Just above the host mobile hardware - Within the guest mobile operating system environment     Key Features - Host multiple guest operating systems
Can monitor
- Direct access to hardware resources optimizes the performance of each virtualized operating system - The installation of the hypervisor and the guest OS is usually similar to the way the app is installed
- Guest OS performance is very dependent on host OS       Security - Each guest operating system is completely isolated from each other, so even if one guest OS is at risk of security, it does not affect other OSes. - The threat situation that makes the host OS not to work because the guest OS depends on the host OS makes the guest OS also not work

Operating systems that drive devices for mobile virtualization are classified into High-Level Operating System (HLOS) and Real-Time Operating System (RTOS).

The High-Level Operating System (HLOS) needs to be able to run multiple applications simultaneously (multitasking), use third party applications, and run applications regardless of network type. The mobile operating system classified as HLOS includes the operating systems of smartphones such as iOS, Android, Linux, Blackberry OS, WP7, WebOS, MiGo Symbian.

Since RTOS (Real-Time Operating System) is an operating system that is executed correctly at a fixed time, not real time, it is an OS applied to a system that can predict the operation time of the system. The devices equipped with RTOS include some small- Phones, automobile engine controllers, and engine controllers of fighter jets.

Figure 2 illustrates a smartphone architecture optimized with mobile virtualization technology.

In the case of smartphones, instead of using the separate 'baseband chip' and 'application chip' to communicate, using a virtualized processor to remove the application chip and its associated peripherals makes it possible to use smaller batteries This reduces manufacturing costs by reducing parts.

For example, in the momolithic kernel used in most systems where no virtualization is applied, most of the components are in one piece, so the size of the kernel is very large and one part of the error causes damage to the entire kernel Occurs.

On the other hand, the microkernel with mobile virtualization technology provides only the core functions, and the overriding components exist as virtual machines on top of the virtual memory, reducing the size of the kernel, which significantly reduces the error rate compared to the monolithic kernel have.

In BYOD, mobile virtualization encapsulates each virtual machine on a hypervisor that can increase security, making it impossible to access security-critical applications in isolated areas without going through the hypervisor.

In other words, since the enterprise application and the personal app can be separated from each other, the company can use 'business mode' as a 'personal mode' at home. Even if it is a personal application, It is possible to use an application that requires security.

The hypervisor is able to secure the security of the mobile devices of the transporters who are switching to the open network by allowing the hypervisor to operate in a virtual machine that can easily operate the service (billing, authentication, call service) .

Mobile virtualization companies are using 'Red Bend', which uses a hypervisor 'Type 1' for Android-based Galaxy Nexus smartphones, and 'Red Bend', a hypervisor for smartphones using Android and iOS operating systems. And VMware (VMWare), which uses Type 2 (Type 2).

As a related art related thereto, a method and apparatus for providing a multi-channel for supporting a smart work security framework in a mobile virtualization environment (Patent Publication No. 10-2015-0055934) are disclosed.

FIG. 3 is a diagram showing the main functions of Mobile Device Management (MDM) managing a mobile device (smart phone, tablet PC) installed with an MDM agent remotely through an MDM client and an MDM server.

MDM stands for Mobile Device Management (MDM), which means a system that manages mobile devices such as smart phones remotely and at any time, and eventually manages PCs and laptops in a single environment. The concept of MDM refers to a system that remotely manages a mobile device when the mobile device is in the power-on state remotely anytime, anywhere using OTA (Over The Air). In recent years, with the introduction of MDM products that can support iOS smartphones in addition to the existing Android, full-scale solutions for mobile security are being presented. Table 2 shows the main functions of the MDM solution.

     function       Detail      Classification               function Various OS
Device Support Android
IPhone, Windows Phone, Blackberry, Palm, etc. Manage Settings Manage deployment of Wi-Fi and VPN settings
Manage your mail, contacts, and contacts sync settings
psxmdnjzm settings, MS OCS settings management  Application Management Black & White List Control
Remote installation and deletion
Manage file distribution Personal service portal View and manage your call history
Remote lock and factory reset
Back up and restore important data  Security management Device / file / folder selective encryption
Strong password policy enforcement
Prison Break (iPhone), Routing (Android) Limited Helpdesk Copy, delete, and search remote files / folders
Process management (kill, activate, run)
VoIP call, messenger communication  Asset management Manage devices by user and group
Monitor all details of the device
Software, hardware history management Installation and management Easily deploy agent deployment to devices
Easily install and update related programs
Manage various reports and roaming  Lost device Device remote lock
Device remote factory reset Resource limits Camera Bluetooth, Infrared Beam Usage Restriction
Wi-Fi access restrictions

In the embodiment of FIG. 3, MDM is used to delete a remote lock of a mobile device such as a smart phone or a tablet PC, a terminal location inquiry, a routing detection, a password setting control, a camera, a Wi-Fi media control, Viewing, execution of application installation and execution control by the user, distribution of application by department, and execution of a specific user by the operator. If MDM server registers lost / stolen information with the MDM server according to the loss report of the mobile device, MDM informs the lost / stolen terminal about the data in the terminal through remote lock / unlock control, remote backup / restore and data deletion Provides location inquiry function of lost terminal based on protection management, GPS and location information. In addition, MDM is a security enhancement function that provides password setting control, malicious terminal monitoring (terminal locking in detection of rooting / jailbreak, terminal locking in detection of USIM change), antivirus integration and virus scan history log, MDM agent deletion / Termination prevention function. In addition, MDM provides efficient device control through batch and selective use control for various devices such as cameras, Wi-Fi, and Bluetooth as needed. It has a load balancer and an L4 switch for MDM server-client communication distribution for large-capacity transaction processing structure and security design.

FIG. 4 is a diagram illustrating an example of an operation of releasing a security risk element by providing HTTPS communication in an encrypted form between an MDM agent and an MDM server, installing a MDM G / W in a DMZ area, This is a MDM solution configuration diagram that minimizes the risk.

MDM system minimizes server related security problem by applying TLS (Transport Layer Security) encryption to server - client communication section and by separating MDM server into MDM G / W and in - house DB.

MDM provides security and communication to manage various communication channels such as mail, web, groupware, and USB storage media, which can leak data in business environment, through a management console (MDM client) Performs enterprise-wide monitoring and control in response to device security threats.

However, conventional mobile devices such as smart phones, tablet PCs, and the like have access to documents stored in military smart phones, which are paid by military or security organizations, There was a problem of.

Patent Publication No. 10-2015-0055934

The object of the present invention for solving the problems of the prior art is to provide a document management system capable of maintaining a technical security level up to the top secret paid by a military or a security institution. ) Technology allows only the user to view the content of the task other than the user, and only when the recognized face image is a user who is authorized to authenticate, the content of the document is displayed on the screen and the orientation of the screen of the smartphone is changed If the user rotates his / her face, if the user's picture is not recognized, or the distance or angle changes, the screen of the smartphone disappears or the contents of the security document of the smartphone disappearing. MDM and mobile virtualization, the basis for managing security documents on mobile devices by enhancing user awareness The present invention provides a document security management system using facial recognition technology.

delete

In order to accomplish the object of the present invention, a document security management system using MDM and mobile virtualization using a short-distance and angle-identification facial recognition technology is a system in which a plurality of operating systems are simultaneously executed in parallel to form a virtualized stack A device manager for accessing the in-house network via a mobile communication modem (3G, 4G) or a wireless LAN (Wi-Fi) and operating the application in the general area and the encrypted virtual area, When the feature values of the eyes, nose, and mouth of the photographed face photograph are not authenticated by comparing the feature values of the eyes, nose, and mouth of the previously registered face photographs at the time of recognition, they are executed on the mobile device according to the remote control of the MDM server The document viewer program can be used to close the security document through process kill or to display on the display screen according to the remote lock control command A mobile device having an MDM agent for controlling the MDM agent; A business server which is connected to the mobile device through a communication network (Wi-Fi, 3G, or 4G) and stores security documents and business documents in a company that requires military, security, and Top Secret confidentiality; A virtualization server for storing and managing data for virtualization of the mobile device for each mobile device; And a feature point of a face photograph photographed by a camera of the mobile device is not recognized when a feature point of a face photograph previously stored by the face recognition technology is compared or when a direction of a screen of the mobile device is changed, When the photograph is not recognized or when the distance or angle of the user's face and the smartphone are changed, the screen of the mobile device disappears or the content of the security document viewed disappears or the remote lock function of the mobile device is controlled MDM server.

In the system, when the face recognition is performed by a server method, a face image photographed by a camera of the mobile device is received through a communication network, and the facial image of the user, A facial recognition system that compares the feature points of eyes, nose, and mouth of a user with a face authentication function of a secure document; And a face photograph DB for storing face photographs of the user who is granted the access right of the corresponding mobile device.

The mobile device is located directly above the operating system (Android, iOS) of a mobile device such as a smart phone and a tablet PC. The mobile device is a mobile device that virtualizes hardware of a smart device, thereby generating a parallelized virtualized stack Hypervisor; A memory in which an encrypted virtual area and a general area are allocated; It is connected to the in-house network through a mobile communication modem (CDMA, LTE) or wireless LAN (Wi-Fi). In the normal mode, the user is not authenticated. A device management unit for causing an application to operate in a virtual area; And facial recognition system. If facial authentication is not possible, the document is closed (close) according to the remote control of the MDM server (MDM server) or the document is locked according to the remote lock control command And an MDM agent (MDM agent) for controlling the display screen to be hidden from view.

In order to accomplish another object of the present invention, a document security management method using MDM and mobile virtualization using short-distance and angle identification facial recognition technology includes (a) virtualizing hardware of a device by a hypervisor to allow a plurality of operating systems It creates a parallelized virtualized stack that is executed simultaneously, and the memory is allocated to the encrypted virtual area and the general area. It is connected to the internal network through a mobile communication modem (3G, 4G) or wireless LAN (Wi-Fi) An application in an area and an encrypted virtual area; (b) downloading a security document from the business server to a virtualized mobile device after authenticating the user to a business server of the intra-network; (c) comparing the feature values of the eyes, nose, and mouth of a facial photograph photographed at a predetermined time interval with the camera of the virtualized mobile device, Confirming the face recognition authentication; And (d) if a facial photograph photographed at a predetermined time interval by the camera of the virtualized mobile device is not authenticated, a document viewer program executed in the virtualized mobile device according to a remote control of the MDM server, the security document is closed by the MDM agent through kill or the screen is locked by the MDM agent according to the remote lock control command received from the MDM server and displayed on the display screen And a control unit for controlling the control unit.

The MDM server may be configured such that when the feature values of the eyes, nose, and mouth of the face photographs taken by the camera of the mobile device are compared with the feature values of the eyes, nose, and mouth of the face photograph previously stored by the face recognition technology, Or if the direction of the screen of the mobile device changes or if the user rotates his / her face and the user's picture is not recognized or the effective distance or angle of the user's face and the smartphone becomes different, Transmitting to the MDM server or transmitting to the MDM server through the face recognition system; And

The MDM server transmits a remote control command to the MDM agent of the virtualized mobile device to control the virtualized mobile device to disappear immediately or the contents of the security document that the user has viewed disappear, And the remote lock function is controlled.

The document security management system and method using MDM and mobile virtualization according to the present invention using short-range and angle-identification facial recognition technology are stored in a military executive mobile smartphone which must maintain a technical security level up to the top secret paid by the military or security institution The user can view only the contents of the job except the user through the facial recognition (photograph) technology of the near and the angle identification using the camera with the camera. If the recognized face photograph is the user who is permitted to authenticate, If the direction of the screen of the smartphone is changed or the user does not recognize the user's image when the user turns his or her face and the distance or angle of the smartphone is changed, the screen of the smartphone disappears immediately, The contents of the security document of the mobile phone disappear, and the security document of the military executive mobile phone Enhance user awareness to the effect that manage security documents on mobile devices.

The above and other objects, features and advantages of the present invention will become more apparent from the following detailed description of the present invention when taken in conjunction with the accompanying drawings. Advantages and features of the present invention and methods of achieving them will become apparent with reference to the following embodiments together with the accompanying drawings. Like reference numerals refer to like elements throughout the specification.

FIG. 1 is a diagram for classifying the type of mobile virtualization according to a location of a hypervisor.
Figure 2 illustrates a smartphone architecture optimized with mobile virtualization technology.
FIG. 3 is a diagram showing the main functions of Mobile Device Management (MDM) managing a mobile device (smart phone, tablet PC) installed with an MDM agent remotely through an MDM client and an MDM server.
FIG. 4 is a diagram illustrating an example of an operation of releasing a security risk element by providing HTTPS communication in an encrypted form between an MDM agent and an MDM server, installing a MDM G / W in a DMZ area, This is a MDM solution configuration diagram that minimizes the risk.
Figure 5 is a block diagram of a document security management system using MDM, mobile virtualization, and near and far identification facial recognition technology according to the present invention.
FIG. 6 is a flowchart illustrating a document security management method using MDM, mobile virtualization, and close-range and angle identification facial recognition technology according to an embodiment of the present invention.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.

Figure 5 is a block diagram of a document security management system using MDM, mobile virtualization, and near and far identification facial recognition technology according to the present invention.

The document security management system and method using the MDM (Mobile Device Management) and mobile virtualization of the present invention using the near-field and angle-identification facial recognition technology are classified into a top secret which is paid by the military or a security institution, The security document stored in the smart phone can be viewed only by the user through the facial recognition (photograph) technology of the near and the angle identification using the camera. The feature points of the previously registered face photographs downloaded from the face recognition system The content of the document is displayed on the screen only when the compared face photograph is a user who is permitted to be authenticated, and the face photograph automatically captured by the camera of the mobile device is stored at a predetermined time interval (for example, 5 seconds, 10 seconds) And compared with the feature values of the eyes, nose, and mouth of the face photographs of the registered authenticated licensees of the face recognition system If the direction of the screen of the smartphone is changed or the user turns the face, the user's picture is not recognized, or the distance or angle of the user's face and the smartphone are changed, the screen of the smartphone disappears immediately or the security document To manage the security document of the mobile device by enhancing the user recognition function of the security document of the smartphone carried by the military officer.

The document security management system using MDM, mobile virtualization, and angle and angle identification facial recognition technology according to the present invention includes a mobile device 10, a face recognition system 20, a virtualization server 30, an MDM server 40, System or a business server 45.

MDM and Mobile Virtualization and Near and Angle Identification Document security management systems using facial recognition technology

Located directly above the operating system (Android, iOS) of mobile devices such as smartphones and tablet PCs, it has a mobile hypervisor that virtualizes the smart device's hardware to create a parallel virtualized stack running two operating systems simultaneously , A memory in which an encrypted virtual area and a general area are allocated, a mobile communication modem (3G, 4G) or a wireless LAN (Wi-Fi) A device management unit connected to the in-house network and authenticated by the user in the virtualization mode and causing the application to operate in the virtual area; The feature values of the eye nose and mouth of face photographs taken at time intervals (eg, 5 seconds, 10 seconds) The MDM server sends a remote control command to the MDM agent of the virtualized mobile device to close the security document by process kill on the mobile device according to the remote control of the MDM server, A mobile device (10) having an MDM agent (MDM agent) for controlling the display device so that it can not be seen on a display screen;

Military, security, top secret A business server (20) where security documents and business documents are stored in a company that requires confidentiality;

A virtualization server 40 for storing and managing data for virtualization of the mobile device for each mobile device; And

When the feature values of the eyes, nose, and mouth of the face photographs taken by the camera of the mobile device are compared with the feature values of the eyes, nose, and mouth of the previously registered face photographs of the face recognition system 30 by the face recognition technology If the user does not recognize the user's face or the distance between the user's face and the smartphone (within the effective range of 20 cm to 40 cm) or angle is changed, if the face recognition is not performed, the direction of the screen of the mobile device is changed, And an MDM server 45 for controlling the content of the security document of the smartphone, which is seen through the process kill, to disappear or controlling the remote locking function of the mobile device.

The mobile device 10 includes a smart phone and a tablet PC, mobile virtualization of the device is applied, and an MDM agent is installed.

The mobile device 10 is located directly above the operating system (Android, iOS) of a mobile device such as a smart phone and a tablet PC. By virtualizing the hardware of the smart device, a parallel virtualized stack in which two operating systems are simultaneously executed Mobile hypervisor; A memory in which an encrypted virtual area and a general area are allocated; It is connected to the in-house network through a mobile communication modem (CDMA, LTE) or wireless LAN (Wi-Fi). In the normal mode, the user is not authenticated. A device management unit for causing an application to operate in a virtual area; When facial photographs taken at predetermined time intervals are compared by comparing the feature values of the eyes, nose, and mouth of the previously registered face photographs of the face recognition system, when the face photographs are not authenticated, according to the remote control of the MDM server, (MDM agent) for controlling the document viewer program executed in the document viewer program to process the security document through a process kill or close the document or to lock the screen according to the remote lock control command so as to be hidden on the display screen.

In the system, when the face recognition is performed by a server method, a face image photographed by a camera of the mobile device is received through a communication network, and a face image of a user, A face recognition system (30) for comparing the feature points of eyes, nose, and mouth to provide a face authentication function for a security document; And a face photograph DB 31 for storing face photographs of users who are granted access rights to the mobile devices.

In face recognition, a face image photographed by a camera of a mobile device such as a smart phone or a tablet PC is stored in its own memory in advance, and each time a security document stored in the mobile device is viewed, a document security application (App) The face authentication function is executed by comparing the eye, nose, and mouth feature values of the face photographs of which distance and angle are automatically photographed at predetermined time intervals (for example, 5 seconds, 10 seconds) If the authentication is not successful, the security document of the mobile device may be closed, or the screen lock function of the mobile device may be executed in the mobile device itself.

For example, the face recognition of the user of the mobile device 10 is performed in a face-to-face view of a mobile device (e.g., smart phone) at a distance of about 30 cm (effective distance 20 to 30 cm) Face recognition is performed, and if the direction of the screen of the smartphone is changed even if the face of the same person is changed, or if the user turns the face, the user picture is not recognized or the distance and angle of the user's face and the smartphone The remote control of the MDM server 45 causes the screen of the smartphone to disappear through the process kill or the contents of the security document of the smartphone disappearing or the smartphone screen lock function is executed.

The face recognition algorithm can be applied to various conventional face recognition algorithms, but is not limited thereto.

For example, the feature-based face image detection method is a detection method using a haar-like feature and a detection method using a MCT (Modified Census Transform) image in a smartphone. For example, the contour and eye region of the face region are detected using the facial and eye detectors learned from Haar-like feature in the input image of the camera of the mobile device, the preprocessing process is performed to detect the pupil, (ROI, Region of Interest) is converted into grayscale, and the threshold value of the eye and the eye is extracted from the eye region image in the bright illumination state and the dark illumination state, The histogram of the image (pixel value of each pixel of the x axis, number of pixel values of the y axis) is obtained, binarization of the image of the eye is performed, and histogram equalization is performed to pre- Detects the contours of the eyes, nose, and mouth of the detected face region, and extracts texture faults and shape features.

The feature values of the eyes, nose, and mouth of the detected face region are represented by the difference between the sum of the pixels included in the white region of the Haar-like feature and the sum of the pixels included in the black region. For example, the distance from the detected eye area to both ends of the right and left eyes, and the size of the iris using the hough circle transform algorithm can be applied to the feature values.

For example, if a security document requiring confidentiality of a smartphone carried by a military officer is viewed, if the authorized user's face and smart phone's effective distance (20 to 40 cm) The face of the smartphone disappears or the content of the security document of the smartphone disappears or the screen abnormality lock function is executed according to the remote control of the MDM server.

FIG. 6 is a flowchart illustrating a document security management method using MDM, mobile virtualization, and close-range and angle identification facial recognition technology according to an embodiment of the present invention.

MDM and mobile virtualization and proximity and angle identification Document security management methods using facial recognition technology include (a) virtualization of the device's hardware by the mobile device by the hypervisor, creating a parallelized virtualized stack running multiple operating systems simultaneously The memory is allocated to the encrypted virtual area and the general area, and the application is connected to the private network through the mobile communication modem (3G, 4G) or wireless LAN (Wi-Fi) step; (b) downloading a security document from the business server to a virtualized mobile device after authenticating the user to a business server of the intra-network; (c) comparing the feature values of the eyes, nose, and mouth of a facial photograph photographed at a predetermined time interval with the camera of the virtualized mobile device, Confirming the face recognition authentication; And (d) if a facial photograph photographed at a predetermined time interval by the camera of the virtualized mobile device is not authenticated, a document viewer program executed in the virtualized mobile device according to a remote control of the MDM server, the security document is closed by the MDM agent through kill or the screen is locked by the MDM agent according to the remote lock control command received from the MDM server and displayed on the display screen And a control unit for controlling the control unit.

The MDM server may be configured such that when the feature values of the eyes, nose, and mouth of the face photographs taken by the camera of the mobile device are compared with the feature values of the eyes, nose, and mouth of the face photograph previously stored by the face recognition technology, Or if the direction of the screen of the mobile device changes or if the user rotates his / her face and the user's picture is not recognized or the effective distance or angle of the user's face and the smartphone becomes different, Transmitting to the MDM server or transmitting to the MDM server through the face recognition system; And

The MDM server transmits a remote control command to the MDM agent of the virtualized mobile device to control the virtualized mobile device to disappear immediately or the contents of the security document that the user has viewed disappear, And the remote lock function is controlled.

As described above, the method of the present invention can be implemented as a program and recorded on a recording medium (CD-ROM, RAM, ROM, memory card, hard disk, magneto-optical disk, storage device, etc.) Lt; / RTI >

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is clearly understood that the same is by way of illustration and example only and is not to be taken in conjunction with the present invention. The present invention can be variously modified or modified.

10: mobile device, 20: face recognition system,
30: Virtualization server 40: MDM server
45: In-house file system or business server

Claims (5)

And a mobile hypervisor for generating a parallelized virtualized stack in which a plurality of operating systems are simultaneously executed by virtualizing the hardware of the device. The mobile hypervisor can be connected to the intra-company network through a mobile communication modem (3G, 4G) A device management unit which is connected to the virtual area and is operated to allow the application to be operated in the general area and the encrypted virtual area, and a feature management unit for comparing the feature values of the eyes, nose, , When the feature value of the mouth is not authenticated, the document viewer program running on the mobile device is controlled by the MDM server to close the security document through the process kill or to prevent the display of the document according to the remote lock control command A mobile device having an MDM agent;
A business server, which is connected to the mobile device through a communication network (Wi-Fi, 3G, 4G) and stores security documents and business documents in a company that requires military, security, and Top Secret confidentiality;
A virtualization server for storing and managing data for virtualization of the mobile device for each mobile device; And
When the feature values of the eyes, nose, and mouth of the face photographs photographed by the camera of the mobile device are not recognized at the time of comparing the feature values of the eyes, nose, and mouth of the face photograph previously stored by the face recognition technology, Or when the user turns the face, if the user's photograph is not recognized or if the distance or angle between the user's face and the smartphone changes, the screen of the mobile device disappears immediately or the contents of the security document looked up disappear An MDM server for controlling the remote locking function of the mobile device or controlling the remote locking function of the mobile device;
In the case where the face recognition is performed by the server system, the face photograph taken by the camera of the mobile device is received through the communication network, and the eyes of the user, A facial recognition system that compares the feature points of a mouth and provides a face authentication function for a secure document; And a face photograph DB storing a face photograph of a user who is granted access right of the mobile device;
The mobile device
Located directly above the operating system (Android, iOS) of mobile devices such as smartphones and tablet PCs, a mobile hypervisor that creates parallelized virtualized stacks running two operating systems simultaneously by virtualizing the smart device hardware;
A memory in which an encrypted virtual area and a general area are allocated;
It is connected to the in-house network through a mobile communication modem (CDMA, LTE) or wireless LAN (Wi-Fi). In the normal mode, the user is not authenticated. A device management unit for causing an application to operate in a virtual area; And
If the facial photographs are not authenticated by comparing the feature values of the eyes, nose, and mouth of the registered facial photographs of the facial recognition system, the document of the security document is closed or closed according to the remote control of the MDM server ) Or an MDM agent that executes a screen lock according to a remote lock control command and controls the display screen to be hidden from view;
MDM and document security management system using mobile virtualization and face and angle identification facial recognition technology. delete delete delete delete
KR1020150098113A 2015-07-10 2015-07-10 Document Security Management System using MDM, Mobile Virtualization and short-distance and angle detection face recognition technologies KR101676782B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150098113A KR101676782B1 (en) 2015-07-10 2015-07-10 Document Security Management System using MDM, Mobile Virtualization and short-distance and angle detection face recognition technologies

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150098113A KR101676782B1 (en) 2015-07-10 2015-07-10 Document Security Management System using MDM, Mobile Virtualization and short-distance and angle detection face recognition technologies

Publications (1)

Publication Number Publication Date
KR101676782B1 true KR101676782B1 (en) 2016-11-21

Family

ID=57538058

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150098113A KR101676782B1 (en) 2015-07-10 2015-07-10 Document Security Management System using MDM, Mobile Virtualization and short-distance and angle detection face recognition technologies

Country Status (1)

Country Link
KR (1) KR101676782B1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112258193A (en) * 2019-08-16 2021-01-22 创新先进技术有限公司 Payment method and device
KR20220065186A (en) 2020-11-13 2022-05-20 주식회사 위비즈넷 Method and Server for providing customized information using face recognition technology

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20120012627A (en) * 2010-08-02 2012-02-10 에스케이플래닛 주식회사 System and method for providing personal information based on augmented reality
KR101265474B1 (en) * 2012-06-20 2013-05-20 주식회사 엔에스에이치씨 Security service providing method for mobile virtualization service
KR20130127629A (en) * 2012-05-15 2013-11-25 경희대학교 산학협력단 Apparatus and method for providing virtual application
KR20150055934A (en) 2013-11-14 2015-05-22 주식회사 알투소프트 Multi-channel method and device for smartwork security framework based on mobile virtualization environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20120012627A (en) * 2010-08-02 2012-02-10 에스케이플래닛 주식회사 System and method for providing personal information based on augmented reality
KR20130127629A (en) * 2012-05-15 2013-11-25 경희대학교 산학협력단 Apparatus and method for providing virtual application
KR101265474B1 (en) * 2012-06-20 2013-05-20 주식회사 엔에스에이치씨 Security service providing method for mobile virtualization service
KR20150055934A (en) 2013-11-14 2015-05-22 주식회사 알투소프트 Multi-channel method and device for smartwork security framework based on mobile virtualization environment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112258193A (en) * 2019-08-16 2021-01-22 创新先进技术有限公司 Payment method and device
CN112258193B (en) * 2019-08-16 2024-01-30 创新先进技术有限公司 Payment method and device
KR20220065186A (en) 2020-11-13 2022-05-20 주식회사 위비즈넷 Method and Server for providing customized information using face recognition technology

Similar Documents

Publication Publication Date Title
US10375116B2 (en) System and method to provide server control for access to mobile client data
US11757885B2 (en) Transaction security systems and methods
US10686793B2 (en) Integrated biometrics for application security
US8656455B1 (en) Managing data loss prevention policies
US10028139B2 (en) Leveraging mobile devices to enforce restricted area security
CN103403669A (en) Securing and managing APPs on a device
US10375114B1 (en) Systems and methods for enforcing access-control policies
US9756173B2 (en) Leveraging mobile devices to enforce restricted area security
CN104376274A (en) Mobile terminal payment interface protection method and device
US20220350881A1 (en) Access monitoring of mobile device in possession by unauthorized user
US10574689B1 (en) Mitigating mobile OS intrusions from user space applications using secure services and biometric identification
US11595426B2 (en) Risk based virtual workspace delivery
US11381972B2 (en) Optimizing authentication and management of wireless devices in zero trust computing environments
US20180234390A1 (en) System and method for the separation of systems that work together
US10324745B2 (en) Thin client with managed profile-specific remote virtual machines
KR102188775B1 (en) Method and system for remotely controlling client terminals using face recognition and face recognition terminal
US20180205762A1 (en) Automatically securing data based on geolocation, network or device parameters
KR101676782B1 (en) Document Security Management System using MDM, Mobile Virtualization and short-distance and angle detection face recognition technologies
CN105208045A (en) Identity authentication method, equipment and system
US11392712B2 (en) Controlling access to a resource based on the operating environment
US10924496B1 (en) Systems and methods for managing location-based access control lists
KR102475738B1 (en) Server that supports secure access of user terminal device and controlling method thereof
CN108573164A (en) A kind of file encryption, decryption method and device
KR102547421B1 (en) Method for controlling user access and terminal device thereof
Gallotto et al. Security Management of Bring-Your-Own-Devices

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20191111

Year of fee payment: 4