KR101730600B1 - Personal information leak detection apparatus and method using false personal information - Google Patents
Personal information leak detection apparatus and method using false personal information Download PDFInfo
- Publication number
- KR101730600B1 KR101730600B1 KR1020150183972A KR20150183972A KR101730600B1 KR 101730600 B1 KR101730600 B1 KR 101730600B1 KR 1020150183972 A KR1020150183972 A KR 1020150183972A KR 20150183972 A KR20150183972 A KR 20150183972A KR 101730600 B1 KR101730600 B1 KR 101730600B1
- Authority
- KR
- South Korea
- Prior art keywords
- personal information
- false
- hash value
- user
- target user
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G06F17/30109—
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
Description
The present invention relates to a personal information leakage detection apparatus and method using false personal information, and more particularly, to an apparatus and method for detecting personal information leakage using false personal information, And an apparatus and method for determining whether the personal information database is leaked or not.
Recently, social problems are emerging due to leakage of personal information. However, since there is no technology to detect whether personal information is leaked, it is not easy to know whether the personal information of the user who wants to use various services provided is leaked information.
For example, if a hacking incident occurs for a specific company, it is assumed that the information stored in the databases accessible by the hacking incident is leaked. That is, if there is a database containing personal information among the databases accessible by the hacking accident, it can be assumed that the user's personal information has been leaked.
Therefore, it is difficult to confirm the leak of personal information against the insider's denial such as the manager who manages the personal information database. However, the conventional technology has a technique for managing personal information at one site, a method for exchanging personal information between two mobile phone terminals, and the like, but there is almost no technology for detecting personal information leakage.
The present invention relates to a personal information leakage detection apparatus and method using false personal information, and more particularly, to an apparatus and method for detecting personal information leakage using false personal information, It is possible to judge whether the personal information database is leaked or not.
According to an embodiment of the present invention, there is provided a false personal information generating method comprising: generating false personal information of a virtual user similar to an actual user's personal information; Inserting the generated false personal information into the personal information database; Extracting the hash value of the inserted false personal information using a specific hash function; And storing the extracted hash value of the false personal information in the hash database for the false private information.
The false personal information may be personal information about the actual user and another virtual user, and may be personal information that is formally similar to the personal information of the actual user.
A personal information leakage detection method according to an embodiment of the present invention includes: identifying personal information of a target user to use a specific service; Extracting a hash value for the personal information of the target user using a hash function; Comparing the extracted hash value with a hash value associated with false personal information stored in a private information database of the specific service; Determining whether or not the personal information of the target user has been leaked based on a result of the comparison with the hash value associated with the false personal information, It may be the hash function used to extract the hash value.
If the hash value related to the personal information of the target user matches the hash value associated with the false personal information, the determining step determines that the personal information database including the false personal information of the virtual user is leaked and suspends the specific service .
The method may further include requesting the target user to authenticate the personal information when the hash value of the target user matches the hash value associated with the false personal information.
And if the requested personal information authentication is successful, deleting the personal information of the virtual user from the personal information database.
If the requested personal information authentication fails, it is determined that the personal information database including the false personal information of the virtual user is leaked, and the specific service can be canceled.
An apparatus for detecting personal information leakage according to an embodiment of the present invention includes an identification unit for identifying personal information of a target user who wants to use a specific service; An extractor for extracting a hash value of the personal information of the target user using a hash function; A comparing unit comparing the extracted hash value with a hash value associated with false personal information stored in the private information database of the specific service; And a judging unit for judging whether or not the personal information of the target user is leaked based on a result of the comparison with the hash value associated with the false personal information, It may be the hash function used to extract the hash value.
When the hash value of the target user's personal information matches the hash value associated with the false personal information, the determination unit determines that the personal information database including the false personal information of the virtual user is leaked, and suspends the specific service .
The authentication server may further include an authentication unit for requesting the target user to authenticate the personal information when the hash value of the target user matches the hash value associated with the false personal information.
And a deletion unit deleting the personal information of the virtual user from the personal information database when the requested personal information authentication is successful.
If the requested personal information authentication fails, it is determined that the personal information database including the false personal information of the virtual user is leaked, and the specific service can be canceled.
The present invention relates to a personal information leakage detection apparatus and method using false personal information, and more particularly, to an apparatus and method for detecting personal information leakage using false personal information, It is possible to judge whether the personal information database is leaked or not.
1 is a view showing a false personal information generating apparatus according to an embodiment of the present invention.
FIG. 2 is a diagram showing an example of an element and an actual configuration of false personal information according to an embodiment of the present invention.
FIG. 3 illustrates a method for generating a false personalization hash database according to an embodiment of the present invention. Referring to FIG.
4 is a flowchart illustrating a false personal information generation method according to an embodiment of the present invention.
5 is a block diagram of a personal information leakage detection apparatus according to an embodiment of the present invention.
6 is a flowchart illustrating a personal information leakage detection method according to an embodiment of the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
1 is a view showing a false personal information generating apparatus according to an embodiment of the present invention.
The false personal
The
At this time, the false personal information of the inserted virtual user can be used to detect whether or not the
The extracting
For example, the
The
FIG. 2 is a diagram showing an example of an element and an actual configuration of false personal information according to an embodiment of the present invention.
The false personal
At this time, the false personal
The false personal
FIG. 3 illustrates a method for generating a false personalization hash database according to an embodiment of the present invention. Referring to FIG.
The false personal
The false personal
At this time, the hash value extracted in consideration of the date and time when the false personal information of the virtual user is inserted into the
At this time, when the false personal information of the virtual user included in the
The
4 is a flowchart illustrating a false personal information generation method according to an embodiment of the present invention.
In
In
At this time, the false personal information of the inserted virtual user can be used to detect whether or not the
The false personal
At this time, the false personal
The false personal
In
For example, the
The extracting
At this time, the hash value extracted in consideration of the date and time when the false personal information of the virtual user is inserted into the
In
5 is a block diagram of a personal information leakage detection apparatus according to an embodiment of the present invention.
The personal information
The
At this time, the personal information of the target user identified by the service provider may include at least one of personal information elements such as name, age, address, mobile phone number, and resident registration number.
The extracting
The comparing
The
If the hash value of the target user's personal information is compared with the hash value of the virtual user's false personal information, if the two hash values match, the
If it is determined by the
This is because the false personal information of the virtual user generated by the false personal
At this time, the
The
When the authentication of the personal information requested by the
6 is a flowchart illustrating a personal information leakage detection method according to an embodiment of the present invention.
Suppose that the target user wants to use the financial transaction service. In
At this time, the personal information of the target user identified by the personal information
In
In
If the hash value of the personal information of the target user does not match the hash value of the false personal information of the virtual user, the personal information
However, if the hash value of the target user's personal information matches the hash value of the false personal information of the virtual user as a result of comparison, the personal information
However, there is a possibility that the false personal information of the virtual user generated by the personal
If the requested personal information authentication is successful as in
However, if the requested personal information authentication fails as in
The methods according to embodiments of the present invention may be implemented in the form of program instructions that can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions recorded on the medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art of computer software.
While the invention has been shown and described with reference to certain preferred embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. This is possible.
Therefore, the scope of the present invention should not be limited to the described embodiments, but should be determined by the equivalents of the claims, as well as the claims.
100: False private information generating device
110:
120:
130:
140:
150, 580: Personal information database
160, 590: hash database
500: Personal information leak detection device
510:
520:
530:
540:
550: authentication unit
560:
570: Cancellation part
Claims (12)
Inserting the generated false personal information into the personal information database;
Extracting the hash value of the inserted false personal information using a hash function; And
Storing the hash value of the extracted false personal information in a hash database for false personal information
Lt; / RTI >
Wherein the false personal information of the virtual user includes:
And personal information about the virtual user other than the actual user, the personal information being in a formally similar form to the personal information of the actual user,
The hash function,
A hash function used when extracting a hash value of a personal information of a target user who desires to use a specific service,
If the hash value of the false personal information stored in the hash database matches the hash value of the personal information of the target user, it is determined that the personal information database including the false personal information of the virtual user is leaked, A false false personal information creation method.
Extracting a hash value for the personal information of the target user using a hash function;
Comparing the extracted hash value of the personal information of the target user with a hash value associated with false personal information of the virtual user stored in the private information database of the specific service;
Determining whether the personal information of the target user has been leaked based on a result of the comparison with the hash value associated with the false personal information of the virtual user
Lt; / RTI >
Wherein the determining step comprises:
When the hash value of the target user's personal information matches the hash value associated with the false personal information of the virtual user, it is determined that the personal information database including the false personal information of the virtual user is leaked, and,
The hash function,
And a hash function used to extract a hash value of the false personal information of the virtual user stored in the personal information database of the specific service.
Extracting a hash value for the personal information of the target user using a hash function;
Comparing the extracted hash value of the personal information of the target user with a hash value associated with false personal information of the virtual user stored in the private information database of the specific service;
Determining whether the personal information of the target user has been leaked based on a result of the comparison with the hash value associated with the false personal information of the virtual user; And
Requesting personal information authentication to the target user if the hash value of the target user matches the hash value associated with the false personal information
Lt; / RTI >
The hash function,
And a hash function used to extract a hash value of the false personal information of the virtual user stored in the personal information database of the specific service.
If the requested personal information authentication is successful, deleting the personal information of the virtual user from the personal information database
The method comprising the steps of:
And determining that the personal information database including the false personal information of the virtual user has been leaked and canceling the specific service if the requested personal information authentication fails.
An extractor for extracting a hash value of the personal information of the target user using a hash function;
A comparing unit comparing the extracted hash value of the personal information of the target user with a hash value associated with the false personal information of the virtual user stored in the private information database of the specific service;
A determination unit for determining whether personal information of the target user is leaked based on a result of comparison between the virtual user's hash value and a hash value associated with the false personal information,
Lt; / RTI >
Wherein,
When the hash value of the target user's personal information matches the hash value associated with the false personal information of the virtual user, it is determined that the personal information database including the false personal information of the virtual user is leaked, and,
The hash function,
And a hash function used to extract a hash value of false personal information of the virtual user stored in the private information database of the specific service.
An extractor for extracting a hash value of the personal information of the target user using a hash function;
A comparing unit comparing the extracted hash value of the personal information of the target user with a hash value associated with the false personal information of the virtual user stored in the private information database of the specific service;
A determination unit for determining whether personal information of the target user is leaked based on a result of comparison between the virtual user's false personal information and a hash value; And
When the hash value of the target user matches the hash value associated with the false personal information,
Lt; / RTI >
The hash function,
And a hash function used to extract a hash value of false personal information of the virtual user stored in the private information database of the specific service.
And deletes the personal information of the virtual user from the personal information database if the requested personal information authentication is successful,
And a personal information leakage detection device.
And a revocation unit for confirming that the personal information database including the false personal information of the virtual user is leaked and canceling the specific service if the requested personal information authentication fails,
And a personal information leakage detection device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150183972A KR101730600B1 (en) | 2015-12-22 | 2015-12-22 | Personal information leak detection apparatus and method using false personal information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150183972A KR101730600B1 (en) | 2015-12-22 | 2015-12-22 | Personal information leak detection apparatus and method using false personal information |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101730600B1 true KR101730600B1 (en) | 2017-04-26 |
Family
ID=58704851
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150183972A KR101730600B1 (en) | 2015-12-22 | 2015-12-22 | Personal information leak detection apparatus and method using false personal information |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101730600B1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101950387B1 (en) * | 2018-02-12 | 2019-02-20 | 주식회사 머니브레인 | Method, computer device and computer readable recording medium for building or updating knowledgebase models for interactive ai agent systen, by labeling identifiable but not-learnable data in training data set |
KR101999131B1 (en) * | 2018-11-15 | 2019-07-11 | (주)소만사 | System for preventing data loss using decoy personal information data and method thereof |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101565902B1 (en) | 2014-05-12 | 2015-11-05 | 김선종 | Method for Detecting and Preventing Personal Leakage |
-
2015
- 2015-12-22 KR KR1020150183972A patent/KR101730600B1/en active IP Right Grant
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101565902B1 (en) | 2014-05-12 | 2015-11-05 | 김선종 | Method for Detecting and Preventing Personal Leakage |
Non-Patent Citations (1)
Title |
---|
박찬호 외 2인, '효율적인 인증을 위한 해시 저장방식의 가상카드번호 결제 시스템', 정보보호학회논문지 제25권 제1호, 2015.02, pp.5-15 |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101950387B1 (en) * | 2018-02-12 | 2019-02-20 | 주식회사 머니브레인 | Method, computer device and computer readable recording medium for building or updating knowledgebase models for interactive ai agent systen, by labeling identifiable but not-learnable data in training data set |
WO2019156536A1 (en) * | 2018-02-12 | 2019-08-15 | 주식회사 머니브레인 | Method and computer device for constructing or updating knowledge base model for interactive ai agent system by labeling identifiable, yet non-learnable, data from among learning data, and computer-readable recording medium |
KR101999131B1 (en) * | 2018-11-15 | 2019-07-11 | (주)소만사 | System for preventing data loss using decoy personal information data and method thereof |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10992659B2 (en) | Multi-factor authentication devices | |
JP6703539B2 (en) | Device verification method and device | |
US20160267290A1 (en) | Information viewing method, device, system and storage medium | |
JP6609047B2 (en) | Method and device for application information risk management | |
CN108683667B (en) | Account protection method, device, system and storage medium | |
US20170118205A1 (en) | User biological feature authentication method and system | |
WO2015144058A1 (en) | Account binding processing method, apparatus and system | |
CN105516203A (en) | Safety methodology based on fingerprint scatter storage and system | |
CN109257366B (en) | Method and device for authenticating user | |
CN105721425B (en) | information processing method and electronic equipment | |
US10291606B2 (en) | Authentication information management system, authentication information management apparatus, recording medium, and authentication information management method | |
CN107358763A (en) | A kind of method, apparatus and system of ATM checking identity | |
US11899770B2 (en) | Verification method and apparatus, and computer readable storage medium | |
KR101730600B1 (en) | Personal information leak detection apparatus and method using false personal information | |
WO2016145849A1 (en) | Short message security management method, device and terminal | |
TW201929481A (en) | Identity authentication method, server and client device | |
CN106685945B (en) | Service request processing method, service handling number verification method and terminal thereof | |
CN105630855A (en) | File sharing method, file sharing system and terminal | |
CN114238883A (en) | Identity authentication method, device, equipment and storage medium | |
CN115471860B (en) | Express real name checking method, system and computer readable storage medium | |
CN106533685B (en) | Identity authentication method, device and system | |
CN106161365B (en) | Data processing method and device and terminal | |
US20190005490A1 (en) | Authentication method | |
CN103984902B (en) | A kind of recognition methods of newly-increased data assets and system | |
CN107743066B (en) | Monitorable anonymous signature method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |