KR101933444B1 - Message server - Google Patents

Abstract

This embodiment uses a computer to control to receive a first message including a first attachment file; Generating an encryption key for encrypting the first message in consideration of the kind of the first attachment file; Encrypting a first attachment of the first message using the encryption key; And transmitting the first message including the sender information of the first message to a message server. The computer program stored in the medium is executed to execute the method.

Description

Message server {MESSAGE SERVER}

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a message server, and more particularly, to a message server for delivering an encrypted message without storing and managing key information used for encrypting or decrypting a message.

Communication through messenger is carried out in the form of terminal, server, and terminal. When the first user inputs a message into the message application installed in the terminal, the message is transmitted to the message application installed in the terminal of the second user via the server of the messenger service company. Most messaging applications apply a cryptographic device between the smartphone and the server, and messages arriving at the server are generally decrypted, or decrypted, by the server.

According to the conventional method, it is possible to decrypt by the server, which means that there is a risk that the messages between the users can be disclosed when the server is hacked.

In order to solve the problems of the related art, an end-to-end encryption technique for decrypting only user terminals has been applied.

However, when the end-to-end encryption technique is applied, the same message must be encrypted differently according to the receiver or the sender, and the server has to manage all the messages between the users individually.

Embodiments of the present invention may provide a message server that utilizes end-to-end encryption techniques to send and receive messages or handle chatting in a chat room.

The computer program stored in the recording medium according to the embodiments of the present invention may further include a step of controlling, using a computer, to receive a first message including a first attachment file; Generating an encryption key for encrypting the first message in consideration of the kind of the first attachment file; Encrypting a first attachment of the first message using the encryption key; And transmitting the first message including the sender information of the first message to a message server.

The generating of the encryption key may generate a hash value of the first attachment file as an encryption key of the first attachment file when the size of the first attachment file is equal to or greater than a predetermined threshold value .

The generating of the encryption key may generate a hash value of the first attachment file as an encryption key of the first attachment file when the first attachment file is a moving picture.

The generating of the encryption key may include generating a plurality of encryption keys of the message according to the recipient information of the message in the case of a message set to be transmitted to a plurality of users.

The computer program comprising: receiving a second message from the message server, the second message including a second attachment from a second user terminal; Extracting an index for the second attached file and calling data corresponding to the index; And decrypting the data using the decryption key received from the second user terminal.

And controlling the computer program to receive the authentication key output by the third user terminal so that the message can be confirmed through the third user terminal.

The step of controlling to receive the authentication key may include transmitting the authentication key to the message server, receiving the validity of the authentication key in response to the authentication key, And to transmit the first message and the second message to the mobile station.

The step of controlling to receive the authentication key may include the step of encrypting the encryption key using the authentication key, and transmitting the encrypted encryption key to the third user terminal.

The user terminal according to embodiments of the present invention includes an input control unit including a control unit, a communication unit, and a memory, and controlling input of a first message including a first attachment file; A key generation unit for generating an encryption key for encrypting the first message in consideration of the type of the first attachment file; An encryption unit encrypting a first attachment file of the first message using the encryption key; And a message transmitter including the sender information of the first message in the first message and transmitting the message to the message server.

The key generation unit may generate a hash value of the first attachment file as an encryption key of the first attachment file when the size of the first attachment file is greater than or equal to a preset threshold value.

The key generation unit may generate a hash value of the first attachment file as an encryption key of the first attachment file when the first attachment file is a moving picture.

In the case of a message set to be transmitted to a plurality of users, the key generation unit may generate a plurality of encryption keys of the message according to recipient information of the message.

A user terminal according to embodiments of the present invention includes: a message receiver for receiving a second message including a second attachment file from a second user terminal from the message server; A data calling unit for extracting an index for the second attached file and calling data corresponding to the index; And a decryption unit for decrypting the data using the decryption key received from the second user terminal.

According to an embodiment of the present invention, the user terminal may further include an authentication managing unit for controlling the user terminal to receive the authentication key output by the third user terminal so that the user can confirm the message through the third user terminal.

Wherein the authentication management unit transmits the authentication key to the message server, receives the validity of the authentication key in response to the authentication key, and transmits the first message and the second message to the third user terminal according to the validity of the authentication key. And to transmit the second message.

The authentication management unit may encrypt the encryption key using the authentication key, and transmit the encrypted encryption key to the third user terminal.

In addition to this, another method for implementing the present invention, another system, and a computer-readable recording medium for recording a computer program for executing the method are further provided.

Other aspects, features, and advantages other than those described above will become apparent from the following drawings, claims, and the detailed description of the invention.

The message server of the present invention can utilize the end-to-end encryption technique to send and receive messages or to handle conversations in chat rooms.

1 is a block diagram illustrating a message transmission / reception system according to embodiments of the present invention.
2 is a block diagram illustrating a structure of a message server according to embodiments of the present invention.
3 is a block diagram showing a structure of a control unit of a message server;
4 is a block diagram illustrating a structure of a user terminal according to embodiments of the present invention.
5 is a block diagram showing a structure of a control unit of a user terminal.
6 is a block diagram showing the structure of an authentication management unit of a user terminal.
7 to 8 are flowcharts illustrating a message transmission / reception method according to embodiments of the present invention.
9 to 10 are flowcharts showing data transmission / reception between user terminals and a message server.
11 to 14 are views showing an example of a user interface provided according to the embodiments of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The present invention is capable of various modifications and various embodiments, and specific embodiments are illustrated in the drawings and described in detail in the detailed description. The effects and features of the present invention and methods of achieving them will be apparent with reference to the embodiments described in detail below with reference to the drawings. However, the present invention is not limited to the embodiments described below, but may be implemented in various forms.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings, wherein like reference numerals refer to like or corresponding components throughout the drawings, and a duplicate description thereof will be omitted .

In the following embodiments, the terms first, second, and the like are used for the purpose of distinguishing one element from another element, not the limitative meaning.

In the following examples, the singular forms "a", "an" and "the" include plural referents unless the context clearly dictates otherwise.

In the following embodiments, terms such as inclusive or possessed mean that a feature or element described in the specification is present, and does not exclude the possibility that one or more other features or components are added in advance.

If certain embodiments are otherwise feasible, the particular process sequence may be performed differently from the sequence described. For example, two processes that are described in succession may be performed substantially concurrently, and may be performed in the reverse order of the order described.

In the following embodiments, the term "circuit" refers to any circuitry, circuitry, and / or circuitry, including, for example, hardwired circuitry, programmable circuitry, state machine circuitry, and / or firmware that stores instructions executed by a programmable circuit, either alone or in any combination . The application may be implemented as code or instructions that may be executed on a programmable circuit, such as a host processor or other programmable circuit. A module, as used in any of the embodiments herein, may be implemented as a circuit. The circuitry may be implemented as an integrated circuit, such as an integrated circuit chip.

In the following embodiments, when a component is referred to as "comprising ", it means that it can include other components as well, without excluding other components unless specifically stated otherwise. Also, the terms " part, "" module," and " module ", etc. in the specification mean a unit for processing at least one function or operation and may be implemented by hardware or software or a combination of hardware and software have.

1 is a block diagram of a message transmission / reception system 10 according to an embodiment of the present invention.

Referring to FIG. 1, a message transmission / reception system 10 according to an embodiment of the present invention may include a message server 100, user terminals 200 and 300, and a communication network 400.

The message server 100 transmits a message received from the user terminals 200 and 300 to the other user terminals 200 and 300 to transmit and receive messages between the plurality of user terminals. The message server 100 may provide a function of sending and receiving messages between a plurality of user terminals 200 and 300 through procedures such as membership registration and login. The message server 100 may provide a function of providing a chat room that enables conversation between a plurality of user terminals 200 and 300. [ The message server 100 can control so that a dialog entered or received by each user who enters the chat room can be shared with a plurality of users in the chat room through the chat room.

The message server 100 may transmit a chat room invitation message to the user terminals 200 and 300 that have not undergone membership registration and login procedures.

The message server 100 can control the encryption or decryption of messages or chatting between the user terminals 200 and 300. [ In particular, the message server 100 may utilize end-to-end encryption techniques to provide the ability to send and receive messages or to handle chat room conversations. More specifically, the message server 100 only delivers the encrypted message to each user terminal, and does not store and manage information related to decryption or decryption of each encrypted message.

Also, the message server 100 may control to transmit a message set to be transmitted to the first user terminal 201 to the second user terminal 202 associated with the first user terminal. The message server 100 may control the authentication process to check the identity between the first user terminal 201 and the second user terminal 202. [ Before performing the authentication process, the second user terminal 202 may provide the encrypted message without decrypting it. In addition, the message server 100 may control the cryptographic key used by the first user terminal 201 to transmit and receive a message to be transmitted to the second user terminal 202 connected to the first user terminal 201. At this time, the encryption key can be transmitted and received in an encrypted state using the authentication key used for authentication between the first user terminal 201 and the second user terminal 202.

In addition, the message server 100 may perform a function of distributing an application implemented to send and receive messages to the user terminals 200 and 300.

The user can access the message server 100 through the user terminals 200 and 300. [ The user terminals 200 and 300 are installed with an application (or a computer program) for message transmission and reception and transmit messages to the other user terminals 200 and 300 using the application. ≪ / RTI >

Also, the user terminals 200 and 300 can encrypt and transmit messages that they do not want to disclose, and do not share encryption-related information with the message server 100. The encrypted message may be set to be decrypted only within the recipient and originator's terminals.

The plurality of user terminals 200 and 300 refer to a communication terminal that can use a web service in a wired / wireless communication environment. Here, the user terminals 200 and 300 may be the personal computers 201 and 301 of the user, or may be the portable terminal 202 of the user. Although the portable terminals 202 and 302 are illustrated as smartphones in FIG. 1, the concept of the present invention is not limited thereto, and a terminal equipped with an application capable of web browsing as described above can be borrowed without limitation.

In more detail, the user terminal 200 may be a computer (e.g., a desktop, a laptop, a tablet, etc.), a media computing platform (e.g., a cable, a satellite set top box, a digital video recorder), a handheld computing device E. G., A PDA, an email client, etc.), any form of cellular telephone, or any other type of computing or communication platform, but the invention is not so limited.

The communication network 400 connects the plurality of user terminals 200 and 300 to the message server 100. That is, the communication network 400 refers to a communication network that provides connection paths so that the user terminals 200 and 300 can access the message server 100 and then transmit and receive data. The communication network 400 may be a wired network such as LANs (Local Area Networks), WANs (Wide Area Networks), MANs (Metropolitan Area Networks), ISDNs (Integrated Service Digital Networks), wireless LANs, CDMA, Bluetooth, But the scope of the present invention is not limited thereto.

2 is a block diagram illustrating a structure of a message server according to embodiments of the present invention.

2, the message server 100 according to embodiments of the present invention may include a communication unit 110, a controller 120, and a database 130.

The communication unit 110 may include one or more components that enable communication between the message server 100 and the at least one user terminal 200,

Here, the communication unit 110 may be a device including hardware and software necessary for transmitting / receiving a signal such as a control signal or a data signal through a wired / wireless connection with another network device.

The control unit 120 typically controls the overall operation of the message server 100. For example, the control unit 120 can control the communication unit 110, the database 130, and the like in general by executing programs stored in the database 130. [

Here, the control unit 120 may include all kinds of devices capable of processing data, such as a processor. Herein, the term " processor " may refer to a data processing apparatus embedded in hardware, for example, having a circuit physically structured to perform a function represented by a code or an instruction contained in the program. As an example of the data processing apparatus built in hardware, a microprocessor, a central processing unit (CPU), a processor core, a multiprocessor, an application-specific integrated circuit (ASIC) circuit, and a field programmable gate array (FPGA), but the scope of the present invention is not limited thereto.

The database 130 may store a program for processing and control of the control unit 120 and may store data to be input / output (e.g., a plurality of menus, a plurality of first hierarchical submenus corresponding to the plurality of menus, A plurality of second layer submenus corresponding to each of the plurality of first layer submenus, and the like).

The database 130 may be a flash memory type, a hard disk type, a multimedia card micro type, a card type memory (e.g., SD or XD memory), a RAM (Random Access Memory) SRAM (Static Random Access Memory), ROM (Read Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), PROM (Programmable Read-Only Memory) , An optical disc, and the like. Also, the knowledge sharing service providing apparatus 100 may operate a web storage or a cloud server that performs a storage function of the database 130 on the Internet.

Programs stored in the database 130 can be classified into a plurality of modules according to their functions, for example, a UI module, a touch screen module, a notification module, and the like.

The message server 100 may transmit a message such as a short message, an instant message, or an e-mail to the user terminals 200 and 300. The types of messages sent and received by the message server 100 vary, and are not limited to one type.

3 is a block diagram showing the structure of the control unit 120 of the message server 100. As shown in FIG.

3, the control unit 120 of the message server 100 may include a message receiving unit 121, a message processing unit 122, and an index generating unit 123.

The message receiving unit 121 controls to receive messages from the user terminals 200 and 300. Here, the message may include the title, contents, sender information, recipient information, and attachment of the message. The sender and recipient related information of the message may include a user's ID information, an e-mail address, a telephone number, and the like. The attachment file may include an image, a moving image, an audio file, link information, and the like. The message server 100 may control to transmit and receive messages between the user terminals 200 and 300 of the user registered as a member through a predetermined member registration process.

The message processing unit 122 may control the one or more messages received from the user terminals 200 and 300 to be transmitted to the user terminals 200 and 300 of the respective messages. At this time, in the case of a message including the attached file, the message processing unit 122 can transmit only the index of the attached file to the user terminals 200 and 300 without transmitting the attached file. In particular, when one attached file is transmitted or shared by a large number of users, the message processing unit 122 does not store and manage the number of attached or attached file indexes transmitted or shared, Or shared. For example, in the case of a movie that is popular among people, an event occurs in which the same moving picture is exchanged among a very large number of users. In this case, the message server 100 displays, for each event (such as sending / Or generating an index corresponding to a moving picture can waste a lot of resources. In this case, the message processing unit 122 may determine whether an attached file of the received message has a previously transmitted history and determine whether to newly generate metadata for the attached file.

In addition, the message processor 122 may transmit the message to another server receiving the message according to the recipient information of the message, or may transmit the message directly to the user terminal 200, 300. The message processing unit 122 may transmit the encrypted message to the user terminal 200 or 300 according to the recipient information of the message.

If the message includes an attached file, the index generating unit 123 may generate an index for identifying the attached file, and may generate a table such that the index and the attached file correspond to each other. The index generating unit 123 may generate an index corresponding to an attached file or a message, respectively.

4 is a block diagram illustrating a structure of a user terminal 200 or 300 according to embodiments of the present invention.

4, the user terminals 200 and 300 according to an exemplary embodiment of the present invention include a communication unit 210, a controller 250, and a memory 260. The user terminals 200 and 300 may selectively include an output unit 230, And may further include a user input unit 240.

The communication unit 210 may include at least one component that enables communication between the user terminals 200 and 300 or communication between the user terminals 200 and 300 and the message server 100. For example, the communication unit 210 may include a short-range communication unit 211 and a mobile communication unit 212.

The short-range wireless communication unit 211 includes a Bluetooth communication unit, a Bluetooth low energy (BLE) communication unit, a near field communication unit, a WLAN communication unit, a Zigbee communication unit, IrDA, an infrared data association) communication unit, a WFD (Wi-Fi Direct) communication unit, an UWB (ultra wideband) communication unit, an Ant + communication unit, and the like.

The mobile communication unit 212 transmits and receives a radio signal to at least one of a base station, an external terminal, and a server on a mobile communication network. Here, the wireless signal may include various types of data depending on a voice call signal, a video call signal, or a text / multimedia message transmission / reception.

The communication unit 210 acquires a message from the message server 100 or other user terminals 200 and 300. [

The output unit 230 may include a display unit 231, an acoustic output unit 232, a vibration motor 233, and the like.

The display unit 231 outputs information processed by the user terminals 200 and 300. For example, the display unit 231 may output a user interface provided when executing a message transmission / reception application. The display unit 231 may display a user interface related to message generation or message reception according to the installed message transmission / reception application. The display unit 231 may display the changed user interface according to the version of the installed message transmission / reception application. If the received message is an encrypted message, the display unit 231 may display a screen indicating that a process such as user authentication is required. The display unit 231 may change and provide a user interface according to a user input inputted from a user.

Meanwhile, when the display unit 231 and the touch pad have a layer structure and are configured as a touch screen, the display unit 231 can be used as an input device in addition to the output device. The display unit 231 may be a liquid crystal display, a thin film transistor-liquid crystal display, an organic light-emitting diode, a flexible display, a three-dimensional display A 3D display, and an electrophoretic display. The device 100 may include two or more display units 231 according to the implementation of the device 100. [ At this time, the two or more display units 231 may be arranged to face each other using a hinge.

The audio output unit 232 outputs audio data received from the communication unit 220 or stored in the memory 270. [ The sound output unit 232 may output sound signals related to the functions performed by the user terminals 200 and 300 (for example, a background sound outputted when a message application is executed, . The sound output unit 232 may include a speaker, a buzzer, and the like.

The vibration motor 233 can output a vibration signal. For example, the vibration motor 233 generates vibration signals corresponding to outputs of audio data or image data (for example, an effect sound generated each time an action is performed in a game application, an image changed as a result of performing an action in a game application) Can be output. In addition, the vibration motor 233 may output a vibration signal when a touch is input to the touch screen.

The control unit 250 typically controls the overall operation of the user terminals 200 and 300. For example, the control unit 250 may include a sensing unit 210, a communication unit 220, an output unit 230, a user input unit 240, an A / V input unit 260 ), The memory 270, and the like.

The control unit 250 can determine the operation corresponding to the user input and the state information of the user terminals 200 and 300 using the metadata related to the message sending / receiving application stored in the memory 270 in advance.

The user input unit 240 means a means for the user to input data for controlling the user terminals 200 and 300. For example, the user input unit 240 may include a key pad, a dome switch, a touch pad (a contact type capacitance type, a pressure type resistive type, an infrared ray detection type, a surface ultrasonic wave conduction type, A tension measuring method, a piezo effect method, etc.), a jog wheel, a jog switch, and the like, but is not limited thereto.

The memory 260 may store a program for processing and control of the controller 250 and may store data to be input / output (e.g., a plurality of menus, a plurality of first hierarchical submenus corresponding to each of the plurality of menus, A plurality of second layer submenus corresponding to each of the plurality of first layer submenus, and the like).

The memory 260 may store the metadata relating to the message transmission / reception application in advance.

The memory 260 may be a flash memory type, a hard disk type, a multimedia card micro type, a card type memory (e.g., SD or XD memory), a RAM (Random Access Memory) SRAM (Static Random Access Memory), ROM (Read Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), PROM (Programmable Read-Only Memory) , An optical disc, and the like. Also, the user terminals 200 and 300 may operate a web storage or a cloud server that performs a function of storing the memory 260 on the Internet.

5 is a block diagram showing the structure of the control unit 250 of the user terminals 200 and 300. Referring to FIG.

5, the control unit 250 of the user terminals 200 and 300 includes an input control unit 251, a message receiving unit 252, a message transmitting unit 253, a data calling unit 254, an encryption unit 255, A decryption unit 256, a key generation unit 257, and an authentication management unit 258. First, the structure of the user terminals 200 and 300 will be described with reference to embodiments related to message transmission.

The input control unit 251 controls to input the first message. The input control unit 251 controls the first message to be generated according to the input signal input by the user input unit 240. The input control unit 251 may generate a first message including a title, content, sender information, recipient information, attachment file, and the like of the first message in correspondence with the input signal input by the user.

The message transmission unit 253 controls the first message to be transmitted to the second user terminal 200 or 300, which is a receiver of the first message. The message transmission unit 253 may change the format of the first message according to the protocol associated with the first message. For example, when the first message is transmitted / received through a communication network such as TCP / IP or NFC, the message transmission unit 253 can change the structure of the first message according to each communication protocol. Also, according to the setting of the user, the message transmission unit 253 may control to further encrypt each parameter of the first message. That is, the message transmission unit 253 can encrypt the message or transmit the message as it is according to the security-related setting of the user.

The key generation unit 257 may generate an encryption key for encrypting the first message. The key generation unit 257 may generate an encryption key for encrypting the first message and a decryption key corresponding to the encryption key. Here, the relationship between the encryption key and the decryption key may be either a symmetric key or an asymmetric key.

The key generation unit 257 can generate the contents of the message and the key for encrypting the attachment file, respectively. First, the process of generating the encryption key of the attached file will be described. The key generation unit 257 can generate the encryption key of the attached file of the message in consideration of the size of the attached file of the message. For example, when the capacity of the attached file of the message is smaller than a preset threshold size, the key generation unit 257 can generate a random value as an encryption key of the attached file without regard to the attached file.

The key generation unit 257 may generate the hash value of the attached file with the encryption key of the attached file when the capacity of the attached file of the message is larger than the threshold size or when the same attached file is sent in a large amount. In the case where a random value is generated using an encryption key of an attached file, the message server 100 that provides message reception / reception via the user terminals 200 and 300 encrypts the same contents with different contents, Storage, and management resources. On the other hand, when a hash value is generated with an encryption key of an attachment file, the message server 100 controlling to send and receive a message through the user terminals 200 and 300 according to the embodiments of the present invention, You only need to manage the original. That is, when a file having the same hash value as the specific original file already stored is transmitted to the message server 100, it is determined that the original file and the transmitted file are the same file, And transfers the file to the recipient without processing.

The key generation unit 257 can generate the encryption key of the attached file of the message in consideration of the type of the attached file of the message. For example, when the attached file of the message is a moving image, the key generation unit 257 can generate the hash value of the attached file with the encryption key of the attached file. If the attachment of the message is a voice file or an image, the key generation unit 257 can generate a random value with an encryption key of the attachment file, regardless of the attachment file.

In an alternative embodiment, the key generation unit 257 may generate the encryption key of the attachment of the message, taking into account the number of recipients or the number of recipients of the message. For example, when a message is input to be transmitted to a large number of users, that is, when the number of recipients of a message is equal to or greater than a predetermined threshold value, the key generation unit 257 encrypts the attachment file The hash value of the attachment can be generated as the encryption key of the attachment for the recipients of the message. In addition, when one message is input by many users to be shared with another user, if the number of messages shared is equal to or greater than a predetermined threshold number, the key generation unit 257 generates, The hash value of the attachment can be generated with the encryption key of the attachment. Next, the process of generating an encryption key for encrypting the contents of the message will be described. The key generation unit 257 can randomly generate an encryption key for encrypting the contents of the message. At this time, the encryption key can be randomly generated in consideration of the recipient information, the sender information, the transmission time, the transmission date, and the like.

In another embodiment, the key generation unit 257 may generate a different encryption key for each recipient in the case of the first message generated to be transmitted to the user terminals 200 and 300 of the plurality of recipients. In the case of the first message to be transmitted to the second user terminal 301 and the third user terminal 302, the key generating unit 257 generates the first encryption key and the second encryption key used for transmission to the second user terminal 301, 3 user terminal 302, as shown in FIG.

More specifically, the hash value of a file is a value calculated by calculating a file's data through a hash function or a hash algorithm, and is a unique value of the file . Because the hash value is a unique value in the file, the fact that two files have the same hash value means that the two files are almost identical files. Types of hash functions include CRC32, md5, SHA-1, RIPEMD-128, and Tiger.

In order to prevent a third party other than the sender and the receiver from decrypting a message, the user terminal 200 or 300 according to embodiments of the present invention transmits an asymmetric key The utilized encryption method can be used. That is, each of the user terminals 200 and 300 according to embodiments of the present invention includes a first user terminal 200 that transmits a message or a private key that encrypts a message by a second user terminal 300 that receives a message, A public key that decrypts the message may be generated. The message encrypted with the first private key may be decrypted using the first public key corresponding to the first private key, and the message encrypted with the first public key may be decrypted using the first private key. That is, the private key, the public key corresponding to the private key, and the public key corresponding to each other have a corresponding relationship and perform decryption or encryption, respectively. In the case of symmetric cryptography, asymmetric cryptography uses the same cryptographic key (private key) in encrypting or decrypting, whereas the asymmetric cryptography uses the private key of encryption and the public key of decryption as keys there is an advantage in that the public key can not be decrypted from the private key while being related to the key and the lock. Examples of symmetric key cryptography algorithms are DES, Double DES, Triple DES, AES, IDEA, SEED, Blowfish, and ARIA. Examples of symmetric key cryptography algorithms are RSA, DSA, ECC, EIGamal, Rabin This can be. In addition, the user terminals 200 and 300 according to the embodiments of the present invention can encrypt a message using a symmetric key algorithm.

The encryption unit 255 encrypts the content of the first message and the attached file using the encryption keys generated by the key generation unit 257. [ The encryption unit 255 can encrypt the contents of the first message and the attachment using one or more encryption keys. The encryption unit 255 can encrypt the first message, which is set to be transmitted to a plurality of recipients, using an encryption key generated for each recipient.

In order to prevent the contents of the message from being disclosed, the user terminals 200 and 300 according to the embodiments of the present invention can control to encrypt and transmit the contents of the message using a randomly generated encryption key, It can be controlled to encrypt and transmit the encryption key using the generated encryption key considering the type or size of the attached file.

Next, the structure of the user terminals 200 and 300 will be described focusing on embodiments related to message reception.

The message receiving unit 252 controls the message server 100 to receive the index corresponding to the second message or the second message from the second user terminal 200 or 300. [ The message receiving unit 252 may control to receive the decryption key for decrypting the second message together with the index corresponding to the second message or the second message. The user terminals 200 and 300 according to the embodiments of the present invention may utilize the decryption key in transmitting the response message for the second message. Here, since the index is information generated and managed by the message server 200 according to the embodiments of the present invention, it is possible to transmit and receive indexes by using fewer resources than to transmit and receive messages, It is possible to transmit an index corresponding to a message without transmitting and receiving.

In the case of transmitting and receiving the message itself, the data call unit 254 may not need the data call, but if the message and the indexes corresponding to the attached file are transmitted / received, the data calling unit 254 transmits the index corresponding to the attached file included in the second message Can be used to invoke the attachment. The data calling unit 254 can invoke the contents of the message using the index corresponding to the message if the contents of the message are not directly received in relation to the contents of the message. The data calling unit 254 can call one or more items included in the message using the index.

The decryption unit 256 can decrypt the received index, the content of the message, the attached file, etc. using the decryption key.

Lastly, a configuration related to a method of using a message transmission / reception service using a plurality of terminals owned or used by the same user, i.e., the first user terminal 201 and the third user terminal 202 will be described.

The authentication management unit 258 manages the communication between the third user terminal 202 and the third user terminal 202 so that a user who transmits and receives a message through the first user terminal 201 can share transmission and reception details through the first user terminal 201 through the third user terminal 202. [ It is possible to perform an authentication process for the authentication server 202.

5, the authentication management unit 258 may include an authentication key receiving unit 2581, an authentication key processing unit 2582, an encryption unit 2583, and a key transmission unit 2584.

First, a user must go through a login procedure through a message sending / receiving application to send / receive a message using the third user terminal 202. When the user ID and the password match the user information through the first user terminal 201, the message server 100 controls the first user terminal and the third user terminal to transmit and receive messages, can do.

When transmitting / receiving a message through the first user terminal 201, the authentication key receiving unit 2581 of the third user terminal 202 different from the first user terminal transmits a first authentication key for message sharing and transmission / (100).

The third user terminal 202 may include an authentication key processing unit 2582 controlled to input the received authentication key. The authentication key processing unit 2582 controls the first user terminal 201 to receive the authentication key received. The authentication key processing unit 2582 transmits the input second authentication key to the message server 100. The authentication key processing unit 2582 can receive the result of the validity determination of the second authentication key in response to the authentication key transmission. That is, when the first authentication key and the second authentication key are identical, the authentication key processing unit 2582 receives the message indicating that the authentication is completed, and accordingly, shares one or more messages transmitted and received through the first user terminal 201 do.

The authentication key processing unit 2582 controls the first user terminal 201 to receive the encryption key or the decryption key using the authentication key. If the message transmission / reception becomes possible through the authentication process, the authentication key processing unit 2582 controls the encryption key or the decryption key to be shared so that the message can be decrypted and encrypted. At this time, the encryption key or the decryption key is encrypted using the authentication key and transmitted / received from the first user terminal 201 to the third user terminal 202.

The encryption unit 2583 encrypts the message using the encryption key received through the authentication key processing unit 2582.

In this way, the user can send and receive messages using the third user terminal 202 as well as the first user terminal 201, and send and receive messages sent through the first user terminal 201 to the third user terminal 202 ).

7 to 8 are flowcharts illustrating a message transmission / reception method according to embodiments of the present invention.

7, the message transmission / reception method according to embodiments of the present invention may include a message input step S110, a key generation step S120, an encryption step S130, and a transmission step S140 .

In step S110, the first user terminal 201 controls to input the first message. The first user terminal 201 controls the first message to be generated according to the input signal input by the user input unit 240. The first user terminal 201 may generate a first message including a title, content, sender information, recipient information, attachment file, etc. of the first message in correspondence with the input signal input by the user.

In S120, the first user terminal 201 may generate an encryption key for encrypting the first message. The first user terminal 201 may generate a private key for encrypting the first message and a decryption key corresponding to the encryption key.

The first user terminal 201 may generate a key for encrypting the content of the message and the attachment file, respectively. First, a process of generating an encryption key of an attached file will be described. The first user terminal 201 can generate an encryption key of an attached file of a message, taking into account the size of the attached file of the message. For example, if the size of the attached file of the message is smaller than the predetermined threshold size, the first user terminal 201 can generate a random value as an encryption key of the attachment file, regardless of the attached file. If the capacity of the attached file of the message is larger than the critical size, the first user terminal 201 may generate the hash value of the attached file with the encryption key of the attached file.

The first user terminal 201 may generate an encryption key of an attached file of the message in consideration of the type of the attached file of the message. For example, when the attached file of the message is a moving image, the first user terminal 201 may generate the hash value of the attached file with the encryption key of the attached file. If the attachment of the message is a voice file or an image, the first user terminal 201 may generate a random value with the encryption key of the attachment without regard to the attachment.

Next, a process of generating an encryption key for encrypting the contents of the message will be described. The first user terminal 201 can randomly generate an encryption key for encrypting the contents of the message. At this time, the encryption key can be randomly generated in consideration of the recipient information, the sender information, the transmission time, the transmission date, and the like.

In another embodiment, the first user terminal 201 may generate a different encryption key for each recipient in the case of a first message that is generated to be transmitted to the user terminals 200, 300 of a plurality of recipients. In the case of a first message to be transmitted to the second user terminal 301 and the third user terminal 302, the first user terminal 201 may include a first encryption key used to be transmitted to the second user terminal 301, And a second encryption key used to be transmitted to the third user terminal 302, respectively.

In step S130, the first user terminal 201 encrypts the content of the first message and the attached file using the encryption keys generated by the key generation unit 257, respectively. The first user terminal 201 may encrypt the contents of the first message and the attachment using one or more encryption keys (or encryption keys). The first user terminal 201 can encrypt the first message set to be transmitted to a plurality of users using an encryption key generated for each user.

In S140, the first user terminal 201 transmits the encrypted first message to the message server 100 to transmit the encrypted first message to the second user terminal, which is the recipient of the first message. The message server 100 transmits the encrypted first message received from the first user terminal 201 to the second user terminal as the receiver.

As shown in FIG. 8, the message transmission / reception method according to embodiments of the present invention may include a message reception step S210, a data call step S220, and a data decryption step S230.

In step S210, the first user terminal 201 controls the message server 100 to receive the index corresponding to the second message or the second message from the second user terminal 200 or 300. [ The message server transmits a decryption key for decrypting the second message or the second message from the second user terminal to the first user terminal. The first user terminal 201 may control to receive a decryption key for decryption of the second message together with an index corresponding to the second message or the second message.

In S220, when the message itself is transmitted and received, the data call may be unnecessary. Otherwise, when transmitting and receiving the indexes corresponding to the message and the attached file, the first user terminal 201 transmits the attached file included in the second message Using the corresponding index, the attachment file can be called. The first user terminal 201 can call the contents of the message using the index corresponding to the message if the contents of the message are not directly received. The first user terminal 201 may call one or more items included in the message using an index. The message server calls the attachment using the index corresponding to the attachment included in the message. The message server calls the contents of the message using the index corresponding to the message. The message server calls one or more items included in the message using an index.

In S230, the first user terminal 201 can decrypt the received index, the content of the message, and the attached file using the decryption key. The first user terminal 201 may control to display a screen including a content requesting security for the message if the decryption has failed.

9 is a flowchart illustrating a process of transmitting and receiving a message between a first user terminal and a second user terminal.

The first user terminal 201 may generate an encryption key for encrypting the input message and generate a decryption key corresponding to the encryption key. Since the relationship between the encryption key and the decryption key has been described above, the detailed description is omitted (S901). Here, the encryption key can be generated to encrypt the contents of the message and the attachment of the message, respectively.

The first user terminal 201 receives a user input for generating a message including an attachment file (S902). The first user terminal 201 encrypts the contents of the attached file and the message using the encryption key (S903). The first user terminal 201 transmits the decryption key and the encrypted file and message to the message server (S904, S905). The message server receives the decryption key and the encrypted file and message from the first user terminal. Here, a plurality of decryption keys may be generated for each of the message and the attached file included in the message. The message generated to be transmitted to the second user terminal 300 of the receiver included in the message is transmitted to the second user terminal 300 (S905, S906). The message server transmits the encrypted file, the message, and the decryption key to the second user terminal 300, which is the receiver of each message. Upon receiving the decryption key and the encrypted file and message, the second user terminal 300 decrypts the message and the file included in the message using the decryption key (S908).

10 is a flowchart illustrating a message sharing process between the first user terminal and the third user terminal.

A user possessing or possessing both the first user terminal 201 and the third user terminal 202 may input login information for sending and receiving messages through the third user terminal 202 (S1001). The third user terminal 202 transmits the login information to the message server 100 (S1002). The message server 100 determines the validity of the login information (S1003). That is, the message server 100 determines whether the ID information and the password information included in the login information correspond to each other. The message server 100 determines whether the first user ID and the password of the first user are included. If the login information is valid, the message server 100 transmits the randomly generated first authentication number to the third user terminal 202 (S1004). Thereafter, a signal is sent to the first user terminal 201, which the user owns or owns, to input the authentication number. In response to the signal, the first user terminal 201 displays a user interface for inputting the authentication number (S1005). The first user terminal 201 receives the second authentication number according to the user interface (S1006). The first user terminal 201 transmits the input second authentication number to the message server 100 (S1007). The message server 100 determines whether the first authentication number matches the second authentication number (S1008). If the first authentication number matches the second authentication number, the message server 100 completes the authentication process for the third user terminal (S1009). After step S1001 to step S1009, the message server 100 transmits a message received or transmitted by the first user terminal 201 to the third user terminal 202, And transmits the message received or transmitted by the first user terminal 201 to the first user terminal 201. That is, the first user terminal 201 and the third user terminal 202 share the same message transmission / reception history.

In an alternate embodiment, the confirmation information for each message may be different between the first user terminal 201 and the third user terminal 202. For example, a message identified through the first user terminal 201 may be displayed as an unacknowledged message in the third user terminal 202.

11 to 14 are diagrams illustrating examples of a user interface provided to a user terminal according to embodiments of the present invention.

 Reference numeral 1101 shown in FIG. 11 is a user interface displayed on the first user terminal 201, and is a screen for receiving an authentication number transmitted to the third user terminal 202. 11, the first user terminal 201 can perform the authentication process by inputting the 6-digit authentication number and clicking the identity confirmation button 1102. [

Reference numeral 1201 shown in FIG. 12 is a user interface for displaying a message on the user terminals 200 and 300. The user terminals 200 and 300 that have not authenticated themselves will display the message in an encrypted state 1202 and perform a separate identity verification by clicking the button 1203 for identity verification.

As shown in FIG. 13, 1301 can display a screen displaying a list of one or more chat rooms created by a user and a screen displaying a dialog made in each chat room (1301). When the other party transmits a message 1302 requiring an additional security process, the user does not display the message even if the user has already confirmed the identity, and the user performs a separate authentication process to confirm the content of the message (S1303).

As shown in FIG. 14, 1401 can display a chat room list, and prevents an encrypted message from being displayed in the chat room list (1402).

The embodiments of the present invention described above can be embodied in the form of a computer program that can be executed on various components on a computer, and the computer program can be recorded on a computer-readable medium. At this time, the medium may be a magnetic medium such as a hard disk, a floppy disk and a magnetic tape, an optical recording medium such as CD-ROM and DVD, a magneto-optical medium such as a floptical disk, , A RAM, a flash memory, and the like, which are specifically configured to store and execute program instructions. Further, the medium may include an intangible medium that is implemented in a form that can be transmitted over a network, and may be, for example, a medium in the form of software or an application that can be transmitted and distributed through a network.

Meanwhile, the computer program may be designed and configured specifically for the present invention or may be known and used by those skilled in the computer software field. Examples of computer programs may include machine language code such as those produced by a compiler, as well as high-level language code that may be executed by a computer using an interpreter or the like.

The specific acts described in the present invention are, by way of example, not intended to limit the scope of the invention in any way. For brevity of description, descriptions of conventional electronic configurations, control systems, software, and other functional aspects of such systems may be omitted. Also, the connections or connecting members of the lines between the components shown in the figures are illustrative of functional connections and / or physical or circuit connections, which may be replaced or additionally provided by a variety of functional connections, physical Connection, or circuit connections. Also, unless explicitly mentioned, such as " essential ", " importantly ", etc., it may not be a necessary component for application of the present invention.

The use of the terms " above " and similar indication words in the specification of the present invention (particularly in the claims) may refer to both singular and plural. In addition, in the present invention, when a range is described, it includes the invention to which the individual values belonging to the above range are applied (unless there is contradiction thereto), and each individual value constituting the above range is described in the detailed description of the invention The same. Finally, the steps may be performed in any suitable order, unless explicitly stated or contrary to the description of the steps constituting the method according to the invention. The present invention is not necessarily limited to the order of description of the above steps. The use of all examples or exemplary language (e.g., etc.) in this invention is for the purpose of describing the present invention only in detail and is not to be limited by the scope of the claims, It is not. It will also be appreciated by those skilled in the art that various modifications, combinations, and alterations may be made depending on design criteria and factors within the scope of the appended claims or equivalents thereof.

10: Message sending / receiving system
100: message server
200, 300: user terminal
400: communication network

Claims (7)

In a message server,
Receiving an attaching file and a decryption key of a message encrypted with an encryption key from a first user terminal and storing an attachment file and a decryption key of a message encrypted with the encryption key without directly storing and managing the decryption key, To be transmitted,
The message server
Determining whether the attached file has a past history based on the index of the attached file of the message,
Determining whether to additionally store the original file of the attachment file,
And a message processing unit for processing the attached file to be transmitted and shared using one index without storing and managing the index of the attached file or the attached file as many times as one attached file is transmitted or shared,
If the attached file is determined to be the same file as the original file in which the attached file is already stored, the attachment of the message encrypted by the first user terminal from the second user terminal without further storing the attached file To the second user terminal by a call using an index.
The method according to claim 1,
The encryption key for encrypting the attachment is
A random value or a hash value. The method according to claim 1,
The attachment
And decrypting the message using the decryption key received together with the message.
delete delete The method according to claim 1,
Receiving login information for message transmission / reception from a third user terminal associated with the first user terminal,
Wherein the first user terminal provides a user interface for inputting an authentication number to the first user terminal.
The method according to claim 6,
After completing the authentication process for the third user terminal,
Characterized in that the message server is adapted to deliver a message received or transmitted by the first user terminal to the third user terminal.

Images