KR101951201B1 - Method for operating application performing security function and corresponding application - Google Patents

Abstract

Lt; / RTI > method of operation of an application. The method includes determining whether a security module of a first application executed in a first terminal forgery or falsifies a security module, determining whether a forgery or falsification of a main module of the first application is performed when the security module is not tampered with, The security module of the first application determines whether the security module is forged or not, when the first application is not forged or falsified as a result of the determination. And determining whether the user has falsified or not.

Description

METHOD FOR OPERATING APPLICATION PERFORMING SECURITY FUNCTION AND CORRESPONDING APPLICATION [0002]

An embodiment according to the concept of the present invention relates to a method of operating an application and more particularly to a method for determining whether a forgery or falsification of an operating system (OS) executed in a terminal and forgery or falsification of an application executed in the terminal Lt; RTI ID = 0.0 > and / or < / RTI > corresponding applications.

2. Description of the Related Art [0002] With the recent spread of mobile communication terminals, application programs, i.e., applications, which are driven by the mobile communication terminals, are widely used. These applications are relatively vulnerable to forgery because they operate on open platforms and various network access environments.

As the use of applications increases, more and more applications are being falsified or tampered with. When the application is illegally tampered with, the personal information of the user of the portable device can be exposed with no protection.

In addition, various hacking technologies are emerging, such as rooting or jailbreaking smartphones or tablet PCs to illegally use applications.

Patent Registration No. 10-1297936 (Feb.

SUMMARY OF THE INVENTION It is an object of the present invention to provide a method for determining whether an OS executed in a terminal is forged or falsified, whether an application is forged or falsified, and whether an application installed in another terminal communicating with the terminal is falsified or not, And to provide a corresponding application.

A method of operating an application according to an exemplary embodiment of the present invention includes: determining whether a security module of a first application executed in a first terminal forgery or falsifies a security module; Determining whether the first application is forged or not, and determining whether the first application is forged or not; and if the first application has not been tampered with, the security module of the first application, And determining whether the first OS executed in the first terminal is forged or not.

A method of operating an application according to an embodiment of the present invention includes generating a current first APP value indicating a current state of the first application, the first application being executed in a first terminal, Receiving a first APP value from the server; comparing the current first APP value with the received first APP value; and comparing the current first APP value with the reference APP value, Determining that the first application has not been tampered with when the AP value is equal to the first application; and when the first application has not been tampered with as a result of the determination, Generating a current OS value that indicates a status of the first OS; And wherein the first application comprises a step of comparing the current value and the OS receiving the reference OS value.

A method of operating an application according to an exemplary embodiment of the present invention includes: determining whether a security module of a first application executed in a first terminal forgery or falsifies a security module; Determining whether the first application is forged or not, determining whether the first application is forged or not, determining whether the first application is forged or not, and if the first application is forged or not, The method of claim 1, further comprising: determining whether the first OS is forged or falsified; determining whether the first OS is forged or not; and if the first OS is not forged or falsified as a result of the forgery or falsification of the first OS, Determines whether the second application executed in the second terminal communicating with the second application is forged or not, And verifying the second terminal.

A method of operating an application according to an embodiment of the present invention includes generating a current first APP value indicating a current state of the first application, the first application being executed in a first terminal, Receiving a first APP value from the server; comparing the current first APP value with the received first APP value; and comparing the current first APP value with the reference APP value, Determining that the first application has not been tampered with when the first AP is equal to the first application; and when the first application has not been tampered with as a result of the forgery or falsification of the first application, Generating a current OS value indicating a current state of the first OS; S value from the server; comparing the current OS value with the received reference OS value; and when the first OS is not forged or falsified as a result of the forgery or falsification of the first OS, And the first application verifies whether the second application executed in the second terminal communicating with the first terminal is forged or not, and verifying the second terminal.

A method of operating an application according to an exemplary embodiment of the present invention includes: determining whether a security module of a first application executed in a first terminal forgery or falsifies a security module; Determining whether the first application is forged or not, determining whether the first application is forged or not, determining whether the first application is forged or not, and if the first application is forged or not, The method of claim 1, further comprising: determining whether the first OS is forged or falsified; determining whether the first OS is forged or not; and if the first OS is not forged or falsified as a result of the forgery or falsification of the first OS, Determines whether the second application executed in the second terminal communicating with the second application is forged or not, Verifying the second terminal; and when the second terminal has been verified as a result of the verification of the second terminal, the first application sharing the message key with the second terminal to communicate with the second terminal The first application generates a first plaintext, encrypts the first plaintext using the shared message key to generate a first ciphertext, and transmits the generated first ciphertext to the second terminal Wherein the first terminal receives the second ciphertext from the second terminal if the second terminal generates a second plaintext and encrypts the second plaintext with the shared message key to generate a second ciphertext, And the first application decrypting the second cipher text using the shared message key to recover the second plaintext.

A method of operating an application according to an embodiment according to the concept of the present invention may be implemented as a program stored in a computer-readable recording medium.

A method of operating an application according to an embodiment in accordance with the inventive concept may be stored in a computer-readable recording medium.

A computer system according to an embodiment of the present invention includes a processor and a memory associated with the processor, the memory storing a program for performing a method of operating an application according to an embodiment in accordance with the concept of the present invention .

The application according to the concept of the present invention can determine whether the application itself is forged or not, as well as determine whether the operating system of the terminal installed with the application is forged or falsified.

An application according to an embodiment according to the concept of the present invention can verify a terminal communicating with a terminal equipped with the application.

An application according to an exemplary embodiment of the present invention uses information about a file (or a code) constituting an operating system or an application stored in a server to determine whether the operating system of the terminal is falsified or not and whether the application itself is falsified or not It can be judged.

Since the application according to the embodiment of the present invention uses information about a file (or a code) constituting an operating system or an application stored in a terminal, the application does not communicate with the server, It is possible to judge whether a forgery or falsification and whether the application itself is falsified or not.

A terminal equipped with an application according to an embodiment of the present invention can verify the other terminal before communicating with another terminal and securely communicate with the other terminal, May be encrypted and stored in the terminal or the application.

Figure 1 conceptually illustrates a network comprising a plurality of terminals according to embodiments of the present invention.
2 shows a schematic configuration of a terminal including an application according to the concept of the present invention.
3 is a flowchart illustrating a method for determining whether an application forgery or falsifies an OS and forgery or falsification of an application according to an embodiment of the present invention.
FIG. 4 is a flow chart for explaining in detail a method for determining whether an application is forged or falsified according to an embodiment according to the concept of the present invention.
5 is a flowchart illustrating a method for determining whether an application forgery or falsifies the application according to an embodiment of the present invention.
FIG. 6 is a flowchart illustrating a method for determining whether an application forgery or falsifies an application using another terminal communicating with a terminal equipped with the application according to an embodiment of the present invention.
FIG. 7 and FIG. 8 are flowcharts for explaining a method for determining whether an application according to an embodiment of the present invention determines whether an OS is forged or falsified.
9 is a flowchart illustrating a method for a first application to verify a second terminal and communicate with a verified second terminal in accordance with an embodiment of the present invention.
Figure 10 shows a flowchart for describing in detail a method for a first application verifying a second terminal according to an embodiment in accordance with the inventive concept.
11 is a data processing diagram illustrating a method by which a first application communicates with a second terminal, in accordance with an embodiment consistent with the present invention.
12 is a data processing diagram illustrating a method by which a first application communicates with a second terminal, in accordance with an embodiment consistent with the present invention.
13 is a flowchart illustrating a method of analyzing a communication pattern of another terminal communicating with a terminal installed with the application according to an embodiment of the present invention.

The method of operation of the application (abbreviated application software or software or program except operating system) according to the concept of the present invention may be written in computer-readable program code and stored in a computer-readable recording medium have. The recording medium may refer to a storage medium such as a database of an app store (R) or a memory (e.g., a non-volatile memory device, a USB drive, or a memory card, etc.).

In this specification, the forgery or falsification of an operating system or an application refers to any action that arbitrarily falsifies, modulates, and / or changes the operating system or the application by an operation such as arbitrarily operating the operating system or the program code of the application. According to the embodiment, the forgery and falsification of the operating system may mean the routing of the Android OS or the jailbreak of iOS (Apple's mobile operating system), and the forgery or falsification of the application is meant to falsify, modulate, and / or change the source code of the application But is not limited thereto.

In this specification, when an application (or a smartphone application, an application, a mobile application, or a web application) performs a certain function (or operation), it may mean that the application performs the function Or a device (e.g., a terminal or an electronic device) in which the application is installed (or executed) may perform the function (or operation) using the application. That is, the function performed by the application can be understood as a function performed by a device in which the application is installed (or executed).

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings attached hereto.

Figure 1 conceptually illustrates a network comprising a plurality of terminals according to embodiments of the present invention. The network (or network system) 10-1 shown in Fig. 1 may include a plurality of terminals 100-1, 100-2, ..., 100-n (n is a natural number of 2 or more). Referring to FIG. 1, each of the terminals 100-1, 100-2,..., 100-n may denote an electronic device capable of storing, executing, controlling, or changing a software program. In accordance with an embodiment, each terminal 100-1, 100-2, ..., 100-n may refer to an electronic device that executes the applications described herein and may operate in a mobile environment.

Each of the terminals 100-1, 100-2, ..., and 100-n is connected to each of the applications 110-1, 110-2, ..., 110- -n) can be included (or executed). According to the embodiment, each of the applications 110-1, 110-2, ..., 110-n may be the same application (or an application performing the same function), but is not limited thereto. For example, each of the terminals 100-1, 100-2, ..., and 100-n is connected to each of the applications 110-1, 110-2, ..., 110-n and each of the OSs 120-1, 120-2, ..., , 120-n, a processor (or application processor) that executes them, and a transceiver for communication with other terminals.

For example, each of the terminals 100-1, 100-2, ..., 100-n may be a laptop computer, a smart phone, a tablet PC, a PDA (personal digital assistant), a digital camera, a wearable , An internet of things (IoT) device, or an internet of everything (IoE) device.

Each of the terminals 100-1, 100-2, ..., 100-n can communicate with each other. According to the embodiment, each of the terminals 100-1, 100-2, ..., and 100-n can exchange data with each other using a wireless communication network.

For example, each of the terminals 100-1, 100-2, ..., 100-n can chat with each other using the wireless communication network, and can share a file or the like. The wireless communication network may be a wireless local area network (WLAN) such as Wi-Fi (wireless fidelity), a bluetooth, a wireless universal serial bus (USB), a Zigbee, ), Radio-frequency identification (RFID), or a mobile cellular network such as a 3G communication network, a 4G communication network, an LTETM, or an LTE-A, but is not limited thereto.

According to the embodiment, each of the terminals 100-1, 100-2, ..., 100-n may be implemented by the same kind of apparatus, but is not limited thereto. For example, each terminal 100-1, 100-2, ..., 100-n shown in FIG. 1 may refer to the terminal 100 of FIG. 2, which will be described below.

Server 200 may refer to a device or software that provides various resources (e.g., files, communication lines, etc.) in a particular system. The server 200 can provide the resources to the devices connected to the server 200 and the devices connected to the server 200 can communicate with each other.

The server 200 transmits a file (or code) necessary for the operation of each application 110-1, 110-2, ..., 110-n to each of the terminals 100-1, 100-2, ..., 100-n . Namely, each of the applications 110-1, 110-2, ..., 110-n transmits a file (or code) necessary for the operation of each of the applications 110-1, 110-2, As shown in Fig. 1, each terminal 100-1, 100-2, ..., 100-n may communicate directly with each other (e.g., without going through the server 200) or may communicate with the server 200 So that they can communicate with each other.

In this specification, the first application transmitting and receiving signals or data to and from the second application may mean that a first terminal installed with the first application exchanges signals or data with a second terminal installed with the second application .

2 shows a schematic configuration of a terminal including an application according to the concept of the present invention. Referring to FIG. 2, the terminal 100 may refer to the first terminal 100-1 of FIG. The terminals 100-1 to 100-n (collectively or collectively, 100) are connected to the applications 110-1 to 110-n (collectively or collectively 110) and the OSs 120-1 to 120-n Collectively or collectively, 120). For example, the terminal 100 may include at least one memory device that stores the application 110 and the OS 120, and a processor that executes at least one of the applications 110 and the OS 120. [

The application 110 may include a security module 112 and a main module 114. According to an embodiment, the application 110 may be a package application that includes a security module 112 and a main module 114 implemented in the form of a library. For example, functions performed by the security module 112 and the main module 114 described herein may be understood as functions performed by the application 110

The application 110 may use the security module 112 to protect the file (or code) of the application 110 (or the application 110) from tampering.

In other words

A module in this specification may mean a functional or structural combination of software that performs a specific function. For example, the module may be executed by a processor.

Application 110 may refer to a set of instructions, computer software, or programs to perform a particular task. According to embodiments, the application 100 may be a chatting application or a chat application, a banking (or mobile banking) application, a mobile payment application, a peer-to-peer payment, A variety of services can be provided to the user, such as an application, a stock trading application, a mobile messenger application, a social network application, a media application, a game application, a trading application, But is not limited to, an application that may be provided.

The application 110 may be a native application that is downloaded from the server 200 and installed and used in the terminal 100 or a web used through a browser installed on the terminal 100 without a separate download procedure, But may also refer to a hybrid application in which the native application and the web application are combined. The security module 112 may be used to forge or falsify a particular program or software, (Or monitoring) whether or not the received signal has been modulated (or modulated). According to embodiments, the security module 112 may determine whether at least one of the forgery and falsification of the security module 112, the forgery and falsification of the main module 114, the forgery and falsification of the OS 120, Can be determined.

The security module 112 may sequentially determine whether the terminal 100 is forged or falsified. For example, the security module 112 first determines whether the security module 112 itself is forged or not, and when the security module 112 has not been tampered with according to the result of the determination, it can determine whether the main module 114 has been tampered with or not In this way, it is possible to determine whether the OS 120 is falsified or not, and determine whether the application installed in the other terminal is falsified or not.

That is, the application 110 executed in the terminal 100 can determine whether the application 110 (for example, the security module 112 and the main module 114) is forged or falsified and whether the OS 120 is falsified or not The security module 112 may determine whether an application (or OS) installed in another terminal communicating with the terminal 100 is forged or not. The security module 112 may be installed in the terminal 100 or another terminal communicating with the terminal 100 It is possible to determine whether the application is forged or falsified, and transmit a signal indicating the result of the determination to the main module 114 through an application programming interface (API).

The security module 112 may generate a log corresponding to the result of the forgery or falsification determination.

The security module 112 may be executed concurrently with the application 110 when the application 110 is executed and concurrently with the application 110 when the application 110 is terminated. Where the coincidence involves some time difference.

The main module 114 may refer to a module that performs the main function of the application 110. According to embodiments, the main module 114 may refer to a portion of the application 110 other than the security module 112. For example, when the application 110 is a financial (payment or Fin Tech) application, the security module 112 refers to a module for judging whether a forgery or falsification has occurred, and the main module 114 refers to a financial ) Service. ≪ / RTI >

The main module 114 may operate according to whether the security module 112 is forged or not. According to the embodiment, the main module 114 determines that at least one of the applications 110, the OS 120, and applications installed in other terminals communicating with the terminal 100 has been tampered with by the security module 112 The execution of the application 110 can be stopped. The main module 114 may maintain the execution of the application 110 and perform the function of the main module 114 when the security module 112 determines that there is no possibility of forgiveness.

For example, if the forgery and falsification determination result generated by the security module 112 is transmitted to the main module 114, the main module 114 may stop the operation based on the determination result.

2, the security module 112 and the main module 114 are separated from each other. However, the security module 112 and the main module 114 may be implemented as a single integrated module.

3 is a flowchart illustrating a method for determining whether an application forgery or falsifies an OS and forgery or falsification of an application according to an embodiment of the present invention. 1 to 4, the first application 110-1 can judge whether the first application 120-1 is forged or not, as well as determine whether the first application 110-1 is forged or falsified .

According to the embodiment, the first security module included in the first application 110-1 can determine whether the first OS 120-1 is forged or not, and determines whether the first application 110-1 is forged or not can do.

The first application 110-1 including the first security module and the first main module may be executed in the first terminal 100-1 (SlOO).

The first application 110-1 may determine whether the first application 110-1 is forged or not (S200).

When it is determined that the first application 110-1 is falsified (YES in S200), the first application 110-1 executes the execution of the first application 110-1 according to the result of the judgment (S200) (S300).

According to the embodiment, when it is determined that the first application 110-1 has been tampered with, the first application 110-1 outputs a message instructing the forgery and falsification of the first application 110-1, 1 application 110-1 can be automatically terminated.

According to the embodiment, even if the first application 110-1 is judged that the first application 110-1 is forged, the user of the first terminal 100-1 can access the first application 110-1, If the execution of the first OS 120-1 is not desired to be terminated, it may be determined whether the first OS 120-1 is falsified or not (S400).

According to the embodiment, when the first application 110-1 is judged to have been tampered with, the first application 110-1 automatically accesses the server 200 to transmit the first application, which has not been tampered, 200, and re-install the first application that has not been modulated. For example, the first application 110-1 may provide a notification to the user of the first terminal 100-1 via the display of the first terminal 100-1, asking whether to re-install the first application 110-1. When the reinstallation of the first application 110-1 is completed, the first application can automatically re-determine whether the first application 110-1 has been tampered with (e.g., without the user's specific instruction).

According to the result of the judgment (S200), when it is judged that the first application 110-1 is not forged (NO in S200), the first application 110-1 judges that the forgery and falsification of the first OS 120-1 (Step S400). ≪ RTI ID = 0.0 >

The first application 110-1 may periodically or on-the-fly determine whether to forgive the first application 110-1.

The first application 110-1 may determine whether the first OS 120-1 installed in the first terminal 100-1 (or executed in the terminal 100) is forged or not (S400).

When it is determined that the first OS 120-1 has been falsified by the first application 110-1 according to the result of the judgment (S200) (YES in S400), the first application 110-1 1 application 110-1 can be automatically terminated (S500).

According to the embodiment, when it is determined that the first OS 120-1 is forged, the first application 110-1 transmits a message indicating that the first OS 120-1 has been falsified to the first terminal 100-1, 1), and the execution of the first application 110-1 can be automatically terminated.

According to the embodiment, if the user of the first terminal 100-1 does not want to terminate the execution of the first application 110-1, even if the first OS 120-1 is judged to be forged, The first application 110-1 may maintain the execution of the first application 110-1 (S600).

When it is determined by the first application 110-1 that the first OS 120-1 is not forged according to the result of the judgment (S400) (YES in S400), the first application 110-1 (S100) of determining whether the first application 110-1 is forged or falsified.

According to the embodiment, when it is determined by the first application 110-1 that the first OS 120-1 has not been tampered with (YES in S400), the first application 110-1 accesses the first OS 120- 1) is not tampered with.

When it is determined that the first OS 120-1 has been falsified by the first application 110-1 (YES in S400) according to the result of the judgment (S200), the first application 110-1 1 application 110-1 (S500).

Although FIG. 3 shows that the first application 110-1 determines whether the first application 110-1 is forged or falsified and then determines whether the first application 120-1 is forged or falsified, The first application 110-1 may first determine whether the first OS 120-1 is fake or not rather than whether the first application 110-1 is forged or falsified and the first application 120-1 ) And whether the first application 110-1 is forged or falsified can be determined in parallel or independently.

4 shows a flowchart for explaining in detail a method for an application to self-judge whether or not the application is falsified according to an embodiment according to the concept of the present invention.

Referring to FIGS. 1 to 4, the first application 110-1 may generate a first APP value APP1_VAL indicating the status of the first application 110-1 (S210). According to an embodiment, the first application 110-1 may generate a first APP value (APP1_VAL) each time the first application 110-1 is executed, but is not limited thereto.

The first APP value (APP1_VAL) may mean a value generated based on all or a part of the file (or code) constituting the first application 110-1. According to the embodiment, the first APP value (APP1_VAL) is set to a value (APP1_VAL) in the normal (e.g., non-forged) operating environment of the first application 110-1 (E.g., a source code of the first application 110-1) that does not change.

According to the embodiment, the first APP value (APP1_VAL) is a value indicating whether the first application 110-1 in which the first application 110-1 is executed among the files (or program codes) constituting the first application 110-1 And may be generated based on a portion that does not change according to the type of the first OS 120-1. For example, if the first application 110-1 does not change, the first APP value APP1_VAL may have the same value regardless of the type of the first OS 120-1 (e.g., whether it is the Android OS or iOS). Changes in all or a part of the files constituting the first application 110-1, in accordance with an abnormal usage environment (for example, forgery and / or forgery of the first application 110-1 and / or forgery of the first OS 120-1) The generated first APP value (APP1_VAL) can be changed.

 The first application 110-1 transmits the first APP value APP1_VAL generated each time the first application 110-1 is executed to the first application 110-1 or the first application 110-1, Lt; / RTI > According to the embodiment, the first application 110-1 may encrypt and store the first APP value (APP1_VAL). For example, the first APP value (APP1_VAL) may be a hash function value of the file (or code) of the first application 110-1.

The first application 110-1 compares the current first APP value CUR_APP1_VAL with the previous first APP value PRV_APP1_VAL indicating the previous state of the first application 110-1 and sets the values of these (CUR_APP1_VAL and PRV_APP1_VAL) (S212).

The current first APP value (CUR_APP1_VAL) may mean the first APP value (APP1_VAL) generated by the first application 110-1.

The previous first APP value PRV_APP1_VAL may mean the first APP value APP1_VAL generated by the first application 110-1 prior to the generation of the current first APP value CUR_APP1_VAL. According to an embodiment, the previous first APP value (PRV_APP1_VAL) may mean the first APP value (APP1_VAL) generated by the first application 110-1 just before the generation of the current first APP value (CUR_APP1_VAL) But is not limited thereto. According to the embodiment, the previous first APP value (PRV_APP1_VAL) may be plural.

For example, assuming that the first APP value (APP1_VAL) is generated twice (second generation after the first generation), the first APP value generated in the second generation may be the current first APP value (CUR_APP1_VAL) 1 may be the previous first APP value (PRV_APP1_VAL).

The previous first APP value PRV_APP1_VAL may be stored in the first terminal 100-1 and may be read by the first application 110-1.

The first application 110-1 may periodically upload the generated first APP value APP1_VAL to the server 200. The current first APP value CUR_APP1_VAL and the previous first APP value PRV_APP1_VAL are each set to CUR_APP1_VAL And PRV_APP1_VAL) are generated. For example, the current first APP value (CUR_APP1_VAL) may further include information that can identify the version of the first application 110-1 when the current first APP value (CUR_APP1_VAL) is generated, and the previous first APP value PRV_APP1_VAL) may further include information that can identify the version of the first application 110-1 when the previous first APP value (PRV_APP1_VAL) has been generated.

If the first application 110-1 is not forged, the current first APP value (CUR_APP1_VAL) and the previous first APP value (PRV_APP1_VAL) will be the same. Conversely, if the first application 110-1 is forged, there will be a change in at least some of the files constituting the first application 110-1. Therefore, the first APP value (CUR_APP1_VAL) and the previous first APP value (PRV_APP1_VAL) It will not be the same.

Therefore, when the current first APP value (CUR_APP1_VAL) and the previous first APP value (PRV_APP1_VAL) are equal (YES in S212), the first application 110-1 determines that the first application 110 -1) is not forged (S214).

The first application 110-1 may update the previous first APP value PRV_APP1_VAL to the current first APP value CUR_APP1_VAL when the current first APP value CUR_APP1_VAL and the previous first APP value PRV_APP1_VAL are equal. That is, the first application 110-1 may use the current first APP value (CUR_APP1_VAL) used in the current determination as the previous first APP value (PRV_APP1_VAL) in the next determination.

When the current first APP value CUR_APP1_VAL and the previous first APP value PRV_APP1_VAL are not equal to each other (NO in S212), the first application 110-1 transmits the first application 110 -1) is falsified (S216).

Therefore, the application according to the embodiment of the present invention uses the APP value generated by the application, so that it is possible to automatically determine whether the application is forged or not, without depending on the server.

5 is a flowchart illustrating a method for determining whether an application forgery or falsifies the application according to an embodiment of the present invention.

1 to 3 and 5, an application according to an embodiment of the present invention can automatically determine whether or not the application is forged or falsified by using a server.

The first application 110-1 may receive the reference first APP value REF_APP1_VAL from the server 200 (S222).

The reference first APP value (REF_APP1_VAL) may be a value generated in the same manner as the method of generating the first APP value (APP1_VAL).

The reference first APP value (REF_APP1_VAL) may be encrypted. According to an embodiment, the reference first APP value (REF_APP1_VAL) may be digitally signed and stored in the server 200.

The first application 110-1 may receive a reference first APP value (REF_APP1_VAL) from a separate authentication server. According to an embodiment, the first application 110-1 may determine whether to receive a reference first APP value (REF_APP1_VAL) from the server 200 or a reference first APP value (REF_APP1_VAL) from the authentication server according to a set security level (REF_APP1_VAL). The security level may be changed by the first application 110-1.

The first application 110-1 compares the reference first APP value REF_APP1_VAL with the first APP value APP1_VAL generated by the first application 110-1 and generates a reference first APP value REF_APP1_VAL) and the first APP value (APP1_VAL) are identical (S222).

According to an embodiment, the first application 110-1 receives a reference first APP value (REF_APP1_VAL) corresponding to the version of the first application 110-1 from the server 200, (REF_APP1_VAL) and the first APP value (APP1_VAL). For example, when the version of the first application 110-1 is 1.0, the first application 110-1 may receive the reference first APP value (REF_APP1_VAL) corresponding to the version 1.0 in the server 200. [ When the reference first APP value REF_APP1_VAL and the first APP value APP1_VAL are equal to each other (YES in S222), the first application 110-1 receives the first application 110-1 ) Is not forged (S224).

When the reference first APP value REF_APP1_VAL and the first APP value APP1_VAL do not equal to each other (NO in S222), the first application 110-1 determines that the first application 110- 1) is forged (S226).

Since the application according to the embodiment of the present invention performs verification of a file (or a program code) received from a server, it can determine whether the application is forged or falsified even after the application is forged.

According to the embodiment, the first application 110-1 determines the forgery and falsification of the first file (or the first code) of the first application 110-1 without using the server, and the first application 110-1 The second file (or the second code) of the second file can be judged using the server, but the present invention is not limited thereto.

The first file (or first program code) is a file (or program code) that does not change according to the operation of the first application 110-1 among the files (or program codes) constituting the first application 110-1, And the second file (or the second program code) is a file (or program code) that constitutes the first application 110-1 and that changes according to the operation of the first application 110-1 Program code).

FIG. 6 is a flowchart illustrating a method for determining whether an application forgery or falsifies the application using another terminal communicating with a terminal equipped with the application according to an embodiment of the present invention.

1 to 4 and 6, a first application 110-1 may be configured to communicate with a first application 100-1 using a second terminal 100-2 communicating with a first terminal 100-1, It is possible to judge whether or not the forgery and falsification of the data 110-1 is falsified.

The first application 110-1 uses the first APP version information APP1_VI and the first APP value APP1_VAL of the first application and the second APP version information APP2_VI and the second APP value APP2_VAL of the second application It is possible to judge whether the first application 110-1 is forged or not.

The first APP version information APP1_VI and the second APP version information APP2_VI may be information for identifying the first application 110-1 and the second application 110-2, respectively. According to the embodiment, the first APP version information (APP1_VI) may mean information for identifying all or a part of the files of the first application 110-1. For example, the first APP version information APP1_VI may mean information related to the current version of the first application 110-1, but is not limited thereto. The configuration files of the two applications having the same version information may be the same.

The configuration and function of the second APP version information (APP2_VI) may be the same as or similar to the configuration and function of the first APP version information (APP1_VI). That is, the second APP version information (APP2_VI) can be understood similarly to the first APP version information (APP1_VI). The configuration and function of the first APP value (APP1_VAL) is the same as or similar to the configuration and function of the first APP value (APP1_VAL) described with reference to Figs. 1 to 4, and the second APP value (APP2_VAL) . ≪ / RTI >

According to the embodiment, when neither the first application 110-1 nor the second application 110-2 has been tampered with, the first APP value (APP1_VI) and the second APP version information (APP2_VI) APP1_VAL) and the second APP value (APP2_VAL) may be the same.

The first application 110-1 may receive the second application 110-2 from the second terminal 100-2 in communication with the first terminal 100-1 and the second application 110-2 in the second terminal 100-2, (APP2_VI) related to the second APP version information (APP2_VI) and the second APP value (APP2_VAL) related to the second application 110-2 (S230).

According to an embodiment, the second application 110-2 may be the same application as the first application 110-1, but is not limited thereto. Hereinafter, it will be assumed that the first application 110-1 and the second application 110-2 are the same application.

The second application 110-2 may perform the same operations as the operations of the first application described herein. That is, the second application 110-2 can determine whether the second application 110-2 is forged or falsified and whether the second OS 120-2 installed in the second terminal 100-2 is forged or not.

The first application 110-1 may compare the first APP version information APP1_VI and the second APP version information APP2_VI of the first application 110-1 at step S232.

When the first APP version information APP1_VI and the second APP version information APP2_VI are the same (YES in S2220), the first application 110-1 updates the first APP value APP1_VAL according to the comparison result (S232) And the second APP value APP2_VAL (S234).

According to an embodiment, the first application 110-1 may store the received second APP version information APP2_VI and the second APP value APP2_VAL.

When the first APP version information APP1_VI and the second APP version information APP2_VI are the same and the first APP value APP1_VAL and the second APP value APP2_VAL are the same according to the result of the comparison S224, The first application 110 may determine that the first application 110-1 has not been tampered with (S236).

The first application 110 determines that the first application 110-1 is not in a state where the first APP value APP1_VAL and the second APP value APP2_VAL are not equal to each other (NO in S234) May determine that the first application 110-1 has been tampered (S238).

The application according to the embodiment of the present invention can mutually determine whether or not the application is forged or falsified by using another terminal that communicates with the terminal installed with the application without depending on the server.

When the first APP version information APP1_VI and the second APP version information APP2_VI are not the same (NO in S232), the first application 110-1 transmits the first application 110 -1) can be judged by using the first application 110-1.

A method for determining whether a first application 110-1 is forged or falsified using the first application 110-1 has been described with reference to FIGS. 4 and 5, and a description thereof will be omitted.

According to the embodiment, when there is a file that does not change even when version information (VI1 and VI2) of each application 110- and 110-2 is changed among files constituting each application 110-1 and 110-2, The first application 110-1 generates the first APP version information APP1_VI and the second APP version information APP2_VI using the unchanged file to generate the first APP value APP1_VAL and the second APP value APP2_VAL, It is possible to directly compare the first APP value APP1_VAL with the second APP value APP2_VAL without comparing them.

According to the result of the comparison (S2220), when the first APP version information APP1_VI and the second APP version information APP2_VI are not the same, the first application 110-1 is the first application 110-1 , It is possible to determine whether or not the first application 110-1 is forged or falsified. However, the embodiment according to the concept of the present invention is not limited to the above.

FIGS. 7 and 8 are flow charts for explaining a method for determining whether an application forgery or falsifies an OS according to an embodiment of the present invention.

1 to 4 and 7, the first application 110-1 may determine whether or not the first OS 120-1 is forged or not by using the first OS 120-1 with root authority An execution command RAI may be transmitted (S410).

The root account may refer to any privilege or account with the highest privilege (for example, administrator or super-user (su)) in a typical operating system. The root account can control the overall operation of the operating system. Hereinafter, the root authority means the authority of the root account.

The root authority execution command (RAI) can mean an executable command requiring root authority. According to an embodiment, the root authority execution instruction (RAI) may mean an instruction of execution of an instruction requiring root authority. According to the embodiment, the root authority execution command (RAI) may be a command for changing a privilege of a specific user, creating / changing / deleting a system folder, and the like. For example, the root authority execution instruction (RAI) may mean, but is not limited to, an instruction to direct the execution of an API function in the system of the operating system.

When the first OS 120-1 receives the root authority execution command RAI, the first OS 120-1 sends a root authority execution command (RAI) when the currently log-in account has root authority, (E.g., performing an operation corresponding to the root authority execution instruction (RAI)). According to the embodiment, the first OS 120-1 generates a first response RESP1 indicating the execution of the root authority execution instruction RAI (e.g., performing the operation corresponding to the root authority execution instruction RAI) can do.

The first OS 120-1 may deny the root authority execute command (RAI) when the current account does not have the root authority. According to the embodiment, the first OS 120-1 may generate a second response RESP2 indicating a denial of the root authority executive command RAI.

According to the embodiment, the first OS 120-1 may require the user of the first terminal 100-1 to input information related to the root account to determine whether the current account has the root privilege .

The first application 110-1 may determine whether a root authority execution instruction (RAI) has been performed (S212). According to the embodiment, the first application 110-1 can determine whether the root authority execution command (RAI) has been executed using the message output from the first OS 120-1. For example, the first application 110-1 may determine whether a root authority execution instruction (RAI) has been performed using the first response RESP1 and the second response RESP2.

According to the embodiment, the first application 110-1 observes the system folder, determines whether a file in the system folder has been created / changed / deleted as a result of the observation, (RAI) has been performed.

According to the result of the judgment (S412), when the root authority execution instruction RAI is rejected (NO in S412), the first application 110-1 judges that the first OS 120-1 is not forged (S414). According to the embodiment, when the first application 110-1 receives the second response RESP2, the first application 110-1 may determine that the first OS 120-1 is not forged .

When the execution of the root authority execution instruction RAI is denied, the first application 110-1 judges that the first OS 120-1 is not forged and can terminate the first application 110-1 have.

According to the result of the judgment (S412), when the root authority execution instruction RAI is executed (YES in S412), the first application 110-1 can judge that the first OS 120-1 is falsified (S416). According to the embodiment, when the first application 110-1 receives the first response RESP1, the first application 110-1 may determine that the first OS 120-1 is forged.

The first application 110-1 may determine that the first OS 120-1 has been tampered with and terminate the execution of the first application 110-1 when the root authority execution instruction RAI has been executed . For example, when it is determined that the first OS 120-1 is falsified, the first application 110-1 outputs a message indicating that the first OS 120-1 has been falsified, and the first application 110-1 ) Can be automatically terminated.

The application according to the concept of the present invention judges whether the OS is forged or falsified by using the root authority execution command (RAI). Therefore, even if there is no information related to the file constituting the OS, .

In addition, the application according to the embodiment of the present invention can determine whether the OS is falsified or not without depending on the server.

1 to 4 and 8, an OS value OS_VAL indicating a state of the first OS 120-1 may be generated (S420). According to an embodiment, the first application 110-1 may generate an OS value (OS_VAL) each time the first application 110-1 is executed, but is not limited thereto.

The OS value OS_VAL may mean a value generated based on all or a part of the file (or program code) constituting the first OS 120-1. According to the embodiment, the OS value OS_VAL is set to a value that does not change in a normal (e.g., non-fake) operating environment (e.g., the first OS 120 -1)), which is the source code of the program. When a change occurs in all or a part of the files constituting the first OS 120-1 in accordance with an abnormal use environment (for example, a forgery or falsification of the first OS 120-1), the generated OS value OS_VAL may be changed have.

The first application 110-1 transmits the OS values OS_VAL generated each time the first application 110-1 is executed to the first application 110-1 or the memory device of the first terminal 100-1 Can be stored. According to the embodiment, the first application 110-1 may encrypt and store the OS value OS_VAL. For example, the OS value OS_VAL may be a hash function value of the file (or program code) of the first OS 120-1

The first application 110-1 compares the current OS value CUR_OS_VAL with the previous OS value PRV_OS_VAL indicative of the previous state of the first OS 120-1 and judges whether these values CUR_VAL_OS and PRV_OS_VAL are the same (S422).

The current OS value (CUR_OS_VAL) may mean an OS value (OS_VAL) generated by the first application 110-1.

The previous OS value PRV_OS_VAL may mean an OS value OS_VAL generated by the first application 110-1 prior to the generation of the current OS value CUR_OS_VAL. The previous OS value (PRV_OS_VAL) may mean the OS value (CUR_OS_VAL) generated just before the generation of the current OS value (CUR_OS_VAL), but is not limited thereto. According to an embodiment, the previous OS value (PRV_OS_VAL) may be plural.

For example, when the first application 110-1 generates the OS value OS_VAL twice in total (first generation and second generation), the OS value generated in the second generation is the current OS value CUR_OS_VAL, , And the OS value generated in the first generation may be the previous OS value (PRV_OS_VAL).

The previous OS value PRV_OS_VAL may be stored in the first terminal 100-1 and may be read by the first application 110-1.

The first application 110-1 may periodically update the previous OS value PRV_OS_VAL. According to an embodiment, the first application 110-1 may update the previous OS value (PRV_OS_VAL) using the server 200. [ Thereby, the reliability of the stored previous OS value (PRV_OS_VAL) is improved.

According to the embodiment, the current OS value CUR_OS_VAL and the previous OS value PRV_OS_VAL may include information on the time when the current OS value CUR_OS_VAL and the previous OS value PRV_OS_VAL are respectively generated. For example, the current OS value (CUR_OS_VAL) may further include information for identifying the version of the first OS 120-1 when the current OS value (CUR_OS_VAL) is generated, and the previous OS value (PRV_OS_VAL) May further include information for identifying the version of the first OS 120-1 when the OS value (PRV_OS_VAL) is generated.

If the first OS 120-1 is not forged, the current OS value (CUR_OS_VAL) and the previous OS value (PRV_OS_VAL) will be the same. On the other hand, if the first OS 120-1 is forged, there will be a change in at least some of the files constituting the first OS 120-1. Therefore, the current OS value CUR_OS_VAL and the previous OS value PRV_OS_VAL may not be the same have.

Therefore, when the current OS value CUR_OS_VAL and the previous OS value PRV_OS_VAL are equal to each other (YES in S422), the first application 110-1 accesses the first OS 120-1, (S424). ≪ / RTI >

The first application 110-1 determines that the first OS 120-1 is not forged when the current OS value CUR_OS_VAL and the previous OS value PRV_OS_VAL are equal, Can be maintained.

The first application 110-1 may update the previous OS value PRV_OS_VAL to the current OS value CUR_OS_VAL when the current OS value CUR_OS_VAL and the previous OS value PRV_OS_VAL are equal to each other. That is, the first application 110-1 may use the current OS value (CUR_OS_VAL) used in the current determination as the previous OS value (PRV_OS_VAL) in the next determination. When the current OS value CUR_OS_VAL and the previous OS value PRV_OS_VAL do not equal to each other (NO in S422), the first application 110-1 accesses the first OS 120-1, It can be determined that the information is forged (S226).

According to the embodiment, the first application 110-1 determines that the first OS 120-1 is forged when the current OS value CUR_OS_VAL and the previous OS value PRV_OS_VAL are not equal, It is possible to terminate the execution of the processing unit 110-1. For example, when it is determined that the first OS 120-1 is falsified, the first application 110-1 outputs a message indicating that the first OS 120-1 has been falsified, and the first application 110-1 ) Can be automatically terminated.

Therefore, the application according to the embodiment of the present invention can automatically determine whether the OS of the terminal installed with the application is falsified or not, without using the server because the OS value generated by the application is used. The application according to the embodiment of the present invention can automatically determine whether the OS of the terminal installed with the application is falsified or not using the server.

That is, the first application 110-1 may compare the OS value (OS_VAL) generated by the first application 110-1 with the reference OS value stored in the server 200. [

The reference OS value may be a value related to the first OS 120-1 generated in substantially the same manner as the OS value OS_VAL. The reference OS value may be encrypted. According to an embodiment, the reference OS value may be electronically signed and stored in the server 200.

The first application 110-1 may receive the reference OS value from a separate authentication server. According to an embodiment, the first application 110-1 may determine whether to receive the reference OS value from the server 200 or receive the reference OS value from the authentication server, in accordance with the set security level have. The security level may be changed by the first application 110-1.

A separate authentication server storing the reference OS value and a separate authentication server storing a reference first APP value (REF_APP1_VAL) may be the same, but the present invention is not limited thereto.

The security level for the reference OS value and the security level for the reference first APP value (REF_APP1_VAL) may be set to be interlocked, but the present invention is not limited thereto, and the security levels may be set independently.

The first application 110-1 compares the received reference OS value with the OS value OS_VAL and when the reference OS value and the OS value OS_VAL are equal to each other, 1) is not forged.

According to the comparison result, when the reference OS value and the OS value OS_VAL are not equal to each other, it can be determined that the first OS 120-1 is forged.

According to an embodiment, the first application 110-1 receives a reference OS value corresponding to the version of the first OS 120-1 from the server 200, and compares the reference OS value with the OS value OS_VAL . For example, when the version of the first OS 120-1 is 1.0, the first application 110-1 may receive the reference OS value corresponding to the version 1.0 in the server 200. [

9 is a flowchart illustrating a method for a first application to verify a second terminal and communicate with a verified second terminal in accordance with an embodiment of the present invention.

Referring to FIGS. 1 to 4 and 9, the first application 110-1 may verify the second terminal 100-2 in communication with the first terminal 100-1 (S700).

The first application 110-1 can recognize the second terminal 100-2 located within the communication range of the first terminal 100-1 and can verify the second terminal 100-2. According to the embodiment, the first application 110-1 determines whether the application and / or the OS installed in the second terminal 100-2 are forged or not, and based on the result of the determination, Can be verified.

The first terminal 100-1 receives the second terminal information of the second terminal 100-2 from the second terminal 100-2 and transmits the second terminal information of the second terminal 100-2 ) Can be recognized. For example, the second terminal information may be a universally unique identifier (UUID), but the present invention is not limited thereto and information for recognizing the second terminal 100-2 may be sufficient.

The first application 110-1 is configured to allow the user of the first terminal 100-1 to communicate with the second terminal 100-2 before performing the full communication with the second terminal 100-2 The second terminal 100-2 can be verified. In this case, the full-scale communication may mean a function performed by the main module of the first application 110-1 (e.g., message transmission, transmission of electronic money, stock transaction, electronic contracting, electronic payment, etc.) have.

When the verification of the second terminal 100-2 fails (NO in S700), the first application 110-1 accesses the first application 110-1 according to the result of the verification (S700) (S900). According to the embodiment, when the verification of the second terminal 100-2 fails (NO in S700), the first application 110-1 transmits a message indicating the verification failure of the second terminal 100-2 To the display of the first terminal 100-1, and automatically terminate the execution of the first application 110-1.

When the verification of the second terminal 100-2 fails (NO of S700), the first application 110-1 blocks communication between the first terminal 100-1 and the second terminal 100-2 . The first application 110-1 blocks communication between the first terminal 100-1 and the second terminal 100-2 and the second terminal 110-1 of the second terminal 100-2, To the memory of the first terminal 100-1 or the first application 110-1.

When the verification of the second terminal 100-2 fails (NO of S700), the first application 110-1 transmits a notification to the second terminal 100-2 to inquire whether to send an additional authentication request to the first terminal 110-1, To the user of the first terminal 100-1 through the display of the terminal 100-1.

According to the result of the determination S700, when the second terminal 100-2 is verified (YES in S700), the first application 110-1 performs full communication with the second terminal 100-2 (S800).

Therefore, the application according to the embodiment of the present invention can perform secure communication because the terminal installed with the application verifies the other terminal before performing full communication with the other terminal without depending on the server .

 According to the embodiment, the first application 110-1 is configured so that even when the second terminal 100-2 is verified and the first terminal 100-1 and the second terminal 100-2 are communicating with each other , The second terminal can be verified periodically or in real time.

Figure 10 shows a flowchart for describing in detail a method for a first application verifying a second terminal according to an embodiment in accordance with the inventive concept.

Referring to FIGS. 1 to 4, 9 and 10, the first application 110-1 transmits a second OS verification signal OS2_VF indicating that the second OS 120-1 has not been tampered with, 100-2) (S710).

According to an embodiment, the first application 110-1 may determine that the verification of the second terminal 100-2 fails if the reference time has elapsed since the request of the second OS verification signal OS2_VF.

According to the embodiment, when the second OS verification signal OS2_VF is not received, the first application 110-1 transmits to the first terminal 100-1 a message indicating that the second OS 120-2 is forged or not, Can be output through the display of the display device. For example, the first application 110-1 outputs a message asking whether or not the second OS 120-2 is falsified or not, to the display, a message asking whether to continue the verification of the second terminal 100-2 can do.

The first application 110-1 may receive the second application 110-2 from the second terminal 100-2 in communication with the first terminal 100-1 and the second application 110-2 in the second terminal 100-2, The second APP version information APP2_VI and the second APP value APP2_VAL related to the second application 110-2 (S710).

The first application 110-1 may compare the first APP version information APP1_VI and the second APP version information APP2_VI of the first application 110-1 at step S720.

When the first APP version information APP1_VI and the second APP version information APP2_VI are the same (YES in S420), the first application 110-1 updates the first APP value APP1_VAL according to the comparison result (S420) And the second APP value APP2_VAL (S730).

When the first APP value APP1_VAL and the second APP value APP2_VAL are equal to each other (YES in S730), the first application 110-1 transmits the second APP 110-2 to the second application 110-2, The second terminal 100-2 can be verified (S740).

According to the embodiment, as described with reference to Fig. 8, the first application 110-1 determines that the second application 110-2 has not been tampered with, and at the same time, the first application 110-1 is also forged .

The first application 110 determines that the first application 110-1 is not the first application 110-1 when the first APP value APP1_VAL and the second APP value APP2_VAL are not equal to each other (NO in step S730) It may determine that the second application 110-1 has been tampered with (S750). When the first APP value (APP1_VAL) and the second APP value APP2_VAL are not equal to each other (NO in S730), the first application 110-1 determines whether the second application 110-2 is forged or not To the second terminal 100-2.

When the first APP version information APP1_VI and the second APP version information APP2_VI are not the same (NO in step S720), the first application 110-1 updates the second APP version information (APP1_VI) The second APP value REF_APP2_VAL and the second APP value APP_VAL1 corresponding to the first APP value APP2_VI in step S760.

According to an embodiment, the reference second APP value (REF_APP2_VAL) may be a value generated in the same manner as the manner of generating the second APP value (APP2_VAL). According to the embodiment, when the first APP version information APP1_VI and the second APP version information APP2_VI are not the same (NO at S720), the first application 110-1 is stored in the first terminal 110-1 It is possible to search the reference second APP value (REF_APP2_VAL), and to compare the reference second APP value (REF_APP_VAL2) with the second APP value (APP_VAL2). For example, the reference second APP value (REF_APP2_VAL) stored in the first terminal 110-1 may be a value stored in a previous communication process with the second terminal 100-2, but is not limited thereto.

According to the embodiment, when the first APP version information APP1_VI and the second APP version information APP2_VI are not the same (NO at S720), the first application 110-1 receives the second APP version information ( APP2_VI) corresponding to the second APP value (REF_APP2_VAL).

For example, the first application 110-1 transmits the second APP version information APP2_VI to the server 200 and the reference second APP value REF_APP2_VAL corresponding to the second APP version information APP2_VI from the server 200 Or the first application 110-1 searches the reference second APP value REF_APP2_VAL corresponding to the second APP version information APP2_VI using the second APP version information APP2_VI, REF_APP2_VAL) from the server 200. [

The first application 110-1 may compare the second APP value REF_APP2_VAL with the second APP value APP_VAL2 (S770).

According to the result of the comparison S770, when the reference second APP value REF_APP2_VAL and the second APP value APP2_VAL are equal to each other (YES in S770), it is determined that the second application 110-2 is not forged And can verify the second terminal 100-2 (S780).

The first application 110-1 may transmit the verification code to the second terminal 100-2 when verifying the second terminal 100-2. According to the embodiment, the first application 110-1 can encrypt and transmit the verification code, and can decrypt and verify the verification code received from the second terminal 100-2. The first application 110 determines whether the second AP value (REF_APP2_VAL) is equal to the second APP value APP2_VAL (NO at S770) according to the result of the comparison (S770) May determine that the second application 110-1 has been tampered with, and may not verify the second terminal 100-2 (S790).

11 is a data processing diagram for explaining a method by which a first application performs communication with a second terminal according to an embodiment of the concept of the present invention. 9 and 11, the first application 110-1 may perform communication with the verified second terminal 100-2.

The first application 110-1 may communicate with the second terminal 100-2 via an encrypted channel. According to an embodiment, the first terminal 100-1 and the second terminal 100-2 may communicate with each other using a public key algorithm and / or a symmetric key algorithm .

For example, the first application 110-1 may be a symmetric key algorithm such as advanced encryption standard (AES), data encryption standard (DES), RC4, Twofish Serpent, Blowfish, CAST, 3DES, IDEA, SEED or ARIA, and / The second terminal 100-2 and the second terminal 100-2 using a public key algorithm such as Diffie-Hellman key exchange, digital signature standard (DSS), Ron Rivest-Adi Shamir-Leonard Adleman (RSA), Elgamal or ECC But it is not limited to the algorithms listed above.

The first application 110-1 may generate the first plaintext PLAIN1 (S810). According to an embodiment, the first application 110-1 may generate the first plaintext PLAIN1 while communicating with the second terminal 100-2, but is not limited thereto, and the first application 110-1 May generate the first plaintext PLAIN1 before communicating with the second terminal 100-2.

The first application 110-1 may encrypt the first plaintext PLAIN1 generated in advance and store it in the first terminal 100-1 and / or the first application 110-1.

The first plaintext PLAIN1 may refer to any data or resource that can be transmitted. For example, the first plaintext PLAIN1 may refer to a message used for chatting, an electronic money, a password, a media file, an electronic coupon, a certificate, a cryptographic key, a program code, an algorithm or an unencrypted data file , But the present invention is not limited thereto and the first plaintext PLAIN1 may mean all types of data. That is, the user of the first terminal 100-1 can transmit all types of data using the first application 110-1.

The electronic money may be data stored in electronic means and having a monetary value but is not limited thereto and can mean all types of data that can be used for transactions between users according to a specific policy. Money can mean currency that mediates cryptography to secure transactions, and the cryptogram can be generated using cryptography. For example, the cipher money may mean BitCoin or Ethereum, but is not limited thereto.

The algorithm may refer to a collection of actions to perform a particular task. The algorithm may be expressed in the form of program code, but is not limited thereto. For example, when the first application 110-1 transmits the algorithm to the second terminal 100-2, the second terminal 100-2 receiving the algorithm performs a specific operation indicated in the algorithm .

The first application 110-1 may generate the first ciphertext CYPHER1 by encrypting the generated first plain text PLAIN1 (S820). The first cipher text (CYPHER1) can be generated by various encryption methods.

The first application 110-1 may transmit the first cipher text CYPHER1 to the second terminal 100-2 (S830).

The first application 110-1 may receive the second cipher text CYPHER2 from the second terminal 100-2 (S840). The second terminal 100-2 may generate the second plaintext PLAIN2 and generate the second ciphertext CYPHER2 by encrypting the generated second plaintext PLAIN2.

The first application 110-1 may decrypt the second cipher text CYPHER2 received from the second terminal 100-2 to restore (or create) the second plaintext PLAIN2 (S850).

The first application 110-1 decrypts the second plaintext PLAIN2 by decrypting the encrypted second ciphertext CYPHER2 and transmits the restored second plaintext PLAIN2 to the terminals 100-1 and 100-2, / RTI > and / or server 200. < RTI ID = 0.0 >

According to the embodiment, the first application 110-1 re-encrypts the restored (or generated) second plaintext PLAIN2 and transmits the encrypted restored (or generated) second plaintext PLAIN2 to the first terminal 100-1) and / or the server (200). For example, the first application 110-1 may encrypt the second plaintext PLAIN2 restored (or generated) in a manner different from the method of encrypting the first plaintext PLAIN1, but is not limited thereto.

According to the embodiment, the first application 110-1 outputs the restored (or generated) second plain text PLAIN2 through the display of the first terminal 100-1 for a predetermined time, The generated second plaintext PLAIN2 may be encrypted again and stored in the first terminal 100-1 or the first application 110-1.

For example, when the second plaintext PLAIN2 is an electronic money paid from the second terminal 100-2, the second plaintext PLAIN2 is encrypted through the encrypted channel as described above, (CYPHER2) to the first terminal 100-1, and the first application 110-1 can decrypt the second cipher text (CYPHER2).

At this time, the first application 110-1 decodes the second plaintext PLAIN2 by decoding the second cipher text CYPHER2, and analyzes the restored (or generated) plaintext PLAIN2, The first mobile terminal 100-1 outputs the amount of money paid by the first terminal 100-1 through the display of the first terminal 100-1 for a predetermined time and then encrypts the second plain text PLAIN2 again, ). ≪ / RTI >

Accordingly, a terminal equipped with an application according to an exemplary embodiment of the present invention can communicate with another terminal through an encrypted channel without relying on a server, and can also encrypt data received during the communication And may be stored in the terminal or the application.

12 is a data processing diagram illustrating a method by which a first application communicates with a second terminal, in accordance with an embodiment consistent with the present invention. 12, the first application 110-1 generates a message key SK to communicate with the second terminal 100-2, and transmits the message key SK to the second terminal 100-2. ≪ / RTI >

The message key SK means a key capable of encrypting each of the first plaintext PLAIN1 generated by the first terminal 100-1 and the second plaintext PLAIN2 generated by the second terminal 100-2 can do.

The first terminal 100-1 and the second terminal 100-2 may encrypt a message or a file using a message key SK and may share the encrypted message or file with each other. According to an embodiment, the message key SK may be a symmetric key.

The message key SK may be generated when the first application 110-1 is installed or may be generated each time the first application 110-1 attempts to communicate with the second terminal 100-2. For example, the first application 110-1 may generate the message key SK according to a predetermined time interval.

The first application 110-1 may generate the message key SK (S910). The first application 110-1 may encrypt the message key SK and transmit the encrypted message key to the second terminal 100-2.

According to an embodiment, the first application 110-1 encrypts (S920) the message key SK using the second public key PBK2 of the second terminal 100-2, PBK2_SK) to the second terminal 100-2 (S930).

The second public key PBK2 may refer to a public key in a public key algorithm.

The second public key PBK2 may be generated by the second application 110-2 or the server 200. [ According to the embodiment, the second public key PBK2 generated by the server 200 may be assigned to the second terminal 100-2.

The first application 110-1 can receive the second public key PBK2 directly from the second terminal 100-2.

According to the embodiment, the first application 110-1 may receive the second public key PBK2 of the second terminal 100-2 from the server 200. [ For example, it is possible to transmit the second terminal information of the second terminal 100-2 received from the second terminal 100-2 to the server 200, and receive, from the server 200, And can receive the second public key PBK2.

According to the embodiment, when the first application 110-1 receives the second public key PBK2 from the server 200 or the second terminal 100-2, it stores the second public key PBK2 The stored second public key PBK2 can be used.

The second terminal 100-2, which has received the encrypted message key PBK2_SK based on the second public key PBK2, uses the second secret key PVK2 of the second terminal 100-2 to encrypt (Or generates) the message key SK by decoding the received message key PBK2_SK (S940).

The second secret key PVK2 may denote a private key in the public key algorithm. The second secret key PVK2 denotes a secret key corresponding to the second public key PBK2. According to the embodiment, the second secret key PVK2 may be encrypted and stored. For example, the second application 110-2 can encrypt the second secret key PVK2 according to a password (e.g., a PIN number) set by a user of the second terminal 100-2.

Since the second terminal 100-2 receives the message key SK after the steps of S910 to S940, the first application 110-1 transmits the message key SK to the second terminal 100-2 using the message key SK. Lt; / RTI >

According to the embodiment, the first application 110-1 may transmit a signal for confirming whether the message key SK is received to the second terminal 100-2. For example, the first application 110-1 may request the second terminal 100-2 to transmit the message key encrypted with the public key of the first terminal 100-1. The first application 110-1 transmits the message key encrypted with the public key of the first terminal 100-1 transmitted by the second terminal 100-2 and the message key encrypted with the public key of the first terminal 110-1 1 message key encrypted with the public key of the terminal 100-1, and determine whether the message key (SK) is properly shared according to the comparison result.

The first application 110-1 generates the message key SK and the generated message key SK is encrypted using the second public key PBK2 of the second terminal 100-2 2 terminal 100-2, the roles of the first terminal 100-1 and the second terminal 100-2 may be changed according to the embodiment.

For example, the second application 110-2 encrypts and transmits the message key SK to the first terminal 100-1 using the first public key of the first terminal 100-1, The mobile terminal 110-1 may generate a message key by decrypting the message key encrypted with the first public key using the first secret key corresponding to the first public key of the first terminal 100-1 .

Accordingly, a terminal equipped with an application according to an embodiment of the present invention can communicate with another terminal through an encrypted channel without depending on a server.

11 and 12 illustrate that the first terminal 100-1 and the second terminal 100-2 directly exchange data (e.g., message key SK or plaintexts PLAIN1 and PLAIN2) The first terminal 100-1 does not directly transmit the encrypted first cipher text CYPHER1 to the second terminal 100-2 according to the embodiment of the present invention The second terminal 100-2 can receive the encrypted first cipher text CYPHER1 from the server 200 and transmit the encrypted first cipher text CYPHER1 to the server 200. [ Can be decrypted using the message key (SK).

13 is a flowchart illustrating a method of analyzing a communication pattern of another terminal communicating with a terminal installed with the application according to an embodiment of the present invention. Referring to FIG. 12, the first application 110-1 may collect communication patterns of the second terminal 100-2 that performs communication with the first terminal 100-1.

As used herein, the term " communication pattern " may refer to a particular form or rule of communications performed between terminals.

The first application 110-1 collects the communication pattern (CPT) of the second terminal 100-2 from the data related to the communication between the first terminal 100-1 and the second terminal 100-2 (S1010). According to the embodiment, the first application 110-1 collects (or generates) the communication pattern (CPT) every time the first terminal 100-1 and the second terminal 100-2 perform communication, can do. For example, when the first terminal 100-1 and the second terminal 100-2 perform two communications, the first application 110-1 transmits the communication patterns (CPT) for the two communications Or may generate one communication pattern (CPT) for the two communications.

The first application 110-1 may generate (or collect) a communication pattern (CPT) after the communication between the first terminal 100-1 and the second terminal 100-2 is completed, And may continuously generate (or collect) the communication pattern (CPT) and update the communication pattern (CPT) while the communication is performed.

The communication pattern (CPT) may include various types of patterns.

The communication pattern CPT is a pattern related to the communication time zone between the first terminal 100-1 and the second terminal 100-2 and the communication time pattern between the first terminal 100-1 and the second terminal 100-2, A pattern related to communication contents between the first terminal 100-1 and the second terminal 100-2 and a pattern related to the communication contents between the first terminal 100-1 and the second terminal 100- 2), but the present invention is not limited thereto.

The pattern related to the communication time zone is a time when the communication between the first terminal 100-1 and the second terminal 100-2 starts (for example, 6:00 am) and the time when the communication ends (for example, 12:00 pm) . ≪ / RTI >

The pattern of the communication time may mean the total time (e.g., 10 minutes) that the first terminal 100-1 and the second terminal 100-2 have performed communication.

The pattern related to the communication content may include a content of a message exchanged between the first terminal 100-1 and the second terminal 100-2 (for example, " 100,000 won transfer request ") or a file type (e.g., , But is not limited thereto.

The pattern related to the communication frequency may mean the number of times (for example, five times / week) the communication is performed between the first terminal 100-1 and the second terminal 100-2 during the reference period. The base station 110-1 may generate the reference communication pattern RCPT of the second terminal using the communication pattern CPT of the second terminal 100-2 generated (or collected) (S1020). According to the embodiment, the first application 110-1 may analyze the communication pattern (CPT), and may determine, based on the analysis result, that the reference communication pattern (RCPT) (RCPT) can be generated (or extracted).

For example, the first application 110-1 may analyze the communication pattern (CPT) in a statistical manner (e.g., a behavior analysis technique or a machine learning technique) Thereby generating (or extracting) the reference communication pattern RCPT.

According to the embodiment, the reference communication pattern RCPT can be generated according to the analysis result for one type of communication pattern (CPT), and the analysis result on the communication pattern (CPT) generated (or collected) ≪ / RTI >

The first application 110-1 compares the communication pattern CPT of the second terminal 100-2 with the reference communication pattern RCPT and transmits the communication pattern of the second terminal 100-2 CPT) is normal (S1030).

The first application 110-1 compares the communication pattern CPT of the second terminal 100-2 with the reference communication pattern RCPT and transmits the comparison result to the second terminal 100-2 The communication pattern CPT of the second terminal 100-2 can be determined to be normal when the communication pattern of the second terminal 100-2 is within the reference range from the reference communication pattern RCPT.

For example, when the pattern of the communication time zone among the communication pattern (CPT) of the second terminal 100-2 is different from (or is out of) the communication time zone of the reference communication pattern RCPT, the first application 110-1 It can be determined that the communication pattern of the second terminal 100-2 is not normal.

According to the embodiment, the first application 110-1 counts the number of frequencies that the communication pattern (CPT) of the second terminal 100-2 is out of the reference range from the reference communication pattern (RCPT) It is possible to determine whether the communication pattern (CPT) of the second terminal 100-2 is normal when the count value is smaller than the count value.

For example, assume that the reference communication pattern RCPT for the communication time zone of the second terminal 100-2 is 3:00 PM, the reference range is 1 hour, and the reference count value is 3. If the first terminal 100-1 and the second terminal 100-2 communicate with each other at 5:00 PM and the communication is performed at 6:00 PM, the count value is 2, and thus the second terminal 100-2 Is determined to be normal.

In the present specification, it is described that whether or not the communication pattern (CPT) of the second terminal 100-2 is normal is determined for one type. However, the present invention is not limited to this, and a plurality of types can also be determined. At this time, a weight may be added for each type.

When the communication pattern of the second terminal 100-2 is normal (YES in S1030), the first application 110-1 performs communication with the second terminal 100-2 in accordance with the result of the judgment (S1030) (S1040). According to the embodiment, when the communication pattern of the second terminal 100-2 is normal (YES in S1030), the first application judges again whether or not the communication pattern of the second terminal 100-2 is out of the normal state (S1030). ≪ / RTI > That is, the first application 110-1 may determine whether the communication pattern of the second terminal 100-2 is normal, periodically or on-the-fly.

When the communication pattern of the second terminal 100-2 is not normal (NO in S1030), the first application 110-1 determines whether the communication pattern of the second terminal 100-2 with the second terminal 100-2 The communication can be terminated (S1050). According to the embodiment, when the communication pattern of the second terminal 100-2 is not normal (NO in S1030), the first application 110-1 determines that the communication pattern of the second terminal 100-2 is abnormal And may automatically terminate the execution of the first application 110-1.

According to the embodiment, when the communication pattern of the second terminal 100-2 is not normal (NO in S1030), the first application 110-1 requests the second terminal 100-2 to request additional authentication The user of the first terminal 100-1. The additional authentication may be an e-mail, a short message service (SMS), an automatic response service (ARS), a push alarm via the second application 110-2, And authentication through a communication channel between the first terminal 100-2 and the second terminal 100-2, but the present invention is not limited thereto.

The first application 110-1 may send the additional authentication request to the second terminal 100-2 and then maintain the communication with the second terminal 100-2 when the additional authentication is successfully performed . The first application 110-1 may send the additional authentication request to the second terminal 100-2 and then terminate the communication with the second terminal 100-2 if the additional authentication fails.

The first application 110-1 can periodically or real-time transmit the first application 110-1 even while the first terminal 100-1 is communicating with the second terminal 100-2, 1) can be determined, and it can be determined whether the first OS 120-1 is forged or falsified (described with reference to FIGS. 3 to 7).

Herein, it is assumed for convenience that the first terminal communicates with the second terminal, but according to an embodiment, the first terminal may be connected to the second terminal as well as to other terminals with which the first terminal can communicate Or sequentially, and the embodiment according to the concept of the present invention is not limited to the number of terminals.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.

10-1, 10-2: Network
100-1 to 100-n:
110-1 to 110-n: Application
112: Security module
114: main module
120-1 to 120-n: Operating system (OS)

Claims (31)

delete delete delete delete delete delete delete delete delete Generating a current first APP value indicating a current state of the first application, the first application executing in the first terminal;
The first application receiving a reference first APP value from a server;
Comparing the current first APP value with the first reference APP value received by the first application;
Determining, by the result of the comparison, that the first application is not forged if the current first APP value and the reference first APP value are equal;
Generating a current OS value indicating a current state of a first OS executed by the first application when the first application is not forgiven as a result of the determination;
The first application receiving a reference OS value from the server; And
And the first application comparing the current OS value with the received reference OS value. A computer-readable recording medium storing a program for performing the method of operating the application according to claim 10. A program stored on a medium for performing the method of operating the application of claim 10. A processor; And
And a memory interlocked with the processor,
Wherein the memory stores a program for performing the method of operating the application of claim 10. delete delete delete delete Generating a current first APP value indicating a current state of the first application, the first application executing in the first terminal;
The first application receiving a reference first APP value from a server;
Comparing the current first APP value with the first reference APP value received by the first application;
Determining, by the result of the comparison, that the first application is not forged if the current first APP value and the reference first APP value are equal;
Generating a current OS value indicating a current state of a first OS executed by the first application when the first application is not forgiven as a result of the forgery or falsification of the first application;
The first application receiving a reference OS value from the server;
Comparing the current OS value with the received reference OS value; And
Wherein the first application determines whether a second application executed in a second terminal communicating with the first terminal is forged or not, when the first OS is not forged or not as a result of the forgery or falsification of the first OS, And verifying the terminal. 19. The method of claim 18, wherein verifying the second terminal comprises:
The first application receiving a second APP value indicating the second APP version information of the second application and the status of the second application from the second terminal;
The first application comparing the first APP version information of the first application with the second APP version information;
When the first APP version information and the second APP version information are not the same, the first application retrieves a reference second APP value corresponding to the second APP version information stored in the first terminal, Comparing the first APP value with the second APP value; And
And when the second APP value is equal to the second APP value, the first application determines that the second application has not been tampered with, and verifies the second terminal. 19. The method of claim 18, wherein verifying the second terminal comprises:
The first application receiving a second APP value indicating the second APP version information of the second application and the status of the second application from the second terminal;
The first application comparing the first APP version information of the first application with the second APP version information;
When the first APP version information and the second APP version information are not the same, the first application transmits the second APP version information to the server;
Receiving, by the first application, a reference second APP value corresponding to the second APP version information from the server; And
Further comprising the step of the first application determining that the second application is not forged when the second APP value is equal to the second APP value. 20. A computer-readable recording medium storing a program for performing the method of operating the application as claimed in any one of claims 18 to 20. 20. A program stored on a medium for performing the method of operating the application as claimed in any one of claims 18 to 20. A processor; And
And a memory interlocked with the processor,
Wherein the memory stores a program for performing the method of operating the application as claimed in any one of claims 18 to 20. The security module of the first application determines whether the security module of the first application is forged or not, and when the security module is not tampered with, it determines whether the main module of the first application is forged or falsified, ;
Determining whether the security module of the first application is forged or falsified of the first OS executed in the first terminal when the first application is not forged as a result of the forgery or falsification of the first application;
Wherein the security module of the first application determines whether a second application executed in a second terminal communicating with the first terminal is forged or not, when the first OS is not forged or not as a result of the forgery or falseness determination of the first OS Verifying the second terminal;
When the second terminal is verified as a result of the verification of the second terminal, the first application shares the message key with the second terminal to communicate with the second terminal;
Generating a first plaintext by the first application, encrypting the first plaintext using the shared message key to generate a first ciphertext, and transmitting the generated first ciphertext to the second terminal;
The first application receiving the second ciphertext from the second terminal if the second terminal generates a second plaintext and encrypts the second plaintext with the shared message key to generate a second ciphertext; And
The first application decrypting the second cipher text using the shared message key to recover the second plaintext. 25. The method of claim 24, wherein the step of sharing the message key with the second terminal comprises:
The first application encrypting the message key using a second public key of a second application and transmitting the encrypted message key to a second application; And
And decrypting the encrypted message key received by the second application using a second secret key corresponding to the second public key. 25. The method of claim 24,
Further comprising encrypting and restoring the restored second plaintext in the first terminal. 25. The method of claim 24, wherein the first plaintext and the second plaintext are at least one of electronic money, cryptography, program code, and an algorithm. 25. The method of claim 24,
The first application collecting a communication pattern of the second terminal from communication of the first terminal and the second terminal;
Generating a reference communication pattern of the second terminal from the communication pattern of the second terminal from which the first application is collected;
The first application comparing the communication pattern of the second terminal with the reference communication pattern of the second terminal and determining whether the communication pattern of the second terminal is normal according to a result of the comparison; And
Further comprising the step of the first application terminating communication with the second terminal when the communication pattern of the second terminal is not normal according to the determination result. 28. A computer-readable recording medium storing a program for performing the method of operating the application according to any one of claims 24 to 28. 29. A program stored on a medium for performing the method of operating the application as claimed in any one of claims 24 to 28. A processor; And
And a memory interlocked with the processor,
Said memory storing a program for performing the method of operating said application as claimed in any one of claims 24 to 28.

Images