KR102085452B1 - Method and system at user side for risk identification of personal information - Google Patents

Abstract

Provided are a method for identifying a personal information risk and a system thereof. An embodiment of the present invention may provide a framework and a platform for personal information management which determines whether a general data protection regulation (GDPR) policy is satisfied in an Internet of things (IoT) environment to meet the GDPR.

Description

METHOD AND SYSTEM AT USER SIDE FOR RISK IDENTIFICATION OF PERSONAL INFORMATION}

The present invention relates to a method and system for identifying personal information risk.

In today's data-driven digital economy, user-related information plays a vital role in running this world. Users are willing or inadvertently providing privacy information to well-known or unknown service providers. Privacy information represents a person's Personally Identifiable Information (PII). Many researchers see mobile apps as a big privacy source leaking out of the digital world. Many mobile apps collect sensitive information from users during installation, use and removal. Questions about permission and authenticity of apps are often raised by researchers. It is also reported that by 2019, global economic losses from data breaches will exceed $ 2.1 trillion.

In one study, 87% of the US population reported using only 5-digit postal codes, gender, and date of birth to identify themselves. Nowadays, people recognize personally identifiable information as an asset, but apps require excessive permissions and some of the requested permissions are not related to their primary purpose. In 2018, the total number of Android and Apple users is 2 billion and 1.3 billion, respectively, with 2.08 million apps and 2.2 million apps. The Korea Internet Security Agency (KISA) surveyed a common view on information security and found that 33.3% of the unsolicited and frivolous PII collections were related to the rights requested by apps, and 27.6% of illegal use of collected PIIs. Major concerns have been found. Technology Security firm Gemalto's Breach Level Index (BLI) reports 100.4 million PII evidence every day, of which 74 percent are identity theft.

To address these issues, many countries and organizations have worked to reduce the leakage of personal data. For example, the European General Data Protection Regulation (GDPR), Australia's Privacy Amendment, Canada's Privacy and Electronic Documents Act, and ISO's ISO27001 suggest control of the personal data collection process. Failure to protect PII could result in a fine of 2% or 20 million euros for all organizations. GDPR focuses primarily on violation notifications, access rights, forgotten rights, data mobility, and privacy by design and information security officers. In Android version 8.1 (API level 27 and higher), there are three levels of protection (normal, signature, and risk tolerance) that affect third-party app data access and collection. According to several studies, personal information leakage occurs through requests for permission to allow privacy by apps. As the volume and sources of data are growing rapidly, further precautions are needed. As a precautionary measure, the disclosure of personal information by publishers or by the distribution of corporate data should be seriously considered for PII collection.

A personal information risk identification method of a third party that generates and provides a description of a service and / or application, collects and manages data related to the service and / or application, and a computer device performing the personal information risk identification method, In combination with the computer device, a computer program stored on a computer readable recording medium and a computer readable recording medium for executing the method for identifying a personal information risk are provided.

Receive and manage the specification of the service and / or application from the third party, user consent information from the user side using the service and / or application, and store and process data in the user environment or platform environment on the user side. A personal information risk identification method of a service / platform provider that inspects and monitors related processes and provides a monitoring function for data stored in a data storage of the service / platform provider side, and a computer device for performing the personal information risk identification method. And a computer program stored in a computer readable recording medium and the computer readable recording medium for executing the personal information risk identification method on the computer device in combination with the computer device.

An individual on the user's side that stores and provides user consent information for services and / or applications on the third party's side, monitors whether the client device has physical access to the data store, and provides querying capabilities for the collected data. A method for identifying an information risk, a computer device for performing the method for identifying a personal information risk, a computer program coupled to the computer device and stored in a computer readable recording medium for executing the method for identifying the personal information risk, and the computer readable device. Provide a record carrier.

Receiving user consent information on at least one of a service and an application of a third party from the user side; Transmitting the user consent information to a service / platform provider side device through a network; Monitoring physical access to a data store of a client device using at least one of the service and application; And providing a user data query function capable of querying a status of data related to at least one of the service and the application.

According to one side, the personal information risk identification method may include transmitting the user consent information to a system of a third party operator; And outputting information on a method of storing and managing the user consent information to the user.

According to another aspect, the user consent information transmitted to the system of the third party operator may be distributed and stored on the blockchain associated with the third party operator.

According to another aspect, the privacy risk identification method may further comprise providing a function for confirming the stored user consent information.

According to another aspect, the monitoring may include physical access to the data storage of the client device using a sandbox function provided by an operating system of the client device or a service platform of a service provided to the client device. It may be characterized by monitoring whether or not.

According to another aspect, the privacy risk identification method may further include deleting data in the sandbox at the request of the user side.

According to another aspect, the providing of the user data query function may include providing the user data query function at at least one of a start time and an end time of at least one of the service and the application. .

According to another aspect, the providing of the user data query function may include receiving an information management function including the user data query function from a service / platform provider side device controlling the client device and providing the user data query function to the user side. It can be characterized.

A computer program coupled with a computer device provides a computer program stored on a computer readable recording medium for executing the method of identifying a personal information risk.

A computer program for recording a computer program for executing the method for identifying a personal information risk is provided.

A computer device comprising at least one processor configured to execute computer readable instructions, wherein the at least one processor provides user consent information for at least one of a service and an application on a third party's side. Receives and stores the user consent information from the network, and transmits the user consent information to a service / platform provider-side device through a network, and monitors whether the client device using at least one of the service and application accesses a data store. And a user data query function capable of querying a status of data related to at least one of the applications.

From a third party's point of view, a privacy risk identification technology may be provided that creates and provides specifications for services and / or applications and collects and manages data related to services and / or applications.

Receive and manage specifications for services and / or applications, user consent information from the user side using the service and / or application from the third party's point of view from the service / platform provider side, and user environment or platform on the user side It can provide privacy risk identification technology that inspects and monitors processes related to data storage and processing in the environment, and provides monitoring of data stored in data storage on the service / platform provider side.

Store and provide user consent information about services and / or applications from third parties from the user's perspective, monitor physical access to data storage of client devices, and provide querying capabilities for collected data Can provide a privacy risk identification technology.

1 is a diagram illustrating an example of a network environment according to an embodiment of the present invention.
2 is a block diagram illustrating an example of a computer device according to an embodiment of the present invention.
3 is a diagram showing an example of the configuration of the major players of the personal information risk identification system according to an embodiment of the present invention.
FIG. 4 is a flowchart illustrating an example of an exposure flow of user data in a major player-specific configuration of the system for identifying a personal information risk according to an embodiment of the present invention.
FIG. 5 is a diagram for one example of functional blocks for each major player of the system for identifying a personal information risk according to one embodiment of the present invention.
6 is a block diagram illustrating an example of an internal configuration of a system for identifying a personal information risk according to an embodiment of the present invention.
7 is a flowchart illustrating an example of a personal information risk identification method from a third party's perspective in accordance with one embodiment of the present invention.
8 is a flowchart illustrating an example of a privacy risk identification method from a service / platform provider side perspective according to an embodiment of the present invention.
9 is a flowchart illustrating an example of a personal information risk identification method from a user's perspective in accordance with one embodiment of the present invention.

As the inventive concept allows for various changes and numerous embodiments, particular embodiments will be described in detail with reference to the accompanying drawings.

In the following description of the present invention, if it is determined that the detailed description of the related known technology may obscure the gist of the present invention, the detailed description thereof will be omitted.

The privacy risk identification system according to embodiments of the present invention may be implemented by at least one computer device. A computer program according to an embodiment of the present invention may be installed and run on a computer device, and the computer device may perform the personal information risk identification method according to the embodiment of the present invention under the control of the driven computer program. . The computer program described above may be stored in a computer readable recording medium in combination with the computer device to cause the computer device to execute a method for identifying a privacy risk.

1 is a diagram illustrating an example of a network environment according to an embodiment of the present invention. The network environment of FIG. 1 illustrates an example including a plurality of electronic devices 110, 120, 130, and 140, a plurality of servers 150 and 160, and a network 170. 1 is an example for describing the present invention, and the number of electronic devices or the number of servers is not limited as shown in FIG. 1. In addition, the network environment of FIG. 1 merely illustrates an example of one of the environments applicable to the embodiments, and the environment applicable to the embodiments is not limited to the network environment of FIG. 1.

The plurality of electronic devices 110, 120, 130, and 140 may be fixed terminals or mobile terminals implemented as computer devices. Examples of the plurality of electronic devices 110, 120, 130, and 140 include a smart phone, a mobile phone, a navigation device, a computer, a notebook computer, a digital broadcasting terminal, a personal digital assistant (PDA), and a portable multimedia player (PMP). Tablet PC). For example, although FIG. 1 illustrates the shape of a smart phone as an example of the electronic device 1 110, in the embodiments of the present invention, the electronic device 1 110 may use a wireless or wired communication method to substantially connect the network 170. It may mean one of various physical computer devices that can communicate with other electronic devices 120, 130, 140 and / or servers 150, 160.

The communication method is not limited, and may include not only a communication method using a communication network (for example, a mobile communication network, a wired internet, a wireless internet, and a broadcasting network) that the network 170 may include, but also a short range wireless communication between devices. For example, the network 170 may include a personal area network (PAN), a local area network (LAN), a campus area network (CAN), a metropolitan area network (MAN), a wide area network (WAN), and a broadband network (BBN). And one or more of networks such as the Internet. The network 170 may also include any one or more of network topologies, including bus networks, star networks, ring networks, mesh networks, star-bus networks, trees, or hierarchical networks, but It is not limited.

Each of the servers 150 and 160 communicates with the plurality of electronic devices 110, 120, 130, and 140 through the network 170 to provide a command, code, file, content, service, or the like. It may be implemented in devices. For example, the server 150 may be a service (eg, a video call service, a financial service, a payment service, or a social network service) with a plurality of electronic devices 110, 120, 130, and 140 connected through the network 170. , A messaging service, a search service, a mail service, a content providing service, a question and answer service, and the like.

2 is a block diagram illustrating an example of a computer device according to an embodiment of the present invention. Each of the plurality of electronic devices 110, 120, 130, and 140 or each of the servers 150 and 160 described above may be implemented by the computer device 200 shown in FIG. 2. The method according to the above may be performed by such a computer device 200.

In this case, as illustrated in FIG. 2, the computer device 200 may include a memory 210, a processor 220, a communication interface 230, and an input / output interface 240. The memory 210 is a computer-readable recording medium. The memory 210 may include a permanent mass storage device such as random access memory (RAM), read only memory (ROM), and a disk drive. In this case, the non-volatile mass storage device such as a ROM and a disk drive may be included in the computer device 200 as a separate permanent storage device separate from the memory 210. In addition, the memory 210 may store an operating system and at least one program code. These software components may be loaded into the memory 210 from a computer readable recording medium separate from the memory 210. Such a separate computer-readable recording medium may include a computer-readable recording medium such as a floppy drive, disk, tape, DVD / CD-ROM drive, memory card, and the like. In other embodiments, software components may be loaded into memory 210 via communication interface 230 rather than a computer readable recording medium. For example, software components may be loaded into the memory 210 of the computer device 200 based on a computer program installed by files received via the network 170.

The processor 220 may be configured to process instructions of a computer program by performing basic arithmetic, logic, and input / output operations. Instructions may be provided to the processor 220 by the memory 210 or the communication interface 230. For example, the processor 220 may be configured to execute a command received according to a program code stored in a recording device such as the memory 210.

The communication interface 230 may provide a function for the computer device 200 to communicate with other devices (eg, storage devices described above) through the network 170. For example, a request, a command, data, a file, etc. generated by the processor 220 of the computer device 200 according to a program code stored in a recording device such as the memory 210 may be controlled according to the control of the communication interface 230. 170 may be transferred to other devices. Conversely, signals, commands, data, files, and the like from other devices may be received by the computer device 200 via the communication interface 230 of the computer device 200 via the network 170. Signals, commands, data, and the like received through the communication interface 230 may be transmitted to the processor 220 or the memory 210, and the files and the like may be further included in the storage medium that the computer device 200 may further include. Persistent storage).

The input / output interface 240 may be a means for interfacing with the input / output device 250. For example, the input device may include a device such as a microphone, a keyboard, a camera or a mouse, and the output device may include a device such as a display or a speaker. As another example, the input / output interface 240 may be a means for interfacing with a device in which functions for input and output are integrated into one, such as a touch screen. The input / output device 250 may be configured as the computer device 200 and one device.

Also, in other embodiments, the computer device 200 may include fewer or more components than the components of FIG. 2. However, there is no need to clearly show most prior art components. For example, the computer device 200 may be implemented to include at least some of the above-described input / output device 250 or may further include other components such as a transceiver, a database, or the like.

SaaS (Software as a Service), cloud (Cloud), mobile app store (Mobile App. Store) such as make it easy to take advantage of the various services and applications users data to a variety of third-party applications they have (3 ^rd Application ).

1. SaaS (e.g., Salesforce)

Variety of services associated with SaaS are provided through the app exchange (appexchange) and the user is using to connect with its own data or service with a third party (3 ^rd Party) service. In this case, data on a sales force of individual users or operators may be provided through a third party service.

2. Cloud (eg Amazon's Amazon Web Service Marketplace)

Various applications and instance images that can be used in the cloud service environment are provided as services. When users use a desired service or application, the service-related data may be provided in connection with a third party service.

3. Mobile App Store (eg Google Play store, Apple App Store)

App developers / developers and publishers provide one or more apps to the app store. Users use the app according to their needs, and different apps can provide different information to developers / developers and publishers. As an example of a mobile app store environment, based on the number of mobile apps provided by the same app developer / developer or publisher, a user installs a plurality of mobile apps and exposes different information through individual apps. In this case, there is no way for the user to separately recognize or identify the exposure of this information.

3 is a diagram showing an example of the configuration of the major players of the personal information risk identification system according to an embodiment of the present invention. Figure 3 is a third party side ^{(3 rd Party Side, 310)} , service / platform provider side (Service / Platform Provider Side, 320 ), and a user-side (User Side, 330) as a key player in the privacy risk identification system Each is shown.

The third party side 310 registers at least one application with the service / platform provider side 320 and provides a service to the user side 330 through the application (for example, in FIG. 3). Shown Company # cA). Such a third party company may substantially correspond to a physical device that implements a service server that provides a service to a terminal of a user connecting through a network using an application. In FIG. 3, only one company Company # cA is shown on the third party side 310, but there may be a plurality of companies.

The service / platform provider side 320 registers at least one application from at least one company of the third party side 310 to provide an application to the user side 330 (eg, SaaS, cloud, mobile app). Store, etc.). In the example of FIG. 3, the service / platform provider side 320 uses a first application (App. # 1), a second application (App. # 2), and a third application (App. # 3) from the company Company # cA. And the fourth application (App. # 4) can be registered and provided to the user side 330. The service / platform provider side 320 shown in FIG. 3 may include multiple service providers and / or multiple platform providers.

The user side 330 is provided with a desired application from the service / platform provider side 320, and users who are provided with a service from the third party side 310 through the application (for example, User # uA and FIG. User # uZ). In practice, each of the users may correspond to a user's terminal (eg, a PC, a smartphone, etc.) for installing and executing an application.

In FIG. 3, the first application (App. # 1) collects data of data types # 1 to 3, and the second application (App. # 2) collects data of data types # 2 to 4, and It is assumed that 3 applications (App. # 3) collect data of data types # 3 to 5, and a fourth application collects data of data types # 4 to 6. In addition, the first user (User # uA) is the first application (App. # 1), the second application (App. # 2) and the fourth application (App. # 4) of the first user (User # uA) The second user (User # uZ) is installed and used in the terminal, and the first application (App. # 1), the third application (App. # 3), and the fourth application (App. # 4) are the second user. Assume that it is installed and used on a terminal of (User # uZ).

In this case, the company Company # cA is connected to the first user User # uA through the first application App. # 1, the second application App. # 2, and the fourth application App. # 4. Collect all data of data types # 1 ~ 6. In addition, the company Company # cA may receive information regarding the second user User # uZ through the first application App. # 1, the third application App. # 3, and the fourth application App. # 4. All data of data types # 1 ~ 6 will be collected.

FIG. 4 is a flowchart illustrating an example of an exposure flow of user data in a major player-specific configuration of the system for identifying a personal information risk according to an embodiment of the present invention.

The first dotted line box 410 registers the app developed in the third party side 310 to the service / platform provider side 320, reviews and publishes the app registered by the service / platform provider side 320, An example of a process of downloading and installing an app published by the user side 330 through a terminal is shown. Here, the app may collectively refer to an application, a service, and a mobile app provided by the third party side 310.

The second dotted line box 420 is an example of a process in which each of the service / platform provider side 320 and the third party side 310 stores the user agreement as the user side 330 agrees to the user permission. It is shown.

The third dotted line box 430 collects app usage and statics information from the service / platform provider side 320 as the user side 330 uses an app installed in the terminal, and the third party The side 310 shows an example of a process of collecting Personally Identifiable Information (PII).

The fourth dotted line box 440 deletes the app usage and statics information from the service / platform provider side 320 as the user side 330 removes the app installed in the terminal, and the third party The side 310 shows an example of a process of deleting Personally Identifiable Information (PII).

FIG. 5 is a diagram illustrating an example of a functional block for each major player of a system for identifying a personal information risk according to an embodiment of the present invention.

The third party side 310 may create a specification related to collection of user data in a user, a service, and an application environment, and may include a data specification generating function 511 and a data management function 512.

The service / platform provider side 320 may review information related to the collection of user data and system data (reservation focused review) at the time of service and application review (review), and review external interworking APIs and data flow (network Centralized review) and matching with user consent items and data collection specification items. To this end, the service / platform provider side 320 uses a data collection statement management function 521, a data store testing / monitoring function 522, an external interworking API testing / monitoring function 523, and a data tracking management function 524. It may include.

A client associated with the user side 330, substantially an application (or service) provided to the user side 330, may perform a user consent procedure and may check collected data information. To this end, the client may include a user consent management function 531, a data store monitoring function 532, and a user data query function 533.

The data specification generation function 511 included in the third party side 310 may provide a function for generating a data specification for personal identification information collected and utilized by a service or application developed by the third party side 310. It may provide a function for generating a workflow for user agreement and management. More specifically, the data specification generation function 511 may generate its own specification regarding data usage of a service and / or application developed by the third party side 310. This data specification generation function 511 may be implemented to generate a specification for the contents of which information should be specified according to the General Data Protection Regulation (GDPR) or the Personal Information Protection Act. 320). For example, the specification may be generated and provided in the form of XML (eXtensible Markup Language), and the data interface may be implemented in the form of JavaScript Object Notation (JSON). In order to secure the reliability of the data specification generating function 511, the specification of the data to be utilized by providing or adding the specification on a blockchain provided by another third party, another service / platform provider, or another provider. You can have confidence in

In addition, the data management function 512 included in the third party side 310 may provide anonymization function through tracking and de-identification of data collected by the third party side 310, and for each user. A function for providing data statistics can be provided. The data management function 512 may provide a management function for data collected by the third party side 310 directly from a service and / or an application, or a profile and statistical information provided from the service / platform provider side 320. . In particular, when the client on the user side 330, the service / platform provider side 320, or a government agency requires a monitoring function for the utilization of the collected data, the collected information may be provided in the form of statistics. The collected information can be deleted immediately.

The data collection statement management function 521 included in the service / platform provider side 320 may provide a statement management function related to data usage provided from the third party side 310, and may provide a snap to user consent information. Can provide shot function. In this case, the snapshot data generated through the snapshot function may be distributed and managed in a blockchain form to prevent forgery of the data. More specifically, the data collection specification management function 521 may store and manage the specification contents related to the use of data provided from the third party side 310, and the contract form may be stored in a contract form for the service provision period. And additional retention periods and constraints on data utilization. Such contract information may be provided to a separate blockchain or another trusted provider and stored in the form of a snapshot as described above. At this time, a supervisory authority such as a client or a government agency of the user side 330 may request and confirm contract information. Information that can be requested and verified by the client of the user side 330 may be limited to information related to a service and / or an application being used by the user of the client.

In addition, the data store testing / monitoring function 522 included in the service / platform provider side 320 may include security and de-identification of data stored in the data store of the service and / or application of the third party side 310, An inspection function for anonymization may be provided, and a monitoring function for physical access to the data store may be provided. More specifically, the data storage testing / monitoring function 522 may include a user environment or a platform environment (eg, infrastructure as a service (IAAS) / PAAS when using the cloud) for services and / or applications provided by the third party side 310. (Platform as a service) process to inspect and monitor processes related to data storage and processing. In this case, the data store testing / monitoring function 522 may specify information on security, de-identification, and anonymization related to data processing, and determine whether to register a corresponding service and / or application based on the specified information. have. In addition, the data store testing / monitoring function 522 may provide a function for separately monitoring access from the outside when the data store is a service provided in the form of SaaS.

In addition, the external interworking API testing / monitoring function 523 included in the service / platform provider side 320 may provide an external interworking API and network monitoring function of a service and / or application of the third party side 310. It can provide end-to-end encryption, de-identification, and anonymity checks for data communications. More specifically, in order to monitor the corresponding information when a service and / or an application interworks with an external service, the service / platform provider side 320 performs an external interworking API testing / monitoring function 523 upon inspection of the corresponding service and / or application. The information related to the external service interworking may be inspected and registered whether or not to monitor the corresponding information on the platform or PaaS on the client of the user side 330. In this case, the external interworking API testing / monitoring function 523 may determine whether to identify a risk based on end-to-end encryption, de-identification, anonymization, or the like associated with the external interworking. In addition, the external interworking API testing / monitoring function 523 may check communication with a server using network information (address) not specified or authenticated in the specification.

In addition, the data tracking management function 524 included in the service / platform provider side 320 manages tracking of data stored in the platform (eg, mobile operating system) of the service and / or application of the third party side 310. Functionality can be provided, and this tracking management function can be linked to the data store testing / monitoring function. In addition, the data tracking management function 523 may provide a storage and tracking management function for the specification data when the service is interrupted due to the user's withdrawal or expiration of use. More specifically, the data tracking management function 524 may provide a monitoring function for data stored by the service and / or application on the service / platform provider side 320. In addition, the data tracking management function 524 also provides monitoring for data collected for service provision on the service and / or platform (eg, common login information, user profile, payment related profile, tax related profile, etc.). can do. The service / platform provider side 320 should be able to provide a function for separately monitoring the corresponding information to the client of the user side 330, another third party side, or a government agency. If a separate monitoring function is provided on the blockchain in the form of a snapshot, the service / platform provider side 320 should be able to announce separate information on the monitoring function on the blockchain.

The user consent management function 531 included in the client of the user side 330 may provide a function of storing a data snapshot of the service / platform provider side 320 or an authorized authority for user consent information when the initial app is executed. Can be. More specifically, the user consent management function 531 may store user consent information and provide the user consent information to the service / platform provider side 320. It is also possible to provide user consent information to trusted third parties. For example, the user consent management function 531 may store the user consent information in the form of a snapshot in another provider's blockchain. In this case, the user consent information should be additionally notified to the client, and the way of storing and managing should be mentioned. The user consent management function 531 may provide a function for checking user consent information in a separate control window or environment.

In addition, the data store monitoring function 532 included in the client of the user side 330 may provide a monitoring function for physical access to the data store, and may provide a function for monitoring whether data is completely deleted when the app is deleted. Can be. More specifically, for services and / or applications operating in a client environment, the data store monitoring function 532 should be able to monitor whether the client device (eg, the user's terminal) has physical access to the data store. To this end, an operating system or a service platform of the client device may provide a sandbox function for controlling the same. In addition, the data store monitoring function 532 may provide the ability to completely delete data in the sandbox upon deletion of the service and / or application (deletion from the client device).

In addition, the user data query function 533 included in the client of the user side 330 may provide a query function related to the user's data rights (right to modify and delete data, etc.), and may be separately provided by the platform provider. You can provide a link to a function for querying data. For example, a link for connecting an information management page of the deleted app on the setting page of the mobile operating system may be provided. More specifically, the user data query function 533 may provide a means (eg, URL, Web form, etc.) for allowing a user and / or a client to inquire about a status related to his data. The user data query function 533 should be able to explicitly provide such a means, and the query means at the start of the service (e.g., the installation and contract of the application) and at the end (deleting the application or leaving the service). It should be possible to expose it. According to an embodiment, when the service / platform provider side 320 controls the user's terminal (or client device), the service / platform provider side 320 may provide information according to the query through a separate information management page. have.

6 is a block diagram illustrating an example of an internal configuration of a personal information risk identification system according to an embodiment of the present invention. FIG. 6 illustrates a third party side device 610 and a service / platform provider side 320 that each of the companies belonging to the third party side 310 (eg, a developer or developer of a service and / or application) may include. Service / platform provider side device 620 which may be included in each of the service providers and / or platform providers belonging to the user), and the user side device 630 which may correspond to each of terminals of users belonging to the user side 330. And a third party trust / authorization system 640.

At this time, each of the modules 611, 612, 621, 622, 623, 624, 631, 632, and 633 shown in FIG. 6 is the third party device 610, the service / platform provider device 620, and the user device. Each of the devices 630 may be representations of different functions performed by at least one processor. For example, each of the third party side device 610, the service / platform provider side device 620, and the user side device 630 may include a computer program for executing a privacy risk identification method on a computer, At least one processor that each of the third-party side device 610, the service / platform provider side device 620, and the user side device 630 may include may include modules according to control instructions according to a program code of a corresponding computer program. The third party side device 610, the service / platform provider side device 620, or the user to process the functions provided by the corresponding module among (611, 612, 621, 622, 623, 624, 631, 632, 633). The side device 630 can be controlled. For example, the data specification generation module 611 may be a functional representation of a function of controlling the third party side device 610 such that the processor of the third party side device 610 generates the data specification. In addition, the modules 611, 612, 621, 622, 623, 624, 631, 632, and 633 shown in FIG. 6 have the functions 511, 512, 521, 522, 523, 524, 531, 532, 533). For example, the data specification generation module 611 may be a functional representation of a processor of the third party side device 610 that controls the third party side device 610 to perform the data specification generation function 511.

Meanwhile, the first data store 613, the second data store 625, and the third data store 634 are the third party side device 610, the service / platform provider side device 620, and the user side device 630. ) May be a physical repository. For example, the processor of the third-party side device 610 may perform the data specification generation function 511 through the data specification generation module 611 to generate the data specification, and may generate the generated specification. The third party side device 610 may be controlled to be stored in the first data store 613, which is a physical store of the 610.

7 is a flowchart illustrating an example of a method for identifying a personal information risk from a third party's point of view according to an embodiment of the present invention. The personal information risk identification method according to the present embodiment may be performed by the computer device 200 implementing the third party side device 610 described with reference to FIG. 6. For example, the processor 220 of the computer device 200 may be implemented to execute a control instruction according to a code of an operating system included in the memory 210 or a code of at least one program. In this case, the processor 220 may perform the steps 710 to 760 included in the method of FIG. 7 according to a control command provided by a code stored in the computer device 200. Can be controlled.

In operation 710, the computer device 200 may generate a specification related to data use of at least one of a service and an application of a third party. Here, the third party side may correspond to the third party side 310 described above with reference to FIGS. 3 to 6.

In operation 720, the computer device 200 may transmit the generated specification to a service / platform provider side device through a network. Here, the service / platform provider side device may correspond to the service / platform provider side device 620 described with reference to FIG. 6, and the transmitted specification is a second data store 625 included in the service / platform provider side device 620. Can be stored and managed. The service / platform provider side device 620 may maintain the contents of the specification in the form of a contract during the service providing period, and may add separate maintenance periods and constraints regarding data utilization. Such contract form information may be provided and stored in the form of snapshots to a system of third party providers which will be described later.

In operation 730, the computer device 200 may transmit the generated specification to a system of a third party operator. The transmission of the specification to the system of the third party provider is to secure the trust of the specification, and for higher reliability, the specification transmitted to the system of the third party provider is distributed and stored on the blockchain associated with the third party provider. Can be. In this case, information in the form of a snapshot transmitted by the service / platform provider side device 620 to the third party provider may also be distributed and stored on the blockchain associated with the third party provider.

In operation 740, the computer device 200 may receive at least one of a service and an application through a service / platform provider side device or a service / platform provider side device, and may use at least one of a service and an application through a network. You can collect data related to one and store it in a data store. For example, the data collected by the computer device 200 in step 740 may include personal identification information of a user associated with at least one of a service and an application.

In operation 750, the computer device 200 may provide information about utilization of data stored in a data store according to a request from the outside. For example, the computer device 200 may provide a function of monitoring information on utilization of data in the form of statistics according to a request of at least one of a user side device, a service / platform provider side device, and a government agency. .

In operation 760, the computer device 200 may delete data collected with respect to the user from the data store according to a request from the user device. Deleting collected data at the user's request can satisfy the right of erasure required by the General Data Protection Regulation (GDPR).

8 is a flowchart illustrating an example of a privacy risk identification method from a service / platform provider side perspective according to an embodiment of the present invention. The personal information risk identification method according to the present embodiment may be performed by the computer device 200 implementing the service / platform provider side device 620 described with reference to FIG. 6. For example, the processor 220 of the computer device 200 may be implemented to execute a control instruction according to a code of an operating system included in the memory 210 or a code of at least one program. Herein, the processor 220 causes the computer device 200 to perform the steps 810 to 850 included in the method of FIG. 8 according to a control command provided by a code stored in the computer device 200. Can be controlled.

In operation 810, the computer device 200 may receive a specification related to data use of at least one of a service and an application of a third party from a third party device and store the specification in a data store of a service / platform provider. . Here, the third party side may correspond to the third party side 310 described above with reference to FIGS. 3 to 6, and the service / platform provider side may correspond to the service / platform provider side 320 described with reference to FIGS. 3 to 6. have.

In operation 820, the computer device 200 may receive user consent information from a user side using at least one of a service and an application, and store the user consent information in a data store of a service / platform provider side. Here, the user side may correspond to the user side 330 described with reference to FIGS. 3 to 6. For example, when the application is installed and run on the client device of the user side, the client device may receive and store user consent information from the user side under the control of the application, and transmit the user consent information to the service / platform provider side. have. In this case, the computer device 200 may receive the transmitted user consent information and store it in the data store.

In operation 830, the computer device 200 may inspect and monitor a process related to data storage and processing in a user environment or a platform environment of a user using at least one of a service and an application. In this case, the computer device 200 may specify information on security, de-identification, and anonymization related to data storage and processing, and determine whether to register at least one of a service and an application based on the specified information. In addition, when the data storage related to data storage and processing is a service provided in the form of Software as a Service (SaaS), the computer device 200 may monitor access to the data storage from the outside.

In operation 840, the computer device 200 examines at least one of the service and the application to monitor whether at least one of the service and the application interworks with an external service. It is possible to register whether or not to monitor related information on the award. In addition, computer device 200 may check communication with a server using a network address that is not specified or authenticated on the specification received in step 840.

In operation 850, the computer device 200 may provide a monitoring function for data stored in a data store of a service / platform provider in relation to at least one of a service and an application. For example, the computer device 200 may provide a monitoring function for data that at least one of a service and an application stores in a data store on the service / platform provider side or data collected for service provision on the service / platform provider side. Can be.

9 is a flowchart illustrating an example of a personal information risk identification method from a user's perspective in accordance with one embodiment of the present invention. The personal information risk identification method according to the present embodiment may be performed by the computer device 200 implementing the user side device 630 described with reference to FIG. 6. For example, the processor 220 of the computer device 200 may be implemented to execute a control instruction according to a code of an operating system included in the memory 210 or a code of at least one program. Here, the processor 220 causes the computer device 200 to perform the steps 910 to 960 included in the method of FIG. 9 according to a control command provided by a code stored in the computer device 200. Can be controlled.

In operation 910, the computer device 200 may receive user consent information regarding at least one of a service and an application of a third party from the user. Here, the third party side may correspond to the third party side 310 described above with reference to FIGS. 3 to 6.

In operation 920, the computer device 200 may transmit user consent information to a service / platform provider side device through a network. Here, the service / platform provider side may correspond to the service / platform provider side 320 described with reference to FIGS. 3 to 6.

In operation 930, the computer device 200 may transmit user consent information to a system of a third party operator. The user consent information transmitted to the system of the third party operator may be distributed and stored on the blockchain associated with the third party operator to increase the reliability of storing the user consent information.

In operation 940, the computer device 200 may output information about a method of storing and managing user consent information to the user. Therefore, the user can inquire when the user consent information for the service and / or application.

In operation 950, the computer device 200 may monitor whether a client device that uses at least one of a service and an application accesses a data store. For example, the computer device 200 may monitor whether the client device has physical access to a data store by using a sandbox function provided by an operating system of the client device or a service platform of a service provided to the client device. have. In this case, the computer device 200 may delete data in the sandbox at the request of the user.

In operation 960, the computer device 200 may provide a user data query function capable of querying a status of data related to at least one of a service and an application. For example, the computer device 200 may provide a user data query function at at least one of a start time and an end time of at least one of a service and an application. As another example, the computer device 200 may receive an information management function including a user data query function from a service / platform provider side device controlling the client device and provide the same to the user side.

As described above, according to embodiments of the present invention, a technology risk identification technique for generating and providing a specification of a service and / or an application from a third party's perspective and collecting and managing data related to the service and / or the application is provided. Can provide. In addition, from the perspective of the service / platform provider side, it receives and manages specification of the service and / or application from the third party side, user consent information from the user side using the service and / or application, and user environment on the user side. Alternatively, the system may provide a privacy risk identification technology that inspects and monitors processes related to data storage and processing in a platform environment, and provides a monitoring function for data stored in a data store at a service / platform provider. It also stores and provides user consent information on services and / or applications from third parties from the user's point of view, monitors the physical access of the client device's data store, and queries the collected data. It can provide a privacy risk identification technology that provides.

The system or apparatus described above may be implemented as a hardware component, a software component or a combination of hardware components and software components. For example, the devices and components described in the embodiments are, for example, processors, controllers, arithmetic logic units (ALUs), digital signal processors, microcomputers, field programmable gate arrays (FPGAs). May be implemented using one or more general purpose or special purpose computers, such as a programmable logic unit (PLU), a microprocessor, or any other device capable of executing and responding to instructions. The processing device may execute an operating system (OS) and one or more software applications running on the operating system. The processing device may also access, store, manipulate, process, and generate data in response to the execution of the software. For convenience of explanation, one processing device may be described as being used, but one of ordinary skill in the art will appreciate that the processing device includes a plurality of processing elements and / or a plurality of types of processing elements. It can be seen that it may include. For example, the processing device may include a plurality of processors or one processor and one controller. In addition, other processing configurations are possible, such as parallel processors.

The software may include a computer program, code, instructions, or a combination of one or more of the above, and may configure the processing device to operate as desired, or process independently or collectively. You can command the device. Software and / or data may be any type of machine, component, physical device, virtual equipment, computer storage medium or device in order to be interpreted by or to provide instructions or data to the processing device. It can be embodied in. The software may be distributed over networked computer systems so that they may be stored or executed in a distributed manner. Software and data may be stored on one or more computer readable media.

The method according to the embodiment may be embodied in the form of program instructions that can be executed by various computer means and recorded in a computer readable medium. The computer readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The medium may be to continue to store a computer executable program, or to temporarily store for execution or download. In addition, the medium may be a variety of recording means or storage means in the form of a single or several hardware combined, not limited to a medium directly connected to any computer system, it may be distributed on the network. Examples of media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs and DVDs, magneto-optical media such as floptical disks, And ROM, RAM, flash memory, and the like, configured to store program instructions. In addition, examples of another medium may include a recording medium or a storage medium managed by an app store that distributes an application, a site that supplies or distributes various software, a server, or the like. Examples of program instructions include not only machine code generated by a compiler, but also high-level language code that can be executed by a computer using an interpreter or the like.

Although the embodiments have been described by the limited embodiments and the drawings as described above, various modifications and variations are possible to those skilled in the art from the above description. For example, the described techniques may be performed in a different order than the described method, and / or components of the described systems, structures, devices, circuits, etc. may be combined or combined in a different form than the described method, or other components. Or, even if replaced or substituted by equivalents, an appropriate result can be achieved.

Therefore, other implementations, other embodiments, and equivalents to the claims are within the scope of the claims that follow.

Claims (11)

Receiving user consent information on at least one of a service and an application of a third party from the user side;
Transmitting the user consent information to a service / platform provider side device through a network;
Monitoring physical access to a data store of a client device using at least one of the service and application; And
Providing a user data query function capable of querying the status of data related to at least one of the service and application
Privacy risk identification method comprising a. The method of claim 1,
After the transmitting step,
Transmitting the user consent information to a system of a third party operator; And
Outputting information on a method of storing and managing the user consent information to the user;
Privacy risk identification method further comprising. The method of claim 2,
And the user consent information transmitted to the system of the third party operator is distributed and stored on the blockchain associated with the third party operator. The method of claim 1,
After the storing step,
Providing a function for checking the stored user consent information
Privacy risk identification method further comprising. The method of claim 1,
The monitoring step,
Personal information risk identification, characterized in that for monitoring the physical access to the data storage of the client device using a sandbox function provided by the operating system of the client device or the service platform of the service provided to the client device Way. The method of claim 5,
Deleting data in the sandbox according to a request of the user
Privacy risk identification method further comprising. The method of claim 1,
Providing the user data query function,
And providing the user data query function at at least one of a start time and an end time of at least one of the service and the application. The method of claim 1,
Providing the user data query function,
And receiving the information management function including the user data query function from the service / platform provider side device controlling the client device and providing the information management function to the user side. A computer program stored in a computer readable recording medium in combination with a computer device for causing the computer device to execute the method of any one of claims 1 to 8. A computer readable recording medium having recorded thereon a computer program for causing a computer device to execute the method of any one of claims 1 to 8. In a computer device,
At least one processor implemented to execute computer-readable instructions
Including,
By the at least one processor,
Receive and store user consent information of at least one of a service and an application of a third party from the user side,
Transmitting the user consent information to a service / platform provider side device through a network;
Monitor physical access to a data store of a client device using at least one of the services and applications,
Providing a user data query function capable of querying the status of data related to at least one of the service and application
Computer device characterized in that.

Images