KR20010069227A - Computer security system and its method - Google Patents

Abstract

PURPOSE: A system and a method for securing a computer are provided to prevent data leakage and the interior by using a securing card having a memory recognition area from a ROM BIOS and storing a self-ROM program and a RAM-resident securing program. CONSTITUTION: A securing program(40) resides in a RAM and performs an encryption in the case that data are copied. A securing card(20) has a memory recognition area from a ROM BIOS(10) and has a self-ROM program. The securing card(20) stops a program if the securing program(40) does not exist. In detail, if the system power is turned on using a power key on condition that power source is turned off or the system is reoperated by pressing a reset key and by instructing a software command, the ROM BIOS(10) performs a self-diagnosis and checks a CPU, a memory and all sorts of input/output devices.

Description

Computer security system and security method {COMPUTER SECURITY SYSTEM AND ITS METHOD}

The present invention relates to a computer security system and a security method thereof, and more particularly, not only to prevent data leakage from the outside such as a network, but also to smoothly prevent data leakage of an internal rotor such as an intrusion or computer resources such as RAM and CPU. A computer security system and its security method that can be managed.

A computer is a device that stores or processes the information by using a given process and displays the result of the processing. As the spread of the computer becomes more common, many people use computers in offices and homes at any time and place. It generates information data and delivers it to others via network or diskette.

However, as the network develops, it is often illegal to access other people's computers and steal or modify programs or data stored on those computers. This prevents the leakage of programs or data.

In the security system using the password, when a user combines several characters, encrypts them and stores them in the storage device, and starts or restarts the computer, the user enters the password on an initial screen and is already stored in the storage device. Be sure to check against what you have.

Thereafter, if the contents stored in the storage device and the password entered by the user coincide with each other, the system grants the user the system right to use.

Most systems do not allow passwords to appear on the screen even if a user enters a password through the keyboard.

Here, the user is a kind of RAM used in the computer, which consumes less power, especially for storing the information of the system, and its contents are maintained by the back-up battery even when the power is turned off. Enter the password encrypted by combining several characters by the CMOS RAM which can use the contents.

This password is input by the user when the system is turned off using the power key, the reset key is pressed, or a software command is used to restart the system when the power is turned off.

When the password matches the contents stored in the system, the power-on for implementing an input / output booting program that generally performs various initialization operations and reads basic parts of the operating system from the auxiliary storage device is performed. You will perform a power on self test.

If there is a mismatch, a fail signal is generated and output so that the system is powered off.

However, in the related art, when a password is leaked to a third party or the contents stored in the CMOS are deleted, important programs or data may be damaged or programs or data may be freely leaked by others.

While another security program has been proposed to prevent data leakage, most of them focus on network security, and are only to prevent data leakage from the outside.

Therefore, the security of data leaked from the inside was indispensable, and in particular, it could not systematically manage hardware and IP resources such as CPU and RAM installed inside the computer.

SUMMARY OF THE INVENTION The present invention has been made to solve the above-described problems, and can prevent data leakage from the outside by a security card having a memory recognition area from a ROM bias and a security card residing on its own ROM program. In addition to providing a complete security system that can prevent data leakage from the inside, and to provide a computer security system and its security method that can systematically manage resources away from the old-fashioned resource management.

In order to achieve the above object, the present invention provides a computer security system comprising a main memory and a ROM bias:

A security program that encrypts data when the data resides in RAM;

It is a security card that has a memory recognition area from the ROM bias and its own ROM program is stored to stop the system if the security card is not present.

It is intended to provide a computer security system characterized in that the configuration.

1 is an overall security configuration according to the present invention,

2 is a structural diagram of a memory applied to the security card of FIG.

3 is a flow chart of the security card of FIG.

4 is a flowchart for checking the serial number of FIG. 3;

5 is a data security flowchart according to the present invention;

6A and 6B are flowcharts of resource management by a network according to the present invention.

<Description of the symbols for the main parts of the drawings>

10: ROM bias, 20: security card, 22: main memory, 22a: EPROM; 22b: EEPROM, 30: operating system, 40: security program.

Hereinafter, the present invention will be described with reference to the accompanying drawings, FIGS. 1 to 6B.

1 is an overall security configuration according to the present invention, Figure 2 is a structural diagram of a memory applied to the security card of Figure 1, Figure 3 is a flow chart of the security card of Figure 2, Figure 4 is a serial of Figure 3 5 is a data security flowchart according to the present invention, and FIGS. 6A and 6B are resource management flowcharts by a network according to the present invention.

First, the basic configuration of the present invention, in the computer security system consisting of the main memory and ROM bias (10):

A security program 40 for encrypting when residing in RAM and copying data;

The security card 30 has a memory recognition area from the ROM bias path 10 and its own ROM program is stored to stop the system if the security card 40 is not present.

Characterized in that configured.

Hereinafter, the present invention will be described in more detail. When the system is turned on by using a power key while the power is turned off, or when the system is restarted by pressing a reset key or a software command, the computer may be a basic input / output device of a computer. The ROM bias 10 performs self-diagnosis to check the central processing unit, memory, and various input / output devices included in the computer.

Thereafter, the own ROM program in the recognition area from the ROM bias 10 of the security card 20 is called.

At this time, the basic memory 22 of the security card 20 is composed of an EPROM 22a which is a program and data area and an EEPROM 22b which is a data area, thereby minimizing a collision.

Thereafter, the ROM program of the security card 20 is executed, which erases the contents of the CMOS or the HDD and changes the ID to recognize the data stored in the EEPROM 22b (S10). Comparing the addresses by comparing and recording the values (S11), checking the serial numbers of the various hardware provided in the computer (S12), storing the interrupt vector information, and storing the security related routines. Setting the location information to check the location information related to security (S13), recording the ID given at the first installation (S14), and calculating the sum of the EEPROM 22b areas and recording the complementary value A step S15 of adjusting the check sum is performed and returning to the ROM bias 10 (S16) to perform a computer driving procedure.

In FIG. 4, the step S12 is a step of reading a 0 track, a 1 head, and a sector of a hard disk drive (S12a), a serial number recorded on the HDD, Comparing the serial numbers recorded in the EEPROM 22b (S12b), and recording the comparison results in the HDD (S12c).

The step S12 is a step necessary for management of resources, and step S13 is a step necessary for encrypting or decrypting.

According to the present invention, a plurality of client computer resources can be managed by one server through a network. When the computer is turned on, the client program is executed while the system is driven through the steps of FIG. 3 (S20), RAM, hardware, Counters and variables such as LAN cards are initialized (S21).

At this time, the client computer and the server computer are connected, and the server computer opens the information file about the resource of the client computer (S22), and sorts the file information data in the necessary order to obtain the start time (S23).

Subsequently, the server computer obtains the file name using a code and a counter assigned to each company (S24), and reads the file name and the client connection file (S25).

It is determined whether this connection file is set as checked or not (S26). If it is set, it reads and stores master information, which is all information about computer resources of the client (S41), and then sets a counter value for the client computer to be described later. Incremental step S28 is performed.

If not set, it is determined whether the connection file is updated or not (S27), and if it is updated, the information file and the history information about the resource of the client computer are obtained (S51), and registered (S52). Increment the counter value (S28).

If the access file is not updated, the counter value for the client computer is immediately increased (S28).

It is determined whether the increased counter value has exceeded or exceeded the maximum value (S30), that is, it is determined whether the counter value is more or less than the maximum number of client computers connected to the maximum value, and if more than the maximum value, the file related to the resource is closed to store the information (S61). ).

Next, the counter and the variable are initialized as in the above-described steps (S21 and S22) (S62), the file related to the resource is opened (S63), and the key check is performed (S31).

If the maximum value is not exceeded, the error status is queried (S33), and then the key is pressed or not checked (S31).

If the key check is performed and ESC key check is pressed, all files are closed (S32), and if the key check is not pressed, step S24 is performed.

In this way, it is possible to manage the resources of the computer by the network.

In addition, it is also possible to encrypt the data in the step of Figure 5, the operating system (OS) is driven through the step of Figure 3 (S71) when the user copies the data (S72), the security card 20 resident in RAM If the encrypted data is stored through (S73) and calls to copy the encrypted data to another computer, check whether or not the security card 20 exists in this computer (S74) and if no error occurs (S76), The encrypted data is decrypted and read (S75).

At this time, the method obtained by obtaining the encryption method using the value generated by the timer when the data is first copied to the disk is composed of four groups, four of which are rotated and added by the first byte, and rotated and added or added by the second byte. It is the method of different values, the method of adding and rotating in the third word, the method of adding and rotating in the fourth word, or the method of changing the added value.

In the case where there is no security program 40 in FIG. 1, only the operating system 30 is connected to the program of the security card 20 and the system is stopped by the security card 20 when it is copied to a disk.

It is preferable to prevent program hacking on an executable file by programming and encrypting an encryption algorithm in the ROM of the security card 20.

In addition, by encrypting a part of the executable file to be decrypted at the time of execution and to execute a program of a specific location of the security card 20 to be difficult to hack and prevent from being hacked by the analysis of the executable file.

As described above, the conventional software-based security method is defenseless against data leakage based on the instability of the operating system 30 due to the inherent defect that is basically based on the operating system 30 of the computer. The invention is a double chain structure of the security card 20, which is hardware, and the security program 40, which is software, and the data leaked from the computer without the security card 20 regardless of the operating system 30. It is not read.

In addition, it is possible to effectively manage resources for a plurality of client computers connected to one server computer.

As described above, the present invention not only prevents data leakage from the outside by the security card having a memory recognition area from the ROM bias and the security card residing on its own ROM program and RAM. It is a useful invention that has a complete security system to prevent data leakage and at the same time manages resources systematically from the old-fashioned resource management.

Claims (8)

In a computer security system consisting of main memory and ROM bias (10): A security program 40 for encrypting when residing in RAM and copying data; The security card 30 has a memory recognition area from the ROM bias path 10 and its own ROM program is stored to stop the system if the security card 40 is not present. Computer security system, characterized in that configured. The computer security system according to claim 1, wherein the basic memory (22) of the security card (20) comprises an EPROM (22a) which is a program and data area and an EEPROM (22b) which is a data area. The computer security system according to claim 1 or 2, wherein an encryption algorithm is programmed and encrypted in the ROM of the security card (20). The computer security system according to claim 1, wherein the method for encrypting using the security program (40) is obtained using a value generated by a timer built in the computer. Performing a self-diagnosis on the ROM bias (10) to check a central processing unit, a memory, and an input / output device included in the computer; A second process of calling the own ROM program in the recognition area of the security card 20 in the ROM bias 10; A third process of executing the ROM program of the security card 20; A fourth process of returning to the ROM bias after performing the third process and driving the operating system 30; A fifth process of managing client computer resources in the server by accessing the server through the network after performing the fourth process; After performing the fourth process, the user copies the data (S72), encrypts and stores the data through the security card 20 resident in RAM (S73), and copies the encrypted data to another computer. In order to check whether there is a security card 20 in the computer (S74), if there is no security card, an error occurs (S76), and if there is a security card, the encrypted data is decrypted by And a sixth process of performing a step (S75) to be read. The method of claim 5, wherein the third process comprises the steps of recognizing data stored in the EEPROM 22b by erasing the contents of the CMOS or the HDD, changing the ID (S10), and comparing and recording the values of the CMOS to compare the addresses. Step S11, checking the serial numbers of various hardware provided in the computer (S12), and checking the location information related to security by storing interrupt vector information and setting the location information of the security related routine (S13). Recording the ID given at the time of initial installation (S14), and adjusting the checksum by recording the sum of the EEPROM (22b) areas and recording the complementary value (S15). Way. The method of claim 6, wherein step S12 comprises reading step 0 track, head 1, and sector 1 of the HDD, comparing the serial number recorded on the HDD with the serial number recorded on the EEPROM 22b. And (S12c) recording the result of the comparison on the HDD (S12b). The method of claim 5, wherein the fifth process includes executing a client program in a client (S20), initializing a counter and a variable (S21), A step (S22) of opening an information file about the resource of the client computer in the server, a step of sorting the file information data in the necessary order in the resource (S23), and obtaining a file name by a code and a counter assigned to each company Step S24, reading the file name and the client's connection file (S25). Determining whether the connection file is set as being checked or not (S26), if so, reading and storing master information (S41) and increasing a counter value for the client computer (S28); , If it is not set in step S26, determining whether the connection file has been updated or not (S27), and if it has been updated, obtaining an information file and history information about a resource of a client computer (S51), and registering step (S52), increasing the counter value for the client computer (S28), The access file has not been updated in step S27. To increase the counter value for the client computer (S28), Determining whether the increased counter value exceeds or exceeds the maximum value (S30), if more than the maximum value, closes a file related to the resource to store information (S61), and initializes a counter and a variable (S62); Performing a step (S63) of opening a file related to a resource, and performing a step (S33) of inquiring an error status if not exceeding a maximum value, and performing a step (S31) of checking whether a key is pressed or not; If the ESC key check is pressed, all files are closed (S32), and if the key check is not pressed, the process returns to the step (S24).